def run(self, values):
gce_svc = gce_service.GCEService(values.project, None, log)
instance_config = instance_config_from_values(
values, mode=INSTANCE_METAVISOR_MODE, cli_config=self.config)
if values.startup_script:
extra_items = [{
'key': 'startup-script',
'value': values.startup_script
}]
else:
extra_items = None
brkt_userdata = instance_config.make_userdata()
metadata = gce_service.gce_metadata_from_userdata(
brkt_userdata, extra_items=extra_items)
if not values.verbose:
logging.getLogger('googleapiclient').setLevel(logging.ERROR)
if values.instance_name:
gce_service.validate_image_name(values.instance_name)
encrypted_instance_id = launch_gce_image.launch(log,
gce_svc,
values.image,
values.instance_name,
values.zone,
values.delete_boot,
values.instance_type,
values.network,
values.subnetwork,
metadata)
print(encrypted_instance_id)
return 0
def command_encrypt_gce_image(values, log):
session_id = util.make_nonce()
gce_svc = gce_service.GCEService(values.project, session_id, log)
check_args(values, gce_svc)
encrypted_image_name = gce_service.get_image_name(values.encrypted_image_name, values.image)
gce_service.validate_image_name(encrypted_image_name)
gce_service.validate_images(gce_svc,
encrypted_image_name,
values.encryptor_image,
values.image,
values.image_project)
if not values.verbose:
logging.getLogger('googleapiclient').setLevel(logging.ERROR)
log.info('Starting encryptor session %s', gce_svc.get_session_id())
brkt_env = (
brkt_cli.brkt_env_from_values(values) or
brkt_cli.get_prod_brkt_env()
)
encrypted_image_id = encrypt_gce_image.encrypt(
gce_svc=gce_svc,
enc_svc_cls=encryptor_service.EncryptorService,
image_id=values.image,
encryptor_image=values.encryptor_image,
encrypted_image_name=encrypted_image_name,
zone=values.zone,
instance_config=make_instance_config(
values, brkt_env,mode=INSTANCE_CREATOR_MODE),
image_project=values.image_project,
keep_encryptor=values.keep_encryptor,
image_file=values.image_file,
image_bucket=values.bucket,
network=values.network,
status_port=values.status_port
)
# Print the image name to stdout, in case the caller wants to process
# the output. Log messages go to stderr.
print(encrypted_image_id)
return 0
def command_update_encrypted_gce_image(values, log):
session_id = util.make_nonce()
gce_svc = gce_service.GCEService(values.project, session_id, log)
check_args(values, gce_svc)
encrypted_image_name = gce_service.get_image_name(values.encrypted_image_name, values.image)
gce_service.validate_image_name(encrypted_image_name)
gce_service.validate_images(gce_svc,
encrypted_image_name,
values.encryptor_image,
values.image,
values.image_project)
if not values.verbose:
logging.getLogger('googleapiclient').setLevel(logging.ERROR)
log.info('Starting updater session %s', gce_svc.get_session_id())
brkt_env = (
brkt_cli.brkt_env_from_values(values) or
brkt_cli.get_prod_brkt_env()
)
updated_image_id = update_gce_image.update_gce_image(
gce_svc=gce_svc,
enc_svc_cls=encryptor_service.EncryptorService,
image_id=values.image,
encryptor_image=values.encryptor_image,
encrypted_image_name=encrypted_image_name,
zone=values.zone,
instance_config=make_instance_config(
values, brkt_env,mode=INSTANCE_UPDATER_MODE),
keep_encryptor=values.keep_encryptor,
image_file=values.image_file,
image_bucket=values.bucket,
network=values.network,
status_port=values.status_port
)
print(updated_image_id)
return 0
def run_update(values, config):
session_id = util.make_nonce()
gce_svc = gce_service.GCEService(values.project, session_id, log)
check_args(values, gce_svc, config)
encrypted_image_name = gce_service.get_image_name(
values.encrypted_image_name, values.image)
gce_service.validate_image_name(encrypted_image_name)
if values.validate:
gce_service.validate_images(gce_svc,
encrypted_image_name,
values.encryptor_image,
values.image)
if not values.verbose:
logging.getLogger('googleapiclient').setLevel(logging.ERROR)
log.info('Starting updater session %s', gce_svc.get_session_id())
updated_image_id = update_gce_image.update_gce_image(
gce_svc=gce_svc,
enc_svc_cls=encryptor_service.EncryptorService,
image_id=values.image,
encryptor_image=values.encryptor_image,
encrypted_image_name=encrypted_image_name,
zone=values.zone,
instance_config=instance_config_from_values(
values, mode=INSTANCE_UPDATER_MODE,
cli_config=config),
keep_encryptor=values.keep_encryptor,
image_file=values.image_file,
image_bucket=values.bucket,
network=values.network,
subnetwork=values.subnetwork,
status_port=values.status_port,
cleanup=values.cleanup
)
print(updated_image_id)
return 0
def command_encrypt_gce_image(values, log):
session_id = util.make_nonce()
gce_svc = gce_service.GCEService(values.project, session_id, log)
check_args(values, gce_svc)
encrypted_image_name = gce_service.get_image_name(
values.encrypted_image_name, values.image)
gce_service.validate_image_name(encrypted_image_name)
gce_service.validate_images(gce_svc, encrypted_image_name,
values.encryptor_image, values.image,
values.image_project)
if not values.verbose:
logging.getLogger('googleapiclient').setLevel(logging.ERROR)
log.info('Starting encryptor session %s', gce_svc.get_session_id())
brkt_env = (brkt_cli.brkt_env_from_values(values)
or brkt_cli.get_prod_brkt_env())
encrypted_image_id = encrypt_gce_image.encrypt(
gce_svc=gce_svc,
enc_svc_cls=encryptor_service.EncryptorService,
image_id=values.image,
encryptor_image=values.encryptor_image,
encrypted_image_name=encrypted_image_name,
zone=values.zone,
instance_config=make_instance_config(values,
brkt_env,
mode=INSTANCE_CREATOR_MODE),
image_project=values.image_project,
keep_encryptor=values.keep_encryptor,
image_file=values.image_file,
image_bucket=values.bucket,
network=values.network,
status_port=values.status_port)
# Print the image name to stdout, in case the caller wants to process
# the output. Log messages go to stderr.
print(encrypted_image_id)
return 0
def command_update_encrypted_gce_image(values, log):
session_id = util.make_nonce()
gce_svc = gce_service.GCEService(values.project, session_id, log)
check_args(values, gce_svc)
encrypted_image_name = gce_service.get_image_name(
values.encrypted_image_name, values.image)
gce_service.validate_image_name(encrypted_image_name)
gce_service.validate_images(gce_svc, encrypted_image_name,
values.encryptor_image, values.image,
values.image_project)
if not values.verbose:
logging.getLogger('googleapiclient').setLevel(logging.ERROR)
log.info('Starting updater session %s', gce_svc.get_session_id())
brkt_env = (brkt_cli.brkt_env_from_values(values)
or brkt_cli.get_prod_brkt_env())
updated_image_id = update_gce_image.update_gce_image(
gce_svc=gce_svc,
enc_svc_cls=encryptor_service.EncryptorService,
image_id=values.image,
encryptor_image=values.encryptor_image,
encrypted_image_name=encrypted_image_name,
zone=values.zone,
instance_config=make_instance_config(values,
brkt_env,
mode=INSTANCE_UPDATER_MODE),
keep_encryptor=values.keep_encryptor,
image_file=values.image_file,
image_bucket=values.bucket,
network=values.network,
status_port=values.status_port)
print(updated_image_id)
return 0
def test_image_name(self):
encrypted_image_name = 'valid-name'
self.assertEquals(encrypted_image_name,
gce_service.validate_image_name(encrypted_image_name))
with self.assertRaises(ValidationError):
gce_service.validate_image_name(None)
with self.assertRaises(ValidationError):
gce_service.validate_image_name('Valid-Name')
with self.assertRaises(ValidationError):
gce_service.validate_image_name('validname-')
with self.assertRaises(ValidationError):
gce_service.validate_image_name('a' * 64)
for c in '?!#$%^&*~`{}\|"<>()[]./\'@_':
with self.assertRaises(ValidationError):
gce_service.validate_image_name('valid' + c)
def test_image_name(self):
encrypted_image_name = 'valid-name'
self.assertEquals(
encrypted_image_name,
gce_service.validate_image_name(encrypted_image_name))
with self.assertRaises(ValidationError):
gce_service.validate_image_name(None)
with self.assertRaises(ValidationError):
gce_service.validate_image_name('Valid-Name')
with self.assertRaises(ValidationError):
gce_service.validate_image_name('validname-')
with self.assertRaises(ValidationError):
gce_service.validate_image_name('a' * 64)
for c in '?!#$%^&*~`{}\|"<>()[]./\'@_':
with self.assertRaises(ValidationError):
gce_service.validate_image_name('valid' + c)
