Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #150 from kevgliss/enhanced_ssl_support

Browse Source 
Enhanced ssl support
This commit is contained in:
Steve Pulec 2014-07-18 20:55:02 -04:00
commit 4b5b072b27
6 changed files with 319 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
moto/elb/models.py
View File

@ -12,10 +12,11 @@ class FakeHealthCheck(object):
class FakeListener(object): class FakeListener(object):
def __init__(self, load_balancer_port, instance_port, protocol): def __init__(self, load_balancer_port, instance_port, protocol, ssl_certificate_id):
self.load_balancer_port = load_balancer_port self.load_balancer_port = load_balancer_port
self.instance_port = instance_port self.instance_port = instance_port
self.protocol = protocol.upper() self.protocol = protocol.upper()
self.ssl_certificate_id = ssl_certificate_id
class FakeLoadBalancer(object): class FakeLoadBalancer(object):
@ -25,11 +26,13 @@ class FakeLoadBalancer(object):
self.instance_ids = [] self.instance_ids = []
self.zones = zones self.zones = zones
self.listeners = [] self.listeners = []
for protocol, lb_port, instance_port in ports:
for protocol, lb_port, instance_port, ssl_certificate_id in ports:
listener = FakeListener( listener = FakeListener(
protocol=protocol, protocol=protocol,
load_balancer_port=lb_port, load_balancer_port=lb_port,
instance_port=instance_port, instance_port=instance_port,
ssl_certificate_id=ssl_certificate_id
) )
self.listeners.append(listener) self.listeners.append(listener)
@ -63,6 +66,18 @@ class ELBBackend(BaseBackend):
self.load_balancers[name] = new_load_balancer self.load_balancers[name] = new_load_balancer
return new_load_balancer return new_load_balancer
def create_load_balancer_listeners(self, name, ports):
balancer = self.load_balancers.get(name, None)
if balancer:
for protocol, lb_port, instance_port, ssl_certificate_id in ports:
for listener in balancer.listeners:
if lb_port == listener.load_balancer_port:
break
else:
balancer.listeners.append(FakeListener(lb_port, instance_port, protocol, ssl_certificate_id))
return balancer
def describe_load_balancers(self, names): def describe_load_balancers(self, names):
balancers = self.load_balancers.values() balancers = self.load_balancers.values()
if names: if names:
@ -70,6 +85,19 @@ class ELBBackend(BaseBackend):
else: else:
return balancers return balancers
def delete_load_balancer_listeners(self, name, ports):
balancer = self.load_balancers.get(name, None)
listeners = []
if balancer:
for lb_port in ports:
for listener in balancer.listeners:
if int(lb_port) == int(listener.load_balancer_port):
continue
else:
listeners.append(listener)
balancer.listeners = listeners
return balancer
def delete_load_balancer(self, load_balancer_name): def delete_load_balancer(self, load_balancer_name):
self.load_balancers.pop(load_balancer_name, None) self.load_balancers.pop(load_balancer_name, None)
@ -85,6 +113,15 @@ class ELBBackend(BaseBackend):
load_balancer.health_check = check load_balancer.health_check = check
return check return check
def set_load_balancer_listener_sslcertificate(self, name, lb_port, ssl_certificate_id):
balancer = self.load_balancers.get(name, None)
if balancer:
for idx, listener in enumerate(balancer.listeners):
if lb_port == listener.load_balancer_port:
balancer.listeners[idx].ssl_certificate_id = ssl_certificate_id
return balancer
def register_instances(self, load_balancer_name, instance_ids): def register_instances(self, load_balancer_name, instance_ids):
load_balancer = self.get_load_balancer(load_balancer_name) load_balancer = self.get_load_balancer(load_balancer_name)
load_balancer.instance_ids.extend(instance_ids) load_balancer.instance_ids.extend(instance_ids)

74
moto/elb/responses.py
View File

@ -21,8 +21,10 @@ class ELBResponse(BaseResponse):
break break
lb_port = self.querystring['Listeners.member.{0}.LoadBalancerPort'.format(port_index)][0] lb_port = self.querystring['Listeners.member.{0}.LoadBalancerPort'.format(port_index)][0]
instance_port = self.querystring['Listeners.member.{0}.InstancePort'.format(port_index)][0] instance_port = self.querystring['Listeners.member.{0}.InstancePort'.format(port_index)][0]
ports.append([protocol, lb_port, instance_port]) ssl_certificate_id = self.querystring.get('Listeners.member.{0}.SSLCertificateId'.format(port_index)[0], None)
ports.append([protocol, lb_port, instance_port, ssl_certificate_id])
port_index += 1 port_index += 1
elb_backend.create_load_balancer( elb_backend.create_load_balancer(
name=load_balancer_name, name=load_balancer_name,
zones=availability_zones, zones=availability_zones,
@ -31,12 +33,49 @@ class ELBResponse(BaseResponse):
template = Template(CREATE_LOAD_BALANCER_TEMPLATE) template = Template(CREATE_LOAD_BALANCER_TEMPLATE)
return template.render() return template.render()
def create_load_balancer_listeners(self):
load_balancer_name = self.querystring.get('LoadBalancerName')[0]
ports = []
port_index = 1
while True:
try:
protocol = self.querystring['Listeners.member.{0}.Protocol'.format(port_index)][0]
except KeyError:
break
lb_port = self.querystring['Listeners.member.{0}.LoadBalancerPort'.format(port_index)][0]
instance_port = self.querystring['Listeners.member.{0}.InstancePort'.format(port_index)][0]
ssl_certificate_id = self.querystring.get('Listeners.member.{0}.SSLCertificateId'.format(port_index)[0], None)
ports.append([protocol, lb_port, instance_port, ssl_certificate_id])
port_index += 1
elb_backend.create_load_balancer_listeners(name=load_balancer_name, ports=ports)
template = Template(CREATE_LOAD_BALANCER_LISTENERS_TEMPLATE)
return template.render()
def describe_load_balancers(self): def describe_load_balancers(self):
names = [value[0] for key, value in self.querystring.items() if "LoadBalancerNames.member" in key] names = [value[0] for key, value in self.querystring.items() if "LoadBalancerNames.member" in key]
load_balancers = elb_backend.describe_load_balancers(names) load_balancers = elb_backend.describe_load_balancers(names)
template = Template(DESCRIBE_LOAD_BALANCERS_TEMPLATE) template = Template(DESCRIBE_LOAD_BALANCERS_TEMPLATE)
return template.render(load_balancers=load_balancers) return template.render(load_balancers=load_balancers)
def delete_load_balancer_listeners(self):
load_balancer_name = self.querystring.get('LoadBalancerName')[0]
ports = []
port_index = 1
while True:
try:
port = self.querystring['LoadBalancerPorts.member.{0}'.format(port_index)][0]
except KeyError:
break
port_index += 1
ports.append(int(port))
elb_backend.delete_load_balancer_listeners(load_balancer_name, ports)
template = Template(DELETE_LOAD_BALANCER_LISTENERS)
return template.render()
def delete_load_balancer(self): def delete_load_balancer(self):
load_balancer_name = self.querystring.get('LoadBalancerName')[0] load_balancer_name = self.querystring.get('LoadBalancerName')[0]
elb_backend.delete_load_balancer(load_balancer_name) elb_backend.delete_load_balancer(load_balancer_name)
@ -62,6 +101,16 @@ class ELBResponse(BaseResponse):
load_balancer = elb_backend.register_instances(load_balancer_name, instance_ids) load_balancer = elb_backend.register_instances(load_balancer_name, instance_ids)
return template.render(load_balancer=load_balancer) return template.render(load_balancer=load_balancer)
def set_load_balancer_listener_sslcertificate(self):
load_balancer_name = self.querystring.get('LoadBalancerName')[0]
ssl_certificate_id = self.querystring['SSLCertificateId'][0]
lb_port = self.querystring['LoadBalancerPort'][0]
elb_backend.set_load_balancer_listener_sslcertificate(load_balancer_name, lb_port, ssl_certificate_id)
template = Template(SET_LOAD_BALANCER_SSL_CERTIFICATE)
return template.render()
def deregister_instances_from_load_balancer(self): def deregister_instances_from_load_balancer(self):
load_balancer_name = self.querystring.get('LoadBalancerName')[0] load_balancer_name = self.querystring.get('LoadBalancerName')[0]
instance_ids = [value[0] for key, value in self.querystring.items() if "Instances.member" in key] instance_ids = [value[0] for key, value in self.querystring.items() if "Instances.member" in key]
@ -73,6 +122,13 @@ CREATE_LOAD_BALANCER_TEMPLATE = """<CreateLoadBalancerResult xmlns="http://elast
<DNSName>tests.us-east-1.elb.amazonaws.com</DNSName> <DNSName>tests.us-east-1.elb.amazonaws.com</DNSName>
</CreateLoadBalancerResult>""" </CreateLoadBalancerResult>"""
CREATE_LOAD_BALANCER_LISTENERS_TEMPLATE = """<CreateLoadBalancerListenersResponse xmlns="http://elasticloadbalancing.amazon aws.com/doc/2012-06-01/">
<CreateLoadBalancerListenersResult/>
<ResponseMetadata>
<RequestId>1549581b-12b7-11e3-895e-1334aEXAMPLE</RequestId>
</ResponseMetadata>
</CreateLoadBalancerListenersResponse>"""
DELETE_LOAD_BALANCER_TEMPLATE = """<DeleteLoadBalancerResult xmlns="http://elasticloadbalancing.amazonaws.com/doc/2012-06-01/"> DELETE_LOAD_BALANCER_TEMPLATE = """<DeleteLoadBalancerResult xmlns="http://elasticloadbalancing.amazonaws.com/doc/2012-06-01/">
</DeleteLoadBalancerResult>""" </DeleteLoadBalancerResult>"""
@ -106,6 +162,7 @@ DESCRIBE_LOAD_BALANCERS_TEMPLATE = """<DescribeLoadBalancersResponse xmlns="http
<LoadBalancerPort>{{ listener.load_balancer_port }}</LoadBalancerPort> <LoadBalancerPort>{{ listener.load_balancer_port }}</LoadBalancerPort>
<InstanceProtocol>{{ listener.protocol }}</InstanceProtocol> <InstanceProtocol>{{ listener.protocol }}</InstanceProtocol>
<InstancePort>{{ listener.instance_port }}</InstancePort> <InstancePort>{{ listener.instance_port }}</InstancePort>
<SSLCertificateId>{{ listener.ssl_certificate_id }}</SSLCertificateId>
</Listener> </Listener>
</member> </member>
{% endfor %} {% endfor %}
@ -177,3 +234,18 @@ DEREGISTER_INSTANCES_TEMPLATE = """<DeregisterInstancesWithLoadBalancerResult xm
{% endfor %} {% endfor %}
</Instances> </Instances>
</DeregisterInstancesWithLoadBalancerResult>""" </DeregisterInstancesWithLoadBalancerResult>"""
SET_LOAD_BALANCER_SSL_CERTIFICATE = """<SetLoadBalancerListenerSSLCertificateResponse xmlns="http://elasticloadbalan cing.amazonaws.com/doc/2012-06-01/">
<SetLoadBalancerListenerSSLCertificateResult/>
<ResponseMetadata>
<RequestId>83c88b9d-12b7-11e3-8b82-87b12EXAMPLE</RequestId>
</ResponseMetadata>
</SetLoadBalancerListenerSSLCertificateResponse>"""
DELETE_LOAD_BALANCER_LISTENERS = """<DeleteLoadBalancerListenersResponse xmlns="http://elasticloadbalan cing.amazonaws.com/doc/2012-06-01/">
<DeleteLoadBalancerListenersResult/>
<ResponseMetadata>
<RequestId>83c88b9d-12b7-11e3-8b82-87b12EXAMPLE</RequestId>
</ResponseMetadata>
</DeleteLoadBalancerListenersResponse>"""

28
moto/iam/models.py
View File

@ -51,11 +51,25 @@ class InstanceProfile(object):
return self.name return self.name
class Certificate(object):
def __init__(self, cert_name, cert_body, private_key, cert_chain=None, path=None):
self.cert_name = cert_name
self.cert_body = cert_body
self.private_key = private_key
self.path = path
self.cert_chain = cert_chain
@property
def physical_resource_id(self):
return self.name
class IAMBackend(BaseBackend): class IAMBackend(BaseBackend):
def __init__(self): def __init__(self):
self.instance_profiles = {} self.instance_profiles = {}
self.roles = {} self.roles = {}
self.certificates = {}
super(IAMBackend, self).__init__() super(IAMBackend, self).__init__()
def create_role(self, role_name, assume_role_policy_document, path, policies): def create_role(self, role_name, assume_role_policy_document, path, policies):
@ -96,4 +110,18 @@ class IAMBackend(BaseBackend):
role = self.get_role(role_name) role = self.get_role(role_name)
profile.roles.append(role) profile.roles.append(role)
def get_all_server_certs(self, marker=None):
return self.certificates.values()
def upload_server_cert(self, cert_name, cert_body, private_key, cert_chain=None, path=None):
certificate_id = random_resource_id()
cert = Certificate(cert_name, cert_body, private_key, cert_chain, path)
self.certificates[certificate_id] = cert
return cert
def get_server_certificate(self, name):
for key, cert in self.certificates.items():
if name == cert.cert_name:
return cert
iam_backend = IAMBackend() iam_backend = IAMBackend()

92
moto/iam/responses.py
View File

@ -60,6 +60,29 @@ class IamResponse(BaseResponse):
template = Template(LIST_INSTANCE_PROFILES_TEMPLATE) template = Template(LIST_INSTANCE_PROFILES_TEMPLATE)
return template.render(instance_profiles=profiles) return template.render(instance_profiles=profiles)
def upload_server_certificate(self):
cert_name = self._get_param('ServerCertificateName')
cert_body = self._get_param('CertificateBody')
path = self._get_param('Path')
private_key = self._get_param('PrivateKey')
cert_chain = self._get_param('CertificateName')
cert = iam_backend.upload_server_cert(cert_name, cert_body, private_key, cert_chain=cert_chain, path=path)
template = Template(UPLOAD_CERT_TEMPLATE)
return template.render(certificate=cert)
def list_server_certificates(self, marker=None):
certs = iam_backend.get_all_server_certs(marker=marker)
template = Template(LIST_SERVER_CERTIFICATES_TEMPLATE)
return template.render(server_certificates=certs)
def get_server_certificate(self):
cert_name = self._get_param('ServerCertificateName')
cert = iam_backend.get_server_certificate(cert_name)
template = Template(GET_SERVER_CERTIFICATE_TEMPLATE)
return template.render(certificate=cert)
CREATE_INSTANCE_PROFILE_TEMPLATE = """<CreateInstanceProfileResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/"> CREATE_INSTANCE_PROFILE_TEMPLATE = """<CreateInstanceProfileResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<CreateInstanceProfileResult> <CreateInstanceProfileResult>
<InstanceProfile> <InstanceProfile>
@ -182,3 +205,72 @@ LIST_INSTANCE_PROFILES_TEMPLATE = """<ListInstanceProfilesResponse xmlns="https:
<RequestId>fd74fa8d-99f3-11e1-a4c3-27EXAMPLE804</RequestId> <RequestId>fd74fa8d-99f3-11e1-a4c3-27EXAMPLE804</RequestId>
</ResponseMetadata> </ResponseMetadata>
</ListInstanceProfilesResponse>""" </ListInstanceProfilesResponse>"""
UPLOAD_CERT_TEMPLATE = """<UploadServerCertificateResponse>
<UploadServerCertificateResult>
<ServerCertificateMetadata>
<ServerCertificateName>{{ certificate.cert_name }}</ServerCertificateName>
{% if certificate.path %}
<Path>{{ certificate.path }}</Path>
{% endif %}
<Arn>arn:aws:iam::123456789012:server-certificate/{{ certificate.path }}/{{ certificate.cert_name }}</Arn>
<UploadDate>2010-05-08T01:02:03.004Z</UploadDate>
<ServerCertificateId>ASCACKCEVSQ6C2EXAMPLE</ServerCertificateId>
<Expiration>2012-05-08T01:02:03.004Z</Expiration>
</ServerCertificateMetadata>
</UploadServerCertificateResult>
<ResponseMetadata>
<RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>
</ResponseMetadata>
</UploadServerCertificateResponse>"""
LIST_SERVER_CERTIFICATES_TEMPLATE = """<ListServerCertificatesResponse>
<ListServerCertificatesResult>
<IsTruncated>false</IsTruncated>
<ServerCertificateMetadataList>
{% for certificate in server_certificates %}
<member>
<ServerCertificateMetadata>
<ServerCertificateName>{{ certificate.cert_name }}</ServerCertificateName>
{% if certificate.path %}
<Path>{{ certificate.path }}</Path>
<Arn>arn:aws:iam::123456789012:server-certificate/{{ certificate.path }}/{{ certificate.cert_name }}</Arn>
{% else %}
<Arn>arn:aws:iam::123456789012:server-certificate/{{ certificate.cert_name }}</Arn>
{% endif %}
<UploadDate>2010-05-08T01:02:03.004Z</UploadDate>
<ServerCertificateId>ASCACKCEVSQ6C2EXAMPLE</ServerCertificateId>
<Expiration>2012-05-08T01:02:03.004Z</Expiration>
</ServerCertificateMetadata>
</member>
{% endfor %}
</ServerCertificateMetadataList>
</ListServerCertificatesResult>
<ResponseMetadata>
<RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>
</ResponseMetadata>
</ListServerCertificatesResponse>"""
GET_SERVER_CERTIFICATE_TEMPLATE = """<GetServerCertificateResponse>
<GetServerCertificateResult>
<ServerCertificate>
<ServerCertificateMetadata>
<ServerCertificateName>{{ certificate.cert_name }}</ServerCertificateName>
{% if certificate.path %}
<Path>{{ certificate.path }}</Path>
<Arn>arn:aws:iam::123456789012:server-certificate/{{ certificate.path }}/{{ certificate.cert_name }}</Arn>
{% else %}
<Arn>arn:aws:iam::123456789012:server-certificate/{{ certificate.cert_name }}</Arn>
{% endif %}
<UploadDate>2010-05-08T01:02:03.004Z</UploadDate>
<ServerCertificateId>ASCACKCEVSQ6C2EXAMPLE</ServerCertificateId>
<Expiration>2012-05-08T01:02:03.004Z</Expiration>
</ServerCertificateMetadata>
<CertificateBody>{{ certificate.cert_body }}</CertificateBody>
</ServerCertificate>
</GetServerCertificateResult>
<ResponseMetadata>
<RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>
</ResponseMetadata>
</GetServerCertificateResponse>"""

54
tests/test_elb/test_elb.py
View File

@ -27,6 +27,60 @@ def test_create_load_balancer():
listener2.protocol.should.equal("TCP") listener2.protocol.should.equal("TCP")
@mock_elb
def test_add_listener():
conn = boto.connect_elb()
zones = ['us-east-1a', 'us-east-1b']
ports = [(80, 8080, 'http')]
conn.create_load_balancer('my-lb', zones, ports)
new_listener = (443, 8443, 'tcp')
conn.create_load_balancer_listeners('my-lb', [new_listener])
balancers = conn.get_all_load_balancers()
balancer = balancers[0]
listener1 = balancer.listeners[0]
listener1.load_balancer_port.should.equal(80)
listener1.instance_port.should.equal(8080)
listener1.protocol.should.equal("HTTP")
listener2 = balancer.listeners[1]
listener2.load_balancer_port.should.equal(443)
listener2.instance_port.should.equal(8443)
listener2.protocol.should.equal("TCP")
@mock_elb
def test_delete_listener():
conn = boto.connect_elb()
zones = ['us-east-1a', 'us-east-1b']
ports = [(80, 8080, 'http'), (443, 8443, 'tcp')]
conn.create_load_balancer('my-lb', zones, ports)
conn.delete_load_balancer_listeners('my-lb', [443])
balancers = conn.get_all_load_balancers()
balancer = balancers[0]
listener1 = balancer.listeners[0]
listener1.load_balancer_port.should.equal(80)
listener1.instance_port.should.equal(8080)
listener1.protocol.should.equal("HTTP")
balancer.listeners.should.have.length_of(1)
@mock_elb
def test_set_sslcertificate():
conn = boto.connect_elb()
zones = ['us-east-1a', 'us-east-1b']
ports = [(443, 8443, 'tcp')]
conn.create_load_balancer('my-lb', zones, ports)
conn.set_lb_listener_SSL_certificate('my-lb', '443', 'arn:certificate')
balancers = conn.get_all_load_balancers()
balancer = balancers[0]
listener1 = balancer.listeners[0]
listener1.load_balancer_port.should.equal(443)
listener1.instance_port.should.equal(8443)
listener1.protocol.should.equal("TCP")
listener1.ssl_certificate_id.should.equal("arn:certificate")
@mock_elb @mock_elb
def test_get_load_balancers_by_name(): def test_get_load_balancers_by_name():
conn = boto.connect_elb() conn = boto.connect_elb()

33
tests/test_iam/test_iam.py
View File

@ -5,6 +5,39 @@ import sure # noqa
from moto import mock_iam from moto import mock_iam
@mock_iam()
def test_get_all_server_certs():
conn = boto.connect_iam()
conn = boto.connect_iam()
conn.upload_server_cert("certname", "certbody", "privatekey")
certs = conn.get_all_server_certs()['list_server_certificates_response']['list_server_certificates_result']['server_certificate_metadata_list']
certs.should.have.length_of(1)
cert1 = certs[0]
cert1.server_certificate_name.should.equal("certname")
cert1.arn.should.equal("arn:aws:iam::123456789012:server-certificate/certname")
@mock_iam()
def test_get_server_cert():
conn = boto.connect_iam()
conn.upload_server_cert("certname", "certbody", "privatekey")
cert = conn.get_server_certificate("certname")
cert.server_certificate_name.should.equal("certname")
cert.arn.should.equal("arn:aws:iam::123456789012:server-certificate/certname")
@mock_iam()
def test_upload_server_cert():
conn = boto.connect_iam()
conn.upload_server_cert("certname", "certbody", "privatekey")
cert = conn.get_server_certificate("certname")
cert.server_certificate_name.should.equal("certname")
cert.arn.should.equal("arn:aws:iam::123456789012:server-certificate/certname")
@mock_iam() @mock_iam()
def test_create_role_and_instance_profile(): def test_create_role_and_instance_profile():
conn = boto.connect_iam() conn = boto.connect_iam()