def _create_ca_conf_helper(tmpdir, current_time, iam=True, ap=True, client_info=True): tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) mount_efs.create_required_directory({}, tls_dict['mount_dir']) tls_dict['certificate_path'] = os.path.join(tls_dict['mount_dir'], 'config.conf') tls_dict['private_key'] = os.path.join(tls_dict['mount_dir'], 'privateKey.pem') tls_dict['public_key'] = os.path.join(tls_dict['mount_dir'], 'publicKey.pem') if iam: with open(tls_dict['public_key'], 'w') as f: f.write(PUBLIC_KEY_BODY) credentials = CREDENTIALS if iam else None ap_id = AP_ID if ap else None client_info = CLIENT_INFO if client_info else None full_config_body = mount_efs.create_ca_conf( tls_dict['certificate_path'], COMMON_NAME, tls_dict['mount_dir'], tls_dict['private_key'], current_time, REGION, FS_ID, credentials, ap_id, client_info) assert os.path.exists(tls_dict['certificate_path']) return tls_dict, full_config_body
def test_certificate_without_iam_without_ap_id_with_client_source( mocker, tmpdir): config = _get_mock_config() pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig') mount_efs.create_certificate(config, MOUNT_NAME, COMMON_NAME, REGION, FS_ID, None, None, CLIENT_INFO, base_path=str(tmpdir)) with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f: conf_body = f.read() assert conf_body == mount_efs.create_ca_conf( tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path, FIXED_DT, REGION, FS_ID, None, None, CLIENT_INFO) assert os.path.exists(pk_path) assert not os.path.exists( os.path.join(tls_dict['mount_dir'], 'publicKey.pem')) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr')) assert os.path.exists( os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def _test_certificate_with_iam_with_ap_with_invalid_client_source_config( mocker, tmpdir, client_source): mocker.patch('mount_efs.check_if_platform_is_mac', return_value=False) config = _get_mock_config(client_info={'source': client_source} ) if client_source else _get_config() client_info = mount_efs.get_client_info(config) pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig') mount_efs.create_certificate(config, MOUNT_NAME, COMMON_NAME, REGION, FS_ID, CREDENTIALS, AP_ID, client_info, base_path=str(tmpdir)) # Any invalid or not given client source should be marked as unknown expected_client_info = { 'source': 'unknown', 'efs_utils_version': mount_efs.VERSION } with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f: conf_body = f.read() assert conf_body == mount_efs.create_ca_conf( tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path, FIXED_DT, REGION, FS_ID, CREDENTIALS, AP_ID, expected_client_info) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem')) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr')) assert os.path.exists( os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def _test_recreate_certificate_with_valid_client_source_config( mocker, tmpdir, client_source): config = _get_mock_config(client_info={'source': client_source} ) if client_source else _get_config() client_info = mount_efs.get_client_info(config) pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig') mount_efs.create_certificate(config, MOUNT_NAME, COMMON_NAME, REGION, FS_ID, CREDENTIALS, AP_ID, client_info, base_path=str(tmpdir)) expected_client_info = { 'source': client_source, 'efs_utils_version': mount_efs.VERSION } with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f: conf_body = f.read() assert conf_body == mount_efs.create_ca_conf( tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path, FIXED_DT, REGION, FS_ID, CREDENTIALS, AP_ID, expected_client_info) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem')) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr')) assert os.path.exists( os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def test_certificate_with_iam_without_ap_id(mocker, tmpdir): config = _get_mock_config() pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, "tmpConfig") mount_efs.create_certificate( config, MOUNT_NAME, COMMON_NAME, REGION, FS_ID, CREDENTIALS, None, CLIENT_INFO, base_path=str(tmpdir), ) with open(os.path.join(tls_dict["mount_dir"], "config.conf")) as f: conf_body = f.read() assert conf_body == mount_efs.create_ca_conf( tmp_config_path, COMMON_NAME, tls_dict["mount_dir"], pk_path, FIXED_DT, REGION, FS_ID, CREDENTIALS, None, CLIENT_INFO, ) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem")) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr")) assert os.path.exists( os.path.join(tls_dict["mount_dir"], "certificate.pem"))
def _test_recreate_certificate_with_valid_client_source_config( mocker, tmpdir, client_source): mocker.patch( "mount_efs.check_if_platform_is_mac", return_value=False if client_source != "macos" else True, ) config = (_get_mock_config(client_info={"source": client_source}) if client_source else _get_config()) client_info = mount_efs.get_client_info(config) pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, "tmpConfig") mount_efs.create_certificate( config, MOUNT_NAME, COMMON_NAME, REGION, FS_ID, CREDENTIALS, AP_ID, client_info, base_path=str(tmpdir), ) expected_client_info = { "source": client_source, "efs_utils_version": mount_efs.VERSION, } with open(os.path.join(tls_dict["mount_dir"], "config.conf")) as f: conf_body = f.read() assert conf_body == mount_efs.create_ca_conf( tmp_config_path, COMMON_NAME, tls_dict["mount_dir"], pk_path, FIXED_DT, REGION, FS_ID, CREDENTIALS, AP_ID, expected_client_info, ) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem")) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr")) assert os.path.exists( os.path.join(tls_dict["mount_dir"], "certificate.pem"))