def test_multiple_options(self): brkt_config_in = { 'api_host': api_host_port, 'hsmproxy_host': hsmproxy_host_port, 'network_host': network_host_port, 'ntp_servers': [ntp_server1], 'identity_token': test_jwt } ic = InstanceConfig(brkt_config_in) ic.add_brkt_file('ca_cert.pem.example.com', 'DUMMY CERT') ud = ic.make_userdata() brkt_config_json = get_mime_part_payload(ud, BRKT_CONFIG_CONTENT_TYPE) brkt_config = json.loads(brkt_config_json)['brkt'] self.assertEqual(brkt_config['identity_token'], test_jwt) self.assertEqual(brkt_config['ntp_servers'], [ntp_server1]) self.assertEqual(brkt_config['api_host'], api_host_port) self.assertEqual(brkt_config['hsmproxy_host'], hsmproxy_host_port) self.assertEqual(brkt_config['network_host'], network_host_port) brkt_files = get_mime_part_payload(ud, BRKT_FILES_CONTENT_TYPE) self.assertEqual(brkt_files, "/var/brkt/ami_config/ca_cert.pem.example.com: " + "{contents: DUMMY CERT}\n") """
def test_proxy_config(self): # The proxy file goes in a brkt-file part, # so the brkt config should be empty ic = InstanceConfig({}) p = Proxy(host=proxy_host, port=proxy_port) proxy_config = proxy.generate_proxy_config(p) ic.add_brkt_file('proxy.yaml', proxy_config) _verify_proxy_config_in_userdata(self, ic.make_userdata())
def test_proxy_config(self): # The proxy file goes in a brkt-file part, # so the brkt config should be empty ic = InstanceConfig({}) p = Proxy(host=proxy_host, port=proxy_port) proxy_config = proxy.generate_proxy_config(p) ic.add_brkt_file('proxy.yaml', proxy_config) _verify_proxy_config_in_userdata(self, ic.make_userdata())
def make_instance_config(values=None, brkt_env=None, mode=INSTANCE_CREATOR_MODE): log.debug('Creating instance config with %s', brkt_env) brkt_config = {} if not values: return InstanceConfig(brkt_config, mode) if brkt_env: add_brkt_env_to_brkt_config(brkt_env, brkt_config) if values.token: brkt_config['identity_token'] = values.token if values.ntp_servers: brkt_config['ntp_servers'] = values.ntp_servers if mode in (INSTANCE_CREATOR_MODE, INSTANCE_UPDATER_MODE): brkt_config['status_port'] = (values.status_port or encryptor_service.ENCRYPTOR_STATUS_PORT) ic = InstanceConfig(brkt_config, mode) # Now handle the args that cause files to be added to brkt-files proxy_config = get_proxy_config(values) if proxy_config: ic.add_brkt_file('proxy.yaml', proxy_config) if 'ca_cert' in values and values.ca_cert: if mode != INSTANCE_CREATOR_MODE: raise ValidationError( 'Can only specify ca-cert for instance in Creator mode' ) if not values.brkt_env: raise ValidationError( 'Must specify brkt-env when specifying ca-cert.' ) try: with open(values.ca_cert, 'r') as f: ca_cert_data = f.read() except IOError as e: raise ValidationError(e) try: x509.load_pem_x509_certificate(ca_cert_data, default_backend()) except Exception as e: raise ValidationError('Error validating CA cert: %s' % e) domain = get_domain_from_brkt_env(brkt_env) ca_cert_filename = 'ca_cert.pem.' + domain ic.add_brkt_file(ca_cert_filename, ca_cert_data) return ic
def make_instance_config(values=None, brkt_env=None, mode=INSTANCE_CREATOR_MODE): log.debug('Creating instance config with %s', brkt_env) brkt_config = {} if not values: return InstanceConfig(brkt_config, mode) if brkt_env: add_brkt_env_to_brkt_config(brkt_env, brkt_config) if values.token: brkt_config['identity_token'] = values.token if values.ntp_servers: brkt_config['ntp_servers'] = values.ntp_servers if mode in (INSTANCE_CREATOR_MODE, INSTANCE_UPDATER_MODE): brkt_config['status_port'] = (values.status_port or encryptor_service.ENCRYPTOR_STATUS_PORT) ic = InstanceConfig(brkt_config, mode) # Now handle the args that cause files to be added to brkt-files proxy_config = get_proxy_config(values) if proxy_config: ic.add_brkt_file('proxy.yaml', proxy_config) if 'ca_cert' in values and values.ca_cert: if mode != INSTANCE_CREATOR_MODE: raise ValidationError( 'Can only specify ca-cert for instance in Creator mode') if not values.brkt_env: raise ValidationError( 'Must specify brkt-env when specifying ca-cert.') try: with open(values.ca_cert, 'r') as f: ca_cert_data = f.read() except IOError as e: raise ValidationError(e) try: x509.load_pem_x509_certificate(ca_cert_data, default_backend()) except Exception as e: raise ValidationError('Error validating CA cert: %s' % e) domain = get_domain_from_brkt_env(brkt_env) ca_cert_filename = 'ca_cert.pem.' + domain ic.add_brkt_file(ca_cert_filename, ca_cert_data) return ic
def test_multiple_options(self): brkt_config_in = { 'api_host': api_host_port, 'hsmproxy_host': hsmproxy_host_port, 'ntp_servers': [ntp_server1], 'identity_token': test_jwt } ic = InstanceConfig(brkt_config_in) ic.add_brkt_file('ca_cert.pem.example.com', 'DUMMY CERT') ud = ic.make_userdata() brkt_config_json = get_mime_part_payload(ud, BRKT_CONFIG_CONTENT_TYPE) brkt_config = json.loads(brkt_config_json)['brkt'] self.assertEqual(brkt_config['identity_token'], test_jwt) self.assertEqual(brkt_config['ntp_servers'], [ntp_server1]) self.assertEqual(brkt_config['api_host'], api_host_port) self.assertEqual(brkt_config['hsmproxy_host'], hsmproxy_host_port) brkt_files = get_mime_part_payload(ud, BRKT_FILES_CONTENT_TYPE) self.assertEqual( brkt_files, "/var/brkt/ami_config/ca_cert.pem.example.com: " + "{contents: DUMMY CERT}\n") """
def instance_config_from_values(values=None, mode=INSTANCE_CREATOR_MODE, cli_config=None): """ Return an InstanceConfig object, based on options specified on the command line and Metavisor mode. :param values an argparse.Namespace object :param mode the mode in which Metavisor is running :param cli_config an brkt_cli.config.CLIConfig instance """ brkt_config = {} if not values: return InstanceConfig(brkt_config, mode) # Handle BracketEnvironment, depending on the mode. brkt_env = None if mode in (INSTANCE_CREATOR_MODE, INSTANCE_UPDATER_MODE): # Yeti environment should only be set in CREATOR or UPDATER mode. # When launching, we want to preserve the original environment that # was specified during encryption. # # If the Yeti environment was not specified, use the production # environment. brkt_env = brkt_cli.brkt_env_from_values(values) if cli_config is not None and brkt_env is None: name, brkt_env = cli_config.get_current_env() log.info('Using %s environment', name) log.debug(brkt_env) config_brkt_env = brkt_env or brkt_cli.get_prod_brkt_env() add_brkt_env_to_brkt_config(config_brkt_env, brkt_config) # We only monitor status when encrypting or updating. brkt_config['status_port'] = ( values.status_port or encryptor_service.ENCRYPTOR_STATUS_PORT ) if values.token: brkt_config['identity_token'] = values.token if values.ntp_servers: brkt_config['ntp_servers'] = values.ntp_servers log.debug('Parsed brkt_config %s', brkt_config) ic = InstanceConfig(brkt_config, mode) # Now handle the args that cause files to be added to brkt-files proxy_config = get_proxy_config(values) if proxy_config: ic.add_brkt_file('proxy.yaml', proxy_config) if 'ca_cert' in values and values.ca_cert: if not brkt_env: raise ValidationError( 'Must specify --service-domain or --brkt-env when specifying ' '--ca-cert.' ) try: with open(values.ca_cert, 'r') as f: ca_cert_data = f.read() except IOError as e: raise ValidationError(e) try: x509.load_pem_x509_certificate(ca_cert_data, default_backend()) except Exception as e: raise ValidationError('Error validating CA cert: %s' % e) domain = get_domain_from_brkt_env(brkt_env) ca_cert_filename = 'ca_cert.pem.' + domain ic.add_brkt_file(ca_cert_filename, ca_cert_data) if 'guest_fqdn' in values and values.guest_fqdn: ic.add_brkt_file('vpn.yaml', 'fqdn: ' + values.guest_fqdn) return ic