def test_metadata_fetch_no_keys(self):
base_url = "http://169.254.169.254/%s/meta-data/" % (self.VERSION)
hp.register_uri(
hp.GET,
base_url,
status=200,
body="\n".join(["hostname", "instance-id", "ami-launch-index"]),
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "hostname"),
status=200,
body="ec2.fake.host.name.com",
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "instance-id"),
status=200,
body="123",
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "ami-launch-index"),
status=200,
body="1",
)
md = ec2.get_instance_metadata(self.VERSION, retries=0)
self.assertEqual(md["hostname"], "ec2.fake.host.name.com")
self.assertEqual(md["instance-id"], "123")
self.assertEqual(md["ami-launch-index"], "1")
def crawl_metadata(self):
"""Crawl metadata service when available.
@returns: Dictionary of crawled metadata content containing the keys:
meta-data, user-data and dynamic.
"""
if not self.wait_for_metadata_service():
return {}
api_version = self.get_metadata_api_version()
redact = AWS_TOKEN_REDACT
crawled_metadata = {}
if self.cloud_name == CloudNames.AWS:
exc_cb = self._refresh_stale_aws_token_cb
exc_cb_ud = self._skip_or_refresh_stale_aws_token_cb
else:
exc_cb = exc_cb_ud = None
try:
crawled_metadata["user-data"] = ec2.get_instance_userdata(
api_version,
self.metadata_address,
headers_cb=self._get_headers,
headers_redact=redact,
exception_cb=exc_cb_ud,
)
crawled_metadata["meta-data"] = ec2.get_instance_metadata(
api_version,
self.metadata_address,
headers_cb=self._get_headers,
headers_redact=redact,
exception_cb=exc_cb,
)
if self.cloud_name == CloudNames.AWS:
identity = ec2.get_instance_identity(
api_version,
self.metadata_address,
headers_cb=self._get_headers,
headers_redact=redact,
exception_cb=exc_cb,
)
crawled_metadata["dynamic"] = {"instance-identity": identity}
except Exception:
util.logexc(
LOG,
"Failed reading from metadata address %s",
self.metadata_address,
)
return {}
crawled_metadata["_metadata_api_version"] = api_version
return crawled_metadata
def test_metadata_fetch_bdm(self):
base_url = "http://169.254.169.254/%s/meta-data/" % (self.VERSION)
hp.register_uri(
hp.GET,
base_url,
status=200,
body="\n".join(
["hostname", "instance-id", "block-device-mapping/"]),
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "hostname"),
status=200,
body="ec2.fake.host.name.com",
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "instance-id"),
status=200,
body="123",
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "block-device-mapping/"),
status=200,
body="\n".join(["ami", "ephemeral0"]),
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "block-device-mapping/ami"),
status=200,
body="sdb",
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "block-device-mapping/ephemeral0"),
status=200,
body="sdc",
)
md = ec2.get_instance_metadata(self.VERSION, retries=0, timeout=0.1)
self.assertEqual(md["hostname"], "ec2.fake.host.name.com")
self.assertEqual(md["instance-id"], "123")
bdm = md["block-device-mapping"]
self.assertEqual(2, len(bdm))
self.assertEqual(bdm["ami"], "sdb")
self.assertEqual(bdm["ephemeral0"], "sdc")
def _get_data(self):
seed_ret = {}
if util.read_optional_seed(seed_ret, base=(self.seed_dir + "/")):
self.userdata_raw = seed_ret["user-data"]
self.metadata = seed_ret["meta-data"]
LOG.debug("Using seeded cloudstack data from: %s", self.seed_dir)
return True
try:
if not self.wait_for_metadata_service():
return False
start_time = time.time()
self.userdata_raw = ec2.get_instance_userdata(
self.api_ver, self.metadata_address)
self.metadata = ec2.get_instance_metadata(self.api_ver,
self.metadata_address)
LOG.debug(
"Crawl of metadata service took %s seconds",
int(time.time() - start_time),
)
password_client = CloudStackPasswordServerClient(self.vr_addr)
try:
set_password = password_client.get_password()
except Exception:
util.logexc(
LOG,
"Failed to fetch password from virtual router %s",
self.vr_addr,
)
else:
if set_password:
self.cfg = {
"ssh_pwauth": True,
"password": set_password,
"chpasswd": {
"expire": False,
},
}
return True
except Exception:
util.logexc(
LOG,
"Failed fetching from metadata service %s",
self.metadata_address,
)
return False
def test_metadata_fetch_with_2_keys(self):
base_url = "http://169.254.169.254/%s/meta-data/" % (self.VERSION)
hp.register_uri(
hp.GET,
base_url,
status=200,
body="\n".join(["hostname", "instance-id", "public-keys/"]),
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "hostname"),
status=200,
body="ec2.fake.host.name.com",
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "instance-id"),
status=200,
body="123",
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "public-keys/"),
status=200,
body="\n".join(["0=my-public-key", "1=my-other-key"]),
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "public-keys/0/openssh-key"),
status=200,
body="ssh-rsa AAAA.....wZEf my-public-key",
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "public-keys/1/openssh-key"),
status=200,
body="ssh-rsa AAAA.....wZEf my-other-key",
)
md = ec2.get_instance_metadata(self.VERSION, retries=0, timeout=0.1)
self.assertEqual(md["hostname"], "ec2.fake.host.name.com")
self.assertEqual(md["instance-id"], "123")
self.assertEqual(2, len(md["public-keys"]))
def read_metadata(
metadata_url=METADATA_URL,
api_version=API_VERSION,
password_server_port=PASSWORD_SERVER_PORT,
url_timeout=URL_TIMEOUT,
url_retries=URL_RETRIES,
):
"""Query the metadata server and return the retrieved data."""
crawled_metadata = {}
crawled_metadata["_metadata_api_version"] = api_version
try:
crawled_metadata["user-data"] = ec2.get_instance_userdata(
api_version, metadata_url, timeout=url_timeout, retries=url_retries
)
crawled_metadata["meta-data"] = ec2.get_instance_metadata(
api_version, metadata_url, timeout=url_timeout, retries=url_retries
)
except Exception as e:
util.logexc(
LOG, "failed reading from metadata url %s (%s)", metadata_url, e
)
return {}
try:
crawled_metadata["password"] = get_password(
api_version=api_version,
metadata_url=metadata_url,
password_server_port=password_server_port,
url_retries=url_retries,
url_timeout=url_timeout,
)
except Exception as e:
util.logexc(
LOG,
"failed to read from password server url %s:%s (%s)",
metadata_url,
password_server_port,
e,
)
return crawled_metadata
def _read_ec2_metadata(self):
return ec2.get_instance_metadata(
ssl_details=self.ssl_details,
timeout=self.timeout,
retries=self.retries,
)
def test_metadata_no_security_credentials(self):
base_url = "http://169.254.169.254/%s/meta-data/" % (self.VERSION)
hp.register_uri(
hp.GET,
base_url,
status=200,
body="\n".join(["instance-id", "iam/"]),
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "instance-id"),
status=200,
body="i-0123451689abcdef0",
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "iam/"),
status=200,
body="\n".join(["info/", "security-credentials/"]),
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "iam/info/"),
status=200,
body="LastUpdated",
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "iam/info/LastUpdated"),
status=200,
body="2016-10-27T17:29:39Z",
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "iam/security-credentials/"),
status=200,
body="ReadOnly/",
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url, "iam/security-credentials/ReadOnly/"),
status=200,
body="\n".join(["LastUpdated", "Expiration"]),
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url,
"iam/security-credentials/ReadOnly/LastUpdated"),
status=200,
body="2016-10-27T17:28:17Z",
)
hp.register_uri(
hp.GET,
uh.combine_url(base_url,
"iam/security-credentials/ReadOnly/Expiration"),
status=200,
body="2016-10-28T00:00:34Z",
)
md = ec2.get_instance_metadata(self.VERSION, retries=0, timeout=0.1)
self.assertEqual(md["instance-id"], "i-0123451689abcdef0")
iam = md["iam"]
self.assertEqual(1, len(iam))
self.assertEqual(iam["info"]["LastUpdated"], "2016-10-27T17:29:39Z")
self.assertNotIn("security-credentials", iam)