ec2: add support for creation and importing of real SSH keys (#2108)
* ec2: add support for creation and importing of real SSH keys * setup: lock PyYAML version to avoid incompatibilities
This commit is contained in:
Daniel Miranda
Terry Cain
parent
d8ff67197b
commit
fb2a76fd66
8 changed files with 179 additions and 37 deletions
|
|
@ -4,12 +4,46 @@ import tests.backport_assert_raises
|
|||
from nose.tools import assert_raises
|
||||
|
||||
import boto
|
||||
import six
|
||||
import sure # noqa
|
||||
|
||||
from boto.exception import EC2ResponseError
|
||||
from moto import mock_ec2_deprecated
|
||||
|
||||
from .helpers import rsa_check_private_key
|
||||
|
||||
|
||||
RSA_PUBLIC_KEY_OPENSSH = b"""\
|
||||
ssh-rsa \
|
||||
AAAAB3NzaC1yc2EAAAADAQABAAABAQDusXfgTE4eBP50NglSzCSEGnIL6+cr6m3H\
|
||||
6cZANOQ+P1o/W4BdtcAL3sor4iGi7SOeJgo\8kweyMQrhrt6HaKGgromRiz37LQx\
|
||||
4YIAcBi4Zd023mO/V7Rc2Chh18mWgLSmA6ng+j37ip6452zxtv0jHAz9pJolbKBp\
|
||||
JzbZlPN45ZCTk9ck0fSVHRl6VRSSPQcpqi65XpRf+35zNOCGCc1mAOOTmw59Q2a6\
|
||||
A3t8mL7r91aM5q6QOQm219lctFM8O7HRJnDgmhGpnjRwE1LyKktWTbgFZ4SNWU2X\
|
||||
qusUO07jKuSxzPumXBeU+JEtx0J1tqZwJlpGt2R+0qN7nKnPl2+hx \
|
||||
moto@github.com"""
|
||||
|
||||
RSA_PUBLIC_KEY_RFC4716 = b"""\
|
||||
---- BEGIN SSH2 PUBLIC KEY ----
|
||||
AAAAB3NzaC1yc2EAAAADAQABAAABAQDusXfgTE4eBP50NglSzCSEGnIL6+cr6m3H6cZANO
|
||||
Q+P1o/W4BdtcAL3sor4iGi7SOeJgo8kweyMQrhrt6HaKGgromRiz37LQx4YIAcBi4Zd023
|
||||
mO/V7Rc2Chh18mWgLSmA6ng+j37ip6452zxtv0jHAz9pJolbKBpJzbZlPN45ZCTk9ck0fS
|
||||
VHRl6VRSSPQcpqi65XpRf+35zNOCGCc1mAOOTmw59Q2a6A3t8mL7r91aM5q6QOQm219lct
|
||||
FM8O7HRJnDgmhGpnjRwE1LyKktWTbgFZ4SNWU2XqusUO07jKuSxzPumXBeU+JEtx0J1tqZ
|
||||
wJlpGt2R+0qN7nKnPl2+hx
|
||||
---- END SSH2 PUBLIC KEY ----
|
||||
"""
|
||||
|
||||
RSA_PUBLIC_KEY_FINGERPRINT = "6a:49:07:1c:7e:bd:d2:bd:96:25:fe:b5:74:83:ae:fd"
|
||||
|
||||
DSA_PUBLIC_KEY_OPENSSH = b"""ssh-dss \
|
||||
AAAAB3NzaC1kc3MAAACBAJ0aXctVwbN6VB81gpo8R7DUk8zXRjZvrkg8Y8vEGt63gklpNJNsLXtEUXkl5D4c0nD2FZO1rJNqFoe\
|
||||
OQOCoGSfclHvt9w4yPl/lUEtb3Qtj1j80MInETHr19vaSunRk5R+M+8YH+LLcdYdz7MijuGey02mbi0H9K5nUIcuLMArVAAAAFQ\
|
||||
D0RDvsObRWBlnaW8645obZBM86jwAAAIBNZwf3B4krIzAwVfkMHLDSdAvs7lOWE7o8SJLzr9t4a9HhYp9SLbMzJ815KWfidEYV2\
|
||||
+s4ZaPCfcZ1GENFRbE8rixz5eMAjEUXEPMJkblDZTHzMsH96z2cOCQZ0vfOmgznsf18Uf725pqo9OqAioEsTJjX8jtI2qNPEBU0\
|
||||
uhMSZQAAAIBBMGhDu5CWPUlS2QG7vzmzw81XasmHE/s2YPDRbolkriwlunpgwZhCscoQP8HFHY+DLUVvUb+GZwBmFt4l1uHl03b\
|
||||
ffsm7UIHtCBYERr9Nx0u20ldfhkgB1lhaJb5o0ZJ3pmJ38KChfyHe5EUcqRdEFo89Mp72VI2Z6UHyL175RA== \
|
||||
moto@github.com"""
|
||||
|
||||
|
||||
@mock_ec2_deprecated
|
||||
def test_key_pairs_empty():
|
||||
|
|
@ -33,14 +67,15 @@ def test_key_pairs_create():
|
|||
conn = boto.connect_ec2('the_key', 'the_secret')
|
||||
|
||||
with assert_raises(EC2ResponseError) as ex:
|
||||
kp = conn.create_key_pair('foo', dry_run=True)
|
||||
conn.create_key_pair('foo', dry_run=True)
|
||||
ex.exception.error_code.should.equal('DryRunOperation')
|
||||
ex.exception.status.should.equal(400)
|
||||
ex.exception.message.should.equal(
|
||||
'An error occurred (DryRunOperation) when calling the CreateKeyPair operation: Request would have succeeded, but DryRun flag is set')
|
||||
|
||||
kp = conn.create_key_pair('foo')
|
||||
assert kp.material.startswith('---- BEGIN RSA PRIVATE KEY ----')
|
||||
rsa_check_private_key(kp.material)
|
||||
|
||||
kps = conn.get_all_key_pairs()
|
||||
assert len(kps) == 1
|
||||
assert kps[0].name == 'foo'
|
||||
|
|
@ -49,13 +84,19 @@ def test_key_pairs_create():
|
|||
@mock_ec2_deprecated
|
||||
def test_key_pairs_create_two():
|
||||
conn = boto.connect_ec2('the_key', 'the_secret')
|
||||
kp = conn.create_key_pair('foo')
|
||||
kp = conn.create_key_pair('bar')
|
||||
assert kp.material.startswith('---- BEGIN RSA PRIVATE KEY ----')
|
||||
|
||||
kp1 = conn.create_key_pair('foo')
|
||||
rsa_check_private_key(kp1.material)
|
||||
|
||||
kp2 = conn.create_key_pair('bar')
|
||||
rsa_check_private_key(kp2.material)
|
||||
|
||||
assert kp1.material != kp2.material
|
||||
|
||||
kps = conn.get_all_key_pairs()
|
||||
kps.should.have.length_of(2)
|
||||
[i.name for i in kps].should.contain('foo')
|
||||
[i.name for i in kps].should.contain('bar')
|
||||
assert {i.name for i in kps} == {'foo', 'bar'}
|
||||
|
||||
kps = conn.get_all_key_pairs('foo')
|
||||
kps.should.have.length_of(1)
|
||||
kps[0].name.should.equal('foo')
|
||||
|
|
@ -64,8 +105,7 @@ def test_key_pairs_create_two():
|
|||
@mock_ec2_deprecated
|
||||
def test_key_pairs_create_exist():
|
||||
conn = boto.connect_ec2('the_key', 'the_secret')
|
||||
kp = conn.create_key_pair('foo')
|
||||
assert kp.material.startswith('---- BEGIN RSA PRIVATE KEY ----')
|
||||
conn.create_key_pair('foo')
|
||||
assert len(conn.get_all_key_pairs()) == 1
|
||||
|
||||
with assert_raises(EC2ResponseError) as cm:
|
||||
|
|
@ -105,23 +145,30 @@ def test_key_pairs_import():
|
|||
conn = boto.connect_ec2('the_key', 'the_secret')
|
||||
|
||||
with assert_raises(EC2ResponseError) as ex:
|
||||
kp = conn.import_key_pair('foo', b'content', dry_run=True)
|
||||
conn.import_key_pair('foo', RSA_PUBLIC_KEY_OPENSSH, dry_run=True)
|
||||
ex.exception.error_code.should.equal('DryRunOperation')
|
||||
ex.exception.status.should.equal(400)
|
||||
ex.exception.message.should.equal(
|
||||
'An error occurred (DryRunOperation) when calling the ImportKeyPair operation: Request would have succeeded, but DryRun flag is set')
|
||||
|
||||
kp = conn.import_key_pair('foo', b'content')
|
||||
assert kp.name == 'foo'
|
||||
kp1 = conn.import_key_pair('foo', RSA_PUBLIC_KEY_OPENSSH)
|
||||
assert kp1.name == 'foo'
|
||||
assert kp1.fingerprint == RSA_PUBLIC_KEY_FINGERPRINT
|
||||
|
||||
kp2 = conn.import_key_pair('foo2', RSA_PUBLIC_KEY_RFC4716)
|
||||
assert kp2.name == 'foo2'
|
||||
assert kp2.fingerprint == RSA_PUBLIC_KEY_FINGERPRINT
|
||||
|
||||
kps = conn.get_all_key_pairs()
|
||||
assert len(kps) == 1
|
||||
assert kps[0].name == 'foo'
|
||||
assert len(kps) == 2
|
||||
assert kps[0].name == kp1.name
|
||||
assert kps[1].name == kp2.name
|
||||
|
||||
|
||||
@mock_ec2_deprecated
|
||||
def test_key_pairs_import_exist():
|
||||
conn = boto.connect_ec2('the_key', 'the_secret')
|
||||
kp = conn.import_key_pair('foo', b'content')
|
||||
kp = conn.import_key_pair('foo', RSA_PUBLIC_KEY_OPENSSH)
|
||||
assert kp.name == 'foo'
|
||||
assert len(conn.get_all_key_pairs()) == 1
|
||||
|
||||
|
|
@ -132,6 +179,32 @@ def test_key_pairs_import_exist():
|
|||
cm.exception.request_id.should_not.be.none
|
||||
|
||||
|
||||
@mock_ec2_deprecated
|
||||
def test_key_pairs_invalid():
|
||||
conn = boto.connect_ec2('the_key', 'the_secret')
|
||||
|
||||
with assert_raises(EC2ResponseError) as ex:
|
||||
conn.import_key_pair('foo', b'')
|
||||
ex.exception.error_code.should.equal('InvalidKeyPair.Format')
|
||||
ex.exception.status.should.equal(400)
|
||||
ex.exception.message.should.equal(
|
||||
'Key is not in valid OpenSSH public key format')
|
||||
|
||||
with assert_raises(EC2ResponseError) as ex:
|
||||
conn.import_key_pair('foo', b'garbage')
|
||||
ex.exception.error_code.should.equal('InvalidKeyPair.Format')
|
||||
ex.exception.status.should.equal(400)
|
||||
ex.exception.message.should.equal(
|
||||
'Key is not in valid OpenSSH public key format')
|
||||
|
||||
with assert_raises(EC2ResponseError) as ex:
|
||||
conn.import_key_pair('foo', DSA_PUBLIC_KEY_OPENSSH)
|
||||
ex.exception.error_code.should.equal('InvalidKeyPair.Format')
|
||||
ex.exception.status.should.equal(400)
|
||||
ex.exception.message.should.equal(
|
||||
'Key is not in valid OpenSSH public key format')
|
||||
|
||||
|
||||
@mock_ec2_deprecated
|
||||
def test_key_pair_filters():
|
||||
conn = boto.connect_ec2('the_key', 'the_secret')
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue