def testCreateVolumeCopy3(self, mock_list_instances, mock_list_volumes, mock_loader): """Test that a volume is correctly cloned.""" mock_loader.return_value = None # Should raise a ValueError exception as no volume_id or instance_id is # specified. with self.assertRaises(ValueError): forensics.CreateVolumeCopy(FAKE_INSTANCE.availability_zone) # Should raise a RuntimeError in GetInstanceById as we are querying a # non-existent instance. mock_list_instances.return_value = {} with self.assertRaises(RuntimeError): forensics.CreateVolumeCopy( FAKE_INSTANCE.availability_zone, instance_id='non-existent-instance-id') # Should raise a RuntimeError in GetVolumeById as we are querying a # non-existent volume. mock_list_volumes.return_value = {} with self.assertRaises(RuntimeError): forensics.CreateVolumeCopy( FAKE_INSTANCE.availability_zone, volume_id='non-existent-volume-id')
def testCreateVolumeCopy2(self, mock_ec2_api, mock_account, mock_get_instance, mock_get_volume, mock_snapshot, mock_loader): """Test that a volume is correctly cloned.""" FAKE_SNAPSHOT.name = FAKE_BOOT_VOLUME.volume_id mock_ec2_api.return_value.create_volume.return_value = MOCK_CREATE_VOLUME mock_account.return_value = 'fake-account-id' mock_get_instance.return_value = FAKE_INSTANCE mock_get_volume.return_value = FAKE_BOOT_VOLUME mock_snapshot.return_value = FAKE_SNAPSHOT mock_loader.return_value = None # CreateVolumeCopy(zone, instance='fake-instance-id'). This should grab # the boot volume of the instance. new_volume = forensics.CreateVolumeCopy( FAKE_INSTANCE.availability_zone, instance_id=FAKE_INSTANCE.instance_id) mock_get_instance.assert_called_with('fake-instance-id') self.assertIsInstance(new_volume, ebs.AWSVolume) self.assertTrue(new_volume.name.startswith('evidence-')) self.assertIn('fake-boot-volume-id', new_volume.name) self.assertTrue(new_volume.name.endswith('-copy'))
def testCreateVolumeCopy1(self, mock_ec2_api, mock_account, mock_get_volume, mock_snapshot, mock_volume_type, mock_loader): """Test that a volume is correctly cloned.""" aws_mocks.FAKE_SNAPSHOT.name = aws_mocks.FAKE_VOLUME.volume_id mock_ec2_api.return_value.create_volume.return_value = aws_mocks.MOCK_CREATE_VOLUME mock_account.return_value = aws_mocks.MOCK_CALLER_IDENTITY mock_get_volume.return_value = aws_mocks.FAKE_VOLUME mock_snapshot.return_value = aws_mocks.FAKE_SNAPSHOT mock_volume_type.return_value = 'standard' mock_loader.return_value = None # CreateVolumeCopy(zone, volume_id='fake-volume-id'). This should grab # the volume 'fake-volume-id'. new_volume = forensics.CreateVolumeCopy( aws_mocks.FAKE_INSTANCE.availability_zone, volume_id=aws_mocks.FAKE_VOLUME.volume_id) mock_get_volume.assert_called_with('fake-volume-id') self.assertIsInstance(new_volume, ebs.AWSVolume) self.assertTrue(new_volume.name.startswith('evidence-')) self.assertIn('fake-volume-id', new_volume.name) self.assertTrue(new_volume.name.endswith('-copy'))
def testBootVolumeCopy(self): """End to end test on AWS. Test copying the boot volume of an instance. """ volume_copy = forensics.CreateVolumeCopy( self.zone, instance_id=self.instance_to_analyse # volume_id=None by default, boot volume of instance will be copied ) # The volume should be created in AWS aws_volume = self.aws.ResourceApi(EC2_SERVICE).Volume(volume_copy.volume_id) self.assertEqual(aws_volume.volume_id, volume_copy.volume_id) self._StoreVolumeForCleanup(self.aws, aws_volume)
def testEncryptedVolumeCopy(self): """End to end test on AWS. Test copying a specific encrypted volume. """ if not self.encrypted_volume_to_copy: return volume_copy = forensics.CreateVolumeCopy( self.zone, volume_id=self.encrypted_volume_to_copy) # The volume should be created in AWS aws_volume = self.aws.ResourceApi(EC2_SERVICE).Volume(volume_copy.volume_id) self.assertEqual(aws_volume.volume_id, volume_copy.volume_id) self._StoreVolumeForCleanup(self.aws, aws_volume)
def CreateVolumeCopy(args: 'argparse.Namespace') -> None: """Create a AWS Volume copy. Args: args (argparse.Namespace): Arguments from ArgumentParser. """ print('Starting volume copy...') volume_copy = forensics.CreateVolumeCopy(args.zone, dst_zone=args.dst_zone, instance_id=args.instance_id, volume_id=args.volume_id, src_profile=args.src_profile, dst_profile=args.dst_profile) print('Done! Volume {0:s} successfully created. You will find it in ' 'your AWS account under the name {1:s}.'.format( volume_copy.volume_id, volume_copy.name))
def testVolumeCopyToOtherZone(self): """End to end test on AWS. Test copying a specific volume to a different AWS availability zone. """ if not (self.volume_to_copy and self.dst_zone): return volume_copy = forensics.CreateVolumeCopy( self.zone, dst_zone=self.dst_zone, volume_id=self.volume_to_copy) # The volume should be created in AWS aws_account = account.AWSAccount(self.dst_zone) aws_volume = aws_account.ResourceApi(EC2_SERVICE).Volume( volume_copy.volume_id) self.assertEqual(aws_volume.volume_id, volume_copy.volume_id) self._StoreVolumeForCleanup(aws_account, aws_volume)
def Process(self): """Copies a volume and attaches it to the analysis VM.""" for volume in self._FindVolumesToCopy(): print('Volume copy of {0:s} started...'.format(volume.volume_id)) new_volume = aws_forensics.CreateVolumeCopy( self.remote_zone, dst_zone=self.analysis_zone, volume_id=volume.volume_id, src_profile=self.remote_profile_name, dst_profile=self.analysis_profile_name) self.analysis_vm.AttachVolume(new_volume, self._FindNextAvailableDeviceName()) print('Volume {0:s} successfully copied to {1:s}'.format( volume.volume_id, new_volume.volume_id)) container = containers.ForensicsVM(name=self.analysis_vm.name, evidence_disk=new_volume, platform='aws') self.state.StoreContainer(container)
def testStartVm(self): """End to end test on AWS. Test creating an analysis VM and attaching a copied volume to it. """ volume_copy = forensics.CreateVolumeCopy(self.zone, volume_id=self.volume_to_copy) self.volumes.append((self.aws, volume_copy)) # Create and start the analysis VM and attach the boot volume self.analysis_vm, _ = forensics.StartAnalysisVm( self.analysis_vm_name, self.zone, 10, attach_volumes=[(volume_copy.volume_id, '/dev/sdp')]) # The forensic instance should be live in the analysis AWS account and # the volume should be attached instance = self.aws.ResourceApi(EC2_SERVICE).Instance( self.analysis_vm.instance_id) self.assertEqual(instance.instance_id, self.analysis_vm.instance_id) self.assertIn(volume_copy.volume_id, [vol.volume_id for vol in instance.volumes.all()])