def test_brkt_env_update(self):
""" Test that the Bracket environment is passed through to metavisor
user data.
"""
aws_svc, encryptor_image, guest_image = build_aws_service()
encrypted_ami_id = encrypt_ami.encrypt(
aws_svc=aws_svc,
enc_svc_cls=DummyEncryptorService,
image_id=guest_image.id,
encryptor_ami=encryptor_image.id)
api_host_port = 'api.example.com:777'
hsmproxy_host_port = 'hsmproxy.example.com:888'
cli_args = '--brkt-env %s,%s' % (api_host_port, hsmproxy_host_port)
values = instance_config_args_to_values(cli_args)
brkt_env = brkt_cli.brkt_env_from_values(values)
ic = make_instance_config(values, brkt_env)
def run_instance_callback(args):
if args.image_id == encryptor_image.id:
brkt_config = self._get_brkt_config_from_mime(args.user_data)
d = json.loads(brkt_config)
self.assertEquals(api_host_port, d['brkt']['api_host'])
self.assertEquals(hsmproxy_host_port,
d['brkt']['hsmproxy_host'])
self.assertEquals('updater', d['brkt']['solo_mode'])
aws_svc.run_instance_callback = run_instance_callback
update_ami(aws_svc,
encrypted_ami_id,
encryptor_image.id,
'Test updated AMI',
enc_svc_class=DummyEncryptorService,
instance_config=ic)
def test_security_group_eventual_consistency(self):
""" Test that we handle eventually consistency issues when creating
a temporary security group.
"""
aws_svc, encryptor_image, guest_image = build_aws_service()
encrypted_ami_id = encrypt_ami.encrypt(
aws_svc=aws_svc,
enc_svc_cls=DummyEncryptorService,
image_id=guest_image.id,
encryptor_ami=encryptor_image.id)
self.call_count = 0
def run_instance_callback(args):
if args.image_id == encryptor_image.id:
self.call_count += 1
if self.call_count < 3:
# Simulate eventual consistency error while creating
# security group.
e = EC2ResponseError(None, None)
e.error_code = 'InvalidGroup.NotFound'
raise e
aws_svc.run_instance_callback = run_instance_callback
update_ami(aws_svc,
encrypted_ami_id,
encryptor_image.id,
'Test updated AMI',
enc_svc_class=DummyEncryptorService)
self.assertEqual(3, self.call_count)
def test_security_group_eventual_consistency(self):
""" Test that we handle eventually consistency issues when creating
a temporary security group.
"""
aws_svc, encryptor_image, guest_image = build_aws_service()
encrypted_ami_id = encrypt_ami.encrypt(
aws_svc=aws_svc,
enc_svc_cls=DummyEncryptorService,
image_id=guest_image.id,
encryptor_ami=encryptor_image.id
)
self.call_count = 0
def run_instance_callback(args):
if args.image_id == encryptor_image.id:
self.call_count += 1
if self.call_count < 3:
# Simulate eventual consistency error while creating
# security group.
e = EC2ResponseError(None, None)
e.error_code = 'InvalidGroup.NotFound'
raise e
aws_svc.run_instance_callback = run_instance_callback
update_ami(
aws_svc, encrypted_ami_id, encryptor_image.id,
'Test updated AMI',
enc_svc_class=DummyEncryptorService
)
self.assertEqual(3, self.call_count)
def test_guest_instance_type(self):
""" Test that the guest instance type is passed through
to run_instance().
"""
aws_svc, encryptor_image, guest_image = \
test_aws_service.build_aws_service()
encrypted_ami_id = encrypt_ami.encrypt(
aws_svc=aws_svc,
enc_svc_cls=DummyEncryptorService,
image_id=guest_image.id,
encryptor_ami=encryptor_image.id)
def run_instance_callback(args):
if args.image_id == encrypted_ami_id:
self.assertEqual('t2.micro', args.instance_type)
elif args.image_id == encryptor_image.id:
self.assertEqual('m3.medium', args.instance_type)
else:
self.fail('Unexpected image: ' + args.image_id)
aws_svc.run_instance_callback = run_instance_callback
update_ami(aws_svc,
encrypted_ami_id,
encryptor_image.id,
'Test updated AMI',
subnet_id='subnet-1',
security_group_ids=['sg-1', 'sg-2'],
enc_svc_class=DummyEncryptorService,
guest_instance_type='t2.micro')
def test_guest_instance_type(self):
""" Test that the guest instance type is passed through
to run_instance().
"""
aws_svc, encryptor_image, guest_image = \
test_aws_service.build_aws_service()
encrypted_ami_id = encrypt_ami.encrypt(
aws_svc=aws_svc,
enc_svc_cls=DummyEncryptorService,
image_id=guest_image.id,
encryptor_ami=encryptor_image.id
)
def run_instance_callback(args):
if args.image_id == encrypted_ami_id:
self.assertEqual('t2.micro', args.instance_type)
elif args.image_id == encryptor_image.id:
self.assertEqual('m3.medium', args.instance_type)
else:
self.fail('Unexpected image: ' + args.image_id)
aws_svc.run_instance_callback = run_instance_callback
update_ami(
aws_svc, encrypted_ami_id, encryptor_image.id, 'Test updated AMI',
subnet_id='subnet-1', security_group_ids=['sg-1', 'sg-2'],
enc_svc_class=DummyEncryptorService, guest_instance_type='t2.micro'
)
def test_brkt_env_update(self):
""" Test that the Bracket environment is passed through to metavisor
user data.
"""
aws_svc, encryptor_image, guest_image = build_aws_service()
encrypted_ami_id = encrypt_ami.encrypt(
aws_svc=aws_svc,
enc_svc_cls=DummyEncryptorService,
image_id=guest_image.id,
encryptor_ami=encryptor_image.id
)
api_host_port = 'api.example.com:777'
hsmproxy_host_port = 'hsmproxy.example.com:888'
network_host_port = 'network.example.com:999'
cli_args = '--brkt-env %s,%s,%s' % (api_host_port, hsmproxy_host_port,
network_host_port)
values = instance_config_args_to_values(cli_args)
ic = instance_config_from_values(values)
def run_instance_callback(args):
if args.image_id == encryptor_image.id:
brkt_config = self._get_brkt_config_from_mime(args.user_data)
d = json.loads(brkt_config)
self.assertEquals(
api_host_port,
d['brkt']['api_host']
)
self.assertEquals(
hsmproxy_host_port,
d['brkt']['hsmproxy_host']
)
self.assertEquals(
network_host_port,
d['brkt']['network_host']
)
self.assertEquals(
'updater',
d['brkt']['solo_mode']
)
aws_svc.run_instance_callback = run_instance_callback
update_ami(
aws_svc, encrypted_ami_id, encryptor_image.id,
'Test updated AMI',
enc_svc_class=DummyEncryptorService,
instance_config=ic
)
def test_subnet_and_security_groups(self):
""" Test that the subnet and security group ids are passed through
to run_instance().
"""
aws_svc, encryptor_image, guest_image = build_aws_service()
encrypted_ami_id = encrypt_ami.encrypt(
aws_svc=aws_svc,
enc_svc_cls=DummyEncryptorService,
image_id=guest_image.id,
encryptor_ami=encryptor_image.id)
self.call_count = 0
def run_instance_callback(args):
if args.image_id == encryptor_image.id:
self.call_count += 1
self.assertEqual('subnet-1', args.subnet_id)
self.assertEqual(['sg-1', 'sg-2'], args.security_group_ids)
aws_svc.run_instance_callback = run_instance_callback
ami_id = update_ami(aws_svc,
encrypted_ami_id,
encryptor_image.id,
'Test updated AMI',
subnet_id='subnet-1',
security_group_ids=['sg-1', 'sg-2'],
enc_svc_class=DummyEncryptorService)
self.assertEqual(1, self.call_count)
self.assertIsNotNone(ami_id)
def test_subnet_and_security_groups(self):
""" Test that the subnet and security group ids are passed through
to run_instance().
"""
aws_svc, encryptor_image, guest_image = build_aws_service()
encrypted_ami_id = encrypt_ami.encrypt(
aws_svc=aws_svc,
enc_svc_cls=DummyEncryptorService,
image_id=guest_image.id,
encryptor_ami=encryptor_image.id
)
self.call_count = 0
def run_instance_callback(args):
if args.image_id == encryptor_image.id:
self.call_count += 1
self.assertEqual('subnet-1', args.subnet_id)
self.assertEqual(['sg-1', 'sg-2'], args.security_group_ids)
aws_svc.run_instance_callback = run_instance_callback
ami_id = update_ami(
aws_svc, encrypted_ami_id, encryptor_image.id,
'Test updated AMI',
subnet_id='subnet-1', security_group_ids=['sg-1', 'sg-2'],
enc_svc_class=DummyEncryptorService
)
self.assertEqual(1, self.call_count)
self.assertIsNotNone(ami_id)
def test_update_error_console_output(self):
""" Test that when an update failure occurs, we write the
console log to a temp file.
"""
aws_svc, encryptor_image, guest_image = build_aws_service()
encrypted_ami_id = encrypt_ami.encrypt(
aws_svc=aws_svc,
enc_svc_cls=DummyEncryptorService,
image_id=guest_image.id,
encryptor_ami=encryptor_image.id
)
# Create callbacks that make sure that we stop the updater
# instance before collecting logs.
self.updater_instance = None
def run_instance_callback(args):
if args.image_id == encryptor_image.id:
self.updater_instance = args.instance
self.updater_stopped = False
def stop_instance_callback(instance):
if (self.updater_instance and
instance.id == self.updater_instance.id):
self.updater_stopped = True
aws_svc.run_instance_callback = run_instance_callback
aws_svc.stop_instance_callback = stop_instance_callback
try:
update_ami(
aws_svc, encrypted_ami_id, encryptor_image.id,
'Test updated AMI',
enc_svc_class=FailedEncryptionService
)
self.fail('Update should have failed')
except encryptor_service.EncryptionError as e:
with open(e.console_output_file.name) as f:
content = f.read()
self.assertEquals(
test_aws_service.CONSOLE_OUTPUT_TEXT, content)
os.remove(e.console_output_file.name)
self.assertTrue(self.updater_stopped)
def test_update_error_console_output(self):
""" Test that when an update failure occurs, we write the
console log to a temp file.
"""
aws_svc, encryptor_image, guest_image = build_aws_service()
encrypted_ami_id = encrypt_ami.encrypt(
aws_svc=aws_svc,
enc_svc_cls=DummyEncryptorService,
image_id=guest_image.id,
encryptor_ami=encryptor_image.id)
# Create callbacks that make sure that we stop the updater
# instance before collecting logs.
self.updater_instance = None
def run_instance_callback(args):
if args.image_id == encryptor_image.id:
self.updater_instance = args.instance
self.updater_stopped = False
def stop_instance_callback(instance):
if (self.updater_instance
and instance.id == self.updater_instance.id):
self.updater_stopped = True
aws_svc.run_instance_callback = run_instance_callback
aws_svc.stop_instance_callback = stop_instance_callback
try:
update_ami(aws_svc,
encrypted_ami_id,
encryptor_image.id,
'Test updated AMI',
enc_svc_class=FailedEncryptionService)
self.fail('Update should have failed')
except encryptor_service.EncryptionError as e:
with open(e.console_output_file.name) as f:
content = f.read()
self.assertEquals(test_aws_service.CONSOLE_OUTPUT_TEXT,
content)
os.remove(e.console_output_file.name)
self.assertTrue(self.updater_stopped)