Explain pulumi mock for AWS SecurityGroup.

Question

Pulumi · Accepted Answer

Mocking is a handy technique to simulate the behavior of real objects and test the way these objects operate in different scenarios, especially those in which we prefer not to engage real objects. The primary use of mocking in Pulumi is for unit testing.

In the context of Pulumi AWS Security Group, you can create a unit test that will mock the Security Group creation, rather than actually performing any operations on AWS.

To mock the aws.ec2.SecurityGroup resource, we need to use pulumi.runtime.setMocks() to define the behavior when Pulumi interacts with the AWS provider. With this, we can define what we expect to be returned when a Security Group is created by using aws.ec2.SecurityGroup.get(). When our test runs, Pulumi will interact with the mocked response, and not with AWS itself, thus allowing you to test your infrastructure code without any cost or side-effects.

Take a look at the following TypeScript program as an example.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as testing from "@pulumi/pulumi/testing";
import { expect } from "chai";

describe("Security Group Unit Testing", function() {
    it("should create a security group", async function() {
        const testMocks = new testing.Mocks();
        pulumi.runtime.setMocks(testMocks);
        
        const sut = new aws.ec2.SecurityGroup("test", {});

        const urn = await sut.urn.promise();
        expect(urn).to.equal(`urn:pulumi:stackName::projectName::aws:ec2/securityGroup:SecurityGroup::${sut.name}`);
        
        const id = await sut.id.promise();
        expect(id).to.equal(`s-012345678`);
    });
});

class MyMocks extends pulumi.runtime.Mocks {
    newResource(args: pulumi.runtime.MockResourceArgs): Promise<pulumi.runtime.MockResourceResult> {
        return Promise.resolve({
            id: args.inputs["id"] || `s-012345678`,
            urn: `urn:pulumi:stackName::projectName::${args.type}::${args.name}`,
        });
    }
        
    call(args: pulumi.runtime.MockCallArgs): Promise<any> {
        return args.args;
    }
}   

The MyMocks class is used to handle calls to create new resources and provider functions. When a new resource is created (new aws.ec2.SecurityGroup), the newResource function is called. We define what we want to be returned in the mock response. In this case, we're returning a urn and id.

When we run our test, Pulumi interacts with this mocked provider, instead of the real AWS.

This way, we're able to confirm that our aws.ec2.SecurityGroup is correctly instantiated and that we're able to access its properties.

Note that you need to install necessary packages for this test to work: @pulumi/pulumi, @pulumi/aws, and testing/dev packages: @types/mocha, @types/chai, chai, mocha.

This test can be executed using the mocha test runner by running mocha -r ts-node/register <path-to-test-file>.

Contributing extensively to this approach lets you confirm that your infrastructure code works as expected before it's deployed, saving you time, and avoiding unexpected surprises.

Remember to check out the aws.ec2.SecurityGroup resource documentation for information about its functionalities and usage.