1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

tests: Checks for /etc/cron.hourly/certidude

This commit is contained in:
Lauri Võsandi 2017-05-07 19:51:40 +00:00
parent 8440cd840d
commit b1dd6f0093
2 changed files with 15 additions and 7 deletions

View File

@ -149,7 +149,7 @@ class StaticResource(object):
if content_encoding: if content_encoding:
resp.append_header("Content-Encoding", content_encoding) resp.append_header("Content-Encoding", content_encoding)
resp.stream = open(path, "rb") resp.stream = open(path, "rb")
logger.info("Serving '%s' from '%s'", req.path, path) logger.debug("Serving '%s' from '%s'", req.path, path)
else: else:
resp.status = falcon.HTTP_404 resp.status = falcon.HTTP_404
resp.body = "File '%s' not found" % req.path resp.body = "File '%s' not found" % req.path

View File

@ -102,6 +102,8 @@ def clean_server():
shutil.rmtree("/run/certidude") shutil.rmtree("/run/certidude")
if os.path.exists("/var/log/certidude.log"): if os.path.exists("/var/log/certidude.log"):
os.unlink("/var/log/certidude.log") os.unlink("/var/log/certidude.log")
if os.path.exists("/etc/cron.hourly/certidude"):
os.unlink("/etc/cron.hourly/certidude")
# systemd # systemd
if os.path.exists("/etc/systemd/system/certidude.service"): if os.path.exists("/etc/systemd/system/certidude.service"):
@ -810,18 +812,16 @@ def test_cli_setup_authority():
requests.get("http://ca.example.lan/api/") requests.get("http://ca.example.lan/api/")
os.waitpid(server_pid, 0) os.waitpid(server_pid, 0)
# Hacks, note that CA is domain controller # (re)auth against DC
assert os.system("kdestroy") == 0 assert os.system("kdestroy") == 0
assert not os.path.exists("/tmp/krb5cc_0") assert not os.path.exists("/tmp/krb5cc_0")
assert os.system("echo S4l4k4l4 | kinit administrator") == 0 assert os.system("echo S4l4k4l4 | kinit administrator") == 0
assert os.path.exists("/tmp/krb5cc_0") assert os.path.exists("/tmp/krb5cc_0")
os.system("sed -e 's/CA/CA\\nkerberos method = system keytab/' -i /etc/samba/smb.conf ")
# Create service principals # Fork to not contaminate environment while creating service principal
spn_pid = os.fork() spn_pid = os.fork()
if not spn_pid: if not spn_pid:
assert os.getuid() == 0 and os.getgid() == 0 os.system("sed -e 's/CA/CA\\nkerberos method = system keytab/' -i /etc/samba/smb.conf ")
os.environ["KRB5_KTNAME"] = "FILE:/etc/certidude/server.keytab" os.environ["KRB5_KTNAME"] = "FILE:/etc/certidude/server.keytab"
assert os.system("net ads keytab add HTTP -k") == 0 assert os.system("net ads keytab add HTTP -k") == 0
assert os.path.exists("/etc/certidude/server.keytab") assert os.path.exists("/etc/certidude/server.keytab")
@ -831,11 +831,19 @@ def test_cli_setup_authority():
else: else:
os.waitpid(spn_pid, 0) os.waitpid(spn_pid, 0)
# Make modifications to /etc/certidude/server.conf so
# Certidude would auth against domain controller
os.system("sed -e 's/ldap uri = ldaps:.*/ldap uri = ldaps:\\/\\/ca.example.lan/g' -i /etc/certidude/server.conf") os.system("sed -e 's/ldap uri = ldaps:.*/ldap uri = ldaps:\\/\\/ca.example.lan/g' -i /etc/certidude/server.conf")
os.system("sed -e 's/ldap uri = ldap:.*/ldap uri = ldap:\\/\\/ca.example.lan/g' -i /etc/certidude/server.conf") os.system("sed -e 's/ldap uri = ldap:.*/ldap uri = ldap:\\/\\/ca.example.lan/g' -i /etc/certidude/server.conf")
os.system("sed -e 's/backends = pam/backends = kerberos/g' -i /etc/certidude/server.conf") os.system("sed -e 's/backends = pam/backends = kerberos/g' -i /etc/certidude/server.conf")
os.system("sed -e 's/backend = posix/backend = ldap/g' -i /etc/certidude/server.conf") os.system("sed -e 's/backend = posix/backend = ldap/g' -i /etc/certidude/server.conf")
os.system("/etc/cron.hourly/certidude") # Update server credential cache os.system("sed -e 's/dc1/ca/g' -i /etc/cron.hourly/certidude")
# Update server credential cache
with open("/etc/cron.hourly/certidude") as fh:
cronjob = fh.read()
assert "ldap/ca.example.lan" in cronjob, cronjob
os.system("/etc/cron.hourly/certidude")
result = runner.invoke(cli, ['users']) result = runner.invoke(cli, ['users'])
assert not result.exception, result.output assert not result.exception, result.output