def test_write_stunnel_config_check_cert_validity_not_supported_ocsp_enabled(
mocker, capsys, tmpdir
):
mocker.patch("mount_efs.add_stunnel_ca_options")
with pytest.raises(SystemExit) as ex:
mount_efs.write_stunnel_config_file(
_get_config(
mocker,
stunnel_check_cert_validity_supported=False,
stunnel_check_cert_validity=True,
),
str(tmpdir),
FS_ID,
MOUNT_POINT,
PORT,
DNS_NAME,
VERIFY_LEVEL,
True,
_get_mount_options(),
DEFAULT_REGION,
)
assert 0 != ex.value.code
out, err = capsys.readouterr()
assert "WARNING: Your client lacks sufficient controls" in err
assert "stunnel_check_cert_validity" in err
def test_write_stunnel_config_check_cert_hostname_not_supported_flag_set_true(mocker, capsys, tmpdir):
mocker.patch('mount_efs.add_stunnel_ca_options')
with pytest.raises(SystemExit) as ex:
mount_efs.write_stunnel_config_file(_get_config(mocker, stunnel_check_cert_hostname_supported=False,
stunnel_check_cert_hostname=True), str(tmpdir), FS_ID, MOUNT_POINT, PORT, DNS_NAME,
VERIFY_LEVEL, OCSP_ENABLED, _get_mount_options())
assert 0 != ex.value.code
out, err = capsys.readouterr()
assert 'WARNING: Your client lacks sufficient controls' in err
assert 'stunnel_check_cert_hostname' in err
def test_write_stunnel_config_with_fall_back_ip_address(mocker, tmpdir):
ca_mocker = mocker.patch("mount_efs.add_stunnel_ca_options")
state_file_dir = str(tmpdir)
config_file = mount_efs.write_stunnel_config_file(
_get_config(mocker),
state_file_dir,
FS_ID,
MOUNT_POINT,
PORT,
DNS_NAME,
VERIFY_LEVEL,
OCSP_ENABLED,
_get_mount_options(),
DEFAULT_REGION,
fallback_ip_address=FALLBACK_IP_ADDRESS,
)
utils.assert_called_once(ca_mocker)
_validate_config(
config_file,
mount_efs.STUNNEL_GLOBAL_CONFIG,
_get_expected_efs_config(fallback_ip_address=FALLBACK_IP_ADDRESS),
)
def test_write_stunnel_config_with_debug(mocker, tmpdir):
ca_mocker = mocker.patch("mount_efs.add_stunnel_ca_options")
state_file_dir = str(tmpdir)
config_file = mount_efs.write_stunnel_config_file(
_get_config(mocker, stunnel_debug_enabled=True),
state_file_dir,
FS_ID,
MOUNT_POINT,
PORT,
DNS_NAME,
VERIFY_LEVEL,
OCSP_ENABLED,
_get_mount_options(),
DEFAULT_REGION,
)
utils.assert_called_once(ca_mocker)
expected_global_config = dict(mount_efs.STUNNEL_GLOBAL_CONFIG)
expected_global_config["debug"] = "debug"
expected_global_config["output"] = os.path.join(
mount_efs.LOG_DIR,
"%s.stunnel.log"
% mount_efs.get_mount_specific_filename(FS_ID, MOUNT_POINT, PORT),
)
_validate_config(config_file, expected_global_config, _get_expected_efs_config())
def _test_disable_libwrap(
mocker, tmpdir, system_release="unknown", disable_libwrap=True
):
mocker.patch("mount_efs.add_stunnel_ca_options")
ver_mocker = mocker.patch(
"mount_efs.get_system_release_version", return_value=system_release
)
config_file = mount_efs.write_stunnel_config_file(
_get_config(mocker),
str(tmpdir),
FS_ID,
MOUNT_POINT,
PORT,
DNS_NAME,
VERIFY_LEVEL,
OCSP_ENABLED,
_get_mount_options(),
DEFAULT_REGION,
)
utils.assert_called_once(ver_mocker)
_validate_config(
config_file,
mount_efs.STUNNEL_GLOBAL_CONFIG,
_get_expected_efs_config(disable_libwrap=disable_libwrap),
)
def _test_check_cert_validity(
mocker,
tmpdir,
stunnel_check_cert_validity_supported,
stunnel_check_cert_validity,
expected_check_cert_validity_config_value,
):
ca_mocker = mocker.patch("mount_efs.add_stunnel_ca_options")
config_file = mount_efs.write_stunnel_config_file(
_get_config(
mocker,
stunnel_check_cert_validity_supported=stunnel_check_cert_validity_supported,
),
str(tmpdir),
FS_ID,
MOUNT_POINT,
PORT,
DNS_NAME,
VERIFY_LEVEL,
stunnel_check_cert_validity,
_get_mount_options(),
DEFAULT_REGION,
)
utils.assert_called_once(ca_mocker)
_validate_config(
config_file,
mount_efs.STUNNEL_GLOBAL_CONFIG,
_get_expected_efs_config(
check_cert_validity=expected_check_cert_validity_config_value
),
)
def test_write_stunnel_config_without_check_cert_status(
mocker, capsys, tmpdir):
ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options')
with pytest.raises(SystemExit) as ex:
mount_efs.write_stunnel_config_file(
_get_config(mocker,
stunnel_check_cert_validity_supported=False,
stunnel_check_cert_validity=True), str(tmpdir), FS_ID,
MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL)
assert 0 != ex.value.code
out, err = capsys.readouterr()
assert 'WARNING: Your client lacks sufficient controls' in err
assert 'stunnel_check_cert_validity' in err
def _test_write_stunnel_config_file(mocker, tmpdir):
ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options')
state_file_dir = str(tmpdir)
config_file = mount_efs.write_stunnel_config_file(_get_config(mocker), state_file_dir, FS_ID, MOUNT_POINT, PORT, DNS_NAME,
VERIFY_LEVEL, OCSP_ENABLED, _get_mount_options())
utils.assert_called_once(ca_mocker)
_validate_config(config_file, mount_efs.STUNNEL_GLOBAL_CONFIG, _get_expected_efs_config())
def test_write_stunnel_config_with_check_cert_status(mocker, tmpdir):
ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options')
config_file = mount_efs.write_stunnel_config_file(
_get_config(mocker, stunnel_check_cert_validity=True), str(tmpdir),
FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL)
ca_mocker.assert_called_once()
_validate_config(config_file, mount_efs.STUNNEL_GLOBAL_CONFIG,
_get_expected_efs_config(check_cert_status=True))
def test_write_stunnel_config_with_verify_level(mocker, tmpdir):
ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options')
verify = 0
config_file = mount_efs.write_stunnel_config_file(_get_config(mocker, stunnel_check_cert_validity=True), str(tmpdir), FS_ID,
MOUNT_POINT, PORT, DNS_NAME, verify, OCSP_ENABLED, _get_mount_options())
utils.assert_not_called(ca_mocker)
_validate_config(config_file, mount_efs.STUNNEL_GLOBAL_CONFIG,
_get_expected_efs_config(check_cert_validity=False, verify=verify))
def test_write_stunnel_config_with_verify(mocker, tmpdir):
ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options')
state_file_dir = str(tmpdir)
config_file = mount_efs.write_stunnel_config_file(
_get_config(), state_file_dir, FS_ID, MOUNT_POINT, PORT, DNS_NAME,
_get_mount_options(verify=0))
ca_mocker.assert_not_called()
_validate_config(config_file, mount_efs.STUNNEL_GLOBAL_CONFIG,
_get_expected_efs_config(verify=0))
def test_write_stunnel_config_file_with_az_as_dns_name(mocker, tmpdir):
ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options')
state_file_dir = str(tmpdir)
config_file = mount_efs.write_stunnel_config_file(
_get_config(mocker), state_file_dir, FS_ID,
MOUNT_POINT, PORT, DNS_NAME_WITH_AZ, VERIFY_LEVEL, OCSP_ENABLED,
_get_mount_options(), DEFAULT_REGION)
utils.assert_called_once(ca_mocker)
_validate_config(config_file, mount_efs.STUNNEL_GLOBAL_CONFIG,
_get_expected_efs_config(dns_name=DNS_NAME_WITH_AZ))
def _test_check_cert_hostname(mocker, tmpdir, stunnel_check_cert_hostname_supported, stunnel_check_cert_hostname,
expected_check_cert_hostname_config_value):
ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options')
config_file = mount_efs.write_stunnel_config_file(
_get_config(mocker, stunnel_check_cert_hostname_supported=stunnel_check_cert_hostname_supported,
stunnel_check_cert_hostname=stunnel_check_cert_hostname),
str(tmpdir), FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL, OCSP_ENABLED, _get_mount_options())
utils.assert_called_once(ca_mocker)
_validate_config(config_file, mount_efs.STUNNEL_GLOBAL_CONFIG,
_get_expected_efs_config(check_cert_hostname=expected_check_cert_hostname_config_value))
def test_write_stunnel_config_with_debug_and_logs_file(mocker, tmpdir):
ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options')
state_file_dir = str(tmpdir)
config_file = mount_efs.write_stunnel_config_file(
_get_config(mocker,
stunnel_debug_enabled=True,
stunnel_logs_file=STUNNEL_LOGS_FILE), state_file_dir,
FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL, OCSP_ENABLED,
_get_mount_options(), DEFAULT_REGION)
utils.assert_called_once(ca_mocker)
expected_global_config = dict(mount_efs.STUNNEL_GLOBAL_CONFIG)
expected_global_config['debug'] = 'debug'
expected_global_config['output'] = STUNNEL_LOGS_FILE
_validate_config(config_file, expected_global_config,
_get_expected_efs_config())
def test_write_stunnel_config_with_debug(mocker, tmpdir):
ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options')
state_file_dir = str(tmpdir)
config_file = mount_efs.write_stunnel_config_file(
_get_config(mocker, stunnel_debug_enabled=True), state_file_dir, FS_ID,
MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL)
ca_mocker.assert_called_once()
expected_global_config = dict(mount_efs.STUNNEL_GLOBAL_CONFIG)
expected_global_config['debug'] = 'debug'
expected_global_config['output'] = os.path.join(
mount_efs.LOG_DIR, '%s.stunnel.log' %
mount_efs.get_mount_specific_filename(FS_ID, MOUNT_POINT, PORT))
_validate_config(config_file, expected_global_config,
_get_expected_efs_config())
def _test_check_cert_validity(mocker, tmpdir,
stunnel_check_cert_validity_supported,
stunnel_check_cert_validity,
expected_check_cert_validity_config_value):
ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options')
config_file = mount_efs.write_stunnel_config_file(
_get_config(mocker,
stunnel_check_cert_validity_supported=
stunnel_check_cert_validity_supported,
stunnel_check_cert_validity=stunnel_check_cert_validity),
str(tmpdir), FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL)
ca_mocker.assert_called_once()
_validate_config(
config_file, mount_efs.STUNNEL_GLOBAL_CONFIG,
_get_expected_efs_config(
check_cert_validity=expected_check_cert_validity_config_value))
