def test_create_ca_conf_with_iam_no_accesspoint(mocker, tmpdir):
current_time = mount_efs.get_utc_now()
tls_dict, full_config_body = _create_ca_conf_helper(mocker,
tmpdir,
current_time,
iam=True,
ap=False,
client_info=True)
ca_extension_body = (
'[ v3_ca ]\n'
'subjectKeyIdentifier = hash\n'
'1.3.6.1.4.1.4843.7.2 = ASN1:SEQUENCE:efs_client_auth\n'
'1.3.6.1.4.1.4843.7.3 = ASN1:UTF8String:%s\n'
'1.3.6.1.4.1.4843.7.4 = ASN1:SEQUENCE:efs_client_info') % (FS_ID)
efs_client_auth_body = watchdog.efs_client_auth_builder(
tls_dict['public_key'], CREDENTIALS['AccessKeyId'],
CREDENTIALS['SecretAccessKey'], current_time, REGION, FS_ID,
CREDENTIALS['Token'])
efs_client_info_body = watchdog.efs_client_info_builder(CLIENT_INFO)
matching_config_body = watchdog.CA_CONFIG_BODY % (
tls_dict['mount_dir'], tls_dict['private_key'], COMMON_NAME,
ca_extension_body, efs_client_auth_body, efs_client_info_body)
assert full_config_body == matching_config_body
def test_create_ca_conf_without_client_info(mocker, tmpdir):
current_time = mount_efs.get_utc_now()
tls_dict, full_config_body = _create_ca_conf_helper(mocker,
tmpdir,
current_time,
iam=True,
ap=True,
client_info=False)
ca_extension_body = (
"[ v3_ca ]\n"
"subjectKeyIdentifier = hash\n"
"1.3.6.1.4.1.4843.7.1 = ASN1:UTF8String:%s\n"
"1.3.6.1.4.1.4843.7.2 = ASN1:SEQUENCE:efs_client_auth\n"
"1.3.6.1.4.1.4843.7.3 = ASN1:UTF8String:%s") % (AP_ID, FS_ID)
efs_client_auth_body = watchdog.efs_client_auth_builder(
tls_dict["public_key"],
CREDENTIALS["AccessKeyId"],
CREDENTIALS["SecretAccessKey"],
current_time,
REGION,
FS_ID,
CREDENTIALS["Token"],
)
efs_client_info_body = ""
matching_config_body = watchdog.CA_CONFIG_BODY % (
tls_dict["mount_dir"],
tls_dict["private_key"],
COMMON_NAME,
ca_extension_body,
efs_client_auth_body,
efs_client_info_body,
)
assert full_config_body == matching_config_body