Add test for monitoring

mandryllo · mandryllo · commit 40118f0e6c32 · 2025-11-06T18:41:46.000+01:00
diff --git a/tests/database/index.test.ts b/tests/database/index.test.ts
@@ -1,20 +1,30 @@
 import { describe, it, before, after } from 'node:test';
 import { DescribeDBSubnetGroupsCommand, RDSClient } from '@aws-sdk/client-rds';
-import { DescribeKeyCommand, GetKeyRotationStatusCommand, KMSClient } from '@aws-sdk/client-kms';
-import { DescribeSecurityGroupsCommand, EC2Client, IpPermission } from '@aws-sdk/client-ec2';
+import {
+  DescribeKeyCommand,
+  GetKeyRotationStatusCommand,
+  KMSClient,
+} from '@aws-sdk/client-kms';
+import {
+  DescribeSecurityGroupsCommand,
+  EC2Client,
+  IpPermission,
+} from '@aws-sdk/client-ec2';
 import * as assert from 'node:assert';
 import * as automation from '../automation';
 import * as config from './infrastructure/config';
 import { DatabaseTestContext } from './test-context';
-import { InlineProgramArgs } from "@pulumi/pulumi/automation";
+import { IAMClient } from '@aws-sdk/client-iam';
+import { InlineProgramArgs } from '@pulumi/pulumi/automation';
+import { testDbWithMonitoring } from './monitoring.test';
 
 const programArgs: InlineProgramArgs = {
   stackName: 'dev',
   projectName: 'icb-test-database',
   program: () => import('./infrastructure'),
 };
 
-// TODO: Add tests for monitoring role & encrypted snapshot copy
+// TODO: Add tests for encrypted snapshot copy
 
 describe('Database component deployment', () => {
   const region = process.env.AWS_REGION;
@@ -29,8 +39,9 @@ describe('Database component deployment', () => {
       rds: new RDSClient({ region }),
       ec2: new EC2Client({ region }),
       kms: new KMSClient({ region }),
-    }
-  }
+      iam: new IAMClient({ region }),
+    },
+  };
 
   before(async () => {
     ctx.outputs = await automation.deploy(programArgs);
@@ -51,11 +62,31 @@ describe('Database component deployment', () => {
     assert.ok(database.dbSubnetGroup, 'Subnet group should be defined');
     assert.ok(database.kms, 'Encryption key should be defined');
     assert.ok(database.password, 'Password should be defined');
-    assert.strictEqual(database.instance.dbName, config.dbName, 'Db name argument should be set correctly');
-    assert.strictEqual(database.instance.username, config.username, 'Username argument should be set correctly');
-    assert.strictEqual(database.instance.password, config.password, 'Password argument should be set correctly');
-    assert.strictEqual(database.instance.applyImmediately, config.applyImmediately, 'Apply immediately argument should be set correctly');
-    assert.strictEqual(database.instance.skipFinalSnapshot, config.skipFinalSnapshot, 'Skip final snapshot argument should be set correctly');
+    assert.strictEqual(
+      database.instance.dbName,
+      config.dbName,
+      'Db name argument should be set correctly',
+    );
+    assert.strictEqual(
+      database.instance.username,
+      config.username,
+      'Username argument should be set correctly',
+    );
+    assert.strictEqual(
+      database.instance.password,
+      config.password,
+      'Password argument should be set correctly',
+    );
+    assert.strictEqual(
+      database.instance.applyImmediately,
+      config.applyImmediately,
+      'Apply immediately argument should be set correctly',
+    );
+    assert.strictEqual(
+      database.instance.skipFinalSnapshot,
+      config.skipFinalSnapshot,
+      'Skip final snapshot argument should be set correctly',
+    );
   });
 
   it('should create subnet group in the correct VPC', async () => {
@@ -133,11 +164,7 @@ describe('Database component deployment', () => {
       'ENCRYPT_DECRYPT',
       'KMS key should be used for encryption/decryption',
     );
-    assert.strictEqual(
-      KeyMetadata.Enabled,
-      true,
-      'KMS key should be enabled',
-    );
+    assert.strictEqual(KeyMetadata.Enabled, true, 'KMS key should be enabled');
     assert.strictEqual(
       KeyMetadata.MultiRegion,
       false,
@@ -152,4 +179,6 @@ describe('Database component deployment', () => {
       'KMS key rotation should be enabled',
     );
   });
+
+  describe('With monitoring', () => testDbWithMonitoring(ctx));
 });
diff --git a/tests/database/infrastructure/config.ts b/tests/database/infrastructure/config.ts
@@ -1,5 +1,5 @@
-export const projectName = 'database-test-project';
-export const instanceName = 'database-test-instance';
+export const projectName = 'db-test-project';
+export const instanceName = 'db-test-instance';
 export const dbName = 'databasetestdb';
 export const username = 'databasetestusername';
 export const password = 'databasetestpassword';
diff --git a/tests/database/infrastructure/index.ts b/tests/database/infrastructure/index.ts
@@ -1,17 +1,27 @@
 import { next as studion } from '@studion/infra-code-blocks';
 import * as config from './config';
 
-export const vpc = new studion.Vpc(config.projectName, {});
+const vpc = new studion.Vpc(config.projectName, {});
 
-export const database = new studion.DatabaseBuilder(config.instanceName)
-  .configure(
-    config.dbName,
-    config.username,
-    {
-      password: config.password,
-      applyImmediately: config.applyImmediately,
-      skipFinalSnapshot: config.skipFinalSnapshot
-    },
-  )
+const database = new studion.DatabaseBuilder(config.instanceName)
+  .configure(config.dbName, config.username, {
+    password: config.password,
+    applyImmediately: config.applyImmediately,
+    skipFinalSnapshot: config.skipFinalSnapshot,
+  })
   .withVpc(vpc.vpc)
   .build();
+
+const dbWithMonitoring = new studion.DatabaseBuilder(
+  `${config.instanceName}-w-monitoring`,
+)
+  .configure(config.dbName, config.username, {
+    password: config.password,
+    applyImmediately: config.applyImmediately,
+    skipFinalSnapshot: config.skipFinalSnapshot,
+  })
+  .withVpc(vpc.vpc)
+  .withMonitoring()
+  .build();
+
+export { vpc, database, dbWithMonitoring };
diff --git a/tests/database/monitoring.test.ts b/tests/database/monitoring.test.ts
@@ -0,0 +1,59 @@
+import {
+  GetRoleCommand,
+  ListAttachedRolePoliciesCommand,
+} from '@aws-sdk/client-iam';
+import * as assert from 'node:assert';
+import { DatabaseTestContext } from './test-context';
+import { it } from 'node:test';
+
+export function testDbWithMonitoring(ctx: DatabaseTestContext) {
+  it('should properly configure monitoring options', () => {
+    const dbWithMonitoring = ctx.outputs.dbWithMonitoring.value;
+
+    assert.strictEqual(
+      dbWithMonitoring.instance.performanceInsightsEnabled,
+      true,
+      'Performance insights should be enabled',
+    );
+    assert.strictEqual(
+      dbWithMonitoring.instance.performanceInsightsRetentionPeriod,
+      7,
+      'Performance insights retention period should be set correctly',
+    );
+    assert.strictEqual(
+      dbWithMonitoring.instance.monitoringInterval,
+      60,
+      'Monitoring interval should be set correctly',
+    );
+    assert.ok(
+      dbWithMonitoring.instance.monitoringRoleArn,
+      'Monitoring role ARN should exist',
+    );
+  });
+
+  it('should create monitoring IAM role and attach correct policy', async () => {
+    const dbWithMonitoring = ctx.outputs.dbWithMonitoring.value;
+    const roleName = dbWithMonitoring.monitoringRole.name;
+
+    const roleCommand = new GetRoleCommand({
+      RoleName: roleName,
+    });
+    const { Role } = await ctx.clients.iam.send(roleCommand);
+    assert.ok(Role, 'Monitoring IAM role should exist');
+
+    const policyCommand = new ListAttachedRolePoliciesCommand({
+      RoleName: roleName,
+    });
+    const { AttachedPolicies } = await ctx.clients.iam.send(policyCommand);
+    assert.ok(
+      AttachedPolicies && AttachedPolicies.length > 0,
+      'Attached policies should exist',
+    );
+    const [attachedPolicy] = AttachedPolicies;
+    assert.strictEqual(
+      attachedPolicy.PolicyArn,
+      'arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole',
+      'Monitoring IAM role should have correct policy attached',
+    );
+  });
+}
diff --git a/tests/database/test-context.ts b/tests/database/test-context.ts
@@ -1,4 +1,5 @@
 import { EC2Client } from '@aws-sdk/client-ec2';
+import { IAMClient } from '@aws-sdk/client-iam';
 import { KMSClient } from '@aws-sdk/client-kms';
 import { OutputMap } from '@pulumi/pulumi/automation';
 import { RDSClient } from '@aws-sdk/client-rds';
@@ -25,7 +26,8 @@ interface AwsContext {
   clients: {
     rds: RDSClient;
     ec2: EC2Client;
-    kms: KMSClient
+    kms: KMSClient;
+    iam: IAMClient;
   };
 }
 
