Fix ACM CreatedAt KeyError (#462)

* #461 fix tests to succeed until 2020 ;-) * #461 do not crash on IMPORTED ACM certs without CreatedAt
zalando-stups · Apr 7, 2017 · 6a8bc8b · 6a8bc8b
1 parent d5aa551
commit 6a8bc8b
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 9 deletions.
diff --git a/senza/manaus/acm.py b/senza/manaus/acm.py
@@ -81,7 +81,7 @@ def from_boto_dict(cls,
         subject_alternative_name = certificate['SubjectAlternativeNames']
         domain_validation_options = certificate['DomainValidationOptions']
         subject = certificate['Subject']
-        created_at = certificate['CreatedAt']
+        created_at = certificate.get('CreatedAt')
         status = certificate['Status']
         signature_algorithm = certificate['SignatureAlgorithm']
         in_use_by = certificate['InUseBy']

diff --git a/tests/fixtures.py b/tests/fixtures.py
@@ -20,7 +20,7 @@
                'IssuedAt': datetime(2016, 4, 1, 12, 14, 14, tzinfo=timezone.utc),
                'Issuer': 'SenzaTest',
                'KeyAlgorithm': 'RSA-2048',
-               'NotAfter': datetime(2017, 4, 1, 12, 14, 14, tzinfo=timezone.utc),
+               'NotAfter': datetime(2020, 4, 1, 12, 14, 14, tzinfo=timezone.utc),
                'NotBefore': datetime(2016, 4, 1, 12, 14, 14, tzinfo=timezone.utc),
                'Serial': '00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00',
                'SignatureAlgorithm': 'SHA256WITHRSA',
@@ -45,7 +45,7 @@
                        'IssuedAt': datetime(2016, 4, 1, 12, 14, 14, tzinfo=timezone.utc),
                        'Issuer': 'SenzaTest',
                        'KeyAlgorithm': 'RSA-2048',
-                       'NotAfter': datetime(2017, 4, 1, 12, 14, 14, tzinfo=timezone.utc),
+                       'NotAfter': datetime(2020, 4, 1, 12, 14, 14, tzinfo=timezone.utc),
                        'NotBefore': datetime(2016, 4, 1, 12, 14, 14, tzinfo=timezone.utc),
                        'Serial': '00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00',
                        'SignatureAlgorithm': 'SHA256WITHRSA',
@@ -86,7 +86,7 @@
 SERVER_CERT_ZO_NE = MagicMock(name='zo-ne')
 SERVER_CERT_ZO_NE.server_certificate_metadata = {'Arn': 'arn:aws:123',
                                                  'ServerCertificateName': 'zo-ne',
-                                                 'Expiration': datetime(2017, 4, 1, 12, 14, 14,
+                                                 'Expiration': datetime(2020, 4, 1, 12, 14, 14,
                                                                         tzinfo=timezone(timedelta(hours=2))),
                                                  'Path': '/',
                                                  'ServerCertificateId': '000',

diff --git a/tests/test_manaus/test_acm.py b/tests/test_manaus/test_acm.py
@@ -34,7 +34,7 @@
          'IssuedAt': datetime(2016, 4, 1, 12, 14, 14, tzinfo=timezone.utc),
          'Issuer': 'SenzaTest',
          'KeyAlgorithm': 'RSA-2048',
-         'NotAfter': datetime(2017, 4, 1, 12, 14, 14, tzinfo=timezone.utc),
+         'NotAfter': datetime(2020, 4, 1, 12, 14, 14, tzinfo=timezone.utc),
          'NotBefore': datetime(2016, 4, 1, 12, 14, 14, tzinfo=timezone.utc),
          'Serial': '00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00',
          'SignatureAlgorithm': 'SHA256WITHRSA',
@@ -75,7 +75,7 @@
          'IssuedAt': datetime(2016, 4, 1, 12, 14, 14),
          'Issuer': 'SenzaTest',
          'KeyAlgorithm': 'RSA-2048',
-         'NotAfter': datetime(2017, 4, 1, 12, 14, 14),
+         'NotAfter': datetime(2020, 4, 1, 12, 14, 14),
          'NotBefore': datetime(2016, 4, 1, 12, 14, 14),
          'Serial': '00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00',
          'SignatureAlgorithm': 'SHA256WITHRSA',
@@ -85,6 +85,23 @@
                                      '*.senza.aws.example.net',
                                      '*.app.example.net']}
 
+CERT3 = {
+        'NotAfter': datetime(2017, 5, 7, 10, 0, tzinfo=timezone.utc),
+        'SubjectAlternativeNames': ['pierone.stups.zalan.do', 'registry.opensource.zalan.do'],
+        'Subject': 'C=DE,L=Berlin,O=Zalando SE,OU=CDP,CN=CDP Proxy',
+        'Serial': '2a:d2:f6:d3:23:62:0b:5f:f8:2f:d6:3a:4a:9f:b8:c6:48:a0:11:62',
+        'Type': 'IMPORTED',
+        'ImportedAt': datetime(2017, 4, 7, 10, 12, 55, tzinfo=timezone.utc),
+        'SignatureAlgorithm': 'SHA256WITHRSA',
+        'CertificateArn': 'arn:aws:acm:eu-west-1:cert3',
+        'NotBefore': datetime(2017, 4, 7, 10, 0, tzinfo=timezone.utc),
+        'DomainValidationOptions': [{'DomainName': 'pierone.stups.zalan.do'}, {'DomainName': 'registry.opensource.zalan.do'}],
+        'Status': 'ISSUED',
+        'DomainName': 'pierone.stups.zalan.do',
+        'Issuer': 'Zalando SE',
+        'InUseBy': [],
+        'KeyAlgorithm': 'RSA-2048'}
+
 CERT_VALIDATION_TIMED_OUT = {
     'KeyAlgorithm': 'RSA-2048',
     'DomainName': 'alpha.example.org',
@@ -109,7 +126,7 @@ def test_certificate_valid():
     assert certificate1.domain_name == '*.senza.example.com'
     assert certificate1.is_valid(when=datetime(2016, 4, 5, 12, 14, 14,
                                                tzinfo=timezone.utc))
-    assert not certificate1.is_valid(when=datetime(2018, 4, 5, 12, 14, 14,
+    assert not certificate1.is_valid(when=datetime(2021, 4, 5, 12, 14, 14,
                                                    tzinfo=timezone.utc))
     assert not certificate1.is_valid(when=datetime(2013, 4, 2, 10, 11, 12,
                                                    tzinfo=timezone.utc))
@@ -121,7 +138,7 @@ def test_certificate_valid():
     assert certificate1_revoked.domain_name == '*.senza.example.com'
     assert not certificate1_revoked.is_valid(when=datetime(2016, 4, 5, 12, 14, 14,
                                                            tzinfo=timezone.utc))
-    assert not certificate1_revoked.is_valid(when=datetime(2018, 4, 5, 12, 14, 14,
+    assert not certificate1_revoked.is_valid(when=datetime(2021, 4, 5, 12, 14, 14,
                                                            tzinfo=timezone.utc))
     assert not certificate1_revoked.is_valid(when=datetime(2013, 4, 2, 10, 11, 12,
                                                            tzinfo=timezone.utc))
@@ -153,7 +170,7 @@ def test_certificate_get_by_arn(monkeypatch):
     assert certificate1.domain_name == '*.senza.example.com'
     assert certificate1.is_valid(when=datetime(2016, 4, 5, 12, 14, 14,
                                                tzinfo=timezone.utc))
-    assert not certificate1.is_valid(when=datetime(2018, 4, 5, 12, 14, 14,
+    assert not certificate1.is_valid(when=datetime(2021, 4, 5, 12, 14, 14,
                                                    tzinfo=timezone.utc))
     assert not certificate1.is_valid(when=datetime(2013, 4, 2, 10, 11, 12,
                                                    tzinfo=timezone.utc))
@@ -201,6 +218,12 @@ def test_get_certificates(monkeypatch):
     assert len(certificates_net) == 1
     assert certificates_net[0].arn == 'arn:aws:acm:eu-west-1:cert2'
 
+    m_client.describe_certificate.side_effect = [{'Certificate': CERT3}]
+    certificates_net = list(acm.get_certificates(valid_only=False,
+                                                 domain_name="registry.opensource.zalan.do"))
+    assert len(certificates_net) == 1
+    assert certificates_net[0].arn == 'arn:aws:acm:eu-west-1:cert3'
+
 
 def test_arn_is_acm_certificate():
     assert ACMCertificate.arn_is_acm_certificate('arn:aws:acm:certificate')