def delete_acme_token(self, token_path, options, **kwargs):
current_app.logger.debug(
"S3 destination plugin is started to delete HTTP-01 challenge")
function = f"{__name__}.{sys._getframe().f_code.co_name}"
account_number = self.get_option("accountNumber", options)
bucket_name = self.get_option("bucket", options)
prefix = self.get_option("prefix", options)
filename = token_path.split("/")[-1]
response = s3.delete(bucket_name=bucket_name,
prefixed_object_name=prefix + filename,
account_number=account_number)
res = "Success" if response else "Failure"
log_data = {
"function": function,
"message": "delete acme token challenge",
"result": res,
"bucket_name": bucket_name,
"filename": filename
}
current_app.logger.info(log_data)
metrics.send(f"{function}",
"counter",
1,
metric_tags={
"result": res,
"bucket_name": bucket_name,
"filename": filename
})
return response
def test_put_delete_s3_object(app):
from lemur.plugins.lemur_aws.s3 import put, delete, get
bucket = "public-bucket"
region = "us-east-1"
account = "123456789012"
path = "some-path/foo"
data = "dummy data"
s3_client = boto3.client('s3')
s3_client.create_bucket(Bucket=bucket)
put(bucket_name=bucket,
region_name=region,
prefix=path,
data=data,
encrypt=False,
account_number=account,
region=region)
response = get(bucket_name=bucket,
prefixed_object_name=path,
account_number=account)
# put data, and getting the same data
assert (response == data)
response = get(bucket_name="wrong-bucket",
prefixed_object_name=path,
account_number=account)
# attempting to get thccle wrong data
assert (response is None)
delete(bucket_name=bucket,
prefixed_object_name=path,
account_number=account)
response = get(bucket_name=bucket,
prefixed_object_name=path,
account_number=account)
# delete data, and getting the same data
assert (response is None)
def upload_acme_token_s3(token, token_name, prefix, account_number,
bucket_name):
"""
This method serves for testing the upload_acme_token to S3, fetching the token to verify it, and then deleting it.
It mainly serves for testing purposes.
:param token:
:param token_name:
:param prefix:
:param account_number:
:param bucket_name:
:return:
"""
additional_options = [
{
"name": "bucket",
"value": bucket_name,
"type": "str",
"required": True,
"validation": r"[0-9a-z.-]{3,63}",
"helpMessage": "Must be a valid S3 bucket name!",
},
{
"name":
"accountNumber",
"type":
"str",
"value":
account_number,
"required":
True,
"validation":
r"[0-9]{12}",
"helpMessage":
"A valid AWS account number with permission to access S3",
},
{
"name": "region",
"type": "str",
"default": "us-east-1",
"required": False,
"helpMessage": "Region bucket exists",
"available": ["us-east-1", "us-west-2", "eu-west-1"],
},
{
"name": "encrypt",
"type": "bool",
"value": False,
"required": False,
"helpMessage": "Enable server side encryption",
"default": True,
},
{
"name": "prefix",
"type": "str",
"value": prefix,
"required": False,
"helpMessage": "Must be a valid S3 object prefix!",
},
]
p = plugins.get("aws-s3")
p.upload_acme_token(token_name, token, additional_options)
if not prefix.endswith("/"):
prefix + "/"
token_res = s3.get(bucket_name,
prefix + token_name,
account_number=account_number)
assert (token_res == token)
s3.delete(bucket_name, prefix + token_name, account_number=account_number)
