def test_create_ca_conf_with_awsprofile_no_credentials_found(
mocker, caplog, tmpdir):
mocker.patch('watchdog.get_aws_security_credentials', return_value=None)
watchdog.create_ca_conf(None, None, str(tmpdir), None, None, None, None,
CREDENTIALS_SOURCE, None)
assert 'Failed to retrieve AWS security credentials using lookup method: %s' % CREDENTIALS_SOURCE in \
[rec.message for rec in caplog.records][0]
def _create_ca_conf_helper(mocker,
tmpdir,
current_time,
iam=True,
ap=True,
client_info=True):
tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
mount_efs.create_required_directory({}, tls_dict['mount_dir'])
tls_dict['certificate_path'] = os.path.join(tls_dict['mount_dir'],
'config.conf')
tls_dict['private_key'] = os.path.join(tls_dict['mount_dir'],
'privateKey.pem')
tls_dict['public_key'] = os.path.join(tls_dict['mount_dir'],
'publicKey.pem')
if iam:
with open(tls_dict['public_key'], 'w') as f:
f.write(PUBLIC_KEY_BODY)
mocker.patch('watchdog.get_aws_security_credentials',
return_value=CREDENTIALS)
credentials = 'dummy:lookup' if iam else None
ap_id = AP_ID if ap else None
client_info = CLIENT_INFO if client_info else None
full_config_body = watchdog.create_ca_conf(tls_dict['certificate_path'],
COMMON_NAME,
tls_dict['mount_dir'],
tls_dict['private_key'],
current_time, REGION, FS_ID,
credentials, ap_id, client_info)
assert os.path.exists(tls_dict['certificate_path'])
return tls_dict, full_config_body
def _test_recreate_certificate_with_invalid_client_source_config(
mocker, tmpdir, client_source):
config = _get_config(client_info={'source': client_source})
pk_path = _get_mock_private_key_path(mocker, tmpdir)
tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig')
current_time = mount_efs.get_utc_now()
watchdog.recreate_certificate(config,
MOUNT_NAME,
COMMON_NAME,
FS_ID,
CREDENTIALS,
AP_ID,
REGION,
base_path=str(tmpdir))
with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f:
conf_body = f.read()
assert conf_body == watchdog.create_ca_conf(
tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path,
current_time, REGION, FS_ID, CREDENTIALS, AP_ID, None)
assert os.path.exists(pk_path)
assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem'))
assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr'))
assert os.path.exists(
os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def _test_recreate_certificate_with_invalid_client_source_config(
mocker, tmpdir, client_source):
config = _get_config(client_info={'source': client_source
}) if client_source else _get_config()
pk_path = _get_mock_private_key_path(mocker, tmpdir)
tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig')
current_time = mount_efs.get_utc_now()
watchdog.recreate_certificate(config,
MOUNT_NAME,
COMMON_NAME,
FS_ID,
CREDENTIALS,
AP_ID,
REGION,
base_path=str(tmpdir))
# Any invalid or not given client source should be marked as unknown
expected_client_info = {
'source': 'unknown',
'efs_utils_version': watchdog.VERSION
}
with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f:
conf_body = f.read()
assert conf_body == watchdog.create_ca_conf(
tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path,
current_time, REGION, FS_ID, CREDENTIALS, AP_ID,
expected_client_info)
assert os.path.exists(pk_path)
assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem'))
assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr'))
assert os.path.exists(
os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def _test_recreate_certificate_with_invalid_client_source_config(
mocker, tmpdir, client_source):
mocker.patch("watchdog.check_if_running_on_macos", return_value=False)
config = (_get_config(client_info={"source": client_source})
if client_source else _get_config())
pk_path = _get_mock_private_key_path(mocker, tmpdir)
tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, "tmpConfig")
current_time = mount_efs.get_utc_now()
watchdog.recreate_certificate(
config,
MOUNT_NAME,
COMMON_NAME,
FS_ID,
CREDENTIALS,
AP_ID,
REGION,
base_path=str(tmpdir),
)
# Any invalid or not given client source should be marked as unknown
expected_client_info = {
"source": "unknown",
"efs_utils_version": watchdog.VERSION
}
with open(os.path.join(tls_dict["mount_dir"], "config.conf")) as f:
conf_body = f.read()
assert conf_body == watchdog.create_ca_conf(
config,
tmp_config_path,
COMMON_NAME,
tls_dict["mount_dir"],
pk_path,
current_time,
REGION,
FS_ID,
CREDENTIALS,
AP_ID,
expected_client_info,
)
assert os.path.exists(pk_path)
assert os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem"))
assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr"))
assert os.path.exists(
os.path.join(tls_dict["mount_dir"], "certificate.pem"))
def _test_recreate_certificate_with_valid_client_source_config(
mocker, tmpdir, client_source):
config = _get_config(client_info={"source": client_source})
pk_path = _get_mock_private_key_path(mocker, tmpdir)
tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, "tmpConfig")
current_time = mount_efs.get_utc_now()
watchdog.recreate_certificate(
config,
MOUNT_NAME,
COMMON_NAME,
FS_ID,
CREDENTIALS,
AP_ID,
REGION,
base_path=str(tmpdir),
)
expected_client_info = {
"source": client_source,
"efs_utils_version": watchdog.VERSION,
}
with open(os.path.join(tls_dict["mount_dir"], "config.conf")) as f:
conf_body = f.read()
assert conf_body == watchdog.create_ca_conf(
config,
tmp_config_path,
COMMON_NAME,
tls_dict["mount_dir"],
pk_path,
current_time,
REGION,
FS_ID,
CREDENTIALS,
AP_ID,
expected_client_info,
)
assert os.path.exists(pk_path)
assert os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem"))
assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr"))
assert os.path.exists(
os.path.join(tls_dict["mount_dir"], "certificate.pem"))
def _create_ca_conf_helper(mocker,
tmpdir,
current_time,
iam=True,
ap=True,
client_info=True):
config = _get_config()
tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
mount_efs.create_required_directory({}, tls_dict["mount_dir"])
tls_dict["certificate_path"] = os.path.join(tls_dict["mount_dir"],
"config.conf")
tls_dict["private_key"] = os.path.join(tls_dict["mount_dir"],
"privateKey.pem")
tls_dict["public_key"] = os.path.join(tls_dict["mount_dir"],
"publicKey.pem")
if iam:
with open(tls_dict["public_key"], "w") as f:
f.write(PUBLIC_KEY_BODY)
mocker.patch("watchdog.get_aws_security_credentials",
return_value=CREDENTIALS)
credentials = "dummy:lookup" if iam else None
ap_id = AP_ID if ap else None
client_info = CLIENT_INFO if client_info else None
full_config_body = watchdog.create_ca_conf(
config,
tls_dict["certificate_path"],
COMMON_NAME,
tls_dict["mount_dir"],
tls_dict["private_key"],
current_time,
REGION,
FS_ID,
credentials,
ap_id,
client_info,
)
assert os.path.exists(tls_dict["certificate_path"])
return tls_dict, full_config_body
def test_create_ca_conf_with_awsprofile_no_credentials_found(mocker, caplog, tmpdir):
mocker.patch('watchdog.get_aws_security_credentials', return_value=None)
watchdog.create_ca_conf(None, None, str(tmpdir), None, None, None, None, True, awsprofile='test_profile')
assert 'Failed to retrieve AWS security credentials from named profile "%s"' % 'test_profile' in \
[rec.message for rec in caplog.records][0]
