tests/unittests/config/test_cc_disable_ec2_metadata.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

# This file is part of cloud-init. See LICENSE file for license information.

"""Tests cc_disable_ec2_metadata handler"""

import logging

import pytest

import cloudinit.config.cc_disable_ec2_metadata as ec2_meta
from cloudinit.config.schema import (
    SchemaValidationError,
    get_schema,
    validate_cloudconfig_schema,
)
from tests.unittests.helpers import CiTestCase, mock, skipUnlessJsonSchema

LOG = logging.getLogger(__name__)

DISABLE_CFG = {"disable_ec2_metadata": "true"}


class TestEC2MetadataRoute(CiTestCase):
    @mock.patch("cloudinit.config.cc_disable_ec2_metadata.subp.which")
    @mock.patch("cloudinit.config.cc_disable_ec2_metadata.subp.subp")
    def test_disable_ifconfig(self, m_subp, m_which):
        """Set the route if ifconfig command is available"""
        m_which.side_effect = lambda x: x if x == "ifconfig" else None
        ec2_meta.handle("foo", DISABLE_CFG, None, LOG, None)
        m_subp.assert_called_with(
            ["route", "add", "-host", "169.254.169.254", "reject"],
            capture=False,
        )

    @mock.patch("cloudinit.config.cc_disable_ec2_metadata.subp.which")
    @mock.patch("cloudinit.config.cc_disable_ec2_metadata.subp.subp")
    def test_disable_ip(self, m_subp, m_which):
        """Set the route if ip command is available"""
        m_which.side_effect = lambda x: x if x == "ip" else None
        ec2_meta.handle("foo", DISABLE_CFG, None, LOG, None)
        m_subp.assert_called_with(
            ["ip", "route", "add", "prohibit", "169.254.169.254"],
            capture=False,
        )

    @mock.patch("cloudinit.config.cc_disable_ec2_metadata.subp.which")
    @mock.patch("cloudinit.config.cc_disable_ec2_metadata.subp.subp")
    def test_disable_no_tool(self, m_subp, m_which):
        """Log error when neither route nor ip commands are available"""
        m_which.return_value = None  # Find neither ifconfig nor ip
        ec2_meta.handle("foo", DISABLE_CFG, None, LOG, None)
        self.assertEqual(
            [mock.call("ip"), mock.call("ifconfig")], m_which.call_args_list
        )
        m_subp.assert_not_called()


@skipUnlessJsonSchema()
class TestDisableEc2MetadataSchema:
    """Directly test schema rather than through handle."""

    @pytest.mark.parametrize(
        "config, error_msg",
        (
            # Valid schemas tested by meta.examples in test_schema
            # Invalid schemas
            (
                {"disable_ec2_metadata": 1},
                "disable_ec2_metadata: 1 is not of type 'boolean'",
            ),
        ),
    )
    @skipUnlessJsonSchema()
    def test_schema_validation(self, config, error_msg):
        """Assert expected schema validation and error messages."""
        # New-style schema $defs exist in config/cloud-init-schema*.json
        schema = get_schema()
        with pytest.raises(SchemaValidationError, match=error_msg):
            validate_cloudconfig_schema(config, schema, strict=True)


# vi: ts=4 expandtab