def test_create_ca_conf_with_awsprofile_no_credentials_found( mocker, caplog, tmpdir): mocker.patch('watchdog.get_aws_security_credentials', return_value=None) watchdog.create_ca_conf(None, None, str(tmpdir), None, None, None, None, CREDENTIALS_SOURCE, None) assert 'Failed to retrieve AWS security credentials using lookup method: %s' % CREDENTIALS_SOURCE in \ [rec.message for rec in caplog.records][0]
def _create_ca_conf_helper(mocker, tmpdir, current_time, iam=True, ap=True, client_info=True): tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) mount_efs.create_required_directory({}, tls_dict['mount_dir']) tls_dict['certificate_path'] = os.path.join(tls_dict['mount_dir'], 'config.conf') tls_dict['private_key'] = os.path.join(tls_dict['mount_dir'], 'privateKey.pem') tls_dict['public_key'] = os.path.join(tls_dict['mount_dir'], 'publicKey.pem') if iam: with open(tls_dict['public_key'], 'w') as f: f.write(PUBLIC_KEY_BODY) mocker.patch('watchdog.get_aws_security_credentials', return_value=CREDENTIALS) credentials = 'dummy:lookup' if iam else None ap_id = AP_ID if ap else None client_info = CLIENT_INFO if client_info else None full_config_body = watchdog.create_ca_conf(tls_dict['certificate_path'], COMMON_NAME, tls_dict['mount_dir'], tls_dict['private_key'], current_time, REGION, FS_ID, credentials, ap_id, client_info) assert os.path.exists(tls_dict['certificate_path']) return tls_dict, full_config_body
def _test_recreate_certificate_with_invalid_client_source_config( mocker, tmpdir, client_source): config = _get_config(client_info={'source': client_source}) pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig') current_time = mount_efs.get_utc_now() watchdog.recreate_certificate(config, MOUNT_NAME, COMMON_NAME, FS_ID, CREDENTIALS, AP_ID, REGION, base_path=str(tmpdir)) with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f: conf_body = f.read() assert conf_body == watchdog.create_ca_conf( tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path, current_time, REGION, FS_ID, CREDENTIALS, AP_ID, None) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem')) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr')) assert os.path.exists( os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def _test_recreate_certificate_with_invalid_client_source_config( mocker, tmpdir, client_source): config = _get_config(client_info={'source': client_source }) if client_source else _get_config() pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig') current_time = mount_efs.get_utc_now() watchdog.recreate_certificate(config, MOUNT_NAME, COMMON_NAME, FS_ID, CREDENTIALS, AP_ID, REGION, base_path=str(tmpdir)) # Any invalid or not given client source should be marked as unknown expected_client_info = { 'source': 'unknown', 'efs_utils_version': watchdog.VERSION } with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f: conf_body = f.read() assert conf_body == watchdog.create_ca_conf( tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path, current_time, REGION, FS_ID, CREDENTIALS, AP_ID, expected_client_info) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem')) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr')) assert os.path.exists( os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def _test_recreate_certificate_with_invalid_client_source_config( mocker, tmpdir, client_source): mocker.patch("watchdog.check_if_running_on_macos", return_value=False) config = (_get_config(client_info={"source": client_source}) if client_source else _get_config()) pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, "tmpConfig") current_time = mount_efs.get_utc_now() watchdog.recreate_certificate( config, MOUNT_NAME, COMMON_NAME, FS_ID, CREDENTIALS, AP_ID, REGION, base_path=str(tmpdir), ) # Any invalid or not given client source should be marked as unknown expected_client_info = { "source": "unknown", "efs_utils_version": watchdog.VERSION } with open(os.path.join(tls_dict["mount_dir"], "config.conf")) as f: conf_body = f.read() assert conf_body == watchdog.create_ca_conf( config, tmp_config_path, COMMON_NAME, tls_dict["mount_dir"], pk_path, current_time, REGION, FS_ID, CREDENTIALS, AP_ID, expected_client_info, ) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem")) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr")) assert os.path.exists( os.path.join(tls_dict["mount_dir"], "certificate.pem"))
def _test_recreate_certificate_with_valid_client_source_config( mocker, tmpdir, client_source): config = _get_config(client_info={"source": client_source}) pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, "tmpConfig") current_time = mount_efs.get_utc_now() watchdog.recreate_certificate( config, MOUNT_NAME, COMMON_NAME, FS_ID, CREDENTIALS, AP_ID, REGION, base_path=str(tmpdir), ) expected_client_info = { "source": client_source, "efs_utils_version": watchdog.VERSION, } with open(os.path.join(tls_dict["mount_dir"], "config.conf")) as f: conf_body = f.read() assert conf_body == watchdog.create_ca_conf( config, tmp_config_path, COMMON_NAME, tls_dict["mount_dir"], pk_path, current_time, REGION, FS_ID, CREDENTIALS, AP_ID, expected_client_info, ) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem")) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr")) assert os.path.exists( os.path.join(tls_dict["mount_dir"], "certificate.pem"))
def _create_ca_conf_helper(mocker, tmpdir, current_time, iam=True, ap=True, client_info=True): config = _get_config() tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) mount_efs.create_required_directory({}, tls_dict["mount_dir"]) tls_dict["certificate_path"] = os.path.join(tls_dict["mount_dir"], "config.conf") tls_dict["private_key"] = os.path.join(tls_dict["mount_dir"], "privateKey.pem") tls_dict["public_key"] = os.path.join(tls_dict["mount_dir"], "publicKey.pem") if iam: with open(tls_dict["public_key"], "w") as f: f.write(PUBLIC_KEY_BODY) mocker.patch("watchdog.get_aws_security_credentials", return_value=CREDENTIALS) credentials = "dummy:lookup" if iam else None ap_id = AP_ID if ap else None client_info = CLIENT_INFO if client_info else None full_config_body = watchdog.create_ca_conf( config, tls_dict["certificate_path"], COMMON_NAME, tls_dict["mount_dir"], tls_dict["private_key"], current_time, REGION, FS_ID, credentials, ap_id, client_info, ) assert os.path.exists(tls_dict["certificate_path"]) return tls_dict, full_config_body
def test_create_ca_conf_with_awsprofile_no_credentials_found(mocker, caplog, tmpdir): mocker.patch('watchdog.get_aws_security_credentials', return_value=None) watchdog.create_ca_conf(None, None, str(tmpdir), None, None, None, None, True, awsprofile='test_profile') assert 'Failed to retrieve AWS security credentials from named profile "%s"' % 'test_profile' in \ [rec.message for rec in caplog.records][0]