def test_get_proxy_config(self): """ Test reading proxy config from the --proxy and --proxy-config-file command line options. """ # No proxy. values = DummyValues() self.assertIsNone(brkt_cli.get_proxy_config(values)) # --proxy specified. values.proxies = ['proxy.example.com:8000'] proxy_yaml = brkt_cli.get_proxy_config(values) d = yaml.load(proxy_yaml) self.assertEquals('proxy.example.com', d['proxies'][0]['host']) # --proxy-config-file references a file that doesn't exist. values.proxy = None values.proxy_config_file = 'bogus.yaml' with self.assertRaises(ValidationError): brkt_cli.get_proxy_config(values) # --proxy-config-file references a valid file. with tempfile.NamedTemporaryFile() as f: f.write(proxy_yaml) f.flush() values.proxy_config_file = f.name proxy_yaml = brkt_cli.get_proxy_config(values) d = yaml.load(proxy_yaml) self.assertEquals('proxy.example.com', d['proxies'][0]['host'])
def make_instance_config(values=None, brkt_env=None, mode=INSTANCE_CREATOR_MODE): log.debug('Creating instance config with %s', brkt_env) brkt_config = {} if not values: return InstanceConfig(brkt_config, mode) if brkt_env: add_brkt_env_to_brkt_config(brkt_env, brkt_config) if values.token: brkt_config['identity_token'] = values.token if values.ntp_servers: brkt_config['ntp_servers'] = values.ntp_servers if mode in (INSTANCE_CREATOR_MODE, INSTANCE_UPDATER_MODE): brkt_config['status_port'] = (values.status_port or encryptor_service.ENCRYPTOR_STATUS_PORT) ic = InstanceConfig(brkt_config, mode) # Now handle the args that cause files to be added to brkt-files proxy_config = get_proxy_config(values) if proxy_config: ic.add_brkt_file('proxy.yaml', proxy_config) if 'ca_cert' in values and values.ca_cert: if mode != INSTANCE_CREATOR_MODE: raise ValidationError( 'Can only specify ca-cert for instance in Creator mode' ) if not values.brkt_env: raise ValidationError( 'Must specify brkt-env when specifying ca-cert.' ) try: with open(values.ca_cert, 'r') as f: ca_cert_data = f.read() except IOError as e: raise ValidationError(e) try: x509.load_pem_x509_certificate(ca_cert_data, default_backend()) except Exception as e: raise ValidationError('Error validating CA cert: %s' % e) domain = get_domain_from_brkt_env(brkt_env) ca_cert_filename = 'ca_cert.pem.' + domain ic.add_brkt_file(ca_cert_filename, ca_cert_data) return ic
def make_instance_config(values=None, brkt_env=None, mode=INSTANCE_CREATOR_MODE): log.debug('Creating instance config with %s', brkt_env) brkt_config = {} if not values: return InstanceConfig(brkt_config, mode) if brkt_env: add_brkt_env_to_brkt_config(brkt_env, brkt_config) if values.token: brkt_config['identity_token'] = values.token if values.ntp_servers: brkt_config['ntp_servers'] = values.ntp_servers if mode in (INSTANCE_CREATOR_MODE, INSTANCE_UPDATER_MODE): brkt_config['status_port'] = (values.status_port or encryptor_service.ENCRYPTOR_STATUS_PORT) ic = InstanceConfig(brkt_config, mode) # Now handle the args that cause files to be added to brkt-files proxy_config = get_proxy_config(values) if proxy_config: ic.add_brkt_file('proxy.yaml', proxy_config) if 'ca_cert' in values and values.ca_cert: if mode != INSTANCE_CREATOR_MODE: raise ValidationError( 'Can only specify ca-cert for instance in Creator mode') if not values.brkt_env: raise ValidationError( 'Must specify brkt-env when specifying ca-cert.') try: with open(values.ca_cert, 'r') as f: ca_cert_data = f.read() except IOError as e: raise ValidationError(e) try: x509.load_pem_x509_certificate(ca_cert_data, default_backend()) except Exception as e: raise ValidationError('Error validating CA cert: %s' % e) domain = get_domain_from_brkt_env(brkt_env) ca_cert_filename = 'ca_cert.pem.' + domain ic.add_brkt_file(ca_cert_filename, ca_cert_data) return ic
def instance_config_from_values(values=None, mode=INSTANCE_CREATOR_MODE, cli_config=None): """ Return an InstanceConfig object, based on options specified on the command line and Metavisor mode. :param values an argparse.Namespace object :param mode the mode in which Metavisor is running :param cli_config an brkt_cli.config.CLIConfig instance """ brkt_config = {} if not values: return InstanceConfig(brkt_config, mode) # Handle BracketEnvironment, depending on the mode. brkt_env = None if mode in (INSTANCE_CREATOR_MODE, INSTANCE_UPDATER_MODE): # Yeti environment should only be set in CREATOR or UPDATER mode. # When launching, we want to preserve the original environment that # was specified during encryption. # # If the Yeti environment was not specified, use the production # environment. brkt_env = brkt_cli.brkt_env_from_values(values) if cli_config is not None and brkt_env is None: name, brkt_env = cli_config.get_current_env() log.info('Using %s environment', name) log.debug(brkt_env) config_brkt_env = brkt_env or brkt_cli.get_prod_brkt_env() add_brkt_env_to_brkt_config(config_brkt_env, brkt_config) # We only monitor status when encrypting or updating. brkt_config['status_port'] = ( values.status_port or encryptor_service.ENCRYPTOR_STATUS_PORT ) if values.token: brkt_config['identity_token'] = values.token if values.ntp_servers: brkt_config['ntp_servers'] = values.ntp_servers log.debug('Parsed brkt_config %s', brkt_config) ic = InstanceConfig(brkt_config, mode) # Now handle the args that cause files to be added to brkt-files proxy_config = get_proxy_config(values) if proxy_config: ic.add_brkt_file('proxy.yaml', proxy_config) if 'ca_cert' in values and values.ca_cert: if not brkt_env: raise ValidationError( 'Must specify --service-domain or --brkt-env when specifying ' '--ca-cert.' ) try: with open(values.ca_cert, 'r') as f: ca_cert_data = f.read() except IOError as e: raise ValidationError(e) try: x509.load_pem_x509_certificate(ca_cert_data, default_backend()) except Exception as e: raise ValidationError('Error validating CA cert: %s' % e) domain = get_domain_from_brkt_env(brkt_env) ca_cert_filename = 'ca_cert.pem.' + domain ic.add_brkt_file(ca_cert_filename, ca_cert_data) if 'guest_fqdn' in values and values.guest_fqdn: ic.add_brkt_file('vpn.yaml', 'fqdn: ' + values.guest_fqdn) return ic