tests: More coverage

2017-07-06 09:29:02 +00:00 · 2017-07-06 09:29:02 +00:00 · 39363a57c7
parent 34c72aaa9e
commit 39363a57c7
4 changed files with 40 additions and 19 deletions
--- a/certidude/cli.py
+++ b/certidude/cli.py
@ -122,6 +122,7 @@ def certidude_request(fork, renew, no_wait, kerberos):
    context = globals()
    context.update(locals())

+    # TODO: Create per-authority timers
    if not os.path.exists("/etc/systemd/system/certidude.timer"):
        click.echo("Creating systemd timer...")
        with open("/etc/systemd/system/certidude.timer", "w") as fh:
@ -233,6 +234,15 @@ def certidude_request(fork, renew, no_wait, kerberos):
                # curl on Fedora ?
                # pip

+                # Firefox (?) on Debian, Ubuntu
+                if os.path.exists("/usr/bin/update-ca-certificates"):
+                    link_path = "/usr/local/share/ca-certificates/%s" % authority_name
+                    if not os.path.lexists(link_path):
+                        os.symlink(authority_path, link_path)
+                    os.system("update-ca-certificates")
+
+                # TODO: test for curl, wget
+

        ###############
        ### Get CRL ###
--- a/certidude/common.py
+++ b/certidude/common.py
@ -7,10 +7,9 @@ def selinux_fixup(path):
    """
    Fix OpenVPN credential store security context on Fedora
    """
-    if not os.path.exists("/usr/bin/chcon"):
-        return
-    cmd = "chcon", "--type=home_cert_t", path
-    subprocess.call(cmd)
+    if os.path.exists("/usr/bin/chcon"):
+        cmd = "chcon", "--type=home_cert_t", path
+        subprocess.call(cmd)

 def drop_privileges():
    from certidude import config
--- a/certidude/templates/script/default.sh
+++ b/certidude/templates/script/default.sh
@ -1,5 +1,6 @@
 #!/bin/sh

+{% if named_tags or other_tags %}
 # Tags:
 {% for key, value in named_tags.items() %}
 # {{ key }} -> {{ value }}
@ -7,6 +8,9 @@
 {% for tag in other_tags %}
 # {{ tag }}
 {% endfor %}
+{% else %}
+# No tags
+{% endif %}

 # Submit some stats to CA
 curl http://{{ authority_name }}/api/signed/{{ common_name }}/attr -X POST -d "\
--- a/tests/test_cli.py
+++ b/tests/test_cli.py
@ -153,12 +153,16 @@ def test_cli_setup_authority():
    assert not os.environ.get("KRB5CCNAME"), "Environment contaminated"
    assert not os.environ.get("KRB5_KTNAME"), "Environment contaminated"

-    # Mock SELinux
-    with open("/usr/bin/chcon", "w") as fh:
-        fh.write("#!/bin/bash\n")
-        fh.write("exit 0\n")
-    os.chmod("/usr/bin/chcon", 0755)
+    # Mock Fedora
+    for util in "/usr/bin/chcon", "/usr/bin/dnf", "/usr/bin/update-ca-trust":
+        with open(util, "w") as fh:
+            fh.write("#!/bin/bash\n")
+            fh.write("exit 0\n")
+        os.chmod(util, 0755)
+    if not os.path.exists("/etc/pki/ca-trust/source/anchors/"):
+        os.makedirs("/etc/pki/ca-trust/source/anchors/")

+    # Back up original DNS server
    if not os.path.exists("/etc/resolv.conf.orig"):
        shutil.copyfile("/etc/resolv.conf", "/etc/resolv.conf.orig")

@ -565,16 +569,6 @@ def test_cli_setup_authority():
    assert r.status_code == 200, r.text # script render ok
    assert "uci set " in r.text, r.text

-    # Test lease update
-    r = client().simulate_post("/api/lease/",
-        query_string = "client=test&inner_address=127.0.0.1&outer_address=8.8.8.8&serial=0",
-        headers={"Authorization":admintoken})
-    assert r.status_code == 403, r.text # invalid serial number supplied
-    r = client().simulate_post("/api/lease/",
-        query_string = "client=test&inner_address=1.2.3.4&outer_address=8.8.8.8",
-        headers={"Authorization":admintoken})
-    assert r.status_code == 200, r.text # lease update ok
-
    # Test lease retrieval
    r = client().simulate_get("/api/signed/test/lease/")
    assert r.status_code == 401, r.text
@ -603,6 +597,20 @@ def test_cli_setup_authority():
    assert r.status_code == 200, r.text
    assert r.text == "[]", r.text

+    # Test script without tags
+    r = client().simulate_get("/api/signed/test/script/")
+    assert r.status_code == 200, r.text # script render ok
+    assert "# No tags" in r.text, r.text
+
+    # Test lease update
+    r = client().simulate_post("/api/lease/",
+        query_string = "client=test&inner_address=127.0.0.1&outer_address=8.8.8.8&serial=0",
+        headers={"Authorization":admintoken})
+    assert r.status_code == 403, r.text # invalid serial number supplied
+    r = client().simulate_post("/api/lease/",
+        query_string = "client=test&inner_address=1.2.3.4&outer_address=8.8.8.8",
+        headers={"Authorization":admintoken})
+    assert r.status_code == 200, r.text # lease update ok

    # Test revocation
    r = client().simulate_delete("/api/signed/test/")