BATS is pretty sweet. Fixes for autoloading / unexpected ca string are on deck
authorJude N <jude@pwan.org>
Wed, 11 Mar 2015 04:27:23 +0000 (00:27 -0400)
committerJude N <jude@pwan.org>
Wed, 11 Mar 2015 04:27:23 +0000 (00:27 -0400)
certmaster/config.py
tests/certmaster.bats [new file with mode: 0644]
tests/certmaster.conf.tst [new file with mode: 0644]
tests/minion.conf.tst [new file with mode: 0644]

index cac9394..205af35 100644 (file)
@@ -495,6 +495,5 @@ def read_config(config_file, BaseConfigDerived):
             opts.ca[ca_name] = {}
             for (key,value) in items:
                 opts.ca[ca_name][key] = value
-                print 'opts.ca: %s %s %s' % (ca_name, key, value)
     
     return opts
diff --git a/tests/certmaster.bats b/tests/certmaster.bats
new file mode 100644 (file)
index 0000000..f10672c
--- /dev/null
@@ -0,0 +1,113 @@
+#!/usr/bin/env bats
+
+setup() {
+    /etc/init.d/certmaster stop || true
+    mkdir -p /etc/certmaster
+    cp certmaster.conf.tst /etc/certmaster/certmaster.conf
+    cp minion.conf.tst /etc/certmaster/minion.conf
+    rm -rf /var/lib/certmaster/certmaster
+    rm -rf /var/lib/certmaster/test
+    rm -rf /etc/pki/certmaster
+    rm -rf /etc/pki/certmaster-test
+    /etc/init.d/certmaster start
+}
+
+teardown() {
+    /etc/init.d/certmaster stop
+}
+
+@test "check that certmaster-ca is availabe" {
+    command -v certmaster-ca
+}
+
+@test "check that certmaster-request is available" {
+    command -v certmaster-request
+}
+
+@test "check that the certmaster daemon is running" {
+    /etc/init.d/certmaster status
+}
+
+@test "check certmaster-request --help" {
+    run certmaster-request --help
+
+    expected=$(cat <<EOF
+Usage: certmaster-request [options]
+
+Options:
+  -h, --help       show this help message and exit
+  --hostname=NAME  hostname to use as the CN for the certificate
+  --ca=CA          certificate authority used to sign the certificate
+EOF
+)
+    [ "$output" = "$expected" ]
+
+}
+
+@test "check certmaster-request -h" {
+    run certmaster-request -h
+
+    expected=$(cat <<EOF
+Usage: certmaster-request [options]
+
+Options:
+  -h, --help       show this help message and exit
+  --hostname=NAME  hostname to use as the CN for the certificate
+  --ca=CA          certificate authority used to sign the certificate
+EOF
+)
+    [ "$output" = "$expected" ]
+
+}
+
+@test "check certmaster-request --blah" {
+
+    run certmaster-request --blah
+
+    expected=$(cat << EOF
+Usage: certmaster-request [options]
+
+certmaster-request: error: no such option: --blah
+EOF
+)
+
+}
+
+@test "signing a cert with the autosigning test ca" {
+    run certmaster-request --hostname testcert.pwan.co --ca test
+
+    stat /etc/pki/certmaster-test
+    stat /etc/pki/certmaster-test/testcert.pwan.co.cert
+    stat /etc/pki/certmaster-test/testcert.pwan.co.pem
+    stat /etc/pki/certmaster-test/testcert.pwan.co.csr
+
+    subject=`openssl x509 -in /etc/pki/certmaster-test/testcert.pwan.co.cert -subject -noout`
+    [[ $subject == *"CN=testcert.pwan.co"*  ]]
+
+    openssl rsa -in /etc/pki/certmaster-test/testcert.pwan.co.pem -check
+    openssl req -text -noout -verify -in /etc/pki/certmaster-test/testcert.pwan.co.csr
+}
+
+@test "signing a cert with the non-autosigning default ca" {
+
+    setsid certmaster-request --hostname defaultcert.pwan.co
+
+    echo "hello" > blah.txt
+    output=`certmaster-ca --list`
+    echo "$output" >> blah.txt
+    [[ $output == *"defaultcert.pwan.co"* ]]
+
+    run certmaster-ca --sign defaultcert.pwan.co
+
+    stat /etc/pki/certmaster
+    stat /etc/pki/certmaster/defaultcert,pwan.co.cert
+    stat /etc/pki/certmaster/defaultcert,pwan.co.pem
+    stat /etc/pki/certmaster/defaultcert,pwan.co.csr
+
+    subject=`openssl x509 -in /etc/pki/certmaster/defaultcert.pwan.co.cert -subject -noout`
+    [[ $subject == *"CN=defaultcert.pwan.co"*  ]]
+
+    openssl rsa -in /etc/pki/certmaster/defaultcert.pwan.co.pem -check
+    openssl req -text -noout -verify -in /etc/pki/certmaster/defaultcert.pwan.co.csr
+
+}
diff --git a/tests/certmaster.conf.tst b/tests/certmaster.conf.tst
new file mode 100644 (file)
index 0000000..e380d06
--- /dev/null
@@ -0,0 +1,23 @@
+# This is the test /etc/certmaster.conf file used with the certmaster bats tests
+
+[main]
+listen_addr = 
+listen_port = 51235
+cert_extension = cert
+sync_certs = False
+
+# Use thse settings if no --ca flag provided
+autosign = no
+cadir = /etc/pki/certmaster/ca
+cert_dir = /etc/pki/certmaster
+certroot = /var/lib/certmaster/certmaster/certs
+csrroot = /var/lib/certmaster/certmaster/csrs
+
+# use these directories if '--ca=yourapp' provided in the certmaster-ca commands
+[ca:test]
+autosign = yes
+cadir = /etc/pki/certmaster/test-ca
+cert_dir = /etc/pki/certmaster/test
+certroot = /var/lib/certmaster/test/certs
+csrroot = /var/lib/certmaster/test/csrs
+
diff --git a/tests/minion.conf.tst b/tests/minion.conf.tst
new file mode 100644 (file)
index 0000000..86c0efe
--- /dev/null
@@ -0,0 +1,15 @@
+# configuration for minions
+
+[main]
+#certmaster = certmaster
+certmaster = localhost
+certmaster_port = 51235
+log_level = DEBUG
+cert_dir = /etc/pki/certmaster
+
+# [ca:ldap]
+# cert_dir = /etc/pki/certmaster-ldap
+
+[ca:test]
+cert_dir = /etc/pki/certmaster-test
+