test_add_stunnel_ca_options.py 3.14 KB
Newer Older
Max Beckett's avatar
Max Beckett committed
1
2
3
4
5
6
7
8
9
10
11
12
13
#
# Copyright 2017-2018 Amazon.com, Inc. and its affiliates. All Rights Reserved.
#
# Licensed under the MIT License. See the LICENSE accompanying this file
# for the specific language governing permissions and limitations under
# the License.
#

import mount_efs
import tempfile

import pytest

14
15
16
17
18
try:
    import ConfigParser
except ImportError:
    from configparser import ConfigParser

Max Beckett's avatar
Max Beckett committed
19
20
CAPATH = '/capath'
CAFILE = '/cafile.crt'
21
22
23
DEFAULT_REGION = 'us-east-1'
ISOLATED_REGION = 'us-iso-east-1'
ISOLATED_REGION_STUNNEL_CAFILE = '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem'
Max Beckett's avatar
Max Beckett committed
24
25


26
27
28
29
30
31
32
33
34
35
def _get_config():
    try:
        config = ConfigParser.SafeConfigParser()
    except AttributeError:
        config = ConfigParser()
    config.add_section(mount_efs.CONFIG_SECTION)
    return config


def _create_temp_file(tmpdir, content=''):
Max Beckett's avatar
Max Beckett committed
36
37
38
39
40
    temp_file = tmpdir.join(tempfile.mktemp())
    temp_file.write(content, ensure=True)
    return temp_file


Ian Patel's avatar
Ian Patel committed
41
def test_use_existing_cafile(tmpdir):
42
    options = {'cafile': str(_create_temp_file(tmpdir))}
Max Beckett's avatar
Max Beckett committed
43
44
    efs_config = {}

45
    mount_efs.add_stunnel_ca_options(efs_config, _get_config(), options, DEFAULT_REGION)
Max Beckett's avatar
Max Beckett committed
46

47
    assert options['cafile'] == efs_config.get('CAfile')
Max Beckett's avatar
Max Beckett committed
48
49
50
    assert 'CApath' not in efs_config


Ian Patel's avatar
Ian Patel committed
51
def test_use_missing_cafile(capsys):
52
    options = {'cafile': '/missing1'}
Max Beckett's avatar
Max Beckett committed
53
54
55
    efs_config = {}

    with pytest.raises(SystemExit) as ex:
56
        mount_efs.add_stunnel_ca_options(efs_config, _get_config(), options, DEFAULT_REGION)
Max Beckett's avatar
Max Beckett committed
57
58
59
60

    assert 0 != ex.value.code

    out, err = capsys.readouterr()
61
62
63
64
65
66
67
68
69
    assert 'Failed to find certificate authority file for verification' in err


def test_stunnel_cafile_configuration_in_option(mocker):
    options = {'cafile': CAFILE}
    efs_config = {}

    mocker.patch('os.path.exists', return_value=True)

70
    mount_efs.add_stunnel_ca_options(efs_config, _get_config(), options, DEFAULT_REGION)
71
72
73
74
75
76
77
78
79
80
81
82
83

    assert CAFILE == efs_config.get('CAfile')


def test_stunnel_cafile_configuration_in_config(mocker):
    options = {}
    efs_config = {}

    config = _get_config()
    config.set(mount_efs.CONFIG_SECTION, 'stunnel_cafile', CAFILE)

    mocker.patch('os.path.exists', return_value=True)

84
    mount_efs.add_stunnel_ca_options(efs_config, config, options, DEFAULT_REGION)
85
86
87
88
89
90
91
92
93
94

    assert CAFILE == efs_config.get('CAfile')


def test_stunnel_cafile_not_configured(mocker):
    options = {}
    efs_config = {}

    mocker.patch('os.path.exists', return_value=True)

95
    mount_efs.add_stunnel_ca_options(efs_config, _get_config(), options, DEFAULT_REGION)
96
97

    assert mount_efs.DEFAULT_STUNNEL_CAFILE == efs_config.get('CAfile')
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114


def test_stunnel_cafile_configured_in_mount_region_section(mocker):
    options = {}
    efs_config = {}

    config = _get_config()
    config.set(mount_efs.CONFIG_SECTION, 'stunnel_cafile', CAFILE)
    config_section = '%s.%s' % (mount_efs.CONFIG_SECTION, ISOLATED_REGION)
    config.add_section(config_section)
    config.set(config_section, 'stunnel_cafile', ISOLATED_REGION_STUNNEL_CAFILE)
    
    mocker.patch('os.path.exists', return_value=True)

    mount_efs.add_stunnel_ca_options(efs_config, config, options, ISOLATED_REGION)

    assert ISOLATED_REGION_STUNNEL_CAFILE == efs_config.get('CAfile')