def test_brkt_env_encrypt(self): """ Test that we parse the brkt_env value and pass the correct values to user_data when launching the encryptor instance. """ api_host_port = 'api.example.com:777' hsmproxy_host_port = 'hsmproxy.example.com:888' aws_svc, encryptor_image, guest_image = build_aws_service() def run_instance_callback(args): if args.image_id == encryptor_image.id: brkt_config = self._get_brkt_config_from_mime(args.user_data) d = json.loads(brkt_config) self.assertEquals(api_host_port, d['brkt']['api_host']) self.assertEquals(hsmproxy_host_port, d['brkt']['hsmproxy_host']) cli_args = '--brkt-env %s,%s' % (api_host_port, hsmproxy_host_port) values = instance_config_args_to_values(cli_args) brkt_env = brkt_cli.brkt_env_from_values(values) ic = make_instance_config(values, brkt_env) aws_svc.run_instance_callback = run_instance_callback encrypt_ami.encrypt(aws_svc=aws_svc, enc_svc_cls=DummyEncryptorService, image_id=guest_image.id, encryptor_ami=encryptor_image.id, instance_config=ic)
def test_brkt_env_update(self): """ Test that the Bracket environment is passed through to metavisor user data. """ aws_svc, encryptor_image, guest_image = build_aws_service() encrypted_ami_id = encrypt_ami.encrypt( aws_svc=aws_svc, enc_svc_cls=DummyEncryptorService, image_id=guest_image.id, encryptor_ami=encryptor_image.id) api_host_port = 'api.example.com:777' hsmproxy_host_port = 'hsmproxy.example.com:888' cli_args = '--brkt-env %s,%s' % (api_host_port, hsmproxy_host_port) values = instance_config_args_to_values(cli_args) brkt_env = brkt_cli.brkt_env_from_values(values) ic = make_instance_config(values, brkt_env) def run_instance_callback(args): if args.image_id == encryptor_image.id: brkt_config = self._get_brkt_config_from_mime(args.user_data) d = json.loads(brkt_config) self.assertEquals(api_host_port, d['brkt']['api_host']) self.assertEquals(hsmproxy_host_port, d['brkt']['hsmproxy_host']) self.assertEquals('updater', d['brkt']['solo_mode']) aws_svc.run_instance_callback = run_instance_callback update_ami(aws_svc, encrypted_ami_id, encryptor_image.id, 'Test updated AMI', enc_svc_class=DummyEncryptorService, instance_config=ic)
def test_brkt_env_encrypt(self): """ Test that we parse the brkt_env value and pass the correct values to user_data when launching the encryptor instance. """ api_host_port = 'api.example.com:777' hsmproxy_host_port = 'hsmproxy.example.com:888' aws_svc, encryptor_image, guest_image = build_aws_service() def run_instance_callback(args): if args.image_id == encryptor_image.id: brkt_config = self._get_brkt_config_from_mime(args.user_data) d = json.loads(brkt_config) self.assertEquals( api_host_port, d['brkt']['api_host'] ) self.assertEquals( hsmproxy_host_port, d['brkt']['hsmproxy_host'] ) cli_args = '--brkt-env %s,%s' % (api_host_port, hsmproxy_host_port) values = instance_config_args_to_values(cli_args) brkt_env = brkt_cli.brkt_env_from_values(values) ic = make_instance_config(values, brkt_env) aws_svc.run_instance_callback = run_instance_callback encrypt_ami.encrypt( aws_svc=aws_svc, enc_svc_cls=DummyEncryptorService, image_id=guest_image.id, encryptor_ami=encryptor_image.id, instance_config=ic )
def _get_brkt_config_for_cli_args(cli_args='', mode=INSTANCE_CREATOR_MODE): values = instance_config_args_to_values(cli_args) brkt_env = brkt_cli.brkt_env_from_values(values) ic = make_instance_config(values, brkt_env, mode=mode) ud = ic.make_userdata() brkt_config_json = get_mime_part_payload(ud, BRKT_CONFIG_CONTENT_TYPE) brkt_config = json.loads(brkt_config_json)['brkt'] return brkt_config
def test_ca_cert(self): domain = 'dummy.foo.com' # First make sure that you can't use --ca-cert without specifying endpoints cli_args = '--ca-cert dummy.crt' values = instance_config_args_to_values(cli_args) with self.assertRaises(ValidationError): ic = make_instance_config(values) # Now specify endpoint args but use a bogus cert endpoint_args = '--brkt-env api.%s:7777,hsmproxy.%s:8888' % (domain, domain) dummy_ca_cert = 'THIS IS NOT A CERTIFICATE' with tempfile.NamedTemporaryFile() as f: f.write(dummy_ca_cert) f.flush() cli_args = endpoint_args + ' --ca-cert %s' % f.name values = instance_config_args_to_values(cli_args) with self.assertRaises(ValidationError): ic = make_instance_config(values) # Now use endpoint args and a valid cert cli_args = endpoint_args + ' --ca-cert %s' % _get_ca_cert_filename() values = instance_config_args_to_values(cli_args) brkt_env = brkt_cli.brkt_env_from_values(values) ic = make_instance_config(values, brkt_env) ud = ic.make_userdata() brkt_files = get_mime_part_payload(ud, BRKT_FILES_CONTENT_TYPE) self.assertTrue( brkt_files.startswith( "/var/brkt/ami_config/ca_cert.pem.dummy.foo.com: " + "{contents: '-----BEGIN CERTIFICATE-----")) # Make sure the --ca-cert arg is only recognized in 'creator' mode # prevent stderr message from parse_args sys.stderr = open(os.devnull, 'w') try: values = instance_config_args_to_values( cli_args, mode=INSTANCE_METAVISOR_MODE) except SystemExit: pass else: self.assertTrue(False, 'Did not get expected exception') sys.stderr.close() sys.stderr = sys.__stderr__
def test_ca_cert(self): domain = 'dummy.foo.com' # First make sure that you can't use --ca-cert without specifying endpoints cli_args = '--ca-cert dummy.crt' values = instance_config_args_to_values(cli_args) with self.assertRaises(ValidationError): ic = make_instance_config(values) # Now specify endpoint args but use a bogus cert endpoint_args = '--brkt-env api.%s:7777,hsmproxy.%s:8888' % (domain, domain) dummy_ca_cert = 'THIS IS NOT A CERTIFICATE' with tempfile.NamedTemporaryFile() as f: f.write(dummy_ca_cert) f.flush() cli_args = endpoint_args + ' --ca-cert %s' % f.name values = instance_config_args_to_values(cli_args) with self.assertRaises(ValidationError): ic = make_instance_config(values) # Now use endpoint args and a valid cert cli_args = endpoint_args + ' --ca-cert %s' % _get_ca_cert_filename() values = instance_config_args_to_values(cli_args) brkt_env = brkt_cli.brkt_env_from_values(values) ic = make_instance_config(values, brkt_env) ud = ic.make_userdata() brkt_files = get_mime_part_payload(ud, BRKT_FILES_CONTENT_TYPE) self.assertTrue(brkt_files.startswith( "/var/brkt/ami_config/ca_cert.pem.dummy.foo.com: " + "{contents: '-----BEGIN CERTIFICATE-----")) # Make sure the --ca-cert arg is only recognized in 'creator' mode # prevent stderr message from parse_args sys.stderr = open(os.devnull, 'w') try: values = instance_config_args_to_values(cli_args, mode=INSTANCE_METAVISOR_MODE) except SystemExit: pass else: self.assertTrue(False, 'Did not get expected exception') sys.stderr.close() sys.stderr = sys.__stderr__
def test_brkt_env_update(self): """ Test that the Bracket environment is passed through to metavisor user data. """ aws_svc, encryptor_image, guest_image = build_aws_service() encrypted_ami_id = encrypt_ami.encrypt( aws_svc=aws_svc, enc_svc_cls=DummyEncryptorService, image_id=guest_image.id, encryptor_ami=encryptor_image.id ) api_host_port = 'api.example.com:777' hsmproxy_host_port = 'hsmproxy.example.com:888' network_host_port = 'network.example.com:999' cli_args = '--brkt-env %s,%s,%s' % (api_host_port, hsmproxy_host_port, network_host_port) values = instance_config_args_to_values(cli_args) ic = instance_config_from_values(values) def run_instance_callback(args): if args.image_id == encryptor_image.id: brkt_config = self._get_brkt_config_from_mime(args.user_data) d = json.loads(brkt_config) self.assertEquals( api_host_port, d['brkt']['api_host'] ) self.assertEquals( hsmproxy_host_port, d['brkt']['hsmproxy_host'] ) self.assertEquals( network_host_port, d['brkt']['network_host'] ) self.assertEquals( 'updater', d['brkt']['solo_mode'] ) aws_svc.run_instance_callback = run_instance_callback update_ami( aws_svc, encrypted_ami_id, encryptor_image.id, 'Test updated AMI', enc_svc_class=DummyEncryptorService, instance_config=ic )
def test_proxy_config(self): cli_args = '--proxy %s' % (proxy_host_port) values = instance_config_args_to_values(cli_args) ic = make_instance_config(values) _verify_proxy_config_in_userdata(self, ic.make_userdata())
def _init_values(self): values = instance_config_args_to_values('') values.make_user_data_brkt_files = None values.make_user_data_guest_fqdn = None return values