mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
tests: More coverage
This commit is contained in:
parent
34c72aaa9e
commit
39363a57c7
@ -122,6 +122,7 @@ def certidude_request(fork, renew, no_wait, kerberos):
|
|||||||
context = globals()
|
context = globals()
|
||||||
context.update(locals())
|
context.update(locals())
|
||||||
|
|
||||||
|
# TODO: Create per-authority timers
|
||||||
if not os.path.exists("/etc/systemd/system/certidude.timer"):
|
if not os.path.exists("/etc/systemd/system/certidude.timer"):
|
||||||
click.echo("Creating systemd timer...")
|
click.echo("Creating systemd timer...")
|
||||||
with open("/etc/systemd/system/certidude.timer", "w") as fh:
|
with open("/etc/systemd/system/certidude.timer", "w") as fh:
|
||||||
@ -233,6 +234,15 @@ def certidude_request(fork, renew, no_wait, kerberos):
|
|||||||
# curl on Fedora ?
|
# curl on Fedora ?
|
||||||
# pip
|
# pip
|
||||||
|
|
||||||
|
# Firefox (?) on Debian, Ubuntu
|
||||||
|
if os.path.exists("/usr/bin/update-ca-certificates"):
|
||||||
|
link_path = "/usr/local/share/ca-certificates/%s" % authority_name
|
||||||
|
if not os.path.lexists(link_path):
|
||||||
|
os.symlink(authority_path, link_path)
|
||||||
|
os.system("update-ca-certificates")
|
||||||
|
|
||||||
|
# TODO: test for curl, wget
|
||||||
|
|
||||||
|
|
||||||
###############
|
###############
|
||||||
### Get CRL ###
|
### Get CRL ###
|
||||||
|
@ -7,8 +7,7 @@ def selinux_fixup(path):
|
|||||||
"""
|
"""
|
||||||
Fix OpenVPN credential store security context on Fedora
|
Fix OpenVPN credential store security context on Fedora
|
||||||
"""
|
"""
|
||||||
if not os.path.exists("/usr/bin/chcon"):
|
if os.path.exists("/usr/bin/chcon"):
|
||||||
return
|
|
||||||
cmd = "chcon", "--type=home_cert_t", path
|
cmd = "chcon", "--type=home_cert_t", path
|
||||||
subprocess.call(cmd)
|
subprocess.call(cmd)
|
||||||
|
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
{% if named_tags or other_tags %}
|
||||||
# Tags:
|
# Tags:
|
||||||
{% for key, value in named_tags.items() %}
|
{% for key, value in named_tags.items() %}
|
||||||
# {{ key }} -> {{ value }}
|
# {{ key }} -> {{ value }}
|
||||||
@ -7,6 +8,9 @@
|
|||||||
{% for tag in other_tags %}
|
{% for tag in other_tags %}
|
||||||
# {{ tag }}
|
# {{ tag }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% else %}
|
||||||
|
# No tags
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# Submit some stats to CA
|
# Submit some stats to CA
|
||||||
curl http://{{ authority_name }}/api/signed/{{ common_name }}/attr -X POST -d "\
|
curl http://{{ authority_name }}/api/signed/{{ common_name }}/attr -X POST -d "\
|
||||||
|
@ -153,12 +153,16 @@ def test_cli_setup_authority():
|
|||||||
assert not os.environ.get("KRB5CCNAME"), "Environment contaminated"
|
assert not os.environ.get("KRB5CCNAME"), "Environment contaminated"
|
||||||
assert not os.environ.get("KRB5_KTNAME"), "Environment contaminated"
|
assert not os.environ.get("KRB5_KTNAME"), "Environment contaminated"
|
||||||
|
|
||||||
# Mock SELinux
|
# Mock Fedora
|
||||||
with open("/usr/bin/chcon", "w") as fh:
|
for util in "/usr/bin/chcon", "/usr/bin/dnf", "/usr/bin/update-ca-trust":
|
||||||
|
with open(util, "w") as fh:
|
||||||
fh.write("#!/bin/bash\n")
|
fh.write("#!/bin/bash\n")
|
||||||
fh.write("exit 0\n")
|
fh.write("exit 0\n")
|
||||||
os.chmod("/usr/bin/chcon", 0755)
|
os.chmod(util, 0755)
|
||||||
|
if not os.path.exists("/etc/pki/ca-trust/source/anchors/"):
|
||||||
|
os.makedirs("/etc/pki/ca-trust/source/anchors/")
|
||||||
|
|
||||||
|
# Back up original DNS server
|
||||||
if not os.path.exists("/etc/resolv.conf.orig"):
|
if not os.path.exists("/etc/resolv.conf.orig"):
|
||||||
shutil.copyfile("/etc/resolv.conf", "/etc/resolv.conf.orig")
|
shutil.copyfile("/etc/resolv.conf", "/etc/resolv.conf.orig")
|
||||||
|
|
||||||
@ -565,16 +569,6 @@ def test_cli_setup_authority():
|
|||||||
assert r.status_code == 200, r.text # script render ok
|
assert r.status_code == 200, r.text # script render ok
|
||||||
assert "uci set " in r.text, r.text
|
assert "uci set " in r.text, r.text
|
||||||
|
|
||||||
# Test lease update
|
|
||||||
r = client().simulate_post("/api/lease/",
|
|
||||||
query_string = "client=test&inner_address=127.0.0.1&outer_address=8.8.8.8&serial=0",
|
|
||||||
headers={"Authorization":admintoken})
|
|
||||||
assert r.status_code == 403, r.text # invalid serial number supplied
|
|
||||||
r = client().simulate_post("/api/lease/",
|
|
||||||
query_string = "client=test&inner_address=1.2.3.4&outer_address=8.8.8.8",
|
|
||||||
headers={"Authorization":admintoken})
|
|
||||||
assert r.status_code == 200, r.text # lease update ok
|
|
||||||
|
|
||||||
# Test lease retrieval
|
# Test lease retrieval
|
||||||
r = client().simulate_get("/api/signed/test/lease/")
|
r = client().simulate_get("/api/signed/test/lease/")
|
||||||
assert r.status_code == 401, r.text
|
assert r.status_code == 401, r.text
|
||||||
@ -603,6 +597,20 @@ def test_cli_setup_authority():
|
|||||||
assert r.status_code == 200, r.text
|
assert r.status_code == 200, r.text
|
||||||
assert r.text == "[]", r.text
|
assert r.text == "[]", r.text
|
||||||
|
|
||||||
|
# Test script without tags
|
||||||
|
r = client().simulate_get("/api/signed/test/script/")
|
||||||
|
assert r.status_code == 200, r.text # script render ok
|
||||||
|
assert "# No tags" in r.text, r.text
|
||||||
|
|
||||||
|
# Test lease update
|
||||||
|
r = client().simulate_post("/api/lease/",
|
||||||
|
query_string = "client=test&inner_address=127.0.0.1&outer_address=8.8.8.8&serial=0",
|
||||||
|
headers={"Authorization":admintoken})
|
||||||
|
assert r.status_code == 403, r.text # invalid serial number supplied
|
||||||
|
r = client().simulate_post("/api/lease/",
|
||||||
|
query_string = "client=test&inner_address=1.2.3.4&outer_address=8.8.8.8",
|
||||||
|
headers={"Authorization":admintoken})
|
||||||
|
assert r.status_code == 200, r.text # lease update ok
|
||||||
|
|
||||||
# Test revocation
|
# Test revocation
|
||||||
r = client().simulate_delete("/api/signed/test/")
|
r = client().simulate_delete("/api/signed/test/")
|
||||||
|
Loading…
Reference in New Issue
Block a user