feat: DB v2 test default db

package.json

@@ -55,6 +55,8 @@
     "@aws-sdk/client-efs": "^3.758.0",
     "@aws-sdk/client-elastic-load-balancing-v2": "^3.764.0",
     "@aws-sdk/client-elasticache": "^3.901.0",
+    "@aws-sdk/client-kms": "^3.943.0",
+    "@aws-sdk/client-rds": "^3.943.0",
     "@aws-sdk/client-route-53": "^3.782.0",
     "@aws-sdk/client-secrets-manager": "^3.906.0",
     "@aws-sdk/client-servicediscovery": "^3.758.0",

src/v2/components/database/index.ts

@@ -1,6 +1,6 @@
-import * as aws from '@pulumi/aws';
+import * as aws from '@pulumi/aws-v7';
 import * as awsNative from '@pulumi/aws-native';
-import * as awsx from '@pulumi/awsx';
+import * as awsx from '@pulumi/awsx-v3';
 import * as pulumi from '@pulumi/pulumi';
 import { Password } from '../../../components/password';
 import { commonTags } from '../../../constants';

tests/build/index.tst.ts

@@ -4,6 +4,8 @@ import { describe, expect, it } from 'tstyche';
 import { next as studion } from '@studion/infra-code-blocks';
 import { OtelCollector } from '../../dist/v2/otel';
 import { OtelCollectorBuilder } from '../../dist/v2/otel/builder';
+import { Database } from '../../dist/v2/components/database';
+import { DatabaseBuilder } from '../../dist/v2/components/database/builder';
 
 describe('Build output', () => {
   describe('ECS Service', () => {
@@ -257,4 +259,87 @@ describe('Build output', () => {
       });
     });
   });
+
+  describe('Database', () => {
+    it.skip('should export Database', () => {
+      expect(studion).type.toHaveProperty('Database');
+    });
+
+    it.skip('should export DatabaseBuilder', () => {
+      expect(studion).type.toHaveProperty('DatabaseBuilder');
+    });
+
+    describe('Instantiation', () => {
+      it('should construct Database', () => {
+        expect(Database).type.toBeConstructableWith('db-test', {
+          vpc: new awsx.ec2.Vpc('vpcName'),
+          dbName: 'dbName',
+          username: 'username',
+        });
+      });
+
+      it('should construct DatabaseBuilder', () => {
+        expect(DatabaseBuilder).type.toBeConstructableWith('db-test');
+      });
+    });
+
+    describe('Builder', () => {
+      const builder = new DatabaseBuilder('db-test');
+
+      it('should have build method', () => {
+        expect(builder.build).type.toBeCallableWith();
+      });
+
+      it('should have withInstance method', () => {
+        expect(builder.withInstance).type.toBeCallableWith({
+          dbName: 'dbName',
+        });
+      });
+
+      it('should have withCredentials method', () => {
+        expect(builder.withCredentials).type.toBeCallableWith({
+          username: 'username',
+          password: 'password',
+        });
+      });
+
+      it('should have withStorage method', () => {
+        expect(builder.withStorage).type.toBeCallableWith({
+          allocatedStorage: 50,
+          maxAllocatedStorage: 200,
+        });
+      });
+
+      it('should have withVpc method', () => {
+        expect(builder.withVpc).type.toBeCallableWith(
+          new awsx.ec2.Vpc('vpcName'),
+        );
+      });
+
+      it('should have withMonitoring method', () => {
+        expect(builder.withMonitoring).type.toBeCallableWith();
+      });
+
+      it('should have withSnapshot method', () => {
+        expect(builder.withSnapshot).type.toBeCallableWith('snapshot-id');
+      });
+
+      it('should have withKms method', () => {
+        expect(builder.withKms).type.toBeCallableWith('kms-key-id');
+      });
+
+      it('should have withParameterGroup method', () => {
+        expect(builder.withParameterGroup).type.toBeCallableWith(
+          'parameter-group-name',
+        );
+      });
+
+      it('should have withTags method', () => {
+        expect(builder.withTags).type.toBeCallableWith({
+          Project: 'db-test',
+          Environment: 'dev',
+        });
+      });
+    });
+  });
 });

tests/database/index.test.ts

@@ -0,0 +1,205 @@
+import { describe, before, after } from 'node:test';
+import {
+  DescribeDBInstancesCommand,
+  DescribeDBSubnetGroupsCommand,
+} from '@aws-sdk/client-rds';
+import {
+  DescribeKeyCommand,
+  GetKeyRotationStatusCommand,
+} from '@aws-sdk/client-kms';
+import {
+  DescribeSecurityGroupsCommand,
+  IpPermission,
+} from '@aws-sdk/client-ec2';
+import * as assert from 'node:assert';
+import * as automation from '../automation';
+import { cleanupSnapshots } from './util';
+import * as config from './infrastructure/config';
+import { DatabaseTestContext } from './test-context';
+import { EC2Client } from '@aws-sdk/client-ec2';
+import { InlineProgramArgs } from '@pulumi/pulumi/automation';
+import { it } from 'node:test';
+import { KMSClient } from '@aws-sdk/client-kms';
+import { RDSClient } from '@aws-sdk/client-rds';
+import { requireEnv } from '../util';
+
+const programArgs: InlineProgramArgs = {
+  stackName: 'dev',
+  projectName: 'icb-test-database',
+  program: () => import('./infrastructure'),
+};
+
+const region = requireEnv('AWS_REGION');
+const ctx: DatabaseTestContext = {
+  outputs: {},
+  config,
+  clients: {
+    rds: new RDSClient({ region }),
+    ec2: new EC2Client({ region }),
+    kms: new KMSClient({ region }),
+  },
+};
+
+describe('Database component deployment', () => {
+  before(async () => {
+    ctx.outputs = await automation.deploy(programArgs);
+  });
+
+  after(async () => {
+    await automation.destroy(programArgs);
+    await cleanupSnapshots(ctx);
+  });
+
+  it('should create a database', async () => {
+    const database = ctx.outputs.defaultDb.value;
+
+    assert.ok(database, 'Database should be defined');
+    assert.strictEqual(
+      database.name,
+      `${ctx.config.appName}-default-db`,
+      'Database should have correct name',
+    );
+    assert.ok(database.instance, 'Database instance should be defined');
+
+    const command = new DescribeDBInstancesCommand({
+      DBInstanceIdentifier: database.instance.dbInstanceIdentifier,
+    });
+
+    const { DBInstances } = await ctx.clients.rds.send(command);
+    assert.ok(
+      DBInstances && DBInstances.length === 1,
+      'Database instance should be created',
+    );
+    const [DBInstance] = DBInstances;
+    assert.strictEqual(
+      DBInstance.DBInstanceIdentifier,
+      database.instance.dbInstanceIdentifier,
+      'Database instance identifier should match',
+    );
+  });
+
+  it('should create other resources', () => {
+    const database = ctx.outputs.defaultDb.value;
+
+    assert.ok(database.dbSecurityGroup, 'Db security group should be defined');
+    assert.ok(database.dbSubnetGroup, 'Db subnet group should be defined');
+    assert.ok(database.kmsKeyId, 'Kms key id should be defined');
+    assert.ok(database.password, 'Password should be defined');
+  });
+
+  it('should configure database instance with correct defaults', () => {
+    const instance = ctx.outputs.defaultDb.value.instance;
+
+    assert.partialDeepStrictEqual(
+      instance,
+      {
+        dbName: ctx.config.dbName,
+        masterUsername: ctx.config.dbUsername,
+        multiAz: false,
+        applyImmediately: false,
+        allocatedStorage: '20',
+        maxAllocatedStorage: 100,
+        dbInstanceClass: 'db.t4g.micro',
+        enablePerformanceInsights: false,
+        allowMajorVersionUpgrade: false,
+        autoMinorVersionUpgrade: true,
+        engineVersion: '17.2',
+        engine: 'postgres',
+        storageEncrypted: true,
+        publiclyAccessible: false,
+      },
+      'Database instance should be configured correctly',
+    );
+  });
+
+  it('should create subnet group in the correct VPC', async () => {
+    const database = ctx.outputs.defaultDb.value;
+    const vpc = ctx.outputs.vpc.value;
+    const dbSubnetGroupName = database.dbSubnetGroup.name;
+
+    const command = new DescribeDBSubnetGroupsCommand({
+      DBSubnetGroupName: dbSubnetGroupName,
+    });
+
+    const { DBSubnetGroups } = await ctx.clients.rds.send(command);
+    assert.ok(
+      DBSubnetGroups && DBSubnetGroups.length > 0,
+      'DB subnet groups should exist',
+    );
+    const [subnetGroup] = DBSubnetGroups;
+    assert.strictEqual(
+      subnetGroup.VpcId,
+      vpc.vpc.vpcId,
+      'DB subnet group should be in the correct VPC',
+    );
+    assert.ok(
+      subnetGroup.Subnets && subnetGroup.Subnets.length > 0,
+      'DB subnet group should have subnets',
+    );
+  });
+
+  it('should create a security group with correct ingress rules', async () => {
+    const database = ctx.outputs.defaultDb.value;
+    const vpc = ctx.outputs.vpc.value;
+    const dbSecurityGroupId = database.dbSecurityGroup.id;
+
+    const command = new DescribeSecurityGroupsCommand({
+      GroupIds: [dbSecurityGroupId],
+    });
+    const { SecurityGroups } = await ctx.clients.ec2.send(command);
+    assert.ok(
+      SecurityGroups && SecurityGroups.length > 0,
+      'DB security groups should exist',
+    );
+    const [securityGroup] = SecurityGroups;
+    assert.strictEqual(
+      securityGroup.VpcId,
+      vpc.vpc.vpcId,
+      'DB security group should be in the correct VPC',
+    );
+
+    const postgresRule = securityGroup.IpPermissions?.find(
+      (rule: IpPermission) => rule.FromPort === 5432 && rule.ToPort === 5432,
+    );
+    assert.ok(postgresRule, 'Should have postgres port 5432 ingress rule');
+    assert.strictEqual(
+      postgresRule.IpProtocol,
+      'tcp',
+      'Should allow TCP protocol',
+    );
+  });
+
+  it('should create a correctly configured RDS KMS key', async () => {
+    const database = ctx.outputs.defaultDb.value;
+    const kmsKeyId = database.kmsKeyId;
+
+    const describeCommand = new DescribeKeyCommand({
+      KeyId: kmsKeyId,
+    });
+    const { KeyMetadata } = await ctx.clients.kms.send(describeCommand);
+    assert.strictEqual(
+      KeyMetadata?.KeySpec,
+      'SYMMETRIC_DEFAULT',
+      'KMS key should use SYMMETRIC_DEFAULT spec',
+    );
+    assert.strictEqual(
+      KeyMetadata.KeyUsage,
+      'ENCRYPT_DECRYPT',
+      'KMS key should be used for encryption/decryption',
+    );
+    assert.strictEqual(KeyMetadata.Enabled, true, 'KMS key should be enabled');
+    assert.strictEqual(
+      KeyMetadata.MultiRegion,
+      false,
+      'KMS key should not be multi-region',
+    );
+
+    const rotationCmd = new GetKeyRotationStatusCommand({ KeyId: kmsKeyId });
+    const { KeyRotationEnabled } = await ctx.clients.kms.send(rotationCmd);
+    assert.strictEqual(
+      KeyRotationEnabled,
+      true,
+      'KMS key rotation should be enabled',
+    );
+  });
+});

tests/database/infrastructure/config.ts

@@ -0,0 +1,3 @@
+export const appName = 'db-test';
+export const dbName = 'dbname';
+export const dbUsername = 'dbusername';

tests/database/infrastructure/index.ts

@@ -0,0 +1,17 @@
+import { appName, dbName, dbUsername } from './config';
+import { next as studion } from '@studion/infra-code-blocks';
+import { DatabaseBuilder } from '../../../dist/v2/components/database/builder';
+
+const vpc = new studion.Vpc(`${appName}-vpc`, {});
+
+const defaultDb = new DatabaseBuilder(`${appName}-default-db`)
+  .withInstance({
+    dbName,
+  })
+  .withCredentials({
+    username: dbUsername,
+  })
+  .withVpc(vpc.vpc)
+  .build();
+
+export { vpc, defaultDb };

tests/database/test-context.ts

@@ -0,0 +1,31 @@
+import { EC2Client } from '@aws-sdk/client-ec2';
+import { KMSClient } from '@aws-sdk/client-kms';
+import { OutputMap } from '@pulumi/pulumi/automation';
+import { RDSClient } from '@aws-sdk/client-rds';
+
+interface ConfigContext {
+  config: DatabaseTestConfig;
+}
+
+interface DatabaseTestConfig {
+  appName: string;
+  dbName: string;
+  dbUsername: string;
+}
+
+interface PulumiProgramContext {
+  outputs: OutputMap;
+}
+
+interface AwsContext {
+  clients: {
+    rds: RDSClient;
+    ec2: EC2Client;
+    kms: KMSClient;
+  };
+}
+
+export interface DatabaseTestContext
+  extends ConfigContext,
+    PulumiProgramContext,
+    AwsContext {}