feat: DB v2 test default db

package.json

@@ -53,6 +53,8 @@
     "@aws-sdk/client-efs": "^3.758.0",
     "@aws-sdk/client-elastic-load-balancing-v2": "^3.764.0",
     "@aws-sdk/client-elasticache": "^3.901.0",
+    "@aws-sdk/client-kms": "^3.943.0",
+    "@aws-sdk/client-rds": "^3.943.0",
     "@aws-sdk/client-route-53": "^3.782.0",
     "@aws-sdk/client-secrets-manager": "^3.906.0",
     "@aws-sdk/client-servicediscovery": "^3.758.0",

tests/build/index.tst.ts

@@ -4,6 +4,8 @@ import { describe, expect, it } from 'tstyche';
 import { next as studion } from '@studion/infra-code-blocks';
 import { OtelCollector } from '../../dist/v2/otel';
 import { OtelCollectorBuilder } from '../../dist/v2/otel/builder';
+import { Database } from '../../dist/v2/components/database';
+import { DatabaseBuilder } from '../../dist/v2/components/database/builder';
 
 describe('Build output', () => {
   describe('ECS Service', () => {
@@ -257,4 +259,87 @@ describe('Build output', () => {
       });
     });
   });
+
+  describe('Database', () => {
+    it.skip('should export Database', () => {
+      expect(studion).type.toHaveProperty('Database');
+    });
+
+    it.skip('should export DatabaseBuilder', () => {
+      expect(studion).type.toHaveProperty('DatabaseBuilder');
+    });
+
+    describe('Instantiation', () => {
+      it('should construct Database', () => {
+        expect(Database).type.toBeConstructableWith('db-test', {
+          vpc: new awsx.ec2.Vpc('vpcName'),
+          dbName: 'dbName',
+          username: 'username',
+        });
+      });
+
+      it('should construct DatabaseBuilder', () => {
+        expect(DatabaseBuilder).type.toBeConstructableWith('db-test');
+      });
+    });
+
+    describe('Builder', () => {
+      const builder = new DatabaseBuilder('db-test');
+
+      it('should have build method', () => {
+        expect(builder.build).type.toBeCallableWith();
+      });
+
+      it('should have withInstance method', () => {
+        expect(builder.withInstance).type.toBeCallableWith({
+          dbName: 'dbName',
+        });
+      });
+
+      it('should have withCredentials method', () => {
+        expect(builder.withCredentials).type.toBeCallableWith({
+          username: 'username',
+          password: 'password',
+        });
+      });
+
+      it('should have withStorage method', () => {
+        expect(builder.withStorage).type.toBeCallableWith({
+          allocatedStorage: 50,
+          maxAllocatedStorage: 200,
+        });
+      });
+
+      it('should have withVpc method', () => {
+        expect(builder.withVpc).type.toBeCallableWith(
+          new awsx.ec2.Vpc('vpcName'),
+        );
+      });
+
+      it('should have withMonitoring method', () => {
+        expect(builder.withMonitoring).type.toBeCallableWith();
+      });
+
+      it('should have withSnapshot method', () => {
+        expect(builder.withSnapshot).type.toBeCallableWith('snapshot-id');
+      });
+
+      it('should have withKms method', () => {
+        expect(builder.withKms).type.toBeCallableWith('kms-key-id');
+      });
+
+      it('should have withParameterGroup method', () => {
+        expect(builder.withParameterGroup).type.toBeCallableWith(
+          'parameter-group-name',
+        );
+      });
+
+      it('should have withTags method', () => {
+        expect(builder.withTags).type.toBeCallableWith({
+          Project: 'db-test',
+          Environment: 'dev',
+        });
+      });
+    });
+  });
 });

tests/database/default-db.test.ts

@@ -0,0 +1,198 @@
+import {
+  DescribeKeyCommand,
+  GetKeyRotationStatusCommand,
+} from '@aws-sdk/client-kms';
+import {
+  DescribeSecurityGroupsCommand,
+  IpPermission,
+} from '@aws-sdk/client-ec2';
+import * as assert from 'node:assert';
+import { DatabaseTestContext } from './test-context';
+import { DescribeDBSubnetGroupsCommand } from '@aws-sdk/client-rds';
+import { it } from 'node:test';
+
+export function testDefaultDb(ctx: DatabaseTestContext) {
+  it('should create a database and all other resources', () => {
+    const database = ctx.outputs.defaultDb.value;
+
+    assert.ok(database, 'Database should be defined');
+    assert.strictEqual(
+      database.name,
+      `${ctx.config.appName}-default`,
+      'Database should have correct name',
+    );
+
+    assert.ok(database.instance, 'Db instance should be defined');
+    assert.ok(database.dbSecurityGroup, 'Db security group should be defined');
+    assert.ok(database.dbSubnetGroup, 'Db subnet group should be defined');
+    assert.ok(database.kmsKeyId, 'Kms key id should be defined');
+    assert.ok(database.password, 'Password should be defined');
+  });
+
+  it('should create database instance with correct default configuration', () => {
+    const instance = ctx.outputs.defaultDb.value.instance;
+
+    assert.strictEqual(
+      instance.dbName,
+      ctx.config.dbName,
+      'Database instance should have correct dbName',
+    );
+    assert.strictEqual(
+      instance.masterUsername,
+      ctx.config.dbUsername,
+      'Database instance should have correct master username',
+    );
+
+    assert.strictEqual(
+      instance.multiAz,
+      false,
+      'Multi-AZ argument should be set to false',
+    );
+    assert.strictEqual(
+      instance.applyImmediately,
+      false,
+      'Apply immediately argument should be set to false',
+    );
+    assert.strictEqual(
+      instance.allocatedStorage,
+      '20',
+      'Allocated storage argument should be set to 20',
+    );
+    assert.strictEqual(
+      instance.maxAllocatedStorage,
+      100,
+      'Max allocated storage argument should be set to 100',
+    );
+    assert.strictEqual(
+      instance.dbInstanceClass,
+      'db.t4g.micro',
+      'DB instance class argument should be set to db.t4g.micro',
+    );
+    assert.strictEqual(
+      instance.enablePerformanceInsights,
+      false,
+      'Enable performance insights argument should be set to false',
+    );
+    assert.strictEqual(
+      instance.allowMajorVersionUpgrade,
+      false,
+      'Allow major version upgrade argument should be set to false',
+    );
+    assert.strictEqual(
+      instance.autoMinorVersionUpgrade,
+      true,
+      'Auto minor version upgrade argument should be set to true',
+    );
+    assert.strictEqual(
+      instance.engineVersion,
+      '17.2',
+      'Engine version argument should be set to 17.2',
+    );
+    assert.strictEqual(
+      instance.engine,
+      'postgres',
+      'Engine argument should be set to postgres',
+    );
+    assert.strictEqual(
+      instance.storageEncrypted,
+      true,
+      'Storage encrypted argument should be set to true',
+    );
+    assert.strictEqual(
+      instance.publiclyAccessible,
+      false,
+      'Publicly accessible argument should be set to false',
+    );
+  });
+
+  it('should create subnet group in the correct VPC', async () => {
+    const database = ctx.outputs.defaultDb.value;
+    const vpc = ctx.outputs.vpc.value;
+    const dbSubnetGroupName = database.dbSubnetGroup.name;
+
+    const command = new DescribeDBSubnetGroupsCommand({
+      DBSubnetGroupName: dbSubnetGroupName,
+    });
+
+    const { DBSubnetGroups } = await ctx.clients.rds.send(command);
+    assert.ok(
+      DBSubnetGroups && DBSubnetGroups.length > 0,
+      'DB subnet groups should exist',
+    );
+    const [subnetGroup] = DBSubnetGroups;
+    assert.strictEqual(
+      subnetGroup.VpcId,
+      vpc.vpc.vpcId,
+      'DB subnet group should be in the correct VPC',
+    );
+    assert.ok(
+      subnetGroup.Subnets && subnetGroup.Subnets.length > 0,
+      'DB subnet group should have subnets',
+    );
+  });
+
+  it('should create a security group with correct ingress rules', async () => {
+    const database = ctx.outputs.defaultDb.value;
+    const vpc = ctx.outputs.vpc.value;
+    const dbSecurityGroupId = database.dbSecurityGroup.id;
+
+    const command = new DescribeSecurityGroupsCommand({
+      GroupIds: [dbSecurityGroupId],
+    });
+    const { SecurityGroups } = await ctx.clients.ec2.send(command);
+    assert.ok(
+      SecurityGroups && SecurityGroups.length > 0,
+      'DB security groups should exist',
+    );
+    const [securityGroup] = SecurityGroups;
+    assert.strictEqual(
+      securityGroup.VpcId,
+      vpc.vpc.vpcId,
+      'DB security group should be in the correct VPC',
+    );
+
+    const postgresRule = securityGroup.IpPermissions?.find(
+      (rule: IpPermission) => rule.FromPort === 5432 && rule.ToPort === 5432,
+    );
+    assert.ok(postgresRule, 'Should have postgres port 5432 ingress rule');
+    assert.strictEqual(
+      postgresRule.IpProtocol,
+      'tcp',
+      'Should allow TCP protocol',
+    );
+  });
+
+  it('should create a correctly configured RDS KMS key', async () => {
+    const database = ctx.outputs.defaultDb.value;
+    const kmsKeyId = database.kmsKeyId;
+
+    const describeCommand = new DescribeKeyCommand({
+      KeyId: kmsKeyId,
+    });
+    const { KeyMetadata } = await ctx.clients.kms.send(describeCommand);
+    assert.strictEqual(
+      KeyMetadata?.KeySpec,
+      'SYMMETRIC_DEFAULT',
+      'KMS key should use SYMMETRIC_DEFAULT spec',
+    );
+    assert.strictEqual(
+      KeyMetadata.KeyUsage,
+      'ENCRYPT_DECRYPT',
+      'KMS key should be used for encryption/decryption',
+    );
+    assert.strictEqual(KeyMetadata.Enabled, true, 'KMS key should be enabled');
+    assert.strictEqual(
+      KeyMetadata.MultiRegion,
+      false,
+      'KMS key should not be multi-region',
+    );
+
+    const rotationCmd = new GetKeyRotationStatusCommand({ KeyId: kmsKeyId });
+    const { KeyRotationEnabled } = await ctx.clients.kms.send(rotationCmd);
+    assert.strictEqual(
+      KeyRotationEnabled,
+      true,
+      'KMS key rotation should be enabled',
+    );
+  });
+}

tests/database/index.test.ts

@@ -0,0 +1,41 @@
+import { describe, before, after } from 'node:test';
+import * as automation from '../automation';
+import { cleanupSnapshots } from './utils/cleanup-snapshots';
+import * as config from './infrastructure/config';
+import { DatabaseTestContext } from './test-context';
+import { EC2Client } from '@aws-sdk/client-ec2';
+import { InlineProgramArgs } from '@pulumi/pulumi/automation';
+import { KMSClient } from '@aws-sdk/client-kms';
+import { RDSClient } from '@aws-sdk/client-rds';
+import { requireEnv } from '../util';
+import { testDefaultDb } from './default-db.test';
+
+const programArgs: InlineProgramArgs = {
+  stackName: 'dev',
+  projectName: 'icb-test-database',
+  program: () => import('./infrastructure'),
+};
+
+const region = requireEnv('AWS_REGION');
+const ctx: DatabaseTestContext = {
+  outputs: {},
+  config,
+  clients: {
+    rds: new RDSClient({ region }),
+    ec2: new EC2Client({ region }),
+    kms: new KMSClient({ region }),
+  },
+};
+
+describe('Database component deployment', () => {
+  before(async () => {
+    ctx.outputs = await automation.deploy(programArgs);
+  });
+
+  after(async () => {
+    await automation.destroy(programArgs);
+    await cleanupSnapshots(ctx);
+  });
+
+  describe('Default database', () => testDefaultDb(ctx));
+});

tests/database/infrastructure/config.ts

@@ -0,0 +1,3 @@
+export const appName = 'db-test';
+export const dbName = 'dbname';
+export const dbUsername = 'dbusername';

tests/database/infrastructure/index.ts

@@ -0,0 +1,17 @@
+import { appName, dbName, dbUsername } from './config';
+import { next as studion } from '@studion/infra-code-blocks';
+import { DatabaseBuilder } from '../../../dist/v2/components/database/builder';
+
+const vpc = new studion.Vpc(`${appName}-vpc`, {});
+
+const defaultDb = new DatabaseBuilder(`${appName}-default`)
+  .withInstance({
+    dbName,
+  })
+  .withCredentials({
+    username: dbUsername,
+  })
+  .withVpc(vpc.vpc)
+  .build();
+
+export { vpc, defaultDb };