def test_config1(): s = setup.Init(keep=True) prog = setup.create_state_obj(s, config=s.config1) cwd = Path.cwd() with prog.log: assert not prog.log.has_errors() retval = config.read(prog) assert retval == Prog.RetVal.ok api = setup.create_api_exec_obj(str(s.bin / 'dns')) t_a200 = setup.create_tlsa_obj('200', '12725', 'tcp', 'a.com') t_a201 = setup.create_tlsa_obj('201', '12725', 'tcp', 'a.com') t_a202 = setup.create_tlsa_obj('202', '12725', 'tcp', 'a.com') t_a210 = setup.create_tlsa_obj('210', '12725', 'tcp', 'a.com') t_a211 = setup.create_tlsa_obj('211', '12725', 'tcp', 'a.com') t_a212 = setup.create_tlsa_obj('212', '12725', 'tcp', 'a.com') t_a300 = setup.create_tlsa_obj('300', '12725', 'tcp', 'a.com') t_a301 = setup.create_tlsa_obj('301', '12725', 'tcp', 'a.com') t_a302 = setup.create_tlsa_obj('302', '12725', 'tcp', 'a.com') t_a310 = setup.create_tlsa_obj('310', '12725', 'tcp', 'a.com') t_a311 = setup.create_tlsa_obj('311', '12725', 'tcp', 'a.com') t_a312 = setup.create_tlsa_obj('312', '12725', 'tcp', 'a.com') ta = setup.create_target_obj('a.com', api, [], [ t_a200, t_a201, t_a202, t_a210, t_a211, t_a212, t_a300, t_a301, t_a302, t_a310, t_a311, t_a312 ]) assert prog.target_list == [ta] assert prog.dane_directory == cwd / s.dane assert prog.letsencrypt_directory == cwd / s.le
def test_config_default(): s = setup.Init(keep=True) prog = setup.create_state_obj(s) cwd = Path.cwd() with prog.log: assert not prog.log.has_errors() retval = config.read(prog) assert retval == Prog.RetVal.ok api = setup.create_api_exec_obj(str(s.bin / 'dns')) t_a1 = setup.create_tlsa_obj('311', '12725', 'tcp', 'a.com') t_a2 = setup.create_tlsa_obj('201', '12725', 'tcp', 'a.com') ta = setup.create_target_obj('a.com', api, [], [t_a1, t_a2]) t_b1 = setup.create_tlsa_obj('311', '12780', 'udp', 'b.com') t_b2 = setup.create_tlsa_obj('201', '12780', 'sctp', 'A.b.com') tb = setup.create_target_obj('b.com', api, [], [t_b1, t_b2]) t_c1 = setup.create_tlsa_obj('311', '12722', 'tcp', 'A.c.com') t_c2 = setup.create_tlsa_obj('311', '12723', 'tcp', 'B.c.com') tc = setup.create_target_obj('c.com', api, [], [t_c1, t_c2]) assert prog.target_list == [ta, tb, tc] assert prog.dane_directory == cwd / s.dane assert prog.letsencrypt_directory == cwd / s.le
def test_logging1(): s = setup.Init(keep=True) log = Path(s.varlog / 'log') assert not log.exists() # if not run as root, log creation will fail; so we need to artificially # create the log file first if os.getuid() != 0: with open(str(s.varlog / 'log'), 'w'): pass p = Popen([ 'alnitak', 'configtest', '-l', str(s.varlog / 'log'), '-Ldebug', '-c', str(s.configX1) ], stdout=PIPE, stderr=PIPE) stdout, stderr = p.communicate(timeout=300) assert p.returncode == prog.RetVal.config_failure.value assert log.exists() check_for_both(log) assert len(stdout) == 0 assert len(stderr) > 0
def test_logging0(): # if running as root, the other tests will run as intended, so we can # skip this test... if os.getuid() == 0: return # ...otherwise, the other tests will artificially create log files if # they don't already exist because changing the permissions of the log # file will fail if not root; let's test that failure here s = setup.Init(keep=True) log = Path(s.varlog / 'log') assert not log.exists() p = Popen([ 'alnitak', 'configtest', '-l', str(s.varlog / 'log'), '-c', str(s.config) ], stdout=PIPE, stderr=PIPE) stdout, stderr = p.communicate(timeout=300) assert p.returncode == prog.RetVal.ok.value + 16 assert log.exists() assert log.stat().st_size > 0 assert len(stdout) == 0 assert len(stderr) > 0
def test_print2(): s = setup.Init(keep=True) p = Popen([ 'alnitak', 'print', '-lno', '-Lno', '-c', str(s.config1), '-C', str(s.le) ], stdout=PIPE, stderr=PIPE) stdout, stderr = p.communicate(timeout=300) cdata = stdout.decode('ascii').splitlines() assert p.returncode == prog.RetVal.ok.value assert len(stdout) > 0 assert len(stderr) == 0 # [a.com] # tlsa = 200 12725 # tlsa = 201 12725 # tlsa = 202 12725 # tlsa = 210 12725 # tlsa = 211 12725 # tlsa = 212 12725 # tlsa = 300 12725 # tlsa = 301 12725 # tlsa = 302 12725 # tlsa = 310 12725 # tlsa = 311 12725 # tlsa = 312 12725 assert (tos(s, 'a.com', 200, 'chain') in cdata or tos(s, 'a.com', 200, 'fullchain') in cdata) assert (tos(s, 'a.com', 201, 'chain') in cdata or tos(s, 'a.com', 201, 'fullchain') in cdata) assert (tos(s, 'a.com', 202, 'chain') in cdata or tos(s, 'a.com', 202, 'fullchain') in cdata) assert (tos(s, 'a.com', 210, 'chain') in cdata or tos(s, 'a.com', 210, 'fullchain') in cdata) assert (tos(s, 'a.com', 211, 'chain') in cdata or tos(s, 'a.com', 211, 'fullchain') in cdata) assert (tos(s, 'a.com', 212, 'chain') in cdata or tos(s, 'a.com', 212, 'fullchain') in cdata) assert (tos(s, 'a.com', 300, 'cert') in cdata or tos(s, 'a.com', 300, 'fullchain') in cdata) assert (tos(s, 'a.com', 301, 'cert') in cdata or tos(s, 'a.com', 301, 'fullchain') in cdata) assert (tos(s, 'a.com', 302, 'cert') in cdata or tos(s, 'a.com', 302, 'fullchain') in cdata) assert (tos(s, 'a.com', 310, 'cert') in cdata or tos(s, 'a.com', 310, 'fullchain') in cdata) assert (tos(s, 'a.com', 311, 'cert') in cdata or tos(s, 'a.com', 311, 'fullchain') in cdata) assert (tos(s, 'a.com', 312, 'cert') in cdata or tos(s, 'a.com', 312, 'fullchain') in cdata) assert len(cdata) == 12
def test_fail_configX5(): s = setup.Init(keep=True) prog = setup.create_state_obj(s, config=s.configX5) cwd = Path.cwd() with prog.log: assert not prog.log.has_errors() retval = config.read(prog) assert retval == Prog.RetVal.config_failure assert prog.target_list == [] assert prog.dane_directory == Path('/tmp') assert prog.letsencrypt_directory == Path('/var/tmp')
def test_print5(): s = setup.Init(keep=True) cwd = Path.cwd() p = Popen([ 'alnitak', 'print', '-lno', '-Lno', '-c', str(s.config), '-C', str(s.le), '300:live/a.com', '301:archive/a.com', '302:live/a.com/cert.pem', '310:live/a.com/fullchain.pem', '311:archive/a.com/cert2.pem', '312:archive/a.com/fullchain3.pem', '300:{}/{}/b.com/cert.pem'.format( cwd, s.live), '301:{}/{}/b.com/fullchain.pem'.format(cwd, s.live), '302:{}/{}/b.com/cert3.pem'.format(cwd, s.archive), '310:{}/{}/b.com/fullchain2.pem'.format(cwd, s.archive) ], stdout=PIPE, stderr=PIPE) stdout, stderr = p.communicate(timeout=300) cdata = stdout.decode('ascii').splitlines() assert p.returncode == prog.RetVal.ok.value assert len(stdout) > 0 assert len(stderr) == 0 assert (tos(s, 'a.com', 300, 'cert') in cdata or tos(s, 'a.com', 300, 'fullchain') in cdata) assert (tos(s, 'a.com', 301, 'cert', 1) in cdata or tos(s, 'a.com', 301, 'fullchain', 1) in cdata) assert (tos(s, 'a.com', 301, 'cert', 2) in cdata or tos(s, 'a.com', 301, 'fullchain', 2) in cdata) assert (tos(s, 'a.com', 301, 'cert', 3) in cdata or tos(s, 'a.com', 301, 'fullchain', 3) in cdata) assert tos(s, 'a.com', 302, 'cert') in cdata assert tos(s, 'a.com', 310, 'fullchain') in cdata assert tos(s, 'a.com', 311, 'cert', 2) in cdata assert tos(s, 'a.com', 312, 'fullchain', 3) in cdata assert tos(s, 'b.com', 300, 'cert') in cdata assert tos(s, 'b.com', 301, 'fullchain') in cdata assert tos(s, 'b.com', 302, 'cert', 3) in cdata assert tos(s, 'b.com', 310, 'fullchain', 2) in cdata assert len(cdata) == 12
def test_fail_configX22(): s = setup.Init(keep=True) prog = setup.create_state_obj(s, config=s.configX22) cwd = Path.cwd() with prog.log: assert not prog.log.has_errors() retval = config.read(prog) assert retval == Prog.RetVal.config_failure t_a1 = setup.create_tlsa_obj('202', '1', 'tcp', 'a.com') ta = setup.create_target_obj('a.com', None, [], [t_a1]) assert prog.target_list == [ta] assert prog.dane_directory == cwd / s.dane assert prog.letsencrypt_directory == cwd / s.le
def test_fail_configX19(): s = setup.Init(keep=True) prog = setup.create_state_obj(s, config=s.configX19) cwd = Path.cwd() with prog.log: assert not prog.log.has_errors() retval = config.read(prog) assert retval == Prog.RetVal.config_failure api = setup.create_api_exec_obj(str(s.bin / 'dns')) ta = setup.create_target_obj('a.com', api, [], []) assert prog.target_list == [ta] assert prog.dane_directory == Path('/tmp') assert prog.letsencrypt_directory == Path('/var/tmp')
def test_logging9(): s = setup.Init(keep=True) log = Path(s.varlog / 'log') assert not log.exists() p = Popen(['alnitak', 'configtest', '-lno', '-Lno', '-c', str(s.configX1)], stdout=PIPE, stderr=PIPE) stdout, stderr = p.communicate(timeout=300) assert p.returncode == prog.RetVal.config_failure.value assert not log.exists() assert len(stdout) == 0 assert len(stderr) > 0
def test_print1(): s = setup.Init(keep=True) p = Popen([ 'alnitak', 'print', '-lno', '-Lno', '-c', str(s.config), '-C', str(s.le) ], stdout=PIPE, stderr=PIPE) stdout, stderr = p.communicate(timeout=300) cdata = stdout.decode('ascii').splitlines() assert p.returncode == prog.RetVal.ok.value assert len(stdout) > 0 assert len(stderr) == 0 # [a.com] # tlsa = 311 12725 # tlsa = 201 12725 assert (tos(s, 'a.com', 311, 'cert') in cdata or tos(s, 'a.com', 311, 'fullchain') in cdata) assert (tos(s, 'a.com', 201, 'chain') in cdata or tos(s, 'a.com', 201, 'fullchain') in cdata) # [b.com] # tlsa = 311 12780 udp # tlsa = 201 12780 sctp A.b.com assert (tos(s, 'b.com', 311, 'cert') in cdata or tos(s, 'b.com', 311, 'fullchain') in cdata) assert (tos(s, 'b.com', 201, 'chain') in cdata or tos(s, 'b.com', 201, 'fullchain') in cdata) # [c.com] # tlsa = 311 12722 A.c.com # tlsa = 311 12723 B.c.com assert (tos(s, 'c.com', 311, 'cert') in cdata or tos(s, 'c.com', 311, 'fullchain') in cdata) assert len(cdata) == 5
def test_printX2(): s = setup.Init(keep=True) cwd = Path.cwd() p = Popen([ 'alnitak', 'print', '-lno', '-Lno', '-c', str(s.config), '-C', str(s.le), '300:{}/{}'.format(cwd, s.archive) ], stdout=PIPE, stderr=PIPE) stdout, stderr = p.communicate(timeout=300) cdata = stdout.decode('ascii').splitlines() assert p.returncode == prog.RetVal.exit_failure.value assert len(stdout) == 0 assert len(stderr) > 0
def test_config6(): s = setup.Init(keep=True) prog = setup.create_state_obj(s, config=s.config6) cwd = Path.cwd() with prog.log: assert not prog.log.has_errors() retval = config.read(prog) assert retval == Prog.RetVal.ok api0 = setup.create_api_exec_obj(str(s.bin / 'dns')) api1 = setup.create_api_exec_obj( ['bin', '--flag1', 'input', "input with\t whitespace"]) api2 = setup.create_api_c4_obj(email='*****@*****.**', key='KEY') t_a1 = setup.create_tlsa_obj('201', '12725', 'tcp', 'a.com') t_a2 = setup.create_tlsa_obj('211', '12725', 'tcp', 'a.com') t_a3 = setup.create_tlsa_obj('301', '12725', 'tcp', 'a.com') t_a4 = setup.create_tlsa_obj('311', '12725', 'tcp', 'a.com') ta = setup.create_target_obj('a.com', api1, [], [t_a1, t_a2, t_a3, t_a4]) t_b1 = setup.create_tlsa_obj('200', '1', 'sctp', 'b.com') t_b2 = setup.create_tlsa_obj('201', '1', 'sctp', 'W.com') t_b3 = setup.create_tlsa_obj('202', '1', 'tcp', 'X.com') t_b4 = setup.create_tlsa_obj('210', '1', 'sctp', 'Y.com') t_b5 = setup.create_tlsa_obj('211', '1', 'sctp', 'Z.com') t_b6 = setup.create_tlsa_obj('212', '1', 'sctp', 'A.com') t_b7 = setup.create_tlsa_obj('212', '1', 'udp', 'B.com') tb = setup.create_target_obj( 'b.com', api2, [], [t_b1, t_b2, t_b3, t_b4, t_b5, t_b6, t_b7]) t_c1 = setup.create_tlsa_obj('200', '2', 'tcp', 'c.com') tc = setup.create_target_obj('c.com', api0, [], [t_c1]) assert prog.target_list == [ta, tb, tc] assert prog.dane_directory == Path('/tmp/Q') assert prog.letsencrypt_directory == cwd / '../relative_path'
def test_print3(): s = setup.Init(keep=True) p = Popen([ 'alnitak', 'print', '-lno', '-Lno', '-c', str(s.config), '-C', str(s.le), '200:b.com' ], stdout=PIPE, stderr=PIPE) stdout, stderr = p.communicate(timeout=300) cdata = stdout.decode('ascii').splitlines() assert p.returncode == prog.RetVal.ok.value assert len(stdout) > 0 assert len(stderr) == 0 assert (tos(s, 'b.com', 200, 'chain') in cdata or tos(s, 'b.com', 200, 'fullchain') in cdata) assert len(cdata) == 1
from alnitak.tests import setup from alnitak import prog from alnitak import parser as Parser from alnitak import exceptions as Except from pathlib import Path from subprocess import Popen, PIPE s = setup.Init(keep=True) prog = setup.create_state_obj(s) a_flag = Parser.Flag(Parser.FlagType.bare, '-a', '--aflag') b_flag = Parser.Flag(Parser.FlagType.bare, '-b', '--bflag') c_flag = Parser.Flag(Parser.FlagType.bare, '-c', '--cflag') x_flag = Parser.Flag(Parser.FlagType.option, '-x', '--xflag') y_flag = Parser.Flag(Parser.FlagType.option, '-y', '--yflag') z_flag = Parser.Flag(Parser.FlagType.option, '-z', '--zflag') m_flag = Parser.Flag(Parser.FlagType.mandatory, '-m', '--mflag') n_flag = Parser.Flag(Parser.FlagType.mandatory, '-n', '--nflag') o_flag = Parser.Flag(Parser.FlagType.mandatory, '-o', '--oflag') def icheck(prog, pos, name, input): if input == 'A': return 1 if input == 'B': return 2 if input == '1100': raise Except.Error1100('pos1', 'arg1', 'ref1', 'max1')
def test_cloudflare(cloudflare_api): if not api_file_exists(cloudflare_api): pytest.skip("no cloudflare.api file") # need the domain domain = get_domain(cloudflare_api) assert domain s = setup.Init(keep=True) s.create_cloudflare_config(cloudflare_api, domain) prog = setup.create_state_obj(s, config=s.configC1) # need this to log if create_state_obj set 'log=True', otherwise this will # do nothing. with prog.log: retval = config.read(prog) assert retval == Prog.RetVal.ok t_a2 = setup.create_tlsa_obj('211', '53527', 'tcp', domain) t_a1 = setup.create_tlsa_obj('311', '53527', 'tcp', domain) assert len(prog.target_list) == 1 target = prog.target_list[0] assert len(target.tlsa) == 2 assert t_a1 in target.tlsa assert t_a2 in target.tlsa tlsa1 = target.tlsa[0] tlsa2 = target.tlsa[1] api = target.api assert api.domain == domain assert len(api.email) > 0 assert len(api.key) > 0 hash211 = s.hash['a.com']['cert1'][211] hash311 = s.hash['a.com']['cert1'][311] cloudflare.api_publish(prog, api, tlsa1, hash211) cloudflare.api_publish(prog, api, tlsa2, hash311) # error encountered: Except.DNSProcessingError # record is already up: Except.DNSSkipProcessing sleep(3) records211 = cloudflare.api_read(prog, api, tlsa1) records311 = cloudflare.api_read(prog, api, tlsa2) # error encountered: Except.DNSProcessingError # record is not up: Except.DNSNotLive assert len(records211) == 1 assert hash211 in records211 assert len(records311) == 1 assert hash311 in records311 id211 = records211[hash211] id311 = records311[hash311] sleep(3) cloudflare.api_delete(prog, api, tlsa1, id211) cloudflare.api_delete(prog, api, tlsa2, id311) # error encountered: Except.DNSProcessingError sleep(3) with pytest.raises(Except.DNSNotLive) as ex: cloudflare.api_read(prog, api, tlsa1) with pytest.raises(Except.DNSNotLive) as ex: cloudflare.api_read(prog, api, tlsa2)