Description:

alibabacloudrosiacer 0.0.16

What is Iacer?
Iacer is a tool that tests Terraform and ROS(Resource Orchestration Service) templates. It deploys your template in multiple Alibaba Cloud Regions and generates a report for each region via a simple configuration file.
Installation
pip install iacer
Requirements
Python 3.7+
The iacer is run on requires access to an Alibaba Cloud account, this can be done by any of the following mechanisms:

AliyunCli default configuration file (~/.aliyun/config.json)
Environment variables (ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET)
The ini configuration file defined by the environment variable ALIBABA_CLOUD_CREDENTIALS_FILE
Alibaba Cloud SDK Credentials default configuration file (~/.alibabacloud/credentials.ini or ~/.aliyun/credentials.ini)

Usage
iacer adopts a similar cli command structure to git with a iacer command subcommand --flag style. The cli is also designed to be the simplest if run from the root of a project. Let's have a look at equivalent command to run a test:
cd into the project root and type test run
cd ./demo
iacer test run

or run it from anywhere by providing the path to the project root
iacer test run --project-path ./demo

Cli Command
The cli is self documenting by using --help or -h, the most common command is iacer test
iacer test -h
usage: iacer [args] test [args] [subcommand] [args]

Performs functional tests on IaC templates.

options:
-h, --help show this help message and exit

subcommands:
clean - Manually clean up the stacks which were created by Iacer
list - List stacks which were created by Iacer for all regions
params - Generate pseudo parameters
run - tests whether IaC templates are able to successfully launch

iacer test run -h
usage: iacer [args] <command> [args] run [args]

tests whether IaC templates are able to successfully launch

options:
-h, --help show this help message and exit
-t TEMPLATE, --template TEMPLATE
path to a template
-c CONFIG_FILE, --config-file CONFIG_FILE
path to a config file
-o OUTPUT_DIRECTORY, --output-directory OUTPUT_DIRECTORY
path to an output directory
-r REGIONS, --regions REGIONS
comma separated list of regions to test in
--test-names TEST_NAMES
comma separated list of tests to run
--no-delete don't delete stacks after test is complete
--project-path PROJECT_PATH
root path of the project relative to config file,
template file and output file
--keep-failed do not delete failed stacks
--dont-wait-for-delete
exits immediately after calling delete stack
-g, --generate-parameters
generate pseudo parameters

Configuration files
There are 2 config files which can be used to set behaviors.

Global config file, located in ~/.iacer.yml
Project config file, located in <PROJECT_ROOT>/.iacer.yml

Each configuration file supports three-tier configuration, which includes general, project and tests, and tests is required.
general configuration item

auth Aliyun authentication section.

{
"name": "default",
"location": "~/.aliyun/config.json"
}


oss_config Oss bucket configuration, include BucketName, BucketRegion and etc.

{
"bucket_name": "",
"bucket_region": "",
"object_prefix": "",
"callback_params": {
"callback_url": "",
"callback_host": "",
"callback_body": "",
"callback_body_type": "",
"callback_var_params": ""
}
}


parameters Parameter key-values to pass to template.

{
"vpc_id": "",
"vsw_id": ""
}

project configuration item

name Project Name
regions List of aliyun regions.
parameters Parameter key-values to pass to template.
tags Tags
role_name Role name
template_config Template config

{
"template_location": "myTemplate/",
"template_url": "oss://xxx",
"template_body": "",
"template_id": "",
"template_version": ""
}

tests configuration item

name Project Name
regions List of aliyun regions.
parameters Parameter key-values to pass to template.
tags Tags
role_name Role name
template_config Template config

{
"template_location": "myTemplate/",
"template_url": "oss://xxx",
"template_body": "",
"template_id": "",
"template_version": ""
}

Precedence
Except the parameters section, more specific config with the same key takes precedence.

The rationale behind having parameters function this way is so that values can be overridden at a system level outside a project, that is likely committed to source control. parameters that define account specific things like VPC details, Key Pairs, or secrets like API keys can be defined per host outside of source control.

For example, consider this global config in ~/.iacer.yml
general:
oss_config:
bucket_name: global-bucket
parameters:
KeyPair: my-global-ecs-key-pair

and this project config
project:
name: my-project
regions:
- cn-hangzhou
oss_config:
bucket_name: project-bucket
tests:
default:
template_config:
template_url: "oss://xxx"
regions:
- cn-beijing
parameters:
KeyPair: my-test-ecs-key-pair

Would result in this effective test configuration:
tests:
default:
template_config:
template_url: "oss://xxx"
regions:
- cn-beijing
oss_config:
bucket_name: project-bucket
parameters:
KeyPair: my-test-ecs-key-pair

Notice that bucket_name and regions took the most specific value and KeyPair the most general.
Pseudo Parameters
You can automatically get the available parameters through the $[iacer-auto] pseudo-parameter if the parameter is the following 2 cases

The resource attribute corresponding to the parameter supports the ROS GetTemplateParameterConstraints interface.
Parameters whose name itself has a specific meaning. For example, VpcId means the id of virtual private cloud and $[iacer-auto] will automatically obtain a vpcId randomly in the current region of the current account. Currently supported are as follows:

Satisfying the regularity r"(\w*)vpc(_|)id(_|)(\d*)" will automatically and randomly obtain the VpcId in the current region.
Satisfying the regularity r"(\w*)v(_|)switch(_|)id(_|)(\d*)" will automatically and randomly obtain the VswitchId in the current region. If there is a parameter whose name satisfies the regularity r"(\w*)zone(_|)id(_|)(\d*)", it will query the VswitchId of the corresponding availability zone
Satisfying the regularity r"(\w*)security(_|)group(_id|id)(_|)(\d*)" will automatically and randomly obtain the SecurityGroupId in the current region.
Satisfying the regularity r"(\w*)name(_|)(\d*)" will automatically generate a random string starting with iacer-.
Satisfying the regularity r"(\w*)password(_|)(\d*)" will automatically generate a password.
Satisfying the regularity r"(\w*)uuid(_|)(\d*)" will automatically generate an uuid.

License

For personal and professional use. You cannot resell or redistribute these repositories in their original state.

Share

• Share on Facebook
• Share on Twitter