问题描述

当我们说 cloudformation 是基础设施即代码"时，立即想到的下一个问题是如何测试此代码.我们可以对这段代码做一些基本的单元测试吗

When we say that cloudformation is 'Infrastructure as Code', the next question that immediately comes to mind is how can this code be tested.Can we do some sort of basic unit test of this code

我对 cloudformation 验证不屑一顾，因为这只是一种进行语法验证的方式，而且我可以使用任何其他免费的 JSON/YAML 验证器进行验证.

And I am discounting the cloudformation validation because that just is a way of doing syntactic validation, and that I can do with any other free JSON/YAML validator.

我更倾向于某种功能验证，可能是测试我已经定义了所有用作引用的变量.可能测试我使用的任何属性实际上是该组件支持的属性

I am more inclined towards some sort of functional validation, possibly testing that I have defined all the variables that are used as references.Possibly testing that whatever properties I am using are actually supported ones for that component

没想到它应该测试权限是否正确或我没有用尽我的限制.但至少有一些超出基本 JSON/YAML 语法验证的内容

Not expected that it should test if the permissions are correct or that I have not exhausted my limits. But atleast something beyond the basic JSON/YAML syntax validation

推荐答案

以下是如何将几种测试软件方法应用于 CloudFormation 模板/堆栈的细分:

Here's a breakdown of how several methods of testing software can be applied to CloudFormation templates/stacks:

对于 linting(检查 CloudFormation 模板代码的语法/语法正确性)，您可以使用 ValidateTemplate API 用于检查基本模板结构，以及 CreateChangeSet API 用于更详细地验证您的资源属性.

For linting (checking CloudFormation-template code for syntax/grammar correctness), you can use the ValidateTemplate API to check basic template structure, and the CreateChangeSet API to verify your Resource properties in more detail.

• 请注意，ValidateTemplate 执行比简单的 JSON/YAML 语法检查器更彻底的检查 - 它验证正确的 模板剖析，内在函数，以及所有Ref 值.
• ValidateTemplate 检查基本的 CloudFormation 语法，但不会根据特定的属性架构验证模板的资源.为了根据 AWS 资源类型检查模板的参数、资源和属性的结构，如果任何参数或资源属性格式不正确，CreateChangeSet 应返回错误.

• Note that ValidateTemplate performs a much more thorough check than a simple JSON/YAML syntax checker- it validates correct Template Anatomy, correct syntax/usage of Intrinsic Functions, and correct resolution of all Ref values.
• ValidateTemplate checks basic CloudFormation syntax, but doesn't verify your template's Resources against specific property schemas. For checking the structure of your template's Parameters, Resources and Properties against AWS Resource types, CreateChangeSet should return an error if any parameters or resource properties are not well-formed.

执行单元测试首先需要回答以下问题:可以/应该测试的最小独立单元功能是什么?对于 CloudFormation，我认为最小的可测试单元是 Resource.

Performing unit testing first requires an answer to the question: what is the smallest self-contained unit of functionality that can/should be tested? For CloudFormation, I believe that the smallest testable unit is the Resource.

官方 AWS 资源类型 由 AWS 支持/维护(无论如何都是专有实现)，因此不需要最终用户开发人员编写任何额外的单元测试.

The official AWS Resource Types are supported/maintained by AWS (and are proprietary implementations anyway) so don't require any additional unit tests written by end-user developers.

但是，您自己的自定义资源可以而且应该进行单元测试.这可以使用实现自己语言中的合适测试框架来完成(例如，对于 Lambda 支持的自定义资源，可能是像 lambda-tester 将是一个很好的起点.

However, your own Custom Resources could and should be unit-tested. This can be done using a suitable testing framework in the implementation's own language (e.g., for Lambda-backed Custom Resources, perhaps a library like lambda-tester would be a good starting point).

这是 CloudFormation 堆栈(主要用于将各种资源绑定到一个集成应用程序中)最重要和最相关的测试类型，也是可以使用更多细化和最佳实践开发的类型.以下是关于如何通过实际创建/更新包含真实 AWS 资源的完整堆栈来集成测试 CloudFormation 代码的一些初步想法:

This is the most important and relevant type of testing for CloudFormation stacks (which mostly serve to tie various Resources together into an integrated application), and also the type that could use more refinement and best-practice development. Here are some initial ideas on how to integration-test CloudFormation code by actually creating/updating full stacks containing real AWS resources:

• 使用脚本语言，使用该语言的 AWS 开发工具包执行 CloudFormation 堆栈创建.设计模板以返回堆栈 输出 反映行为你想测试的.在脚本语言创建堆栈后，将堆栈输出与预期值进行比较(然后在清理过程中选择删除堆栈).
• 使用 AWS::CloudFormation::WaitCondition 资源来表示成功的测试/断言，因此堆栈创建成功表示集成测试运行成功，堆栈创建失败表示集成测试运行失败.

• Using a scripting language, perform a CloudFormation stack creation using the language's AWS SDK. Design the template to return Stack Outputs reflecting behavior that you want to test. After the stack is created by the scripting language, compare the stack outputs against expected values (and then optionally delete the stack afterwards in a cleanup process).
• Use AWS::CloudFormation::WaitCondition resources to represent successful tests/assertions, so that a successful stack creation indicates a successful integration-test run, and a failed stack creation indicates a failed integration-test run.

除了 CloudFormation，在测试基础设施即代码领域，一个值得一提的有趣工具是 kitchen-terraform，一组用于 Test Kitchen 的插件，可让您为 Terraform 模块编写全自动集成测试套件.最终可以为 CloudFormation 构建类似的集成测试工具，但尚不存在.

Beyond CloudFormation, one interesting tool worth mentioning in the space of testing infrastructure-as-code is kitchen-terraform, a set of plugins for Test Kitchen which allow you to write fully-automated integration test suites for Terraform modules. A similar integration-testing harness could eventually be built for CloudFormation, but doesn't exist yet.

这篇关于有没有办法对 AWS Cloudformation 模板进行单元测试的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！