def test_cert_changed_fail_read_keystore(self):
set_module_args(
dict(certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='foo',
password='******'))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode)
module.fail_json = Mock(return_value=True)
with patch('os.remove', return_value=True):
self.run_commands.side_effect = [(0, 'foo: wxyz:9876:stuv', ''),
(1, '', 'Oops')]
cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks",
"changeit", 'foo')
module.fail_json.assert_called_with(cmd=[
"keytool", "-list", "-alias", "foo", "-keystore",
"/path/to/keystore.jks", "-storepass", "changeit", "-v"
],
msg='',
err='Oops',
rc=1)
def test_cert_changed_fail_read_cert(self):
set_module_args(
dict(certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='foo',
password='******'))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode)
module.fail_json = Mock()
with patch('os.remove', return_value=True):
self.run_commands.side_effect = [(1, '', 'Oops'),
(0, 'SHA256: wxyz:9876:stuv', '')]
cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks",
"changeit", 'foo')
module.fail_json.assert_called_once_with(cmd=[
"openssl", "x509", "-noout", "-in", "/tmp/foo.crt",
"-fingerprint", "-sha256"
],
msg='',
err='Oops',
rc=1)
def test_cert_changed_fail_alias_does_not_exist(self):
set_module_args(
dict(certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='foo',
password='******'))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode)
module.fail_json = Mock()
with patch('os.remove', return_value=True):
self.create_file.side_effect = ['/tmp/placeholder']
self.run_commands.side_effect = [
(0, 'foo=abcd:1234:efgh', ''),
(1,
'keytool error: java.lang.Exception: Alias <foo> does not exist',
'')
]
cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks",
"changeit", 'foo')
module.fail_json.assert_called_once_with(
cmd=[
"keytool", "-list", "-alias", "foo", "-keystore",
"/path/to/keystore.jks", "-storepass:env", "STOREPASS",
"-v"
],
msg=
'keytool error: java.lang.Exception: Alias <foo> does not exist',
err='',
rc=1)
def test_cert_changed_fingerprint_mismatch(self):
set_module_args(
dict(certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='foo',
password='******'))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode)
with patch('os.remove', return_value=True):
self.run_commands.side_effect = [(0, 'foo=abcd:1234:efgh', ''),
(0, 'SHA256: wxyz:9876:stuv', '')]
result = cert_changed(module, "openssl", "keytool",
"/path/to/keystore.jks", "changeit", 'foo')
self.assertTrue(result, 'Fingerprint mismatch')
def test_cert_changed_alias_does_not_exist(self):
set_module_args(dict(
certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='foo',
password='******'
))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode
)
with patch('os.remove', return_value=True):
self.run_commands.side_effect = [(0, 'foo=abcd:1234:efgh', ''),
(1, 'keytool error: java.lang.Exception: Alias <foo> does not exist', '')]
result = cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks", "changeit", 'foo')
self.assertTrue(result, 'Certificate does not exist')
def test_cert_changed_password_mismatch(self):
set_module_args(dict(
certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='foo',
password='******'
))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode
)
with patch('os.remove', return_value=True):
self.create_file.side_effect = ['/tmp/placeholder']
self.run_commands.side_effect = [(0, 'foo=abcd:1234:efgh', ''),
(1, 'keytool error: java.io.IOException: Keystore password was incorrect', '')]
result = cert_changed(module, "openssl", "keytool", "/path/to/keystore.jks", "changeit", 'foo')
self.assertTrue(result, 'Password mismatch detected')
