Пример #1
0
    def test_brkt_env_update(self):
        """ Test that the Bracket environment is passed through to metavisor
        user data.
        """
        aws_svc, encryptor_image, guest_image = build_aws_service()
        encrypted_ami_id = encrypt_ami.encrypt(
            aws_svc=aws_svc,
            enc_svc_cls=DummyEncryptorService,
            image_id=guest_image.id,
            encryptor_ami=encryptor_image.id)

        api_host_port = 'api.example.com:777'
        hsmproxy_host_port = 'hsmproxy.example.com:888'
        cli_args = '--brkt-env %s,%s' % (api_host_port, hsmproxy_host_port)
        values = instance_config_args_to_values(cli_args)
        brkt_env = brkt_cli.brkt_env_from_values(values)
        ic = make_instance_config(values, brkt_env)

        def run_instance_callback(args):
            if args.image_id == encryptor_image.id:
                brkt_config = self._get_brkt_config_from_mime(args.user_data)
                d = json.loads(brkt_config)
                self.assertEquals(api_host_port, d['brkt']['api_host'])
                self.assertEquals(hsmproxy_host_port,
                                  d['brkt']['hsmproxy_host'])
                self.assertEquals('updater', d['brkt']['solo_mode'])

        aws_svc.run_instance_callback = run_instance_callback
        update_ami(aws_svc,
                   encrypted_ami_id,
                   encryptor_image.id,
                   'Test updated AMI',
                   enc_svc_class=DummyEncryptorService,
                   instance_config=ic)
Пример #2
0
    def test_security_group_eventual_consistency(self):
        """ Test that we handle eventually consistency issues when creating
        a temporary security group.
        """
        aws_svc, encryptor_image, guest_image = build_aws_service()
        encrypted_ami_id = encrypt_ami.encrypt(
            aws_svc=aws_svc,
            enc_svc_cls=DummyEncryptorService,
            image_id=guest_image.id,
            encryptor_ami=encryptor_image.id)

        self.call_count = 0

        def run_instance_callback(args):
            if args.image_id == encryptor_image.id:
                self.call_count += 1
                if self.call_count < 3:
                    # Simulate eventual consistency error while creating
                    # security group.
                    e = EC2ResponseError(None, None)
                    e.error_code = 'InvalidGroup.NotFound'
                    raise e

        aws_svc.run_instance_callback = run_instance_callback
        update_ami(aws_svc,
                   encrypted_ami_id,
                   encryptor_image.id,
                   'Test updated AMI',
                   enc_svc_class=DummyEncryptorService)
        self.assertEqual(3, self.call_count)
Пример #3
0
    def test_security_group_eventual_consistency(self):
        """ Test that we handle eventually consistency issues when creating
        a temporary security group.
        """
        aws_svc, encryptor_image, guest_image = build_aws_service()
        encrypted_ami_id = encrypt_ami.encrypt(
            aws_svc=aws_svc,
            enc_svc_cls=DummyEncryptorService,
            image_id=guest_image.id,
            encryptor_ami=encryptor_image.id
        )

        self.call_count = 0

        def run_instance_callback(args):
            if args.image_id == encryptor_image.id:
                self.call_count += 1
                if self.call_count < 3:
                    # Simulate eventual consistency error while creating
                    # security group.
                    e = EC2ResponseError(None, None)
                    e.error_code = 'InvalidGroup.NotFound'
                    raise e

        aws_svc.run_instance_callback = run_instance_callback
        update_ami(
            aws_svc, encrypted_ami_id, encryptor_image.id,
            'Test updated AMI',
            enc_svc_class=DummyEncryptorService
        )
        self.assertEqual(3, self.call_count)
Пример #4
0
    def test_guest_instance_type(self):
        """ Test that the guest instance type is passed through
        to run_instance().
        """
        aws_svc, encryptor_image, guest_image = \
            test_aws_service.build_aws_service()
        encrypted_ami_id = encrypt_ami.encrypt(
            aws_svc=aws_svc,
            enc_svc_cls=DummyEncryptorService,
            image_id=guest_image.id,
            encryptor_ami=encryptor_image.id)

        def run_instance_callback(args):
            if args.image_id == encrypted_ami_id:
                self.assertEqual('t2.micro', args.instance_type)
            elif args.image_id == encryptor_image.id:
                self.assertEqual('m3.medium', args.instance_type)
            else:
                self.fail('Unexpected image: ' + args.image_id)

        aws_svc.run_instance_callback = run_instance_callback
        update_ami(aws_svc,
                   encrypted_ami_id,
                   encryptor_image.id,
                   'Test updated AMI',
                   subnet_id='subnet-1',
                   security_group_ids=['sg-1', 'sg-2'],
                   enc_svc_class=DummyEncryptorService,
                   guest_instance_type='t2.micro')
Пример #5
0
    def test_guest_instance_type(self):
        """ Test that the guest instance type is passed through
        to run_instance().
        """
        aws_svc, encryptor_image, guest_image = \
            test_aws_service.build_aws_service()
        encrypted_ami_id = encrypt_ami.encrypt(
            aws_svc=aws_svc,
            enc_svc_cls=DummyEncryptorService,
            image_id=guest_image.id,
            encryptor_ami=encryptor_image.id
        )

        def run_instance_callback(args):
            if args.image_id == encrypted_ami_id:
                self.assertEqual('t2.micro', args.instance_type)
            elif args.image_id == encryptor_image.id:
                self.assertEqual('m3.medium', args.instance_type)
            else:
                self.fail('Unexpected image: ' + args.image_id)

        aws_svc.run_instance_callback = run_instance_callback
        update_ami(
            aws_svc, encrypted_ami_id, encryptor_image.id, 'Test updated AMI',
            subnet_id='subnet-1', security_group_ids=['sg-1', 'sg-2'],
            enc_svc_class=DummyEncryptorService, guest_instance_type='t2.micro'
        )
Пример #6
0
    def test_brkt_env_update(self):
        """ Test that the Bracket environment is passed through to metavisor
        user data.
        """
        aws_svc, encryptor_image, guest_image = build_aws_service()
        encrypted_ami_id = encrypt_ami.encrypt(
            aws_svc=aws_svc,
            enc_svc_cls=DummyEncryptorService,
            image_id=guest_image.id,
            encryptor_ami=encryptor_image.id
        )

        api_host_port = 'api.example.com:777'
        hsmproxy_host_port = 'hsmproxy.example.com:888'
        network_host_port = 'network.example.com:999'
        cli_args = '--brkt-env %s,%s,%s' % (api_host_port, hsmproxy_host_port,
                                         network_host_port)
        values = instance_config_args_to_values(cli_args)
        ic = instance_config_from_values(values)

        def run_instance_callback(args):
            if args.image_id == encryptor_image.id:
                brkt_config = self._get_brkt_config_from_mime(args.user_data)
                d = json.loads(brkt_config)
                self.assertEquals(
                    api_host_port,
                    d['brkt']['api_host']
                )
                self.assertEquals(
                    hsmproxy_host_port,
                    d['brkt']['hsmproxy_host']
                )
                self.assertEquals(
                    network_host_port,
                    d['brkt']['network_host']
                )
                self.assertEquals(
                    'updater',
                    d['brkt']['solo_mode']
                )

        aws_svc.run_instance_callback = run_instance_callback
        update_ami(
            aws_svc, encrypted_ami_id, encryptor_image.id,
            'Test updated AMI',
            enc_svc_class=DummyEncryptorService,
            instance_config=ic
        )
Пример #7
0
    def test_subnet_and_security_groups(self):
        """ Test that the subnet and security group ids are passed through
        to run_instance().
        """
        aws_svc, encryptor_image, guest_image = build_aws_service()
        encrypted_ami_id = encrypt_ami.encrypt(
            aws_svc=aws_svc,
            enc_svc_cls=DummyEncryptorService,
            image_id=guest_image.id,
            encryptor_ami=encryptor_image.id)

        self.call_count = 0

        def run_instance_callback(args):
            if args.image_id == encryptor_image.id:
                self.call_count += 1
                self.assertEqual('subnet-1', args.subnet_id)
                self.assertEqual(['sg-1', 'sg-2'], args.security_group_ids)

        aws_svc.run_instance_callback = run_instance_callback
        ami_id = update_ami(aws_svc,
                            encrypted_ami_id,
                            encryptor_image.id,
                            'Test updated AMI',
                            subnet_id='subnet-1',
                            security_group_ids=['sg-1', 'sg-2'],
                            enc_svc_class=DummyEncryptorService)

        self.assertEqual(1, self.call_count)
        self.assertIsNotNone(ami_id)
Пример #8
0
    def test_subnet_and_security_groups(self):
        """ Test that the subnet and security group ids are passed through
        to run_instance().
        """
        aws_svc, encryptor_image, guest_image = build_aws_service()
        encrypted_ami_id = encrypt_ami.encrypt(
            aws_svc=aws_svc,
            enc_svc_cls=DummyEncryptorService,
            image_id=guest_image.id,
            encryptor_ami=encryptor_image.id
        )

        self.call_count = 0

        def run_instance_callback(args):
            if args.image_id == encryptor_image.id:
                self.call_count += 1
                self.assertEqual('subnet-1', args.subnet_id)
                self.assertEqual(['sg-1', 'sg-2'], args.security_group_ids)

        aws_svc.run_instance_callback = run_instance_callback
        ami_id = update_ami(
            aws_svc, encrypted_ami_id, encryptor_image.id,
            'Test updated AMI',
            subnet_id='subnet-1', security_group_ids=['sg-1', 'sg-2'],
            enc_svc_class=DummyEncryptorService
        )

        self.assertEqual(1, self.call_count)
        self.assertIsNotNone(ami_id)
Пример #9
0
    def test_update_error_console_output(self):
        """ Test that when an update failure occurs, we write the
        console log to a temp file.
        """
        aws_svc, encryptor_image, guest_image = build_aws_service()

        encrypted_ami_id = encrypt_ami.encrypt(
            aws_svc=aws_svc,
            enc_svc_cls=DummyEncryptorService,
            image_id=guest_image.id,
            encryptor_ami=encryptor_image.id
        )

        # Create callbacks that make sure that we stop the updater
        # instance before collecting logs.
        self.updater_instance = None

        def run_instance_callback(args):
            if args.image_id == encryptor_image.id:
                self.updater_instance = args.instance

        self.updater_stopped = False

        def stop_instance_callback(instance):
            if (self.updater_instance and
                    instance.id == self.updater_instance.id):
                self.updater_stopped = True

        aws_svc.run_instance_callback = run_instance_callback
        aws_svc.stop_instance_callback = stop_instance_callback

        try:
            update_ami(
                aws_svc, encrypted_ami_id, encryptor_image.id,
                'Test updated AMI',
                enc_svc_class=FailedEncryptionService
            )
            self.fail('Update should have failed')
        except encryptor_service.EncryptionError as e:
            with open(e.console_output_file.name) as f:
                content = f.read()
                self.assertEquals(
                    test_aws_service.CONSOLE_OUTPUT_TEXT, content)
            os.remove(e.console_output_file.name)

        self.assertTrue(self.updater_stopped)
Пример #10
0
    def test_update_error_console_output(self):
        """ Test that when an update failure occurs, we write the
        console log to a temp file.
        """
        aws_svc, encryptor_image, guest_image = build_aws_service()

        encrypted_ami_id = encrypt_ami.encrypt(
            aws_svc=aws_svc,
            enc_svc_cls=DummyEncryptorService,
            image_id=guest_image.id,
            encryptor_ami=encryptor_image.id)

        # Create callbacks that make sure that we stop the updater
        # instance before collecting logs.
        self.updater_instance = None

        def run_instance_callback(args):
            if args.image_id == encryptor_image.id:
                self.updater_instance = args.instance

        self.updater_stopped = False

        def stop_instance_callback(instance):
            if (self.updater_instance
                    and instance.id == self.updater_instance.id):
                self.updater_stopped = True

        aws_svc.run_instance_callback = run_instance_callback
        aws_svc.stop_instance_callback = stop_instance_callback

        try:
            update_ami(aws_svc,
                       encrypted_ami_id,
                       encryptor_image.id,
                       'Test updated AMI',
                       enc_svc_class=FailedEncryptionService)
            self.fail('Update should have failed')
        except encryptor_service.EncryptionError as e:
            with open(e.console_output_file.name) as f:
                content = f.read()
                self.assertEquals(test_aws_service.CONSOLE_OUTPUT_TEXT,
                                  content)
            os.remove(e.console_output_file.name)

        self.assertTrue(self.updater_stopped)