def test_brkt_env_encrypt(self):
""" Test that we parse the brkt_env value and pass the correct
values to user_data when launching the encryptor instance.
"""
api_host_port = 'api.example.com:777'
hsmproxy_host_port = 'hsmproxy.example.com:888'
aws_svc, encryptor_image, guest_image = build_aws_service()
def run_instance_callback(args):
if args.image_id == encryptor_image.id:
brkt_config = self._get_brkt_config_from_mime(args.user_data)
d = json.loads(brkt_config)
self.assertEquals(api_host_port, d['brkt']['api_host'])
self.assertEquals(hsmproxy_host_port,
d['brkt']['hsmproxy_host'])
cli_args = '--brkt-env %s,%s' % (api_host_port, hsmproxy_host_port)
values = instance_config_args_to_values(cli_args)
brkt_env = brkt_cli.brkt_env_from_values(values)
ic = make_instance_config(values, brkt_env)
aws_svc.run_instance_callback = run_instance_callback
encrypt_ami.encrypt(aws_svc=aws_svc,
enc_svc_cls=DummyEncryptorService,
image_id=guest_image.id,
encryptor_ami=encryptor_image.id,
instance_config=ic)
def test_brkt_env_update(self):
""" Test that the Bracket environment is passed through to metavisor
user data.
"""
aws_svc, encryptor_image, guest_image = build_aws_service()
encrypted_ami_id = encrypt_ami.encrypt(
aws_svc=aws_svc,
enc_svc_cls=DummyEncryptorService,
image_id=guest_image.id,
encryptor_ami=encryptor_image.id)
api_host_port = 'api.example.com:777'
hsmproxy_host_port = 'hsmproxy.example.com:888'
cli_args = '--brkt-env %s,%s' % (api_host_port, hsmproxy_host_port)
values = instance_config_args_to_values(cli_args)
brkt_env = brkt_cli.brkt_env_from_values(values)
ic = make_instance_config(values, brkt_env)
def run_instance_callback(args):
if args.image_id == encryptor_image.id:
brkt_config = self._get_brkt_config_from_mime(args.user_data)
d = json.loads(brkt_config)
self.assertEquals(api_host_port, d['brkt']['api_host'])
self.assertEquals(hsmproxy_host_port,
d['brkt']['hsmproxy_host'])
self.assertEquals('updater', d['brkt']['solo_mode'])
aws_svc.run_instance_callback = run_instance_callback
update_ami(aws_svc,
encrypted_ami_id,
encryptor_image.id,
'Test updated AMI',
enc_svc_class=DummyEncryptorService,
instance_config=ic)
def test_brkt_env_encrypt(self):
""" Test that we parse the brkt_env value and pass the correct
values to user_data when launching the encryptor instance.
"""
api_host_port = 'api.example.com:777'
hsmproxy_host_port = 'hsmproxy.example.com:888'
aws_svc, encryptor_image, guest_image = build_aws_service()
def run_instance_callback(args):
if args.image_id == encryptor_image.id:
brkt_config = self._get_brkt_config_from_mime(args.user_data)
d = json.loads(brkt_config)
self.assertEquals(
api_host_port,
d['brkt']['api_host']
)
self.assertEquals(
hsmproxy_host_port,
d['brkt']['hsmproxy_host']
)
cli_args = '--brkt-env %s,%s' % (api_host_port, hsmproxy_host_port)
values = instance_config_args_to_values(cli_args)
brkt_env = brkt_cli.brkt_env_from_values(values)
ic = make_instance_config(values, brkt_env)
aws_svc.run_instance_callback = run_instance_callback
encrypt_ami.encrypt(
aws_svc=aws_svc,
enc_svc_cls=DummyEncryptorService,
image_id=guest_image.id,
encryptor_ami=encryptor_image.id,
instance_config=ic
)
def _get_brkt_config_for_cli_args(cli_args='', mode=INSTANCE_CREATOR_MODE):
values = instance_config_args_to_values(cli_args)
brkt_env = brkt_cli.brkt_env_from_values(values)
ic = make_instance_config(values, brkt_env, mode=mode)
ud = ic.make_userdata()
brkt_config_json = get_mime_part_payload(ud, BRKT_CONFIG_CONTENT_TYPE)
brkt_config = json.loads(brkt_config_json)['brkt']
return brkt_config
def _get_brkt_config_for_cli_args(cli_args='', mode=INSTANCE_CREATOR_MODE):
values = instance_config_args_to_values(cli_args)
brkt_env = brkt_cli.brkt_env_from_values(values)
ic = make_instance_config(values, brkt_env, mode=mode)
ud = ic.make_userdata()
brkt_config_json = get_mime_part_payload(ud, BRKT_CONFIG_CONTENT_TYPE)
brkt_config = json.loads(brkt_config_json)['brkt']
return brkt_config
def test_ca_cert(self):
domain = 'dummy.foo.com'
# First make sure that you can't use --ca-cert without specifying endpoints
cli_args = '--ca-cert dummy.crt'
values = instance_config_args_to_values(cli_args)
with self.assertRaises(ValidationError):
ic = make_instance_config(values)
# Now specify endpoint args but use a bogus cert
endpoint_args = '--brkt-env api.%s:7777,hsmproxy.%s:8888' % (domain,
domain)
dummy_ca_cert = 'THIS IS NOT A CERTIFICATE'
with tempfile.NamedTemporaryFile() as f:
f.write(dummy_ca_cert)
f.flush()
cli_args = endpoint_args + ' --ca-cert %s' % f.name
values = instance_config_args_to_values(cli_args)
with self.assertRaises(ValidationError):
ic = make_instance_config(values)
# Now use endpoint args and a valid cert
cli_args = endpoint_args + ' --ca-cert %s' % _get_ca_cert_filename()
values = instance_config_args_to_values(cli_args)
brkt_env = brkt_cli.brkt_env_from_values(values)
ic = make_instance_config(values, brkt_env)
ud = ic.make_userdata()
brkt_files = get_mime_part_payload(ud, BRKT_FILES_CONTENT_TYPE)
self.assertTrue(
brkt_files.startswith(
"/var/brkt/ami_config/ca_cert.pem.dummy.foo.com: " +
"{contents: '-----BEGIN CERTIFICATE-----"))
# Make sure the --ca-cert arg is only recognized in 'creator' mode
# prevent stderr message from parse_args
sys.stderr = open(os.devnull, 'w')
try:
values = instance_config_args_to_values(
cli_args, mode=INSTANCE_METAVISOR_MODE)
except SystemExit:
pass
else:
self.assertTrue(False, 'Did not get expected exception')
sys.stderr.close()
sys.stderr = sys.__stderr__
def test_ca_cert(self):
domain = 'dummy.foo.com'
# First make sure that you can't use --ca-cert without specifying endpoints
cli_args = '--ca-cert dummy.crt'
values = instance_config_args_to_values(cli_args)
with self.assertRaises(ValidationError):
ic = make_instance_config(values)
# Now specify endpoint args but use a bogus cert
endpoint_args = '--brkt-env api.%s:7777,hsmproxy.%s:8888' % (domain, domain)
dummy_ca_cert = 'THIS IS NOT A CERTIFICATE'
with tempfile.NamedTemporaryFile() as f:
f.write(dummy_ca_cert)
f.flush()
cli_args = endpoint_args + ' --ca-cert %s' % f.name
values = instance_config_args_to_values(cli_args)
with self.assertRaises(ValidationError):
ic = make_instance_config(values)
# Now use endpoint args and a valid cert
cli_args = endpoint_args + ' --ca-cert %s' % _get_ca_cert_filename()
values = instance_config_args_to_values(cli_args)
brkt_env = brkt_cli.brkt_env_from_values(values)
ic = make_instance_config(values, brkt_env)
ud = ic.make_userdata()
brkt_files = get_mime_part_payload(ud, BRKT_FILES_CONTENT_TYPE)
self.assertTrue(brkt_files.startswith(
"/var/brkt/ami_config/ca_cert.pem.dummy.foo.com: " +
"{contents: '-----BEGIN CERTIFICATE-----"))
# Make sure the --ca-cert arg is only recognized in 'creator' mode
# prevent stderr message from parse_args
sys.stderr = open(os.devnull, 'w')
try:
values = instance_config_args_to_values(cli_args,
mode=INSTANCE_METAVISOR_MODE)
except SystemExit:
pass
else:
self.assertTrue(False, 'Did not get expected exception')
sys.stderr.close()
sys.stderr = sys.__stderr__
def test_brkt_env_update(self):
""" Test that the Bracket environment is passed through to metavisor
user data.
"""
aws_svc, encryptor_image, guest_image = build_aws_service()
encrypted_ami_id = encrypt_ami.encrypt(
aws_svc=aws_svc,
enc_svc_cls=DummyEncryptorService,
image_id=guest_image.id,
encryptor_ami=encryptor_image.id
)
api_host_port = 'api.example.com:777'
hsmproxy_host_port = 'hsmproxy.example.com:888'
network_host_port = 'network.example.com:999'
cli_args = '--brkt-env %s,%s,%s' % (api_host_port, hsmproxy_host_port,
network_host_port)
values = instance_config_args_to_values(cli_args)
ic = instance_config_from_values(values)
def run_instance_callback(args):
if args.image_id == encryptor_image.id:
brkt_config = self._get_brkt_config_from_mime(args.user_data)
d = json.loads(brkt_config)
self.assertEquals(
api_host_port,
d['brkt']['api_host']
)
self.assertEquals(
hsmproxy_host_port,
d['brkt']['hsmproxy_host']
)
self.assertEquals(
network_host_port,
d['brkt']['network_host']
)
self.assertEquals(
'updater',
d['brkt']['solo_mode']
)
aws_svc.run_instance_callback = run_instance_callback
update_ami(
aws_svc, encrypted_ami_id, encryptor_image.id,
'Test updated AMI',
enc_svc_class=DummyEncryptorService,
instance_config=ic
)
def test_proxy_config(self):
cli_args = '--proxy %s' % (proxy_host_port)
values = instance_config_args_to_values(cli_args)
ic = make_instance_config(values)
_verify_proxy_config_in_userdata(self, ic.make_userdata())
def _init_values(self):
values = instance_config_args_to_values('')
values.make_user_data_brkt_files = None
values.make_user_data_guest_fqdn = None
return values
def test_proxy_config(self):
cli_args = '--proxy %s' % (proxy_host_port)
values = instance_config_args_to_values(cli_args)
ic = make_instance_config(values)
_verify_proxy_config_in_userdata(self, ic.make_userdata())
