def test_update_name(): # update parameter name name = "/test/parameter-%s" % uuid.uuid4() request = Request("Create", name) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response physical_resource_id = response["PhysicalResourceId"] public_key_1 = response["Data"]["PublicKey"] name_2 = "%s-2" % name request = Request("Update", name_2, physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response assert "Data" in response and "Arn" in response["Data"] public_key_2 = response["Data"]["PublicKey"] physical_resource_id_2 = response["PhysicalResourceId"] assert physical_resource_id != physical_resource_id_2 assert public_key_1 == public_key_2 # delete the parameters request = Request("Delete", name, physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] request = Request("Delete", name, physical_resource_id_2) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"]
def test_update_private_key(): # create a keypair name = 'k%s' % uuid.uuid4() request = Request('Create', name) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] public_key_material = response['Data']['PublicKey'] # update keypair name name_2 = 'k2%s' % name request = Request('Update', name_2, physical_resource_id) request['ResourceProperties']['RefreshOnUpdate'] = True response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] physical_resource_id_2 = response['PhysicalResourceId'] assert physical_resource_id != physical_resource_id_2 public_key_material_2 = response['Data']['PublicKey'] assert public_key_material != public_key_material_2 # delete the keypairs request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] request = Request('Delete', name, physical_resource_id_2) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_and_public(): # create a test parameter provider = KeyPairProvider() name = 'k%s' % uuid.uuid4() request = Request('Create', name) response = provider.handle(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert provider.is_valid_cfn_response(), response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] assert 'Data' in response assert 'Arn' in response['Data'] assert response['Data']['Arn'] == physical_resource_id finger_print_1 = get_finger_print(name) assert finger_print_1 is not None # update the material request = Request('Update', name, physical_resource_id, KeyPair().public_key_material) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] finger_print_2 = get_finger_print(name) assert finger_print_2 is not None assert finger_print_1 != finger_print_2 # delete the parameters request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_update_private_key(): # create a keypair name = "k%s" % uuid.uuid4() request = Request("Create", name) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response physical_resource_id = response["PhysicalResourceId"] public_key_material = response["Data"]["PublicKey"] secure_hash = response["Data"]["Hash"] # update keypair name name_2 = "k2%s" % name request = Request("Update", name_2, physical_resource_id) request["ResourceProperties"]["RefreshOnUpdate"] = True response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] physical_resource_id_2 = response["PhysicalResourceId"] assert physical_resource_id != physical_resource_id_2 public_key_material_2 = response["Data"]["PublicKey"] assert public_key_material != public_key_material_2 secure_hash_2 = response["Data"]["Hash"] assert secure_hash != secure_hash_2 # delete the keypairs request = Request("Delete", name, physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] request = Request("Delete", name, physical_resource_id_2) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"]
def test_update_secret(): name = 'k%s' % uuid.uuid4() request = Request('Create', name) request['ResourceProperties']['ReturnSecret'] = True response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] secret_1 = response['Data']['Secret'] name_2 = 'k2%s' % name request = Request('Update', name_2, physical_resource_id) request['ResourceProperties']['RefreshOnUpdate'] = True request['ResourceProperties']['ReturnSecret'] = True response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] physical_resource_id_2 = response['PhysicalResourceId'] assert physical_resource_id != physical_resource_id_2 secret_2 = response['Data']['Secret'] assert secret_1 != secret_2 # delete secrets request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] request = Request('Delete', name, physical_resource_id_2) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_with_bad_encrypted_values(): # create a test parameter with content value set name = "/test/parameter-%s" % uuid.uuid4() request = Request("Create", name) request["ResourceProperties"]["ReturnSecret"] = True request["ResourceProperties"]["Description"] = "A encrypted custom secret" request["ResourceProperties"][ "EncryptedContent"] = "Unencrypted secret here" response = handler(request, {}) assert response["Status"] == "FAILED", response["Reason"] assert response["Reason"].startswith( "EncryptedContent is not base64 encoded") request["ResourceProperties"]["ReturnSecret"] = True request["ResourceProperties"]["Description"] = "A encrypted custom secret" request["ResourceProperties"]["EncryptedContent"] = b64encode( b"not a KMS encrypted value here").decode("ascii") response = handler(request, {}) assert response["Status"] == "FAILED", response["Reason"] assert response["Reason"].startswith( "An error occurred (InvalidCiphertextException)") request["ResourceProperties"]["ReturnSecret"] = True request["ResourceProperties"]["Content"] = "A encrypted custom secret" request["ResourceProperties"]["EncryptedContent"] = b64encode( b"not a KMS encrypted value here").decode("ascii") response = handler(request, {}) assert response["Status"] == "FAILED", response["Reason"] assert response["Reason"].startswith( 'Specify either "Content" or "EncryptedContent"')
def test_no_echo(): # create a test parameter name = "/test/parameter-%s" % uuid.uuid4() request = Request("Create", name) request["ResourceProperties"]["ReturnSecret"] = True response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "NoEcho" in response assert response["NoEcho"] == True physical_resource_id = response["PhysicalResourceId"] # update NoEcho request["PhysicalResourceId"] = physical_resource_id request["ResourceProperties"]["NoEcho"] = False request["RequestType"] = "Update" response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "NoEcho" in response assert response["NoEcho"] == False # delete NoEcho parameter request["RequestType"] = "Delete" request = Request("Delete", name, physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"]
def test_create_with_content(): # create a test parameter with content value set name = "/test/6-parameter-%s" % uuid.uuid4() secretContent = "Don't read my secret" request = Request("Create", name) request["ResourceProperties"]["ReturnSecret"] = True request["ResourceProperties"]["Description"] = "A custom secret" request["ResourceProperties"]["Content"] = secretContent response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response physical_resource_id = response["PhysicalResourceId"] assert isinstance(physical_resource_id, str) assert "Data" in response assert "Secret" in response["Data"] assert "Arn" in response["Data"] assert "Hash" in response["Data"] assert "Version" in response["Data"] assert response["Data"]["Arn"] == physical_resource_id assert (response["Data"]["Hash"] == hashlib.md5( response["Data"]["Secret"].encode("utf8")).hexdigest()) assert response["Data"]["Secret"] == secretContent assert response["Data"]["Version"] == 1 # delete the parameters request = Request("Delete", name, physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"]
def test_no_echo(): # create a test parameter name = '/test/parameter-%s' % uuid.uuid4() request = Request('Create', name) request['ResourceProperties']['ReturnSecret'] = True response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'NoEcho' in response assert response['NoEcho'] == True physical_resource_id = response['PhysicalResourceId'] # update NoEcho request['PhysicalResourceId'] = physical_resource_id request['ResourceProperties']['NoEcho'] = False request['RequestType'] = 'Update' response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'NoEcho' in response assert response['NoEcho'] == False # delete NoEcho parameter request['RequestType'] = 'Delete' request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_update_name(): # create a keypair name = "k%s" % uuid.uuid4() request = Request("Create", name) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response physical_resource_id = response["PhysicalResourceId"] assert response["Data"]["Name"] == name # update keypair name name_2 = "k2%s" % name request = Request("Update", name_2, physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response assert response["Data"]["Name"] == name_2 physical_resource_id_2 = response["PhysicalResourceId"] assert physical_resource_id != physical_resource_id_2 # delete the keypairs request = Request("Delete", name, physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] request = Request("Delete", name, physical_resource_id_2) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"]
def test_update_name(): # update parameter name name = '/test/parameter-%s' % uuid.uuid4() request = Request('Create', name) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] public_key_1 = response['Data']['PublicKey'] name_2 = '%s-2' % name request = Request('Update', name_2, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response assert 'Data' in response and 'Arn' in response['Data'] public_key_2 = response['Data']['PublicKey'] physical_resource_id_2 = response['PhysicalResourceId'] assert physical_resource_id != physical_resource_id_2 assert public_key_1 == public_key_2 # delete the parameters request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] request = Request('Delete', name, physical_resource_id_2) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_request_duplicate_through_update(): # update parameter name name = "/test/parameter-%s" % uuid.uuid4() request = Request("Create", name) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] physical_resource_id = response["PhysicalResourceId"] name_2 = "%s-2" % name request = Request("Create", name_2) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response physical_resource_id_2 = response["PhysicalResourceId"] request = Request("Update", name, physical_resource_id_2) response = handler(request, {}) assert response["Status"] == "FAILED", response["Reason"] # delete the parameters request = Request("Delete", name, physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] request = Request("Delete", name, physical_resource_id_2) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"]
def test_request_duplicate_through_update(): # update parameter name name = '/test/parameter-%s' % uuid.uuid4() request = Request('Create', name) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] physical_resource_id = response['PhysicalResourceId'] name_2 = '%s-2' % name request = Request('Create', name_2) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id_2 = response['PhysicalResourceId'] request = Request('Update', name, physical_resource_id_2) response = handler(request, {}) assert response['Status'] == 'FAILED', response['Reason'] # delete the parameters request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] request = Request('Delete', name, physical_resource_id_2) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_update_private_key(): # create a keypair name = 'k%s' % uuid.uuid4() request = Request('Create', name) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] public_key_material = response['Data']['PublicKey'] secure_hash = response['Data']['Hash'] # update keypair name name_2 = 'k2%s' % name request = Request('Update', name_2, physical_resource_id) request['ResourceProperties']['RefreshOnUpdate'] = True response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] physical_resource_id_2 = response['PhysicalResourceId'] assert physical_resource_id != physical_resource_id_2 public_key_material_2 = response['Data']['PublicKey'] assert public_key_material != public_key_material_2 secure_hash_2 = response['Data']['Hash'] assert secure_hash != secure_hash_2 # delete the keypairs request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] request = Request('Delete', name, physical_resource_id_2) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_and_public(): # create a test parameter provider = KeyPairProvider() name = "k%s" % uuid.uuid4() request = Request("Create", name) response = provider.handle(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert provider.is_valid_cfn_response(), response["Reason"] assert "PhysicalResourceId" in response physical_resource_id = response["PhysicalResourceId"] assert "Data" in response assert "Arn" in response["Data"] assert "Name" in response["Data"] assert response["Data"]["Arn"] == physical_resource_id assert response["Data"]["Name"] == name finger_print_1 = get_finger_print(name) assert finger_print_1 is not None # update the material request = Request("Update", name, physical_resource_id, KeyPair().public_key_material) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert response["Data"]["Name"] == name finger_print_2 = get_finger_print(name) assert finger_print_2 is not None assert finger_print_1 != finger_print_2 assert response["Data"]["Name"] == name # delete the parameters request = Request("Delete", name, physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"]
def test_create_with_bad_encrypted_values(): # create a test parameter with content value set name = '/test/parameter-%s' % uuid.uuid4() request = Request('Create', name) request['ResourceProperties']['ReturnSecret'] = True request['ResourceProperties']['Description'] = 'A encrypted custom secret' request['ResourceProperties'][ 'EncryptedContent'] = "Unencrypted secret here" response = handler(request, {}) assert response['Status'] == 'FAILED', response['Reason'] assert response['Reason'].startswith( 'EncryptedContent is not base64 encoded') request['ResourceProperties']['ReturnSecret'] = True request['ResourceProperties']['Description'] = 'A encrypted custom secret' request['ResourceProperties']['EncryptedContent'] = b64encode( b"not a KMS encrypted value here").decode('ascii') response = handler(request, {}) assert response['Status'] == 'FAILED', response['Reason'] assert response['Reason'].startswith( 'An error occurred (InvalidCiphertextException)') request['ResourceProperties']['ReturnSecret'] = True request['ResourceProperties']['Content'] = 'A encrypted custom secret' request['ResourceProperties']['EncryptedContent'] = b64encode( b"not a KMS encrypted value here").decode('ascii') response = handler(request, {}) assert response['Status'] == 'FAILED', response['Reason'] assert response['Reason'].startswith( 'Specify either "Content" or "EncryptedContent"')
def test_update_name(): # update parameter name name = '/test/3-parameter-%s' % uuid.uuid4() request = Request('Create', name) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] name_2 = '%s-2' % name request = Request('Update', name_2, physical_resource_id) request['ResourceProperties']['ReturnSecret'] = True response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response assert 'Data' in response and 'Secret' in response['Data'] physical_resource_id_2 = response['PhysicalResourceId'] assert physical_resource_id != physical_resource_id_2 # delete the parameters request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] request = Request('Delete', name, physical_resource_id_2) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_update_name(): # create a keypair name = 'k%s' % uuid.uuid4() request = Request('Create', name) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] # update keypair name name_2 = 'k2%s' % name request = Request('Update', name_2, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id_2 = response['PhysicalResourceId'] assert physical_resource_id != physical_resource_id_2 # delete the keypairs request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] request = Request('Delete', name, physical_resource_id_2) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_with_content(): # create a test parameter with content value set name = '/test/6-parameter-%s' % uuid.uuid4() secretContent = 'Don\'t read my secret' request = Request('Create', name) request['ResourceProperties']['ReturnSecret'] = True request['ResourceProperties']['Description'] = 'A custom secret' request['ResourceProperties']['Content'] = secretContent response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] assert isinstance(physical_resource_id, str) assert 'Data' in response assert 'Secret' in response['Data'] assert 'Arn' in response['Data'] assert 'Hash' in response['Data'] assert 'Version' in response['Data'] assert response['Data']['Arn'] == physical_resource_id assert response['Data']['Hash'] == hashlib.md5( response['Data']['Secret'].encode('utf8')).hexdigest() assert response['Data']['Secret'] == secretContent assert response['Data']['Version'] == 1 # delete the parameters request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_update_name(): # update parameter name name = "/test/3-parameter-%s" % uuid.uuid4() request = Request("Create", name) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response physical_resource_id = response["PhysicalResourceId"] name_2 = "%s-2" % name request = Request("Update", name_2, physical_resource_id) request["ResourceProperties"]["ReturnSecret"] = True response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response assert "Data" in response and "Secret" in response["Data"] physical_resource_id_2 = response["PhysicalResourceId"] assert physical_resource_id != physical_resource_id_2 # delete the parameters request = Request("Delete", name, physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] request = Request("Delete", name, physical_resource_id_2) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"]
def test_create(): # create a test parameter name = "/test/1-parameter-%s" % uuid.uuid4() request = Request("Create", name) request["ResourceProperties"]["ReturnSecret"] = True request["ResourceProperties"]["Description"] = "A beautiful secret" response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response physical_resource_id = response["PhysicalResourceId"] assert isinstance(physical_resource_id, str) assert "Data" in response assert "Secret" in response["Data"] assert len(b64decode(response["Data"]["Secret"])) == default_length assert "Arn" in response["Data"] assert "Hash" in response["Data"] assert "Version" in response["Data"] assert "NoEcho" in response assert response["Data"]["Arn"] == physical_resource_id assert ( response["Data"]["Hash"] == hashlib.md5(response["Data"]["Secret"].encode("utf8")).hexdigest() ) assert response["Data"]["Version"] == 1 assert response["NoEcho"] == True # no update the key hash = response["Data"]["Hash"] request["RequestType"] = "Update" request["ResourceProperties"]["Length"] = "32" request["ResourceProperties"]["RefreshOnUpdate"] = False request["PhysicalResourceId"] = physical_resource_id response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert response["Data"]["Arn"] == physical_resource_id assert response["Data"]["Version"] == 2 assert response["Data"]["Hash"] == hash assert len(b64decode(response["Data"]["Secret"])) == default_length # update the key hash = response["Data"]["Hash"] request["RequestType"] = "Update" request["ResourceProperties"]["RefreshOnUpdate"] = True request["ResourceProperties"]["Length"] = "32" request["PhysicalResourceId"] = physical_resource_id response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert response["Data"]["Arn"] == physical_resource_id assert response["Data"]["Version"] == 3 assert response["Data"]["Hash"] != hash assert len(b64decode(response["Data"]["Secret"])) == 32 response = handler(request, {}) # delete the parameters request = Request("Delete", name, physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"]
def test_request_duplicate_create(): # prrequest duplicate create name = "/test/2-parameter-%s" % uuid.uuid4() request = Request("Create", name) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] physical_resource_id = response["PhysicalResourceId"] request = Request("Create", name) response = handler(request, {}) assert response["Status"] == "FAILED", response["Reason"] request = Request("Delete", name, physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"]
def test_request_duplicate_create(): # prrequest duplicate create name = '/test/2-parameter-%s' % uuid.uuid4() request = Request('Create', name) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] physical_resource_id = response['PhysicalResourceId'] request = Request('Create', name) response = handler(request, {}) assert response['Status'] == 'FAILED', response['Reason'] request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_4096_key(): # create a test parameter provider = RSAKeyProvider() name = '/test/parameter-%s' % uuid.uuid4() request = Request('Create', name) request['ResourceProperties']['Description'] = 'A large private key' request['ResourceProperties']['KeySize'] = '4096' response = provider.handle(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert provider.is_valid_cfn_response(), response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] assert 'Data' in response assert 'Arn' in response['Data'] assert 'PublicKey' in response['Data'] assert 'PublicKeyPEM' in response['Data'] assert 'Hash' in response['Data'] assert response['Data']['Arn'] == physical_resource_id assert response['Data']['Hash'] == hashlib.md5(response['Data']['PublicKey']).hexdigest() public_key = load_pem_public_key(response['Data']['PublicKeyPEM'], backend=default_backend()) assert public_key.key_size == 4096 # delete the parameter request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_3072_key(): # create a test parameter provider = DSAKeyProvider() name = "/test/parameter-%s" % uuid.uuid4() request = Request("Create", name) request["ResourceProperties"]["Description"] = "A large private key" request["ResourceProperties"]["KeySize"] = "3072" response = provider.handle(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert provider.is_valid_cfn_response(), response["Reason"] assert "PhysicalResourceId" in response physical_resource_id = response["PhysicalResourceId"] assert "Data" in response assert "Arn" in response["Data"] assert "PublicKey" in response["Data"] assert "PublicKeyPEM" in response["Data"] assert "Hash" in response["Data"] assert response["Data"]["Arn"] == physical_resource_id assert (response["Data"]["Hash"] == hashlib.md5( response["Data"]["PublicKey"].encode("ascii")).hexdigest()) public_key = load_pem_public_key( response["Data"]["PublicKeyPEM"].encode("ascii"), backend=default_backend()) assert public_key.key_size == 3072 # delete the parameter request = Request("Delete", name, physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"]
def test_create_no_return_secret(): # create a test parameter name = '/test/parameter-%s' % uuid.uuid4() request = Request('Create', name) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] assert 'Data' in response assert 'Arn' in response['Data'] assert response['Data']['Arn'] == physical_resource_id # delete the parameters request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_with_encypted_content(): # create a test parameter with content value set name = "/test/7-parameter-%s" % uuid.uuid4() secret_content = "Don't read my encrypted secret" request = Request("Create", name) encrypted_secret_content = encrypt_to_base64(secret_content) request["ResourceProperties"]["ReturnSecret"] = True request["ResourceProperties"]["Description"] = "A encrypted custom secret" request["ResourceProperties"][ "EncryptedContent"] = encrypted_secret_content response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response physical_resource_id = response["PhysicalResourceId"] assert isinstance(physical_resource_id, str) assert "Data" in response assert "Secret" in response["Data"] assert "Arn" in response["Data"] assert "Hash" in response["Data"] assert "Version" in response["Data"] assert response["Data"]["Arn"] == physical_resource_id assert (response["Data"]["Hash"] == hashlib.md5( response["Data"]["Secret"].encode("utf8")).hexdigest()) assert response["Data"]["Secret"] == secret_content assert response["Data"]["Version"] == 1 secret_content = secret_content + " v2" request["RequestType"] = "Update" request["PhysicalResourceId"] = physical_resource_id request["ResourceProperties"]["EncryptedContent"] = encrypt_to_base64( secret_content) request["ResourceProperties"]["RefreshOnUpdate"] = True response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response assert physical_resource_id == response["PhysicalResourceId"] assert response["Data"]["Secret"] == secret_content assert response["Data"]["Version"] == 2 # delete the parameters request = Request("Delete", name, physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"]
def test_create_with_encypted_content(): # create a test parameter with content value set name = '/test/7-parameter-%s' % uuid.uuid4() secret_content = 'Don\'t read my encrypted secret' request = Request('Create', name) encrypted_secret_content = encrypt_to_base64(secret_content) request['ResourceProperties']['ReturnSecret'] = True request['ResourceProperties']['Description'] = 'A encrypted custom secret' request['ResourceProperties'][ 'EncryptedContent'] = encrypted_secret_content response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] assert isinstance(physical_resource_id, str) assert 'Data' in response assert 'Secret' in response['Data'] assert 'Arn' in response['Data'] assert 'Hash' in response['Data'] assert 'Version' in response['Data'] assert response['Data']['Arn'] == physical_resource_id assert response['Data']['Hash'] == hashlib.md5( response['Data']['Secret'].encode('utf8')).hexdigest() assert response['Data']['Secret'] == secret_content assert response['Data']['Version'] == 1 secret_content = secret_content + " v2" request['RequestType'] = 'Update' request['PhysicalResourceId'] = physical_resource_id request['ResourceProperties']['EncryptedContent'] = encrypt_to_base64( secret_content) request['ResourceProperties']['RefreshOnUpdate'] = True response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response assert physical_resource_id == response['PhysicalResourceId'] assert response['Data']['Secret'] == secret_content assert response['Data']['Version'] == 2 # delete the parameters request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_no_return_secret(): # create a test parameter name = "/test/parameter-%s" % uuid.uuid4() request = Request("Create", name) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"] assert "PhysicalResourceId" in response physical_resource_id = response["PhysicalResourceId"] assert "Data" in response assert "Arn" in response["Data"] assert response["Data"]["Arn"] == physical_resource_id # delete the parameters request = Request("Delete", name, physical_resource_id) response = handler(request, {}) assert response["Status"] == "SUCCESS", response["Reason"]
def test_create(): # create a test parameter name = '/test/1-parameter-%s' % uuid.uuid4() request = Request('Create', name) request['ResourceProperties']['ReturnSecret'] = True request['ResourceProperties']['Description'] = 'A beautiful secret' response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] assert isinstance(physical_resource_id, str) assert 'Data' in response assert 'Secret' in response['Data'] assert 'Arn' in response['Data'] assert response['Data']['Arn'] == physical_resource_id # delete the parameters request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_create(): # create a test parameter name = '/test/1-parameter-%s' % uuid.uuid4() request = Request('Create', name) request['ResourceProperties']['ReturnSecret'] = True request['ResourceProperties']['Description'] = 'A beautiful secret' response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] assert isinstance(physical_resource_id, str) assert 'Data' in response assert 'Secret' in response['Data'] assert 'Arn' in response['Data'] assert 'Hash' in response['Data'] assert 'Version' in response['Data'] assert 'NoEcho' in response assert response['Data']['Arn'] == physical_resource_id assert response['Data']['Hash'] == hashlib.md5( response['Data']['Secret'].encode('utf8')).hexdigest() assert response['Data']['Version'] == 1 assert response['NoEcho'] == True # update the key hash = response['Data']['Hash'] request['RequestType'] = 'Update' request['ResourceProperties']['RefreshOnUpdate'] = True request['PhysicalResourceId'] = physical_resource_id response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert response['Data']['Arn'] == physical_resource_id assert response['Data']['Version'] == 2 assert response['Data']['Hash'] != hash response = handler(request, {}) # delete the parameters request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_create(): # create a test parameter name = '/test/1-parameter-%s' % uuid.uuid4() request = Request('Create', name) request['ResourceProperties']['ReturnSecret'] = True request['ResourceProperties']['Description'] = 'A beautiful secret' response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] assert isinstance(physical_resource_id, str) assert 'Data' in response assert 'Secret' in response['Data'] assert 'Arn' in response['Data'] assert 'Hash' in response['Data'] assert response['Data']['Arn'] == physical_resource_id assert response['Data']['Hash'] == hashlib.md5(response['Data']['Secret']).hexdigest() # delete the parameters request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_update_secret(): name = 'k%s' % uuid.uuid4() request = Request('Create', name) request['ResourceProperties']['ReturnSecret'] = True response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] secret_1 = response['Data']['Secret'] secure_hash = response['Data']['Hash'] assert secure_hash == hashlib.md5(secret_1).hexdigest() name_2 = 'k2%s' % name request = Request('Update', name_2, physical_resource_id) request['ResourceProperties']['RefreshOnUpdate'] = True request['ResourceProperties']['ReturnSecret'] = True response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] secure_hash_2 = response['Data']['Hash'] physical_resource_id_2 = response['PhysicalResourceId'] assert physical_resource_id != physical_resource_id_2 secret_2 = response['Data']['Secret'] assert secret_1 != secret_2 assert secure_hash != secure_hash_2 # delete secrets request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] request = Request('Delete', name, physical_resource_id_2) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']
def test_create(): # create a test parameter provider = RSAKeyProvider() name = '/test/parameter-%s' % uuid.uuid4() request = Request('Create', name) request['ResourceProperties']['Description'] = 'A ppretty private key' response = provider.handle(request, {}) assert response['Status'] == 'SUCCESS', response['Reason'] assert provider.is_valid_cfn_response(), response['Reason'] assert 'PhysicalResourceId' in response physical_resource_id = response['PhysicalResourceId'] assert 'Data' in response assert 'Arn' in response['Data'] assert 'PublicKey' in response['Data'] assert 'Hash' in response['Data'] assert response['Data']['Arn'] == physical_resource_id assert response['Data']['Hash'] == hashlib.md5(response['Data']['PublicKey']).hexdigest() # delete the parameters request = Request('Delete', name, physical_resource_id) response = handler(request, {}) assert response['Status'] == 'SUCCESS', response['Reason']