def testCreateDiskCopy3(self, mock_list_instances, mock_list_disk,
mock_list_subscription_ids, mock_credentials,
mock_resource_group):
"""Test that a disk copy is correctly created.
The first call should raise a RuntimeError in GetInstance as we are
querying a non-existent instance. The second call should raise a
RuntimeError in GetDisk as we are querying a non-existent disk."""
mock_list_instances.return_value = {}
mock_list_disk.return_value = {}
mock_list_subscription_ids.return_value = ['fake-subscription-id']
mock_credentials.return_value = ('fake-subscription-id', mock.Mock())
mock_resource_group.return_value = 'fake-resource-group'
with self.assertRaises(RuntimeError) as error:
forensics.CreateDiskCopy(FAKE_ACCOUNT.default_resource_group_name,
instance_name='non-existent-vm-name',
region='fake-region')
self.assertEqual(
'Cannot copy disk "None": Instance non-existent-vm-name was not found '
'in subscription fake-subscription-id', str(error.exception))
with self.assertRaises(RuntimeError) as error:
forensics.CreateDiskCopy(FAKE_ACCOUNT.default_resource_group_name,
disk_name='non-existent-disk-name',
region='fake-region')
self.assertEqual(
'Cannot copy disk "non-existent-disk-name": Disk non-existent-disk-name'
' was not found in subscription fake-subscription-id',
str(error.exception))
def testCreateDiskCopy2(self, mock_create_disk, mock_get_instance,
mock_get_boot_disk, mock_get_disk, mock_snapshot,
mock_snapshot_delete, mock_list_subscription_ids,
mock_credentials, mock_resource_group):
"""Test that a disk copy is correctly created.
CreateDiskCopy(zone, disk_name='fake-disk-name', region='fake-region').
This should grab the disk 'fake-disk-name'."""
mock_create_disk.return_value.done.return_value = True
mock_create_disk.return_value.result.return_value = MOCK_DISK_COPY
mock_get_instance.return_value = FAKE_INSTANCE
mock_get_disk.return_value = FAKE_DISK
mock_snapshot.return_value = FAKE_SNAPSHOT
mock_snapshot_delete.return_value = None
mock_list_subscription_ids.return_value = ['fake-subscription-id']
mock_credentials.return_value = ('fake-subscription-id', mock.Mock())
mock_resource_group.return_value = 'fake-resource-group'
disk_copy = forensics.CreateDiskCopy(
FAKE_ACCOUNT.default_resource_group_name,
disk_name=FAKE_DISK.name,
region='fake-region')
mock_get_instance.assert_not_called()
mock_get_boot_disk.assert_not_called()
mock_get_disk.assert_called_once()
mock_get_disk.assert_called_with('fake-disk-name')
self.assertIsInstance(disk_copy, compute.AZDisk)
self.assertEqual('fake_snapshot_name_f4c186ac_copy', disk_copy.name)
def testStartVm(self):
"""End to end test on Azure.
Test creating an analysis VM and attaching a copied disk to it.
"""
disk_copy = forensics.CreateDiskCopy(
self.resource_group_name,
disk_name=self.disk_to_copy)
self._StoreDiskForCleanup(disk_copy)
# Create and start the analysis VM and attach the disk
self.analysis_vm, _ = forensics.StartAnalysisVm(
self.resource_group_name,
self.analysis_vm_name,
50,
self.ssh_public_key,
attach_disks=[disk_copy.name]
)
# The forensic instance should be live in the analysis Azure account and
# the disk should be attached
instance = self.az.compute.compute_client.virtual_machines.get(
self.resource_group_name, self.analysis_vm.name)
self.assertEqual(instance.name, self.analysis_vm.name)
self.assertIn(disk_copy.name, self.analysis_vm.ListDisks())
self._StoreDiskForCleanup(self.analysis_vm.GetBootDisk())
def testDiskCopyToOtherZone(self):
"""End to end test on Azure.
Test copying a specific disk to a different Azure region.
"""
if not (self.disk_to_copy and self.dst_region):
return
disk_copy = forensics.CreateDiskCopy(
self.resource_group_name,
disk_name=self.disk_to_copy,
region=self.dst_region)
# The disk should be present in Azure and be in self.dst_region
remote_disk = self.az.compute.compute_client.disks.get(
disk_copy.resource_group_name, disk_copy.name)
self.assertIsNotNone(remote_disk)
self.assertEqual(disk_copy.name, remote_disk.name)
self.assertEqual(self.dst_region, remote_disk.location)
# Since we make a copy of the same disk but in a different region in next
# test, we need to delete the copy we just created as Azure does not
# permit same-name disks in different regions.
operation = self.az.compute.compute_client.disks.delete(
disk_copy.resource_group_name, disk_copy.name)
operation.wait()
def testDiskCopyToOtherZone(self):
"""End to end test on Azure.
Test copying a specific disk to a different Azure region.
"""
if not (self.disk_to_copy and self.dst_region):
return
disk_copy = forensics.CreateDiskCopy(self.resource_group_name,
disk_name=self.disk_to_copy,
region=self.dst_region)
# The disk should be present in Azure and be in self.dst_region
remote_disk = self.az.compute.compute_client.disks.get(
disk_copy.resource_group_name, disk_copy.name)
self.assertIsNotNone(remote_disk)
self.assertEqual(disk_copy.name, remote_disk.name)
self.assertEqual(self.dst_region, remote_disk.location)
# Since we make a copy of the same disk but in a different region in next
# test, we need to delete the copy we just created as Azure does not
# permit same-name disks in different regions.
operation = self.az.compute.compute_client.disks.begin_delete(
disk_copy.resource_group_name, disk_copy.name)
# Delete operation takes some time to propagate within Azure, which in
# some cases causes the next test to fail. Therefore we have to wait for
# completion.
while not operation.done():
sleep(5)
def CreateDiskCopy(args: 'argparse.Namespace') -> None:
"""Create an Azure disk copy.
Args:
args (argparse.Namespace): Arguments from ArgumentParser.
"""
logger.info('Starting disk copy...')
disk_copy = forensics.CreateDiskCopy(args.default_resource_group_name,
instance_name=args.instance_name,
disk_name=args.disk_name,
disk_type=args.disk_type,
region=args.region,
src_profile=args.src_profile,
dst_profile=args.dst_profile)
logger.info('Done! Disk {0:s} successfully created.'.format(disk_copy.name))
def testBootDiskCopy(self):
"""End to end test on Azure.
Test copying the boot disk of an instance.
"""
disk_copy = forensics.CreateDiskCopy(
self.resource_group_name,
instance_name=self.instance_to_analyse
# disk_name=None by default, boot disk of instance will be copied
)
# The disk should be present in Azure
remote_disk = self.az.compute.compute_client.disks.get(
disk_copy.resource_group_name, disk_copy.name)
self.assertIsNotNone(remote_disk)
self.assertEqual(disk_copy.name, remote_disk.name)
self._StoreDiskForCleanup(disk_copy)
def Process(self):
"""Copies a disk to the analysis account."""
for disk in self._FindDisksToCopy():
self.logger.info('Disk copy of {0:s} started...'.format(disk.name))
new_disk = az_forensics.CreateDiskCopy(
self.analysis_resource_group_name,
disk_name=disk.name,
region=self.analysis_region,
src_profile=self.remote_profile_name,
dst_profile=self.analysis_profile_name)
self.logger.info('Disk {0:s} successfully copied to {1:s}'.format(
disk.name, new_disk.name))
self.analysis_vm.AttachDisk(new_disk)
container = containers.ForensicsVM(name=self.analysis_vm.name,
evidence_disk=new_disk,
platform='azure')
self.state.StoreContainer(container)
def testDiskCopyToOtherZone(self):
"""End to end test on Azure.
Test copying a specific disk to a different Azure region.
"""
if not (self.disk_to_copy and self.dst_region):
return
disk_copy = forensics.CreateDiskCopy(self.resource_group_name,
disk_name=self.disk_to_copy,
region=self.dst_region)
# The disk should be present in Azure and be in self.dst_region
remote_disk = self.az.compute_client.disks.get(
disk_copy.resource_group_name, disk_copy.name)
self.assertIsNotNone(remote_disk)
self.assertEqual(disk_copy.name, remote_disk.name)
self.assertEqual(self.dst_region, remote_disk.location)
self._StoreDiskForCleanup(disk_copy)
