def test_assign_certificate_elb_dry_run(self, mock_print): # Create vpc resources vpc, subnet = create_vpc_resources() # Create load balancer lb = create_elb('test-elb', subnet) # Assign certificate self.uploader.assign_certificate('test-elb', 'new-cert', dry_run=True) self.assertEqual( mock_print.mock_calls, [ call( '[DRY RUN] Certificate %(existing_cert_arn)s would be replaced with %(new_cert_arn)s on ' 'load balancer %(lb_name)s (%(lb_dns)s) on port %(lb_port)d.' % { 'existing_cert_arn': 'fake-certificate', 'new_cert_arn': 'new-cert', 'lb_name': 'test-elb', 'lb_dns': lb['DNSName'], 'lb_port': 443 } ) ] )
def test_get_alb_listeners(self): # Create VPC resources and load balancer vpc, subnet = create_vpc_resources() lb = create_alb('dummy', subnet) # Create HTTP listener elbv2 = boto3.client('elbv2') http_listener = elbv2.create_listener( LoadBalancerArn=lb['LoadBalancerArn'], Protocol='HTTP', Port=80, DefaultActions=[] )['Listeners'][0] # Create HTTPS listener https_listener = elbv2.create_listener( LoadBalancerArn=lb['LoadBalancerArn'], Protocol='HTTPS', Port=443, DefaultActions=[], Certificates=[{'CertificateArn': 'dummy'}] )['Listeners'][0] # Instantiate and fetch listeners uploader = CertificateUploader() listeners = uploader._get_alb_listeners(lb['LoadBalancerArn']) # Verify the response from _get_alb_listeners matches what was created self.assertListEqual([http_listener, https_listener], listeners)
def test_assign_certificate_alb_rollback(self, mock_input, mock_print): # Create vpc resources vpc, subnet = create_vpc_resources() # Create load balancer lb = create_alb('test-alb', subnet) create_default_listeners(lb['LoadBalancerArn']) self.uploader.assign_certificate('test-alb', 'new-cert') self.assertEqual( mock_print.mock_calls, [ call( 'Replacing certificate %(existing_cert_arn)s with %(new_cert_arn)s to load balancer %(lb_name)s ' '(%(lb_dns)s) on port %(lb_port)d.' % { 'existing_cert_arn': 'dummy', 'new_cert_arn': 'new-cert', 'lb_name': 'test-alb', 'lb_dns': lb['DNSName'], 'lb_port': 443 } ), call('Certificate %s applied successfully to ALB %s on port %d' % ('new-cert', 'test-alb', 443)), call('Rolled back to certificate %s on ALB %s port %d' % ('dummy', 'test-alb', 443)) ] )
def test_assign_certificate_elb(self, mock_input, mock_print): # Create vpc resources vpc, subnet = create_vpc_resources() # Create load balancer lb = create_elb('test-elb', subnet) self.uploader.assign_certificate('test-elb', 'new-cert') self.assertEqual( mock_print.mock_calls, [ call( 'Replacing certificate %(existing_cert_arn)s with %(new_cert_arn)s to load balancer %(lb_name)s ' '(%(lb_dns)s) on port %(lb_port)d.' % { 'existing_cert_arn': 'fake-certificate', 'new_cert_arn': 'new-cert', 'lb_name': 'test-elb', 'lb_dns': lb['DNSName'], 'lb_port': 443 } ), call('Certificate %s applied successfully to ELB %s on port %d' % ('new-cert', 'test-elb', 443)) ] )
def test_get_load_balancer_elb(self): # Create vpc resources vpc, subnet = create_vpc_resources() # Create load balancer elb = boto3.client('elb') elb.create_load_balancer( LoadBalancerName='test-elb', Listeners=[ { 'Protocol': 'HTTP', 'LoadBalancerPort': 80, 'InstancePort': 80 }, { 'Protocol': 'HTTPS', 'LoadBalancerPort': 443, 'InstancePort': 443, 'SSLCertificateId': 'fake-certificate' } ], AvailabilityZones=[], Scheme='HTTP', Subnets=[subnet['Subnet']['SubnetId']] ) # Get load balancer and validate lb_info, is_alb = self.uploader.get_load_balancer('test-elb') self.assertFalse(is_alb) self.assertEqual(lb_info['LoadBalancerName'], 'test-elb')
def test_assign_certificate_elb_http_protocol(self): # Create vpc resources vpc, subnet = create_vpc_resources() # Create load balancer create_elb('test-elb', subnet) with self.assertRaisesRegex(InvalidProtocolException, 'Port 80 is not a HTTPS listener'): self.uploader.assign_certificate('test-elb', 'arn', lb_port=80)
def test_assign_certificate_elb_missing_port(self): # Create vpc resources vpc, subnet = create_vpc_resources() # Create load balancer create_elb('test-elb', subnet) with self.assertRaisesRegex(ListenerNotFoundException, 'Could not find a listener for port 1234'): self.uploader.assign_certificate('test-elb', 'arn', lb_port=1234)
def test_assign_certificate_alb_missing_port(self): # Create vpc resources vpc, subnet = create_vpc_resources() # Create load balancer and default listeners lb = create_alb('alb', subnet) create_default_listeners(lb['LoadBalancerArn']) with self.assertRaisesRegex(ListenerNotFoundException, 'Could not find a listener for port 1234'): self.uploader.assign_certificate('alb', 'arn', lb_port=1234)
def test_get_load_balancer_alb(self): # Create vpc resources vpc, subnet = create_vpc_resources() # Create load balancer create_alb('test-alb', subnet) # Get load balancer and validate lb_info, is_alb = self.uploader.get_load_balancer('test-alb') self.assertTrue(is_alb) self.assertEqual(lb_info['LoadBalancerName'], 'test-alb')
def test_acm_parser_attach_new_certificate(self, mock_print, mock_input, mock_args, mock_sleep): # Create load balancer elb = boto3.client('elb') vpc, subnet = create_vpc_resources() create_elb('test-lb', subnet) # Get LB info lb_info = elb.describe_load_balancers( LoadBalancerNames=['test-lb'])['LoadBalancerDescriptions'][0] # Check certificate self.assertEqual( 'fake-certificate', lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId']) # Run CLI. This should not raise any exceptions cli.main() for i in range(10, 0, -1): self.assertIn( call('Waiting for certificate to propagate... %d' % i), mock_print.mock_calls) self.assertEqual(10, mock_sleep.call_count) arn = None for item in mock_print.mock_calls: arn_match = re.match( '\tARN: (arn:aws:acm:.+:\\d+:certificate/.+)$', item.args[0]) if arn_match: arn = arn_match.group(1) break # Should be able to describe certificate without raising an exception self.assertIsNotNone(arn) acm = boto3.client('acm') acm.describe_certificate(CertificateArn=arn) # Verify ELB has the certificate assigned lb_info = elb.describe_load_balancers( LoadBalancerNames=['test-lb'])['LoadBalancerDescriptions'][0] # Check certificate self.assertEqual( arn, lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
def test_iam_parser_attach_existing_certificate(self, mock_input, mock_args): certificate, private_key, ca_certificate = generate_pem_data( self.certificate, self.private_key, self.ca_certificate) # Create certificate iam = boto3.client('iam') arn = iam.upload_server_certificate( Path='/test/', ServerCertificateName='tester', CertificateBody=certificate.decode('utf-8'), PrivateKey=private_key.decode('utf-8'), CertificateChain=ca_certificate.decode( 'utf-8'))['ServerCertificateMetadata']['Arn'] # Create load balancer elb = boto3.client('elb') vpc, subnet = create_vpc_resources() create_elb('test-lb-iam', subnet) # Get LB info lb_info = elb.describe_load_balancers( LoadBalancerNames=['test-lb-iam'])['LoadBalancerDescriptions'][0] # Check certificate self.assertEqual( 'fake-certificate', lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId']) # Run CLI. This should not raise any exceptions cli.main() # Verify ELB has the certificate assigned lb_info = elb.describe_load_balancers( LoadBalancerNames=['test-lb-iam'])['LoadBalancerDescriptions'][0] # Check certificate self.assertEqual( arn, lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
def test_acm_parser_attach_existing_certificate(self, mock_input, mock_args): certificate, private_key, ca_certificate = generate_pem_data( self.certificate, self.private_key, self.ca_certificate) # Create certificate acm = boto3.client('acm') arn = acm.import_certificate( Certificate=certificate, PrivateKey=private_key, CertificateChain=ca_certificate)['CertificateArn'] mock_args.return_value.certificate_arn = arn # Create load balancer elb = boto3.client('elb') vpc, subnet = create_vpc_resources() create_elb('test-lb', subnet) # Get LB info lb_info = elb.describe_load_balancers( LoadBalancerNames=['test-lb'])['LoadBalancerDescriptions'][0] # Check certificate self.assertEqual( 'fake-certificate', lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId']) # Run CLI. This should not raise any exceptions cli.main() # Verify ELB has the certificate assigned lb_info = elb.describe_load_balancers( LoadBalancerNames=['test-lb'])['LoadBalancerDescriptions'][0] # Check certificate self.assertEqual( arn, lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])