def test_assign_certificate_elb_http_protocol(self):
# Create vpc resources
vpc, subnet = create_vpc_resources()
# Create load balancer
create_elb('test-elb', subnet)
with self.assertRaisesRegex(InvalidProtocolException, 'Port 80 is not a HTTPS listener'):
self.uploader.assign_certificate('test-elb', 'arn', lb_port=80)
def test_assign_certificate_elb_missing_port(self):
# Create vpc resources
vpc, subnet = create_vpc_resources()
# Create load balancer
create_elb('test-elb', subnet)
with self.assertRaisesRegex(ListenerNotFoundException, 'Could not find a listener for port 1234'):
self.uploader.assign_certificate('test-elb', 'arn', lb_port=1234)
def test_assign_certificate_elb_dry_run(self, mock_print):
# Create vpc resources
vpc, subnet = create_vpc_resources()
# Create load balancer
lb = create_elb('test-elb', subnet)
# Assign certificate
self.uploader.assign_certificate('test-elb', 'new-cert', dry_run=True)
self.assertEqual(
mock_print.mock_calls,
[
call(
'[DRY RUN] Certificate %(existing_cert_arn)s would be replaced with %(new_cert_arn)s on '
'load balancer %(lb_name)s (%(lb_dns)s) on port %(lb_port)d.' %
{
'existing_cert_arn': 'fake-certificate',
'new_cert_arn': 'new-cert',
'lb_name': 'test-elb',
'lb_dns': lb['DNSName'],
'lb_port': 443
}
)
]
)
def test_assign_certificate_elb(self, mock_input, mock_print):
# Create vpc resources
vpc, subnet = create_vpc_resources()
# Create load balancer
lb = create_elb('test-elb', subnet)
self.uploader.assign_certificate('test-elb', 'new-cert')
self.assertEqual(
mock_print.mock_calls,
[
call(
'Replacing certificate %(existing_cert_arn)s with %(new_cert_arn)s to load balancer %(lb_name)s '
'(%(lb_dns)s) on port %(lb_port)d.' %
{
'existing_cert_arn': 'fake-certificate',
'new_cert_arn': 'new-cert',
'lb_name': 'test-elb',
'lb_dns': lb['DNSName'],
'lb_port': 443
}
),
call('Certificate %s applied successfully to ELB %s on port %d' % ('new-cert', 'test-elb', 443))
]
)
def test_acm_parser_attach_new_certificate(self, mock_print, mock_input,
mock_args, mock_sleep):
# Create load balancer
elb = boto3.client('elb')
vpc, subnet = create_vpc_resources()
create_elb('test-lb', subnet)
# Get LB info
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
'fake-certificate',
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
# Run CLI. This should not raise any exceptions
cli.main()
for i in range(10, 0, -1):
self.assertIn(
call('Waiting for certificate to propagate... %d' % i),
mock_print.mock_calls)
self.assertEqual(10, mock_sleep.call_count)
arn = None
for item in mock_print.mock_calls:
arn_match = re.match(
'\tARN: (arn:aws:acm:.+:\\d+:certificate/.+)$', item.args[0])
if arn_match:
arn = arn_match.group(1)
break
# Should be able to describe certificate without raising an exception
self.assertIsNotNone(arn)
acm = boto3.client('acm')
acm.describe_certificate(CertificateArn=arn)
# Verify ELB has the certificate assigned
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
arn,
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
def test_iam_parser_attach_existing_certificate(self, mock_input,
mock_args):
certificate, private_key, ca_certificate = generate_pem_data(
self.certificate, self.private_key, self.ca_certificate)
# Create certificate
iam = boto3.client('iam')
arn = iam.upload_server_certificate(
Path='/test/',
ServerCertificateName='tester',
CertificateBody=certificate.decode('utf-8'),
PrivateKey=private_key.decode('utf-8'),
CertificateChain=ca_certificate.decode(
'utf-8'))['ServerCertificateMetadata']['Arn']
# Create load balancer
elb = boto3.client('elb')
vpc, subnet = create_vpc_resources()
create_elb('test-lb-iam', subnet)
# Get LB info
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb-iam'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
'fake-certificate',
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
# Run CLI. This should not raise any exceptions
cli.main()
# Verify ELB has the certificate assigned
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb-iam'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
arn,
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
def test_acm_parser_attach_existing_certificate(self, mock_input,
mock_args):
certificate, private_key, ca_certificate = generate_pem_data(
self.certificate, self.private_key, self.ca_certificate)
# Create certificate
acm = boto3.client('acm')
arn = acm.import_certificate(
Certificate=certificate,
PrivateKey=private_key,
CertificateChain=ca_certificate)['CertificateArn']
mock_args.return_value.certificate_arn = arn
# Create load balancer
elb = boto3.client('elb')
vpc, subnet = create_vpc_resources()
create_elb('test-lb', subnet)
# Get LB info
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
'fake-certificate',
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])
# Run CLI. This should not raise any exceptions
cli.main()
# Verify ELB has the certificate assigned
lb_info = elb.describe_load_balancers(
LoadBalancerNames=['test-lb'])['LoadBalancerDescriptions'][0]
# Check certificate
self.assertEqual(
arn,
lb_info['ListenerDescriptions'][1]['Listener']['SSLCertificateId'])