def test_request_cert_with_SAN_matching_principal_alias(
self, santest_subca, santest_host_1, santest_service_host_1,
santest_csr):
with host_keytab(santest_host_1.name) as keytab_filename:
with change_principal(santest_host_1.attrs['krbcanonicalname'][0],
keytab=keytab_filename):
api.Command.cert_request(santest_csr,
principal=santest_service_host_1.name,
cacn=santest_subca.name)
def test_managed_service(self, managing_host, managed_service):
""" Add a host and then add a service as a host
Finally, remove the service as a host """
managing_host.ensure_exists()
with host_keytab(managing_host.name) as keytab_filename:
with change_principal(managing_host.attrs['krbcanonicalname'][0],
keytab=keytab_filename):
managed_service.create()
managed_service.delete()
def test_request_cert_with_additional_host(
self, santest_subca, santest_host_1, santest_host_2,
santest_service_host_1, santest_csr):
with host_keytab(santest_host_1.name) as keytab_filename:
with change_principal(santest_host_1.attrs['krbcanonicalname'][0],
keytab=keytab_filename):
api.Command.cert_request(
santest_csr,
principal=santest_service_host_1.name,
cacn=santest_subca.name
)
def test_request_cert_with_additional_host(self, santest_subca,
santest_host_1, santest_host_2,
santest_service_host_1,
santest_csr):
with host_keytab(santest_host_1.name) as keytab_filename:
with change_principal(santest_host_1.attrs['krbcanonicalname'][0],
keytab=keytab_filename):
with pytest.raises(errors.ACIError):
api.Command.cert_request(
santest_csr,
principal=santest_service_host_1.name,
cacn=santest_subca.name)
def test_request_cert_with_not_allowed_SAN(self, santest_subca,
santest_host_1,
santest_service_host_1,
santest_csr):
with host_keytab(santest_host_1.name) as keytab_filename:
with change_principal(santest_host_1.attrs['krbcanonicalname'][0],
keytab=keytab_filename):
with pytest.raises(errors.NotFound):
api.Command.cert_request(
santest_csr,
principal=santest_service_host_1.name,
cacn=santest_subca.name)
def test_whoami_hosts(self, krb_host):
"""
Testing whoami as a host
"""
krb_host.ensure_exists()
with host_keytab(krb_host.name) as keytab_filename:
with change_principal(krb_host.attrs['krbcanonicalname'][0],
keytab=keytab_filename):
result = api.Command.whoami()
expected = {u'object': u'host',
u'command': u'host_show/1',
u'arguments': (krb_host.fqdn,)}
assert_deepequal(expected, result)
def test_request_cert_with_not_allowed_SAN(
self, santest_subca, santest_host_1, santest_host_2,
santest_service_host_1, santest_csr):
with host_keytab(santest_host_1.name) as keytab_filename:
with change_principal(santest_host_1.attrs['krbcanonicalname'][0],
keytab=keytab_filename):
with pytest.raises(errors.ACIError):
api.Command.cert_request(
santest_csr,
principal=santest_service_host_1.name,
cacn=santest_subca.name
)
def test_whoami_hosts(self, krb_host):
"""
Testing whoami as a host
"""
krb_host.ensure_exists()
with host_keytab(krb_host.name) as keytab_filename:
with change_principal(krb_host.attrs['krbcanonicalname'][0],
keytab=keytab_filename):
result = api.Command.whoami()
expected = {
u'object': u'host',
u'command': u'host_show/1',
u'arguments': (krb_host.fqdn, )
}
assert_deepequal(expected, result)
def test_issuing_service_cert_by_related_host(self, santest_subca,
santest_host_1,
santest_host_2,
santest_service_host_1,
santest_csr):
# The test case alters the previous state by making
# the service managed by the second host.
# Then it attempts to request the certificate again
api.Command['service_add_host'](santest_service_host_1.name,
host=[santest_host_2.fqdn])
with host_keytab(santest_host_2.name) as keytab_filename:
with change_principal(santest_host_2.attrs['krbcanonicalname'][0],
keytab=keytab_filename):
api.Command.cert_request(santest_csr,
principal=santest_service_host_1.name,
cacn=santest_subca.name)
def test_issuing_service_cert_by_related_host(self,
santest_subca,
santest_host_1,
santest_host_2,
santest_service_host_1,
santest_csr):
# The test case alters the previous state by making
# the service managed by the second host.
# Then it attempts to request the certificate again
api.Command['service_add_host'](
santest_service_host_1.name, host=[santest_host_2.fqdn]
)
with host_keytab(santest_host_2.name) as keytab_filename:
with change_principal(santest_host_2.attrs['krbcanonicalname'][0],
keytab=keytab_filename):
api.Command.cert_request(
santest_csr,
principal=santest_service_host_1.name,
cacn=santest_subca.name
)