def test_user_supplied_name(self):
encrypted_image_name = 'something'
image_name = 'something_else'
n1 = gce_service.get_image_name(encrypted_image_name, image_name)
n2 = gce_service.get_image_name(encrypted_image_name, None)
self.assertEqual(n1, n2)
self.assertEqual(n1, encrypted_image_name)
def test_user_supplied_name(self):
encrypted_image_name = 'something'
image_name = 'something_else'
n1 = gce_service.get_image_name(encrypted_image_name, image_name)
n2 = gce_service.get_image_name(encrypted_image_name, None)
self.assertEqual(n1, n2)
self.assertEqual(n1, encrypted_image_name)
def test_long_image_name(self):
image_name = 'test-image-with-long-name-encrypted-so-we-hit-63-char-limit'
n1 = gce_service.get_image_name(None, image_name)
n2 = gce_service.get_image_name(None, image_name)
self.assertNotEqual(n1, n2)
self.assertTrue('63-char-limit' not in n1
and '63-char-limit' not in n2)
def command_encrypt_gce_image(values, log):
session_id = util.make_nonce()
gce_svc = gce_service.GCEService(values.project, session_id, log)
check_args(values, gce_svc)
encrypted_image_name = gce_service.get_image_name(values.encrypted_image_name, values.image)
gce_service.validate_image_name(encrypted_image_name)
gce_service.validate_images(gce_svc,
encrypted_image_name,
values.encryptor_image,
values.image,
values.image_project)
if not values.verbose:
logging.getLogger('googleapiclient').setLevel(logging.ERROR)
log.info('Starting encryptor session %s', gce_svc.get_session_id())
brkt_env = (
brkt_cli.brkt_env_from_values(values) or
brkt_cli.get_prod_brkt_env()
)
encrypted_image_id = encrypt_gce_image.encrypt(
gce_svc=gce_svc,
enc_svc_cls=encryptor_service.EncryptorService,
image_id=values.image,
encryptor_image=values.encryptor_image,
encrypted_image_name=encrypted_image_name,
zone=values.zone,
instance_config=make_instance_config(
values, brkt_env,mode=INSTANCE_CREATOR_MODE),
image_project=values.image_project,
keep_encryptor=values.keep_encryptor,
image_file=values.image_file,
image_bucket=values.bucket,
network=values.network,
status_port=values.status_port
)
# Print the image name to stdout, in case the caller wants to process
# the output. Log messages go to stderr.
print(encrypted_image_id)
return 0
def command_update_encrypted_gce_image(values, log):
session_id = util.make_nonce()
gce_svc = gce_service.GCEService(values.project, session_id, log)
check_args(values, gce_svc)
encrypted_image_name = gce_service.get_image_name(values.encrypted_image_name, values.image)
gce_service.validate_image_name(encrypted_image_name)
gce_service.validate_images(gce_svc,
encrypted_image_name,
values.encryptor_image,
values.image,
values.image_project)
if not values.verbose:
logging.getLogger('googleapiclient').setLevel(logging.ERROR)
log.info('Starting updater session %s', gce_svc.get_session_id())
brkt_env = (
brkt_cli.brkt_env_from_values(values) or
brkt_cli.get_prod_brkt_env()
)
updated_image_id = update_gce_image.update_gce_image(
gce_svc=gce_svc,
enc_svc_cls=encryptor_service.EncryptorService,
image_id=values.image,
encryptor_image=values.encryptor_image,
encrypted_image_name=encrypted_image_name,
zone=values.zone,
instance_config=make_instance_config(
values, brkt_env,mode=INSTANCE_UPDATER_MODE),
keep_encryptor=values.keep_encryptor,
image_file=values.image_file,
image_bucket=values.bucket,
network=values.network,
status_port=values.status_port
)
print(updated_image_id)
return 0
def run_update(values, config):
session_id = util.make_nonce()
gce_svc = gce_service.GCEService(values.project, session_id, log)
check_args(values, gce_svc, config)
encrypted_image_name = gce_service.get_image_name(
values.encrypted_image_name, values.image)
gce_service.validate_image_name(encrypted_image_name)
if values.validate:
gce_service.validate_images(gce_svc,
encrypted_image_name,
values.encryptor_image,
values.image)
if not values.verbose:
logging.getLogger('googleapiclient').setLevel(logging.ERROR)
log.info('Starting updater session %s', gce_svc.get_session_id())
updated_image_id = update_gce_image.update_gce_image(
gce_svc=gce_svc,
enc_svc_cls=encryptor_service.EncryptorService,
image_id=values.image,
encryptor_image=values.encryptor_image,
encrypted_image_name=encrypted_image_name,
zone=values.zone,
instance_config=instance_config_from_values(
values, mode=INSTANCE_UPDATER_MODE,
cli_config=config),
keep_encryptor=values.keep_encryptor,
image_file=values.image_file,
image_bucket=values.bucket,
network=values.network,
subnetwork=values.subnetwork,
status_port=values.status_port,
cleanup=values.cleanup
)
print(updated_image_id)
return 0
def command_encrypt_gce_image(values, log):
session_id = util.make_nonce()
gce_svc = gce_service.GCEService(values.project, session_id, log)
check_args(values, gce_svc)
encrypted_image_name = gce_service.get_image_name(
values.encrypted_image_name, values.image)
gce_service.validate_image_name(encrypted_image_name)
gce_service.validate_images(gce_svc, encrypted_image_name,
values.encryptor_image, values.image,
values.image_project)
if not values.verbose:
logging.getLogger('googleapiclient').setLevel(logging.ERROR)
log.info('Starting encryptor session %s', gce_svc.get_session_id())
brkt_env = (brkt_cli.brkt_env_from_values(values)
or brkt_cli.get_prod_brkt_env())
encrypted_image_id = encrypt_gce_image.encrypt(
gce_svc=gce_svc,
enc_svc_cls=encryptor_service.EncryptorService,
image_id=values.image,
encryptor_image=values.encryptor_image,
encrypted_image_name=encrypted_image_name,
zone=values.zone,
instance_config=make_instance_config(values,
brkt_env,
mode=INSTANCE_CREATOR_MODE),
image_project=values.image_project,
keep_encryptor=values.keep_encryptor,
image_file=values.image_file,
image_bucket=values.bucket,
network=values.network,
status_port=values.status_port)
# Print the image name to stdout, in case the caller wants to process
# the output. Log messages go to stderr.
print(encrypted_image_id)
return 0
def command_update_encrypted_gce_image(values, log):
session_id = util.make_nonce()
gce_svc = gce_service.GCEService(values.project, session_id, log)
check_args(values, gce_svc)
encrypted_image_name = gce_service.get_image_name(
values.encrypted_image_name, values.image)
gce_service.validate_image_name(encrypted_image_name)
gce_service.validate_images(gce_svc, encrypted_image_name,
values.encryptor_image, values.image,
values.image_project)
if not values.verbose:
logging.getLogger('googleapiclient').setLevel(logging.ERROR)
log.info('Starting updater session %s', gce_svc.get_session_id())
brkt_env = (brkt_cli.brkt_env_from_values(values)
or brkt_cli.get_prod_brkt_env())
updated_image_id = update_gce_image.update_gce_image(
gce_svc=gce_svc,
enc_svc_cls=encryptor_service.EncryptorService,
image_id=values.image,
encryptor_image=values.encryptor_image,
encrypted_image_name=encrypted_image_name,
zone=values.zone,
instance_config=make_instance_config(values,
brkt_env,
mode=INSTANCE_UPDATER_MODE),
keep_encryptor=values.keep_encryptor,
image_file=values.image_file,
image_bucket=values.bucket,
network=values.network,
status_port=values.status_port)
print(updated_image_id)
return 0
def test_long_image_name(self):
image_name = 'test-image-with-long-name-encrypted-so-we-hit-63-char-limit'
n1 = gce_service.get_image_name(None, image_name)
n2 = gce_service.get_image_name(None, image_name)
self.assertNotEqual(n1, n2)
self.assertTrue('63-char-limit' not in n1 and '63-char-limit' not in n2)
def test_get_image_name(self):
image_name = 'test'
n1 = gce_service.get_image_name(None, image_name)
n2 = gce_service.get_image_name(None, image_name)
self.assertNotEqual(n1, n2)
def test_get_image_name(self):
image_name = 'test'
n1 = gce_service.get_image_name(None, image_name)
n2 = gce_service.get_image_name(None, image_name)
self.assertNotEqual(n1, n2)