def run(self, values): gce_svc = gce_service.GCEService(values.project, None, log) instance_config = instance_config_from_values( values, mode=INSTANCE_METAVISOR_MODE, cli_config=self.config) if values.startup_script: extra_items = [{ 'key': 'startup-script', 'value': values.startup_script }] else: extra_items = None brkt_userdata = instance_config.make_userdata() metadata = gce_service.gce_metadata_from_userdata( brkt_userdata, extra_items=extra_items) if not values.verbose: logging.getLogger('googleapiclient').setLevel(logging.ERROR) if values.instance_name: gce_service.validate_image_name(values.instance_name) encrypted_instance_id = launch_gce_image.launch(log, gce_svc, values.image, values.instance_name, values.zone, values.delete_boot, values.instance_type, values.network, values.subnetwork, metadata) print(encrypted_instance_id) return 0
def command_encrypt_gce_image(values, log): session_id = util.make_nonce() gce_svc = gce_service.GCEService(values.project, session_id, log) check_args(values, gce_svc) encrypted_image_name = gce_service.get_image_name(values.encrypted_image_name, values.image) gce_service.validate_image_name(encrypted_image_name) gce_service.validate_images(gce_svc, encrypted_image_name, values.encryptor_image, values.image, values.image_project) if not values.verbose: logging.getLogger('googleapiclient').setLevel(logging.ERROR) log.info('Starting encryptor session %s', gce_svc.get_session_id()) brkt_env = ( brkt_cli.brkt_env_from_values(values) or brkt_cli.get_prod_brkt_env() ) encrypted_image_id = encrypt_gce_image.encrypt( gce_svc=gce_svc, enc_svc_cls=encryptor_service.EncryptorService, image_id=values.image, encryptor_image=values.encryptor_image, encrypted_image_name=encrypted_image_name, zone=values.zone, instance_config=make_instance_config( values, brkt_env,mode=INSTANCE_CREATOR_MODE), image_project=values.image_project, keep_encryptor=values.keep_encryptor, image_file=values.image_file, image_bucket=values.bucket, network=values.network, status_port=values.status_port ) # Print the image name to stdout, in case the caller wants to process # the output. Log messages go to stderr. print(encrypted_image_id) return 0
def command_update_encrypted_gce_image(values, log): session_id = util.make_nonce() gce_svc = gce_service.GCEService(values.project, session_id, log) check_args(values, gce_svc) encrypted_image_name = gce_service.get_image_name(values.encrypted_image_name, values.image) gce_service.validate_image_name(encrypted_image_name) gce_service.validate_images(gce_svc, encrypted_image_name, values.encryptor_image, values.image, values.image_project) if not values.verbose: logging.getLogger('googleapiclient').setLevel(logging.ERROR) log.info('Starting updater session %s', gce_svc.get_session_id()) brkt_env = ( brkt_cli.brkt_env_from_values(values) or brkt_cli.get_prod_brkt_env() ) updated_image_id = update_gce_image.update_gce_image( gce_svc=gce_svc, enc_svc_cls=encryptor_service.EncryptorService, image_id=values.image, encryptor_image=values.encryptor_image, encrypted_image_name=encrypted_image_name, zone=values.zone, instance_config=make_instance_config( values, brkt_env,mode=INSTANCE_UPDATER_MODE), keep_encryptor=values.keep_encryptor, image_file=values.image_file, image_bucket=values.bucket, network=values.network, status_port=values.status_port ) print(updated_image_id) return 0
def run_update(values, config): session_id = util.make_nonce() gce_svc = gce_service.GCEService(values.project, session_id, log) check_args(values, gce_svc, config) encrypted_image_name = gce_service.get_image_name( values.encrypted_image_name, values.image) gce_service.validate_image_name(encrypted_image_name) if values.validate: gce_service.validate_images(gce_svc, encrypted_image_name, values.encryptor_image, values.image) if not values.verbose: logging.getLogger('googleapiclient').setLevel(logging.ERROR) log.info('Starting updater session %s', gce_svc.get_session_id()) updated_image_id = update_gce_image.update_gce_image( gce_svc=gce_svc, enc_svc_cls=encryptor_service.EncryptorService, image_id=values.image, encryptor_image=values.encryptor_image, encrypted_image_name=encrypted_image_name, zone=values.zone, instance_config=instance_config_from_values( values, mode=INSTANCE_UPDATER_MODE, cli_config=config), keep_encryptor=values.keep_encryptor, image_file=values.image_file, image_bucket=values.bucket, network=values.network, subnetwork=values.subnetwork, status_port=values.status_port, cleanup=values.cleanup ) print(updated_image_id) return 0
def command_encrypt_gce_image(values, log): session_id = util.make_nonce() gce_svc = gce_service.GCEService(values.project, session_id, log) check_args(values, gce_svc) encrypted_image_name = gce_service.get_image_name( values.encrypted_image_name, values.image) gce_service.validate_image_name(encrypted_image_name) gce_service.validate_images(gce_svc, encrypted_image_name, values.encryptor_image, values.image, values.image_project) if not values.verbose: logging.getLogger('googleapiclient').setLevel(logging.ERROR) log.info('Starting encryptor session %s', gce_svc.get_session_id()) brkt_env = (brkt_cli.brkt_env_from_values(values) or brkt_cli.get_prod_brkt_env()) encrypted_image_id = encrypt_gce_image.encrypt( gce_svc=gce_svc, enc_svc_cls=encryptor_service.EncryptorService, image_id=values.image, encryptor_image=values.encryptor_image, encrypted_image_name=encrypted_image_name, zone=values.zone, instance_config=make_instance_config(values, brkt_env, mode=INSTANCE_CREATOR_MODE), image_project=values.image_project, keep_encryptor=values.keep_encryptor, image_file=values.image_file, image_bucket=values.bucket, network=values.network, status_port=values.status_port) # Print the image name to stdout, in case the caller wants to process # the output. Log messages go to stderr. print(encrypted_image_id) return 0
def command_update_encrypted_gce_image(values, log): session_id = util.make_nonce() gce_svc = gce_service.GCEService(values.project, session_id, log) check_args(values, gce_svc) encrypted_image_name = gce_service.get_image_name( values.encrypted_image_name, values.image) gce_service.validate_image_name(encrypted_image_name) gce_service.validate_images(gce_svc, encrypted_image_name, values.encryptor_image, values.image, values.image_project) if not values.verbose: logging.getLogger('googleapiclient').setLevel(logging.ERROR) log.info('Starting updater session %s', gce_svc.get_session_id()) brkt_env = (brkt_cli.brkt_env_from_values(values) or brkt_cli.get_prod_brkt_env()) updated_image_id = update_gce_image.update_gce_image( gce_svc=gce_svc, enc_svc_cls=encryptor_service.EncryptorService, image_id=values.image, encryptor_image=values.encryptor_image, encrypted_image_name=encrypted_image_name, zone=values.zone, instance_config=make_instance_config(values, brkt_env, mode=INSTANCE_UPDATER_MODE), keep_encryptor=values.keep_encryptor, image_file=values.image_file, image_bucket=values.bucket, network=values.network, status_port=values.status_port) print(updated_image_id) return 0
def test_image_name(self): encrypted_image_name = 'valid-name' self.assertEquals(encrypted_image_name, gce_service.validate_image_name(encrypted_image_name)) with self.assertRaises(ValidationError): gce_service.validate_image_name(None) with self.assertRaises(ValidationError): gce_service.validate_image_name('Valid-Name') with self.assertRaises(ValidationError): gce_service.validate_image_name('validname-') with self.assertRaises(ValidationError): gce_service.validate_image_name('a' * 64) for c in '?!#$%^&*~`{}\|"<>()[]./\'@_': with self.assertRaises(ValidationError): gce_service.validate_image_name('valid' + c)
def test_image_name(self): encrypted_image_name = 'valid-name' self.assertEquals( encrypted_image_name, gce_service.validate_image_name(encrypted_image_name)) with self.assertRaises(ValidationError): gce_service.validate_image_name(None) with self.assertRaises(ValidationError): gce_service.validate_image_name('Valid-Name') with self.assertRaises(ValidationError): gce_service.validate_image_name('validname-') with self.assertRaises(ValidationError): gce_service.validate_image_name('a' * 64) for c in '?!#$%^&*~`{}\|"<>()[]./\'@_': with self.assertRaises(ValidationError): gce_service.validate_image_name('valid' + c)