2013-08-09 01:50:23 -04:00
|
|
|
package common
|
|
|
|
|
|
|
|
import (
|
2018-09-18 11:29:20 -04:00
|
|
|
"fmt"
|
2013-08-22 17:58:21 -04:00
|
|
|
"reflect"
|
2013-08-09 01:50:23 -04:00
|
|
|
"testing"
|
2018-09-10 18:43:01 -04:00
|
|
|
|
2018-09-18 11:29:20 -04:00
|
|
|
"github.com/aws/aws-sdk-go/aws"
|
2018-09-10 18:43:01 -04:00
|
|
|
"github.com/aws/aws-sdk-go/service/ec2"
|
|
|
|
"github.com/aws/aws-sdk-go/service/ec2/ec2iface"
|
2013-08-09 01:50:23 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
func testAMIConfig() *AMIConfig {
|
|
|
|
return &AMIConfig{
|
|
|
|
AMIName: "foo",
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-11-30 17:08:48 -05:00
|
|
|
func getFakeAccessConfig(region string) *AccessConfig {
|
|
|
|
return &AccessConfig{
|
|
|
|
RawRegion: region,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-08-22 17:58:21 -04:00
|
|
|
func TestAMIConfigPrepare_name(t *testing.T) {
|
2013-08-09 01:50:23 -04:00
|
|
|
c := testAMIConfig()
|
2018-09-18 11:29:20 -04:00
|
|
|
c.AMISkipRegionValidation = true
|
2017-10-30 17:34:16 -04:00
|
|
|
if err := c.Prepare(nil, nil); err != nil {
|
2013-08-09 01:50:23 -04:00
|
|
|
t.Fatalf("shouldn't have err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
c.AMIName = ""
|
2017-10-30 17:34:16 -04:00
|
|
|
if err := c.Prepare(nil, nil); err == nil {
|
2013-08-09 01:50:23 -04:00
|
|
|
t.Fatal("should have error")
|
|
|
|
}
|
|
|
|
}
|
2013-08-22 17:58:21 -04:00
|
|
|
|
2018-09-10 18:43:01 -04:00
|
|
|
type mockEC2Client struct {
|
|
|
|
ec2iface.EC2API
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *mockEC2Client) DescribeRegions(*ec2.DescribeRegionsInput) (*ec2.DescribeRegionsOutput, error) {
|
|
|
|
return &ec2.DescribeRegionsOutput{
|
2018-09-18 11:29:20 -04:00
|
|
|
Regions: []*ec2.Region{
|
|
|
|
{RegionName: aws.String("us-east-1")},
|
|
|
|
{RegionName: aws.String("us-east-2")},
|
|
|
|
{RegionName: aws.String("us-west-1")},
|
|
|
|
},
|
2018-09-10 18:43:01 -04:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2013-08-22 17:58:21 -04:00
|
|
|
func TestAMIConfigPrepare_regions(t *testing.T) {
|
|
|
|
c := testAMIConfig()
|
|
|
|
c.AMIRegions = nil
|
2018-09-18 11:29:20 -04:00
|
|
|
c.AMISkipRegionValidation = true
|
2013-08-22 17:58:21 -04:00
|
|
|
|
2018-09-18 11:29:20 -04:00
|
|
|
var errs []error
|
2018-10-16 18:01:13 -04:00
|
|
|
var err error
|
2018-09-10 18:43:01 -04:00
|
|
|
mockConn := &mockEC2Client{}
|
2018-09-18 11:29:20 -04:00
|
|
|
if errs = c.prepareRegions(mockConn, nil, errs); len(errs) > 0 {
|
|
|
|
t.Fatalf("shouldn't have err: %#v", errs)
|
|
|
|
}
|
|
|
|
|
|
|
|
c.AMISkipRegionValidation = false
|
2018-10-16 18:01:13 -04:00
|
|
|
c.AMIRegions, err = listEC2Regions(mockConn)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("shouldn't have err: %s", err.Error())
|
|
|
|
}
|
2018-09-18 11:29:20 -04:00
|
|
|
if errs = c.prepareRegions(mockConn, nil, errs); len(errs) > 0 {
|
|
|
|
t.Fatalf("shouldn't have err: %#v", errs)
|
2016-01-11 16:02:38 -05:00
|
|
|
}
|
|
|
|
|
2013-08-22 17:58:21 -04:00
|
|
|
c.AMIRegions = []string{"foo"}
|
2018-09-18 11:29:20 -04:00
|
|
|
if errs = c.prepareRegions(mockConn, nil, errs); len(errs) == 0 {
|
2013-08-22 17:58:21 -04:00
|
|
|
t.Fatal("should have error")
|
|
|
|
}
|
2018-09-18 11:29:20 -04:00
|
|
|
errs = errs[:0]
|
2013-08-22 17:58:21 -04:00
|
|
|
|
|
|
|
c.AMIRegions = []string{"us-east-1", "us-west-1", "us-east-1"}
|
2018-09-18 11:29:20 -04:00
|
|
|
if errs = c.prepareRegions(mockConn, nil, errs); len(errs) > 0 {
|
|
|
|
t.Fatalf("bad: %s", errs[0])
|
2013-08-22 17:58:21 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
expected := []string{"us-east-1", "us-west-1"}
|
|
|
|
if !reflect.DeepEqual(c.AMIRegions, expected) {
|
|
|
|
t.Fatalf("bad: %#v", c.AMIRegions)
|
|
|
|
}
|
2016-06-06 14:17:12 -04:00
|
|
|
|
|
|
|
c.AMIRegions = []string{"custom"}
|
|
|
|
c.AMISkipRegionValidation = true
|
2018-09-18 11:29:20 -04:00
|
|
|
if errs = c.prepareRegions(mockConn, nil, errs); len(errs) > 0 {
|
2016-06-06 14:17:12 -04:00
|
|
|
t.Fatal("shouldn't have error")
|
|
|
|
}
|
|
|
|
c.AMISkipRegionValidation = false
|
|
|
|
|
2017-05-25 17:42:03 -04:00
|
|
|
c.AMIRegions = []string{"us-east-1", "us-east-2", "us-west-1"}
|
2017-05-31 16:41:32 -04:00
|
|
|
c.AMIRegionKMSKeyIDs = map[string]string{
|
2017-05-25 17:42:03 -04:00
|
|
|
"us-east-1": "123-456-7890",
|
|
|
|
"us-west-1": "789-012-3456",
|
|
|
|
"us-east-2": "456-789-0123",
|
|
|
|
}
|
2018-09-18 11:29:20 -04:00
|
|
|
if errs = c.prepareRegions(mockConn, nil, errs); len(errs) > 0 {
|
|
|
|
t.Fatal(fmt.Sprintf("shouldn't have error: %s", errs[0]))
|
2017-05-25 17:42:03 -04:00
|
|
|
}
|
|
|
|
|
2017-05-31 17:16:02 -04:00
|
|
|
c.AMIRegions = []string{"us-east-1", "us-east-2", "us-west-1"}
|
|
|
|
c.AMIRegionKMSKeyIDs = map[string]string{
|
|
|
|
"us-east-1": "123-456-7890",
|
|
|
|
"us-west-1": "789-012-3456",
|
|
|
|
"us-east-2": "",
|
|
|
|
}
|
2018-09-18 11:29:20 -04:00
|
|
|
if errs = c.prepareRegions(mockConn, nil, errs); len(errs) > 0 {
|
2017-05-31 17:16:02 -04:00
|
|
|
t.Fatal("should have passed; we are able to use default KMS key if not sharing")
|
|
|
|
}
|
|
|
|
|
2017-05-26 15:21:07 -04:00
|
|
|
c.SnapshotUsers = []string{"user-foo", "user-bar"}
|
|
|
|
c.AMIRegions = []string{"us-east-1", "us-east-2", "us-west-1"}
|
2017-05-31 16:41:32 -04:00
|
|
|
c.AMIRegionKMSKeyIDs = map[string]string{
|
2017-05-26 15:21:07 -04:00
|
|
|
"us-east-1": "123-456-7890",
|
|
|
|
"us-west-1": "789-012-3456",
|
|
|
|
"us-east-2": "",
|
|
|
|
}
|
2018-09-18 11:29:20 -04:00
|
|
|
if errs = c.prepareRegions(mockConn, nil, errs); len(errs) > 0 {
|
2017-05-26 15:21:07 -04:00
|
|
|
t.Fatal("should have an error b/c can't use default KMS key if sharing")
|
|
|
|
}
|
|
|
|
|
2017-05-25 17:42:03 -04:00
|
|
|
c.AMIRegions = []string{"us-east-1", "us-west-1"}
|
2017-05-31 16:41:32 -04:00
|
|
|
c.AMIRegionKMSKeyIDs = map[string]string{
|
2017-05-25 17:42:03 -04:00
|
|
|
"us-east-1": "123-456-7890",
|
|
|
|
"us-west-1": "789-012-3456",
|
|
|
|
"us-east-2": "456-789-0123",
|
|
|
|
}
|
2018-09-18 11:29:20 -04:00
|
|
|
if errs = c.prepareRegions(mockConn, nil, errs); len(errs) > 0 {
|
2017-05-25 17:42:03 -04:00
|
|
|
t.Fatal("should have error b/c theres a region in the key map that isn't in ami_regions")
|
|
|
|
}
|
|
|
|
|
|
|
|
c.AMIRegions = []string{"us-east-1", "us-west-1", "us-east-2"}
|
2017-05-31 16:41:32 -04:00
|
|
|
c.AMIRegionKMSKeyIDs = map[string]string{
|
2017-05-25 17:42:03 -04:00
|
|
|
"us-east-1": "123-456-7890",
|
|
|
|
"us-west-1": "789-012-3456",
|
|
|
|
}
|
2018-09-18 11:29:20 -04:00
|
|
|
|
|
|
|
c.AMISkipRegionValidation = true
|
2017-10-30 17:34:16 -04:00
|
|
|
if err := c.Prepare(nil, nil); err == nil {
|
2017-05-25 17:42:03 -04:00
|
|
|
t.Fatal("should have error b/c theres a region in in ami_regions that isn't in the key map")
|
|
|
|
}
|
2018-09-18 11:29:20 -04:00
|
|
|
c.AMISkipRegionValidation = false
|
2017-05-25 17:42:03 -04:00
|
|
|
|
|
|
|
c.SnapshotUsers = []string{"foo", "bar"}
|
|
|
|
c.AMIKmsKeyId = "123-abc-456"
|
|
|
|
c.AMIEncryptBootVolume = true
|
|
|
|
c.AMIRegions = []string{"us-east-1", "us-west-1"}
|
2017-05-31 16:41:32 -04:00
|
|
|
c.AMIRegionKMSKeyIDs = map[string]string{
|
2017-05-25 17:42:03 -04:00
|
|
|
"us-east-1": "123-456-7890",
|
|
|
|
"us-west-1": "",
|
|
|
|
}
|
2018-09-18 11:29:20 -04:00
|
|
|
if errs = c.prepareRegions(mockConn, nil, errs); len(errs) > 0 {
|
2017-05-25 17:42:03 -04:00
|
|
|
t.Fatal("should have error b/c theres a region in in ami_regions that isn't in the key map")
|
|
|
|
}
|
2017-11-30 17:08:48 -05:00
|
|
|
|
|
|
|
// allow rawregion to exist in ami_regions list.
|
|
|
|
accessConf := getFakeAccessConfig("us-east-1")
|
|
|
|
c.AMIRegions = []string{"us-east-1", "us-west-1", "us-east-2"}
|
|
|
|
c.AMIRegionKMSKeyIDs = nil
|
2018-09-18 11:29:20 -04:00
|
|
|
if errs = c.prepareRegions(mockConn, accessConf, errs); len(errs) > 0 {
|
2017-11-30 17:08:48 -05:00
|
|
|
t.Fatal("should allow user to have the raw region in ami_regions")
|
|
|
|
}
|
|
|
|
|
2013-08-22 17:58:21 -04:00
|
|
|
}
|
2016-05-12 12:21:44 -04:00
|
|
|
|
2016-12-02 05:30:14 -05:00
|
|
|
func TestAMIConfigPrepare_Share_EncryptedBoot(t *testing.T) {
|
2016-05-12 12:21:44 -04:00
|
|
|
c := testAMIConfig()
|
|
|
|
c.AMIUsers = []string{"testAccountID"}
|
|
|
|
c.AMIEncryptBootVolume = true
|
2016-12-02 05:30:14 -05:00
|
|
|
|
|
|
|
c.AMIKmsKeyId = ""
|
2017-10-30 17:34:16 -04:00
|
|
|
if err := c.Prepare(nil, nil); err == nil {
|
2016-12-04 09:14:53 -05:00
|
|
|
t.Fatal("shouldn't be able to share ami with encrypted boot volume")
|
2016-12-02 05:30:14 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
c.AMIKmsKeyId = "89c3fb9a-de87-4f2a-aedc-fddc5138193c"
|
2017-10-30 17:34:16 -04:00
|
|
|
if err := c.Prepare(nil, nil); err == nil {
|
2016-12-04 09:14:53 -05:00
|
|
|
t.Fatal("shouldn't be able to share ami with encrypted boot volume")
|
2016-05-12 12:21:44 -04:00
|
|
|
}
|
|
|
|
}
|
2017-04-04 20:46:44 -04:00
|
|
|
|
|
|
|
func TestAMINameValidation(t *testing.T) {
|
|
|
|
c := testAMIConfig()
|
|
|
|
|
|
|
|
c.AMIName = "aa"
|
2017-10-30 17:34:16 -04:00
|
|
|
if err := c.Prepare(nil, nil); err == nil {
|
2017-04-04 20:46:44 -04:00
|
|
|
t.Fatal("shouldn't be able to have an ami name with less than 3 characters")
|
|
|
|
}
|
|
|
|
|
|
|
|
var longAmiName string
|
|
|
|
for i := 0; i < 129; i++ {
|
|
|
|
longAmiName += "a"
|
|
|
|
}
|
|
|
|
c.AMIName = longAmiName
|
2017-10-30 17:34:16 -04:00
|
|
|
if err := c.Prepare(nil, nil); err == nil {
|
2017-04-04 20:46:44 -04:00
|
|
|
t.Fatal("shouldn't be able to have an ami name with great than 128 characters")
|
|
|
|
}
|
|
|
|
|
2017-04-04 21:06:59 -04:00
|
|
|
c.AMIName = "+aaa"
|
2017-10-30 17:34:16 -04:00
|
|
|
if err := c.Prepare(nil, nil); err == nil {
|
2017-04-04 20:46:44 -04:00
|
|
|
t.Fatal("shouldn't be able to have an ami name with invalid characters")
|
|
|
|
}
|
2017-04-05 01:08:09 -04:00
|
|
|
|
2017-05-19 05:11:43 -04:00
|
|
|
c.AMIName = "fooBAR1()[] ./-'@_"
|
2017-10-30 17:34:16 -04:00
|
|
|
if err := c.Prepare(nil, nil); err != nil {
|
2017-05-19 05:11:43 -04:00
|
|
|
t.Fatal("should be able to use all of the allowed AMI characters")
|
2017-04-05 01:08:09 -04:00
|
|
|
}
|
|
|
|
|
2017-04-05 15:39:16 -04:00
|
|
|
c.AMIName = `xyz-base-2017-04-05-1934`
|
2017-10-30 17:34:16 -04:00
|
|
|
if err := c.Prepare(nil, nil); err != nil {
|
2017-04-05 15:39:16 -04:00
|
|
|
t.Fatalf("expected `xyz-base-2017-04-05-1934` to pass validation.")
|
|
|
|
}
|
|
|
|
|
2017-04-04 21:02:23 -04:00
|
|
|
}
|