def test_update_name():
# update parameter name
name = "/test/parameter-%s" % uuid.uuid4()
request = Request("Create", name)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
physical_resource_id = response["PhysicalResourceId"]
public_key_1 = response["Data"]["PublicKey"]
name_2 = "%s-2" % name
request = Request("Update", name_2, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
assert "Data" in response and "Arn" in response["Data"]
public_key_2 = response["Data"]["PublicKey"]
physical_resource_id_2 = response["PhysicalResourceId"]
assert physical_resource_id != physical_resource_id_2
assert public_key_1 == public_key_2
# delete the parameters
request = Request("Delete", name, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
request = Request("Delete", name, physical_resource_id_2)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
def test_update_private_key():
# create a keypair
name = 'k%s' % uuid.uuid4()
request = Request('Create', name)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
public_key_material = response['Data']['PublicKey']
# update keypair name
name_2 = 'k2%s' % name
request = Request('Update', name_2, physical_resource_id)
request['ResourceProperties']['RefreshOnUpdate'] = True
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
physical_resource_id_2 = response['PhysicalResourceId']
assert physical_resource_id != physical_resource_id_2
public_key_material_2 = response['Data']['PublicKey']
assert public_key_material != public_key_material_2
# delete the keypairs
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
request = Request('Delete', name, physical_resource_id_2)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_and_public():
# create a test parameter
provider = KeyPairProvider()
name = 'k%s' % uuid.uuid4()
request = Request('Create', name)
response = provider.handle(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert provider.is_valid_cfn_response(), response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
assert 'Data' in response
assert 'Arn' in response['Data']
assert response['Data']['Arn'] == physical_resource_id
finger_print_1 = get_finger_print(name)
assert finger_print_1 is not None
# update the material
request = Request('Update', name, physical_resource_id,
KeyPair().public_key_material)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
finger_print_2 = get_finger_print(name)
assert finger_print_2 is not None
assert finger_print_1 != finger_print_2
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_update_private_key():
# create a keypair
name = "k%s" % uuid.uuid4()
request = Request("Create", name)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
physical_resource_id = response["PhysicalResourceId"]
public_key_material = response["Data"]["PublicKey"]
secure_hash = response["Data"]["Hash"]
# update keypair name
name_2 = "k2%s" % name
request = Request("Update", name_2, physical_resource_id)
request["ResourceProperties"]["RefreshOnUpdate"] = True
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
physical_resource_id_2 = response["PhysicalResourceId"]
assert physical_resource_id != physical_resource_id_2
public_key_material_2 = response["Data"]["PublicKey"]
assert public_key_material != public_key_material_2
secure_hash_2 = response["Data"]["Hash"]
assert secure_hash != secure_hash_2
# delete the keypairs
request = Request("Delete", name, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
request = Request("Delete", name, physical_resource_id_2)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
def test_update_secret():
name = 'k%s' % uuid.uuid4()
request = Request('Create', name)
request['ResourceProperties']['ReturnSecret'] = True
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
secret_1 = response['Data']['Secret']
name_2 = 'k2%s' % name
request = Request('Update', name_2, physical_resource_id)
request['ResourceProperties']['RefreshOnUpdate'] = True
request['ResourceProperties']['ReturnSecret'] = True
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
physical_resource_id_2 = response['PhysicalResourceId']
assert physical_resource_id != physical_resource_id_2
secret_2 = response['Data']['Secret']
assert secret_1 != secret_2
# delete secrets
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
request = Request('Delete', name, physical_resource_id_2)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_with_bad_encrypted_values():
# create a test parameter with content value set
name = "/test/parameter-%s" % uuid.uuid4()
request = Request("Create", name)
request["ResourceProperties"]["ReturnSecret"] = True
request["ResourceProperties"]["Description"] = "A encrypted custom secret"
request["ResourceProperties"][
"EncryptedContent"] = "Unencrypted secret here"
response = handler(request, {})
assert response["Status"] == "FAILED", response["Reason"]
assert response["Reason"].startswith(
"EncryptedContent is not base64 encoded")
request["ResourceProperties"]["ReturnSecret"] = True
request["ResourceProperties"]["Description"] = "A encrypted custom secret"
request["ResourceProperties"]["EncryptedContent"] = b64encode(
b"not a KMS encrypted value here").decode("ascii")
response = handler(request, {})
assert response["Status"] == "FAILED", response["Reason"]
assert response["Reason"].startswith(
"An error occurred (InvalidCiphertextException)")
request["ResourceProperties"]["ReturnSecret"] = True
request["ResourceProperties"]["Content"] = "A encrypted custom secret"
request["ResourceProperties"]["EncryptedContent"] = b64encode(
b"not a KMS encrypted value here").decode("ascii")
response = handler(request, {})
assert response["Status"] == "FAILED", response["Reason"]
assert response["Reason"].startswith(
'Specify either "Content" or "EncryptedContent"')
def test_no_echo():
# create a test parameter
name = "/test/parameter-%s" % uuid.uuid4()
request = Request("Create", name)
request["ResourceProperties"]["ReturnSecret"] = True
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "NoEcho" in response
assert response["NoEcho"] == True
physical_resource_id = response["PhysicalResourceId"]
# update NoEcho
request["PhysicalResourceId"] = physical_resource_id
request["ResourceProperties"]["NoEcho"] = False
request["RequestType"] = "Update"
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "NoEcho" in response
assert response["NoEcho"] == False
# delete NoEcho parameter
request["RequestType"] = "Delete"
request = Request("Delete", name, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
def test_create_with_content():
# create a test parameter with content value set
name = "/test/6-parameter-%s" % uuid.uuid4()
secretContent = "Don't read my secret"
request = Request("Create", name)
request["ResourceProperties"]["ReturnSecret"] = True
request["ResourceProperties"]["Description"] = "A custom secret"
request["ResourceProperties"]["Content"] = secretContent
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
physical_resource_id = response["PhysicalResourceId"]
assert isinstance(physical_resource_id, str)
assert "Data" in response
assert "Secret" in response["Data"]
assert "Arn" in response["Data"]
assert "Hash" in response["Data"]
assert "Version" in response["Data"]
assert response["Data"]["Arn"] == physical_resource_id
assert (response["Data"]["Hash"] == hashlib.md5(
response["Data"]["Secret"].encode("utf8")).hexdigest())
assert response["Data"]["Secret"] == secretContent
assert response["Data"]["Version"] == 1
# delete the parameters
request = Request("Delete", name, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
def test_no_echo():
# create a test parameter
name = '/test/parameter-%s' % uuid.uuid4()
request = Request('Create', name)
request['ResourceProperties']['ReturnSecret'] = True
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'NoEcho' in response
assert response['NoEcho'] == True
physical_resource_id = response['PhysicalResourceId']
# update NoEcho
request['PhysicalResourceId'] = physical_resource_id
request['ResourceProperties']['NoEcho'] = False
request['RequestType'] = 'Update'
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'NoEcho' in response
assert response['NoEcho'] == False
# delete NoEcho parameter
request['RequestType'] = 'Delete'
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_update_name():
# create a keypair
name = "k%s" % uuid.uuid4()
request = Request("Create", name)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
physical_resource_id = response["PhysicalResourceId"]
assert response["Data"]["Name"] == name
# update keypair name
name_2 = "k2%s" % name
request = Request("Update", name_2, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
assert response["Data"]["Name"] == name_2
physical_resource_id_2 = response["PhysicalResourceId"]
assert physical_resource_id != physical_resource_id_2
# delete the keypairs
request = Request("Delete", name, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
request = Request("Delete", name, physical_resource_id_2)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
def test_update_name():
# update parameter name
name = '/test/parameter-%s' % uuid.uuid4()
request = Request('Create', name)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
public_key_1 = response['Data']['PublicKey']
name_2 = '%s-2' % name
request = Request('Update', name_2, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
assert 'Data' in response and 'Arn' in response['Data']
public_key_2 = response['Data']['PublicKey']
physical_resource_id_2 = response['PhysicalResourceId']
assert physical_resource_id != physical_resource_id_2
assert public_key_1 == public_key_2
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
request = Request('Delete', name, physical_resource_id_2)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_request_duplicate_through_update():
# update parameter name
name = "/test/parameter-%s" % uuid.uuid4()
request = Request("Create", name)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
physical_resource_id = response["PhysicalResourceId"]
name_2 = "%s-2" % name
request = Request("Create", name_2)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
physical_resource_id_2 = response["PhysicalResourceId"]
request = Request("Update", name, physical_resource_id_2)
response = handler(request, {})
assert response["Status"] == "FAILED", response["Reason"]
# delete the parameters
request = Request("Delete", name, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
request = Request("Delete", name, physical_resource_id_2)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
def test_update_name():
# update parameter name
name = '/test/parameter-%s' % uuid.uuid4()
request = Request('Create', name)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
public_key_1 = response['Data']['PublicKey']
name_2 = '%s-2' % name
request = Request('Update', name_2, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
assert 'Data' in response and 'Arn' in response['Data']
public_key_2 = response['Data']['PublicKey']
physical_resource_id_2 = response['PhysicalResourceId']
assert physical_resource_id != physical_resource_id_2
assert public_key_1 == public_key_2
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
request = Request('Delete', name, physical_resource_id_2)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_request_duplicate_through_update():
# update parameter name
name = '/test/parameter-%s' % uuid.uuid4()
request = Request('Create', name)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
physical_resource_id = response['PhysicalResourceId']
name_2 = '%s-2' % name
request = Request('Create', name_2)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id_2 = response['PhysicalResourceId']
request = Request('Update', name, physical_resource_id_2)
response = handler(request, {})
assert response['Status'] == 'FAILED', response['Reason']
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
request = Request('Delete', name, physical_resource_id_2)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_request_duplicate_through_update():
# update parameter name
name = '/test/parameter-%s' % uuid.uuid4()
request = Request('Create', name)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
physical_resource_id = response['PhysicalResourceId']
name_2 = '%s-2' % name
request = Request('Create', name_2)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id_2 = response['PhysicalResourceId']
request = Request('Update', name, physical_resource_id_2)
response = handler(request, {})
assert response['Status'] == 'FAILED', response['Reason']
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
request = Request('Delete', name, physical_resource_id_2)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_update_private_key():
# create a keypair
name = 'k%s' % uuid.uuid4()
request = Request('Create', name)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
public_key_material = response['Data']['PublicKey']
secure_hash = response['Data']['Hash']
# update keypair name
name_2 = 'k2%s' % name
request = Request('Update', name_2, physical_resource_id)
request['ResourceProperties']['RefreshOnUpdate'] = True
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
physical_resource_id_2 = response['PhysicalResourceId']
assert physical_resource_id != physical_resource_id_2
public_key_material_2 = response['Data']['PublicKey']
assert public_key_material != public_key_material_2
secure_hash_2 = response['Data']['Hash']
assert secure_hash != secure_hash_2
# delete the keypairs
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
request = Request('Delete', name, physical_resource_id_2)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_and_public():
# create a test parameter
provider = KeyPairProvider()
name = "k%s" % uuid.uuid4()
request = Request("Create", name)
response = provider.handle(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert provider.is_valid_cfn_response(), response["Reason"]
assert "PhysicalResourceId" in response
physical_resource_id = response["PhysicalResourceId"]
assert "Data" in response
assert "Arn" in response["Data"]
assert "Name" in response["Data"]
assert response["Data"]["Arn"] == physical_resource_id
assert response["Data"]["Name"] == name
finger_print_1 = get_finger_print(name)
assert finger_print_1 is not None
# update the material
request = Request("Update", name, physical_resource_id,
KeyPair().public_key_material)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert response["Data"]["Name"] == name
finger_print_2 = get_finger_print(name)
assert finger_print_2 is not None
assert finger_print_1 != finger_print_2
assert response["Data"]["Name"] == name
# delete the parameters
request = Request("Delete", name, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
def test_create_with_bad_encrypted_values():
# create a test parameter with content value set
name = '/test/parameter-%s' % uuid.uuid4()
request = Request('Create', name)
request['ResourceProperties']['ReturnSecret'] = True
request['ResourceProperties']['Description'] = 'A encrypted custom secret'
request['ResourceProperties'][
'EncryptedContent'] = "Unencrypted secret here"
response = handler(request, {})
assert response['Status'] == 'FAILED', response['Reason']
assert response['Reason'].startswith(
'EncryptedContent is not base64 encoded')
request['ResourceProperties']['ReturnSecret'] = True
request['ResourceProperties']['Description'] = 'A encrypted custom secret'
request['ResourceProperties']['EncryptedContent'] = b64encode(
b"not a KMS encrypted value here").decode('ascii')
response = handler(request, {})
assert response['Status'] == 'FAILED', response['Reason']
assert response['Reason'].startswith(
'An error occurred (InvalidCiphertextException)')
request['ResourceProperties']['ReturnSecret'] = True
request['ResourceProperties']['Content'] = 'A encrypted custom secret'
request['ResourceProperties']['EncryptedContent'] = b64encode(
b"not a KMS encrypted value here").decode('ascii')
response = handler(request, {})
assert response['Status'] == 'FAILED', response['Reason']
assert response['Reason'].startswith(
'Specify either "Content" or "EncryptedContent"')
def test_update_name():
# update parameter name
name = '/test/3-parameter-%s' % uuid.uuid4()
request = Request('Create', name)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
name_2 = '%s-2' % name
request = Request('Update', name_2, physical_resource_id)
request['ResourceProperties']['ReturnSecret'] = True
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
assert 'Data' in response and 'Secret' in response['Data']
physical_resource_id_2 = response['PhysicalResourceId']
assert physical_resource_id != physical_resource_id_2
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
request = Request('Delete', name, physical_resource_id_2)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_update_name():
# update parameter name
name = '/test/3-parameter-%s' % uuid.uuid4()
request = Request('Create', name)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
name_2 = '%s-2' % name
request = Request('Update', name_2, physical_resource_id)
request['ResourceProperties']['ReturnSecret'] = True
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
assert 'Data' in response and 'Secret' in response['Data']
physical_resource_id_2 = response['PhysicalResourceId']
assert physical_resource_id != physical_resource_id_2
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
request = Request('Delete', name, physical_resource_id_2)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_update_name():
# create a keypair
name = 'k%s' % uuid.uuid4()
request = Request('Create', name)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
# update keypair name
name_2 = 'k2%s' % name
request = Request('Update', name_2, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id_2 = response['PhysicalResourceId']
assert physical_resource_id != physical_resource_id_2
# delete the keypairs
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
request = Request('Delete', name, physical_resource_id_2)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_with_content():
# create a test parameter with content value set
name = '/test/6-parameter-%s' % uuid.uuid4()
secretContent = 'Don\'t read my secret'
request = Request('Create', name)
request['ResourceProperties']['ReturnSecret'] = True
request['ResourceProperties']['Description'] = 'A custom secret'
request['ResourceProperties']['Content'] = secretContent
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
assert isinstance(physical_resource_id, str)
assert 'Data' in response
assert 'Secret' in response['Data']
assert 'Arn' in response['Data']
assert 'Hash' in response['Data']
assert 'Version' in response['Data']
assert response['Data']['Arn'] == physical_resource_id
assert response['Data']['Hash'] == hashlib.md5(
response['Data']['Secret'].encode('utf8')).hexdigest()
assert response['Data']['Secret'] == secretContent
assert response['Data']['Version'] == 1
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_update_name():
# update parameter name
name = "/test/3-parameter-%s" % uuid.uuid4()
request = Request("Create", name)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
physical_resource_id = response["PhysicalResourceId"]
name_2 = "%s-2" % name
request = Request("Update", name_2, physical_resource_id)
request["ResourceProperties"]["ReturnSecret"] = True
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
assert "Data" in response and "Secret" in response["Data"]
physical_resource_id_2 = response["PhysicalResourceId"]
assert physical_resource_id != physical_resource_id_2
# delete the parameters
request = Request("Delete", name, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
request = Request("Delete", name, physical_resource_id_2)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
def test_create():
# create a test parameter
name = "/test/1-parameter-%s" % uuid.uuid4()
request = Request("Create", name)
request["ResourceProperties"]["ReturnSecret"] = True
request["ResourceProperties"]["Description"] = "A beautiful secret"
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
physical_resource_id = response["PhysicalResourceId"]
assert isinstance(physical_resource_id, str)
assert "Data" in response
assert "Secret" in response["Data"]
assert len(b64decode(response["Data"]["Secret"])) == default_length
assert "Arn" in response["Data"]
assert "Hash" in response["Data"]
assert "Version" in response["Data"]
assert "NoEcho" in response
assert response["Data"]["Arn"] == physical_resource_id
assert (
response["Data"]["Hash"]
== hashlib.md5(response["Data"]["Secret"].encode("utf8")).hexdigest()
)
assert response["Data"]["Version"] == 1
assert response["NoEcho"] == True
# no update the key
hash = response["Data"]["Hash"]
request["RequestType"] = "Update"
request["ResourceProperties"]["Length"] = "32"
request["ResourceProperties"]["RefreshOnUpdate"] = False
request["PhysicalResourceId"] = physical_resource_id
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert response["Data"]["Arn"] == physical_resource_id
assert response["Data"]["Version"] == 2
assert response["Data"]["Hash"] == hash
assert len(b64decode(response["Data"]["Secret"])) == default_length
# update the key
hash = response["Data"]["Hash"]
request["RequestType"] = "Update"
request["ResourceProperties"]["RefreshOnUpdate"] = True
request["ResourceProperties"]["Length"] = "32"
request["PhysicalResourceId"] = physical_resource_id
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert response["Data"]["Arn"] == physical_resource_id
assert response["Data"]["Version"] == 3
assert response["Data"]["Hash"] != hash
assert len(b64decode(response["Data"]["Secret"])) == 32
response = handler(request, {})
# delete the parameters
request = Request("Delete", name, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
def test_request_duplicate_create():
# prrequest duplicate create
name = "/test/2-parameter-%s" % uuid.uuid4()
request = Request("Create", name)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
physical_resource_id = response["PhysicalResourceId"]
request = Request("Create", name)
response = handler(request, {})
assert response["Status"] == "FAILED", response["Reason"]
request = Request("Delete", name, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
def test_request_duplicate_create():
# prrequest duplicate create
name = '/test/2-parameter-%s' % uuid.uuid4()
request = Request('Create', name)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
physical_resource_id = response['PhysicalResourceId']
request = Request('Create', name)
response = handler(request, {})
assert response['Status'] == 'FAILED', response['Reason']
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_request_duplicate_create():
# prrequest duplicate create
name = '/test/2-parameter-%s' % uuid.uuid4()
request = Request('Create', name)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
physical_resource_id = response['PhysicalResourceId']
request = Request('Create', name)
response = handler(request, {})
assert response['Status'] == 'FAILED', response['Reason']
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_4096_key():
# create a test parameter
provider = RSAKeyProvider()
name = '/test/parameter-%s' % uuid.uuid4()
request = Request('Create', name)
request['ResourceProperties']['Description'] = 'A large private key'
request['ResourceProperties']['KeySize'] = '4096'
response = provider.handle(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert provider.is_valid_cfn_response(), response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
assert 'Data' in response
assert 'Arn' in response['Data']
assert 'PublicKey' in response['Data']
assert 'PublicKeyPEM' in response['Data']
assert 'Hash' in response['Data']
assert response['Data']['Arn'] == physical_resource_id
assert response['Data']['Hash'] == hashlib.md5(response['Data']['PublicKey']).hexdigest()
public_key = load_pem_public_key(response['Data']['PublicKeyPEM'], backend=default_backend())
assert public_key.key_size == 4096
# delete the parameter
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_3072_key():
# create a test parameter
provider = DSAKeyProvider()
name = "/test/parameter-%s" % uuid.uuid4()
request = Request("Create", name)
request["ResourceProperties"]["Description"] = "A large private key"
request["ResourceProperties"]["KeySize"] = "3072"
response = provider.handle(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert provider.is_valid_cfn_response(), response["Reason"]
assert "PhysicalResourceId" in response
physical_resource_id = response["PhysicalResourceId"]
assert "Data" in response
assert "Arn" in response["Data"]
assert "PublicKey" in response["Data"]
assert "PublicKeyPEM" in response["Data"]
assert "Hash" in response["Data"]
assert response["Data"]["Arn"] == physical_resource_id
assert (response["Data"]["Hash"] == hashlib.md5(
response["Data"]["PublicKey"].encode("ascii")).hexdigest())
public_key = load_pem_public_key(
response["Data"]["PublicKeyPEM"].encode("ascii"),
backend=default_backend())
assert public_key.key_size == 3072
# delete the parameter
request = Request("Delete", name, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
def test_create_no_return_secret():
# create a test parameter
name = '/test/parameter-%s' % uuid.uuid4()
request = Request('Create', name)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
assert 'Data' in response
assert 'Arn' in response['Data']
assert response['Data']['Arn'] == physical_resource_id
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_no_return_secret():
# create a test parameter
name = '/test/parameter-%s' % uuid.uuid4()
request = Request('Create', name)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
assert 'Data' in response
assert 'Arn' in response['Data']
assert response['Data']['Arn'] == physical_resource_id
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_with_encypted_content():
# create a test parameter with content value set
name = "/test/7-parameter-%s" % uuid.uuid4()
secret_content = "Don't read my encrypted secret"
request = Request("Create", name)
encrypted_secret_content = encrypt_to_base64(secret_content)
request["ResourceProperties"]["ReturnSecret"] = True
request["ResourceProperties"]["Description"] = "A encrypted custom secret"
request["ResourceProperties"][
"EncryptedContent"] = encrypted_secret_content
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
physical_resource_id = response["PhysicalResourceId"]
assert isinstance(physical_resource_id, str)
assert "Data" in response
assert "Secret" in response["Data"]
assert "Arn" in response["Data"]
assert "Hash" in response["Data"]
assert "Version" in response["Data"]
assert response["Data"]["Arn"] == physical_resource_id
assert (response["Data"]["Hash"] == hashlib.md5(
response["Data"]["Secret"].encode("utf8")).hexdigest())
assert response["Data"]["Secret"] == secret_content
assert response["Data"]["Version"] == 1
secret_content = secret_content + " v2"
request["RequestType"] = "Update"
request["PhysicalResourceId"] = physical_resource_id
request["ResourceProperties"]["EncryptedContent"] = encrypt_to_base64(
secret_content)
request["ResourceProperties"]["RefreshOnUpdate"] = True
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
assert physical_resource_id == response["PhysicalResourceId"]
assert response["Data"]["Secret"] == secret_content
assert response["Data"]["Version"] == 2
# delete the parameters
request = Request("Delete", name, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
def test_create_with_encypted_content():
# create a test parameter with content value set
name = '/test/7-parameter-%s' % uuid.uuid4()
secret_content = 'Don\'t read my encrypted secret'
request = Request('Create', name)
encrypted_secret_content = encrypt_to_base64(secret_content)
request['ResourceProperties']['ReturnSecret'] = True
request['ResourceProperties']['Description'] = 'A encrypted custom secret'
request['ResourceProperties'][
'EncryptedContent'] = encrypted_secret_content
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
assert isinstance(physical_resource_id, str)
assert 'Data' in response
assert 'Secret' in response['Data']
assert 'Arn' in response['Data']
assert 'Hash' in response['Data']
assert 'Version' in response['Data']
assert response['Data']['Arn'] == physical_resource_id
assert response['Data']['Hash'] == hashlib.md5(
response['Data']['Secret'].encode('utf8')).hexdigest()
assert response['Data']['Secret'] == secret_content
assert response['Data']['Version'] == 1
secret_content = secret_content + " v2"
request['RequestType'] = 'Update'
request['PhysicalResourceId'] = physical_resource_id
request['ResourceProperties']['EncryptedContent'] = encrypt_to_base64(
secret_content)
request['ResourceProperties']['RefreshOnUpdate'] = True
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
assert physical_resource_id == response['PhysicalResourceId']
assert response['Data']['Secret'] == secret_content
assert response['Data']['Version'] == 2
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create_no_return_secret():
# create a test parameter
name = "/test/parameter-%s" % uuid.uuid4()
request = Request("Create", name)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
assert "PhysicalResourceId" in response
physical_resource_id = response["PhysicalResourceId"]
assert "Data" in response
assert "Arn" in response["Data"]
assert response["Data"]["Arn"] == physical_resource_id
# delete the parameters
request = Request("Delete", name, physical_resource_id)
response = handler(request, {})
assert response["Status"] == "SUCCESS", response["Reason"]
def test_create():
# create a test parameter
name = '/test/1-parameter-%s' % uuid.uuid4()
request = Request('Create', name)
request['ResourceProperties']['ReturnSecret'] = True
request['ResourceProperties']['Description'] = 'A beautiful secret'
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
assert isinstance(physical_resource_id, str)
assert 'Data' in response
assert 'Secret' in response['Data']
assert 'Arn' in response['Data']
assert response['Data']['Arn'] == physical_resource_id
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create():
# create a test parameter
name = '/test/1-parameter-%s' % uuid.uuid4()
request = Request('Create', name)
request['ResourceProperties']['ReturnSecret'] = True
request['ResourceProperties']['Description'] = 'A beautiful secret'
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
assert isinstance(physical_resource_id, str)
assert 'Data' in response
assert 'Secret' in response['Data']
assert 'Arn' in response['Data']
assert 'Hash' in response['Data']
assert 'Version' in response['Data']
assert 'NoEcho' in response
assert response['Data']['Arn'] == physical_resource_id
assert response['Data']['Hash'] == hashlib.md5(
response['Data']['Secret'].encode('utf8')).hexdigest()
assert response['Data']['Version'] == 1
assert response['NoEcho'] == True
# update the key
hash = response['Data']['Hash']
request['RequestType'] = 'Update'
request['ResourceProperties']['RefreshOnUpdate'] = True
request['PhysicalResourceId'] = physical_resource_id
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert response['Data']['Arn'] == physical_resource_id
assert response['Data']['Version'] == 2
assert response['Data']['Hash'] != hash
response = handler(request, {})
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create():
# create a test parameter
name = '/test/1-parameter-%s' % uuid.uuid4()
request = Request('Create', name)
request['ResourceProperties']['ReturnSecret'] = True
request['ResourceProperties']['Description'] = 'A beautiful secret'
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
assert isinstance(physical_resource_id, str)
assert 'Data' in response
assert 'Secret' in response['Data']
assert 'Arn' in response['Data']
assert 'Hash' in response['Data']
assert response['Data']['Arn'] == physical_resource_id
assert response['Data']['Hash'] == hashlib.md5(response['Data']['Secret']).hexdigest()
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_update_secret():
name = 'k%s' % uuid.uuid4()
request = Request('Create', name)
request['ResourceProperties']['ReturnSecret'] = True
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
secret_1 = response['Data']['Secret']
secure_hash = response['Data']['Hash']
assert secure_hash == hashlib.md5(secret_1).hexdigest()
name_2 = 'k2%s' % name
request = Request('Update', name_2, physical_resource_id)
request['ResourceProperties']['RefreshOnUpdate'] = True
request['ResourceProperties']['ReturnSecret'] = True
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
secure_hash_2 = response['Data']['Hash']
physical_resource_id_2 = response['PhysicalResourceId']
assert physical_resource_id != physical_resource_id_2
secret_2 = response['Data']['Secret']
assert secret_1 != secret_2
assert secure_hash != secure_hash_2
# delete secrets
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
request = Request('Delete', name, physical_resource_id_2)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
def test_create():
# create a test parameter
provider = RSAKeyProvider()
name = '/test/parameter-%s' % uuid.uuid4()
request = Request('Create', name)
request['ResourceProperties']['Description'] = 'A ppretty private key'
response = provider.handle(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
assert provider.is_valid_cfn_response(), response['Reason']
assert 'PhysicalResourceId' in response
physical_resource_id = response['PhysicalResourceId']
assert 'Data' in response
assert 'Arn' in response['Data']
assert 'PublicKey' in response['Data']
assert 'Hash' in response['Data']
assert response['Data']['Arn'] == physical_resource_id
assert response['Data']['Hash'] == hashlib.md5(response['Data']['PublicKey']).hexdigest()
# delete the parameters
request = Request('Delete', name, physical_resource_id)
response = handler(request, {})
assert response['Status'] == 'SUCCESS', response['Reason']
