def test_get_or_increase_name(session, certificate): from lemur.certificates.models import get_or_increase_name from lemur.tests.factories import CertificateFactory serial = "AFF2DB4F8D2D4D8E80FA382AE27C2333" assert get_or_increase_name(certificate.name, certificate.serial) == "{0}-{1}".format( certificate.name, serial) certificate.name = "test-cert-11111111" assert (get_or_increase_name(certificate.name, certificate.serial) == "test-cert-11111111-" + serial) certificate.name = "test-cert-11111111-1" assert (get_or_increase_name( "test-cert-11111111-1", certificate.serial) == "test-cert-11111111-1-" + serial) CertificateFactory(name="certificate1") CertificateFactory(name="certificate1-" + serial) session.commit() assert get_or_increase_name("certificate1", int(serial, 16)) == "certificate1-{}-1".format(serial)
def test_send_expiration_notification(): from lemur.notifications.messaging import send_expiration_notifications verify_sender_email( ) # emails are sent to owner and security; SNS only used for configured notification topic_arn, sqs_client, queue_url = create_and_subscribe_to_topic() notification = NotificationFactory(plugin_name="aws-sns") notification.options = get_options() now = arrow.utcnow() in_ten_days = now + timedelta( days=10, hours=1) # a bit more than 10 days since we'll check in the future certificate = CertificateFactory() certificate.not_after = in_ten_days certificate.notifications.append(notification) assert send_expiration_notifications([], []) == (3, 0 ) # owner, SNS, and security received_messages = sqs_client.receive_message( QueueUrl=queue_url)["Messages"] assert len(received_messages) == 1 expected_message = format_message( certificate_notification_output_schema.dump(certificate).data, "expiration", notification.options) actual_message = json.loads(received_messages[0]["Body"])["Message"] assert actual_message == expected_message
def test_send_rotation_notification(notification_plugin, certificate): from lemur.notifications.messaging import send_rotation_notification verify_sender_email() new_cert = CertificateFactory() new_cert.replaces.append(certificate) assert send_rotation_notification(new_cert) new_cert.endpoints = [EndpointFactory()] assert send_rotation_notification(new_cert)
def create_cert_that_expires_in_days(days, serial=None, domains=None, owner=None): import random from random import randrange from string import ascii_lowercase now = arrow.utcnow() not_after = now + timedelta( days=days, hours=1) # a bit more than specified since we'll check in the future certificate = CertificateFactory() certificate.not_after = not_after certificate.notify = True certificate.owner = ''.join( random.choice(ascii_lowercase) for _ in range(10)) + '@example.com' endpoints = [] for i in range(0, randrange(0, 5)): endpoints.append(EndpointFactory()) certificate.endpoints = endpoints if serial: certificate.serial = serial if owner: certificate.owner = owner if domains: certificate.domains = domains return certificate
def prepare_test(): verify_sender_email() # emails are sent to owner and security; Slack only used for configured notification notification = NotificationFactory(plugin_name="slack-notification") notification.options = get_options() now = arrow.utcnow() in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future certificate = CertificateFactory() certificate.not_after = in_ten_days certificate.notifications.append(notification)
def test_issued_cert_count_for_authority(authority): from lemur.tests.factories import CertificateFactory from lemur.certificates.service import get_issued_cert_count_for_authority assert get_issued_cert_count_for_authority(authority) == 0 # create a few certs issued by the authority CertificateFactory(authority=authority, name="test_issued_cert_count_for_authority1") CertificateFactory(authority=authority, name="test_issued_cert_count_for_authority2") CertificateFactory(authority=authority, name="test_issued_cert_count_for_authority3") assert get_issued_cert_count_for_authority(authority) == 3
def test_send_rotation_notification(certificate, endpoint, source_plugin): from lemur.notifications.messaging import send_rotation_notification from lemur.deployment.service import rotate_certificate new_certificate = CertificateFactory() rotate_certificate(endpoint, new_certificate) new_certificate.replaces.append(certificate) assert endpoint.certificate == new_certificate verify_sender_email() assert send_rotation_notification(new_certificate) new_certificate.endpoints = [EndpointFactory()] assert send_rotation_notification(new_certificate)
def create_cert_that_expires_in_days(days): from random import randrange now = arrow.utcnow() not_after = now + timedelta(days=days, hours=1) # a bit more than specified since we'll check in the future certificate = CertificateFactory() certificate.not_after = not_after certificate.notify = True endpoints = [] for i in range(0, randrange(0, 5)): endpoints.append(EndpointFactory()) certificate.endpoints = endpoints return certificate
def test_rotate_certificate(client, source_plugin): from lemur.deployment.service import rotate_certificate new_certificate = CertificateFactory() endpoint = EndpointFactory() rotate_certificate(endpoint, new_certificate) assert endpoint.certificate == new_certificate
def test_render(certificate, endpoint): from lemur.certificates.schemas import certificate_notification_output_schema new_cert = CertificateFactory() new_cert.replaces.append(certificate) certificates = [certificate_notification_output_schema.dump(certificate).data] template = env.get_template('{}.html'.format('expiration')) with open(os.path.join(dir_path, 'expiration-rendered.html'), 'w') as f: body = template.render(dict(certificates=certificates, hostname='lemur.test.example.com')) f.write(body) template = env.get_template('{}.html'.format('rotation')) certificate.endpoints.append(endpoint) with open(os.path.join(dir_path, 'rotation-rendered.html'), 'w') as f: body = template.render( dict( certificate=certificate_notification_output_schema.dump(certificate).data, hostname='lemur.test.example.com' ) ) f.write(body)
def test_render_reissued_with_no_endpoints(certificate): new_cert = CertificateFactory() new_cert.replaces.append(certificate) assert render_html( "reissued_with_no_endpoints", get_options(), certificate_notification_output_schema.dump(new_cert).data)
def test_render(certificate, endpoint): from lemur.certificates.schemas import certificate_notification_output_schema new_cert = CertificateFactory() new_cert.replaces.append(certificate) data = { 'certificates': [certificate_notification_output_schema.dump(certificate).data], 'options': [{ 'name': 'interval', 'value': 10 }, { 'name': 'unit', 'value': 'days' }] } template = env.get_template('{}.html'.format('expiration')) with open(os.path.join(dir_path, 'expiration-rendered.html'), 'w') as f: body = template.render( dict(message=data, hostname='lemur.test.example.com')) f.write(body) template = env.get_template('{}.html'.format('rotation')) certificate.endpoints.append(endpoint) with open(os.path.join(dir_path, 'rotation-rendered.html'), 'w') as f: body = template.render( dict(certificate=certificate_notification_output_schema.dump( certificate).data, hostname='lemur.test.example.com')) f.write(body)
def test_send_expiration_notification(): from lemur.notifications.messaging import send_expiration_notifications notification = NotificationFactory(plugin_name="slack-notification") notification.options = get_options() now = arrow.utcnow() in_ten_days = now + timedelta( days=10, hours=1) # a bit more than 10 days since we'll check in the future certificate = CertificateFactory() certificate.not_after = in_ten_days certificate.notifications.append(notification) assert send_expiration_notifications([]) == (2, 0)
def test_get_or_increase_name(session, certificate): from lemur.certificates.models import get_or_increase_name from lemur.tests.factories import CertificateFactory serial = 'AFF2DB4F8D2D4D8E80FA382AE27C2333' assert get_or_increase_name(certificate.name, certificate.serial) == '{0}-{1}'.format( certificate.name, serial) certificate.name = 'test-cert-11111111' assert get_or_increase_name( certificate.name, certificate.serial) == 'test-cert-11111111-' + serial certificate.name = 'test-cert-11111111-1' assert get_or_increase_name( 'test-cert-11111111-1', certificate.serial) == 'test-cert-11111111-1-' + serial cert2 = CertificateFactory(name='certificate1-' + serial) session.commit() assert get_or_increase_name('certificate1', int(serial, 16)) == 'certificate1-{}-1'.format(serial)
def test_send_expiration_notification(): from lemur.notifications.messaging import send_expiration_notifications verify_sender_email() # emails are sent to owner and security; Slack only used for configured notification notification = NotificationFactory(plugin_name="slack-notification") notification.options = get_options() now = arrow.utcnow() in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future certificate = CertificateFactory() certificate.not_after = in_ten_days certificate.notifications.append(notification) assert send_expiration_notifications([]) == (3, 0) # owner, Slack, and security
def test_send_expiration_notification_disabled(): from lemur.notifications.messaging import send_expiration_notifications from lemur.tests.factories import CertificateFactory from lemur.tests.factories import NotificationFactory now = arrow.utcnow() in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future certificate = CertificateFactory() notification = NotificationFactory(plugin_name="email-notification") certificate.not_after = in_ten_days certificate.notifications.append(notification) certificate.notifications[0].options = get_options() verify_sender_email() assert send_expiration_notifications([], ['email-notification']) == (0, 0)
def test_send_expiration_notification_no_security_team(): from lemur.notifications.messaging import send_expiration_notifications from lemur.tests.factories import CertificateFactory from lemur.tests.factories import NotificationFactory now = arrow.utcnow() in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future certificate = CertificateFactory(name="TEST1") notification = NotificationFactory(plugin_name="email-notification") certificate.not_after = in_ten_days certificate.notifications.append(notification) certificate.notifications[0].options = get_options() verify_sender_email() assert send_expiration_notifications([], [], True) == (3, 0) # owner (1) and recipients (2)
def test_render_expiration(certificate, endpoint): new_cert = CertificateFactory() new_cert.replaces.append(certificate) assert render_html( "expiration", get_options(), [certificate_notification_output_schema.dump(certificate).data])
def test_send_reissue_no_endpoints_notification(certificate): from lemur.notifications.messaging import send_reissue_no_endpoints_notification verify_sender_email() new_certificate = CertificateFactory() new_certificate.replaces.append(certificate) verify_sender_email() assert send_reissue_no_endpoints_notification(certificate, new_certificate)
def test_render_rotation(certificate, endpoint): new_cert = CertificateFactory() new_cert.replaces.append(certificate) new_cert.endpoints.append(endpoint) assert render_html( "rotation", get_options(), certificate_notification_output_schema.dump(new_cert).data)
def test_send_expiration_notification(): from lemur.notifications.messaging import send_expiration_notifications from lemur.tests.factories import CertificateFactory from lemur.tests.factories import NotificationFactory now = arrow.utcnow() in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future certificate = CertificateFactory() notification = NotificationFactory(plugin_name="email-notification") certificate.not_after = in_ten_days certificate.notifications.append(notification) certificate.notifications[0].options = get_options() verify_sender_email() # exclude "TEST1" certs so we don't pick up certs from the last test tests assert send_expiration_notifications(["TEST1"], []) == (4, 0) # owner (1), recipients (2), and security (1)
def test_multiple_authority_certificate_association(session, client): role = RoleFactory() authority = AuthorityFactory() certificate = CertificateFactory() authority1 = AuthorityFactory() certificate1 = CertificateFactory() role.authorities.append(authority) role.authorities.append(authority1) role.certificates.append(certificate) role.certificates.append(certificate1) session.commit() assert role.authorities[0].name == authority.name assert role.authorities[1].name == authority1.name assert role.certificates[0].name == certificate.name assert role.certificates[1].name == certificate1.name
def prepare_test(): verify_sender_email() # emails are sent to owner and security; SNS only used for configured notification # set all existing notifications to disabled so we don't have multiple conflicting in the tests for prior_notification in service.get_all(): service.update(prior_notification.id, prior_notification.label, prior_notification.plugin_name, prior_notification.options, prior_notification.description, False, [], []) notification = NotificationFactory(plugin_name="aws-sns") notification.options = get_options() now = arrow.utcnow() in_ten_days = now + timedelta(days=10, hours=1) # a bit more than 10 days since we'll check in the future certificate = CertificateFactory() certificate.not_after = in_ten_days certificate.notifications.append(notification) return notification, certificate
def test_send_reissue_no_endpoints_notification(notification_plugin, endpoint, certificate): from lemur.notifications.messaging import send_reissue_no_endpoints_notification verify_sender_email() new_cert = CertificateFactory() new_cert.replaces.append(certificate) assert send_reissue_no_endpoints_notification(certificate, new_cert) certificate.endpoints.append(endpoint) assert not send_reissue_no_endpoints_notification(certificate, new_cert)
def test_send_reissue_no_endpoints_notification_excluded_destination( destination_plugin, notification_plugin, certificate, destination): from lemur.notifications.messaging import send_reissue_no_endpoints_notification verify_sender_email() new_cert = CertificateFactory() new_cert.replaces.append(certificate) destination.label = 'not-excluded-destination' certificate.destinations.append(destination) assert send_reissue_no_endpoints_notification(certificate, new_cert) # specified in tests/conf.py destination.label = 'excluded-destination' assert not send_reissue_no_endpoints_notification(certificate, new_cert)
def test_get_or_increase_name(session, certificate): from lemur.certificates.models import get_or_increase_name from lemur.tests.factories import CertificateFactory assert get_or_increase_name(certificate.name, certificate.serial) == '{0}-3E9'.format(certificate.name) certificate.name = 'test-cert-11111111' assert get_or_increase_name(certificate.name, certificate.serial) == 'test-cert-11111111-3E9' certificate.name = 'test-cert-11111111-1' assert get_or_increase_name('test-cert-11111111-1', certificate.serial) == 'test-cert-11111111-1-3E9' cert2 = CertificateFactory(name='certificate1-3E9') session.commit() assert get_or_increase_name('certificate1', 1001) == 'certificate1-3E9-1'
def create_ca_cert_that_expires_in_days(days): now = arrow.utcnow() not_after = now + timedelta(days=days, hours=1) # a bit more than specified since we'll check in the future authority = AuthorityFactory() certificate = CertificateFactory() certificate.not_after = not_after certificate.notify = True certificate.root_authority_id = authority.id certificate.authority_id = None return certificate
def test_delete_cert(session): from lemur.certificates.service import delete, get from lemur.tests.factories import CertificateFactory delete_this = CertificateFactory(name='DELETEME') session.commit() cert_exists = get(delete_this.id) # it needs to exist first assert cert_exists delete(delete_this.id) cert_exists = get(delete_this.id) # then not exist after delete assert not cert_exists
def test_cleanup_after_revoke(session, issuer_plugin, crypto_authority): from lemur.certificates.service import cleanup_after_revoke, get from lemur.tests.factories import CertificateFactory revoke_this = CertificateFactory(name="REVOKEME") session.commit() to_be_revoked = get(revoke_this.id) assert to_be_revoked to_be_revoked.notify = True to_be_revoked.rotation = True # Assuming the cert is revoked by corresponding issuer, update the records in lemur cleanup_after_revoke(to_be_revoked) revoked_cert = get(to_be_revoked.id) # then not exist after delete assert revoked_cert assert revoked_cert.status == "revoked" assert not revoked_cert.notify assert not revoked_cert.rotation assert not revoked_cert.destinations
def test_render(certificate, endpoint): from lemur.certificates.schemas import certificate_notification_output_schema new_cert = CertificateFactory() new_cert.replaces.append(certificate) data = { "certificates": [certificate_notification_output_schema.dump(certificate).data], "options": [ { "name": "interval", "value": 10 }, { "name": "unit", "value": "days" }, ], } template = env.get_template("{}.html".format("expiration")) body = template.render( dict(message=data, hostname="lemur.test.example.com")) template = env.get_template("{}.html".format("rotation")) certificate.endpoints.append(endpoint) body = template.render( dict( certificate=certificate_notification_output_schema.dump( certificate).data, hostname="lemur.test.example.com", ))