← Back to branch summary

~jimbaker/pyjuju/debug-relation-hook-context

« back to all changes in this revision

Viewing changes to juju/providers/ec2/tests/test_provider.py

https://launchpad.net/bugs/781949
[r=hazmat][f=781949] Make it so EC2 provider can check SSL cert validity

Show diffs side-by-side

added added

removed removed

Lines of Context:
juju/providers/ec2/tests/test_provider.py
5
5
from juju.lib.testing import TestCase
6
6
from juju.providers.ec2.files import FileStorage
7
7
from juju.providers.ec2 import MachineProvider
 
8
from juju.environment.errors import EnvironmentsConfigError
 
9
import logging
8
10
 
9
11
from .common import EC2TestMixin
 
12
from juju.providers.ec2 import ssl
10
13
 
11
14
 
12
15
class ProviderTestCase(EC2TestMixin, TestCase):
120
123
        serialized = provider.get_serialization_data()
121
124
        self.assertEqual(config, serialized)
122
125
 
 
126
    def test_ssl_hostname_verification_config(self):
 
127
        """
 
128
        Tests that SSL hostname verification is enabled in txaws
 
129
        when the config setting is set to true
 
130
        """
 
131
 
 
132
        config = {"access-key": "secret-12345",
 
133
                  "secret-key": "secret-abc",
 
134
                  "authorized-keys": "0123456789abcdef",
 
135
                  "ssl-hostname-verification": True}
 
136
        provider = MachineProvider(self.env_name, config)
 
137
 
 
138
        if ssl:
 
139
            self.assertTrue(
 
140
                    provider._service.ec2_endpoint.ssl_hostname_verification)
 
141
            self.assertTrue(
 
142
                    provider._service.s3_endpoint.ssl_hostname_verification)
 
143
        else:
 
144
            self.assertFalse(hasattr(provider._service.ec2_endpoint,
 
145
                             'ssl_hostname_verification'))
 
146
            self.assertFalse(hasattr(provider._service.s3_endpoint,
 
147
                             'ssl_hostname_verification'))
 
148
 
 
149
    def test_warn_on_no_ssl_hostname_verification(self):
 
150
        """
 
151
        We should warn the user whenever they are not using hostname
 
152
        verification.
 
153
        """
 
154
        config = {"access-key": "secret-12345",
 
155
                  "secret-key": "secret-abc",
 
156
                  "authorized-keys": "0123456789abcdef",
 
157
                  "ssl-hostname-verification": False}
 
158
        output = self.capture_logging("juju.ec2", level=logging.WARN)
 
159
        provider = MachineProvider(self.env_name, config)
 
160
 
 
161
        self.assertIn('EC2 API calls encrypted but not authenticated',
 
162
                output.getvalue())
 
163
        self.assertIn('S3 API calls encrypted but not authenticated',
 
164
                output.getvalue())
 
165
        self.assertIn(
 
166
                'Ubuntu Cloud Image lookups encrypted but not authenticated',
 
167
                output.getvalue())
 
168
        if ssl:
 
169
            self.assertIn('ssl-hostname-verification is disabled',
 
170
                          output.getvalue())
 
171
            self.assertFalse(
 
172
                    provider._service.ec2_endpoint.ssl_hostname_verification)
 
173
            self.assertFalse(
 
174
                    provider._service.s3_endpoint.ssl_hostname_verification)
 
175
        else:
 
176
            self.assertIn('txaws.client.ssl unavailable', output.getvalue())
 
177
 
123
178
    def test_get_legacy_config_keys(self):
124
179
        provider = MachineProvider(self.env_name, {
125
180
            # Note: these keys *will* at some stage be considered legacy keys;
200
255
 
201
256
    @inlineCallbacks
202
257
    def xtest_non_amazon_constraints(self):
203
 
        # Disabled because the ec2 provider requires these keys (instance-type 
 
258
        # Disabled because the ec2 provider requires these keys (instance-type
204
259
        # and ec2-zone)
205
260
        provider = MachineProvider("some-non-ec2-env", {
206
261
            "ec2-uri": "blah", "secret-key": "foobar", "access-key": "bar"})