Masikati akanaka shamwari. Mukutarisira kwekutanga kwekuyerera kutsva pachiyero Tiri kugoverana newe shanduro itsva. Enda.
Kushandisa Pulumi uye zvakajairwa-chinangwa mitauro kodhi yezvivakwa (Infrastructure seCode) inopa akawanda mabhenefiti: kuwanikwa kwehunyanzvi uye ruzivo, kubviswa kweboilerplate mukodhi kuburikidza nekubvisa, zvishandiso zvinozivikanwa kuchikwata chako, senge IDE uye linters. Ese aya maturusi einjiniya esoftware haangoite kuti tiwedzere kugadzira, asi zvakare anovandudza kunaka kwekodhi yedu. Naizvozvo, zvinongoitika kuti kushandiswa kwemitauro-yechinangwa mitauro kunotitendera kuunza imwe yakakosha tsika yekuvandudza software - kuyedza.
Muchikamu chino, tichatarisa kuti Pulumi inotibatsira sei kuyedza yedu masisitimu-se-code.
Sei kuedza zvivakwa?
Usati waenda mune zvakadzama, zvakakodzera kubvunza mubvunzo: "Sei kuyedza zvivakwa zvachose?" Pane zvikonzero zvakawanda zveizvi uye hezvino zvimwe zvacho:
- Kuyedzwa kweyuniti yemabasa ega ega kana zvimedu zvechirongwa chako
- Inosimbisa mamiriro anodiwa ezvivakwa zvichipesana nezvimwe zvinonetsa.
- Kuonekwa kwezvikanganiso zvakajairika, sekushaikwa kwekunyorera kwebhaketi rekuchengetedza kana kusadzivirirwa, kuvhura kuvhura kubva paInternet kuenda kumashini chaiwo.
- Kuongorora kushandiswa kwekupa zvivakwa.
- Kuita yekumhanyisa nguva yekuyedza ye application logic inomhanya mukati me "programmed" zvivakwa kuti utarise mashandiro mushure mekupa.
- Sezvatinoona, kune huwandu hwakasiyana hwesarudzo dzekuyedza zvivakwa. Polumi ine michina yekuyedza panguva yese pane iyi spectrum. Ngatitangei tione kuti zvinoshanda sei.
Kuongororwa kweyuniti
Zvirongwa zvePulumi zvakanyorwa mumitauro-yechinangwa chekugadzirisa mitauro yakadai seJavaScript, Python, TypeScript kana Go. Naizvozvo, simba rakazara remitauro iyi, kusanganisira maturusi avo nemaraibhurari, kusanganisira maitiro ebvunzo, anowanikwa kwavari. Pulumi is multi-cloud, zvinoreva kuti inogona kushandiswa kuyedzwa kubva kune chero mupi wegore.
(Muchikamu chino, kunyangwe tiri mitauro yakawanda uye multicloud, isu tinoshandisa JavaScript neMocha uye tinotarisa paAWS. Unogona kushandisa Python unittest, Enda bvunzo chimiro, kana chero imwe bvunzo chimiro chaunoda. Uye, hongu, Pulumi inoshanda zvikuru neAzure, Google Cloud, Kubernetes.)
Sezvataona, pane zvikonzero zvakati nei iwe ungade kuyedza yako yekuvaka kodhi. Imwe yadzo ndeye yakajairwa unit test. Nekuti kodhi yako inogona kunge iine mabasa - semuenzaniso, kuverenga CIDR, zvine simba kuverenga mazita, ma tag, nezvimwe. - iwe ungangoda kuvayedza. Izvi zvakafanana nekunyora bvunzo dzenguva dzose dzemaapplication mumutauro wako waunofarira wekugadzira.
Kuti uwedzere kuomarara, unogona kutarisa kuti chirongwa chako chinogovera sei zviwanikwa. Kuenzanisira, ngatifungei kuti tinoda kugadzira iri nyore EC2 server uye tinoda kuve nechokwadi chezvinotevera:
- Zviitiko zvine tag
Name. - Zviitiko hazvifanirwe kushandisa inline script
userData- tinofanira kushandisa AMI (mufananidzo). - Panofanira kunge pasina SSH yakaburitswa paInternet.
Uyu muenzaniso unobva pane :
index.js:
"use strict";
let aws = require("@pulumi/aws");
let group = new aws.ec2.SecurityGroup("web-secgrp", {
ingress: [
{ protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] },
{ protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] },
],
});
let userData =
`#!/bin/bash
echo "Hello, World!" > index.html
nohup python -m SimpleHTTPServer 80 &`;
let server = new aws.ec2.Instance("web-server-www", {
instanceType: "t2.micro",
securityGroups: [ group.name ], // reference the group object above
ami: "ami-c55673a0" // AMI for us-east-2 (Ohio),
userData: userData // start a simple web server
});
exports.group = group;
exports.server = server;
exports.publicIp = server.publicIp;
exports.publicHostName = server.publicDns;
Iyi ndiyo yakakosha Pulumi chirongwa: inongogovera EC2 kuchengetedza boka uye muenzaniso. Zvisinei, zvinofanira kuonekwa kuti pano tiri kutyora mitemo yose mitatu yataurwa pamusoro apa. Ngatinyorei bvunzo!
Kunyora bvunzo
Iyo yakajairwa chimiro chebvunzo yedu inotaridzika seyenguva dzose Mocha bvunzo:
ec2tess.js
test.js:
let assert = require("assert");
let mocha = require("mocha");
let pulumi = require("@pulumi/pulumi");
let infra = require("./index");
describe("Infrastructure", function() {
let server = infra.server;
describe("#server", function() {
// TODO(check 1): Должен быть тэг Name.
// TODO(check 2): Не должно быть inline-скрипта userData.
});
let group = infra.group;
describe("#group", function() {
// TODO(check 3): Не должно быть SSH, открытого в Интернет.
});
});
Zvino ngatinyore bvunzo yedu yekutanga: ita shuwa kuti zviitiko zvine tag Name. Kuti utarise izvi isu tinongotora iyo EC2 muenzaniso chinhu uye tarisa inoenderana chivakwa tags:
// check 1: Должен быть тэг Name.
it("must have a name tag", function(done) {
pulumi.all([server.urn, server.tags]).apply(([urn, tags]) => {
if (!tags || !tags["Name"]) {
done(new Error(`Missing a name tag on server ${urn}`));
} else {
done();
}
});
});Inotaridzika seyeyedzo yenguva dzose, asi iine mashoma maficha akakosha kucherechedza:
- Nekuti isu tinobvunza mamiriro echishandiso tisati tatumirwa, bvunzo dzedu dzinogara dzichiitwa mu "chirongwa" (kana "preview") modhi. Nekudaro, kune akawanda zvivakwa ane hunhu husingazongodzorerwe kana kusazotsanangurwa. Izvi zvinosanganisira zvese zvinobuda zvivakwa zvakaverengerwa nemupi wako wegore. Izvi zvakajairika kumaedzo edu - isu tinongotarisa data rekuisa. Tichazodzokera kune iyi nyaya gare gare, kana zvasvika pakusangana bvunzo.
- Sezvo ese ePulumi zviwanikwa zviwanikwa zviri zvinobuda, uye mazhinji acho anoongororwa asynchronously, isu tinofanirwa kushandisa nzira yekushandisa kuwana iyo kukosha. Izvi zvakafanana zvikuru nezvipikirwa uye basa
then. - Sezvo isu tiri kushandisa akati wandei zvivakwa kuratidza iyo sosi URN mune yekukanganisa meseji, isu tinofanirwa kushandisa basa racho
pulumi.allkuvabatanidza. - Chekupedzisira, sezvo aya hunhu akaverengerwa asynchronously, isu tinofanirwa kushandisa Mocha yakavakirwa-mukati async callback chimiro.
donekana kudzorera vimbiso.
Kana tangomisa zvese kumusoro, tichave nekuwana kune izvo zvinopinza sezviri nyore JavaScript kukosha. Property tags imepu (associative array), saka tichangoita shuwa kuti (1) haisi yenhema, uye (2) pane kiyi ye Name. Zviri nyore uye ikozvino tinogona kuedza chero chinhu!
Zvino ngatinyore cheki yedu yechipiri. Zviri nyore:
// check 2: Не должно быть inline-скрипта userData.
it("must not use userData (use an AMI instead)", function(done) {
pulumi.all([server.urn, server.userData]).apply(([urn, userData]) => {
if (userData) {
done(new Error(`Illegal use of userData on server ${urn}`));
} else {
done();
}
});
});Uye pakupedzisira, ngatinyore bvunzo yechitatu. Izvi zvichava zvishoma zvakanyanya kuoma nokuti tiri kutsvaga mitemo yekupinda yakabatana neboka rekuchengetedza, iro rinogona kuva rakawanda, uye mitsara yeCIDR mumitemo iyoyo, iyo inogonawo kuva yakawanda. Asi takakwanisa:
// check 3: Не должно быть SSH, открытого в Интернет.
it("must not open port 22 (SSH) to the Internet", function(done) {
pulumi.all([ group.urn, group.ingress ]).apply(([ urn, ingress ]) => {
if (ingress.find(rule =>
rule.fromPort == 22 && rule.cidrBlocks.find(block =>
block === "0.0.0.0/0"))) {
done(new Error(`Illegal SSH port 22 open to the Internet (CIDR 0.0.0.0/0) on group ${urn}`));
} else {
done();
}
});
});Ndizvo zvose. Zvino ngatimhanyei bvunzo!
Kumhanya bvunzo
Muzviitiko zvakawanda, unogona kumhanyisa bvunzo nenzira yakajairwa, uchishandisa iyo test framework yesarudzo yako. Asi pane chimwe chimiro chePulumi chakakodzera kutarisisa.
Kazhinji, kushandisa mapurogiramu ePulumi, iyo pulimi CLI (Command Line interface) inoshandiswa, iyo inogadzirisa nguva yemutauro, inodzora kutangwa kwePulumi injini kuitira kuti kushanda nezvinhu zvinogona kunyorwa uye kuiswa muurongwa, nezvimwewo. Zvisinei, pane dambudziko rimwe chete. Paunenge uchimhanya pasi pekutonga kweiyo test framework, hapazove nekutaurirana pakati peCLI nePulumi injini.
Kuti tigadzirise nyaya iyi, tinofanira kungotsanangura zvinotevera:
- Zita reProjekti, iro riri mumhepo inoshanduka
PULUMI_NODEJS_PROJECT(kana, kazhinji,PULUMI__PROJECT для других языков).
Iro zita restack rinotsanangurwa mukusiyana kwezvakatipoteredzaPULUMI_NODEJS_STACK(kana, kazhinji,PULUMI__ STACK).
Yako stack configuration variables. Vanogona kuwanikwa vachishandisa an environment variablePULUMI_CONFIGuye fomati yavo ndeye JSON mepu ine kiyi/value pairs.Iyo purogiramu ichapa yambiro inoratidza kuti kubatana kune CLI / injini hakusi kuwanikwa panguva yekuuraya. Izvi zvakakosha nekuti chirongwa chako hachizonyatso kuendesa chero chinhu uye zvinogona kuuya sechishamiso kana zvisiri izvo zvawaida kuita! Kuti uudze Pulumi kuti izvi ndizvo chaizvo zvauri kuda, unogona kuisa
PULUMI_TEST_MODEвtrue.Fungidzira isu tinoda kutsanangura zita reprojekiti mukati
my-ws, stack namedev, uye AWS Dunhuus-west-2. Mutsetse wekuraira wekumhanyisa Mocha bvunzo uchaita seizvi:$ PULUMI_TEST_MODE=true PULUMI_NODEJS_STACK="my-ws" PULUMI_NODEJS_PROJECT="dev" PULUMI_CONFIG='{ "aws:region": "us-west-2" }' mocha tests.jsKuita izvi, sezvinotarisirwa, kuchatiratidza kuti tine bvunzo nhatu dzakakundikana!
Infrastructure #server 1) must have a name tag 2) must not use userData (use an AMI instead) #group 3) must not open port 22 (SSH) to the Internet 0 passing (17ms) 3 failing 1) Infrastructure #server must have a name tag: Error: Missing a name tag on server urn:pulumi:my-ws::my-dev::aws:ec2/instance:Instance::web-server-www 2) Infrastructure #server must not use userData (use an AMI instead): Error: Illegal use of userData on server urn:pulumi:my-ws::my-dev::aws:ec2/instance:Instance::web-server-www 3) Infrastructure #group must not open port 22 (SSH) to the Internet: Error: Illegal SSH port 22 open to the Internet (CIDR 0.0.0.0/0) on groupNgatigadzirise chirongwa chedu:
"use strict"; let aws = require("@pulumi/aws"); let group = new aws.ec2.SecurityGroup("web-secgrp", { ingress: [ { protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] }, ], }); let server = new aws.ec2.Instance("web-server-www", { tags: { "Name": "web-server-www" }, instanceType: "t2.micro", securityGroups: [ group.name ], // reference the group object above ami: "ami-c55673a0" // AMI for us-east-2 (Ohio), }); exports.group = group; exports.server = server; exports.publicIp = server.publicIp; exports.publicHostName = server.publicDns;Wobva wamhanyisa bvunzo zvakare:
Infrastructure #server ✓ must have a name tag ✓ must not use userData (use an AMI instead) #group ✓ must not open port 22 (SSH) to the Internet 3 passing (16ms)Zvose zvakafamba zvakanaka ... Hurray! ✓✓✓
Ndizvo zvanhasi chete, asi isu tichataura nezve kuendesa kuyedzwa muchikamu chechipiri cheshanduro 😉
Source: www.habr.com