def _test_certificate_with_iam_with_ap_with_invalid_client_source_config(
mocker, tmpdir, client_source):
mocker.patch('mount_efs.check_if_platform_is_mac', return_value=False)
config = _get_mock_config(client_info={'source': client_source}
) if client_source else _get_config()
client_info = mount_efs.get_client_info(config)
pk_path = _get_mock_private_key_path(mocker, tmpdir)
tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig')
mount_efs.create_certificate(config,
MOUNT_NAME,
COMMON_NAME,
REGION,
FS_ID,
CREDENTIALS,
AP_ID,
client_info,
base_path=str(tmpdir))
# Any invalid or not given client source should be marked as unknown
expected_client_info = {
'source': 'unknown',
'efs_utils_version': mount_efs.VERSION
}
with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f:
conf_body = f.read()
assert conf_body == mount_efs.create_ca_conf(
tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path,
FIXED_DT, REGION, FS_ID, CREDENTIALS, AP_ID, expected_client_info)
assert os.path.exists(pk_path)
assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem'))
assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr'))
assert os.path.exists(
os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def test_certificate_without_iam_without_ap_id_with_client_source(
mocker, tmpdir):
config = _get_mock_config()
pk_path = _get_mock_private_key_path(mocker, tmpdir)
tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig')
mount_efs.create_certificate(config,
MOUNT_NAME,
COMMON_NAME,
REGION,
FS_ID,
None,
None,
CLIENT_INFO,
base_path=str(tmpdir))
with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f:
conf_body = f.read()
assert conf_body == mount_efs.create_ca_conf(
tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path,
FIXED_DT, REGION, FS_ID, None, None, CLIENT_INFO)
assert os.path.exists(pk_path)
assert not os.path.exists(
os.path.join(tls_dict['mount_dir'], 'publicKey.pem'))
assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr'))
assert os.path.exists(
os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def _test_recreate_certificate_with_valid_client_source_config(
mocker, tmpdir, client_source):
config = _get_mock_config(client_info={'source': client_source}
) if client_source else _get_config()
client_info = mount_efs.get_client_info(config)
pk_path = _get_mock_private_key_path(mocker, tmpdir)
tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig')
mount_efs.create_certificate(config,
MOUNT_NAME,
COMMON_NAME,
REGION,
FS_ID,
CREDENTIALS,
AP_ID,
client_info,
base_path=str(tmpdir))
expected_client_info = {
'source': client_source,
'efs_utils_version': mount_efs.VERSION
}
with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f:
conf_body = f.read()
assert conf_body == mount_efs.create_ca_conf(
tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path,
FIXED_DT, REGION, FS_ID, CREDENTIALS, AP_ID, expected_client_info)
assert os.path.exists(pk_path)
assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem'))
assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr'))
assert os.path.exists(
os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def test_certificate_with_iam_without_ap_id(mocker, tmpdir):
config = _get_mock_config()
pk_path = _get_mock_private_key_path(mocker, tmpdir)
tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, "tmpConfig")
mount_efs.create_certificate(
config,
MOUNT_NAME,
COMMON_NAME,
REGION,
FS_ID,
CREDENTIALS,
None,
CLIENT_INFO,
base_path=str(tmpdir),
)
with open(os.path.join(tls_dict["mount_dir"], "config.conf")) as f:
conf_body = f.read()
assert conf_body == mount_efs.create_ca_conf(
tmp_config_path,
COMMON_NAME,
tls_dict["mount_dir"],
pk_path,
FIXED_DT,
REGION,
FS_ID,
CREDENTIALS,
None,
CLIENT_INFO,
)
assert os.path.exists(pk_path)
assert os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem"))
assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr"))
assert os.path.exists(
os.path.join(tls_dict["mount_dir"], "certificate.pem"))
def _create_certificate_and_state(tls_dict,
temp_dir,
pk_path,
timestamp,
security_credentials=None,
credentials_source=None,
ap_id=None,
remove_cert=False,
client_info=None):
config = _get_config()
good_ap_id = AP_ID if ap_id else None
mount_efs.create_certificate(config,
MOUNT_NAME,
COMMON_NAME,
REGION,
FS_ID,
security_credentials,
good_ap_id,
client_info,
base_path=str(temp_dir))
assert os.path.exists(pk_path)
assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr'))
assert os.path.exists(
os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
public_key_present = os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem')) if security_credentials \
else not os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem'))
assert public_key_present
state = {
'pid': PID,
'commonName': COMMON_NAME,
'certificate': os.path.join(tls_dict['mount_dir'], 'certificate.pem'),
'certificateCreationTime': timestamp,
'mountStateDir': MOUNT_NAME,
'region': REGION,
'fsId': FS_ID,
'privateKey': pk_path,
}
if credentials_source:
state['awsCredentialsMethod'] = credentials_source
if ap_id:
state['accessPoint'] = ap_id
with open(os.path.join(temp_dir, STATE_FILE), 'w+') as f:
f.write(json.dumps(state))
if remove_cert:
os.remove(os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
assert not os.path.exists(
os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
return state
def _test_recreate_certificate_with_valid_client_source_config(
mocker, tmpdir, client_source):
mocker.patch(
"mount_efs.check_if_platform_is_mac",
return_value=False if client_source != "macos" else True,
)
config = (_get_mock_config(client_info={"source": client_source})
if client_source else _get_config())
client_info = mount_efs.get_client_info(config)
pk_path = _get_mock_private_key_path(mocker, tmpdir)
tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, "tmpConfig")
mount_efs.create_certificate(
config,
MOUNT_NAME,
COMMON_NAME,
REGION,
FS_ID,
CREDENTIALS,
AP_ID,
client_info,
base_path=str(tmpdir),
)
expected_client_info = {
"source": client_source,
"efs_utils_version": mount_efs.VERSION,
}
with open(os.path.join(tls_dict["mount_dir"], "config.conf")) as f:
conf_body = f.read()
assert conf_body == mount_efs.create_ca_conf(
tmp_config_path,
COMMON_NAME,
tls_dict["mount_dir"],
pk_path,
FIXED_DT,
REGION,
FS_ID,
CREDENTIALS,
AP_ID,
expected_client_info,
)
assert os.path.exists(pk_path)
assert os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem"))
assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr"))
assert os.path.exists(
os.path.join(tls_dict["mount_dir"], "certificate.pem"))
def _create_certificate_and_state(
tls_dict,
temp_dir,
pk_path,
timestamp,
security_credentials=None,
credentials_source=None,
ap_id=None,
remove_cert=False,
client_info=None,
):
config = _get_config()
good_ap_id = AP_ID if ap_id else None
mount_efs.create_certificate(
config,
MOUNT_NAME,
COMMON_NAME,
REGION,
FS_ID,
security_credentials,
good_ap_id,
client_info,
base_path=str(temp_dir),
)
assert os.path.exists(pk_path)
assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr"))
assert os.path.exists(
os.path.join(tls_dict["mount_dir"], "certificate.pem"))
public_key_present = (
os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem"))
if security_credentials else not os.path.exists(
os.path.join(tls_dict["mount_dir"], "publicKey.pem")))
assert public_key_present
state = {
"pid": PID,
"commonName": COMMON_NAME,
"certificate": os.path.join(tls_dict["mount_dir"], "certificate.pem"),
"certificateCreationTime": timestamp,
"mountStateDir": MOUNT_NAME,
"region": REGION,
"fsId": FS_ID,
"privateKey": pk_path,
}
if credentials_source:
state["awsCredentialsMethod"] = credentials_source
if ap_id:
state["accessPoint"] = ap_id
with open(os.path.join(temp_dir, STATE_FILE), "w+") as f:
f.write(json.dumps(state))
if remove_cert:
os.remove(os.path.join(tls_dict["mount_dir"], "certificate.pem"))
assert not os.path.exists(
os.path.join(tls_dict["mount_dir"], "certificate.pem"))
return state
