moto/tests/test_ec2/test_key_pairs.py
2021-10-18 19:44:29 +00:00

433 lines
15 KiB
Python

import pytest
import boto
import sure # noqa # pylint: disable=unused-import
import boto3
from boto.exception import EC2ResponseError
from botocore.exceptions import ClientError
from moto import mock_ec2, mock_ec2_deprecated, settings
from uuid import uuid4
from unittest import SkipTest
from .helpers import rsa_check_private_key
RSA_PUBLIC_KEY_OPENSSH = b"""\
ssh-rsa \
AAAAB3NzaC1yc2EAAAADAQABAAABAQDusXfgTE4eBP50NglSzCSEGnIL6+cr6m3H\
6cZANOQ+P1o/W4BdtcAL3sor4iGi7SOeJgo\\8kweyMQrhrt6HaKGgromRiz37LQx\
4YIAcBi4Zd023mO/V7Rc2Chh18mWgLSmA6ng+j37ip6452zxtv0jHAz9pJolbKBp\
JzbZlPN45ZCTk9ck0fSVHRl6VRSSPQcpqi65XpRf+35zNOCGCc1mAOOTmw59Q2a6\
A3t8mL7r91aM5q6QOQm219lctFM8O7HRJnDgmhGpnjRwE1LyKktWTbgFZ4SNWU2X\
qusUO07jKuSxzPumXBeU+JEtx0J1tqZwJlpGt2R+0qN7nKnPl2+hx \
moto@github.com"""
RSA_PUBLIC_KEY_RFC4716 = b"""\
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAABAQDusXfgTE4eBP50NglSzCSEGnIL6+cr6m3H6cZANO
Q+P1o/W4BdtcAL3sor4iGi7SOeJgo8kweyMQrhrt6HaKGgromRiz37LQx4YIAcBi4Zd023
mO/V7Rc2Chh18mWgLSmA6ng+j37ip6452zxtv0jHAz9pJolbKBpJzbZlPN45ZCTk9ck0fS
VHRl6VRSSPQcpqi65XpRf+35zNOCGCc1mAOOTmw59Q2a6A3t8mL7r91aM5q6QOQm219lct
FM8O7HRJnDgmhGpnjRwE1LyKktWTbgFZ4SNWU2XqusUO07jKuSxzPumXBeU+JEtx0J1tqZ
wJlpGt2R+0qN7nKnPl2+hx
---- END SSH2 PUBLIC KEY ----
"""
RSA_PUBLIC_KEY_FINGERPRINT = "6a:49:07:1c:7e:bd:d2:bd:96:25:fe:b5:74:83:ae:fd"
DSA_PUBLIC_KEY_OPENSSH = b"""ssh-dss \
AAAAB3NzaC1kc3MAAACBAJ0aXctVwbN6VB81gpo8R7DUk8zXRjZvrkg8Y8vEGt63gklpNJNsLXtEUXkl5D4c0nD2FZO1rJNqFoe\
OQOCoGSfclHvt9w4yPl/lUEtb3Qtj1j80MInETHr19vaSunRk5R+M+8YH+LLcdYdz7MijuGey02mbi0H9K5nUIcuLMArVAAAAFQ\
D0RDvsObRWBlnaW8645obZBM86jwAAAIBNZwf3B4krIzAwVfkMHLDSdAvs7lOWE7o8SJLzr9t4a9HhYp9SLbMzJ815KWfidEYV2\
+s4ZaPCfcZ1GENFRbE8rixz5eMAjEUXEPMJkblDZTHzMsH96z2cOCQZ0vfOmgznsf18Uf725pqo9OqAioEsTJjX8jtI2qNPEBU0\
uhMSZQAAAIBBMGhDu5CWPUlS2QG7vzmzw81XasmHE/s2YPDRbolkriwlunpgwZhCscoQP8HFHY+DLUVvUb+GZwBmFt4l1uHl03b\
ffsm7UIHtCBYERr9Nx0u20ldfhkgB1lhaJb5o0ZJ3pmJ38KChfyHe5EUcqRdEFo89Mp72VI2Z6UHyL175RA== \
moto@github.com"""
# Has boto3 equivalent
@mock_ec2_deprecated
def test_key_pairs_empty():
conn = boto.connect_ec2("the_key", "the_secret")
assert len(conn.get_all_key_pairs()) == 0
@mock_ec2
def test_key_pairs_empty_boto3():
if settings.TEST_SERVER_MODE:
raise SkipTest("ServerMode is not guaranteed to be empty")
client = boto3.client("ec2", "us-west-1")
client.describe_key_pairs()["KeyPairs"].should.be.empty
# Has boto3 equivalent
@mock_ec2_deprecated
def test_key_pairs_invalid_id():
conn = boto.connect_ec2("the_key", "the_secret")
with pytest.raises(EC2ResponseError) as cm:
conn.get_all_key_pairs("foo")
cm.value.code.should.equal("InvalidKeyPair.NotFound")
cm.value.status.should.equal(400)
cm.value.request_id.should_not.be.none
@mock_ec2
def test_key_pairs_invalid_id_boto3():
client = boto3.client("ec2", "us-west-1")
with pytest.raises(ClientError) as ex:
client.describe_key_pairs(KeyNames=[str(uuid4())])
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
ex.value.response["ResponseMetadata"].should.have.key("RequestId")
ex.value.response["Error"]["Code"].should.equal("InvalidKeyPair.NotFound")
# Has boto3 equivalent
@mock_ec2_deprecated
def test_key_pairs_create():
conn = boto.connect_ec2("the_key", "the_secret")
with pytest.raises(EC2ResponseError) as ex:
conn.create_key_pair("foo", dry_run=True)
ex.value.error_code.should.equal("DryRunOperation")
ex.value.status.should.equal(412)
ex.value.message.should.equal(
"An error occurred (DryRunOperation) when calling the CreateKeyPair operation: Request would have succeeded, but DryRun flag is set"
)
kp = conn.create_key_pair("foo")
rsa_check_private_key(kp.material)
kps = conn.get_all_key_pairs()
assert len(kps) == 1
assert kps[0].name == "foo"
# Has boto3 equivalent
@mock_ec2_deprecated
def test_key_pairs_create_two():
conn = boto.connect_ec2("the_key", "the_secret")
kp1 = conn.create_key_pair("foo")
rsa_check_private_key(kp1.material)
kp2 = conn.create_key_pair("bar")
rsa_check_private_key(kp2.material)
assert kp1.material != kp2.material
kps = conn.get_all_key_pairs()
kps.should.have.length_of(2)
assert {i.name for i in kps} == {"foo", "bar"}
kps = conn.get_all_key_pairs("foo")
kps.should.have.length_of(1)
kps[0].name.should.equal("foo")
@mock_ec2
def test_key_pairs_create_dryrun_boto3():
ec2 = boto3.resource("ec2", "us-west-1")
with pytest.raises(ClientError) as ex:
ec2.create_key_pair(KeyName="foo", DryRun=True)
ex.value.response["Error"]["Code"].should.equal("DryRunOperation")
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(412)
ex.value.response["Error"]["Message"].should.equal(
"An error occurred (DryRunOperation) when calling the CreateKeyPair operation: Request would have succeeded, but DryRun flag is set"
)
@mock_ec2
def test_key_pairs_create_boto3():
ec2 = boto3.resource("ec2", "us-west-1")
client = boto3.client("ec2", "us-west-1")
key_name = str(uuid4())[0:6]
kp = ec2.create_key_pair(KeyName=key_name)
rsa_check_private_key(kp.key_material)
# Verify the client can create a key_pair as well - should behave the same
key_name2 = str(uuid4())
kp2 = client.create_key_pair(KeyName=key_name2)
rsa_check_private_key(kp2["KeyMaterial"])
kp.key_material.shouldnt.equal(kp2["KeyMaterial"])
kps = client.describe_key_pairs()["KeyPairs"]
all_names = set([k["KeyName"] for k in kps])
all_names.should.contain(key_name)
all_names.should.contain(key_name2)
kps = client.describe_key_pairs(KeyNames=[key_name])["KeyPairs"]
kps.should.have.length_of(1)
kps[0].should.have.key("KeyName").equal(key_name)
kps[0].should.have.key("KeyFingerprint")
# Has boto3 equivalent
@mock_ec2_deprecated
def test_key_pairs_create_exist():
conn = boto.connect_ec2("the_key", "the_secret")
conn.create_key_pair("foo")
assert len(conn.get_all_key_pairs()) == 1
with pytest.raises(EC2ResponseError) as cm:
conn.create_key_pair("foo")
cm.value.code.should.equal("InvalidKeyPair.Duplicate")
cm.value.status.should.equal(400)
cm.value.request_id.should_not.be.none
@mock_ec2
def test_key_pairs_create_exist_boto3():
client = boto3.client("ec2", "us-west-1")
key_name = str(uuid4())[0:6]
client.create_key_pair(KeyName=key_name)
with pytest.raises(ClientError) as ex:
client.create_key_pair(KeyName=key_name)
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
ex.value.response["ResponseMetadata"].should.have.key("RequestId")
ex.value.response["Error"]["Code"].should.equal("InvalidKeyPair.Duplicate")
# Has boto3 equivalent
@mock_ec2_deprecated
def test_key_pairs_delete_no_exist():
conn = boto.connect_ec2("the_key", "the_secret")
assert len(conn.get_all_key_pairs()) == 0
r = conn.delete_key_pair("foo")
r.should.be.ok
@mock_ec2
def test_key_pairs_delete_no_exist_boto3():
client = boto3.client("ec2", "us-west-1")
client.delete_key_pair(KeyName=str(uuid4())[0:6])
# Has boto3 equivalent
@mock_ec2_deprecated
def test_key_pairs_delete_exist():
conn = boto.connect_ec2("the_key", "the_secret")
conn.create_key_pair("foo")
with pytest.raises(EC2ResponseError) as ex:
r = conn.delete_key_pair("foo", dry_run=True)
ex.value.error_code.should.equal("DryRunOperation")
ex.value.status.should.equal(412)
ex.value.message.should.equal(
"An error occurred (DryRunOperation) when calling the DeleteKeyPair operation: Request would have succeeded, but DryRun flag is set"
)
r = conn.delete_key_pair("foo")
r.should.be.ok
assert len(conn.get_all_key_pairs()) == 0
@mock_ec2
def test_key_pairs_delete_exist_boto3():
client = boto3.client("ec2", "us-west-1")
key_name = str(uuid4())[0:6]
client.create_key_pair(KeyName=key_name)
with pytest.raises(ClientError) as ex:
client.delete_key_pair(KeyName=key_name, DryRun=True)
ex.value.response["Error"]["Code"].should.equal("DryRunOperation")
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(412)
ex.value.response["Error"]["Message"].should.equal(
"An error occurred (DryRunOperation) when calling the DeleteKeyPair operation: Request would have succeeded, but DryRun flag is set"
)
client.delete_key_pair(KeyName=key_name)
[kp.get("Name") for kp in client.describe_key_pairs()["KeyPairs"]].shouldnt.contain(
key_name
)
# Has boto3 equivalent
@mock_ec2_deprecated
def test_key_pairs_import():
conn = boto.connect_ec2("the_key", "the_secret")
with pytest.raises(EC2ResponseError) as ex:
conn.import_key_pair("foo", RSA_PUBLIC_KEY_OPENSSH, dry_run=True)
ex.value.error_code.should.equal("DryRunOperation")
ex.value.status.should.equal(412)
ex.value.message.should.equal(
"An error occurred (DryRunOperation) when calling the ImportKeyPair operation: Request would have succeeded, but DryRun flag is set"
)
kp1 = conn.import_key_pair("foo", RSA_PUBLIC_KEY_OPENSSH)
assert kp1.name == "foo"
assert kp1.fingerprint == RSA_PUBLIC_KEY_FINGERPRINT
kp2 = conn.import_key_pair("foo2", RSA_PUBLIC_KEY_RFC4716)
assert kp2.name == "foo2"
assert kp2.fingerprint == RSA_PUBLIC_KEY_FINGERPRINT
kps = conn.get_all_key_pairs()
assert len(kps) == 2
assert kps[0].name == kp1.name
assert kps[1].name == kp2.name
@mock_ec2
def test_key_pairs_import_boto3():
client = boto3.client("ec2", "us-west-1")
key_name = str(uuid4())[0:6]
with pytest.raises(ClientError) as ex:
client.import_key_pair(
KeyName=key_name, PublicKeyMaterial=RSA_PUBLIC_KEY_OPENSSH, DryRun=True
)
ex.value.response["Error"]["Code"].should.equal("DryRunOperation")
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(412)
ex.value.response["Error"]["Message"].should.equal(
"An error occurred (DryRunOperation) when calling the ImportKeyPair operation: Request would have succeeded, but DryRun flag is set"
)
kp1 = client.import_key_pair(
KeyName=key_name, PublicKeyMaterial=RSA_PUBLIC_KEY_OPENSSH
)
kp1.should.have.key("KeyName").equal(key_name)
kp1.should.have.key("KeyFingerprint").equal(RSA_PUBLIC_KEY_FINGERPRINT)
key_name2 = str(uuid4())
kp2 = client.import_key_pair(
KeyName=key_name2, PublicKeyMaterial=RSA_PUBLIC_KEY_RFC4716
)
kp2.should.have.key("KeyName").equal(key_name2)
kp2.should.have.key("KeyFingerprint").equal(RSA_PUBLIC_KEY_FINGERPRINT)
all_kps = client.describe_key_pairs()["KeyPairs"]
all_names = [kp["KeyName"] for kp in all_kps]
all_names.should.contain(kp1["KeyName"])
all_names.should.contain(kp2["KeyName"])
# Has boto3 equivalent
@mock_ec2_deprecated
def test_key_pairs_import_exist():
conn = boto.connect_ec2("the_key", "the_secret")
kp = conn.import_key_pair("foo", RSA_PUBLIC_KEY_OPENSSH)
assert kp.name == "foo"
assert len(conn.get_all_key_pairs()) == 1
with pytest.raises(EC2ResponseError) as cm:
conn.create_key_pair("foo")
cm.value.code.should.equal("InvalidKeyPair.Duplicate")
cm.value.status.should.equal(400)
cm.value.request_id.should_not.be.none
@mock_ec2
def test_key_pairs_import_exist_boto3():
client = boto3.client("ec2", "us-west-1")
key_name = str(uuid4())[0:6]
kp = client.import_key_pair(
KeyName=key_name, PublicKeyMaterial=RSA_PUBLIC_KEY_OPENSSH
)
kp["KeyName"].should.equal(key_name)
client.describe_key_pairs(KeyNames=[key_name])["KeyPairs"].should.have.length_of(1)
with pytest.raises(ClientError) as ex:
client.create_key_pair(KeyName=key_name)
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
ex.value.response["ResponseMetadata"].should.have.key("RequestId")
ex.value.response["Error"]["Code"].should.equal("InvalidKeyPair.Duplicate")
# Has boto3 equivalent
@mock_ec2_deprecated
def test_key_pairs_invalid():
conn = boto.connect_ec2("the_key", "the_secret")
with pytest.raises(EC2ResponseError) as ex:
conn.import_key_pair("foo", b"")
ex.value.error_code.should.equal("InvalidKeyPair.Format")
ex.value.status.should.equal(400)
ex.value.message.should.equal("Key is not in valid OpenSSH public key format")
with pytest.raises(EC2ResponseError) as ex:
conn.import_key_pair("foo", b"garbage")
ex.value.error_code.should.equal("InvalidKeyPair.Format")
ex.value.status.should.equal(400)
ex.value.message.should.equal("Key is not in valid OpenSSH public key format")
with pytest.raises(EC2ResponseError) as ex:
conn.import_key_pair("foo", DSA_PUBLIC_KEY_OPENSSH)
ex.value.error_code.should.equal("InvalidKeyPair.Format")
ex.value.status.should.equal(400)
ex.value.message.should.equal("Key is not in valid OpenSSH public key format")
@mock_ec2
def test_key_pairs_invalid_boto3():
client = boto3.client("ec2", "us-west-1")
with pytest.raises(ClientError) as ex:
client.import_key_pair(KeyName="foo", PublicKeyMaterial=b"")
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
err = ex.value.response["Error"]
err["Code"].should.equal("InvalidKeyPair.Format")
err["Message"].should.equal("Key is not in valid OpenSSH public key format")
with pytest.raises(ClientError) as ex:
client.import_key_pair(KeyName="foo", PublicKeyMaterial=b"garbage")
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
err = ex.value.response["Error"]
err["Code"].should.equal("InvalidKeyPair.Format")
err["Message"].should.equal("Key is not in valid OpenSSH public key format")
with pytest.raises(ClientError) as ex:
client.import_key_pair(KeyName="foo", PublicKeyMaterial=DSA_PUBLIC_KEY_OPENSSH)
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
err = ex.value.response["Error"]
err["Code"].should.equal("InvalidKeyPair.Format")
err["Message"].should.equal("Key is not in valid OpenSSH public key format")
# Has boto3 equivalent
@mock_ec2_deprecated
def test_key_pair_filters():
conn = boto.connect_ec2("the_key", "the_secret")
_ = conn.create_key_pair("kpfltr1")
kp2 = conn.create_key_pair("kpfltr2")
kp3 = conn.create_key_pair("kpfltr3")
kp_by_name = conn.get_all_key_pairs(filters={"key-name": "kpfltr2"})
set([kp.name for kp in kp_by_name]).should.equal(set([kp2.name]))
kp_by_name = conn.get_all_key_pairs(filters={"fingerprint": kp3.fingerprint})
set([kp.name for kp in kp_by_name]).should.equal(set([kp3.name]))
@mock_ec2
def test_key_pair_filters_boto3():
ec2 = boto3.resource("ec2", "us-west-1")
client = boto3.client("ec2", "us-west-1")
key_name_1 = str(uuid4())[0:6]
key_name_2 = str(uuid4())[0:6]
key_name_3 = str(uuid4())[0:6]
_ = ec2.create_key_pair(KeyName=key_name_1)
kp2 = ec2.create_key_pair(KeyName=key_name_2)
kp3 = ec2.create_key_pair(KeyName=key_name_3)
kp_by_name = client.describe_key_pairs(
Filters=[{"Name": "key-name", "Values": [key_name_2]}]
)["KeyPairs"]
set([kp["KeyName"] for kp in kp_by_name]).should.equal(set([kp2.name]))
kp_by_name = client.describe_key_pairs(
Filters=[{"Name": "fingerprint", "Values": [kp3.key_fingerprint]}]
)["KeyPairs"]
set([kp["KeyName"] for kp in kp_by_name]).should.equal(set([kp3.name]))