Skip to content

Commit f805d00

Browse files
committed
add bucket upgrade tests
1 parent f77c062 commit f805d00

File tree

7 files changed

+462
-106
lines changed

7 files changed

+462
-106
lines changed
Lines changed: 182 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,182 @@
1+
name: test-aws-bucket-migration
2+
runtime: yaml
3+
resources:
4+
provider:
5+
type: pulumi:providers:aws
6+
options:
7+
version: 6.78.0
8+
replication:
9+
type: aws:iam:Role
10+
options:
11+
provider: ${provider}
12+
properties:
13+
name: tf-iam-role-replication-12345
14+
assumeRolePolicy: |
15+
{
16+
"Version": "2012-10-17",
17+
"Statement": [
18+
{
19+
"Action": "sts:AssumeRole",
20+
"Principal": {
21+
"Service": "s3.amazonaws.com"
22+
},
23+
"Effect": "Allow",
24+
"Sid": ""
25+
}
26+
]
27+
}
28+
replicationPolicy:
29+
type: aws:iam:Policy
30+
options:
31+
provider: ${provider}
32+
name: replication
33+
properties:
34+
name: tf-iam-role-policy-replication-12345
35+
policy: |
36+
{
37+
"Version": "2012-10-17",
38+
"Statement": [
39+
{
40+
"Action": [
41+
"s3:GetReplicationConfiguration",
42+
"s3:ListBucket"
43+
],
44+
"Effect": "Allow",
45+
"Resource": [
46+
"${migrationBucket.arn}"
47+
]
48+
},
49+
{
50+
"Action": [
51+
"s3:GetObjectVersionForReplication",
52+
"s3:GetObjectVersionAcl",
53+
"s3:GetObjectVersionTagging"
54+
],
55+
"Effect": "Allow",
56+
"Resource": [
57+
"${migrationBucket.arn}/*"
58+
]
59+
},
60+
{
61+
"Action": [
62+
"s3:ReplicateObject",
63+
"s3:ReplicateDelete",
64+
"s3:ReplicateTags"
65+
],
66+
"Effect": "Allow",
67+
"Resource": "${destinationBucket.arn}/*"
68+
}
69+
]
70+
}
71+
replicationRolePolicyAttachment:
72+
type: aws:iam:RolePolicyAttachment
73+
name: replication
74+
options:
75+
provider: ${provider}
76+
properties:
77+
role: ${replication.name}
78+
policyArn: ${replicationPolicy.arn}
79+
destinationBucket:
80+
type: aws:s3:Bucket
81+
options:
82+
provider: ${provider}
83+
properties:
84+
forceDestroy: true
85+
versioning:
86+
enabled: true
87+
loggingBucket:
88+
type: aws:s3:Bucket
89+
options:
90+
provider: ${provider}
91+
properties:
92+
forceDestroy: true
93+
exampleBucketOwnershipControls:
94+
type: aws:s3:BucketOwnershipControls
95+
options:
96+
provider: ${provider}
97+
properties:
98+
bucket: ${loggingBucket.id}
99+
rule:
100+
objectOwnership: BucketOwnerPreferred
101+
exampleBucketAclV2:
102+
type: aws:s3:BucketAclV2
103+
properties:
104+
bucket: ${loggingBucket.id}
105+
acl: log-delivery-write
106+
options:
107+
provider: ${provider}
108+
dependsOn:
109+
- ${exampleBucketOwnershipControls}
110+
migrationBucket:
111+
type: aws:s3:BucketV2
112+
properties:
113+
forceDestroy: true
114+
serverSideEncryptionConfigurations:
115+
- rules:
116+
- applyServerSideEncryptionByDefaults:
117+
- sseAlgorithm: "AES256"
118+
corsRules:
119+
- allowedHeaders:
120+
- '*'
121+
allowedMethods:
122+
- PUT
123+
- POST
124+
allowedOrigins:
125+
- https://s3-website-test.mydomain.com
126+
exposeHeaders:
127+
- ETag
128+
maxAgeSeconds: 3000
129+
lifecycleRules:
130+
- id: noncurrent
131+
enabled: true
132+
expirations:
133+
- days: 30
134+
noncurrentVersionExpirations:
135+
- days: 30
136+
- id: log
137+
enabled: true
138+
prefix: log/
139+
tags:
140+
rule: log
141+
autoclean: 'true'
142+
transitions:
143+
- days: 30
144+
storageClass: STANDARD_IA
145+
loggings:
146+
- targetBucket: ${loggingBucket.bucket}
147+
targetPrefix: /log
148+
websites:
149+
- indexDocument: index.html
150+
errorDocument: error.html
151+
routingRules: |
152+
[{
153+
"Condition": {
154+
"KeyPrefixEquals": "docs"
155+
},
156+
"Redirect": {
157+
"ReplaceKeyPrefixWith": "documents/"
158+
}
159+
}]
160+
versionings:
161+
- enabled: true
162+
replicationConfigurations:
163+
- role: ${replication.arn}
164+
rules:
165+
- id: foobar
166+
status: Disabled
167+
filters:
168+
- tags: {}
169+
# sourceSelectionCriterias:
170+
# - sseKmsEncryptedObjects:
171+
# - enabled: false
172+
destinations:
173+
- bucket: ${destinationBucket.arn}
174+
replicationTimes:
175+
- status: Disabled
176+
minutes: 15
177+
# not testing because we don't want to change the owner
178+
# accessControlTranslation:
179+
metrics:
180+
- status: Disabled
181+
minutes: 15
182+
Lines changed: 165 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,165 @@
1+
name: test-aws-bucket-migration
2+
runtime: yaml
3+
resources:
4+
replication:
5+
type: aws:iam:Role
6+
properties:
7+
name: tf-iam-role-replication-12345
8+
assumeRolePolicy: |
9+
{
10+
"Version": "2012-10-17",
11+
"Statement": [
12+
{
13+
"Action": "sts:AssumeRole",
14+
"Principal": {
15+
"Service": "s3.amazonaws.com"
16+
},
17+
"Effect": "Allow",
18+
"Sid": ""
19+
}
20+
]
21+
}
22+
replicationPolicy:
23+
type: aws:iam:Policy
24+
name: replication
25+
properties:
26+
name: tf-iam-role-policy-replication-12345
27+
policy: |
28+
{
29+
"Version": "2012-10-17",
30+
"Statement": [
31+
{
32+
"Action": [
33+
"s3:GetReplicationConfiguration",
34+
"s3:ListBucket"
35+
],
36+
"Effect": "Allow",
37+
"Resource": [
38+
"${migrationBucket.arn}"
39+
]
40+
},
41+
{
42+
"Action": [
43+
"s3:GetObjectVersionForReplication",
44+
"s3:GetObjectVersionAcl",
45+
"s3:GetObjectVersionTagging"
46+
],
47+
"Effect": "Allow",
48+
"Resource": [
49+
"${migrationBucket.arn}/*"
50+
]
51+
},
52+
{
53+
"Action": [
54+
"s3:ReplicateObject",
55+
"s3:ReplicateDelete",
56+
"s3:ReplicateTags"
57+
],
58+
"Effect": "Allow",
59+
"Resource": "${destinationBucket.arn}/*"
60+
}
61+
]
62+
}
63+
replicationRolePolicyAttachment:
64+
type: aws:iam:RolePolicyAttachment
65+
name: replication
66+
properties:
67+
role: ${replication.name}
68+
policyArn: ${replicationPolicy.arn}
69+
destinationBucket:
70+
type: aws:s3:Bucket
71+
properties:
72+
forceDestroy: true
73+
versioning:
74+
enabled: true
75+
loggingBucket:
76+
type: aws:s3:Bucket
77+
properties:
78+
forceDestroy: true
79+
exampleBucketOwnershipControls:
80+
type: aws:s3:BucketOwnershipControls
81+
properties:
82+
bucket: ${loggingBucket.id}
83+
rule:
84+
objectOwnership: BucketOwnerPreferred
85+
exampleBucketAclV2:
86+
type: aws:s3:BucketAcl
87+
properties:
88+
bucket: ${loggingBucket.id}
89+
acl: log-delivery-write
90+
options:
91+
dependsOn:
92+
- ${exampleBucketOwnershipControls}
93+
94+
migrationBucket:
95+
type: aws:s3:Bucket
96+
properties:
97+
forceDestroy: true
98+
serverSideEncryptionConfiguration:
99+
rule:
100+
applyServerSideEncryptionByDefault:
101+
sseAlgorithm: "AES256"
102+
corsRules:
103+
- allowedHeaders:
104+
- '*'
105+
allowedMethods:
106+
- PUT
107+
- POST
108+
allowedOrigins:
109+
- https://s3-website-test.mydomain.com
110+
exposeHeaders:
111+
- ETag
112+
maxAgeSeconds: 3000
113+
lifecycleRules:
114+
- id: noncurrent
115+
enabled: true
116+
expiration:
117+
days: 30
118+
noncurrentVersionExpiration:
119+
days: 30
120+
- id: log
121+
enabled: true
122+
prefix: log/
123+
tags:
124+
rule: log
125+
autoclean: 'true'
126+
transitions:
127+
- days: 30
128+
storageClass: STANDARD_IA
129+
logging:
130+
targetBucket: ${loggingBucket.bucket}
131+
targetPrefix: /log
132+
website:
133+
indexDocument: index.html
134+
errorDocument: error.html
135+
routingRules: |
136+
[{
137+
"Condition": {
138+
"KeyPrefixEquals": "docs"
139+
},
140+
"Redirect": {
141+
"ReplaceKeyPrefixWith": "documents/"
142+
}
143+
}]
144+
versioning:
145+
enabled: true
146+
replicationConfiguration:
147+
role: ${replication.arn}
148+
rules:
149+
- id: foobar
150+
status: Disabled
151+
filter:
152+
tags: {}
153+
# sourceSelectionCriterias:
154+
# - sseKmsEncryptedObjects:
155+
# - enabled: false
156+
destination:
157+
bucket: ${destinationBucket.arn}
158+
replicationTime:
159+
status: Disabled
160+
minutes: 15
161+
# not testing because we don't want to change the owner
162+
# accessControlTranslation:
163+
metrics:
164+
status: Disabled
165+
minutes: 15

examples/examples_yaml_test.go

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -187,12 +187,21 @@ func TestElasticacheReplicationGroupUpgrade(t *testing.T) {
187187
testProviderUpgrade(t, filepath.Join("test-programs", "elasticache-replication-group"), nil)
188188
}
189189

190-
func TestS3BucketToBucketV2Upgrade(t *testing.T) {
191-
testProviderUpgrade(t, "bucket-to-bucketv2",
190+
func TestS3BucketToBucketUpgrade(t *testing.T) {
191+
testProviderUpgrade(t, "bucket-to-bucket",
192192
&testProviderUpgradeOptions{
193193
baselineVersion: "6.78.0",
194194
},
195-
optproviderupgrade.NewSourcePath(filepath.Join("bucket-to-bucketv2", "step1")),
195+
optproviderupgrade.NewSourcePath(filepath.Join("bucket-to-bucket", "step1")),
196+
)
197+
}
198+
199+
func TestS3BucketV2ToBucketV2Upgrade(t *testing.T) {
200+
testProviderUpgrade(t, "bucketv2-to-bucket",
201+
&testProviderUpgradeOptions{
202+
baselineVersion: "6.78.0",
203+
},
204+
optproviderupgrade.NewSourcePath(filepath.Join("bucketv2-to-bucket", "step1")),
196205
)
197206
}
198207

0 commit comments

Comments
 (0)