def test_bootstrap_tls_no_cert_creation(mocker, tmpdir): setup_mocks_without_popen(mocker) mocker.patch('mount_efs.get_mount_specific_filename', return_value=DNS_NAME) state_file_dir = str(tmpdir) tls_dict = mount_efs.tls_paths_dictionary(DNS_NAME, state_file_dir) pk_path = os.path.join(str(tmpdir), 'privateKey.pem') mocker.patch('mount_efs.get_private_key_path', return_value=pk_path) def config_get_side_effect(section, field): if section == mount_efs.CONFIG_SECTION and field == 'state_file_dir_mode': return '0755' elif section == mount_efs.CONFIG_SECTION and field == 'dns_name_format': return '{fs_id}.efs.{region}.amazonaws.com' else: raise ValueError('Unexpected arguments') MOCK_CONFIG.get.side_effect = config_get_side_effect try: with mount_efs.bootstrap_tls(MOCK_CONFIG, INIT_SYSTEM, DNS_NAME, FS_ID, None, MOUNT_POINT, {}, state_file_dir): pass except OSError as e: assert '[Errno 2] No such file or directory' in str(e) assert not os.path.exists( os.path.join(tls_dict['mount_dir'], 'certificate.pem')) assert not os.path.exists( os.path.join(tls_dict['mount_dir'], 'request.csr')) assert not os.path.exists( os.path.join(tls_dict['mount_dir'], 'config.conf')) assert not os.path.exists(pk_path)
def test_bootstrap_tls_state_file_nonexistent_dir(mocker, tmpdir): _mock_popen(mocker) mocker.patch('os.kill') state_file_dir = str(tmpdir.join(tempfile.mktemp())) assert not os.path.exists(state_file_dir) with mount_efs.bootstrap_tls(MOCK_CONFIG, INIT_SYSTEM, DNS_NAME, FS_ID, MOUNT_POINT, {}, state_file_dir): pass assert os.path.exists(state_file_dir)
def test_bootstrap_tls_state_file_dir_exists(mocker, tmpdir): popen_mock, _ = setup_mocks(mocker) state_file_dir = str(tmpdir) with mount_efs.bootstrap_tls(MOCK_CONFIG, INIT_SYSTEM, DNS_NAME, FS_ID, MOUNT_POINT, {}, state_file_dir): pass args, _ = popen_mock.call_args args = args[0] assert 'stunnel' in args assert EXPECTED_STUNNEL_CONFIG_FILE in args
def test_bootstrap_tls_non_default_port(mocker, tmpdir): popen_mock = _mock_popen(mocker) mocker.patch('os.kill') state_file_dir = str(tmpdir) tls_port = 1000 with mount_efs.bootstrap_tls(MOCK_CONFIG, INIT_SYSTEM, DNS_NAME, FS_ID, MOUNT_POINT, {'tlsport': tls_port}, state_file_dir): pass args, _ = popen_mock.call_args args = args[0] assert 'stunnel' in args assert EXPECTED_STUNNEL_CONFIG_FILE in args
def test_bootstrap_tls_ocsp_and_noocsp_option(mocker, tmpdir): setup_mocks(mocker) state_file_dir = str(tmpdir) exception_thrown = False try: with mount_efs.bootstrap_tls(MOCK_CONFIG, INIT_SYSTEM, DNS_NAME, FS_ID, MOUNT_POINT, { 'ocsp': None, 'noocsp': None }, state_file_dir): pass except SystemExit: exception_thrown = True assert exception_thrown
def test_bootstrap_tls_ocsp_option(mocker, tmpdir): popen_mock, write_config_mock = setup_mocks(mocker) state_file_dir = str(tmpdir) with mount_efs.bootstrap_tls(MOCK_CONFIG, INIT_SYSTEM, DNS_NAME, FS_ID, MOUNT_POINT, {'ocsp': None}, state_file_dir): pass popen_args, _ = popen_mock.call_args popen_args = popen_args[0] write_config_args, _ = write_config_mock.call_args assert 'stunnel' in popen_args assert EXPECTED_STUNNEL_CONFIG_FILE in popen_args # positional argument for ocsp_override assert write_config_args[7] is True
def test_bootstrap_tls_non_default_port(mocker, tmpdir): popen_mock, write_config_mock = setup_mocks(mocker) state_file_dir = str(tmpdir) tls_port = 1000 with mount_efs.bootstrap_tls(MOCK_CONFIG, INIT_SYSTEM, DNS_NAME, FS_ID, MOUNT_POINT, {'tlsport': tls_port}, state_file_dir): pass popen_args, _ = popen_mock.call_args popen_args = popen_args[0] write_config_args, _ = write_config_mock.call_args assert 'stunnel' in popen_args assert EXPECTED_STUNNEL_CONFIG_FILE in popen_args assert 1000 == write_config_args[4] # positional argument for tls_port
def test_bootstrap_tls_non_default_verify_level(mocker, tmpdir): popen_mock, write_config_mock = setup_mocks(mocker) state_file_dir = str(tmpdir) verify = 0 with mount_efs.bootstrap_tls(MOCK_CONFIG, INIT_SYSTEM, DNS_NAME, FS_ID, AP_ID, MOUNT_POINT, {'verify': verify}, state_file_dir): pass popen_args, _ = popen_mock.call_args popen_args = popen_args[0] write_config_args, _ = write_config_mock.call_args assert 'stunnel' in popen_args assert EXPECTED_STUNNEL_CONFIG_FILE in popen_args assert 0 == write_config_args[6] # positional argument for verify_level
def test_bootstrap_tls_state_file_nonexistent_dir(mocker, tmpdir): popen_mock, _ = setup_mocks(mocker) state_file_dir = str(tmpdir.join(tempfile.mktemp())) def config_get_side_effect(section, field): if section == mount_efs.CONFIG_SECTION and field == 'state_file_dir_mode': return '0755' else: raise ValueError('Unexpected arguments') MOCK_CONFIG.get.side_effect = config_get_side_effect assert not os.path.exists(state_file_dir) with mount_efs.bootstrap_tls(MOCK_CONFIG, INIT_SYSTEM, DNS_NAME, FS_ID, MOUNT_POINT, {}, state_file_dir): pass assert os.path.exists(state_file_dir)
def test_bootstrap_tls_state_file_nonexistent_dir(mocker, tmpdir): popen_mock, _ = setup_mocks(mocker) state_file_dir = str(tmpdir.join(tempfile.mktemp())) def config_get_side_effect(section, field): if section == mount_efs.CONFIG_SECTION and field == 'state_file_dir_mode': return '0755' elif section == mount_efs.CONFIG_SECTION and field == 'dns_name_format': return '{fs_id}.efs.{region}.amazonaws.com' else: raise ValueError('Unexpected arguments') MOCK_CONFIG.get.side_effect = config_get_side_effect assert not os.path.exists(state_file_dir) mocker.patch('mount_efs._stunnel_bin', return_value='/usr/bin/stunnel') with mount_efs.bootstrap_tls(MOCK_CONFIG, INIT_SYSTEM, DNS_NAME, FS_ID, MOUNT_POINT, {}, state_file_dir): pass assert os.path.exists(state_file_dir)