File: test_cloudfront_keys.py

package info (click to toggle)
python-moto 5.1.18-3
links: PTS, VCS
area: main
in suites: forky, sid
size: 116,520 kB
sloc: python: 636,725; javascript: 181; makefile: 39; sh: 3
file content (150 lines) | stat: -rw-r--r-- 4,913 bytes
parent folder | download | duplicates (2)
from uuid import uuid4

import boto3
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa

from moto import mock_aws
from tests import aws_verified

from .cloudfront_test_scaffolding import minimal_dist_custom_config

private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
public_key = private_key.public_key()
pem = public_key.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo,
)


@aws_verified
def test_create_public_key():
    client = boto3.client("cloudfront", region_name="us-east-1")

    key_id = etag = None
    try:
        public_key_config = {
            "CallerReference": (str(uuid4())),
            "Name": (str(uuid4())),
            "EncodedKey": pem.decode("utf-8"),
        }
        resp = client.create_public_key(PublicKeyConfig=public_key_config)
        # uppercase+digits{14}
        key_id = resp["PublicKey"]["Id"]
        etag = resp["ETag"]
        public_key_config["Comment"] = ""

        assert resp["ResponseMetadata"]["HTTPStatusCode"] == 201

        assert (
            resp["Location"]
            == f"https://cloudfront.amazonaws.com/2020-05-31/public-key/{key_id}"
        )
        assert resp["PublicKey"]["CreatedTime"]
        assert resp["PublicKey"]["PublicKeyConfig"] == public_key_config

        get_key = client.get_public_key(Id=key_id)

        assert get_key["ETag"] == etag
        assert get_key["PublicKey"]["Id"] == key_id
        assert get_key["PublicKey"]["PublicKeyConfig"] == public_key_config
    finally:
        if key_id:
            client.delete_public_key(Id=key_id, IfMatch=etag)


@mock_aws
def test_list_public_keys():
    client = boto3.client("cloudfront", region_name="us-east-1")

    key_list = client.list_public_keys()["PublicKeyList"]
    assert key_list == {"MaxItems": 100, "Quantity": 0}

    key = client.create_public_key(
        PublicKeyConfig={
            "CallerReference": "someref",
            "Name": "somekey",
            "EncodedKey": "some data",
        }
    )["PublicKey"]
    key_created = key["CreatedTime"]
    key_id = key["Id"]

    key_list = client.list_public_keys()["PublicKeyList"]
    assert key_list["Quantity"] == 1
    assert key_list["Items"] == [
        {
            "Id": key_id,
            "Name": "somekey",
            "CreatedTime": key_created,
            "EncodedKey": "some data\n",
            "Comment": "",
        }
    ]


@mock_aws
def test_create_public_key_group():
    client = boto3.client("cloudfront", region_name="us-east-1")

    key_id1 = client.create_public_key(
        PublicKeyConfig={
            "CallerReference": str(uuid4()),
            "Name": str(uuid4()),
            "EncodedKey": pem.decode("utf-8"),
        }
    )["PublicKey"]["Id"]

    resp = client.create_key_group(
        KeyGroupConfig={"Name": "mygroup", "Items": [key_id1]}
    )
    key_group_id = resp["KeyGroup"]["Id"]  # uuid
    assert (
        resp["Location"]
        == f"https://cloudfront.amazonaws.com/2020-05-31/key-group/{key_group_id}"
    )
    assert resp["KeyGroup"]["KeyGroupConfig"] == {"Name": "mygroup", "Items": [key_id1]}

    get_group = client.get_key_group(Id=key_group_id)
    assert get_group["ETag"] == resp["ETag"]
    assert get_group["KeyGroup"]["Id"] == key_group_id
    assert get_group["KeyGroup"]["KeyGroupConfig"]["Name"] == "mygroup"
    assert get_group["KeyGroup"]["KeyGroupConfig"]["Items"] == [key_id1]

    groups = client.list_key_groups()["KeyGroupList"]
    assert groups["Quantity"] == 1
    assert groups["Items"][0]["KeyGroup"]["Id"] == key_group_id
    assert groups["Items"][0]["KeyGroup"]["KeyGroupConfig"]["Name"] == "mygroup"

    # We can't delete the key at this point
    # Either deregister the key, or delete the group
    # Deleting the group automatically deregisters the key (but does not delete it)


@mock_aws
def test_create_distribution_with_key_groups():
    client = boto3.client("cloudfront", region_name="us-east-1")

    key_id1 = client.create_public_key(
        PublicKeyConfig={
            "CallerReference": str(uuid4()),
            "Name": str(uuid4()),
            "EncodedKey": pem.decode("utf-8"),
        }
    )["PublicKey"]["Id"]

    resp = client.create_key_group(
        KeyGroupConfig={"Name": "mygroup", "Items": [key_id1]}
    )
    key_group_id = resp["KeyGroup"]["Id"]  # uuid

    config = minimal_dist_custom_config("sth")
    config["DefaultCacheBehavior"]["TrustedKeyGroups"] = {
        "Enabled": True,
        "Quantity": 1,
        "Items": [key_group_id],
    }
    dist = client.create_distribution(DistributionConfig=config)["Distribution"]
    config = dist["DistributionConfig"]
    key_groups = config["DefaultCacheBehavior"]["TrustedKeyGroups"]
    assert key_groups == {"Enabled": True, "Quantity": 1, "Items": [key_group_id]}