def test_add_brkt_env_to_user_data(self):
userdata = {}
api_host_port = 'api.example.com:777'
hsmproxy_host_port = 'hsmproxy.example.com:888'
expected_userdata = {
'api_host': api_host_port,
'hsmproxy_host': hsmproxy_host_port
}
brkt_env = brkt_cli.parse_brkt_env(
api_host_port + ',' + hsmproxy_host_port)
brkt_cli.add_brkt_env_to_brkt_config(brkt_env, userdata)
self.assertEqual(userdata, expected_userdata)
def make_instance_config(values=None, brkt_env=None,
mode=INSTANCE_CREATOR_MODE):
log.debug('Creating instance config with %s', brkt_env)
brkt_config = {}
if not values:
return InstanceConfig(brkt_config, mode)
if brkt_env:
add_brkt_env_to_brkt_config(brkt_env, brkt_config)
if values.token:
brkt_config['identity_token'] = values.token
if values.ntp_servers:
brkt_config['ntp_servers'] = values.ntp_servers
if mode in (INSTANCE_CREATOR_MODE, INSTANCE_UPDATER_MODE):
brkt_config['status_port'] = (values.status_port or
encryptor_service.ENCRYPTOR_STATUS_PORT)
ic = InstanceConfig(brkt_config, mode)
# Now handle the args that cause files to be added to brkt-files
proxy_config = get_proxy_config(values)
if proxy_config:
ic.add_brkt_file('proxy.yaml', proxy_config)
if 'ca_cert' in values and values.ca_cert:
if mode != INSTANCE_CREATOR_MODE:
raise ValidationError(
'Can only specify ca-cert for instance in Creator mode'
)
if not values.brkt_env:
raise ValidationError(
'Must specify brkt-env when specifying ca-cert.'
)
try:
with open(values.ca_cert, 'r') as f:
ca_cert_data = f.read()
except IOError as e:
raise ValidationError(e)
try:
x509.load_pem_x509_certificate(ca_cert_data, default_backend())
except Exception as e:
raise ValidationError('Error validating CA cert: %s' % e)
domain = get_domain_from_brkt_env(brkt_env)
ca_cert_filename = 'ca_cert.pem.' + domain
ic.add_brkt_file(ca_cert_filename, ca_cert_data)
return ic
def test_add_brkt_env_to_user_data(self):
userdata = {}
api_host_port = 'api.example.com:777'
hsmproxy_host_port = 'hsmproxy.example.com:888'
expected_userdata = {
'api_host': api_host_port,
'hsmproxy_host': hsmproxy_host_port
}
brkt_env = brkt_cli.parse_brkt_env(api_host_port + ',' +
hsmproxy_host_port)
brkt_cli.add_brkt_env_to_brkt_config(brkt_env, userdata)
self.assertEqual(userdata, expected_userdata)
def make_instance_config(values=None,
brkt_env=None,
mode=INSTANCE_CREATOR_MODE):
log.debug('Creating instance config with %s', brkt_env)
brkt_config = {}
if not values:
return InstanceConfig(brkt_config, mode)
if brkt_env:
add_brkt_env_to_brkt_config(brkt_env, brkt_config)
if values.token:
brkt_config['identity_token'] = values.token
if values.ntp_servers:
brkt_config['ntp_servers'] = values.ntp_servers
if mode in (INSTANCE_CREATOR_MODE, INSTANCE_UPDATER_MODE):
brkt_config['status_port'] = (values.status_port or
encryptor_service.ENCRYPTOR_STATUS_PORT)
ic = InstanceConfig(brkt_config, mode)
# Now handle the args that cause files to be added to brkt-files
proxy_config = get_proxy_config(values)
if proxy_config:
ic.add_brkt_file('proxy.yaml', proxy_config)
if 'ca_cert' in values and values.ca_cert:
if mode != INSTANCE_CREATOR_MODE:
raise ValidationError(
'Can only specify ca-cert for instance in Creator mode')
if not values.brkt_env:
raise ValidationError(
'Must specify brkt-env when specifying ca-cert.')
try:
with open(values.ca_cert, 'r') as f:
ca_cert_data = f.read()
except IOError as e:
raise ValidationError(e)
try:
x509.load_pem_x509_certificate(ca_cert_data, default_backend())
except Exception as e:
raise ValidationError('Error validating CA cert: %s' % e)
domain = get_domain_from_brkt_env(brkt_env)
ca_cert_filename = 'ca_cert.pem.' + domain
ic.add_brkt_file(ca_cert_filename, ca_cert_data)
return ic
def instance_config_from_values(values=None, mode=INSTANCE_CREATOR_MODE,
cli_config=None):
""" Return an InstanceConfig object, based on options specified on
the command line and Metavisor mode.
:param values an argparse.Namespace object
:param mode the mode in which Metavisor is running
:param cli_config an brkt_cli.config.CLIConfig instance
"""
brkt_config = {}
if not values:
return InstanceConfig(brkt_config, mode)
# Handle BracketEnvironment, depending on the mode.
brkt_env = None
if mode in (INSTANCE_CREATOR_MODE, INSTANCE_UPDATER_MODE):
# Yeti environment should only be set in CREATOR or UPDATER mode.
# When launching, we want to preserve the original environment that
# was specified during encryption.
#
# If the Yeti environment was not specified, use the production
# environment.
brkt_env = brkt_cli.brkt_env_from_values(values)
if cli_config is not None and brkt_env is None:
name, brkt_env = cli_config.get_current_env()
log.info('Using %s environment', name)
log.debug(brkt_env)
config_brkt_env = brkt_env or brkt_cli.get_prod_brkt_env()
add_brkt_env_to_brkt_config(config_brkt_env, brkt_config)
# We only monitor status when encrypting or updating.
brkt_config['status_port'] = (
values.status_port or
encryptor_service.ENCRYPTOR_STATUS_PORT
)
if values.token:
brkt_config['identity_token'] = values.token
if values.ntp_servers:
brkt_config['ntp_servers'] = values.ntp_servers
log.debug('Parsed brkt_config %s', brkt_config)
ic = InstanceConfig(brkt_config, mode)
# Now handle the args that cause files to be added to brkt-files
proxy_config = get_proxy_config(values)
if proxy_config:
ic.add_brkt_file('proxy.yaml', proxy_config)
if 'ca_cert' in values and values.ca_cert:
if not brkt_env:
raise ValidationError(
'Must specify --service-domain or --brkt-env when specifying '
'--ca-cert.'
)
try:
with open(values.ca_cert, 'r') as f:
ca_cert_data = f.read()
except IOError as e:
raise ValidationError(e)
try:
x509.load_pem_x509_certificate(ca_cert_data, default_backend())
except Exception as e:
raise ValidationError('Error validating CA cert: %s' % e)
domain = get_domain_from_brkt_env(brkt_env)
ca_cert_filename = 'ca_cert.pem.' + domain
ic.add_brkt_file(ca_cert_filename, ca_cert_data)
if 'guest_fqdn' in values and values.guest_fqdn:
ic.add_brkt_file('vpn.yaml', 'fqdn: ' + values.guest_fqdn)
return ic
