How to use kms method in localstack

Best Python code snippet using localstack_python

test_kms_server.py

Source:test_kms_server.py Github

copy

Full Screen

1#!/usr/bin/env python2'''3Licensed to the Apache Software Foundation (ASF) under one4or more contributor license agreements. See the NOTICE file5distributed with this work for additional information6regarding copyright ownership. The ASF licenses this file7to you under the Apache License, Version 2.0 (the8"License"); you may not use this file except in compliance9with the License. You may obtain a copy of the License at10 http://www.apache.org/licenses/LICENSE-2.011Unless required by applicable law or agreed to in writing, software12distributed under the License is distributed on an "AS IS" BASIS,13WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.14See the License for the specific language governing permissions and15limitations under the License.16'''17import json18from datetime import datetime19from mock.mock import MagicMock, patch20from stacks.utils.RMFTestCase import *21from only_for_platform import not_for_platform, PLATFORM_WINDOWS22from resource_management.libraries.functions.ranger_functions import Rangeradmin23from resource_management.libraries.functions.ranger_functions_v2 import RangeradminV224@not_for_platform(PLATFORM_WINDOWS)25class TestRangerKMS(RMFTestCase):26 COMMON_SERVICES_PACKAGE_DIR = "RANGER_KMS/0.5.0.2.3/package"27 STACK_VERSION = "2.5"28 @patch("os.path.isfile")29 def test_configure_default(self, isfile_mock):30 self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/kms_server.py",31 classname = "KmsServer",32 command = "configure",33 config_file="ranger-kms-default.json",34 stack_version = self.STACK_VERSION,35 target = RMFTestCase.TARGET_COMMON_SERVICES36 )37 self.assert_configure_default()38 self.assertTrue(isfile_mock.called)39 self.assertNoMoreResources()40 current_date = datetime.now()41 class DTMOCK(object):42 """43 Mock datetime to avoid test failures when test run a little bit slower than usuall.44 """45 def now(self):46 return TestRangerKMS.current_date47 @patch("resource_management.libraries.functions.ranger_functions.Rangeradmin.check_ranger_login_urllib2", new=MagicMock(return_value=200))48 @patch("resource_management.libraries.functions.ranger_functions.Rangeradmin.create_ambari_admin_user", new=MagicMock(return_value=200))49 @patch("kms.get_repo")50 @patch("kms.create_repo")51 @patch("os.path.isfile")52 @patch("kms.datetime", new=DTMOCK())53 def test_start_default(self, get_repo_mock, create_repo_mock, isfile_mock):54 get_repo_mock.return_value = True55 create_repo_mock.return_value = True56 self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/kms_server.py",57 classname = "KmsServer",58 command = "start",59 config_file="ranger-kms-default.json",60 stack_version = self.STACK_VERSION,61 target = RMFTestCase.TARGET_COMMON_SERVICES62 )63 self.assert_configure_default()64 # TODO confirm repo call65 current_datetime = self.current_date.strftime("%Y-%m-%d %H:%M:%S")66 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/ranger-security.xml',67 owner = 'kms',68 group = 'kms',69 content = '<ranger>\n<enabled>{0}</enabled>\n</ranger>'.format(current_datetime),70 mode = 064471 )72 self.assertResourceCalled('Directory', '/etc/ranger/c1_kms',73 owner = 'kms',74 group = 'kms',75 mode = 0775,76 create_parents = True77 )78 self.assertResourceCalled('Directory', '/etc/ranger/c1_kms/policycache',79 owner = 'kms',80 group = 'kms',81 mode = 0775,82 create_parents = True83 )84 self.assertResourceCalled('File', '/etc/ranger/c1_kms/policycache/kms_c1_kms.json',85 owner = 'kms',86 group = 'kms',87 mode = 064488 )89 plugin_audit_properties_copy = {}90 plugin_audit_properties_copy.update(self.getConfig()['configurations']['ranger-kms-audit'])91 if 'xasecure.audit.destination.db.password' in plugin_audit_properties_copy:92 plugin_audit_properties_copy['xasecure.audit.destination.db.password'] = "crypted"93 self.assertResourceCalled('XmlConfig', 'ranger-kms-audit.xml',94 mode = 0744,95 owner = 'kms',96 group = 'kms',97 conf_dir = '/usr/hdp/current/ranger-kms/conf',98 configurations = plugin_audit_properties_copy,99 configuration_attributes = self.getConfig()['configurationAttributes']['ranger-kms-audit']100 )101 self.assertResourceCalled('XmlConfig', 'ranger-kms-security.xml',102 mode = 0744,103 owner = 'kms',104 group = 'kms',105 conf_dir = '/usr/hdp/current/ranger-kms/conf',106 configurations = self.getConfig()['configurations']['ranger-kms-security'],107 configuration_attributes = self.getConfig()['configurationAttributes']['ranger-kms-security']108 )109 ranger_kms_policymgr_ssl_copy = {}110 ranger_kms_policymgr_ssl_copy.update(self.getConfig()['configurations']['ranger-kms-policymgr-ssl'])111 for prop in ['xasecure.policymgr.clientssl.keystore.password', 'xasecure.policymgr.clientssl.truststore.password']:112 if prop in ranger_kms_policymgr_ssl_copy:113 ranger_kms_policymgr_ssl_copy[prop] = "crypted"114 self.assertResourceCalled('XmlConfig', 'ranger-policymgr-ssl.xml',115 mode = 0744,116 owner = 'kms',117 group = 'kms',118 conf_dir = '/usr/hdp/current/ranger-kms/conf',119 configurations = ranger_kms_policymgr_ssl_copy,120 configuration_attributes = self.getConfig()['configurationAttributes']['ranger-kms-policymgr-ssl']121 )122 self.assertResourceCalled('Execute', ('/usr/hdp/current/ranger-kms/ranger_credential_helper.py', '-l', '/usr/hdp/current/ranger-kms/cred/lib/*', '-f', '/etc/ranger/c1_kms/cred.jceks', '-k', 'sslKeyStore', '-v', 'myKeyFilePassword', '-c', '1'),123 environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},124 logoutput=True, 125 sudo=True126 )127 self.assertResourceCalled('Execute', ('/usr/hdp/current/ranger-kms/ranger_credential_helper.py', '-l', '/usr/hdp/current/ranger-kms/cred/lib/*', '-f', '/etc/ranger/c1_kms/cred.jceks', '-k', 'sslTrustStore', '-v', 'changeit', '-c', '1'),128 environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},129 logoutput=True, 130 sudo=True131 )132 self.assertResourceCalled('File', '/etc/ranger/c1_kms/cred.jceks',133 owner = 'kms',134 group = 'kms',135 only_if = "test -e /etc/ranger/c1_kms/cred.jceks",136 mode = 0640137 )138 self.assertResourceCalled('File', '/etc/ranger/c1_kms/.cred.jceks.crc',139 owner = 'kms',140 group = 'kms',141 only_if = "test -e /etc/ranger/c1_kms/.cred.jceks.crc",142 mode = 0640143 )144 145 self.assertResourceCalled('HdfsResource', '/ranger/audit',146 type = 'directory',147 action = ['create_on_execute'],148 owner = 'hdfs',149 group = 'hdfs',150 mode = 0755,151 recursive_chmod = True,152 user = 'hdfs',153 security_enabled = False,154 keytab = None,155 kinit_path_local = '/usr/bin/kinit',156 hadoop_bin_dir = '/usr/hdp/2.5.0.0-777/hadoop/bin',157 hadoop_conf_dir = '/usr/hdp/2.5.0.0-777/hadoop/conf',158 principal_name = None,159 hdfs_site = self.getConfig()['configurations']['hdfs-site'],160 default_fs = 'hdfs://c6401.ambari.apache.org:8020',161 dfs_type = '',162 )163 self.assertResourceCalled('HdfsResource', '/ranger/audit/kms',164 type = 'directory',165 action = ['create_on_execute'],166 owner = 'kms',167 group = 'kms',168 mode = 0750,169 recursive_chmod = True,170 user = 'hdfs',171 security_enabled = False,172 keytab = None,173 kinit_path_local = '/usr/bin/kinit',174 hadoop_bin_dir = '/usr/hdp/2.5.0.0-777/hadoop/bin',175 hadoop_conf_dir = '/usr/hdp/2.5.0.0-777/hadoop/conf',176 principal_name = None,177 hdfs_site = self.getConfig()['configurations']['hdfs-site'],178 default_fs = 'hdfs://c6401.ambari.apache.org:8020',179 dfs_type = '',180 )181 self.assertResourceCalled('HdfsResource', None,182 action = ['execute'],183 user = 'hdfs',184 security_enabled = False,185 keytab = None,186 kinit_path_local = '/usr/bin/kinit',187 hadoop_bin_dir = '/usr/hdp/2.5.0.0-777/hadoop/bin',188 hadoop_conf_dir = '/usr/hdp/2.5.0.0-777/hadoop/conf',189 principal_name = None,190 hdfs_site = self.getConfig()['configurations']['hdfs-site'],191 default_fs = 'hdfs://c6401.ambari.apache.org:8020',192 dfs_type = '',193 )194 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/hdfs-site.xml',195 action = ['delete'],196 )197 self.assertResourceCalled('Directory', '/tmp/jce_dir',198 create_parents = True,199 )200 self.assertResourceCalled('File', '/tmp/jce_dir/UnlimitedJCEPolicyJDK7.zip',201 content = DownloadSource('http://c6401.ambari.apache.org:8080/resources/UnlimitedJCEPolicyJDK7.zip'),202 mode = 0644,203 )204 self.assertResourceCalled('File', '/usr/jdk64/jdk1.7.0_45/jre/lib/security/local_policy.jar',205 action = ["delete"]206 )207 self.assertResourceCalled('File', '/usr/jdk64/jdk1.7.0_45/jre/lib/security/US_export_policy.jar',208 action = ["delete"]209 )210 self.assertResourceCalled('Execute', ("unzip", "-o", "-j", "-q", "/tmp/jce_dir/UnlimitedJCEPolicyJDK7.zip", "-d", "/usr/jdk64/jdk1.7.0_45/jre/lib/security"),211 only_if = 'test -e /usr/jdk64/jdk1.7.0_45/jre/lib/security && test -f /tmp/jce_dir/UnlimitedJCEPolicyJDK7.zip',212 path=['/bin/', '/usr/bin'],213 sudo=True214 )215 self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-kms/install.properties',216 owner = 'kms',217 properties = {'db_password': '_', 'KMS_MASTER_KEY_PASSWD': '_', 'REPOSITORY_CONFIG_PASSWORD': '_', 'db_root_password': '_'}218 )219 self.assertResourceCalled('Execute', '/usr/hdp/current/ranger-kms/ranger-kms start',220 environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},221 not_if = 'ps -ef | grep proc_rangerkms | grep -v grep',222 user = 'kms'223 )224 self.assertTrue(isfile_mock.called)225 self.assertNoMoreResources()226 def test_stop_default(self):227 self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/kms_server.py",228 classname = "KmsServer",229 command = "stop",230 config_file="ranger-kms-default.json",231 stack_version = self.STACK_VERSION,232 target = RMFTestCase.TARGET_COMMON_SERVICES233 )234 self.assertResourceCalled('Execute', '/usr/hdp/current/ranger-kms/ranger-kms stop',235 environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},236 user = 'kms'237 )238 self.assertResourceCalled('File', '/var/run/ranger_kms/rangerkms.pid',239 action = ['delete']240 )241 self.assertNoMoreResources()242 def assert_configure_default(self):243 self.assertResourceCalled('Directory', '/usr/hdp/current/ranger-kms/conf',244 owner = 'kms',245 group = 'kms',246 create_parents = True247 )248 self.assertResourceCalled('Directory', '/etc/security/serverKeys',249 create_parents = True,250 cd_access = "a",251 )252 self.assertResourceCalled('Directory', '/etc/ranger/kms',253 create_parents = True,254 cd_access = "a",255 )256 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/ews/webapp/lib/mysql-connector-java-old.jar',257 action = ['delete'],258 )259 self.assertResourceCalled('File', '/tmp/mysql-connector-java.jar',260 content = DownloadSource('http://c6401.ambari.apache.org:8080/resources/mysql-connector-java.jar'),261 mode = 0644262 )263 self.assertResourceCalled('Directory', '/usr/hdp/current/ranger-kms/ews/lib',264 mode = 0755265 )266 self.assertResourceCalled('Execute', ('cp', '--remove-destination', '/tmp/mysql-connector-java.jar',267 '/usr/hdp/current/ranger-kms/ews/webapp/lib'),268 path=['/bin', '/usr/bin/'],269 sudo=True270 )271 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/ews/webapp/lib/mysql-connector-java.jar',272 mode = 0644273 )274 self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-kms/install.properties',275 properties = self.getConfig()['configurations']['kms-properties'],276 owner = 'kms'277 )278 self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-kms/install.properties',279 properties = {'SQL_CONNECTOR_JAR': '/usr/hdp/current/ranger-kms/ews/webapp/lib/mysql-connector-java.jar'},280 owner = 'kms'281 )282 self.assertResourceCalled('File', '/usr/lib/ambari-agent/DBConnectionVerification.jar',283 content=DownloadSource('http://c6401.ambari.apache.org:8080/resources/DBConnectionVerification.jar'),284 mode=0644,285 )286 self.assertResourceCalled('Execute', '/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/hdp/current/ranger-kms/ews/webapp/lib/mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification \'jdbc:mysql://c6401.ambari.apache.org:3306/rangerkms01\' rangerkms01 rangerkms01 com.mysql.jdbc.Driver',287 path=['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], tries=5, try_sleep=10, environment = {}288 )289 self.assertResourceCalled('Directory', '/usr/hdp/current/ranger-kms/ews/webapp/WEB-INF/classes/lib',290 mode = 0755,291 owner = 'kms',292 group = 'kms'293 )294 self.assertResourceCalled('Execute', ('cp', '/usr/hdp/current/ranger-kms/ranger-kms-initd', '/etc/init.d/ranger-kms'),295 not_if=format('ls /etc/init.d/ranger-kms'),296 only_if=format('ls /usr/hdp/current/ranger-kms/ranger-kms-initd'),297 sudo=True298 )299 self.assertResourceCalled('File', '/etc/init.d/ranger-kms',300 mode=0755,301 )302 self.assertResourceCalled('Directory', '/usr/hdp/current/ranger-kms/',303 owner = 'kms',304 group = 'kms',305 recursive_ownership = True,306 )307 self.assertResourceCalled('Directory', '/var/run/ranger_kms',308 mode=0755,309 owner = 'kms',310 group = 'hadoop',311 cd_access = "a",312 create_parents=True313 )314 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/ranger-kms-env.sh',315 content = 'export JAVA_HOME=/usr/jdk64/jdk1.7.0_45',316 owner = 'kms',317 group = 'kms',318 mode = 0755319 )320 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/ranger-kms-env-piddir.sh',321 content = 'export RANGER_KMS_PID_DIR_PATH=/var/run/ranger_kms\nexport KMS_USER=kms',322 owner = 'kms',323 group = 'kms',324 mode = 0755325 )326 self.assertResourceCalled('Directory', '/var/log/ranger/kms',327 owner = 'kms',328 group = 'kms',329 cd_access = 'a',330 create_parents = True,331 mode = 0755332 )333 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/ranger-kms-env-logdir.sh',334 content = format("export RANGER_KMS_LOG_DIR=/var/log/ranger/kms"),335 owner = 'kms',336 group = 'kms',337 mode=0755338 )339 self.assertResourceCalled('Execute', ('ln', '-sf', '/usr/hdp/current/ranger-kms/ranger-kms', '/usr/bin/ranger-kms'),340 not_if=format('ls /usr/bin/ranger-kms'),341 only_if=format('ls /usr/hdp/current/ranger-kms/ranger-kms'),342 sudo=True343 )344 self.assertResourceCalled('File', '/usr/bin/ranger-kms',345 mode=0755346 )347 self.assertResourceCalled('Execute', ('ln', '-sf', '/usr/hdp/current/ranger-kms/ranger-kms', '/usr/bin/ranger-kms-services.sh'),348 not_if=format('ls /usr/bin/ranger-kms-services.sh'),349 only_if=format('ls /usr/hdp/current/ranger-kms/ranger-kms'),350 sudo=True351 )352 self.assertResourceCalled('File', '/usr/bin/ranger-kms-services.sh',353 mode=0755354 )355 self.assertResourceCalled('Execute', ('ln', '-sf', '/usr/hdp/current/ranger-kms/ranger-kms-initd', '/usr/hdp/current/ranger-kms/ranger-kms-services.sh'),356 not_if=format('ls /usr/hdp/current/ranger-kms/ranger-kms-services.sh'),357 only_if=format('ls /usr/hdp/current/ranger-kms/ranger-kms-initd'),358 sudo=True359 )360 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/ranger-kms-services.sh',361 mode=0755362 )363 self.assertResourceCalled('Directory', '/var/log/ranger/kms',364 owner = 'kms',365 group = 'kms',366 mode = 0775367 )368 self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-kms/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'ranger.ks.jdbc.password', '-value', 'rangerkms01', '-provider', 'jceks://file/etc/ranger/kms/rangerkms.jceks'),369 environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},370 logoutput=True,371 sudo=True372 )373 self.assertResourceCalled('File', '/etc/ranger/kms/rangerkms.jceks',374 owner = 'kms',375 group = 'kms',376 only_if = 'test -e /etc/ranger/kms/rangerkms.jceks',377 mode = 0640378 )379 self.assertResourceCalled('File', '/etc/ranger/kms/.rangerkms.jceks.crc',380 owner = 'kms',381 group = 'kms',382 only_if = 'test -e /etc/ranger/kms/.rangerkms.jceks.crc',383 mode = 0640384 )385 self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-kms/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'ranger.ks.masterkey.password', '-value', 'StrongPassword01', '-provider', 'jceks://file/etc/ranger/kms/rangerkms.jceks'),386 environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},387 logoutput=True,388 sudo=True389 )390 self.assertResourceCalled('File', '/etc/ranger/kms/rangerkms.jceks',391 owner = 'kms',392 group = 'kms',393 only_if = 'test -e /etc/ranger/kms/rangerkms.jceks',394 mode = 0640395 )396 self.assertResourceCalled('File', '/etc/ranger/kms/.rangerkms.jceks.crc',397 owner = 'kms',398 group = 'kms',399 only_if = 'test -e /etc/ranger/kms/.rangerkms.jceks.crc',400 mode = 0640401 )402 dbks_site_copy = {}403 dbks_site_copy.update(self.getConfig()['configurations']['dbks-site'])404 for prop in ['ranger.db.encrypt.key.password', 'ranger.ks.jpa.jdbc.password', 'ranger.ks.hsm.partition.password']:405 if prop in dbks_site_copy:406 dbks_site_copy[prop] = "_"407 self.assertResourceCalled('XmlConfig', 'dbks-site.xml',408 mode=0644,409 owner = 'kms',410 group = 'kms',411 conf_dir = '/usr/hdp/current/ranger-kms/conf',412 configurations = dbks_site_copy,413 configuration_attributes = self.getConfig()['configurationAttributes']['dbks-site']414 )415 self.assertResourceCalled('XmlConfig', 'ranger-kms-site.xml',416 mode = 0644,417 owner = 'kms',418 group = 'kms',419 conf_dir = '/usr/hdp/current/ranger-kms/conf',420 configurations = self.getConfig()['configurations']['ranger-kms-site'],421 configuration_attributes = self.getConfig()['configurationAttributes']['ranger-kms-site']422 )423 self.assertResourceCalled('XmlConfig', 'kms-site.xml',424 mode = 0644,425 owner = 'kms',426 group = 'kms',427 conf_dir = '/usr/hdp/current/ranger-kms/conf',428 configurations = self.getConfig()['configurations']['kms-site'],429 configuration_attributes = self.getConfig()['configurationAttributes']['kms-site']430 )431 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/kms-log4j.properties',432 mode = 0644,433 owner = 'kms',434 group = 'kms',435 content = InlineTemplate(self.getConfig()['configurations']['kms-log4j']['content'])436 )437 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/core-site.xml',438 action = ['delete'],439 )440 @patch("os.path.isfile")441 def test_configure_secured(self, isfile_mock):442 self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/kms_server.py",443 classname = "KmsServer",444 command = "configure",445 config_file="ranger-kms-secured.json",446 stack_version = self.STACK_VERSION,447 target = RMFTestCase.TARGET_COMMON_SERVICES448 )449 self.assert_configure_secured()450 self.assertTrue(isfile_mock.called)451 self.assertNoMoreResources()452 @patch("resource_management.libraries.functions.ranger_functions_v2.RangeradminV2.check_ranger_login_curl", new=MagicMock(return_value=(200, '', '')))453 @patch("resource_management.libraries.functions.ranger_functions_v2.RangeradminV2.get_repository_by_name_curl", new=MagicMock(return_value=({'name': 'c1_kms'})))454 @patch("resource_management.libraries.functions.ranger_functions_v2.RangeradminV2.create_repository_curl", new=MagicMock(return_value=({'name': 'c1_kms'})))455 @patch("os.path.isfile")456 @patch("kms.datetime", new=DTMOCK())457 def test_start_secured(self, isfile_mock):458 self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/kms_server.py",459 classname = "KmsServer",460 command = "start",461 config_file="ranger-kms-secured.json",462 stack_version = self.STACK_VERSION,463 target = RMFTestCase.TARGET_COMMON_SERVICES464 )465 self.assert_configure_secured()466 # TODO repo call in secure467 current_datetime = self.current_date.strftime("%Y-%m-%d %H:%M:%S")468 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/ranger-security.xml',469 owner = 'kms',470 group = 'kms',471 content = '<ranger>\n<enabled>{0}</enabled>\n</ranger>'.format(current_datetime),472 mode = 0644473 )474 self.assertResourceCalled('Directory', '/etc/ranger/c1_kms',475 owner = 'kms',476 group = 'kms',477 mode = 0775,478 create_parents = True479 )480 self.assertResourceCalled('Directory', '/etc/ranger/c1_kms/policycache',481 owner = 'kms',482 group = 'kms',483 mode = 0775,484 create_parents = True485 )486 self.assertResourceCalled('File', '/etc/ranger/c1_kms/policycache/kms_c1_kms.json',487 owner = 'kms',488 group = 'kms',489 mode = 0644490 )491 plugin_audit_properties_copy = {}492 plugin_audit_properties_copy.update(self.getConfig()['configurations']['ranger-kms-audit'])493 if 'xasecure.audit.destination.db.password' in plugin_audit_properties_copy:494 plugin_audit_properties_copy['xasecure.audit.destination.db.password'] = "crypted"495 self.assertResourceCalled('XmlConfig', 'ranger-kms-audit.xml',496 mode = 0744,497 owner = 'kms',498 group = 'kms',499 conf_dir = '/usr/hdp/current/ranger-kms/conf',500 configurations = plugin_audit_properties_copy,501 configuration_attributes = self.getConfig()['configurationAttributes']['ranger-kms-audit']502 )503 self.assertResourceCalled('XmlConfig', 'ranger-kms-security.xml',504 mode = 0744,505 owner = 'kms',506 group = 'kms',507 conf_dir = '/usr/hdp/current/ranger-kms/conf',508 configurations = self.getConfig()['configurations']['ranger-kms-security'],509 configuration_attributes = self.getConfig()['configurationAttributes']['ranger-kms-security']510 )511 ranger_kms_policymgr_ssl_copy = {}512 ranger_kms_policymgr_ssl_copy.update(self.getConfig()['configurations']['ranger-kms-policymgr-ssl'])513 for prop in ['xasecure.policymgr.clientssl.keystore.password', 'xasecure.policymgr.clientssl.truststore.password']:514 if prop in ranger_kms_policymgr_ssl_copy:515 ranger_kms_policymgr_ssl_copy[prop] = "crypted"516 self.assertResourceCalled('XmlConfig', 'ranger-policymgr-ssl.xml',517 mode = 0744,518 owner = 'kms',519 group = 'kms',520 conf_dir = '/usr/hdp/current/ranger-kms/conf',521 configurations = ranger_kms_policymgr_ssl_copy,522 configuration_attributes = self.getConfig()['configurationAttributes']['ranger-kms-policymgr-ssl']523 )524 self.assertResourceCalled('Execute', ('/usr/hdp/current/ranger-kms/ranger_credential_helper.py', '-l', '/usr/hdp/current/ranger-kms/cred/lib/*', '-f', '/etc/ranger/c1_kms/cred.jceks', '-k', 'sslKeyStore', '-v', 'myKeyFilePassword', '-c', '1'),525 environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},526 logoutput=True, 527 sudo=True528 )529 self.assertResourceCalled('Execute', ('/usr/hdp/current/ranger-kms/ranger_credential_helper.py', '-l', '/usr/hdp/current/ranger-kms/cred/lib/*', '-f', '/etc/ranger/c1_kms/cred.jceks', '-k', 'sslTrustStore', '-v', 'changeit', '-c', '1'),530 environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},531 logoutput=True, 532 sudo=True533 )534 self.assertResourceCalled('File', '/etc/ranger/c1_kms/cred.jceks',535 owner = 'kms',536 group = 'kms',537 only_if = 'test -e /etc/ranger/c1_kms/cred.jceks',538 mode = 0640539 )540 self.assertResourceCalled('File', '/etc/ranger/c1_kms/.cred.jceks.crc',541 owner = 'kms',542 group = 'kms',543 only_if = 'test -e /etc/ranger/c1_kms/.cred.jceks.crc',544 mode = 0640545 )546 self.assertResourceCalled('HdfsResource', '/ranger/audit',547 type = 'directory',548 action = ['create_on_execute'],549 owner = 'hdfs',550 group = 'hdfs',551 mode = 0755,552 recursive_chmod = True,553 user = 'hdfs',554 security_enabled = True,555 keytab = '/etc/security/keytabs/hdfs.headless.keytab',556 kinit_path_local = '/usr/bin/kinit',557 hadoop_bin_dir = '/usr/hdp/2.5.0.0-777/hadoop/bin',558 hadoop_conf_dir = '/usr/hdp/2.5.0.0-777/hadoop/conf',559 principal_name = 'hdfs-cl1@EXAMPLE.COM',560 hdfs_site = self.getConfig()['configurations']['hdfs-site'],561 default_fs = 'hdfs://c6401.ambari.apache.org:8020',562 dfs_type = '',563 )564 self.assertResourceCalled('HdfsResource', '/ranger/audit/kms',565 type = 'directory',566 action = ['create_on_execute'],567 owner = 'kms',568 group = 'kms',569 mode = 0750,570 recursive_chmod = True,571 user = 'hdfs',572 security_enabled = True,573 keytab = '/etc/security/keytabs/hdfs.headless.keytab',574 kinit_path_local = '/usr/bin/kinit',575 hadoop_bin_dir = '/usr/hdp/2.5.0.0-777/hadoop/bin',576 hadoop_conf_dir = '/usr/hdp/2.5.0.0-777/hadoop/conf',577 principal_name = 'hdfs-cl1@EXAMPLE.COM',578 hdfs_site = self.getConfig()['configurations']['hdfs-site'],579 default_fs = 'hdfs://c6401.ambari.apache.org:8020',580 dfs_type = '',581 )582 self.assertResourceCalled('HdfsResource', None,583 action = ['execute'],584 user = 'hdfs',585 security_enabled = True,586 keytab = '/etc/security/keytabs/hdfs.headless.keytab',587 kinit_path_local = '/usr/bin/kinit',588 hadoop_bin_dir = '/usr/hdp/2.5.0.0-777/hadoop/bin',589 hadoop_conf_dir = '/usr/hdp/2.5.0.0-777/hadoop/conf',590 principal_name = 'hdfs-cl1@EXAMPLE.COM',591 hdfs_site = self.getConfig()['configurations']['hdfs-site'],592 default_fs = 'hdfs://c6401.ambari.apache.org:8020',593 dfs_type = '',594 )595 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/hdfs-site.xml',596 action = ['delete'],597 )598 self.assertResourceCalled('Directory', '/tmp/jce_dir',599 create_parents = True,600 )601 self.assertResourceCalled('File', '/tmp/jce_dir/UnlimitedJCEPolicyJDK7.zip',602 content = DownloadSource('http://c6401.ambari.apache.org:8080/resources/UnlimitedJCEPolicyJDK7.zip'),603 mode = 0644,604 )605 self.assertResourceCalled('File', '/usr/jdk64/jdk1.7.0_45/jre/lib/security/local_policy.jar',606 action = ["delete"]607 )608 self.assertResourceCalled('File', '/usr/jdk64/jdk1.7.0_45/jre/lib/security/US_export_policy.jar',609 action = ["delete"]610 )611 self.assertResourceCalled('Execute', ("unzip", "-o", "-j", "-q", "/tmp/jce_dir/UnlimitedJCEPolicyJDK7.zip", "-d", "/usr/jdk64/jdk1.7.0_45/jre/lib/security"),612 only_if = 'test -e /usr/jdk64/jdk1.7.0_45/jre/lib/security && test -f /tmp/jce_dir/UnlimitedJCEPolicyJDK7.zip',613 path=['/bin/', '/usr/bin'],614 sudo=True615 )616 self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-kms/install.properties',617 owner = 'kms',618 properties = {'db_password': '_', 'KMS_MASTER_KEY_PASSWD': '_', 'REPOSITORY_CONFIG_PASSWORD': '_', 'db_root_password': '_'}619 )620 self.assertResourceCalled('Execute', '/usr/hdp/current/ranger-kms/ranger-kms start',621 environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},622 not_if = 'ps -ef | grep proc_rangerkms | grep -v grep',623 user = 'kms'624 )625 self.assertTrue(isfile_mock.called)626 self.assertNoMoreResources()627 def assert_configure_secured(self):628 self.assertResourceCalled('Directory', '/usr/hdp/current/ranger-kms/conf',629 owner = 'kms',630 group = 'kms',631 create_parents = True632 )633 self.assertResourceCalled('Directory', '/etc/security/serverKeys',634 create_parents = True,635 cd_access = "a",636 )637 self.assertResourceCalled('Directory', '/etc/ranger/kms',638 create_parents = True,639 cd_access = "a",640 )641 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/ews/webapp/lib/mysql-connector-java-old.jar',642 action = ['delete'],643 )644 self.assertResourceCalled('File', '/tmp/mysql-connector-java.jar',645 content = DownloadSource('http://c6401.ambari.apache.org:8080/resources/mysql-connector-java.jar'),646 mode = 0644647 )648 self.assertResourceCalled('Directory', '/usr/hdp/current/ranger-kms/ews/lib',649 mode = 0755650 )651 self.assertResourceCalled('Execute', ('cp', '--remove-destination', '/tmp/mysql-connector-java.jar',652 '/usr/hdp/current/ranger-kms/ews/webapp/lib'),653 path=['/bin', '/usr/bin/'],654 sudo=True655 )656 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/ews/webapp/lib/mysql-connector-java.jar',657 mode = 0644658 )659 self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-kms/install.properties',660 properties = self.getConfig()['configurations']['kms-properties'],661 owner = 'kms'662 )663 self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-kms/install.properties',664 properties = {'SQL_CONNECTOR_JAR': '/usr/hdp/current/ranger-kms/ews/webapp/lib/mysql-connector-java.jar'},665 owner = 'kms'666 )667 self.assertResourceCalled('File', '/usr/lib/ambari-agent/DBConnectionVerification.jar',668 content=DownloadSource('http://c6401.ambari.apache.org:8080/resources/DBConnectionVerification.jar'),669 mode=0644,670 )671 self.assertResourceCalled('Execute', '/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/hdp/current/ranger-kms/ews/webapp/lib/mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification \'jdbc:mysql://c6401.ambari.apache.org:3306/rangerkms01\' rangerkms01 rangerkms01 com.mysql.jdbc.Driver',672 path=['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], tries=5, try_sleep=10, environment = {}673 )674 self.assertResourceCalled('Directory', '/usr/hdp/current/ranger-kms/ews/webapp/WEB-INF/classes/lib',675 mode = 0755,676 owner = 'kms',677 group = 'kms'678 )679 self.assertResourceCalled('Execute', ('cp', '/usr/hdp/current/ranger-kms/ranger-kms-initd', '/etc/init.d/ranger-kms'),680 not_if=format('ls /etc/init.d/ranger-kms'),681 only_if=format('ls /usr/hdp/current/ranger-kms/ranger-kms-initd'),682 sudo=True683 )684 self.assertResourceCalled('File', '/etc/init.d/ranger-kms',685 mode=0755,686 )687 self.assertResourceCalled('Directory', '/usr/hdp/current/ranger-kms/',688 owner = 'kms',689 group = 'kms',690 recursive_ownership = True,691 )692 self.assertResourceCalled('Directory', '/var/run/ranger_kms',693 mode=0755,694 owner = 'kms',695 group = 'hadoop',696 cd_access = "a",697 create_parents=True698 )699 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/ranger-kms-env.sh',700 content = 'export JAVA_HOME=/usr/jdk64/jdk1.7.0_45',701 owner = 'kms',702 group = 'kms',703 mode = 0755704 )705 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/ranger-kms-env-piddir.sh',706 content = 'export RANGER_KMS_PID_DIR_PATH=/var/run/ranger_kms\nexport KMS_USER=kms',707 owner = 'kms',708 group = 'kms',709 mode = 0755710 )711 self.assertResourceCalled('Directory', '/var/log/ranger/kms',712 owner = 'kms',713 group = 'kms',714 cd_access = 'a',715 create_parents = True,716 mode = 0755717 )718 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/ranger-kms-env-logdir.sh',719 content = format("export RANGER_KMS_LOG_DIR=/var/log/ranger/kms"),720 owner = 'kms',721 group = 'kms',722 mode=0755723 )724 self.assertResourceCalled('Execute', ('ln', '-sf', '/usr/hdp/current/ranger-kms/ranger-kms', '/usr/bin/ranger-kms'),725 not_if=format('ls /usr/bin/ranger-kms'),726 only_if=format('ls /usr/hdp/current/ranger-kms/ranger-kms'),727 sudo=True728 )729 self.assertResourceCalled('File', '/usr/bin/ranger-kms',730 mode=0755731 )732 self.assertResourceCalled('Execute', ('ln', '-sf', '/usr/hdp/current/ranger-kms/ranger-kms', '/usr/bin/ranger-kms-services.sh'),733 not_if=format('ls /usr/bin/ranger-kms-services.sh'),734 only_if=format('ls /usr/hdp/current/ranger-kms/ranger-kms'),735 sudo=True736 )737 self.assertResourceCalled('File', '/usr/bin/ranger-kms-services.sh',738 mode=0755739 )740 self.assertResourceCalled('Execute', ('ln', '-sf', '/usr/hdp/current/ranger-kms/ranger-kms-initd', '/usr/hdp/current/ranger-kms/ranger-kms-services.sh'),741 not_if=format('ls /usr/hdp/current/ranger-kms/ranger-kms-services.sh'),742 only_if=format('ls /usr/hdp/current/ranger-kms/ranger-kms-initd'),743 sudo=True744 )745 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/ranger-kms-services.sh',746 mode=0755747 )748 self.assertResourceCalled('Directory', '/var/log/ranger/kms',749 owner = 'kms',750 group = 'kms',751 mode = 0775752 )753 self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-kms/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'ranger.ks.jdbc.password', '-value', 'rangerkms01', '-provider', 'jceks://file/etc/ranger/kms/rangerkms.jceks'),754 environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},755 logoutput=True,756 sudo=True757 )758 self.assertResourceCalled('File', '/etc/ranger/kms/rangerkms.jceks',759 owner = 'kms',760 group = 'kms',761 only_if = 'test -e /etc/ranger/kms/rangerkms.jceks',762 mode = 0640763 )764 self.assertResourceCalled('File', '/etc/ranger/kms/.rangerkms.jceks.crc',765 owner = 'kms',766 group = 'kms',767 only_if = 'test -e /etc/ranger/kms/.rangerkms.jceks.crc',768 mode = 0640769 )770 self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-kms/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'ranger.ks.masterkey.password', '-value', 'StrongPassword01', '-provider', 'jceks://file/etc/ranger/kms/rangerkms.jceks'),771 environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},772 logoutput=True,773 sudo=True774 )775 self.assertResourceCalled('File', '/etc/ranger/kms/rangerkms.jceks',776 owner = 'kms',777 group = 'kms',778 only_if = 'test -e /etc/ranger/kms/rangerkms.jceks',779 mode = 0640780 )781 self.assertResourceCalled('File', '/etc/ranger/kms/.rangerkms.jceks.crc',782 owner = 'kms',783 group = 'kms',784 only_if = 'test -e /etc/ranger/kms/.rangerkms.jceks.crc',785 mode = 0640786 )787 dbks_site_copy = {}788 dbks_site_copy.update(self.getConfig()['configurations']['dbks-site'])789 for prop in ['ranger.db.encrypt.key.password', 'ranger.ks.jpa.jdbc.password', 'ranger.ks.hsm.partition.password']:790 if prop in dbks_site_copy:791 dbks_site_copy[prop] = "_"792 self.assertResourceCalled('XmlConfig', 'dbks-site.xml',793 mode=0644,794 owner = 'kms',795 group = 'kms',796 conf_dir = '/usr/hdp/current/ranger-kms/conf',797 configurations = dbks_site_copy,798 configuration_attributes = self.getConfig()['configurationAttributes']['dbks-site']799 )800 self.assertResourceCalled('XmlConfig', 'ranger-kms-site.xml',801 mode = 0644,802 owner = 'kms',803 group = 'kms',804 conf_dir = '/usr/hdp/current/ranger-kms/conf',805 configurations = self.getConfig()['configurations']['ranger-kms-site'],806 configuration_attributes = self.getConfig()['configurationAttributes']['ranger-kms-site']807 )808 self.assertResourceCalled('XmlConfig', 'kms-site.xml',809 mode = 0644,810 owner = 'kms',811 group = 'kms',812 conf_dir = '/usr/hdp/current/ranger-kms/conf',813 configurations = self.getConfig()['configurations']['kms-site'],814 configuration_attributes = self.getConfig()['configurationAttributes']['kms-site']815 )816 self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/kms-log4j.properties',817 mode = 0644,818 owner = 'kms',819 group = 'kms',820 content = InlineTemplate(self.getConfig()['configurations']['kms-log4j']['content'])821 )822 self.assertResourceCalled('XmlConfig', 'core-site.xml',823 owner = 'kms',824 group = 'kms',825 conf_dir = '/usr/hdp/current/ranger-kms/conf',826 configurations = self.getConfig()['configurations']['core-site'],827 configuration_attributes = self.getConfig()['configurationAttributes']['core-site'],828 mode = 0644...

Full Screen

Full Screen

test_kms_keymaster.py

Source:test_kms_keymaster.py Github

copy

Full Screen

...186 @mock.patch('swift.common.middleware.crypto.kms_keymaster.readconf')187 @mock.patch.object(kms_keymaster.KmsKeyMaster, '_get_root_secret')188 def test_get_root_secret(189 self, mock_get_root_secret_from_kms, mock_readconf):190 # Successful call with coarse _get_root_secret_from_kms() mock.191 mock_get_root_secret_from_kms.return_value = (192 base64.b64encode(b'x' * 32))193 '''194 Return valid Barbican configuration parameters.195 '''196 mock_readconf.return_value = TEST_KMS_KEYMASTER_CONF197 '''198 Verify that keys are derived correctly by the keymaster.199 '''200 self.app = kms_keymaster.KmsKeyMaster(self.swift,201 TEST_KMS_KEYMASTER_CONF)202 '''203 Verify that _get_root_secret_from_kms() was called with the204 correct parameters.205 '''206 mock_get_root_secret_from_kms.assert_called_with(207 TEST_KMS_KEYMASTER_CONF208 )209 @mock.patch('swift.common.middleware.crypto.kms_keymaster.'210 'keystone_password.KeystonePassword')211 @mock.patch('swift.common.middleware.crypto.kms_keymaster.cfg')212 @mock.patch('swift.common.middleware.crypto.kms_keymaster.options')213 @mock.patch('swift.common.middleware.crypto.kms_keymaster.readconf')214 @mock.patch('swift.common.middleware.crypto.kms_keymaster.key_manager')215 def test_mocked_castellan_keymanager(216 self, mock_castellan_key_manager, mock_readconf,217 mock_castellan_options, mock_oslo_config, mock_keystone_password):...

Full Screen

Full Screen

create_kms_key.py

Source:create_kms_key.py Github

copy

Full Screen

1import boto32import json3import os4# configurations from file5config_filename = "_src/configs.json"6if os.path.isfile(config_filename):7 with open(config_filename) as f:8 all_configs = json.loads(f.read())9environment = all_configs['environment'] if 'environment' in all_configs.keys() else "dev"10region = all_configs['region'] if 'region' in all_configs.keys() else "us-west-2"11aws_account_identifier = all_configs['aws_account_identifier'] if 'aws_account_identifier' in all_configs.keys() else "968765799102"12key_alias = all_configs['key_alias'] if 'key_alias' in all_configs.keys() else "alias/robo-greenfly"13key_user = all_configs['key_user'] if 'key_user' in all_configs.keys() else "sd-greenfly"14user_arn = "arn:aws:iam::{}:user/{}".format(aws_account_identifier, key_user)15# generate KMS key16kms_client = boto3.client('kms')17response = kms_client.create_key(18 Description='greenfly',19 KeyUsage='ENCRYPT_DECRYPT',20 Origin='AWS_KMS'21)22print(response)23key_id = response['KeyMetadata']['KeyId']24response = kms_client.create_alias(25 AliasName=key_alias,26 TargetKeyId=key_id27)28print(response)29# assign administration & usage of key to this user30policy = ("{\n \"Version\" : \"2012-10-17\",\n \"Id\" : \"key-consolepolicy-3\",\n "31 "\"Statement\" : [ {\n \"Sid\" : \"Enable IAM User Permissions\",\n \"Effect\" : \"Allow\",\n "32 "\"Principal\" : {\n \"AWS\" : \"arn:aws:iam::"+aws_account_identifier+":root\"\n },\n "33 "\"Action\" : \"kms:*\",\n \"Resource\" : \"*\"\n }, "34 "{\n \"Sid\" : \"Allow access for Key Administrators\",\n \"Effect\" : \"Allow\",\n "35 "\"Principal\" : {\n \"AWS\" : \""+user_arn+"\"\n },\n "36 "\"Action\" : [ \"kms:Create*\", \"kms:Describe*\", \"kms:Enable*\", \"kms:List*\", \"kms:Put*\", "37 "\"kms:Update*\", \"kms:Revoke*\", \"kms:Disable*\", \"kms:Get*\", \"kms:Delete*\", \"kms:TagResource\", "38 "\"kms:UntagResource\", \"kms:ScheduleKeyDeletion\", \"kms:CancelKeyDeletion\" ],\n "39 "\"Resource\" : \"*\"\n }, {\n \"Sid\" : \"Allow use of the key\",\n \"Effect\" : \"Allow\",\n "40 "\"Principal\" : {\n \"AWS\" : \""+user_arn+"\"\n },\n "41 "\"Action\" : [ \"kms:Encrypt\", \"kms:Decrypt\", \"kms:ReEncrypt*\", \"kms:GenerateDataKey*\", "42 "\"kms:DescribeKey\" ],\n \"Resource\" : \"*\"\n }, "43 "{\n \"Sid\" : \"Allow attachment of persistent resources\",\n "44 "\"Effect\" : \"Allow\",\n \"Principal\" : {\n \"AWS\" : \""+user_arn+"\"\n "45 "},\n \"Action\" : [ \"kms:CreateGrant\", \"kms:ListGrants\", \"kms:RevokeGrant\" ],\n "46 "\"Resource\" : \"*\",\n \"Condition\" : {\n \"Bool\" : {\n "47 "\"kms:GrantIsForAWSResource\" : \"true\"\n }\n }\n } ]\n}")48response = kms_client.put_key_policy(49 KeyId=key_id,50 PolicyName='default',51 Policy=policy52)53# print alias assigned...

Full Screen

Full Screen

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.

LambdaTest Learning Hubs:

YouTube

You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.

Run localstack automation tests on LambdaTest cloud grid

Perform automation testing on 3000+ real desktop and mobile devices online.

... View sample repo... View DocumentationSign up Free
_

Try LambdaTest Now !!

Get 100 minutes of automation test minutes FREE!!

...
Sign up with GoogleSign up with Email
Next-Gen App & Browser Testing Cloud

Was this article helpful?

Helpful

NotHelpful