def test_validate_encryptor_ami(self): """ Test validation of the encryptor AMI. """ aws_svc = test_aws_service.DummyAWSService() image = Image() image.id = new_id() image.name = 'brkt-avatar' aws_svc.images[image.id] = image # Valid image. brkt_cli.aws._validate_encryptor_ami(aws_svc, image.id) # Unexpected name. image.name = 'foobar' with self.assertRaises(ValidationError): brkt_cli.aws._validate_encryptor_ami(aws_svc, image.id) # Invalid id. id = new_id() with self.assertRaises(ValidationError): brkt_cli.aws._validate_encryptor_ami(aws_svc, id) # Service returned None. Apparently this can happen when the account # does not have access to the image. aws_svc.images[id] = None with self.assertRaises(ValidationError): brkt_cli.aws._validate_encryptor_ami(aws_svc, id)
def test_validate_encryptor_ami(self): """ Test validation of the encryptor AMI. """ aws_svc = test_aws_service.DummyAWSService() image = Image() image.id = new_id() image.name = 'brkt-avatar' aws_svc.images[image.id] = image # Valid image. brkt_cli.aws._validate_encryptor_ami(aws_svc, image.id) # Unexpected name. image.name = 'foobar' with self.assertRaises(ValidationError): brkt_cli.aws._validate_encryptor_ami(aws_svc, image.id) # Invalid id. id = new_id() with self.assertRaises(ValidationError): brkt_cli.aws._validate_encryptor_ami(aws_svc, id) # Service returned None. Apparently this can happen when the account # does not have access to the image. aws_svc.images[id] = None with self.assertRaises(ValidationError): brkt_cli.aws._validate_encryptor_ami(aws_svc, id)
def test_validate_guest_image(self): """ Test validation of an encrypted guest image. """ image = Image() image.id = new_id() old_encryptor_id = new_id() new_encryptor_id = new_id() image.tags[encrypt_ami.TAG_ENCRYPTOR] = 'True' image.tags[encrypt_ami.TAG_ENCRYPTOR_AMI] = old_encryptor_id aws_svc = test_aws_service.DummyAWSService() aws_svc.images[image.id] = image # Missing tag. with self.assertRaises(ValidationError): brkt_cli.aws._validate_guest_encrypted_ami(aws_svc, image.id, new_encryptor_id) # No missing tag. image.tags[encrypt_ami.TAG_ENCRYPTOR_SESSION_ID] = new_id() result = brkt_cli.aws._validate_guest_encrypted_ami( aws_svc, image.id, new_encryptor_id) self.assertEquals(image, result) # Attempting to encrypt with the same encryptor AMI. with self.assertRaises(ValidationError): brkt_cli.aws._validate_guest_encrypted_ami(aws_svc, image.id, old_encryptor_id) # Invalid image ID. with self.assertRaises(ValidationError): brkt_cli.aws._validate_guest_encrypted_ami(aws_svc, 'ami-123456', new_encryptor_id)
def test_validate_guest_image(self): """ Test validation of an encrypted guest image. """ image = Image() image.id = new_id() old_encryptor_id = new_id() new_encryptor_id = new_id() image.tags[encrypt_ami.TAG_ENCRYPTOR] = 'True' image.tags[encrypt_ami.TAG_ENCRYPTOR_AMI] = old_encryptor_id aws_svc = test_aws_service.DummyAWSService() aws_svc.images[image.id] = image # Missing tag. with self.assertRaises(ValidationError): brkt_cli.aws._validate_guest_encrypted_ami( aws_svc, image.id, new_encryptor_id) # No missing tag. image.tags[encrypt_ami.TAG_ENCRYPTOR_SESSION_ID] = new_id() result = brkt_cli.aws._validate_guest_encrypted_ami( aws_svc, image.id, new_encryptor_id) self.assertEquals(image, result) # Attempting to encrypt with the same encryptor AMI. with self.assertRaises(ValidationError): brkt_cli.aws._validate_guest_encrypted_ami( aws_svc, image.id, old_encryptor_id) # Invalid image ID. with self.assertRaises(ValidationError): brkt_cli.aws._validate_guest_encrypted_ami( aws_svc, 'ami-123456', new_encryptor_id )
def test_delete_orphaned_volumes(self): """ Test that we clean up instance volumes that are orphaned by AWS. """ aws_svc, encryptor_image, guest_image = build_aws_service() # Simulate a tagged orphaned volume. volume = Volume() volume.id = test_aws_service.new_id() aws_svc.volumes[volume.id] = volume aws_svc.tagged_volumes.append(volume) # Verify that lookup succeeds before encrypt(). self.assertEqual(volume, aws_svc.get_volume(volume.id)) self.assertEqual([volume], aws_svc.get_volumes( tag_key=encrypt_ami.TAG_ENCRYPTOR_SESSION_ID, tag_value='123')) encrypt_ami.encrypt(aws_svc=aws_svc, enc_svc_cls=DummyEncryptorService, image_id=guest_image.id, encryptor_ami=encryptor_image.id) # Verify that the volume was deleted. self.assertIsNone(aws_svc.volumes.get(volume.id, None))
def test_delete_orphaned_volumes(self): """ Test that we clean up instance volumes that are orphaned by AWS. """ aws_svc, encryptor_image, guest_image = build_aws_service() # Simulate a tagged orphaned volume. volume = Volume() volume.id = test_aws_service.new_id() aws_svc.volumes[volume.id] = volume aws_svc.tagged_volumes.append(volume) # Verify that lookup succeeds before encrypt(). self.assertEqual(volume, aws_svc.get_volume(volume.id)) self.assertEqual( [volume], aws_svc.get_volumes( tag_key=encrypt_ami.TAG_ENCRYPTOR_SESSION_ID, tag_value='123') ) encrypt_ami.encrypt( aws_svc=aws_svc, enc_svc_cls=DummyEncryptorService, image_id=guest_image.id, encryptor_ami=encryptor_image.id ) # Verify that the volume was deleted. self.assertIsNone(aws_svc.volumes.get(volume.id, None))
def test_detect_double_encryption(self): """ Test that we disallow encryption of an already encrypted AMI. """ aws_svc = test_aws_service.DummyAWSService() # Register guest image bdm = BlockDeviceMapping() bdm['/dev/sda1'] = BlockDeviceType() id = aws_svc.register_image( name='Guest image', block_device_map=bdm) guest_image = aws_svc.get_image(id) # Make the guest image look like it was already encrypted and # make sure that validation fails. guest_image.tags[encrypt_ami.TAG_ENCRYPTOR] = 'ami-' + new_id() with self.assertRaises(ValidationError): brkt_cli.aws._validate_guest_ami(aws_svc, id)
def test_detect_double_encryption(self): """ Test that we disallow encryption of an already encrypted AMI. """ aws_svc = test_aws_service.DummyAWSService() # Register guest image bdm = BlockDeviceMapping() bdm['/dev/sda1'] = BlockDeviceType() id = aws_svc.register_image(kernel_id=None, name='Guest image', block_device_map=bdm) guest_image = aws_svc.get_image(id) # Make the guest image look like it was already encrypted and # make sure that validation fails. guest_image.tags[encrypt_ami.TAG_ENCRYPTOR] = 'ami-' + new_id() with self.assertRaises(ValidationError): brkt_cli.aws._validate_guest_ami(aws_svc, id)