mirror of
https://github.com/fog/fog.git
synced 2022-11-09 13:51:43 -05:00
[aws|elb] Raise proper IAM error for CertificateNotFound when creating an ELB or creating Listeners.
This commit is contained in:
Blake Gentry
parent
773ba300d0
commit
348230ce32
4 changed files with 63 additions and 21 deletions
|
|
@ -46,8 +46,16 @@ module Fog
|
||||||
'LoadBalancerName' => lb_name,
|
'LoadBalancerName' => lb_name,
|
||||||
:parser => Fog::Parsers::AWS::ELB::CreateLoadBalancer.new
|
:parser => Fog::Parsers::AWS::ELB::CreateLoadBalancer.new
|
||||||
}.merge!(params))
|
}.merge!(params))
|
||||||
|
rescue Excon::Errors::HTTPStatusError => error
|
||||||
|
if match = error.message.match(/<Code>(.*)<\/Code>(?:.*<Message>(.*)<\/Message>)?/m)
|
||||||
|
case match[1]
|
||||||
|
when 'CertificateNotFound'
|
||||||
|
raise Fog::AWS::IAM::NotFound.slurp(error, match[2])
|
||||||
|
else
|
||||||
|
raise
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
class Mock
|
class Mock
|
||||||
|
|
@ -61,9 +69,7 @@ module Fog
|
||||||
|
|
||||||
listeners = [*listeners].map do |listener|
|
listeners = [*listeners].map do |listener|
|
||||||
if listener['SSLCertificateId'] and !certificate_ids.include? listener['SSLCertificateId']
|
if listener['SSLCertificateId'] and !certificate_ids.include? listener['SSLCertificateId']
|
||||||
response.status = 400
|
raise Fog::AWS::IAM::NotFound.new('CertificateNotFound')
|
||||||
response.body = "<?xml version=\"1.0\"?><Response><Errors><Error><Code>CertificateNotFound</Code><Message>The specified SSL ID does not refer to a valid SSL certificate in the AWS Identity and Access Management Service..</Message></Error></Errors><RequestID>#{Fog::AWS::Mock.request_id}</RequestId></Response>"
|
|
||||||
raise Excon::Errors.status_error({:expects => 200}, response)
|
|
||||||
end
|
end
|
||||||
{'Listener' => listener, 'PolicyNames' => []}
|
{'Listener' => listener, 'PolicyNames' => []}
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -43,6 +43,15 @@ module Fog
|
||||||
'LoadBalancerName' => lb_name,
|
'LoadBalancerName' => lb_name,
|
||||||
:parser => Fog::Parsers::AWS::ELB::Empty.new
|
:parser => Fog::Parsers::AWS::ELB::Empty.new
|
||||||
}.merge!(params))
|
}.merge!(params))
|
||||||
|
rescue Excon::Errors::HTTPStatusError => error
|
||||||
|
if match = error.message.match(/<Code>(.*)<\/Code>(?:.*<Message>(.*)<\/Message>)?/m)
|
||||||
|
case match[1]
|
||||||
|
when 'CertificateNotFound'
|
||||||
|
raise Fog::AWS::IAM::NotFound.slurp(error, match[2])
|
||||||
|
else
|
||||||
|
raise
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
@ -56,9 +65,7 @@ module Fog
|
||||||
|
|
||||||
listeners.each do |listener|
|
listeners.each do |listener|
|
||||||
if listener['SSLCertificateId'] and !certificate_ids.include? listener['SSLCertificateId']
|
if listener['SSLCertificateId'] and !certificate_ids.include? listener['SSLCertificateId']
|
||||||
response.status = 400
|
raise Fog::AWS::IAM::NotFound.new('CertificateNotFound')
|
||||||
response.body = "<?xml version=\"1.0\"?><Response><Errors><Error><Code>CertificateNotFound</Code><Message>The specified SSL ID does not refer to a valid SSL certificate in the AWS Identity and Access Management Service..</Message></Error></Errors><RequestID>#{Fog::AWS::Mock.request_id}</RequestId></Response>"
|
|
||||||
raise Excon::Errors.status_error({:expects => 200}, response)
|
|
||||||
end
|
end
|
||||||
load_balancer['ListenerDescriptions'] << {'Listener' => listener, 'PolicyNames' => []}
|
load_balancer['ListenerDescriptions'] << {'Listener' => listener, 'PolicyNames' => []}
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
Shindo.tests('AWS::ELB | models', ['aws', 'elb']) do
|
Shindo.tests('AWS::ELB | models', ['aws', 'elb']) do
|
||||||
@availability_zones = Fog::Compute[:aws].describe_availability_zones('state' => 'available').body['availabilityZoneInfo'].collect{ |az| az['zoneName'] }
|
@availability_zones = Fog::Compute[:aws].describe_availability_zones('state' => 'available').body['availabilityZoneInfo'].collect{ |az| az['zoneName'] }
|
||||||
|
@key_name = 'fog-test-model'
|
||||||
|
|
||||||
tests('success') do
|
tests('success') do
|
||||||
tests('load_balancers') do
|
tests('load_balancers') do
|
||||||
|
|
@ -33,7 +34,7 @@ Shindo.tests('AWS::ELB | models', ['aws', 'elb']) do
|
||||||
tests('create') do
|
tests('create') do
|
||||||
tests('without availability zones') do
|
tests('without availability zones') do
|
||||||
elb = AWS[:elb].load_balancers.create(:id => elb_id)
|
elb = AWS[:elb].load_balancers.create(:id => elb_id)
|
||||||
tests("availability zones are correct").returns(@availability_zones) { elb.availability_zones }
|
tests("availability zones are correct").returns(@availability_zones.sort) { elb.availability_zones.sort }
|
||||||
tests("dns names is set").returns(true) { elb.dns_name.is_a?(String) }
|
tests("dns names is set").returns(true) { elb.dns_name.is_a?(String) }
|
||||||
tests("created_at is set").returns(true) { Time === elb.created_at }
|
tests("created_at is set").returns(true) { Time === elb.created_at }
|
||||||
tests("policies is empty").returns([]) { elb.policies }
|
tests("policies is empty").returns([]) { elb.policies }
|
||||||
|
|
@ -46,16 +47,24 @@ Shindo.tests('AWS::ELB | models', ['aws', 'elb']) do
|
||||||
tests('with availability zones') do
|
tests('with availability zones') do
|
||||||
azs = @availability_zones[1..-1]
|
azs = @availability_zones[1..-1]
|
||||||
elb2 = AWS[:elb].load_balancers.create(:id => "#{elb_id}-2", :availability_zones => azs)
|
elb2 = AWS[:elb].load_balancers.create(:id => "#{elb_id}-2", :availability_zones => azs)
|
||||||
tests("availability zones are correct").returns(azs) { elb2.availability_zones }
|
tests("availability zones are correct").returns(azs.sort) { elb2.availability_zones.sort }
|
||||||
elb2.destroy
|
elb2.destroy
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Need to sleep here for IAM changes to propgate
|
||||||
tests('with ListenerDescriptions') do
|
tests('with ListenerDescriptions') do
|
||||||
|
@certificate = AWS[:iam].upload_server_certificate(AWS::IAM::SERVER_CERT_PUBLIC_KEY, AWS::IAM::SERVER_CERT_PRIVATE_KEY, @key_name).body['Certificate']
|
||||||
|
sleep(8) unless Fog.mocking?
|
||||||
listeners = [{
|
listeners = [{
|
||||||
'Listener' => {'LoadBalancerPort' => 2030, 'InstancePort' => 2030, 'Protocol' => 'HTTP'},
|
'Listener' => {
|
||||||
|
'LoadBalancerPort' => 2030, 'InstancePort' => 2030, 'Protocol' => 'HTTP'
|
||||||
|
},
|
||||||
'PolicyNames' => []
|
'PolicyNames' => []
|
||||||
}, {
|
}, {
|
||||||
'Listener' => {'LoadBalancerPort' => 443, 'InstancePort' => 443, 'Protocol' => 'HTTPS'},
|
'Listener' => {
|
||||||
|
'LoadBalancerPort' => 443, 'InstancePort' => 443, 'Protocol' => 'HTTPS',
|
||||||
|
'SSLCertificateId' => @certificate['Arn']
|
||||||
|
},
|
||||||
'PolicyNames' => []
|
'PolicyNames' => []
|
||||||
}]
|
}]
|
||||||
elb3 = AWS[:elb].load_balancers.create(:id => "#{elb_id}-3", 'ListenerDescriptions' => listeners)
|
elb3 = AWS[:elb].load_balancers.create(:id => "#{elb_id}-3", 'ListenerDescriptions' => listeners)
|
||||||
|
|
@ -66,6 +75,14 @@ Shindo.tests('AWS::ELB | models', ['aws', 'elb']) do
|
||||||
tests('protocol is HTTPS').returns('HTTPS') { elb3.listeners.last.protocol }
|
tests('protocol is HTTPS').returns('HTTPS') { elb3.listeners.last.protocol }
|
||||||
elb3.destroy
|
elb3.destroy
|
||||||
end
|
end
|
||||||
|
|
||||||
|
tests('with invalid Server Cert ARN').raises(Fog::AWS::IAM::NotFound) do
|
||||||
|
listeners = [{
|
||||||
|
'Listener' => {
|
||||||
|
'LoadBalancerPort' => 443, 'InstancePort' => 80, 'Protocol' => 'HTTPS', "SSLCertificateId" => "fakecert"}
|
||||||
|
}]
|
||||||
|
AWS[:elb].load_balancers.create(:id => "#{elb_id}-4", "ListenerDescriptions" => listeners)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
tests('all') do
|
tests('all') do
|
||||||
|
|
@ -228,5 +245,7 @@ Shindo.tests('AWS::ELB | models', ['aws', 'elb']) do
|
||||||
tests('destroy') do
|
tests('destroy') do
|
||||||
elb.destroy
|
elb.destroy
|
||||||
end
|
end
|
||||||
|
|
||||||
|
AWS[:iam].delete_server_certificate(@key_name)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -8,10 +8,12 @@ Shindo.tests('AWS::ELB | listener_tests', ['aws', 'elb']) do
|
||||||
|
|
||||||
tests("#create_load_balancer_listeners").formats(AWS::ELB::Formats::BASIC) do
|
tests("#create_load_balancer_listeners").formats(AWS::ELB::Formats::BASIC) do
|
||||||
listeners = [
|
listeners = [
|
||||||
{'Protocol' => 'TCP', 'LoadBalancerPort' => 443, 'InstancePort' => 443},
|
{'Protocol' => 'TCP', 'LoadBalancerPort' => 443, 'InstancePort' => 443, 'SSLCertificateId' => @certificate['Arn']},
|
||||||
{'Protocol' => 'HTTP', 'LoadBalancerPort' => 80, 'InstancePort' => 80}
|
{'Protocol' => 'HTTP', 'LoadBalancerPort' => 80, 'InstancePort' => 80}
|
||||||
]
|
]
|
||||||
AWS[:elb].create_load_balancer_listeners(@load_balancer_id, listeners).body
|
response = AWS[:elb].create_load_balancer_listeners(@load_balancer_id, listeners).body
|
||||||
|
puts response.inspect
|
||||||
|
response
|
||||||
end
|
end
|
||||||
|
|
||||||
tests("#delete_load_balancer_listeners").formats(AWS::ELB::Formats::BASIC) do
|
tests("#delete_load_balancer_listeners").formats(AWS::ELB::Formats::BASIC) do
|
||||||
|
|
@ -19,22 +21,30 @@ Shindo.tests('AWS::ELB | listener_tests', ['aws', 'elb']) do
|
||||||
AWS[:elb].delete_load_balancer_listeners(@load_balancer_id, ports).body
|
AWS[:elb].delete_load_balancer_listeners(@load_balancer_id, ports).body
|
||||||
end
|
end
|
||||||
|
|
||||||
|
tests("#create_load_balancer_listeners with non-existant SSL certificate") do
|
||||||
|
listeners = [
|
||||||
|
{'Protocol' => 'HTTPS', 'LoadBalancerPort' => 443, 'InstancePort' => 443, 'SSLCertificateId' => 'non-existant'},
|
||||||
|
]
|
||||||
|
raises(Fog::AWS::IAM::NotFound) { AWS[:elb].create_load_balancer_listeners(@load_balancer_id, listeners) }
|
||||||
|
end
|
||||||
|
|
||||||
|
tests("#create_load_balancer_listeners with invalid SSL certificate").raises(Fog::AWS::IAM::NotFound) do
|
||||||
|
sleep 8 unless Fog.mocking?
|
||||||
|
listeners = [
|
||||||
|
{'Protocol' => 'HTTPS', 'LoadBalancerPort' => 443, 'InstancePort' => 443, 'SSLCertificateId' => "#{@certificate['Arn']}fake"},
|
||||||
|
]
|
||||||
|
AWS[:elb].create_load_balancer_listeners(@load_balancer_id, listeners).body
|
||||||
|
end
|
||||||
|
|
||||||
# This is sort of fucked up, but it may or may not fail, thanks AWS
|
# This is sort of fucked up, but it may or may not fail, thanks AWS
|
||||||
tests("#create_load_balancer_listeners with SSL certificate").formats(AWS::ELB::Formats::BASIC) do
|
tests("#create_load_balancer_listeners with SSL certificate").formats(AWS::ELB::Formats::BASIC) do
|
||||||
sleep 5 unless Fog.mocking?
|
sleep 8 unless Fog.mocking?
|
||||||
listeners = [
|
listeners = [
|
||||||
{'Protocol' => 'HTTPS', 'LoadBalancerPort' => 443, 'InstancePort' => 443, 'SSLCertificateId' => @certificate['Arn']},
|
{'Protocol' => 'HTTPS', 'LoadBalancerPort' => 443, 'InstancePort' => 443, 'SSLCertificateId' => @certificate['Arn']},
|
||||||
]
|
]
|
||||||
AWS[:elb].create_load_balancer_listeners(@load_balancer_id, listeners).body
|
AWS[:elb].create_load_balancer_listeners(@load_balancer_id, listeners).body
|
||||||
end
|
end
|
||||||
|
|
||||||
tests("#create_load_balancer_listeners with non-existant SSL certificate") do
|
|
||||||
listeners = [
|
|
||||||
{'Protocol' => 'HTTPS', 'LoadBalancerPort' => 443, 'InstancePort' => 443, 'SSLCertificateId' => 'non-existant'},
|
|
||||||
]
|
|
||||||
raises(Excon::Errors::BadRequest) { AWS[:elb].create_load_balancer_listeners(@load_balancer_id, listeners) }
|
|
||||||
end
|
|
||||||
|
|
||||||
AWS[:iam].delete_server_certificate(@key_name)
|
AWS[:iam].delete_server_certificate(@key_name)
|
||||||
AWS[:elb].delete_load_balancer(@load_balancer_id)
|
AWS[:elb].delete_load_balancer(@load_balancer_id)
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue