Galab wanaagsan sxb. Iyadoo la filayo bilowga socodka cusub ee heerka Waxaan kula wadaagaynaa turjumaad cusub. Tag
Isticmaalka luqadaha barnaamijka Pulumi iyo ujeeddooyinka guud ee koodhka kaabayaasha (Infrastructure as Code) waxay ku siinaysaa faa'iidooyin badan: helitaanka xirfadaha iyo aqoonta, baabi'inta kuleylka koodhka iyada oo loo marayo abstraction, aaladaha ay yaqaanaan kooxdaada, sida IDEs iyo linters. Dhammaan qalabkan software-ka ah ma aha oo kaliya inay naga dhigaan kuwo wax soo saar badan, laakiin sidoo kale waxay hagaajinayaan tayada koodkayaga. Sidaa darteed, waa wax dabiici ah in isticmaalka luuqadaha barnaamijyada ujeeddooyinka guud ay noo ogolaato inaan soo bandhigno dhaqan kale oo muhiim ah oo horumarinta software- tijaabinta.
Maqaalkan, waxaan ku eegi doonaa sida Pulumi nooga caawiso tijaabinta kaabayaasha-code-ka.
Maxaa loo tijaabiyaa kaabayaasha?
Kahor intaanan tafaasiil bixin, waxaa habboon in la is weydiiyo su'aasha: "Maxaa loo tijaabinayaa kaabayaasha gebi ahaanba?" Sababo badan baa jira, waxaana ka mid ah:
- Unug tijaabinta hawlaha gaarka ah ama jajabyada macquulka ah ee barnaamijkaaga
- Xaqiijiyaa xaaladda la doonayo ee kaabayaasha ka soo horjeeda caqabadaha qaarkood.
- Ogaanshaha khaladaadka caadiga ah, sida qarsoodi la'aanta baaldi kaydinta ama aan la ilaalin, ka furnaanta internetka ee mashiinnada farsamada.
- Hubinta hirgelinta bixinta kaabayaasha dhaqaalaha.
- Samaynta tijaabinta runtime ee macquulka codsiga ee ku dhex socda kaabayaashaaga “barnaamijka” si loo hubiyo shaqaynta ka dib bixinta.
- Sida aan arki karno, waxaa jira tiro balaadhan oo ah fursadaha tijaabada kaabayaasha. Polumi waxay leedahay habab lagu tijaabiyo meel kasta oo ka mid ah noocyadan. Aan bilowno oo aragno sida ay u shaqeyso.
Imtixaanka unugga
Barnaamijyada Pulumi waxaa lagu qoraa luqadaha barnaamijka guud ee ujeeddooyinka sida JavaScript, Python, TypeScript ama Go. Sidaa darteed, awoodda buuxda ee luqadahaas, oo ay ku jiraan qalabkooda iyo maktabadaha, oo ay ku jiraan qaababka imtixaannada, ayaa diyaar u ah iyaga. Pulumi waa daruuro badan, taas oo macnaheedu yahay in loo isticmaali karo tijaabinta bixiyaha daruuraha.
(Maqaalkan, inkasta oo aan ku hadlo luqado badan iyo kuwa badan, waxaan isticmaalnaa JavaScript iyo Mocha waxaanan diirada saareynaa AWS. Waxaad isticmaali kartaa Python. unittest, Tag qaabka tijaabada, ama qaab-dhismeedka imtixaan kasta oo kale oo aad jeceshahay. Iyo, dabcan, Pulumi waxay si weyn ula shaqeysaa Azure, Google Cloud, Kubernetes.)
Sidaan aragnay, waxaa jira dhowr sababood oo aad u rabto inaad tijaabiso code-gaaga kaabayaasha. Mid ka mid ah waa tijaabada unugyada caadiga ah. Sababtoo ah koodkaagu wuxuu yeelan karaa shaqooyin - tusaale ahaan, si loo xisaabiyo CIDR, si firfircoon u xisaabi magacyada, tags, iwm. - Waxay u badan tahay inaad rabto inaad tijaabiso. Tani waxay la mid tahay qorista imtixaannada cutubka caadiga ah ee codsiyada luqadda barnaamijyada aad jeceshahay.
Si aad u hesho in yar oo dhib badan, waxaad hubin kartaa sida barnaamijkaagu u qoondeeyo ilaha. Si aan u qeexno, aan qiyaasno inaan u baahanahay inaan abuurno server EC2 fudud oo aan rabno inaan hubinno kuwa soo socda:
- Tusaalooyinka waxay leeyihiin sumad
Name. - Tusaalooyinka waa in aysan isticmaalin qoraalka khadka
userData- waa in aan isticmaalno AMI (sawir). - Waa in aanu jirin SSH oo soo gaadhin internetka.
Tusaalahani wuxuu ku salaysan yahay :
index.js:
"use strict";
let aws = require("@pulumi/aws");
let group = new aws.ec2.SecurityGroup("web-secgrp", {
ingress: [
{ protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] },
{ protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] },
],
});
let userData =
`#!/bin/bash
echo "Hello, World!" > index.html
nohup python -m SimpleHTTPServer 80 &`;
let server = new aws.ec2.Instance("web-server-www", {
instanceType: "t2.micro",
securityGroups: [ group.name ], // reference the group object above
ami: "ami-c55673a0" // AMI for us-east-2 (Ohio),
userData: userData // start a simple web server
});
exports.group = group;
exports.server = server;
exports.publicIp = server.publicIp;
exports.publicHostName = server.publicDns;
Kani waa barnaamijka aasaasiga ah ee Pulumi: waxay si fudud u qoondaynaysaa kooxda amniga ee EC2 iyo tusaale. Si kastaba ha ahaatee, waa in la ogaadaa in halkan aan ku jebineyno dhammaan saddexda xeer ee kor ku xusan. Aynu qorno imtixaannada!
Imtixaanada qoraalka
Qaab dhismeedka guud ee imtixaanadeenu wuxuu u ekaan doonaa imtixaanada Mocha caadiga ah:
ec2tests.js
test.js:
let assert = require("assert");
let mocha = require("mocha");
let pulumi = require("@pulumi/pulumi");
let infra = require("./index");
describe("Infrastructure", function() {
let server = infra.server;
describe("#server", function() {
// TODO(check 1): Должен быть тэг Name.
// TODO(check 2): Не должно быть inline-скрипта userData.
});
let group = infra.group;
describe("#group", function() {
// TODO(check 3): Не должно быть SSH, открытого в Интернет.
});
});
Hadda aan qorno tijaabadayada ugu horreysa: hubi in tusaalooyinku leeyihiin calaamadda Name. Si loo hubiyo tan waxaan si fudud u helnaa shayga tusaalaha EC2 oo aan hubinno hantida u dhiganta tags:
// check 1: Должен быть тэг Name.
it("must have a name tag", function(done) {
pulumi.all([server.urn, server.tags]).apply(([urn, tags]) => {
if (!tags || !tags["Name"]) {
done(new Error(`Missing a name tag on server ${urn}`));
} else {
done();
}
});
});Waxay u egtahay imtixaan caadi ah, laakiin leh astaamo dhowr ah oo mudan in la xuso:
- Sababtoo ah waxaan waydiinnaa xaalada kheyraadka ka hor inta aan la dirin, imtixaanadayada waxaa had iyo jeer lagu socodsiiyaa qaabka "qorshaha" (ama "fiiri"). Sidaa darteed, waxaa jira guryo badan oo qiyamkooda aan si fudud loo soo saari doonin ama aan la qeexi doonin. Tan waxaa ku jira dhammaan guryaha wax soo saarka ee uu xisaabiyo bixiyahaaga daruuraha. Tani waa wax caadi u ah imtixaanadayada - waxaan kaliya eegi karnaa xogta gelinta. Arintan dib ayaan ugu soo laaban doonaa, marka ay timaado imtixaanada laqabsashada.
- Maadaama dhammaan agabka agabka Pulumi ay yihiin wax-soo-saar, qaar badan oo iyaga ka mid ahna si isku mid ah ayaa loo qiimeeyay, waxaan u baahanahay inaan isticmaalno habka codsashada si aan u helno qiimayaasha. Tani waxay aad ula mid tahay ballanqaadyada iyo shaqada
then. - Maadaama aan isticmaaleyno dhowr guri si aan u muujino URL-ka kheyraadka fariinta qaladka, waxaan u baahanahay inaan isticmaalno shaqada
pulumi.allin la isku daro. - Ugu dambeyntii, maadaama qiyamkan loo xisaabiyo si isku mid ah, waxaan u baahanahay inaan isticmaalno Mocha's async callback feature
doneama soo celin ballan.
Mar alla markii aan wax walba dejinno, waxaan heli doonnaa galitaanka sida qiyamka JavaScript fudud. Hanti tags waa khariidad (array associative), markaa waxaanu hubin doonaa inay (1) been ahayn, iyo (2) inuu jiro furaha Name. Aad bay u fududahay oo hadda waanu tijaabin karnaa wax kasta!
Hadda aan qorno jeegaga labaad. Xitaa way ka sahlan tahay:
// check 2: Не должно быть inline-скрипта userData.
it("must not use userData (use an AMI instead)", function(done) {
pulumi.all([server.urn, server.userData]).apply(([urn, userData]) => {
if (userData) {
done(new Error(`Illegal use of userData on server ${urn}`));
} else {
done();
}
});
});Ugu dambayntii, aan qorno imtixaanka saddexaad. Tani waxay noqon doontaa wax yar oo dhib badan sababtoo ah waxaan raadineynaa sharciyada gelitaanka ee la xidhiidha kooxda amniga, kuwaas oo ay jiri karaan qaar badan, iyo CIDR waxay u kala duwan yihiin sharciyadaas, kuwaas oo ay sidoo kale jiri karaan kuwo badan. Laakiin waanu maamulnay:
// check 3: Не должно быть SSH, открытого в Интернет.
it("must not open port 22 (SSH) to the Internet", function(done) {
pulumi.all([ group.urn, group.ingress ]).apply(([ urn, ingress ]) => {
if (ingress.find(rule =>
rule.fromPort == 22 && rule.cidrBlocks.find(block =>
block === "0.0.0.0/0"))) {
done(new Error(`Illegal SSH port 22 open to the Internet (CIDR 0.0.0.0/0) on group ${urn}`));
} else {
done();
}
});
});Waa intaas. Hadda aynu wadno imtixaanada!
Imtixaannada socda
Inta badan, waxaad samayn kartaa imtixaanada si caadi ah, adoo isticmaalaya qaabka imtixaanka ee aad dooratay. Laakiin waxaa jira hal sifo oo Pulumi ah oo mudan in fiiro gaar ah loo yeesho.
Caadi ahaan, si loo socodsiiyo barnaamijyada Pulumi, pulimi CLI (Command Line interface) ayaa la isticmaalaa, kaas oo habeeya wakhtiga luqadda, koontaroolaya bilaabista matoorka Pulumi si hawlaha agabka leh loogu duubo looguna daro qorshaha, iwm. Si kastaba ha ahaatee, waxaa jira hal dhibaato. Markaad ku hoos socoto xakamaynta qaabka tijaabadaada, ma jiri doonto xidhiidh ka dhexeeya CLI iyo matoorka Pulumi.
Si aan arrintan uga gudubno, waxaan kaliya u baahanahay inaan sheegno kuwa soo socda:
- Magaca mashruuca, kaas oo ka kooban doorsoomaha deegaanka
PULUMI_NODEJS_PROJECT(ama, guud ahaan,PULUMI__PROJECT для других языков).
Magaca xidhmada ku qeexan doorsoomaha deegaankaPULUMI_NODEJS_STACK(ama, guud ahaan,PULUMI__ STACK).
Doorsoomayaasha qaabeyntaada xirmada Waxaa lagu heli karaa iyadoo la isticmaalayo doorsoome deegaanPULUMI_CONFIGqaabkooduna waa khariidad JSON oo leh lamaane fure/qiimo leh.Barnaamijku wuxuu soo saari doonaa digniino tilmaamaya in xidhiidhka CLI/matoorka aan la heli karin inta lagu jiro fulinta. Tani waa muhiim sababtoo ah barnaamijkaagu run ahaantii waxba ma daabulayo waxaana laga yaabaa inay la yaabto haddii taasi aysan ahayn waxaad damacsan tahay inaad sameyso! Si aad Pulumi ugu sheegto in tani ay tahay waxa aad u baahan tahay, waad rakibi kartaa
PULUMI_TEST_MODEвtrue.Bal qiyaas inaan u baahanahay inaan sheegno magaca mashruuca
my-ws, magaca rasodev, iyo Gobolka AWSus-west-2. Khadka taliska ee socodsiinta imtixaannada Mocha wuxuu u ekaan doonaa sidan:$ PULUMI_TEST_MODE=true PULUMI_NODEJS_STACK="my-ws" PULUMI_NODEJS_PROJECT="dev" PULUMI_CONFIG='{ "aws:region": "us-west-2" }' mocha tests.jsSamaynta tan, sidii la filayey, waxay ina tusin doontaa in aan helnay saddex imtixaan oo fashilmay!
Infrastructure #server 1) must have a name tag 2) must not use userData (use an AMI instead) #group 3) must not open port 22 (SSH) to the Internet 0 passing (17ms) 3 failing 1) Infrastructure #server must have a name tag: Error: Missing a name tag on server urn:pulumi:my-ws::my-dev::aws:ec2/instance:Instance::web-server-www 2) Infrastructure #server must not use userData (use an AMI instead): Error: Illegal use of userData on server urn:pulumi:my-ws::my-dev::aws:ec2/instance:Instance::web-server-www 3) Infrastructure #group must not open port 22 (SSH) to the Internet: Error: Illegal SSH port 22 open to the Internet (CIDR 0.0.0.0/0) on groupAan hagaajino barnaamijkeena:
"use strict"; let aws = require("@pulumi/aws"); let group = new aws.ec2.SecurityGroup("web-secgrp", { ingress: [ { protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] }, ], }); let server = new aws.ec2.Instance("web-server-www", { tags: { "Name": "web-server-www" }, instanceType: "t2.micro", securityGroups: [ group.name ], // reference the group object above ami: "ami-c55673a0" // AMI for us-east-2 (Ohio), }); exports.group = group; exports.server = server; exports.publicIp = server.publicIp; exports.publicHostName = server.publicDns;Kaddibna wad imtixaannada mar kale:
Infrastructure #server ✓ must have a name tag ✓ must not use userData (use an AMI instead) #group ✓ must not open port 22 (SSH) to the Internet 3 passing (16ms)Wax walba si fiican ayay u socdeen... Hurray! ✓✓✓
Taasi waa dhan maanta, laakiin waxaan ka hadli doonaa tijaabinta geynta qaybta labaad ee tarjumaada 😉
Source: www.habr.com