def _test_certificate_with_iam_with_ap_with_invalid_client_source_config( mocker, tmpdir, client_source): mocker.patch('mount_efs.check_if_platform_is_mac', return_value=False) config = _get_mock_config(client_info={'source': client_source} ) if client_source else _get_config() client_info = mount_efs.get_client_info(config) pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig') mount_efs.create_certificate(config, MOUNT_NAME, COMMON_NAME, REGION, FS_ID, CREDENTIALS, AP_ID, client_info, base_path=str(tmpdir)) # Any invalid or not given client source should be marked as unknown expected_client_info = { 'source': 'unknown', 'efs_utils_version': mount_efs.VERSION } with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f: conf_body = f.read() assert conf_body == mount_efs.create_ca_conf( tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path, FIXED_DT, REGION, FS_ID, CREDENTIALS, AP_ID, expected_client_info) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem')) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr')) assert os.path.exists( os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def test_certificate_without_iam_without_ap_id_with_client_source( mocker, tmpdir): config = _get_mock_config() pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig') mount_efs.create_certificate(config, MOUNT_NAME, COMMON_NAME, REGION, FS_ID, None, None, CLIENT_INFO, base_path=str(tmpdir)) with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f: conf_body = f.read() assert conf_body == mount_efs.create_ca_conf( tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path, FIXED_DT, REGION, FS_ID, None, None, CLIENT_INFO) assert os.path.exists(pk_path) assert not os.path.exists( os.path.join(tls_dict['mount_dir'], 'publicKey.pem')) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr')) assert os.path.exists( os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def _test_recreate_certificate_with_valid_client_source_config( mocker, tmpdir, client_source): config = _get_mock_config(client_info={'source': client_source} ) if client_source else _get_config() client_info = mount_efs.get_client_info(config) pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, 'tmpConfig') mount_efs.create_certificate(config, MOUNT_NAME, COMMON_NAME, REGION, FS_ID, CREDENTIALS, AP_ID, client_info, base_path=str(tmpdir)) expected_client_info = { 'source': client_source, 'efs_utils_version': mount_efs.VERSION } with open(os.path.join(tls_dict['mount_dir'], 'config.conf')) as f: conf_body = f.read() assert conf_body == mount_efs.create_ca_conf( tmp_config_path, COMMON_NAME, tls_dict['mount_dir'], pk_path, FIXED_DT, REGION, FS_ID, CREDENTIALS, AP_ID, expected_client_info) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem')) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr')) assert os.path.exists( os.path.join(tls_dict['mount_dir'], 'certificate.pem'))
def test_certificate_with_iam_without_ap_id(mocker, tmpdir): config = _get_mock_config() pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, "tmpConfig") mount_efs.create_certificate( config, MOUNT_NAME, COMMON_NAME, REGION, FS_ID, CREDENTIALS, None, CLIENT_INFO, base_path=str(tmpdir), ) with open(os.path.join(tls_dict["mount_dir"], "config.conf")) as f: conf_body = f.read() assert conf_body == mount_efs.create_ca_conf( tmp_config_path, COMMON_NAME, tls_dict["mount_dir"], pk_path, FIXED_DT, REGION, FS_ID, CREDENTIALS, None, CLIENT_INFO, ) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem")) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr")) assert os.path.exists( os.path.join(tls_dict["mount_dir"], "certificate.pem"))
def _create_certificate_and_state(tls_dict, temp_dir, pk_path, timestamp, security_credentials=None, credentials_source=None, ap_id=None, remove_cert=False, client_info=None): config = _get_config() good_ap_id = AP_ID if ap_id else None mount_efs.create_certificate(config, MOUNT_NAME, COMMON_NAME, REGION, FS_ID, security_credentials, good_ap_id, client_info, base_path=str(temp_dir)) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict['mount_dir'], 'request.csr')) assert os.path.exists( os.path.join(tls_dict['mount_dir'], 'certificate.pem')) public_key_present = os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem')) if security_credentials \ else not os.path.exists(os.path.join(tls_dict['mount_dir'], 'publicKey.pem')) assert public_key_present state = { 'pid': PID, 'commonName': COMMON_NAME, 'certificate': os.path.join(tls_dict['mount_dir'], 'certificate.pem'), 'certificateCreationTime': timestamp, 'mountStateDir': MOUNT_NAME, 'region': REGION, 'fsId': FS_ID, 'privateKey': pk_path, } if credentials_source: state['awsCredentialsMethod'] = credentials_source if ap_id: state['accessPoint'] = ap_id with open(os.path.join(temp_dir, STATE_FILE), 'w+') as f: f.write(json.dumps(state)) if remove_cert: os.remove(os.path.join(tls_dict['mount_dir'], 'certificate.pem')) assert not os.path.exists( os.path.join(tls_dict['mount_dir'], 'certificate.pem')) return state
def _test_recreate_certificate_with_valid_client_source_config( mocker, tmpdir, client_source): mocker.patch( "mount_efs.check_if_platform_is_mac", return_value=False if client_source != "macos" else True, ) config = (_get_mock_config(client_info={"source": client_source}) if client_source else _get_config()) client_info = mount_efs.get_client_info(config) pk_path = _get_mock_private_key_path(mocker, tmpdir) tls_dict = mount_efs.tls_paths_dictionary(MOUNT_NAME, str(tmpdir)) tmp_config_path = os.path.join(str(tmpdir), MOUNT_NAME, "tmpConfig") mount_efs.create_certificate( config, MOUNT_NAME, COMMON_NAME, REGION, FS_ID, CREDENTIALS, AP_ID, client_info, base_path=str(tmpdir), ) expected_client_info = { "source": client_source, "efs_utils_version": mount_efs.VERSION, } with open(os.path.join(tls_dict["mount_dir"], "config.conf")) as f: conf_body = f.read() assert conf_body == mount_efs.create_ca_conf( tmp_config_path, COMMON_NAME, tls_dict["mount_dir"], pk_path, FIXED_DT, REGION, FS_ID, CREDENTIALS, AP_ID, expected_client_info, ) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem")) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr")) assert os.path.exists( os.path.join(tls_dict["mount_dir"], "certificate.pem"))
def _create_certificate_and_state( tls_dict, temp_dir, pk_path, timestamp, security_credentials=None, credentials_source=None, ap_id=None, remove_cert=False, client_info=None, ): config = _get_config() good_ap_id = AP_ID if ap_id else None mount_efs.create_certificate( config, MOUNT_NAME, COMMON_NAME, REGION, FS_ID, security_credentials, good_ap_id, client_info, base_path=str(temp_dir), ) assert os.path.exists(pk_path) assert os.path.exists(os.path.join(tls_dict["mount_dir"], "request.csr")) assert os.path.exists( os.path.join(tls_dict["mount_dir"], "certificate.pem")) public_key_present = ( os.path.exists(os.path.join(tls_dict["mount_dir"], "publicKey.pem")) if security_credentials else not os.path.exists( os.path.join(tls_dict["mount_dir"], "publicKey.pem"))) assert public_key_present state = { "pid": PID, "commonName": COMMON_NAME, "certificate": os.path.join(tls_dict["mount_dir"], "certificate.pem"), "certificateCreationTime": timestamp, "mountStateDir": MOUNT_NAME, "region": REGION, "fsId": FS_ID, "privateKey": pk_path, } if credentials_source: state["awsCredentialsMethod"] = credentials_source if ap_id: state["accessPoint"] = ap_id with open(os.path.join(temp_dir, STATE_FILE), "w+") as f: f.write(json.dumps(state)) if remove_cert: os.remove(os.path.join(tls_dict["mount_dir"], "certificate.pem")) assert not os.path.exists( os.path.join(tls_dict["mount_dir"], "certificate.pem")) return state