def test_commands(self):
for distro_name in cc_ca_certs.distros:
conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
with ExitStack() as mocks:
mock_delete = mocks.enter_context(
mock.patch.object(util, 'delete_dir_contents'))
mock_write = mocks.enter_context(
mock.patch.object(util, 'write_file'))
mock_subp = mocks.enter_context(mock.patch.object(
subp, 'subp'))
cc_ca_certs.remove_default_ca_certs(distro_name, conf)
mock_delete.assert_has_calls([
mock.call(conf['ca_cert_path']),
mock.call(conf['ca_cert_system_path'])
])
if conf['ca_cert_config'] is not None:
mock_write.assert_called_once_with(conf['ca_cert_config'],
"",
mode=0o644)
if distro_name in ['debian', 'ubuntu']:
mock_subp.assert_called_once_with(
('debconf-set-selections', '-'), "ca-certificates \
ca-certificates/trust_new_crts select no")
def test_multiple_certs(self):
"""Test adding multiple certificates to the trusted CAs."""
certs = ["CERT1\nLINE2\nLINE3", "CERT2\nLINE2\nLINE3"]
expected_cert_file = "\n".join(certs)
ca_certs_content = "line1\nline2\nline3"
self.m_stat.return_value.st_size = 1
for distro_name in cc_ca_certs.distros:
conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
with ExitStack() as mocks:
mock_write = mocks.enter_context(
mock.patch.object(util, 'write_file'))
mock_load = mocks.enter_context(
mock.patch.object(util,
'load_file',
return_value=ca_certs_content))
cc_ca_certs.add_ca_certs(conf, certs)
mock_write.assert_has_calls([
mock.call(conf['ca_cert_full_path'],
expected_cert_file,
mode=0o644)
])
if conf['ca_cert_config'] is not None:
mock_write.assert_has_calls([
mock.call(conf['ca_cert_config'],
"%s\n%s\n" %
(ca_certs_content, conf['ca_cert_filename']),
omode='wb')
])
mock_load.assert_called_once_with(conf['ca_cert_config'])
def test_commands(self):
for distro_name in cc_ca_certs.distros:
conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
with mock.patch.object(subp, 'subp') as mockobj:
cc_ca_certs.update_ca_certs(conf)
mockobj.assert_called_once_with(conf['ca_cert_update_cmd'],
capture=False)
def test_no_certs_in_list(self):
"""Test that no certificate are written if not provided."""
for distro_name in cc_ca_certs.distros:
conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
with mock.patch.object(util, 'write_file') as mockobj:
cc_ca_certs.add_ca_certs(conf, [])
self.assertEqual(mockobj.call_count, 0)
def test_single_cert_no_trailing_cr(self):
"""Test adding a single certificate to the trusted CAs
when existing ca-certificates has no trailing newline"""
cert = "CERT1\nLINE2\nLINE3"
ca_certs_content = "line1\nline2\nline3"
self.m_stat.return_value.st_size = 1
for distro_name in cc_ca_certs.distros:
conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
with ExitStack() as mocks:
mock_write = mocks.enter_context(
mock.patch.object(util, 'write_file'))
mock_load = mocks.enter_context(
mock.patch.object(util,
'load_file',
return_value=ca_certs_content))
cc_ca_certs.add_ca_certs(conf, [cert])
mock_write.assert_has_calls(
[mock.call(conf['ca_cert_full_path'], cert, mode=0o644)])
if conf['ca_cert_config'] is not None:
mock_write.assert_has_calls([
mock.call(conf['ca_cert_config'],
"%s\n%s\n" %
(ca_certs_content, conf['ca_cert_filename']),
omode="wb")
])
mock_load.assert_called_once_with(conf['ca_cert_config'])
def test_commands(self):
for distro_name in cc_ca_certs.distros:
conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
with ExitStack() as mocks:
mock_delete = mocks.enter_context(
mock.patch.object(util, "delete_dir_contents")
)
mock_write = mocks.enter_context(
mock.patch.object(util, "write_file")
)
mock_subp = mocks.enter_context(
mock.patch.object(subp, "subp")
)
cc_ca_certs.remove_default_ca_certs(distro_name, conf)
mock_delete.assert_has_calls(
[
mock.call(conf["ca_cert_path"]),
mock.call(conf["ca_cert_system_path"]),
]
)
if conf["ca_cert_config"] is not None:
mock_write.assert_called_once_with(
conf["ca_cert_config"], "", mode=0o644
)
if distro_name in ["debian", "ubuntu"]:
mock_subp.assert_called_once_with(
("debconf-set-selections", "-"),
"ca-certificates ca-certificates/trust_new_crts"
" select no",
)
def test_single_cert_to_empty_existing_ca_file(self):
"""Test adding a single certificate to the trusted CAs
when existing ca-certificates.conf is empty"""
cert = "CERT1\nLINE2\nLINE3"
expected = "cloud-init-ca-certs.crt\n"
self.m_stat.return_value.st_size = 0
for distro_name in cc_ca_certs.distros:
conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
with mock.patch.object(
util, "write_file", autospec=True
) as m_write:
cc_ca_certs.add_ca_certs(conf, [cert])
m_write.assert_has_calls(
[mock.call(conf["ca_cert_full_path"], cert, mode=0o644)]
)
if conf["ca_cert_config"] is not None:
m_write.assert_has_calls(
[
mock.call(
conf["ca_cert_config"], expected, omode="wb"
)
]
)
def test_single_cert_trailing_cr(self):
"""Test adding a single certificate to the trusted CAs
when existing ca-certificates has trailing newline"""
cert = "CERT1\nLINE2\nLINE3"
ca_certs_content = "line1\nline2\ncloud-init-ca-certs.crt\nline3\n"
expected = "line1\nline2\nline3\ncloud-init-ca-certs.crt\n"
self.m_stat.return_value.st_size = 1
for distro_name in cc_ca_certs.distros:
conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
with ExitStack() as mocks:
mock_write = mocks.enter_context(
mock.patch.object(util, "write_file"))
mock_load = mocks.enter_context(
mock.patch.object(util,
"load_file",
return_value=ca_certs_content))
cc_ca_certs.add_ca_certs(conf, [cert])
mock_write.assert_has_calls(
[mock.call(conf["ca_cert_full_path"], cert, mode=0o644)])
if conf["ca_cert_config"] is not None:
mock_write.assert_has_calls([
mock.call(conf["ca_cert_config"], expected, omode="wb")
])
mock_load.assert_called_once_with(conf["ca_cert_config"])
def test_correct_order_for_remove_then_add(self):
"""Test remove_defaults is not called when config value is False."""
config = {"ca-certs": {"remove-defaults": True, "trusted": ["CERT1"]}}
for distro_name in cc_ca_certs.distros:
self._mock_init()
cloud = self._get_cloud(distro_name)
conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
cc_ca_certs.handle(self.name, config, cloud, self.log, self.args)
self.mock_add.assert_called_once_with(conf, ['CERT1'])
self.assertEqual(self.mock_update.call_count, 1)
self.assertEqual(self.mock_remove.call_count, 1)
def test_multiple_trusted(self):
"""Test that multiple certs get passed to add_ca_certs."""
config = {"ca-certs": {"trusted": ["CERT1", "CERT2"]}}
for distro_name in cc_ca_certs.distros:
self._mock_init()
cloud = self._get_cloud(distro_name)
conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
cc_ca_certs.handle(self.name, config, cloud, self.log, self.args)
self.mock_add.assert_called_once_with(conf, ['CERT1', 'CERT2'])
self.assertEqual(self.mock_update.call_count, 1)
self.assertEqual(self.mock_remove.call_count, 0)
