Barka da yamma abokai. A cikin tsammanin fara sabon kwarara a cikin ƙimar Muna raba muku sabuwar fassarar. Tafi
Amfani da Pulumi da harsunan shirye-shirye na gaba ɗaya don lambar kayan aikin (Infrastructure as Code) yana ba da fa'idodi da yawa: samuwar ƙwarewa da ilimi, kawar da tukunyar jirgi a cikin lambar ta hanyar abstraction, kayan aikin da suka saba da ƙungiyar ku, kamar IDEs da linters. Duk waɗannan kayan aikin injiniyan software ba kawai suna sa mu ƙwazo ba, har ma suna haɓaka ingancin lambar mu. Don haka, dabi'a ce kawai cewa amfani da harsunan shirye-shirye na gaba ɗaya yana ba mu damar gabatar da wani muhimmin aikin haɓaka software - gwaji.
A cikin wannan labarin, za mu kalli yadda Pulumi ke taimaka mana gwada kayan aikin mu-as-code.
Me yasa ake gwada kayan aikin?
Kafin shiga daki-daki, yana da kyau a tambayi tambaya: "Me yasa ake gwada kayan aikin kwata-kwata?" Akwai dalilai da yawa akan haka kuma ga wasu daga cikinsu:
- Gwajin juzu'i na ɗaiɗaikun ayyuka ko guntu na dabaru na shirin ku
- Yana tabbatar da yanayin da ake so na abubuwan more rayuwa akan wasu ƙuntatawa.
- Gano kurakurai na gama gari, kamar rashin ɓoyayyen bokitin ajiya ko mara kariya, buɗe hanyar shiga Intanet zuwa injunan kama-da-wane.
- Duban aiwatar da samar da ababen more rayuwa.
- Yin gwajin lokacin aiki na dabaru na aikace-aikacen yana gudana cikin kayan aikinku na “tsara” don bincika ayyuka bayan samarwa.
- Kamar yadda muke iya gani, akwai zaɓuɓɓukan gwajin ababen more rayuwa da yawa. Polumi yana da hanyoyin gwaji a kowane lokaci akan wannan bakan. Bari mu fara mu ga yadda yake aiki.
Gwajin naúrar
An rubuta shirye-shiryen Pulumi a cikin yarukan shirye-shirye na gaba ɗaya kamar JavaScript, Python, TypeScript ko Go. Saboda haka, cikakken ikon waɗannan harsuna, gami da kayan aikinsu da ɗakunan karatu, gami da tsarin gwaji, yana samuwa gare su. Pulumi babban girgije ne, wanda ke nufin ana iya amfani da shi don gwaji daga kowane mai ba da girgije.
(A cikin wannan labarin, duk da kasancewar harsuna da yawa da multicloud, muna amfani da JavaScript da Mocha kuma muna mai da hankali kan AWS. Kuna iya amfani da Python unittest, Tafi tsarin gwaji, ko duk wani tsarin gwajin da kuke so. Kuma, ba shakka, Pulumi yana aiki da kyau tare da Azure, Google Cloud, Kubernetes.)
Kamar yadda muka gani, akwai dalilai da yawa da ya sa za ku so gwada lambar kayan aikin ku. Ɗayan su shine gwajin naúrar na al'ada. Saboda lambar ku na iya samun ayyuka - alal misali, don ƙididdige CIDR, ƙididdige sunaye, alamomi, da sauransu. - tabbas za ku so ku gwada su. Wannan daidai yake da rubuta gwajin raka'a na yau da kullun don aikace-aikace a cikin yaren shirye-shirye da kuka fi so.
Don samun ɗan rikitarwa, zaku iya duba yadda shirin ku ke kasafta albarkatu. Don kwatanta, bari mu yi tunanin cewa muna buƙatar ƙirƙirar uwar garken EC2 mai sauƙi kuma muna son tabbatar da waɗannan abubuwa:
- Misalai suna da tag
Name. - Misalai bai kamata su yi amfani da rubutun layi ba
userData- Dole ne mu yi amfani da AMI (hoton). - Kada a sami SSH da aka fallasa zuwa Intanet.
Wannan misali ya dogara ne akan :
index.js:
"use strict";
let aws = require("@pulumi/aws");
let group = new aws.ec2.SecurityGroup("web-secgrp", {
ingress: [
{ protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] },
{ protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] },
],
});
let userData =
`#!/bin/bash
echo "Hello, World!" > index.html
nohup python -m SimpleHTTPServer 80 &`;
let server = new aws.ec2.Instance("web-server-www", {
instanceType: "t2.micro",
securityGroups: [ group.name ], // reference the group object above
ami: "ami-c55673a0" // AMI for us-east-2 (Ohio),
userData: userData // start a simple web server
});
exports.group = group;
exports.server = server;
exports.publicIp = server.publicIp;
exports.publicHostName = server.publicDns;
Wannan shine ainihin shirin Pulumi: kawai yana keɓance ƙungiyar tsaro ta EC2 da misali. Duk da haka, ya kamata a lura cewa a nan muna karya dukkan ka'idoji guda uku da aka ambata a sama. Bari mu rubuta gwaje-gwaje!
Gwaje-gwajen rubutu
Babban tsarin gwajin mu zai yi kama da gwajin Mocha na yau da kullun:
ec2 gwaje-gwaje.js
test.js:
let assert = require("assert");
let mocha = require("mocha");
let pulumi = require("@pulumi/pulumi");
let infra = require("./index");
describe("Infrastructure", function() {
let server = infra.server;
describe("#server", function() {
// TODO(check 1): Должен быть тэг Name.
// TODO(check 2): Не должно быть inline-скрипта userData.
});
let group = infra.group;
describe("#group", function() {
// TODO(check 3): Не должно быть SSH, открытого в Интернет.
});
});
Yanzu bari mu rubuta gwajin mu na farko: tabbatar da cewa al'amuran suna da alamar Name. Don bincika wannan kawai muna samun abin misali na EC2 kuma duba kayan da suka dace tags:
// check 1: Должен быть тэг Name.
it("must have a name tag", function(done) {
pulumi.all([server.urn, server.tags]).apply(([urn, tags]) => {
if (!tags || !tags["Name"]) {
done(new Error(`Missing a name tag on server ${urn}`));
} else {
done();
}
});
});Yana kama da gwaji na yau da kullun, amma tare da ƴan fasali da ya kamata a lura dasu:
- Saboda muna tambayar yanayin albarkatu kafin turawa, gwaje-gwajenmu koyaushe ana yin su a cikin yanayin “tsari” (ko “samfoti”). Don haka, akwai kaddarorin da yawa waɗanda ba za a iya dawo da kimarsu ba ko kuma ba za a ayyana su ba. Wannan ya haɗa da duk kaddarorin fitarwa da aka ƙididdige su ta mai samar da girgijen ku. Wannan al'ada ce ga gwaje-gwajenmu - muna duba bayanan shigarwa kawai. Za mu koma kan wannan batu daga baya, idan ya zo ga gwaje-gwajen haɗin kai.
- Tunda duk kaddarorin albarkatun Pulumi fitarwa ne, kuma yawancinsu ana kimanta su ba tare da an daidaita su ba, muna buƙatar amfani da hanyar amfani don samun damar ƙimar. Wannan yayi kama da alkawura da aiki
then. - Tunda muna amfani da kaddarori da yawa don nuna albarkatun URL a cikin saƙon kuskure, muna buƙatar amfani da aikin
pulumi.alldon hada su. - A ƙarshe, tun da ana ƙididdige waɗannan ƙimar ba tare da izini ba, muna buƙatar amfani da fasalin async na kiran da aka gina a Mocha.
doneko mayar da alkawari.
Da zarar mun saita komai, za mu sami damar yin amfani da abubuwan da aka shigar azaman ƙimar JavaScript mai sauƙi. Dukiya tags taswira ce (tsarin haɗin gwiwa), don haka kawai za mu tabbatar da cewa (1) ba ƙarya ba ne, kuma (2) akwai maɓalli don Name. Yana da sauqi qwarai kuma yanzu zamu iya gwada wani abu!
Yanzu bari mu rubuta cak na biyu. Ya fi sauƙi:
// check 2: Не должно быть inline-скрипта userData.
it("must not use userData (use an AMI instead)", function(done) {
pulumi.all([server.urn, server.userData]).apply(([urn, userData]) => {
if (userData) {
done(new Error(`Illegal use of userData on server ${urn}`));
} else {
done();
}
});
});Kuma a ƙarshe, bari mu rubuta jarrabawa ta uku. Wannan zai zama ɗan rikitarwa saboda muna neman ƙa'idodin shiga da ke da alaƙa da ƙungiyar tsaro, waɗanda za a iya samun su da yawa, kuma CIDR ke cikin waɗannan ƙa'idodin, waɗanda kuma ana iya samun su da yawa. Amma mun gudanar:
// check 3: Не должно быть SSH, открытого в Интернет.
it("must not open port 22 (SSH) to the Internet", function(done) {
pulumi.all([ group.urn, group.ingress ]).apply(([ urn, ingress ]) => {
if (ingress.find(rule =>
rule.fromPort == 22 && rule.cidrBlocks.find(block =>
block === "0.0.0.0/0"))) {
done(new Error(`Illegal SSH port 22 open to the Internet (CIDR 0.0.0.0/0) on group ${urn}`));
} else {
done();
}
});
});Shi ke nan. Yanzu bari mu gudanar da gwaje-gwaje!
Gwaje-gwaje masu gudana
A mafi yawan lokuta, zaku iya gudanar da gwaje-gwaje ta hanyar da aka saba, ta amfani da tsarin gwajin da kuka zaɓa. Amma akwai fasalin Pulumi guda ɗaya wanda ya cancanci kulawa.
Yawanci, don gudanar da shirye-shiryen Pulumi, ana amfani da pulimi CLI (Command Line interface), wanda ke tsara lokacin aiki na harshe, yana sarrafa ƙaddamar da injin Pulumi ta yadda za a iya yin rikodin ayyuka tare da albarkatun kuma a haɗa su cikin shirin, da dai sauransu. Duk da haka, akwai matsala daya. Lokacin gudana ƙarƙashin ikon tsarin gwajin ku, ba za a sami sadarwa tsakanin CLI da injin Pulumi ba.
Don magance wannan batu, kawai muna buƙatar ƙayyade masu zuwa:
- Sunan aikin, wanda ke ƙunshe a cikin canjin yanayi
PULUMI_NODEJS_PROJECT(ko, fiye da kullum,PULUMI__PROJECT для других языков).
Sunan tari da aka kayyade a cikin mahallin mahalliPULUMI_NODEJS_STACK(ko, fiye da kullum,PULUMI__ STACK).
Matsalolin daidaitawar tarin ku. Ana iya samun su ta amfani da canjin yanayiPULUMI_CONFIGkuma tsarin su shine taswirar JSON tare da maɓalli/darajar nau'i-nau'i.Shirin zai ba da gargaɗin da ke nuna cewa haɗin kai zuwa CLI / injin ba ya samuwa yayin aiwatarwa. Wannan yana da mahimmanci saboda shirinku ba zai kasance yana tura wani abu ba kuma yana iya zama abin mamaki idan ba shine abin da kuka yi niyya ba! Don gaya wa Pulumi cewa wannan shine ainihin abin da kuke buƙata, zaku iya shigarwa
PULUMI_TEST_MODEвtrue.Ka yi tunanin muna buƙatar saka sunan aikin a ciki
my-ws, suna taridev, da yankin AWSus-west-2. Layin umarni don gudanar da gwaje-gwajen Mocha zai yi kama da haka:$ PULUMI_TEST_MODE=true PULUMI_NODEJS_STACK="my-ws" PULUMI_NODEJS_PROJECT="dev" PULUMI_CONFIG='{ "aws:region": "us-west-2" }' mocha tests.jsYin wannan, kamar yadda ake tsammani, zai nuna mana cewa mun yi rashin nasara a gwaji guda uku!
Infrastructure #server 1) must have a name tag 2) must not use userData (use an AMI instead) #group 3) must not open port 22 (SSH) to the Internet 0 passing (17ms) 3 failing 1) Infrastructure #server must have a name tag: Error: Missing a name tag on server urn:pulumi:my-ws::my-dev::aws:ec2/instance:Instance::web-server-www 2) Infrastructure #server must not use userData (use an AMI instead): Error: Illegal use of userData on server urn:pulumi:my-ws::my-dev::aws:ec2/instance:Instance::web-server-www 3) Infrastructure #group must not open port 22 (SSH) to the Internet: Error: Illegal SSH port 22 open to the Internet (CIDR 0.0.0.0/0) on groupMu gyara shirin mu:
"use strict"; let aws = require("@pulumi/aws"); let group = new aws.ec2.SecurityGroup("web-secgrp", { ingress: [ { protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] }, ], }); let server = new aws.ec2.Instance("web-server-www", { tags: { "Name": "web-server-www" }, instanceType: "t2.micro", securityGroups: [ group.name ], // reference the group object above ami: "ami-c55673a0" // AMI for us-east-2 (Ohio), }); exports.group = group; exports.server = server; exports.publicIp = server.publicIp; exports.publicHostName = server.publicDns;Sannan sake gudanar da gwaje-gwajen:
Infrastructure #server ✓ must have a name tag ✓ must not use userData (use an AMI instead) #group ✓ must not open port 22 (SSH) to the Internet 3 passing (16ms)Komai ya tafi da kyau... Hurray! ✓ ✓
Wannan ke nan na yau, amma za mu yi magana game da gwajin tura aiki a kashi na biyu na fassarar 😉
source: www.habr.com