def test_cert_changed_fail_read_keystore(self): set_module_args( dict(certificate='cert-foo', private_key='private-foo', dest='/path/to/keystore.jks', name='foo', password='******')) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode) module.fail_json = Mock(return_value=True) with patch('os.remove', return_value=True): self.run_commands.side_effect = [(0, 'foo: wxyz:9876:stuv', ''), (1, '', 'Oops')] cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks", "changeit", 'foo') module.fail_json.assert_called_with(cmd=[ "keytool", "-list", "-alias", "foo", "-keystore", "/path/to/keystore.jks", "-storepass", "changeit", "-v" ], msg='', err='Oops', rc=1)
def test_cert_changed_fail_read_cert(self): set_module_args( dict(certificate='cert-foo', private_key='private-foo', dest='/path/to/keystore.jks', name='foo', password='******')) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode) module.fail_json = Mock() with patch('os.remove', return_value=True): self.run_commands.side_effect = [(1, '', 'Oops'), (0, 'SHA256: wxyz:9876:stuv', '')] cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks", "changeit", 'foo') module.fail_json.assert_called_once_with(cmd=[ "openssl", "x509", "-noout", "-in", "/tmp/foo.crt", "-fingerprint", "-sha256" ], msg='', err='Oops', rc=1)
def test_cert_changed_fail_alias_does_not_exist(self): set_module_args( dict(certificate='cert-foo', private_key='private-foo', dest='/path/to/keystore.jks', name='foo', password='******')) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode) module.fail_json = Mock() with patch('os.remove', return_value=True): self.create_file.side_effect = ['/tmp/placeholder'] self.run_commands.side_effect = [ (0, 'foo=abcd:1234:efgh', ''), (1, 'keytool error: java.lang.Exception: Alias <foo> does not exist', '') ] cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks", "changeit", 'foo') module.fail_json.assert_called_once_with( cmd=[ "keytool", "-list", "-alias", "foo", "-keystore", "/path/to/keystore.jks", "-storepass:env", "STOREPASS", "-v" ], msg= 'keytool error: java.lang.Exception: Alias <foo> does not exist', err='', rc=1)
def test_cert_changed_fingerprint_mismatch(self): set_module_args( dict(certificate='cert-foo', private_key='private-foo', dest='/path/to/keystore.jks', name='foo', password='******')) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode) with patch('os.remove', return_value=True): self.run_commands.side_effect = [(0, 'foo=abcd:1234:efgh', ''), (0, 'SHA256: wxyz:9876:stuv', '')] result = cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks", "changeit", 'foo') self.assertTrue(result, 'Fingerprint mismatch')
def test_cert_changed_alias_does_not_exist(self): set_module_args(dict( certificate='cert-foo', private_key='private-foo', dest='/path/to/keystore.jks', name='foo', password='******' )) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode ) with patch('os.remove', return_value=True): self.run_commands.side_effect = [(0, 'foo=abcd:1234:efgh', ''), (1, 'keytool error: java.lang.Exception: Alias <foo> does not exist', '')] result = cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks", "changeit", 'foo') self.assertTrue(result, 'Certificate does not exist')
def test_cert_changed_password_mismatch(self): set_module_args(dict( certificate='cert-foo', private_key='private-foo', dest='/path/to/keystore.jks', name='foo', password='******' )) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode ) with patch('os.remove', return_value=True): self.create_file.side_effect = ['/tmp/placeholder'] self.run_commands.side_effect = [(0, 'foo=abcd:1234:efgh', ''), (1, 'keytool error: java.io.IOException: Keystore password was incorrect', '')] result = cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks", "changeit", 'foo') self.assertTrue(result, 'Password mismatch detected')