Helper functions for describing AWS infrastructure
Project description
Helper functions for describing AWS infrastructure.
carvajal is particularly intended for writing tests, but can also be used for monitoring and auditing.
carvajal includes terraform helpers to look up variables, data sources, and other terraform objects.
carvajal has been in use for a few years now, but you should not consider it stable (yet). Pin your version in your requirements.txt, please, or be prepared to rewrite some of your tests on occasion. carvajal will always follow semantic versioning.
Complete documentation is at https://carvajal.readthedocs.io/en/latest/index.html.
Source code is at https://github.com/coalfire/carvajal.
usage
pip install carvajal
Create a test directory.
Write some tests for all of your instances in test/test_all.py:
import pytest
from carvajal import aws
def test_none_accept_ssh_from_world():
my_instances = aws.get_instances()
ssh_ingress_rules = aws.instances_ingress_rules_for_port(my_instances, 22)
actual = aws.rules_cidrs_and_security_groups(ssh_ingress_rules)
assert "0.0.0.0/0" not in actual["cidrs"]Run pytest.
philosophy and alternatives
carvajal has some guiding principals:
test deployed resources, not the deploy code.
make broad assertions about the state of your infrastructure - for instance:
nothing has 22 open from the world.
web instances only allow 443 in.
test in production.
It’s not that we are not going to test before we go to prod.
It is that we are going to continue testing once we reach prod.
use an existing language (in this case Python), rather than having new tools specific to Infrastructure-as-Code.
At least some users will not have to learn a new language
Users can choose from multiple test frameworks (pyunit, pytest, etc)
Users can integrate into other tools - for instance, prometheus exporters.
carvajal is only one of many tools for testing Infrastructure-as-Code.
we don’t think other Infrastructure-as-Code philosphies are wrong, but they do not accomplish what carvajal is trying to accomplish.
Some other tools you might consider are:
development
make helpto do
We need tests.
We need type hints.
Function names could do with a thorough review and setting a standard format.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file carvajal-0.2.1.tar.gz.
File metadata
- Download URL: carvajal-0.2.1.tar.gz
- Upload date:
- Size: 9.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.2 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1d91a1980842bf0571acdf08cfb39dc2c95166989973f09c231fe5ced2820f60 |
|
| MD5 | 18427385db9e22a61a5f4cd14b82a225 |
|
| BLAKE2b-256 | a35b80686c1de8d67d9e3c05204d831aa43aa96cd385024452ed8ea6a1c5341f |
