| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116 |
- import os
- import pytest
- import salt.modules.tls as tls
- from tests.support.mock import MagicMock, patch
- @pytest.fixture(scope="module")
- def tls_test_data():
- return {
- "create_ca": {
- "bits": 2048,
- "CN": "localhost",
- "C": "US",
- "ST": "Utah",
- "L": "Salt Lake City",
- "O": "SaltStack",
- "OU": "Test Unit",
- "emailAddress": "xyz@pdq.net",
- "digest": "sha256",
- "replace": False,
- }
- }
- @pytest.fixture(autouse=True)
- def setup_loader():
- setup_loader_modules = {tls: {}}
- with pytest.helpers.loader_mock(setup_loader_modules) as loader_mock:
- yield loader_mock
- @pytest.mark.skip_on_windows(reason="Skipping on Windows per Shane's suggestion")
- def test_create_ca_permissions_on_cert_and_key(tmpdir, tls_test_data):
- ca_name = "test_ca"
- certp = tmpdir.join(ca_name).join("{}_ca_cert.crt".format(ca_name)).strpath
- certk = tmpdir.join(ca_name).join("{}_ca_cert.key".format(ca_name)).strpath
- mock_opt = MagicMock(return_value=tmpdir)
- mock_ret = MagicMock(return_value=0)
- with patch.dict(
- tls.__salt__, {"config.option": mock_opt, "cmd.retcode": mock_ret}
- ), patch.dict(tls.__opts__, {"hash_type": "sha256", "cachedir": str(tmpdir)}):
- tls.create_ca(ca_name, days=365, fixmode=False, **tls_test_data["create_ca"])
- certp_mode = os.stat(certp).st_mode & 0o7777
- certk_mode = os.stat(certk).st_mode & 0o7777
- assert 0o644 == certp_mode
- assert 0o600 == certk_mode
- @pytest.mark.skip_on_windows(reason="Skipping on Windows per Shane's suggestion")
- def test_create_csr_permissions_on_csr_and_key(tmpdir, tls_test_data):
- ca_name = "test_ca"
- csrp = (
- tmpdir.join(ca_name)
- .join("certs")
- .join("{}.csr".format(tls_test_data["create_ca"]["CN"]))
- .strpath
- )
- keyp = (
- tmpdir.join(ca_name)
- .join("certs")
- .join("{}.key".format(tls_test_data["create_ca"]["CN"]))
- .strpath
- )
- mock_opt = MagicMock(return_value=tmpdir)
- mock_ret = MagicMock(return_value=0)
- mock_pgt = MagicMock(return_value=False)
- with patch.dict(
- tls.__salt__,
- {"config.option": mock_opt, "cmd.retcode": mock_ret, "pillar.get": mock_pgt},
- ), patch.dict(tls.__opts__, {"hash_type": "sha256", "cachedir": str(tmpdir)}):
- tls.create_ca(ca_name, days=365, **tls_test_data["create_ca"])
- tls.create_csr(ca_name, **tls_test_data["create_ca"])
- csrp_mode = os.stat(csrp).st_mode & 0o7777
- keyp_mode = os.stat(keyp).st_mode & 0o7777
- assert 0o644 == csrp_mode
- assert 0o600 == keyp_mode
- @pytest.mark.skip_on_windows(reason="Skipping on Windows per Shane's suggestion")
- def test_create_self_signed_cert_permissions_on_csr_cert_and_key(tmpdir, tls_test_data):
- ca_name = "test_ca"
- certp = (
- tmpdir.join(ca_name)
- .join("certs")
- .join("{}.crt".format(tls_test_data["create_ca"]["CN"]))
- .strpath
- )
- keyp = (
- tmpdir.join(ca_name)
- .join("certs")
- .join("{}.key".format(tls_test_data["create_ca"]["CN"]))
- .strpath
- )
- mock_opt = MagicMock(return_value=tmpdir)
- mock_ret = MagicMock(return_value=0)
- mock_pgt = MagicMock(return_value=False)
- with patch.dict(
- tls.__salt__,
- {"config.option": mock_opt, "cmd.retcode": mock_ret, "pillar.get": mock_pgt},
- ), patch.dict(tls.__opts__, {"hash_type": "sha256", "cachedir": str(tmpdir)}):
- tls.create_self_signed_cert(ca_name, days=365, **tls_test_data["create_ca"])
- certp_mode = os.stat(certp).st_mode & 0o7777
- keyp_mode = os.stat(keyp).st_mode & 0o7777
- assert 0o644 == certp_mode
- assert 0o600 == keyp_mode
|
