def testCreateVolumeCopy3(self,
mock_list_instances,
mock_list_volumes,
mock_loader):
"""Test that a volume is correctly cloned."""
mock_loader.return_value = None
# Should raise a ValueError exception as no volume_id or instance_id is
# specified.
with self.assertRaises(ValueError):
forensics.CreateVolumeCopy(FAKE_INSTANCE.availability_zone)
# Should raise a RuntimeError in GetInstanceById as we are querying a
# non-existent instance.
mock_list_instances.return_value = {}
with self.assertRaises(RuntimeError):
forensics.CreateVolumeCopy(
FAKE_INSTANCE.availability_zone,
instance_id='non-existent-instance-id')
# Should raise a RuntimeError in GetVolumeById as we are querying a
# non-existent volume.
mock_list_volumes.return_value = {}
with self.assertRaises(RuntimeError):
forensics.CreateVolumeCopy(
FAKE_INSTANCE.availability_zone,
volume_id='non-existent-volume-id')
def testCreateVolumeCopy2(self,
mock_ec2_api,
mock_account,
mock_get_instance,
mock_get_volume,
mock_snapshot,
mock_loader):
"""Test that a volume is correctly cloned."""
FAKE_SNAPSHOT.name = FAKE_BOOT_VOLUME.volume_id
mock_ec2_api.return_value.create_volume.return_value = MOCK_CREATE_VOLUME
mock_account.return_value = 'fake-account-id'
mock_get_instance.return_value = FAKE_INSTANCE
mock_get_volume.return_value = FAKE_BOOT_VOLUME
mock_snapshot.return_value = FAKE_SNAPSHOT
mock_loader.return_value = None
# CreateVolumeCopy(zone, instance='fake-instance-id'). This should grab
# the boot volume of the instance.
new_volume = forensics.CreateVolumeCopy(
FAKE_INSTANCE.availability_zone, instance_id=FAKE_INSTANCE.instance_id)
mock_get_instance.assert_called_with('fake-instance-id')
self.assertIsInstance(new_volume, ebs.AWSVolume)
self.assertTrue(new_volume.name.startswith('evidence-'))
self.assertIn('fake-boot-volume-id', new_volume.name)
self.assertTrue(new_volume.name.endswith('-copy'))
def testCreateVolumeCopy1(self,
mock_ec2_api,
mock_account,
mock_get_volume,
mock_snapshot,
mock_volume_type,
mock_loader):
"""Test that a volume is correctly cloned."""
aws_mocks.FAKE_SNAPSHOT.name = aws_mocks.FAKE_VOLUME.volume_id
mock_ec2_api.return_value.create_volume.return_value = aws_mocks.MOCK_CREATE_VOLUME
mock_account.return_value = aws_mocks.MOCK_CALLER_IDENTITY
mock_get_volume.return_value = aws_mocks.FAKE_VOLUME
mock_snapshot.return_value = aws_mocks.FAKE_SNAPSHOT
mock_volume_type.return_value = 'standard'
mock_loader.return_value = None
# CreateVolumeCopy(zone, volume_id='fake-volume-id'). This should grab
# the volume 'fake-volume-id'.
new_volume = forensics.CreateVolumeCopy(
aws_mocks.FAKE_INSTANCE.availability_zone, volume_id=aws_mocks.FAKE_VOLUME.volume_id)
mock_get_volume.assert_called_with('fake-volume-id')
self.assertIsInstance(new_volume, ebs.AWSVolume)
self.assertTrue(new_volume.name.startswith('evidence-'))
self.assertIn('fake-volume-id', new_volume.name)
self.assertTrue(new_volume.name.endswith('-copy'))
def testBootVolumeCopy(self):
"""End to end test on AWS.
Test copying the boot volume of an instance.
"""
volume_copy = forensics.CreateVolumeCopy(
self.zone,
instance_id=self.instance_to_analyse
# volume_id=None by default, boot volume of instance will be copied
)
# The volume should be created in AWS
aws_volume = self.aws.ResourceApi(EC2_SERVICE).Volume(volume_copy.volume_id)
self.assertEqual(aws_volume.volume_id, volume_copy.volume_id)
self._StoreVolumeForCleanup(self.aws, aws_volume)
def testEncryptedVolumeCopy(self):
"""End to end test on AWS.
Test copying a specific encrypted volume.
"""
if not self.encrypted_volume_to_copy:
return
volume_copy = forensics.CreateVolumeCopy(
self.zone, volume_id=self.encrypted_volume_to_copy)
# The volume should be created in AWS
aws_volume = self.aws.ResourceApi(EC2_SERVICE).Volume(volume_copy.volume_id)
self.assertEqual(aws_volume.volume_id, volume_copy.volume_id)
self._StoreVolumeForCleanup(self.aws, aws_volume)
def CreateVolumeCopy(args: 'argparse.Namespace') -> None:
"""Create a AWS Volume copy.
Args:
args (argparse.Namespace): Arguments from ArgumentParser.
"""
print('Starting volume copy...')
volume_copy = forensics.CreateVolumeCopy(args.zone,
dst_zone=args.dst_zone,
instance_id=args.instance_id,
volume_id=args.volume_id,
src_profile=args.src_profile,
dst_profile=args.dst_profile)
print('Done! Volume {0:s} successfully created. You will find it in '
'your AWS account under the name {1:s}.'.format(
volume_copy.volume_id, volume_copy.name))
def testVolumeCopyToOtherZone(self):
"""End to end test on AWS.
Test copying a specific volume to a different AWS availability zone.
"""
if not (self.volume_to_copy and self.dst_zone):
return
volume_copy = forensics.CreateVolumeCopy(
self.zone, dst_zone=self.dst_zone, volume_id=self.volume_to_copy)
# The volume should be created in AWS
aws_account = account.AWSAccount(self.dst_zone)
aws_volume = aws_account.ResourceApi(EC2_SERVICE).Volume(
volume_copy.volume_id)
self.assertEqual(aws_volume.volume_id, volume_copy.volume_id)
self._StoreVolumeForCleanup(aws_account, aws_volume)
def Process(self):
"""Copies a volume and attaches it to the analysis VM."""
for volume in self._FindVolumesToCopy():
print('Volume copy of {0:s} started...'.format(volume.volume_id))
new_volume = aws_forensics.CreateVolumeCopy(
self.remote_zone,
dst_zone=self.analysis_zone,
volume_id=volume.volume_id,
src_profile=self.remote_profile_name,
dst_profile=self.analysis_profile_name)
self.analysis_vm.AttachVolume(new_volume,
self._FindNextAvailableDeviceName())
print('Volume {0:s} successfully copied to {1:s}'.format(
volume.volume_id, new_volume.volume_id))
container = containers.ForensicsVM(name=self.analysis_vm.name,
evidence_disk=new_volume,
platform='aws')
self.state.StoreContainer(container)
def testStartVm(self):
"""End to end test on AWS.
Test creating an analysis VM and attaching a copied volume to it.
"""
volume_copy = forensics.CreateVolumeCopy(self.zone,
volume_id=self.volume_to_copy)
self.volumes.append((self.aws, volume_copy))
# Create and start the analysis VM and attach the boot volume
self.analysis_vm, _ = forensics.StartAnalysisVm(
self.analysis_vm_name,
self.zone,
10,
attach_volumes=[(volume_copy.volume_id, '/dev/sdp')])
# The forensic instance should be live in the analysis AWS account and
# the volume should be attached
instance = self.aws.ResourceApi(EC2_SERVICE).Instance(
self.analysis_vm.instance_id)
self.assertEqual(instance.instance_id, self.analysis_vm.instance_id)
self.assertIn(volume_copy.volume_id,
[vol.volume_id for vol in instance.volumes.all()])
