def test_create_ca_conf_with_iam_no_accesspoint(mocker, tmpdir): current_time = mount_efs.get_utc_now() tls_dict, full_config_body = _create_ca_conf_helper(mocker, tmpdir, current_time, iam=True, ap=False, client_info=True) ca_extension_body = ( '[ v3_ca ]\n' 'subjectKeyIdentifier = hash\n' '1.3.6.1.4.1.4843.7.2 = ASN1:SEQUENCE:efs_client_auth\n' '1.3.6.1.4.1.4843.7.3 = ASN1:UTF8String:%s\n' '1.3.6.1.4.1.4843.7.4 = ASN1:SEQUENCE:efs_client_info') % (FS_ID) efs_client_auth_body = watchdog.efs_client_auth_builder( tls_dict['public_key'], CREDENTIALS['AccessKeyId'], CREDENTIALS['SecretAccessKey'], current_time, REGION, FS_ID, CREDENTIALS['Token']) efs_client_info_body = watchdog.efs_client_info_builder(CLIENT_INFO) matching_config_body = watchdog.CA_CONFIG_BODY % ( tls_dict['mount_dir'], tls_dict['private_key'], COMMON_NAME, ca_extension_body, efs_client_auth_body, efs_client_info_body) assert full_config_body == matching_config_body
def test_create_ca_conf_with_accesspoint_no_iam(mocker, tmpdir): current_time = mount_efs.get_utc_now() tls_dict, full_config_body = _create_ca_conf_helper(mocker, tmpdir, current_time, iam=False, ap=True, client_info=True) ca_extension_body = ("[ v3_ca ]\n" "subjectKeyIdentifier = hash\n" "1.3.6.1.4.1.4843.7.1 = ASN1:UTF8String:%s\n" "1.3.6.1.4.1.4843.7.3 = ASN1:UTF8String:%s\n" "1.3.6.1.4.1.4843.7.4 = ASN1:SEQUENCE:efs_client_info" ) % (AP_ID, FS_ID) efs_client_auth_body = "" efs_client_info_body = watchdog.efs_client_info_builder(CLIENT_INFO) matching_config_body = watchdog.CA_CONFIG_BODY % ( tls_dict["mount_dir"], tls_dict["private_key"], COMMON_NAME, ca_extension_body, efs_client_auth_body, efs_client_info_body, ) assert full_config_body == matching_config_body
def _test_recreate_certificate_with_invalid_client_source_config( mocker, tmpdir, client_source): config = _get_config(client_info={'source': client_source}) pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig') current_time = mount_efs.get_utc_now() watchdog.recreate_certificate(config, MOUNT_NAME, COMMON_NAME, FS_ID, CREDENTIALS, AP_ID, REGION, base_path=str(tmpdir)) with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f: conf_body = f.read() assert conf_body == watchdog.create_ca_conf( tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path, current_time, REGION, FS_ID, CREDENTIALS, AP_ID, None) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem')) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr')) assert os.path.exists( os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def _test_recreate_certificate_with_invalid_client_source_config( mocker, tmpdir, client_source): config = _get_config(client_info={'source': client_source }) if client_source else _get_config() pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig') current_time = mount_efs.get_utc_now() watchdog.recreate_certificate(config, MOUNT_NAME, COMMON_NAME, FS_ID, CREDENTIALS, AP_ID, REGION, base_path=str(tmpdir)) # Any invalid or not given client source should be marked as unknown expected_client_info = { 'source': 'unknown', 'efs_utils_version': watchdog.VERSION } with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f: conf_body = f.read() assert conf_body == watchdog.create_ca_conf( tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path, current_time, REGION, FS_ID, CREDENTIALS, AP_ID, expected_client_info) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem')) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr')) assert os.path.exists( os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def test_create_ca_conf_without_client_info(mocker, tmpdir): current_time = mount_efs.get_utc_now() tls_dict, full_config_body = _create_ca_conf_helper(mocker, tmpdir, current_time, iam=True, ap=True, client_info=False) ca_extension_body = ( "[ v3_ca ]\n" "subjectKeyIdentifier = hash\n" "1.3.6.1.4.1.4843.7.1 = ASN1:UTF8String:%s\n" "1.3.6.1.4.1.4843.7.2 = ASN1:SEQUENCE:efs_client_auth\n" "1.3.6.1.4.1.4843.7.3 = ASN1:UTF8String:%s") % (AP_ID, FS_ID) efs_client_auth_body = watchdog.efs_client_auth_builder( tls_dict["public_key"], CREDENTIALS["AccessKeyId"], CREDENTIALS["SecretAccessKey"], current_time, REGION, FS_ID, CREDENTIALS["Token"], ) efs_client_info_body = "" matching_config_body = watchdog.CA_CONFIG_BODY % ( tls_dict["mount_dir"], tls_dict["private_key"], COMMON_NAME, ca_extension_body, efs_client_auth_body, efs_client_info_body, ) assert full_config_body == matching_config_body
def test_create_ca_conf_with_accesspoint_no_iam(tmpdir): current_time = mount_efs.get_utc_now() tls_dict, full_config_body = _create_ca_conf_helper(tmpdir, current_time, iam=False, ap=True) ca_extension_body = '[ v3_ca ]\nsubjectKeyIdentifier = hash\n1.3.6.1.4.1.4843.7.1 = ASN1:UTF8String:%s\n1.3.6.1.4.1.4843' \ '.7.3 = ASN1:UTF8String:%s' % (AP_ID, FS_ID) efs_client_auth_body = '' matching_config_body = mount_efs.CA_CONFIG_BODY % ( tls_dict['mount_dir'], tls_dict['private_key'], COMMON_NAME, ca_extension_body, efs_client_auth_body) assert full_config_body == matching_config_body
def _test_recreate_certificate_with_invalid_client_source_config( mocker, tmpdir, client_source): mocker.patch("watchdog.check_if_running_on_macos", return_value=False) config = (_get_config(client_info={"source": client_source}) if client_source else _get_config()) pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, "tmpConfig") current_time = mount_efs.get_utc_now() watchdog.recreate_certificate( config, MOUNT_NAME, COMMON_NAME, FS_ID, CREDENTIALS, AP_ID, REGION, base_path=str(tmpdir), ) # Any invalid or not given client source should be marked as unknown expected_client_info = { "source": "unknown", "efs_utils_version": watchdog.VERSION } with open(os.path.join(tls_dict["mount_dir"], "config.conf")) as f: conf_body = f.read() assert conf_body == watchdog.create_ca_conf( config, tmp_config_path, COMMON_NAME, tls_dict["mount_dir"], pk_path, current_time, REGION, FS_ID, CREDENTIALS, AP_ID, expected_client_info, ) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem")) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr")) assert os.path.exists( os.path.join(tls_dict["mount_dir"], "certificate.pem"))
def test_create_ca_conf_no_ap_no_iam_no_client_source(tmpdir): current_time = mount_efs.get_utc_now() tls_dict, full_config_body = _create_ca_conf_helper(tmpdir, current_time, iam=False, ap=False, client_info=False) ca_extension_body = ('[ v3_ca ]\n' 'subjectKeyIdentifier = hash\n' '1.3.6.1.4.1.4843.7.3 = ASN1:UTF8String:%s') % (FS_ID) efs_client_auth_body = '' efs_client_info_body = '' matching_config_body = mount_efs.CA_CONFIG_BODY % ( tls_dict['mount_dir'], tls_dict['private_key'], COMMON_NAME, ca_extension_body, efs_client_auth_body, efs_client_info_body) assert full_config_body == matching_config_body
def test_create_ca_conf_with_iam_and_accesspoint(tmpdir): current_time = mount_efs.get_utc_now() tls_dict, full_config_body = _create_ca_conf_helper(tmpdir, current_time, iam=True, ap=True) ca_extension_body = '[ v3_ca ]\nsubjectKeyIdentifier = hash\n1.3.6.1.4.1.4843.7.1 = ASN1:UTF8String:%s\n1.3.6.1.4.1.4843.' \ '7.2 = ASN1:SEQUENCE:efs_client_auth\n1.3.6.1.4.1.4843.7.3 = ASN1:UTF8String:%s' % (AP_ID, FS_ID) efs_client_auth_body = mount_efs.efs_client_auth_builder( tls_dict['public_key'], CREDENTIALS['AccessKeyId'], CREDENTIALS['SecretAccessKey'], current_time, REGION, FS_ID, CREDENTIALS['Token']) matching_config_body = mount_efs.CA_CONFIG_BODY % ( tls_dict['mount_dir'], tls_dict['private_key'], COMMON_NAME, ca_extension_body, efs_client_auth_body) assert full_config_body == matching_config_body
def _test_recreate_certificate_with_valid_client_source_config( mocker, tmpdir, client_source): config = _get_config(client_info={"source": client_source}) pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, "tmpConfig") current_time = mount_efs.get_utc_now() watchdog.recreate_certificate( config, MOUNT_NAME, COMMON_NAME, FS_ID, CREDENTIALS, AP_ID, REGION, base_path=str(tmpdir), ) expected_client_info = { "source": client_source, "efs_utils_version": watchdog.VERSION, } with open(os.path.join(tls_dict["mount_dir"], "config.conf")) as f: conf_body = f.read() assert conf_body == watchdog.create_ca_conf( config, tmp_config_path, COMMON_NAME, tls_dict["mount_dir"], pk_path, current_time, REGION, FS_ID, CREDENTIALS, AP_ID, expected_client_info, ) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem")) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr")) assert os.path.exists( os.path.join(tls_dict["mount_dir"], "certificate.pem"))