mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-22 08:15:18 +00:00
tests: Set up nchan as part of certidude setup authority
This commit is contained in:
parent
b19e163a82
commit
60a0f2ba7c
@ -8,9 +8,6 @@ after_success:
|
||||
virtualenv:
|
||||
system_site_packages: true
|
||||
install:
|
||||
- sudo add-apt-repository ppa:nginx/stable -y
|
||||
- sudo apt update
|
||||
- sudo apt install libnginx-mod-nchan
|
||||
- echo "127.0.0.1 localhost" | sudo tee /etc/hosts
|
||||
- echo "127.0.1.1 ca.example.lan ca" | sudo tee -a /etc/hosts
|
||||
- echo "127.0.0.1 vpn.example.lan vpn" | sudo tee -a /etc/hosts
|
||||
|
@ -729,9 +729,18 @@ def certidude_setup_openvpn_networkmanager(authority, remote, common_name, **pat
|
||||
def certidude_setup_authority(username, kerberos_keytab, nginx_config, country, state, locality, organization, organizational_unit, common_name, directory, authority_lifetime, push_server, outbox, server_flags):
|
||||
# Install only rarely changing stuff from OS package management
|
||||
apt("python-setproctitle cython python-dev libkrb5-dev libldap2-dev libffi-dev libssl-dev")
|
||||
apt("python-mimeparse python-markdown python-xattr python-jinja2 python-cffi python-openssl")
|
||||
apt("python-mimeparse python-markdown python-xattr python-jinja2 python-cffi python-openssl software-properties-common")
|
||||
pip("gssapi falcon cryptography humanize ipaddress simplepam humanize requests")
|
||||
click.echo("Software dependencies installed")
|
||||
|
||||
if not os.path.exists("/etc/apt/sources.list.d/nginx-stable-trusty.list"):
|
||||
os.system("add-apt-repository -y ppa:nginx/stable")
|
||||
os.system("apt update")
|
||||
if not os.path.exists("/usr/lib/nginx/modules/ngx_nchan_module.so"):
|
||||
os.system("apt install -y libnginx-mod-nchan")
|
||||
if not os.path.exists("/usr/sbin/nginx"):
|
||||
os.system("apt install -y nginx")
|
||||
|
||||
from cryptography import x509
|
||||
from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
|
@ -79,12 +79,7 @@ def clean_client():
|
||||
pass
|
||||
|
||||
|
||||
def test_cli_setup_authority():
|
||||
import os
|
||||
import sys
|
||||
|
||||
assert os.getuid() == 0, "Run tests as root in a clean VM or container"
|
||||
|
||||
def clean_server():
|
||||
if os.path.exists("/run/certidude/signer.pid"):
|
||||
with open("/run/certidude/signer.pid") as fh:
|
||||
try:
|
||||
@ -131,6 +126,18 @@ def test_cli_setup_authority():
|
||||
if os.path.exists("/etc/openvpn/keys"):
|
||||
shutil.rmtree("/etc/openvpn/keys")
|
||||
|
||||
# System packages
|
||||
os.system("apt purge -y nginx libnginx-mod-nchan openvpn strongswan")
|
||||
os.system("apt-get -y autoremove")
|
||||
|
||||
|
||||
def test_cli_setup_authority():
|
||||
import os
|
||||
import sys
|
||||
|
||||
assert os.getuid() == 0, "Run tests as root in a clean VM or container"
|
||||
|
||||
clean_server()
|
||||
clean_client()
|
||||
|
||||
from certidude.cli import entry_point as cli
|
||||
@ -146,7 +153,8 @@ def test_cli_setup_authority():
|
||||
|
||||
assert not result.exception, result.output
|
||||
assert os.getuid() == 0 and os.getgid() == 0, "Serve dropped permissions incorrectly!"
|
||||
|
||||
assert os.system("nginx -t") == 0, "invalid nginx configuration"
|
||||
assert os.path.exists("/run/nginx.pid"), "nginx wasn't started up properly"
|
||||
|
||||
from certidude import config, authority
|
||||
assert authority.ca_cert.serial_number >= 0x100000000000000000000000000000000000000
|
||||
@ -788,3 +796,5 @@ def test_cli_setup_authority():
|
||||
os.system("service nginx stop")
|
||||
os.system("service openvpn stop")
|
||||
os.system("ipsec stop")
|
||||
|
||||
clean_server()
|
||||
|
Loading…
Reference in New Issue
Block a user