def _test_recreate_certificate_with_invalid_client_source_config(
        mocker, tmpdir, client_source):
    config = _get_config(client_info={'source': client_source})
    pk_path = _get_mock_private_key_path(mocker, tmpdir)
    tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
    tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig')
    current_time = mount_efs.get_utc_now()
    watchdog.recreate_certificate(config,
                                  MOUNT_NAME,
                                  COMMON_NAME,
                                  FS_ID,
                                  CREDENTIALS,
                                  AP_ID,
                                  REGION,
                                  base_path=str(tmpdir))

    with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f:
        conf_body = f.read()
        assert conf_body == watchdog.create_ca_conf(
            tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path,
            current_time, REGION, FS_ID, CREDENTIALS, AP_ID, None)
    assert os.path.exists(pk_path)
    assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem'))
    assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr'))
    assert os.path.exists(
        os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def _test_recreate_certificate_with_invalid_client_source_config(
        mocker, tmpdir, client_source):
    config = _get_config(client_info={'source': client_source
                                      }) if client_source else _get_config()
    pk_path = _get_mock_private_key_path(mocker, tmpdir)
    tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
    tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig')
    current_time = mount_efs.get_utc_now()
    watchdog.recreate_certificate(config,
                                  MOUNT_NAME,
                                  COMMON_NAME,
                                  FS_ID,
                                  CREDENTIALS,
                                  AP_ID,
                                  REGION,
                                  base_path=str(tmpdir))

    # Any invalid or not given client source should be marked as unknown
    expected_client_info = {
        'source': 'unknown',
        'efs_utils_version': watchdog.VERSION
    }

    with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f:
        conf_body = f.read()
        assert conf_body == watchdog.create_ca_conf(
            tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path,
            current_time, REGION, FS_ID, CREDENTIALS, AP_ID,
            expected_client_info)
    assert os.path.exists(pk_path)
    assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem'))
    assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr'))
    assert os.path.exists(
        os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def test_recreate_certificate_primary_assets_created(mocker, tmpdir):
    config = _get_config()
    pk_path = _get_mock_private_key_path(mocker, tmpdir)
    tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
    watchdog.recreate_certificate(config, MOUNT_NAME, COMMON_NAME, FS_ID, False, AP_ID, None, REGION, base_path=str(tmpdir))
    assert os.path.exists(pk_path)
    assert not os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem'))
    assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr'))
    assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def _test_recreate_certificate_with_invalid_client_source_config(
        mocker, tmpdir, client_source):
    mocker.patch("watchdog.check_if_running_on_macos", return_value=False)
    config = (_get_config(client_info={"source": client_source})
              if client_source else _get_config())
    pk_path = _get_mock_private_key_path(mocker, tmpdir)
    tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
    tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, "tmpConfig")
    current_time = mount_efs.get_utc_now()
    watchdog.recreate_certificate(
        config,
        MOUNT_NAME,
        COMMON_NAME,
        FS_ID,
        CREDENTIALS,
        AP_ID,
        REGION,
        base_path=str(tmpdir),
    )

    # Any invalid or not given client source should be marked as unknown
    expected_client_info = {
        "source": "unknown",
        "efs_utils_version": watchdog.VERSION
    }

    with open(os.path.join(tls_dict["mount_dir"], "config.conf")) as f:
        conf_body = f.read()
        assert conf_body == watchdog.create_ca_conf(
            config,
            tmp_config_path,
            COMMON_NAME,
            tls_dict["mount_dir"],
            pk_path,
            current_time,
            REGION,
            FS_ID,
            CREDENTIALS,
            AP_ID,
            expected_client_info,
        )
    assert os.path.exists(pk_path)
    assert os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem"))
    assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr"))
    assert os.path.exists(
        os.path.join(tls_dict["mount_dir"], "certificate.pem"))
def _test_recreate_certificate_with_valid_client_source_config(
        mocker, tmpdir, client_source):
    config = _get_config(client_info={"source": client_source})
    pk_path = _get_mock_private_key_path(mocker, tmpdir)
    tls_dict = watchdog.tls_paths_dictionary(MOUNT_NAME, str(tmpdir))
    tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, "tmpConfig")
    current_time = mount_efs.get_utc_now()
    watchdog.recreate_certificate(
        config,
        MOUNT_NAME,
        COMMON_NAME,
        FS_ID,
        CREDENTIALS,
        AP_ID,
        REGION,
        base_path=str(tmpdir),
    )

    expected_client_info = {
        "source": client_source,
        "efs_utils_version": watchdog.VERSION,
    }

    with open(os.path.join(tls_dict["mount_dir"], "config.conf")) as f:
        conf_body = f.read()
        assert conf_body == watchdog.create_ca_conf(
            config,
            tmp_config_path,
            COMMON_NAME,
            tls_dict["mount_dir"],
            pk_path,
            current_time,
            REGION,
            FS_ID,
            CREDENTIALS,
            AP_ID,
            expected_client_info,
        )
    assert os.path.exists(pk_path)
    assert os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem"))
    assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr"))
    assert os.path.exists(
        os.path.join(tls_dict["mount_dir"], "certificate.pem"))