def test_write_stunnel_config_check_cert_validity_not_supported_ocsp_enabled( mocker, capsys, tmpdir ): mocker.patch("mount_efs.add_stunnel_ca_options") with pytest.raises(SystemExit) as ex: mount_efs.write_stunnel_config_file( _get_config( mocker, stunnel_check_cert_validity_supported=False, stunnel_check_cert_validity=True, ), str(tmpdir), FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL, True, _get_mount_options(), DEFAULT_REGION, ) assert 0 != ex.value.code out, err = capsys.readouterr() assert "WARNING: Your client lacks sufficient controls" in err assert "stunnel_check_cert_validity" in err
def test_write_stunnel_config_check_cert_hostname_not_supported_flag_set_true(mocker, capsys, tmpdir): mocker.patch('mount_efs.add_stunnel_ca_options') with pytest.raises(SystemExit) as ex: mount_efs.write_stunnel_config_file(_get_config(mocker, stunnel_check_cert_hostname_supported=False, stunnel_check_cert_hostname=True), str(tmpdir), FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL, OCSP_ENABLED, _get_mount_options()) assert 0 != ex.value.code out, err = capsys.readouterr() assert 'WARNING: Your client lacks sufficient controls' in err assert 'stunnel_check_cert_hostname' in err
def test_write_stunnel_config_with_fall_back_ip_address(mocker, tmpdir): ca_mocker = mocker.patch("mount_efs.add_stunnel_ca_options") state_file_dir = str(tmpdir) config_file = mount_efs.write_stunnel_config_file( _get_config(mocker), state_file_dir, FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL, OCSP_ENABLED, _get_mount_options(), DEFAULT_REGION, fallback_ip_address=FALLBACK_IP_ADDRESS, ) utils.assert_called_once(ca_mocker) _validate_config( config_file, mount_efs.STUNNEL_GLOBAL_CONFIG, _get_expected_efs_config(fallback_ip_address=FALLBACK_IP_ADDRESS), )
def test_write_stunnel_config_with_debug(mocker, tmpdir): ca_mocker = mocker.patch("mount_efs.add_stunnel_ca_options") state_file_dir = str(tmpdir) config_file = mount_efs.write_stunnel_config_file( _get_config(mocker, stunnel_debug_enabled=True), state_file_dir, FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL, OCSP_ENABLED, _get_mount_options(), DEFAULT_REGION, ) utils.assert_called_once(ca_mocker) expected_global_config = dict(mount_efs.STUNNEL_GLOBAL_CONFIG) expected_global_config["debug"] = "debug" expected_global_config["output"] = os.path.join( mount_efs.LOG_DIR, "%s.stunnel.log" % mount_efs.get_mount_specific_filename(FS_ID, MOUNT_POINT, PORT), ) _validate_config(config_file, expected_global_config, _get_expected_efs_config())
def _test_disable_libwrap( mocker, tmpdir, system_release="unknown", disable_libwrap=True ): mocker.patch("mount_efs.add_stunnel_ca_options") ver_mocker = mocker.patch( "mount_efs.get_system_release_version", return_value=system_release ) config_file = mount_efs.write_stunnel_config_file( _get_config(mocker), str(tmpdir), FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL, OCSP_ENABLED, _get_mount_options(), DEFAULT_REGION, ) utils.assert_called_once(ver_mocker) _validate_config( config_file, mount_efs.STUNNEL_GLOBAL_CONFIG, _get_expected_efs_config(disable_libwrap=disable_libwrap), )
def _test_check_cert_validity( mocker, tmpdir, stunnel_check_cert_validity_supported, stunnel_check_cert_validity, expected_check_cert_validity_config_value, ): ca_mocker = mocker.patch("mount_efs.add_stunnel_ca_options") config_file = mount_efs.write_stunnel_config_file( _get_config( mocker, stunnel_check_cert_validity_supported=stunnel_check_cert_validity_supported, ), str(tmpdir), FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL, stunnel_check_cert_validity, _get_mount_options(), DEFAULT_REGION, ) utils.assert_called_once(ca_mocker) _validate_config( config_file, mount_efs.STUNNEL_GLOBAL_CONFIG, _get_expected_efs_config( check_cert_validity=expected_check_cert_validity_config_value ), )
def test_write_stunnel_config_without_check_cert_status( mocker, capsys, tmpdir): ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options') with pytest.raises(SystemExit) as ex: mount_efs.write_stunnel_config_file( _get_config(mocker, stunnel_check_cert_validity_supported=False, stunnel_check_cert_validity=True), str(tmpdir), FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL) assert 0 != ex.value.code out, err = capsys.readouterr() assert 'WARNING: Your client lacks sufficient controls' in err assert 'stunnel_check_cert_validity' in err
def _test_write_stunnel_config_file(mocker, tmpdir): ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options') state_file_dir = str(tmpdir) config_file = mount_efs.write_stunnel_config_file(_get_config(mocker), state_file_dir, FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL, OCSP_ENABLED, _get_mount_options()) utils.assert_called_once(ca_mocker) _validate_config(config_file, mount_efs.STUNNEL_GLOBAL_CONFIG, _get_expected_efs_config())
def test_write_stunnel_config_with_check_cert_status(mocker, tmpdir): ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options') config_file = mount_efs.write_stunnel_config_file( _get_config(mocker, stunnel_check_cert_validity=True), str(tmpdir), FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL) ca_mocker.assert_called_once() _validate_config(config_file, mount_efs.STUNNEL_GLOBAL_CONFIG, _get_expected_efs_config(check_cert_status=True))
def test_write_stunnel_config_with_verify_level(mocker, tmpdir): ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options') verify = 0 config_file = mount_efs.write_stunnel_config_file(_get_config(mocker, stunnel_check_cert_validity=True), str(tmpdir), FS_ID, MOUNT_POINT, PORT, DNS_NAME, verify, OCSP_ENABLED, _get_mount_options()) utils.assert_not_called(ca_mocker) _validate_config(config_file, mount_efs.STUNNEL_GLOBAL_CONFIG, _get_expected_efs_config(check_cert_validity=False, verify=verify))
def test_write_stunnel_config_with_verify(mocker, tmpdir): ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options') state_file_dir = str(tmpdir) config_file = mount_efs.write_stunnel_config_file( _get_config(), state_file_dir, FS_ID, MOUNT_POINT, PORT, DNS_NAME, _get_mount_options(verify=0)) ca_mocker.assert_not_called() _validate_config(config_file, mount_efs.STUNNEL_GLOBAL_CONFIG, _get_expected_efs_config(verify=0))
def test_write_stunnel_config_file_with_az_as_dns_name(mocker, tmpdir): ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options') state_file_dir = str(tmpdir) config_file = mount_efs.write_stunnel_config_file( _get_config(mocker), state_file_dir, FS_ID, MOUNT_POINT, PORT, DNS_NAME_WITH_AZ, VERIFY_LEVEL, OCSP_ENABLED, _get_mount_options(), DEFAULT_REGION) utils.assert_called_once(ca_mocker) _validate_config(config_file, mount_efs.STUNNEL_GLOBAL_CONFIG, _get_expected_efs_config(dns_name=DNS_NAME_WITH_AZ))
def _test_check_cert_hostname(mocker, tmpdir, stunnel_check_cert_hostname_supported, stunnel_check_cert_hostname, expected_check_cert_hostname_config_value): ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options') config_file = mount_efs.write_stunnel_config_file( _get_config(mocker, stunnel_check_cert_hostname_supported=stunnel_check_cert_hostname_supported, stunnel_check_cert_hostname=stunnel_check_cert_hostname), str(tmpdir), FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL, OCSP_ENABLED, _get_mount_options()) utils.assert_called_once(ca_mocker) _validate_config(config_file, mount_efs.STUNNEL_GLOBAL_CONFIG, _get_expected_efs_config(check_cert_hostname=expected_check_cert_hostname_config_value))
def test_write_stunnel_config_with_debug_and_logs_file(mocker, tmpdir): ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options') state_file_dir = str(tmpdir) config_file = mount_efs.write_stunnel_config_file( _get_config(mocker, stunnel_debug_enabled=True, stunnel_logs_file=STUNNEL_LOGS_FILE), state_file_dir, FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL, OCSP_ENABLED, _get_mount_options(), DEFAULT_REGION) utils.assert_called_once(ca_mocker) expected_global_config = dict(mount_efs.STUNNEL_GLOBAL_CONFIG) expected_global_config['debug'] = 'debug' expected_global_config['output'] = STUNNEL_LOGS_FILE _validate_config(config_file, expected_global_config, _get_expected_efs_config())
def test_write_stunnel_config_with_debug(mocker, tmpdir): ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options') state_file_dir = str(tmpdir) config_file = mount_efs.write_stunnel_config_file( _get_config(mocker, stunnel_debug_enabled=True), state_file_dir, FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL) ca_mocker.assert_called_once() expected_global_config = dict(mount_efs.STUNNEL_GLOBAL_CONFIG) expected_global_config['debug'] = 'debug' expected_global_config['output'] = os.path.join( mount_efs.LOG_DIR, '%s.stunnel.log' % mount_efs.get_mount_specific_filename(FS_ID, MOUNT_POINT, PORT)) _validate_config(config_file, expected_global_config, _get_expected_efs_config())
def _test_check_cert_validity(mocker, tmpdir, stunnel_check_cert_validity_supported, stunnel_check_cert_validity, expected_check_cert_validity_config_value): ca_mocker = mocker.patch('mount_efs.add_stunnel_ca_options') config_file = mount_efs.write_stunnel_config_file( _get_config(mocker, stunnel_check_cert_validity_supported= stunnel_check_cert_validity_supported, stunnel_check_cert_validity=stunnel_check_cert_validity), str(tmpdir), FS_ID, MOUNT_POINT, PORT, DNS_NAME, VERIFY_LEVEL) ca_mocker.assert_called_once() _validate_config( config_file, mount_efs.STUNNEL_GLOBAL_CONFIG, _get_expected_efs_config( check_cert_validity=expected_check_cert_validity_config_value))