def test_create_4096_key():
# create a test parameter
provider = RSAKeyProvider()
name = "/test/parameter-%s" % uuid.uuid4()
request = Request("Create", name)
request["ResourceProperties"]["Description"] = "A large private key"
request["ResourceProperties"]["KeySize"] = "4096"
response = provider.handle(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert provider.is_valid_cfn_response(), response["Reason"]
assert "PhysicalResourceId" in response
physical_resource_id = response["PhysicalResourceId"]
assert "Data" in response
assert "Arn" in response["Data"]
assert "PublicKey" in response["Data"]
assert "PublicKeyPEM" in response["Data"]
assert "Hash" in response["Data"]
assert response["Data"]["Arn"] == physical_resource_id
assert (response["Data"]["Hash"] == hashlib.md5(
response["Data"]["PublicKey"].encode("ascii")).hexdigest())
public_key = load_pem_public_key(
response["Data"]["PublicKeyPEM"].encode("ascii"),
backend=default_backend())
assert public_key.key_size == 4096
# delete the parameter
request = Request("Delete", name, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
def test_create_4096_key():
# create a test parameter
provider = RSAKeyProvider()
name = '/test/parameter-%s' % uuid.uuid4()
request = Request('Create', name)
request['ResourceProperties']['Description'] = 'A large private key'
request['ResourceProperties']['KeySize'] = '4096'
response = provider.handle(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert provider.is_valid_cfn_response(), response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
assert 'Data' in response
assert 'Arn' in response['Data']
assert 'PublicKey' in response['Data']
assert 'PublicKeyPEM' in response['Data']
assert 'Hash' in response['Data']
assert response['Data']['Arn'] == physical_resource_id
assert response['Data']['Hash'] == hashlib.md5(response['Data']['PublicKey']).hexdigest()
public_key = load_pem_public_key(response['Data']['PublicKeyPEM'], backend=default_backend())
assert public_key.key_size == 4096
# delete the parameter
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_type_convert():
request = Request('Create', 'abc')
request['ResourceProperties']['RefreshOnUpdate'] = 'true'
r = RSAKeyProvider()
r.set_request(request, {})
assert r.is_valid_request()
assert isinstance(r.get('RefreshOnUpdate'), bool)
def test_defaults():
request = Request('Create', 'abc')
r = RSAKeyProvider()
r.set_request(request, {})
assert r.is_valid_request()
assert r.get('KeyAlias') == 'alias/aws/ssm'
assert r.get('Description') == ''
assert r.get('KeyFormat') == 'PKCS8'
def test_defaults():
request = Request("Create", "abc")
r = RSAKeyProvider()
r.set_request(request, {})
assert r.is_valid_request()
assert r.get("KeyAlias") == "alias/aws/ssm"
assert r.get("Description") == ""
assert r.get("KeyFormat") == "PKCS8"
def test_create():
# create a test parameter
provider = RSAKeyProvider()
name = '/test/parameter-%s' % uuid.uuid4()
request = Request('Create', name)
request['ResourceProperties']['Description'] = 'A ppretty private key'
response = provider.handle(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert provider.is_valid_cfn_response(), response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
assert 'Data' in response
assert 'Arn' in response['Data']
assert 'PublicKey' in response['Data']
assert response['Data']['Arn'] == physical_resource_id
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_type_convert():
request = Request('Create', 'abc')
request['ResourceProperties']['RefreshOnUpdate'] = 'true'
r = RSAKeyProvider()
r.set_request(request, {})
assert r.is_valid_request()
assert isinstance(r.get('RefreshOnUpdate'), bool)
def test_defaults():
request = Request('Create', 'abc')
r = RSAKeyProvider()
r.set_request(request, {})
assert r.is_valid_request()
assert r.get('KeyAlias') == 'alias/aws/ssm'
assert r.get('Description') == ''
def test_create():
# create a test parameter
provider = RSAKeyProvider()
name = '/test/parameter-%s' % uuid.uuid4()
request = Request('Create', name)
request['ResourceProperties']['Description'] = 'A ppretty private key'
response = provider.handle(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert provider.is_valid_cfn_response(), response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
assert 'Data' in response
assert 'Arn' in response['Data']
assert 'PublicKey' in response['Data']
assert 'Hash' in response['Data']
assert 'Version' in response['Data']
assert response['Data']['Arn'] == physical_resource_id
assert response['Data']['Hash'] == hashlib.md5(
response['Data']['PublicKey'].encode('ascii')).hexdigest()
assert response['Data']['Version'] == 1
public_key = load_pem_public_key(
response['Data']['PublicKeyPEM'].encode('ascii'),
backend=default_backend())
assert public_key.key_size == 2048
request['RequestType'] = 'Update'
request['ResourceProperties']['RefreshOnUpdate'] = True
request['PhysicalResourceId'] = physical_resource_id
response = provider.handle(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert response['Data']['Hash'] == hashlib.md5(
response['Data']['PublicKey'].encode('ascii')).hexdigest()
assert response['Data']['Version'] == 2
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_type_convert():
request = Request("Create", "abc")
request["ResourceProperties"]["RefreshOnUpdate"] = "true"
r = RSAKeyProvider()
r.set_request(request, {})
assert r.is_valid_request()
assert isinstance(r.get("RefreshOnUpdate"), bool)
def test_create():
# create a test parameter
provider = RSAKeyProvider()
name = '/test/parameter-%s' % uuid.uuid4()
request = Request('Create', name)
request['ResourceProperties']['Description'] = 'A ppretty private key'
response = provider.handle(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert provider.is_valid_cfn_response(), response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
assert 'Data' in response
assert 'Arn' in response['Data']
assert 'PublicKey' in response['Data']
assert 'Hash' in response['Data']
assert response['Data']['Arn'] == physical_resource_id
assert response['Data']['Hash'] == hashlib.md5(response['Data']['PublicKey']).hexdigest()
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_traditional_openssl_key():
# create a test parameter
provider = RSAKeyProvider()
name = '/test/parameter-%s' % uuid.uuid4()
request = Request('Create', name)
request['ResourceProperties']['Description'] = 'a key in openssl format'
request['ResourceProperties']['KeyFormat'] = 'TraditionalOpenSSL'
request['ResourceProperties']['ReturnSecret'] = True
response = provider.handle(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
physical_resource_id = response['PhysicalResourceId']
public_key = response['Data']['PublicKeyPEM']
# check that it is in openssl format
ssm = boto3.client('ssm')
kp = ssm.get_parameter(Name=name, WithDecryption=True)
private_key = kp['Parameter']['Value']
assert private_key.split('\n')[0] == '-----BEGIN RSA PRIVATE KEY-----'
# check it can reread the traditional form, and update back
request['RequestType'] = 'Update'
request['ResourceProperties']['KeyFormat'] = 'PKCS8'
request['PhysicalResourceId'] = physical_resource_id
response = provider.handle(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert public_key == response['Data']['PublicKeyPEM']
# check that it is in openssl format
ssm = boto3.client('ssm')
kp = ssm.get_parameter(Name=name, WithDecryption=True)
private_key = kp['Parameter']['Value']
assert private_key.split('\n')[0] == '-----BEGIN PRIVATE KEY-----'
# delete the parameter
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_traditional_openssl_key():
# create a test parameter
provider = RSAKeyProvider()
name = "/test/parameter-%s" % uuid.uuid4()
request = Request("Create", name)
request["ResourceProperties"]["Description"] = "a key in openssl format"
request["ResourceProperties"]["KeyFormat"] = "TraditionalOpenSSL"
request["ResourceProperties"]["ReturnSecret"] = True
response = provider.handle(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
physical_resource_id = response["PhysicalResourceId"]
public_key = response["Data"]["PublicKeyPEM"]
# check that it is in openssl format
ssm = boto3.client("ssm")
kp = ssm.get_parameter(Name=name, WithDecryption=True)
private_key = kp["Parameter"]["Value"]
assert private_key.split("\n")[0] == "-----BEGIN RSA PRIVATE KEY-----"
# check it can reread the traditional form, and update back
request["RequestType"] = "Update"
request["ResourceProperties"]["KeyFormat"] = "PKCS8"
request["PhysicalResourceId"] = physical_resource_id
response = provider.handle(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert public_key == response["Data"]["PublicKeyPEM"]
# check that it is in openssl format
ssm = boto3.client("ssm")
kp = ssm.get_parameter(Name=name, WithDecryption=True)
private_key = kp["Parameter"]["Value"]
assert private_key.split("\n")[0] == "-----BEGIN PRIVATE KEY-----"
# delete the parameter
request = Request("Delete", name, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]