test_tls.py 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116
  1. import os
  2. import pytest
  3. import salt.modules.tls as tls
  4. from tests.support.mock import MagicMock, patch
  5. @pytest.fixture(scope="module")
  6. def tls_test_data():
  7. return {
  8. "create_ca": {
  9. "bits": 2048,
  10. "CN": "localhost",
  11. "C": "US",
  12. "ST": "Utah",
  13. "L": "Salt Lake City",
  14. "O": "SaltStack",
  15. "OU": "Test Unit",
  16. "emailAddress": "xyz@pdq.net",
  17. "digest": "sha256",
  18. "replace": False,
  19. }
  20. }
  21. @pytest.fixture(autouse=True)
  22. def setup_loader():
  23. setup_loader_modules = {tls: {}}
  24. with pytest.helpers.loader_mock(setup_loader_modules) as loader_mock:
  25. yield loader_mock
  26. @pytest.mark.skip_on_windows(reason="Skipping on Windows per Shane's suggestion")
  27. def test_create_ca_permissions_on_cert_and_key(tmpdir, tls_test_data):
  28. ca_name = "test_ca"
  29. certp = tmpdir.join(ca_name).join("{}_ca_cert.crt".format(ca_name)).strpath
  30. certk = tmpdir.join(ca_name).join("{}_ca_cert.key".format(ca_name)).strpath
  31. mock_opt = MagicMock(return_value=tmpdir)
  32. mock_ret = MagicMock(return_value=0)
  33. with patch.dict(
  34. tls.__salt__, {"config.option": mock_opt, "cmd.retcode": mock_ret}
  35. ), patch.dict(tls.__opts__, {"hash_type": "sha256", "cachedir": str(tmpdir)}):
  36. tls.create_ca(ca_name, days=365, fixmode=False, **tls_test_data["create_ca"])
  37. certp_mode = os.stat(certp).st_mode & 0o7777
  38. certk_mode = os.stat(certk).st_mode & 0o7777
  39. assert 0o644 == certp_mode
  40. assert 0o600 == certk_mode
  41. @pytest.mark.skip_on_windows(reason="Skipping on Windows per Shane's suggestion")
  42. def test_create_csr_permissions_on_csr_and_key(tmpdir, tls_test_data):
  43. ca_name = "test_ca"
  44. csrp = (
  45. tmpdir.join(ca_name)
  46. .join("certs")
  47. .join("{}.csr".format(tls_test_data["create_ca"]["CN"]))
  48. .strpath
  49. )
  50. keyp = (
  51. tmpdir.join(ca_name)
  52. .join("certs")
  53. .join("{}.key".format(tls_test_data["create_ca"]["CN"]))
  54. .strpath
  55. )
  56. mock_opt = MagicMock(return_value=tmpdir)
  57. mock_ret = MagicMock(return_value=0)
  58. mock_pgt = MagicMock(return_value=False)
  59. with patch.dict(
  60. tls.__salt__,
  61. {"config.option": mock_opt, "cmd.retcode": mock_ret, "pillar.get": mock_pgt},
  62. ), patch.dict(tls.__opts__, {"hash_type": "sha256", "cachedir": str(tmpdir)}):
  63. tls.create_ca(ca_name, days=365, **tls_test_data["create_ca"])
  64. tls.create_csr(ca_name, **tls_test_data["create_ca"])
  65. csrp_mode = os.stat(csrp).st_mode & 0o7777
  66. keyp_mode = os.stat(keyp).st_mode & 0o7777
  67. assert 0o644 == csrp_mode
  68. assert 0o600 == keyp_mode
  69. @pytest.mark.skip_on_windows(reason="Skipping on Windows per Shane's suggestion")
  70. def test_create_self_signed_cert_permissions_on_csr_cert_and_key(tmpdir, tls_test_data):
  71. ca_name = "test_ca"
  72. certp = (
  73. tmpdir.join(ca_name)
  74. .join("certs")
  75. .join("{}.crt".format(tls_test_data["create_ca"]["CN"]))
  76. .strpath
  77. )
  78. keyp = (
  79. tmpdir.join(ca_name)
  80. .join("certs")
  81. .join("{}.key".format(tls_test_data["create_ca"]["CN"]))
  82. .strpath
  83. )
  84. mock_opt = MagicMock(return_value=tmpdir)
  85. mock_ret = MagicMock(return_value=0)
  86. mock_pgt = MagicMock(return_value=False)
  87. with patch.dict(
  88. tls.__salt__,
  89. {"config.option": mock_opt, "cmd.retcode": mock_ret, "pillar.get": mock_pgt},
  90. ), patch.dict(tls.__opts__, {"hash_type": "sha256", "cachedir": str(tmpdir)}):
  91. tls.create_self_signed_cert(ca_name, days=365, **tls_test_data["create_ca"])
  92. certp_mode = os.stat(certp).st_mode & 0o7777
  93. keyp_mode = os.stat(keyp).st_mode & 0o7777
  94. assert 0o644 == certp_mode
  95. assert 0o600 == keyp_mode