def _validate(aws_svc, values, encryptor_ami_id): """ Validate command-line options :param aws_svc: the BaseAWSService implementation :param values: object that was generated by argparse """ if values.encrypted_ami_name: aws_service.validate_image_name(values.encrypted_ami_name) try: if values.key_name: aws_svc.get_key_pair(values.key_name) _validate_subnet_and_security_groups( aws_svc, values.subnet_id, values.security_group_ids) _validate_encryptor_ami(aws_svc, encryptor_ami_id) if values.encrypted_ami_name: filters = {'name': values.encrypted_ami_name} if aws_svc.get_images(filters=filters, owners=['self']): raise ValidationError( 'You already own an image named %s' % values.encrypted_ami_name ) except EC2ResponseError as e: raise ValidationError(e.message)
def test_name_validation(self): name = 'Test123 ()[]./-\'@_' self.assertEquals(name, aws_service.validate_image_name(name)) with self.assertRaises(ValidationError): aws_service.validate_image_name(None) with self.assertRaises(ValidationError): aws_service.validate_image_name('ab') with self.assertRaises(ValidationError): aws_service.validate_image_name('a' * 129) for c in '?!#$%^&*~`{}\|"<>': with self.assertRaises(ValidationError): aws_service.validate_image_name('test' + c)
def _validate(aws_svc, values, encryptor_ami_id): """ Validate command-line options :param aws_svc: the BaseAWSService implementation :param values: object that was generated by argparse """ if values.encrypted_ami_name: aws_service.validate_image_name(values.encrypted_ami_name) try: if values.key_name: aws_svc.get_key_pair(values.key_name) _validate_subnet_and_security_groups(aws_svc, values.subnet_id, values.security_group_ids) _validate_encryptor_ami(aws_svc, encryptor_ami_id) if values.encrypted_ami_name: filters = {'name': values.encrypted_ami_name} if aws_svc.get_images(filters=filters, owners=['self']): raise ValidationError('You already own an image named %s' % values.encrypted_ami_name) except EC2ResponseError as e: raise ValidationError(e.message)
def command_update_encrypted_ami(values): nonce = util.make_nonce() aws_svc = aws_service.AWSService( nonce, retry_timeout=values.retry_timeout, retry_initial_sleep_seconds=values.retry_initial_sleep_seconds) log.debug('Retry timeout=%.02f, initial sleep seconds=%.02f', aws_svc.retry_timeout, aws_svc.retry_initial_sleep_seconds) brkt_env = (brkt_cli.brkt_env_from_values(values) or brkt_cli.get_prod_brkt_env()) if values.validate: # Validate the region before connecting. _validate_region(aws_svc, values.region) if values.token: brkt_cli.check_jwt_auth(brkt_env, values.token) aws_svc.connect(values.region, key_name=values.key_name) encrypted_image = _validate_ami(aws_svc, values.ami) pv = _use_pv_metavisor(values, encrypted_image) encryptor_ami = (values.encryptor_ami or _get_encryptor_ami(values.region, pv=pv)) default_tags = encrypt_ami.get_default_tags(nonce, encryptor_ami) default_tags.update(brkt_cli.parse_tags(values.tags)) aws_svc.default_tags = default_tags if values.validate: _validate_guest_encrypted_ami(aws_svc, encrypted_image.id, encryptor_ami) brkt_cli.validate_ntp_servers(values.ntp_servers) _validate(aws_svc, values, encryptor_ami) _validate_guest_encrypted_ami(aws_svc, encrypted_image.id, encryptor_ami) else: log.info('Skipping AMI validation.') mv_image = aws_svc.get_image(encryptor_ami) if (encrypted_image.virtualization_type != mv_image.virtualization_type): log.error( 'Virtualization type mismatch. %s is %s, but encryptor %s is ' '%s.', encrypted_image.id, encrypted_image.virtualization_type, mv_image.id, mv_image.virtualization_type) return 1 encrypted_ami_name = values.encrypted_ami_name if encrypted_ami_name: # Check for name collision. filters = {'name': encrypted_ami_name} if aws_svc.get_images(filters=filters, owners=['self']): raise ValidationError('You already own image named %s' % encrypted_ami_name) else: encrypted_ami_name = _get_updated_image_name(encrypted_image.name, nonce) log.debug('Image name: %s', encrypted_ami_name) aws_service.validate_image_name(encrypted_ami_name) # Initial validation done log.info('Updating %s with new metavisor %s', encrypted_image.id, encryptor_ami) updated_ami_id = update_ami( aws_svc, encrypted_image.id, encryptor_ami, encrypted_ami_name, subnet_id=values.subnet_id, security_group_ids=values.security_group_ids, guest_instance_type=values.guest_instance_type, updater_instance_type=values.updater_instance_type, instance_config=make_instance_config(values, brkt_env), status_port=values.status_port, ) print(updated_ami_id) return 0
def command_update_encrypted_ami(values): nonce = util.make_nonce() aws_svc = aws_service.AWSService( nonce, retry_timeout=values.retry_timeout, retry_initial_sleep_seconds=values.retry_initial_sleep_seconds ) log.debug( 'Retry timeout=%.02f, initial sleep seconds=%.02f', aws_svc.retry_timeout, aws_svc.retry_initial_sleep_seconds) brkt_env = ( brkt_cli.brkt_env_from_values(values) or brkt_cli.get_prod_brkt_env() ) if values.validate: # Validate the region before connecting. _validate_region(aws_svc, values.region) if values.token: brkt_cli.check_jwt_auth(brkt_env, values.token) aws_svc.connect(values.region, key_name=values.key_name) encrypted_image = _validate_ami(aws_svc, values.ami) pv = _use_pv_metavisor(values, encrypted_image) encryptor_ami = ( values.encryptor_ami or _get_encryptor_ami(values.region, pv=pv) ) default_tags = encrypt_ami.get_default_tags(nonce, encryptor_ami) default_tags.update(brkt_cli.parse_tags(values.tags)) aws_svc.default_tags = default_tags if values.validate: _validate_guest_encrypted_ami( aws_svc, encrypted_image.id, encryptor_ami) brkt_cli.validate_ntp_servers(values.ntp_servers) _validate(aws_svc, values, encryptor_ami) _validate_guest_encrypted_ami( aws_svc, encrypted_image.id, encryptor_ami) else: log.info('Skipping AMI validation.') mv_image = aws_svc.get_image(encryptor_ami) if (encrypted_image.virtualization_type != mv_image.virtualization_type): log.error( 'Virtualization type mismatch. %s is %s, but encryptor %s is ' '%s.', encrypted_image.id, encrypted_image.virtualization_type, mv_image.id, mv_image.virtualization_type ) return 1 encrypted_ami_name = values.encrypted_ami_name if encrypted_ami_name: # Check for name collision. filters = {'name': encrypted_ami_name} if aws_svc.get_images(filters=filters, owners=['self']): raise ValidationError( 'You already own image named %s' % encrypted_ami_name) else: encrypted_ami_name = _get_updated_image_name( encrypted_image.name, nonce) log.debug('Image name: %s', encrypted_ami_name) aws_service.validate_image_name(encrypted_ami_name) # Initial validation done log.info( 'Updating %s with new metavisor %s', encrypted_image.id, encryptor_ami ) updated_ami_id = update_ami( aws_svc, encrypted_image.id, encryptor_ami, encrypted_ami_name, subnet_id=values.subnet_id, security_group_ids=values.security_group_ids, guest_instance_type=values.guest_instance_type, updater_instance_type=values.updater_instance_type, instance_config=make_instance_config(values, brkt_env), status_port=values.status_port, ) print(updated_ami_id) return 0
def run_update(values, config, verbose=False): nonce = util.make_nonce() aws_svc = aws_service.AWSService( nonce, retry_timeout=values.retry_timeout, retry_initial_sleep_seconds=values.retry_initial_sleep_seconds ) log.debug( 'Retry timeout=%.02f, initial sleep seconds=%.02f', aws_svc.retry_timeout, aws_svc.retry_initial_sleep_seconds) brkt_env = ( brkt_cli.brkt_env_from_values(values) or brkt_cli.get_prod_brkt_env() ) if values.validate: # Validate the region before connecting. _validate_region(aws_svc, values.region) if values.token: brkt_cli.check_jwt_auth(brkt_env, values.token) aws_svc.connect(values.region, key_name=values.key_name) encrypted_image = _validate_ami(aws_svc, values.ami) encryptor_ami = values.encryptor_ami or _get_encryptor_ami(values.region) default_tags = encrypt_ami.get_default_tags(nonce, encryptor_ami) default_tags.update(brkt_cli.parse_tags(values.tags)) aws_svc.default_tags = default_tags if values.validate: _validate_guest_encrypted_ami( aws_svc, encrypted_image.id, encryptor_ami) brkt_cli.validate_ntp_servers(values.ntp_servers) _validate(aws_svc, values, encryptor_ami) _validate_guest_encrypted_ami( aws_svc, encrypted_image.id, encryptor_ami) else: log.info('Skipping AMI validation.') mv_image = aws_svc.get_image(encryptor_ami) if (encrypted_image.virtualization_type != mv_image.virtualization_type): log.error( 'Virtualization type mismatch. %s is %s, but encryptor %s is ' '%s.', encrypted_image.id, encrypted_image.virtualization_type, mv_image.id, mv_image.virtualization_type ) return 1 encrypted_ami_name = values.encrypted_ami_name if encrypted_ami_name: # Check for name collision. filters = {'name': encrypted_ami_name} if aws_svc.get_images(filters=filters, owners=['self']): raise ValidationError( 'You already own image named %s' % encrypted_ami_name) else: encrypted_ami_name = _get_updated_image_name( encrypted_image.name, nonce) log.debug('Image name: %s', encrypted_ami_name) aws_service.validate_image_name(encrypted_ami_name) # Initial validation done log.info( 'Updating %s with new metavisor %s', encrypted_image.id, encryptor_ami ) instance_config = instance_config_from_values( values, mode=INSTANCE_UPDATER_MODE, cli_config=config) if verbose: with tempfile.NamedTemporaryFile( prefix='user-data-', delete=False ) as f: log.debug('Writing instance user data to %s', f.name) f.write(instance_config.make_userdata()) updated_ami_id = update_ami( aws_svc, encrypted_image.id, encryptor_ami, encrypted_ami_name, subnet_id=values.subnet_id, security_group_ids=values.security_group_ids, guest_instance_type=values.guest_instance_type, updater_instance_type=values.updater_instance_type, instance_config=instance_config, status_port=values.status_port, ) print(updated_ami_id) return 0