def test_multiple_options(self):
brkt_config_in = {
'api_host': api_host_port,
'hsmproxy_host': hsmproxy_host_port,
'network_host': network_host_port,
'ntp_servers': [ntp_server1],
'identity_token': test_jwt
}
ic = InstanceConfig(brkt_config_in)
ic.add_brkt_file('ca_cert.pem.example.com', 'DUMMY CERT')
ud = ic.make_userdata()
brkt_config_json = get_mime_part_payload(ud, BRKT_CONFIG_CONTENT_TYPE)
brkt_config = json.loads(brkt_config_json)['brkt']
self.assertEqual(brkt_config['identity_token'], test_jwt)
self.assertEqual(brkt_config['ntp_servers'], [ntp_server1])
self.assertEqual(brkt_config['api_host'], api_host_port)
self.assertEqual(brkt_config['hsmproxy_host'], hsmproxy_host_port)
self.assertEqual(brkt_config['network_host'], network_host_port)
brkt_files = get_mime_part_payload(ud, BRKT_FILES_CONTENT_TYPE)
self.assertEqual(brkt_files,
"/var/brkt/ami_config/ca_cert.pem.example.com: " +
"{contents: DUMMY CERT}\n")
"""
def test_proxy_config(self):
# The proxy file goes in a brkt-file part,
# so the brkt config should be empty
ic = InstanceConfig({})
p = Proxy(host=proxy_host, port=proxy_port)
proxy_config = proxy.generate_proxy_config(p)
ic.add_brkt_file('proxy.yaml', proxy_config)
_verify_proxy_config_in_userdata(self, ic.make_userdata())
def test_proxy_config(self):
# The proxy file goes in a brkt-file part,
# so the brkt config should be empty
ic = InstanceConfig({})
p = Proxy(host=proxy_host, port=proxy_port)
proxy_config = proxy.generate_proxy_config(p)
ic.add_brkt_file('proxy.yaml', proxy_config)
_verify_proxy_config_in_userdata(self, ic.make_userdata())
def make_instance_config(values=None, brkt_env=None,
mode=INSTANCE_CREATOR_MODE):
log.debug('Creating instance config with %s', brkt_env)
brkt_config = {}
if not values:
return InstanceConfig(brkt_config, mode)
if brkt_env:
add_brkt_env_to_brkt_config(brkt_env, brkt_config)
if values.token:
brkt_config['identity_token'] = values.token
if values.ntp_servers:
brkt_config['ntp_servers'] = values.ntp_servers
if mode in (INSTANCE_CREATOR_MODE, INSTANCE_UPDATER_MODE):
brkt_config['status_port'] = (values.status_port or
encryptor_service.ENCRYPTOR_STATUS_PORT)
ic = InstanceConfig(brkt_config, mode)
# Now handle the args that cause files to be added to brkt-files
proxy_config = get_proxy_config(values)
if proxy_config:
ic.add_brkt_file('proxy.yaml', proxy_config)
if 'ca_cert' in values and values.ca_cert:
if mode != INSTANCE_CREATOR_MODE:
raise ValidationError(
'Can only specify ca-cert for instance in Creator mode'
)
if not values.brkt_env:
raise ValidationError(
'Must specify brkt-env when specifying ca-cert.'
)
try:
with open(values.ca_cert, 'r') as f:
ca_cert_data = f.read()
except IOError as e:
raise ValidationError(e)
try:
x509.load_pem_x509_certificate(ca_cert_data, default_backend())
except Exception as e:
raise ValidationError('Error validating CA cert: %s' % e)
domain = get_domain_from_brkt_env(brkt_env)
ca_cert_filename = 'ca_cert.pem.' + domain
ic.add_brkt_file(ca_cert_filename, ca_cert_data)
return ic
def make_instance_config(values=None,
brkt_env=None,
mode=INSTANCE_CREATOR_MODE):
log.debug('Creating instance config with %s', brkt_env)
brkt_config = {}
if not values:
return InstanceConfig(brkt_config, mode)
if brkt_env:
add_brkt_env_to_brkt_config(brkt_env, brkt_config)
if values.token:
brkt_config['identity_token'] = values.token
if values.ntp_servers:
brkt_config['ntp_servers'] = values.ntp_servers
if mode in (INSTANCE_CREATOR_MODE, INSTANCE_UPDATER_MODE):
brkt_config['status_port'] = (values.status_port or
encryptor_service.ENCRYPTOR_STATUS_PORT)
ic = InstanceConfig(brkt_config, mode)
# Now handle the args that cause files to be added to brkt-files
proxy_config = get_proxy_config(values)
if proxy_config:
ic.add_brkt_file('proxy.yaml', proxy_config)
if 'ca_cert' in values and values.ca_cert:
if mode != INSTANCE_CREATOR_MODE:
raise ValidationError(
'Can only specify ca-cert for instance in Creator mode')
if not values.brkt_env:
raise ValidationError(
'Must specify brkt-env when specifying ca-cert.')
try:
with open(values.ca_cert, 'r') as f:
ca_cert_data = f.read()
except IOError as e:
raise ValidationError(e)
try:
x509.load_pem_x509_certificate(ca_cert_data, default_backend())
except Exception as e:
raise ValidationError('Error validating CA cert: %s' % e)
domain = get_domain_from_brkt_env(brkt_env)
ca_cert_filename = 'ca_cert.pem.' + domain
ic.add_brkt_file(ca_cert_filename, ca_cert_data)
return ic
def test_multiple_options(self):
brkt_config_in = {
'api_host': api_host_port,
'hsmproxy_host': hsmproxy_host_port,
'ntp_servers': [ntp_server1],
'identity_token': test_jwt
}
ic = InstanceConfig(brkt_config_in)
ic.add_brkt_file('ca_cert.pem.example.com', 'DUMMY CERT')
ud = ic.make_userdata()
brkt_config_json = get_mime_part_payload(ud, BRKT_CONFIG_CONTENT_TYPE)
brkt_config = json.loads(brkt_config_json)['brkt']
self.assertEqual(brkt_config['identity_token'], test_jwt)
self.assertEqual(brkt_config['ntp_servers'], [ntp_server1])
self.assertEqual(brkt_config['api_host'], api_host_port)
self.assertEqual(brkt_config['hsmproxy_host'], hsmproxy_host_port)
brkt_files = get_mime_part_payload(ud, BRKT_FILES_CONTENT_TYPE)
self.assertEqual(
brkt_files, "/var/brkt/ami_config/ca_cert.pem.example.com: " +
"{contents: DUMMY CERT}\n")
"""
def instance_config_from_values(values=None, mode=INSTANCE_CREATOR_MODE,
cli_config=None):
""" Return an InstanceConfig object, based on options specified on
the command line and Metavisor mode.
:param values an argparse.Namespace object
:param mode the mode in which Metavisor is running
:param cli_config an brkt_cli.config.CLIConfig instance
"""
brkt_config = {}
if not values:
return InstanceConfig(brkt_config, mode)
# Handle BracketEnvironment, depending on the mode.
brkt_env = None
if mode in (INSTANCE_CREATOR_MODE, INSTANCE_UPDATER_MODE):
# Yeti environment should only be set in CREATOR or UPDATER mode.
# When launching, we want to preserve the original environment that
# was specified during encryption.
#
# If the Yeti environment was not specified, use the production
# environment.
brkt_env = brkt_cli.brkt_env_from_values(values)
if cli_config is not None and brkt_env is None:
name, brkt_env = cli_config.get_current_env()
log.info('Using %s environment', name)
log.debug(brkt_env)
config_brkt_env = brkt_env or brkt_cli.get_prod_brkt_env()
add_brkt_env_to_brkt_config(config_brkt_env, brkt_config)
# We only monitor status when encrypting or updating.
brkt_config['status_port'] = (
values.status_port or
encryptor_service.ENCRYPTOR_STATUS_PORT
)
if values.token:
brkt_config['identity_token'] = values.token
if values.ntp_servers:
brkt_config['ntp_servers'] = values.ntp_servers
log.debug('Parsed brkt_config %s', brkt_config)
ic = InstanceConfig(brkt_config, mode)
# Now handle the args that cause files to be added to brkt-files
proxy_config = get_proxy_config(values)
if proxy_config:
ic.add_brkt_file('proxy.yaml', proxy_config)
if 'ca_cert' in values and values.ca_cert:
if not brkt_env:
raise ValidationError(
'Must specify --service-domain or --brkt-env when specifying '
'--ca-cert.'
)
try:
with open(values.ca_cert, 'r') as f:
ca_cert_data = f.read()
except IOError as e:
raise ValidationError(e)
try:
x509.load_pem_x509_certificate(ca_cert_data, default_backend())
except Exception as e:
raise ValidationError('Error validating CA cert: %s' % e)
domain = get_domain_from_brkt_env(brkt_env)
ca_cert_filename = 'ca_cert.pem.' + domain
ic.add_brkt_file(ca_cert_filename, ca_cert_data)
if 'guest_fqdn' in values and values.guest_fqdn:
ic.add_brkt_file('vpn.yaml', 'fqdn: ' + values.guest_fqdn)
return ic
