Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1b42c7bf7a
moto/tests/test_acm/test_acm.py

384 lines
12 KiB
Python
Raw Normal View History

Added nearly all ACM method implementations Added cryptography>=2.0.0 to install deps Created base backend and certificate objects Implemented most of the methods Added pregenerated certs
2017-09-21 23:20:26 +00:00
from __future__ import unicode_literals
import os
import boto3
Finished ACM + tests
2017-09-22 13:26:05 +00:00
from freezegun import freeze_time
Added nearly all ACM method implementations Added cryptography>=2.0.0 to install deps Created base backend and certificate objects Implemented most of the methods Added pregenerated certs
2017-09-21 23:20:26 +00:00
import sure # noqa
ACM ~100% coverage
2017-10-28 16:07:34 +00:00
import uuid
Added nearly all ACM method implementations Added cryptography>=2.0.0 to install deps Created base backend and certificate objects Implemented most of the methods Added pregenerated certs
2017-09-21 23:20:26 +00:00
from botocore.exceptions import ClientError
from moto import mock_acm
RESOURCE_FOLDER = os.path.join(os.path.dirname(__file__), 'resources')
_GET_RESOURCE = lambda x: open(os.path.join(RESOURCE_FOLDER, x), 'rb').read()
CA_CRT = _GET_RESOURCE('ca.pem')
CA_KEY = _GET_RESOURCE('ca.key')
SERVER_CRT = _GET_RESOURCE('star_moto_com.pem')
Nearly finished implementation and tests
2017-09-22 10:21:36 +00:00
SERVER_COMMON_NAME = '*.moto.com'
Added nearly all ACM method implementations Added cryptography>=2.0.0 to install deps Created base backend and certificate objects Implemented most of the methods Added pregenerated certs
2017-09-21 23:20:26 +00:00
SERVER_CRT_BAD = _GET_RESOURCE('star_moto_com-bad.pem')
SERVER_KEY = _GET_RESOURCE('star_moto_com.key')
Nearly finished implementation and tests
2017-09-22 10:21:36 +00:00
BAD_ARN = 'arn:aws:acm:us-east-2:123456789012:certificate/_0000000-0000-0000-0000-000000000000'
Added nearly all ACM method implementations Added cryptography>=2.0.0 to install deps Created base backend and certificate objects Implemented most of the methods Added pregenerated certs
2017-09-21 23:20:26 +00:00
Nearly finished implementation and tests
2017-09-22 10:21:36 +00:00
def _import_cert(client):
response = client.import_certificate(
Certificate=SERVER_CRT,
PrivateKey=SERVER_KEY,
CertificateChain=CA_CRT
)
return response['CertificateArn']
# Also tests GetCertificate
Added nearly all ACM method implementations Added cryptography>=2.0.0 to install deps Created base backend and certificate objects Implemented most of the methods Added pregenerated certs
2017-09-21 23:20:26 +00:00
@mock_acm
def test_import_certificate():
client = boto3.client('acm', region_name='eu-central-1')
resp = client.import_certificate(
Certificate=SERVER_CRT,
PrivateKey=SERVER_KEY,
CertificateChain=CA_CRT
)
resp = client.get_certificate(CertificateArn=resp['CertificateArn'])
Nearly finished implementation and tests
2017-09-22 10:21:36 +00:00
resp['Certificate'].should.equal(SERVER_CRT.decode())
resp.should.contain('CertificateChain')
@mock_acm
def test_import_bad_certificate():
client = boto3.client('acm', region_name='eu-central-1')
try:
client.import_certificate(
Certificate=SERVER_CRT_BAD,
PrivateKey=SERVER_KEY,
)
except ClientError as err:
err.response['Error']['Code'].should.equal('ValidationException')
else:
raise RuntimeError('Should of raised ValidationException')
@mock_acm
def test_list_certificates():
client = boto3.client('acm', region_name='eu-central-1')
arn = _import_cert(client)
resp = client.list_certificates()
len(resp['CertificateSummaryList']).should.equal(1)
resp['CertificateSummaryList'][0]['CertificateArn'].should.equal(arn)
resp['CertificateSummaryList'][0]['DomainName'].should.equal(SERVER_COMMON_NAME)
@mock_acm
def test_get_invalid_certificate():
client = boto3.client('acm', region_name='eu-central-1')
try:
client.get_certificate(CertificateArn=BAD_ARN)
except ClientError as err:
err.response['Error']['Code'].should.equal('ResourceNotFoundException')
else:
raise RuntimeError('Should of raised ResourceNotFoundException')
# Also tests deleting invalid certificate
@mock_acm
def test_delete_certificate():
client = boto3.client('acm', region_name='eu-central-1')
arn = _import_cert(client)
# If it does not raise an error and the next call does, all is fine
client.delete_certificate(CertificateArn=arn)
try:
client.delete_certificate(CertificateArn=arn)
except ClientError as err:
err.response['Error']['Code'].should.equal('ResourceNotFoundException')
else:
raise RuntimeError('Should of raised ResourceNotFoundException')
@mock_acm
def test_describe_certificate():
client = boto3.client('acm', region_name='eu-central-1')
arn = _import_cert(client)
resp = client.describe_certificate(CertificateArn=arn)
resp['Certificate']['CertificateArn'].should.equal(arn)
resp['Certificate']['DomainName'].should.equal(SERVER_COMMON_NAME)
resp['Certificate']['Issuer'].should.equal('Moto')
resp['Certificate']['KeyAlgorithm'].should.equal('RSA_2048')
resp['Certificate']['Status'].should.equal('ISSUED')
resp['Certificate']['Type'].should.equal('IMPORTED')
@mock_acm
def test_describe_certificate():
client = boto3.client('acm', region_name='eu-central-1')
try:
client.describe_certificate(CertificateArn=BAD_ARN)
except ClientError as err:
err.response['Error']['Code'].should.equal('ResourceNotFoundException')
else:
raise RuntimeError('Should of raised ResourceNotFoundException')
# Also tests ListTagsForCertificate
@mock_acm
def test_add_tags_to_certificate():
client = boto3.client('acm', region_name='eu-central-1')
arn = _import_cert(client)
client.add_tags_to_certificate(
CertificateArn=arn,
Tags=[
{'Key': 'key1', 'Value': 'value1'},
{'Key': 'key2'},
]
)
resp = client.list_tags_for_certificate(CertificateArn=arn)
tags = {item['Key']: item.get('Value', '__NONE__') for item in resp['Tags']}
tags.should.contain('key1')
tags.should.contain('key2')
tags['key1'].should.equal('value1')
# This way, it ensures that we can detect if None is passed back when it shouldnt,
# as we store keys without values with a value of None, but it shouldnt be passed back
tags['key2'].should.equal('__NONE__')
@mock_acm
def test_add_tags_to_invalid_certificate():
client = boto3.client('acm', region_name='eu-central-1')
try:
client.add_tags_to_certificate(
CertificateArn=BAD_ARN,
Tags=[
{'Key': 'key1', 'Value': 'value1'},
{'Key': 'key2'},
]
)
except ClientError as err:
err.response['Error']['Code'].should.equal('ResourceNotFoundException')
else:
raise RuntimeError('Should of raised ResourceNotFoundException')
@mock_acm
def test_list_tags_for_invalid_certificate():
client = boto3.client('acm', region_name='eu-central-1')
try:
client.list_tags_for_certificate(CertificateArn=BAD_ARN)
except ClientError as err:
err.response['Error']['Code'].should.equal('ResourceNotFoundException')
else:
raise RuntimeError('Should of raised ResourceNotFoundException')
@mock_acm
def test_remove_tags_from_certificate():
client = boto3.client('acm', region_name='eu-central-1')
arn = _import_cert(client)
client.add_tags_to_certificate(
CertificateArn=arn,
Tags=[
{'Key': 'key1', 'Value': 'value1'},
{'Key': 'key2'},
{'Key': 'key3', 'Value': 'value3'},
{'Key': 'key4', 'Value': 'value4'},
]
)
client.remove_tags_from_certificate(
CertificateArn=arn,
Tags=[
{'Key': 'key1', 'Value': 'value2'}, # Should not remove as doesnt match
{'Key': 'key2'}, # Single key removal
{'Key': 'key3', 'Value': 'value3'}, # Exact match removal
{'Key': 'key4'} # Partial match removal
]
)
resp = client.list_tags_for_certificate(CertificateArn=arn)
tags = {item['Key']: item.get('Value', '__NONE__') for item in resp['Tags']}
for key in ('key2', 'key3', 'key4'):
tags.should_not.contain(key)
tags.should.contain('key1')
@mock_acm
def test_remove_tags_from_invalid_certificate():
client = boto3.client('acm', region_name='eu-central-1')
try:
client.remove_tags_from_certificate(
CertificateArn=BAD_ARN,
Tags=[
{'Key': 'key1', 'Value': 'value1'},
{'Key': 'key2'},
]
)
except ClientError as err:
err.response['Error']['Code'].should.equal('ResourceNotFoundException')
else:
raise RuntimeError('Should of raised ResourceNotFoundException')
Finished ACM + tests
2017-09-22 13:26:05 +00:00
@mock_acm
def test_resend_validation_email():
client = boto3.client('acm', region_name='eu-central-1')
arn = _import_cert(client)
client.resend_validation_email(
CertificateArn=arn,
Domain='*.moto.com',
ValidationDomain='NOTUSEDYET'
)
# Returns nothing, boto would raise Exceptions otherwise
@mock_acm
def test_resend_validation_email_invalid():
client = boto3.client('acm', region_name='eu-central-1')
arn = _import_cert(client)
try:
client.resend_validation_email(
CertificateArn=arn,
Domain='no-match.moto.com',
ValidationDomain='NOTUSEDYET'
)
except ClientError as err:
err.response['Error']['Code'].should.equal('InvalidDomainValidationOptionsException')
else:
raise RuntimeError('Should of raised InvalidDomainValidationOptionsException')
Nearly finished implementation and tests
2017-09-22 10:21:36 +00:00
Finished ACM + tests
2017-09-22 13:26:05 +00:00
try:
client.resend_validation_email(
CertificateArn=BAD_ARN,
Domain='no-match.moto.com',
ValidationDomain='NOTUSEDYET'
)
except ClientError as err:
err.response['Error']['Code'].should.equal('ResourceNotFoundException')
else:
raise RuntimeError('Should of raised ResourceNotFoundException')
Nearly finished implementation and tests
2017-09-22 10:21:36 +00:00
Finished ACM + tests
2017-09-22 13:26:05 +00:00
@mock_acm
def test_request_certificate():
client = boto3.client('acm', region_name='eu-central-1')
Nearly finished implementation and tests
2017-09-22 10:21:36 +00:00
ACM ~100% coverage
2017-10-28 16:07:34 +00:00
token = str(uuid.uuid4())
Finished ACM + tests
2017-09-22 13:26:05 +00:00
resp = client.request_certificate(
DomainName='google.com',
ACM ~100% coverage
2017-10-28 16:07:34 +00:00
IdempotencyToken=token,
Finished ACM + tests
2017-09-22 13:26:05 +00:00
SubjectAlternativeNames=['google.com', 'www.google.com', 'mail.google.com'],
)
resp.should.contain('CertificateArn')
ACM ~100% coverage
2017-10-28 16:07:34 +00:00
arn = resp['CertificateArn']
resp = client.request_certificate(
DomainName='google.com',
IdempotencyToken=token,
SubjectAlternativeNames=['google.com', 'www.google.com', 'mail.google.com'],
)
resp['CertificateArn'].should.equal(arn)
Finished ACM + tests
2017-09-22 13:26:05 +00:00
add test
2017-10-20 00:47:21 +00:00
@mock_acm
def test_request_certificate_no_san():
client = boto3.client('acm', region_name='eu-central-1')
resp = client.request_certificate(
DomainName='google.com'
)
resp.should.contain('CertificateArn')
resp2 = client.describe_certificate(
CertificateArn=resp['CertificateArn']
)
resp2.should.contain('Certificate')
Finished ACM + tests
2017-09-22 13:26:05 +00:00
Revert "Add back ACM tests." This reverts commit d11ecddddea34dc9db52d89c455835acdde48d07.
2018-04-13 14:37:06 +00:00
# # Also tests the SAN code
# # requires Pull: https://github.com/spulec/freezegun/pull/210
# @freeze_time("2012-01-01 12:00:00", as_arg=True)
# @mock_acm
# def test_request_certificate(frozen_time):
# # After requesting a certificate, it should then auto-validate after 1 minute
# # Some sneaky programming for that ;-)
# client = boto3.client('acm', region_name='eu-central-1')
#
# resp = client.request_certificate(
# DomainName='google.com',
# SubjectAlternativeNames=['google.com', 'www.google.com', 'mail.google.com'],
# )
# arn = resp['CertificateArn']
#
# resp = client.describe_certificate(CertificateArn=arn)
# resp['Certificate']['CertificateArn'].should.equal(arn)
# resp['Certificate']['DomainName'].should.equal('google.com')
# resp['Certificate']['Issuer'].should.equal('Amazon')
# resp['Certificate']['KeyAlgorithm'].should.equal('RSA_2048')
# resp['Certificate']['Status'].should.equal('PENDING_VALIDATION')
# resp['Certificate']['Type'].should.equal('AMAZON_ISSUED')
# len(resp['Certificate']['SubjectAlternativeNames']).should.equal(3)
#
# # Move time
# frozen_time.move_to('2012-01-01 12:02:00')
# resp = client.describe_certificate(CertificateArn=arn)
# resp['Certificate']['CertificateArn'].should.equal(arn)
# resp['Certificate']['Status'].should.equal('ISSUED')
#
#
# # requires Pull: https://github.com/spulec/freezegun/pull/210
# @freeze_time("2012-01-01 12:00:00", as_arg=True)
# @mock_acm
# def test_request_certificate(frozen_time):
# # After requesting a certificate, it should then auto-validate after 1 minute
# # Some sneaky programming for that ;-)
# client = boto3.client('acm', region_name='eu-central-1')
#
# resp = client.request_certificate(
# IdempotencyToken='test_token',
# DomainName='google.com',
# SubjectAlternativeNames=['google.com', 'www.google.com', 'mail.google.com'],
# )
# original_arn = resp['CertificateArn']
#
# # Should be able to request a certificate multiple times in an hour
# # after that it makes a new one
# for time_intervals in ('2012-01-01 12:15:00', '2012-01-01 12:30:00', '2012-01-01 12:45:00'):
# frozen_time.move_to(time_intervals)
# resp = client.request_certificate(
# IdempotencyToken='test_token',
# DomainName='google.com',
# SubjectAlternativeNames=['google.com', 'www.google.com', 'mail.google.com'],
# )
# arn = resp['CertificateArn']
# arn.should.equal(original_arn)
#
# # Move time
# frozen_time.move_to('2012-01-01 13:01:00')
# resp = client.request_certificate(
# IdempotencyToken='test_token',
# DomainName='google.com',
# SubjectAlternativeNames=['google.com', 'www.google.com', 'mail.google.com'],
# )
# arn = resp['CertificateArn']
# arn.should_not.equal(original_arn)
Reference in New Issue Copy Permalink