mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-22 08:15:18 +00:00
tests: More coverage
This commit is contained in:
parent
34c72aaa9e
commit
39363a57c7
@ -122,6 +122,7 @@ def certidude_request(fork, renew, no_wait, kerberos):
|
||||
context = globals()
|
||||
context.update(locals())
|
||||
|
||||
# TODO: Create per-authority timers
|
||||
if not os.path.exists("/etc/systemd/system/certidude.timer"):
|
||||
click.echo("Creating systemd timer...")
|
||||
with open("/etc/systemd/system/certidude.timer", "w") as fh:
|
||||
@ -233,6 +234,15 @@ def certidude_request(fork, renew, no_wait, kerberos):
|
||||
# curl on Fedora ?
|
||||
# pip
|
||||
|
||||
# Firefox (?) on Debian, Ubuntu
|
||||
if os.path.exists("/usr/bin/update-ca-certificates"):
|
||||
link_path = "/usr/local/share/ca-certificates/%s" % authority_name
|
||||
if not os.path.lexists(link_path):
|
||||
os.symlink(authority_path, link_path)
|
||||
os.system("update-ca-certificates")
|
||||
|
||||
# TODO: test for curl, wget
|
||||
|
||||
|
||||
###############
|
||||
### Get CRL ###
|
||||
|
@ -7,10 +7,9 @@ def selinux_fixup(path):
|
||||
"""
|
||||
Fix OpenVPN credential store security context on Fedora
|
||||
"""
|
||||
if not os.path.exists("/usr/bin/chcon"):
|
||||
return
|
||||
cmd = "chcon", "--type=home_cert_t", path
|
||||
subprocess.call(cmd)
|
||||
if os.path.exists("/usr/bin/chcon"):
|
||||
cmd = "chcon", "--type=home_cert_t", path
|
||||
subprocess.call(cmd)
|
||||
|
||||
def drop_privileges():
|
||||
from certidude import config
|
||||
|
@ -1,5 +1,6 @@
|
||||
#!/bin/sh
|
||||
|
||||
{% if named_tags or other_tags %}
|
||||
# Tags:
|
||||
{% for key, value in named_tags.items() %}
|
||||
# {{ key }} -> {{ value }}
|
||||
@ -7,6 +8,9 @@
|
||||
{% for tag in other_tags %}
|
||||
# {{ tag }}
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
# No tags
|
||||
{% endif %}
|
||||
|
||||
# Submit some stats to CA
|
||||
curl http://{{ authority_name }}/api/signed/{{ common_name }}/attr -X POST -d "\
|
||||
|
@ -153,12 +153,16 @@ def test_cli_setup_authority():
|
||||
assert not os.environ.get("KRB5CCNAME"), "Environment contaminated"
|
||||
assert not os.environ.get("KRB5_KTNAME"), "Environment contaminated"
|
||||
|
||||
# Mock SELinux
|
||||
with open("/usr/bin/chcon", "w") as fh:
|
||||
fh.write("#!/bin/bash\n")
|
||||
fh.write("exit 0\n")
|
||||
os.chmod("/usr/bin/chcon", 0755)
|
||||
# Mock Fedora
|
||||
for util in "/usr/bin/chcon", "/usr/bin/dnf", "/usr/bin/update-ca-trust":
|
||||
with open(util, "w") as fh:
|
||||
fh.write("#!/bin/bash\n")
|
||||
fh.write("exit 0\n")
|
||||
os.chmod(util, 0755)
|
||||
if not os.path.exists("/etc/pki/ca-trust/source/anchors/"):
|
||||
os.makedirs("/etc/pki/ca-trust/source/anchors/")
|
||||
|
||||
# Back up original DNS server
|
||||
if not os.path.exists("/etc/resolv.conf.orig"):
|
||||
shutil.copyfile("/etc/resolv.conf", "/etc/resolv.conf.orig")
|
||||
|
||||
@ -565,16 +569,6 @@ def test_cli_setup_authority():
|
||||
assert r.status_code == 200, r.text # script render ok
|
||||
assert "uci set " in r.text, r.text
|
||||
|
||||
# Test lease update
|
||||
r = client().simulate_post("/api/lease/",
|
||||
query_string = "client=test&inner_address=127.0.0.1&outer_address=8.8.8.8&serial=0",
|
||||
headers={"Authorization":admintoken})
|
||||
assert r.status_code == 403, r.text # invalid serial number supplied
|
||||
r = client().simulate_post("/api/lease/",
|
||||
query_string = "client=test&inner_address=1.2.3.4&outer_address=8.8.8.8",
|
||||
headers={"Authorization":admintoken})
|
||||
assert r.status_code == 200, r.text # lease update ok
|
||||
|
||||
# Test lease retrieval
|
||||
r = client().simulate_get("/api/signed/test/lease/")
|
||||
assert r.status_code == 401, r.text
|
||||
@ -603,6 +597,20 @@ def test_cli_setup_authority():
|
||||
assert r.status_code == 200, r.text
|
||||
assert r.text == "[]", r.text
|
||||
|
||||
# Test script without tags
|
||||
r = client().simulate_get("/api/signed/test/script/")
|
||||
assert r.status_code == 200, r.text # script render ok
|
||||
assert "# No tags" in r.text, r.text
|
||||
|
||||
# Test lease update
|
||||
r = client().simulate_post("/api/lease/",
|
||||
query_string = "client=test&inner_address=127.0.0.1&outer_address=8.8.8.8&serial=0",
|
||||
headers={"Authorization":admintoken})
|
||||
assert r.status_code == 403, r.text # invalid serial number supplied
|
||||
r = client().simulate_post("/api/lease/",
|
||||
query_string = "client=test&inner_address=1.2.3.4&outer_address=8.8.8.8",
|
||||
headers={"Authorization":admintoken})
|
||||
assert r.status_code == 200, r.text # lease update ok
|
||||
|
||||
# Test revocation
|
||||
r = client().simulate_delete("/api/signed/test/")
|
||||
|
Loading…
Reference in New Issue
Block a user