Add custom db tests

Author: mandryllo

package-lock.json

@@ -53,6 +53,7 @@
     "@aws-sdk/client-efs": "^3.758.0",
     "@aws-sdk/client-elastic-load-balancing-v2": "^3.764.0",
     "@aws-sdk/client-elasticache": "^3.901.0",
+    "@aws-sdk/client-iam": "^3.952.0",
     "@aws-sdk/client-kms": "^3.943.0",
     "@aws-sdk/client-rds": "^3.943.0",
     "@aws-sdk/client-route-53": "^3.782.0",

package.json

@@ -0,0 +1,145 @@
+import {
+  GetRoleCommand,
+  ListAttachedRolePoliciesCommand,
+} from '@aws-sdk/client-iam';
+import * as assert from 'node:assert';
+import { DatabaseTestContext } from './test-context';
+import { it } from 'node:test';
+import { ListTagsForResourceCommand } from '@aws-sdk/client-rds';
+
+export function testCustomDb(ctx: DatabaseTestContext) {
+  it('should properly configure instance', () => {
+    const customDb = ctx.outputs.customDb.value;
+
+    assert.strictEqual(
+      customDb.instance.applyImmediately,
+      ctx.config.applyImmediately,
+      'Apply immediately argument should be set correctly',
+    );
+    assert.strictEqual(
+      customDb.instance.allowMajorVersionUpgrade,
+      ctx.config.allowMajorVersionUpgrade,
+      'Allow major version upgrade argument should be set correctly',
+    );
+    assert.strictEqual(
+      customDb.instance.autoMinorVersionUpgrade,
+      ctx.config.autoMinorVersionUpgrade,
+      'Auto minor version upgrade argument should be set correctly',
+    );
+  });
+
+  it('should properly configure password', () => {
+    const customDb = ctx.outputs.customDb.value;
+
+    assert.ok(customDb.password, 'Password should exist');
+    assert.strictEqual(
+      customDb.instance.masterUserPassword,
+      ctx.config.dbPassword,
+      'Master user password should be set correctly',
+    );
+  });
+
+  it('should properly configure storage', () => {
+    const customDb = ctx.outputs.customDb.value;
+
+    assert.strictEqual(
+      customDb.instance.allocatedStorage,
+      ctx.config.allocatedStorage.toString(),
+      'Allocated storage argument should be set correctly',
+    );
+    assert.strictEqual(
+      customDb.instance.maxAllocatedStorage,
+      ctx.config.maxAllocatedStorage,
+      'Max allocated storage argument should be set correctly',
+    );
+  });
+
+  it('should properly configure monitoring options', () => {
+    const customDb = ctx.outputs.customDb.value;
+
+    assert.strictEqual(
+      customDb.instance.enablePerformanceInsights,
+      true,
+      'Performance insights should be enabled',
+    );
+    assert.strictEqual(
+      customDb.instance.performanceInsightsRetentionPeriod,
+      7,
+      'Performance insights retention period should be set correctly',
+    );
+    assert.strictEqual(
+      customDb.instance.monitoringInterval,
+      60,
+      'Monitoring interval should be set correctly',
+    );
+    assert.ok(
+      customDb.instance.monitoringRoleArn,
+      'Monitoring role ARN should exist',
+    );
+  });
+
+  it('should create monitoring IAM role and attach correct policy', async () => {
+    const customDb = ctx.outputs.customDb.value;
+    const roleName = customDb.monitoringRole.name;
+
+    const roleCommand = new GetRoleCommand({
+      RoleName: roleName,
+    });
+    const { Role } = await ctx.clients.iam.send(roleCommand);
+    assert.ok(Role, 'Monitoring IAM role should exist');
+
+    const policyCommand = new ListAttachedRolePoliciesCommand({
+      RoleName: roleName,
+    });
+    const { AttachedPolicies } = await ctx.clients.iam.send(policyCommand);
+    assert.ok(
+      AttachedPolicies && AttachedPolicies.length > 0,
+      'Attached policies should exist',
+    );
+    const [attachedPolicy] = AttachedPolicies;
+    assert.strictEqual(
+      attachedPolicy.PolicyArn,
+      'arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole',
+      'Monitoring IAM role should have correct policy attached',
+    );
+  });
+
+  it('should properly configure kms', () => {
+    const customDb = ctx.outputs.customDb.value;
+    const kms = ctx.outputs.kms.value;
+
+    assert.ok(customDb.kmsKeyId, 'Kms key id should exist');
+    assert.strictEqual(
+      customDb.instance.kmsKeyId,
+      kms.arn,
+      'Kms key id should be set correctly',
+    );
+  });
+
+  it('should properly configure parameter group', () => {
+    const customDb = ctx.outputs.customDb.value;
+    const paramGroup = ctx.outputs.paramGroup.value;
+
+    assert.strictEqual(
+      customDb.instance.dbParameterGroupName,
+      paramGroup.name,
+      'Parameter group name should be set correctly',
+    );
+  });
+
+  it('should properly configure tags', async () => {
+    const customDb = ctx.outputs.customDb.value;
+
+    const command = new ListTagsForResourceCommand({
+      ResourceName: customDb.instance.dbInstanceArn,
+    });
+    const { TagList } = await ctx.clients.rds.send(command);
+    assert.ok(TagList && TagList.length > 0, 'Tags should exist');
+
+    Object.entries(ctx.config.tags).map(([Key, Value]) => {
+      const tag = TagList.find(tag => tag.Key === Key);
+      assert.ok(tag, `${Key} tag should exist`);
+      assert.strictEqual(tag.Value, Value, `${Key} tag should set correctly`);
+    });
+  });
+}

tests/database/custom-db.test.ts

@@ -4,9 +4,11 @@ import { cleanupSnapshots } from './utils/cleanup-snapshots';
 import * as config from './infrastructure/config';
 import { DatabaseTestContext } from './test-context';
 import { EC2Client } from '@aws-sdk/client-ec2';
+import { IAMClient } from '@aws-sdk/client-iam';
 import { InlineProgramArgs } from '@pulumi/pulumi/automation';
 import { KMSClient } from '@aws-sdk/client-kms';
 import { RDSClient } from '@aws-sdk/client-rds';
+import { testCustomDb } from './custom-db.test';
 import { testDefaultDb } from './default-db.test';
 
 const programArgs: InlineProgramArgs = {
@@ -28,6 +30,7 @@ describe('Database component deployment', () => {
       rds: new RDSClient({ region }),
       ec2: new EC2Client({ region }),
       kms: new KMSClient({ region }),
+      iam: new IAMClient({ region }),
     },
   };
 
@@ -38,5 +41,6 @@ describe('Database component deployment', () => {
   after(() => automation.destroy(programArgs));
 
   describe('Default database', () => testDefaultDb(ctx));
+  describe('Custom database', () => testCustomDb(ctx));
   after(() => cleanupSnapshots(ctx));
 });

tests/database/index.test.ts

@@ -1,3 +1,16 @@
+import * as pulumi from '@pulumi/pulumi';
+
 export const appName = 'db-test';
+export const stackName = pulumi.getStack();
+export const tags = {
+  Project: appName,
+  Environment: stackName,
+};
 export const dbName = 'dbname';
 export const dbUsername = 'dbusername';
+export const dbPassword = 'dbpassword';
+export const applyImmediately = true;
+export const allowMajorVersionUpgrade = true;
+export const autoMinorVersionUpgrade = false;
+export const allocatedStorage = 10;
+export const maxAllocatedStorage = 50;

tests/database/infrastructure/config.ts

@@ -1,3 +1,4 @@
+import * as aws from '@pulumi/aws';
 import { next as studion } from '@studion/infra-code-blocks';
 import { DatabaseBuilder } from '../../../dist/v2/components/database/builder';
 import * as config from './config';
@@ -14,4 +15,44 @@ const defaultDb = new DatabaseBuilder(`${config.appName}-default`)
   .withVpc(vpc.vpc)
   .build();
 
-export { vpc, defaultDb };
+const kms = new aws.kms.Key(`${config.appName}-kms`, {
+  description: `${config.appName} RDS encryption key`,
+  customerMasterKeySpec: 'SYMMETRIC_DEFAULT',
+  isEnabled: true,
+  keyUsage: 'ENCRYPT_DECRYPT',
+  multiRegion: false,
+  enableKeyRotation: true,
+  tags: config.tags,
+});
+
+const paramGroup = new aws.rds.ParameterGroup(
+  `${config.appName}-parameter-group`,
+  {
+    family: 'postgres17',
+    tags: config.tags,
+  },
+);
+
+const customDb = new DatabaseBuilder(`${config.appName}-custom`)
+  .withInstance({
+    dbName: config.dbName,
+    applyImmediately: config.applyImmediately,
+    allowMajorVersionUpgrade: config.allowMajorVersionUpgrade,
+    autoMinorVersionUpgrade: config.autoMinorVersionUpgrade,
+  })
+  .withCredentials({
+    username: config.dbUsername,
+    password: config.dbPassword,
+  })
+  .withStorage({
+    allocatedStorage: config.allocatedStorage,
+    maxAllocatedStorage: config.maxAllocatedStorage,
+  })
+  .withVpc(vpc.vpc)
+  .withMonitoring()
+  .withKms(kms.arn)
+  .withParameterGroup(paramGroup.name)
+  .withTags(config.tags)
+  .build();
+
+export { vpc, defaultDb, kms, paramGroup, customDb };

tests/database/infrastructure/index.ts

@@ -1,4 +1,5 @@
 import { EC2Client } from '@aws-sdk/client-ec2';
+import { IAMClient } from '@aws-sdk/client-iam';
 import { KMSClient } from '@aws-sdk/client-kms';
 import { OutputMap } from '@pulumi/pulumi/automation';
 import { RDSClient } from '@aws-sdk/client-rds';
@@ -9,8 +10,19 @@ interface ConfigContext {
 
 interface DatabaseTestConfig {
   appName: string;
+  stackName: string;
+  tags: {
+    Project: string;
+    Environment: string;
+  };
   dbName: string;
   dbUsername: string;
+  dbPassword: string;
+  applyImmediately: boolean;
+  allowMajorVersionUpgrade: boolean;
+  autoMinorVersionUpgrade: boolean;
+  allocatedStorage: number;
+  maxAllocatedStorage: number;
 }
 
 interface PulumiProgramContext {
@@ -22,6 +34,7 @@ interface AwsContext {
     rds: RDSClient;
     ec2: EC2Client;
     kms: KMSClient;
+    iam: IAMClient;
   };
 }
 

tests/database/test-context.ts

@@ -8,8 +8,10 @@ import { DatabaseTestContext } from '../test-context';
 export async function cleanupSnapshots(ctx: DatabaseTestContext) {
   const spinner = createSpinner('Deleting snapshots...').start();
 
-  const defaultDb = ctx.outputs.defaultDb.value;
-  await deleteSnapshot(ctx, defaultDb.instance.dbInstanceIdentifier);
+  const dbs = [ctx.outputs.defaultDb.value, ctx.outputs.customDb.value];
+  await Promise.all(
+    dbs.map(db => deleteSnapshot(ctx, db.instance.dbInstanceIdentifier)),
+  );
 
   spinner.success({ text: 'Snapshots deleted' });
 }