def test_assign_certificate_elb_dry_run(self, mock_print):
# Create vpc resources
vpc, subnet = create_vpc_resources()
# Create load balancer
lb = create_elb('test-elb', subnet)
# Assign certificate
self.uploader.assign_certificate('test-elb', 'new-cert', dry_run=True)
self.assertEqual(
mock_print.mock_calls,
[
call(
'[DRY RUN] Certificate %(existing_cert_arn)s would be replaced with %(new_cert_arn)s on '
'load balancer %(lb_name)s (%(lb_dns)s) on port %(lb_port)d.' %
{
'existing_cert_arn': 'fake-certificate',
'new_cert_arn': 'new-cert',
'lb_name': 'test-elb',
'lb_dns': lb['DNSName'],
'lb_port': 443
}
)
]
)
def test_get_alb_listeners(self):
# Create VPC resources and load balancer
vpc, subnet = create_vpc_resources()
lb = create_alb('dummy', subnet)
# Create HTTP listener
elbv2 = boto3.client('elbv2')
http_listener = elbv2.create_listener(
LoadBalancerArn=lb['LoadBalancerArn'],
Protocol='HTTP',
Port=80,
DefaultActions=[]
)['Listeners'][0]
# Create HTTPS listener
https_listener = elbv2.create_listener(
LoadBalancerArn=lb['LoadBalancerArn'],
Protocol='HTTPS',
Port=443,
DefaultActions=[],
Certificates=[{'CertificateArn': 'dummy'}]
)['Listeners'][0]
# Instantiate and fetch listeners
uploader = CertificateUploader()
listeners = uploader._get_alb_listeners(lb['LoadBalancerArn'])
# Verify the response from _get_alb_listeners matches what was created
self.assertListEqual([http_listener, https_listener], listeners)
def test_assign_certificate_alb_rollback(self, mock_input, mock_print):
# Create vpc resources
vpc, subnet = create_vpc_resources()
# Create load balancer
lb = create_alb('test-alb', subnet)
create_default_listeners(lb['LoadBalancerArn'])
self.uploader.assign_certificate('test-alb', 'new-cert')
self.assertEqual(
mock_print.mock_calls,
[
call(
'Replacing certificate %(existing_cert_arn)s with %(new_cert_arn)s to load balancer %(lb_name)s '
'(%(lb_dns)s) on port %(lb_port)d.' %
{
'existing_cert_arn': 'dummy',
'new_cert_arn': 'new-cert',
'lb_name': 'test-alb',
'lb_dns': lb['DNSName'],
'lb_port': 443
}
),
call('Certificate %s applied successfully to ALB %s on port %d' % ('new-cert', 'test-alb', 443)),
call('Rolled back to certificate %s on ALB %s port %d' % ('dummy', 'test-alb', 443))
]
)
def test_assign_certificate_elb(self, mock_input, mock_print):
# Create vpc resources
vpc, subnet = create_vpc_resources()
# Create load balancer
lb = create_elb('test-elb', subnet)
self.uploader.assign_certificate('test-elb', 'new-cert')
self.assertEqual(
mock_print.mock_calls,
[
call(
'Replacing certificate %(existing_cert_arn)s with %(new_cert_arn)s to load balancer %(lb_name)s '
'(%(lb_dns)s) on port %(lb_port)d.' %
{
'existing_cert_arn': 'fake-certificate',
'new_cert_arn': 'new-cert',
'lb_name': 'test-elb',
'lb_dns': lb['DNSName'],
'lb_port': 443
}
),
call('Certificate %s applied successfully to ELB %s on port %d' % ('new-cert', 'test-elb', 443))
]
)
def test_get_load_balancer_elb(self):
# Create vpc resources
vpc, subnet = create_vpc_resources()
# Create load balancer
elb = boto3.client('elb')
elb.create_load_balancer(
LoadBalancerName='test-elb',
Listeners=[
{
'Protocol': 'HTTP',
'LoadBalancerPort': 80,
'InstancePort': 80
},
{
'Protocol': 'HTTPS',
'LoadBalancerPort': 443,
'InstancePort': 443,
'SSLCertificateId': 'fake-certificate'
}
],
AvailabilityZones=[],
Scheme='HTTP',
Subnets=[subnet['Subnet']['SubnetId']]
)
# Get load balancer and validate
lb_info, is_alb = self.uploader.get_load_balancer('test-elb')
self.assertFalse(is_alb)
self.assertEqual(lb_info['LoadBalancerName'], 'test-elb')
def test_assign_certificate_elb_http_protocol(self):
# Create vpc resources
vpc, subnet = create_vpc_resources()
# Create load balancer
create_elb('test-elb', subnet)
with self.assertRaisesRegex(InvalidProtocolException, 'Port 80 is not a HTTPS listener'):
self.uploader.assign_certificate('test-elb', 'arn', lb_port=80)
def test_assign_certificate_elb_missing_port(self):
# Create vpc resources
vpc, subnet = create_vpc_resources()
# Create load balancer
create_elb('test-elb', subnet)
with self.assertRaisesRegex(ListenerNotFoundException, 'Could not find a listener for port 1234'):
self.uploader.assign_certificate('test-elb', 'arn', lb_port=1234)
def test_assign_certificate_alb_missing_port(self):
# Create vpc resources
vpc, subnet = create_vpc_resources()
# Create load balancer and default listeners
lb = create_alb('alb', subnet)
create_default_listeners(lb['LoadBalancerArn'])
with self.assertRaisesRegex(ListenerNotFoundException, 'Could not find a listener for port 1234'):
self.uploader.assign_certificate('alb', 'arn', lb_port=1234)
def test_get_load_balancer_alb(self):
# Create vpc resources
vpc, subnet = create_vpc_resources()
# Create load balancer
create_alb('test-alb', subnet)
# Get load balancer and validate
lb_info, is_alb = self.uploader.get_load_balancer('test-alb')
self.assertTrue(is_alb)
self.assertEqual(lb_info['LoadBalancerName'], 'test-alb')
def test_acm_parser_attach_new_certificate(self, mock_print, mock_input,
mock_args, mock_sleep):
# Create load balancer
elb = boto3.client('elb')
vpc, subnet = create_vpc_resources()
create_elb('test-lb', subnet)
# Get LB info
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
'fake-certificate',
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
# Run CLI. This should not raise any exceptions
cli.main()
for i in range(10, 0, -1):
self.assertIn(
call('Waiting for certificate to propagate... %d' % i),
mock_print.mock_calls)
self.assertEqual(10, mock_sleep.call_count)
arn = None
for item in mock_print.mock_calls:
arn_match = re.match(
'\tARN: (arn:aws:acm:.+:\\d+:certificate/.+)$', item.args[0])
if arn_match:
arn = arn_match.group(1)
break
# Should be able to describe certificate without raising an exception
self.assertIsNotNone(arn)
acm = boto3.client('acm')
acm.describe_certificate(CertificateArn=arn)
# Verify ELB has the certificate assigned
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
arn,
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
def test_iam_parser_attach_existing_certificate(self, mock_input,
mock_args):
certificate, private_key, ca_certificate = generate_pem_data(
self.certificate, self.private_key, self.ca_certificate)
# Create certificate
iam = boto3.client('iam')
arn = iam.upload_server_certificate(
Path='/test/',
ServerCertificateName='tester',
CertificateBody=certificate.decode('utf-8'),
PrivateKey=private_key.decode('utf-8'),
CertificateChain=ca_certificate.decode(
'utf-8'))['ServerCertificateMetadata']['Arn']
# Create load balancer
elb = boto3.client('elb')
vpc, subnet = create_vpc_resources()
create_elb('test-lb-iam', subnet)
# Get LB info
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb-iam'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
'fake-certificate',
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
# Run CLI. This should not raise any exceptions
cli.main()
# Verify ELB has the certificate assigned
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb-iam'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
arn,
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
def test_acm_parser_attach_existing_certificate(self, mock_input,
mock_args):
certificate, private_key, ca_certificate = generate_pem_data(
self.certificate, self.private_key, self.ca_certificate)
# Create certificate
acm = boto3.client('acm')
arn = acm.import_certificate(
Certificate=certificate,
PrivateKey=private_key,
CertificateChain=ca_certificate)['CertificateArn']
mock_args.return_value.certificate_arn = arn
# Create load balancer
elb = boto3.client('elb')
vpc, subnet = create_vpc_resources()
create_elb('test-lb', subnet)
# Get LB info
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
'fake-certificate',
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
# Run CLI. This should not raise any exceptions
cli.main()
# Verify ELB has the certificate assigned
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
arn,
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
