首页 项目目录 关于我们
Sign In
rust
/
Materialize
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
Materialize
/
misc
/
python
/
materialize
/
checks
/
all_checks
/
aws.py

aws.py 2.5 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. # Copyright Materialize, Inc. and contributors. All rights reserved.
    2. 

  2. #
    3. 

  3. # Use of this software is governed by the Business Source License
    4. 

  4. # included in the LICENSE file at the root of this repository.
    5. 

  5. #
    6. 

  6. # As of the Change Date specified in that file, in accordance with
    7. 

  7. # the Business Source License, use of this software will be governed
    8. 

  8. # by the Apache License, Version 2.0.
    9. 

  9. from __future__ import annotations
    10. 

  10. 

  11. from textwrap import dedent
    12. 

  12. 

  13. from materialize.checks.actions import Testdrive
    14. 

  14. from materialize.checks.checks import Check, externally_idempotent
    15. 

  15. 

  16. 

  17. @externally_idempotent(False)
    18. 

  18. class AwsConnection(Check):
    19. 

  19.     def initialize(self) -> Testdrive:
    20. 

  20.         return Testdrive(
    21. 

  21.             dedent(
    22. 

  22.                 """
    23. 

  23.                 $ postgres-execute connection=postgres://mz_system:materialize@${testdrive.materialize-internal-sql-addr}
    24. 

  24.                 ALTER SYSTEM SET enable_connection_validation_syntax = true
    25. 

  25. 

  26.                 > CREATE CONNECTION aws_assume_role
    27. 

  27.                   TO AWS (ASSUME ROLE ARN 'assume-role', ASSUME ROLE SESSION NAME 'session-name');
    28. 

  28. 

  29.                 > CREATE SECRET aws_secret_access_key as '...';
    30. 

  30. 

  31.                 > CREATE CONNECTION aws_credentials
    32. 

  32.                   TO AWS (ACCESS KEY ID = 'access_key', SECRET ACCESS KEY = SECRET aws_secret_access_key);
    33. 

  33.                 """
    34. 

  34.             )
    35. 

  35.         )
    36. 

  36. 

  37.     def manipulate(self) -> list[Testdrive]:
    38. 

  38.         return [
    39. 

  39.             Testdrive(dedent(s))
    40. 

  40.             for s in [
    41. 

  41.                 """
    42. 

  42.                 > ALTER CONNECTION aws_assume_role SET (ASSUME ROLE ARN 'assume-role-2');
    43. 

  43.                 """,
    44. 

  44.                 """
    45. 

  45.                 > ALTER CONNECTION aws_credentials SET (ACCESS KEY ID 'access_key_2');
    46. 

  46.                 """,
    47. 

  47.             ]
    48. 

  48.         ]
    49. 

  49. 

  50.     def validate(self) -> Testdrive:
    51. 

  51.         # We can't actually run `VALIDATE CONNECTION` here because we don't have
    52. 

  52.         # valid AWS credentials. So instead we settle for inspecting the system
    53. 

  53.         # catalog and ensuring it contains the altered values.
    54. 

  54.         return Testdrive(
    55. 

  55.             dedent(
    56. 

  56.                 """
    57. 

  57.                 > SELECT assume_role_arn FROM mz_internal.mz_aws_connections a
    58. 

  58.                   JOIN mz_connections c ON a.id = c.id
    59. 

  59.                   WHERE name = 'aws_assume_role'
    60. 

  60.                 assume-role-2
    61. 

  61. 

  62.                 > SELECT access_key_id FROM mz_internal.mz_aws_connections a
    63. 

  63.                   JOIN mz_connections c ON a.id = c.id
    64. 

  64.                   WHERE name = 'aws_credentials'
    65. 

  65.                 access_key_2
    66. 

  66.                 """
    67. 

  67.             )
    68. 

  68.         )
    69.