Ejemplo n.º 1
0
def test_create_4096_key():
    # create a test parameter
    provider = RSAKeyProvider()
    name = "/test/parameter-%s" % uuid.uuid4()
    request = Request("Create", name)
    request["ResourceProperties"]["Description"] = "A large private key"
    request["ResourceProperties"]["KeySize"] = "4096"
    response = provider.handle(request, {})
    assert response["Status"] == "SUCCESS", response["Reason"]
    assert provider.is_valid_cfn_response(), response["Reason"]
    assert "PhysicalResourceId" in response
    physical_resource_id = response["PhysicalResourceId"]

    assert "Data" in response
    assert "Arn" in response["Data"]
    assert "PublicKey" in response["Data"]
    assert "PublicKeyPEM" in response["Data"]
    assert "Hash" in response["Data"]
    assert response["Data"]["Arn"] == physical_resource_id
    assert (response["Data"]["Hash"] == hashlib.md5(
        response["Data"]["PublicKey"].encode("ascii")).hexdigest())

    public_key = load_pem_public_key(
        response["Data"]["PublicKeyPEM"].encode("ascii"),
        backend=default_backend())
    assert public_key.key_size == 4096

    # delete the parameter
    request = Request("Delete", name, physical_resource_id)
    response = handler(request, {})
    assert response["Status"] == "SUCCESS", response["Reason"]
def test_create_4096_key():
    # create a test parameter
    provider = RSAKeyProvider()
    name = '/test/parameter-%s' % uuid.uuid4()
    request = Request('Create', name)
    request['ResourceProperties']['Description'] = 'A large private key'
    request['ResourceProperties']['KeySize'] = '4096'
    response = provider.handle(request, {})
    assert response['Status'] == 'SUCCESS', response['Reason']
    assert provider.is_valid_cfn_response(), response['Reason']
    assert 'PhysicalResourceId' in response
    physical_resource_id = response['PhysicalResourceId']

    assert 'Data' in response
    assert 'Arn' in response['Data']
    assert 'PublicKey' in response['Data']
    assert 'PublicKeyPEM' in response['Data']
    assert 'Hash' in response['Data']
    assert response['Data']['Arn'] == physical_resource_id
    assert response['Data']['Hash'] == hashlib.md5(response['Data']['PublicKey']).hexdigest()

    public_key = load_pem_public_key(response['Data']['PublicKeyPEM'], backend=default_backend())
    assert public_key.key_size == 4096

    # delete the parameter
    request = Request('Delete', name, physical_resource_id)
    response = handler(request, {})
    assert response['Status'] == 'SUCCESS', response['Reason']
def test_type_convert():
    request = Request('Create', 'abc')
    request['ResourceProperties']['RefreshOnUpdate'] = 'true'
    r = RSAKeyProvider()
    r.set_request(request, {})
    assert r.is_valid_request()
    assert isinstance(r.get('RefreshOnUpdate'), bool)
def test_defaults():
    request = Request('Create', 'abc')
    r = RSAKeyProvider()
    r.set_request(request, {})
    assert r.is_valid_request()
    assert r.get('KeyAlias') == 'alias/aws/ssm'
    assert r.get('Description') == ''
    assert r.get('KeyFormat') == 'PKCS8'
Ejemplo n.º 5
0
def test_defaults():
    request = Request("Create", "abc")
    r = RSAKeyProvider()
    r.set_request(request, {})
    assert r.is_valid_request()
    assert r.get("KeyAlias") == "alias/aws/ssm"
    assert r.get("Description") == ""
    assert r.get("KeyFormat") == "PKCS8"
Ejemplo n.º 6
0
def test_create():
    # create a test parameter
    provider = RSAKeyProvider()
    name = '/test/parameter-%s' % uuid.uuid4()
    request = Request('Create', name)
    request['ResourceProperties']['Description'] = 'A ppretty private key'
    response = provider.handle(request, {})
    assert response['Status'] == 'SUCCESS', response['Reason']
    assert provider.is_valid_cfn_response(), response['Reason']
    assert 'PhysicalResourceId' in response
    physical_resource_id = response['PhysicalResourceId']

    assert 'Data' in response
    assert 'Arn' in response['Data']
    assert 'PublicKey' in response['Data']
    assert response['Data']['Arn'] == physical_resource_id

    # delete the parameters
    request = Request('Delete', name, physical_resource_id)
    response = handler(request, {})
    assert response['Status'] == 'SUCCESS', response['Reason']
Ejemplo n.º 7
0
def test_type_convert():
    request = Request('Create', 'abc')
    request['ResourceProperties']['RefreshOnUpdate'] = 'true'
    r = RSAKeyProvider()
    r.set_request(request, {})
    assert r.is_valid_request()
    assert isinstance(r.get('RefreshOnUpdate'), bool)
def test_defaults():
    request = Request('Create', 'abc')
    r = RSAKeyProvider()
    r.set_request(request, {})
    assert r.is_valid_request()
    assert r.get('KeyAlias') == 'alias/aws/ssm'
    assert r.get('Description') == ''
def test_create():
    # create a test parameter
    provider = RSAKeyProvider()
    name = '/test/parameter-%s' % uuid.uuid4()
    request = Request('Create', name)
    request['ResourceProperties']['Description'] = 'A ppretty private key'
    response = provider.handle(request, {})
    assert response['Status'] == 'SUCCESS', response['Reason']
    assert provider.is_valid_cfn_response(), response['Reason']
    assert 'PhysicalResourceId' in response
    physical_resource_id = response['PhysicalResourceId']

    assert 'Data' in response
    assert 'Arn' in response['Data']
    assert 'PublicKey' in response['Data']
    assert 'Hash' in response['Data']
    assert 'Version' in response['Data']
    assert response['Data']['Arn'] == physical_resource_id
    assert response['Data']['Hash'] == hashlib.md5(
        response['Data']['PublicKey'].encode('ascii')).hexdigest()
    assert response['Data']['Version'] == 1

    public_key = load_pem_public_key(
        response['Data']['PublicKeyPEM'].encode('ascii'),
        backend=default_backend())
    assert public_key.key_size == 2048

    request['RequestType'] = 'Update'
    request['ResourceProperties']['RefreshOnUpdate'] = True
    request['PhysicalResourceId'] = physical_resource_id
    response = provider.handle(request, {})
    assert response['Status'] == 'SUCCESS', response['Reason']
    assert response['Data']['Hash'] == hashlib.md5(
        response['Data']['PublicKey'].encode('ascii')).hexdigest()
    assert response['Data']['Version'] == 2

    # delete the parameters
    request = Request('Delete', name, physical_resource_id)
    response = handler(request, {})
    assert response['Status'] == 'SUCCESS', response['Reason']
Ejemplo n.º 10
0
def test_type_convert():
    request = Request("Create", "abc")
    request["ResourceProperties"]["RefreshOnUpdate"] = "true"
    r = RSAKeyProvider()
    r.set_request(request, {})
    assert r.is_valid_request()
    assert isinstance(r.get("RefreshOnUpdate"), bool)
def test_create():
    # create a test parameter
    provider = RSAKeyProvider()
    name = '/test/parameter-%s' % uuid.uuid4()
    request = Request('Create', name)
    request['ResourceProperties']['Description'] = 'A ppretty private key'
    response = provider.handle(request, {})
    assert response['Status'] == 'SUCCESS', response['Reason']
    assert provider.is_valid_cfn_response(), response['Reason']
    assert 'PhysicalResourceId' in response
    physical_resource_id = response['PhysicalResourceId']

    assert 'Data' in response
    assert 'Arn' in response['Data']
    assert 'PublicKey' in response['Data']
    assert 'Hash' in response['Data']
    assert response['Data']['Arn'] == physical_resource_id
    assert response['Data']['Hash'] == hashlib.md5(response['Data']['PublicKey']).hexdigest()

    # delete the parameters
    request = Request('Delete', name, physical_resource_id)
    response = handler(request, {})
    assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_traditional_openssl_key():
    # create a test parameter
    provider = RSAKeyProvider()
    name = '/test/parameter-%s' % uuid.uuid4()
    request = Request('Create', name)
    request['ResourceProperties']['Description'] = 'a key in openssl format'
    request['ResourceProperties']['KeyFormat'] = 'TraditionalOpenSSL'
    request['ResourceProperties']['ReturnSecret'] = True
    response = provider.handle(request, {})
    assert response['Status'] == 'SUCCESS', response['Reason']
    physical_resource_id = response['PhysicalResourceId']
    public_key = response['Data']['PublicKeyPEM']

    # check that it is in openssl format
    ssm = boto3.client('ssm')
    kp = ssm.get_parameter(Name=name, WithDecryption=True)
    private_key = kp['Parameter']['Value']
    assert private_key.split('\n')[0] == '-----BEGIN RSA PRIVATE KEY-----'

    # check it can reread the traditional form, and update back
    request['RequestType'] = 'Update'
    request['ResourceProperties']['KeyFormat'] = 'PKCS8'
    request['PhysicalResourceId'] = physical_resource_id
    response = provider.handle(request, {})
    assert response['Status'] == 'SUCCESS', response['Reason']
    assert public_key == response['Data']['PublicKeyPEM']

    # check that it is in openssl format
    ssm = boto3.client('ssm')
    kp = ssm.get_parameter(Name=name, WithDecryption=True)
    private_key = kp['Parameter']['Value']
    assert private_key.split('\n')[0] == '-----BEGIN PRIVATE KEY-----'

    # delete the parameter
    request = Request('Delete', name, physical_resource_id)
    response = handler(request, {})
    assert response['Status'] == 'SUCCESS', response['Reason']
Ejemplo n.º 13
0
def test_create_traditional_openssl_key():
    # create a test parameter
    provider = RSAKeyProvider()
    name = "/test/parameter-%s" % uuid.uuid4()
    request = Request("Create", name)
    request["ResourceProperties"]["Description"] = "a key in openssl format"
    request["ResourceProperties"]["KeyFormat"] = "TraditionalOpenSSL"
    request["ResourceProperties"]["ReturnSecret"] = True
    response = provider.handle(request, {})
    assert response["Status"] == "SUCCESS", response["Reason"]
    physical_resource_id = response["PhysicalResourceId"]
    public_key = response["Data"]["PublicKeyPEM"]

    # check that it is in openssl format
    ssm = boto3.client("ssm")
    kp = ssm.get_parameter(Name=name, WithDecryption=True)
    private_key = kp["Parameter"]["Value"]
    assert private_key.split("\n")[0] == "-----BEGIN RSA PRIVATE KEY-----"

    # check it can reread the traditional form, and update back
    request["RequestType"] = "Update"
    request["ResourceProperties"]["KeyFormat"] = "PKCS8"
    request["PhysicalResourceId"] = physical_resource_id
    response = provider.handle(request, {})
    assert response["Status"] == "SUCCESS", response["Reason"]
    assert public_key == response["Data"]["PublicKeyPEM"]

    # check that it is in openssl format
    ssm = boto3.client("ssm")
    kp = ssm.get_parameter(Name=name, WithDecryption=True)
    private_key = kp["Parameter"]["Value"]
    assert private_key.split("\n")[0] == "-----BEGIN PRIVATE KEY-----"

    # delete the parameter
    request = Request("Delete", name, physical_resource_id)
    response = handler(request, {})
    assert response["Status"] == "SUCCESS", response["Reason"]