From 8ccc210eef4a5592bc97033a54ffb5833e47047e Mon Sep 17 00:00:00 2001 From: Kieran Doonan Date: Mon, 4 Jul 2016 11:01:48 +0100 Subject: [PATCH 01/11] added tests for encrypted ec2 volumes --- tests/test_ec2/test_elastic_block_store.py | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/tests/test_ec2/test_elastic_block_store.py b/tests/test_ec2/test_elastic_block_store.py index 05a0e72d0..8eb421f3c 100644 --- a/tests/test_ec2/test_elastic_block_store.py +++ b/tests/test_ec2/test_elastic_block_store.py @@ -20,6 +20,7 @@ def test_create_and_delete_volume(): all_volumes.should.have.length_of(1) all_volumes[0].size.should.equal(80) all_volumes[0].zone.should.equal("us-east-1a") + all_volumes[0].encrypted.should.equal(False) volume = all_volumes[0] volume.delete() @@ -34,6 +35,15 @@ def test_create_and_delete_volume(): cm.exception.request_id.should_not.be.none +@mock_ec2 +def test_create_encrypted_volume(): + conn = boto.connect_ec2('the_key', 'the_secret') + conn.create_volume(80, "us-east-1a", encrypted=True) + + all_volumes = conn.get_all_volumes() + all_volumes[0].encrypted.should.equal(True) + + @mock_ec2 def test_filter_volume_by_id(): conn = boto.connect_ec2('the_key', 'the_secret') @@ -57,9 +67,9 @@ def test_volume_filters(): instance.update() - volume1 = conn.create_volume(80, "us-east-1a") - volume2 = conn.create_volume(36, "us-east-1b") - volume3 = conn.create_volume(20, "us-east-1c") + volume1 = conn.create_volume(80, "us-east-1a", encrypted=True) + volume2 = conn.create_volume(36, "us-east-1b", encrypted=False) + volume3 = conn.create_volume(20, "us-east-1c", encrypted=False) snapshot = volume3.create_snapshot(description='testsnap') volume4 = conn.create_volume(25, "us-east-1a", snapshot=snapshot) @@ -107,6 +117,9 @@ def test_volume_filters(): volumes_by_tag = conn.get_all_volumes(filters={'tag:testkey1': 'testvalue1'}) set([vol.id for vol in volumes_by_tag]).should.equal(set([volume1.id])) + volumes_by_encrypted = conn.get_all_volumes(filters={'encrypted': 'true'}) + set([vol.id for vol in volumes_by_encrypted]).should.equal(set([volume1.id])) + @mock_ec2 def test_volume_attach_and_detach(): @@ -208,7 +221,7 @@ def test_snapshot_filters(): snapshot1 = volume1.create_snapshot(description='testsnapshot1') snapshot2 = volume1.create_snapshot(description='testsnapshot2') snapshot3 = volume2.create_snapshot(description='testsnapshot3') - + conn.create_tags([snapshot1.id], {'testkey1': 'testvalue1'}) conn.create_tags([snapshot2.id], {'testkey2': 'testvalue2'}) From e8a564b6b440d82df17e23e095a99d798f86081f Mon Sep 17 00:00:00 2001 From: Kieran Doonan Date: Mon, 4 Jul 2016 11:23:46 +0100 Subject: [PATCH 02/11] ebs model now supports encrpyted volumes --- moto/ec2/models.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/moto/ec2/models.py b/moto/ec2/models.py index 40277a660..16200da9d 100644 --- a/moto/ec2/models.py +++ b/moto/ec2/models.py @@ -1534,7 +1534,7 @@ class VolumeAttachment(object): class Volume(TaggedEC2Resource): - def __init__(self, ec2_backend, volume_id, size, zone, snapshot_id=None): + def __init__(self, ec2_backend, volume_id, size, zone, snapshot_id=None, encrypted=False): self.id = volume_id self.size = size self.zone = zone @@ -1542,6 +1542,7 @@ class Volume(TaggedEC2Resource): self.attachment = None self.snapshot_id = snapshot_id self.ec2_backend = ec2_backend + self.encrypted = encrypted @classmethod def create_from_cloudformation_json(cls, resource_name, cloudformation_json, region_name): @@ -1591,6 +1592,9 @@ class Volume(TaggedEC2Resource): if filter_name == 'volume-id': return self.id + if filter_name == 'encrypted': + return str(self.encrypted).lower() + filter_value = super(Volume, self).get_filter_value(filter_name) if filter_value is None: From 9ea06399ba6805bd3920b74fa02cd3608918049b Mon Sep 17 00:00:00 2001 From: Kieran Doonan Date: Mon, 4 Jul 2016 11:24:13 +0100 Subject: [PATCH 03/11] describe instances response now shows encrypted status --- moto/ec2/responses/elastic_block_store.py | 1 + 1 file changed, 1 insertion(+) diff --git a/moto/ec2/responses/elastic_block_store.py b/moto/ec2/responses/elastic_block_store.py index 2324cb354..b4934cc8d 100644 --- a/moto/ec2/responses/elastic_block_store.py +++ b/moto/ec2/responses/elastic_block_store.py @@ -135,6 +135,7 @@ DESCRIBE_VOLUMES_RESPONSE = """ Date: Mon, 4 Jul 2016 14:09:41 +0100 Subject: [PATCH 07/11] updated ebs response --- moto/ec2/responses/elastic_block_store.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/moto/ec2/responses/elastic_block_store.py b/moto/ec2/responses/elastic_block_store.py index 4a6dc42d1..d9699ce64 100644 --- a/moto/ec2/responses/elastic_block_store.py +++ b/moto/ec2/responses/elastic_block_store.py @@ -29,7 +29,7 @@ class ElasticBlockStore(BaseResponse): size = self._get_param('Size') zone = self._get_param('AvailabilityZone') snapshot_id = self._get_param('SnapshotId') - encrypted = self._get_param('Encrypted') + encrypted = self._get_param('Encrypted') or 'false' volume = self.ec2_backend.create_volume(size, zone, snapshot_id, encrypted) template = self.response_template(CREATE_VOLUME_RESPONSE) return template.render(volume=volume) From 2d73052eef76d4defd56d58550c8dd60b97f5aa1 Mon Sep 17 00:00:00 2001 From: Kieran Doonan Date: Mon, 4 Jul 2016 14:19:29 +0100 Subject: [PATCH 08/11] added tests for encrypted snapshots --- tests/test_ec2/test_elastic_block_store.py | 38 ++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/tests/test_ec2/test_elastic_block_store.py b/tests/test_ec2/test_elastic_block_store.py index 03df8ec26..a5d0ea3b5 100644 --- a/tests/test_ec2/test_elastic_block_store.py +++ b/tests/test_ec2/test_elastic_block_store.py @@ -182,6 +182,7 @@ def test_create_snapshot(): snapshots.should.have.length_of(1) snapshots[0].description.should.equal('a test snapshot') snapshots[0].start_time.should_not.be.none + snapshots[0].encrypted.should.be(False) # Create snapshot without description snapshot = volume.create_snapshot() @@ -198,6 +199,21 @@ def test_create_snapshot(): cm.exception.request_id.should_not.be.none +@mock_ec2 +def test_create_encrypted_snapshot(): + conn = boto.connect_ec2('the_key', 'the_secret') + volume = conn.create_volume(80, "us-east-1a", encrypted=True) + snapshot = volume.create_snapshot('a test snapshot') + snapshot.update() + snapshot.status.should.equal('completed') + + snapshots = conn.get_all_snapshots() + snapshots.should.have.length_of(1) + snapshots[0].description.should.equal('a test snapshot') + snapshots[0].start_time.should_not.be.none + snapshots[0].encrypted.should.be(True) + + @mock_ec2 def test_filter_snapshot_by_id(): conn = boto.connect_ec2('the_key', 'the_secret') @@ -222,8 +238,8 @@ def test_filter_snapshot_by_id(): @mock_ec2 def test_snapshot_filters(): conn = boto.connect_ec2('the_key', 'the_secret') - volume1 = conn.create_volume(20, "us-east-1a") - volume2 = conn.create_volume(25, "us-east-1a") + volume1 = conn.create_volume(20, "us-east-1a", encrypted=False) + volume2 = conn.create_volume(25, "us-east-1a", encrypted=True) snapshot1 = volume1.create_snapshot(description='testsnapshot1') snapshot2 = volume1.create_snapshot(description='testsnapshot2') @@ -256,6 +272,9 @@ def test_snapshot_filters(): snapshots_by_tag = conn.get_all_snapshots(filters={'tag:testkey1': 'testvalue1'}) set([snap.id for snap in snapshots_by_tag]).should.equal(set([snapshot1.id])) + snapshots_by_encrypted = conn.get_all_snapshots(filters={'encrypted': 'true'}) + set([snap.id for snap in snapshots_by_encrypted]).should.equal(set([snapshot3.id])) + @mock_ec2 def test_snapshot_attribute(): @@ -352,6 +371,21 @@ def test_create_volume_from_snapshot(): new_volume.snapshot_id.should.equal(snapshot.id) +@mock_ec2 +def test_create_volume_from_encrypted_snapshot(): + conn = boto.connect_ec2('the_key', 'the_secret') + volume = conn.create_volume(80, "us-east-1a", encrypted=True) + + snapshot = volume.create_snapshot('a test snapshot') + snapshot.update() + snapshot.status.should.equal('completed') + + new_volume = snapshot.create_volume('us-east-1a') + new_volume.size.should.equal(80) + new_volume.snapshot_id.should.equal(snapshot.id) + new_volume.encrypted.should.be(True) + + @mock_ec2 def test_modify_attribute_blockDeviceMapping(): """ From e9af4c906509bb18d5e1b6899cba478a04907394 Mon Sep 17 00:00:00 2001 From: Kieran Doonan Date: Mon, 4 Jul 2016 14:21:31 +0100 Subject: [PATCH 09/11] changed equal to be for booleans --- tests/test_ec2/test_elastic_block_store.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/test_ec2/test_elastic_block_store.py b/tests/test_ec2/test_elastic_block_store.py index a5d0ea3b5..5ad6a5399 100644 --- a/tests/test_ec2/test_elastic_block_store.py +++ b/tests/test_ec2/test_elastic_block_store.py @@ -20,7 +20,7 @@ def test_create_and_delete_volume(): all_volumes.should.have.length_of(1) all_volumes[0].size.should.equal(80) all_volumes[0].zone.should.equal("us-east-1a") - all_volumes[0].encrypted.should.equal(False) + all_volumes[0].encrypted.should.be(False) volume = all_volumes[0] volume.delete() @@ -41,7 +41,7 @@ def test_create_encrypted_volume(): conn.create_volume(80, "us-east-1a", encrypted=True) all_volumes = conn.get_all_volumes() - all_volumes[0].encrypted.should.equal(True) + all_volumes[0].encrypted.should.be(True) @mock_ec2 From 44195a91512466b676292f6e00ae6985ed816a6d Mon Sep 17 00:00:00 2001 From: Kieran Doonan Date: Mon, 4 Jul 2016 14:29:33 +0100 Subject: [PATCH 10/11] added encrypted attribute to snapshots --- moto/ec2/models.py | 8 ++++++-- moto/ec2/responses/elastic_block_store.py | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/moto/ec2/models.py b/moto/ec2/models.py index 704d6f7e7..cbbe41d7b 100644 --- a/moto/ec2/models.py +++ b/moto/ec2/models.py @@ -1604,7 +1604,7 @@ class Volume(TaggedEC2Resource): class Snapshot(TaggedEC2Resource): - def __init__(self, ec2_backend, snapshot_id, volume, description): + def __init__(self, ec2_backend, snapshot_id, volume, description, encrypted=False): self.id = snapshot_id self.volume = volume self.description = description @@ -1612,6 +1612,7 @@ class Snapshot(TaggedEC2Resource): self.create_volume_permission_groups = set() self.ec2_backend = ec2_backend self.status = 'completed' + self.encrypted = encrypted def get_filter_value(self, filter_name): @@ -1630,6 +1631,9 @@ class Snapshot(TaggedEC2Resource): if filter_name == 'volume-size': return self.volume.size + if filter_name == 'encrypted': + return str(self.encrypted).lower() + filter_value = super(Snapshot, self).get_filter_value(filter_name) if filter_value is None: @@ -1701,7 +1705,7 @@ class EBSBackend(object): def create_snapshot(self, volume_id, description): snapshot_id = random_snapshot_id() volume = self.get_volume(volume_id) - snapshot = Snapshot(self, snapshot_id, volume, description) + snapshot = Snapshot(self, snapshot_id, volume, description, volume.encrypted) self.snapshots[snapshot_id] = snapshot return snapshot diff --git a/moto/ec2/responses/elastic_block_store.py b/moto/ec2/responses/elastic_block_store.py index d9699ce64..a0537e6a0 100644 --- a/moto/ec2/responses/elastic_block_store.py +++ b/moto/ec2/responses/elastic_block_store.py @@ -202,6 +202,7 @@ CREATE_SNAPSHOT_RESPONSE = """ @@ -217,6 +218,7 @@ DESCRIBE_SNAPSHOTS_RESPONSE = """