def test_healing_needs_heal(self):
# need a stub product dir with prods with no entitlements,
# don't have to mock here since we can actually pass in a product
self.mock_cert_sorter.is_valid = mock.Mock(return_value=False)
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep,
product_dir=mock.Mock())
mgr.update(autoheal=True)
self.assertTrue(self.mock_uep.bind.called)
def test_idcertlib_gone_exception(self, mock_update):
mock_update.side_effect = GoneException(410, "bye bye", " 234234")
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
self.assertRaises(GoneException, mgr.update)
# just verify the certlib update worked
report = self.update_action_syslog_mock.call_args[0][0]
self.assertTrue(self.stub_ent1.serial in report.valid)
def test_healing_no_heal(self):
self.mock_cert_sorter.is_valid = mock.Mock(return_value=True)
self.mock_cert_sorter.compliant_until = datetime.now() + \
timedelta(days=15)
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep,
product_dir=self.stub_entitled_proddir)
mgr.update(autoheal=True)
self.assertFalse(self.mock_uep.bind.called)
def test_missing(self, cert_build_mock):
# mock no certs client side
self._stub_certificate_calls()
cert_build_mock.return_value = (mock.Mock(), self.stub_ent1)
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
mgr.update()
report = self.update_action_syslog_mock.call_args[0][0]
self.assertTrue(self.stub_ent1 in report.added)
def test_idcertlib_update_exception(self, mock_log, mock_update):
mock_update.side_effect = ExceptionalException()
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
mgr.update()
for call in mock_log.method_calls:
if call[0] == 'exception' and isinstance(call[1][0],
ExceptionalException):
return
self.fail("Did not ExceptionException in the logged exceptions")
def test_rogue(self):
# to mock "rogue" certs we need some local, that are not known to the
# server so getCertificateSerials to return nothing
self.mock_uep.getCertificateSerials = mock.Mock(return_value=[])
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
mgr.update()
report = self.update_action_syslog_mock.call_args[0][0]
# our local ent certs should be showing up as rogue
self.assertTrue(self.local_ent_certs[0] in report.rogue)
self.assertTrue(self.local_ent_certs[1] in report.rogue)
def test_healing_trigger_exception(self, mock_log):
# Forcing is_valid to throw the type error we used to expect from
# cert sorter using the product dir. Just making sure an unexpected
# exception is logged and not bubbling up.
self.mock_cert_sorter.is_valid = mock.Mock(side_effect=TypeError())
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep,
product_dir=mock.Mock())
mgr.update(autoheal=True)
for call in mock_log.method_calls:
if call[0] == 'exception' and isinstance(call[1][0], TypeError):
return
self.fail("Did not see TypeError in the logged exceptions")
def test_healing_needs_heal_tomorrow(self, cert_build_mock):
# Valid today, but not valid 24h from now:
self.mock_cert_sorter.is_valid = mock.Mock(return_value=True)
self.mock_cert_sorter.compliant_until = datetime.now(GMT()) + \
timedelta(hours=6)
cert_build_mock.return_value = (mock.Mock(),
self.stub_ent_expires_tomorrow)
self._stub_certificate_calls([self.stub_ent_expires_tomorrow])
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep,
product_dir=self.stub_entitled_proddir)
mgr.update(autoheal=True)
# see if we tried to update certs
self.assertTrue(self.mock_uep.bind.called)
def test_exception_on_cert_write(self, mock_log, mock_cert_build):
# this is basically the same as test_missing, expect we throw
# an exception attempting to write the certs out
self._stub_certificate_calls()
mock_cert_build.side_effect = ExceptionalException()
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
# we should fail on the certlib.update, but keep going...
# and handle it well.
mgr.update()
for call in mock_log.method_calls:
if call[0] == 'exception' and isinstance(call[1][0],
ExceptionalException):
return
self.fail("Did not ExceptionException in the logged exceptions")
def test_expired(self, cert_build_mock):
cert_build_mock.return_value = (mock.Mock(), self.stub_ent1)
# this makes the stub_entdir report all ents as being expired
# so we fetch new ones
self.stub_entdir.list_expired = mock.Mock(
return_value=self.stub_entdir.list())
# we don't want to find replacements, so this forces a delete
self.mock_uep.getCertificateSerials = mock.Mock(return_value=[])
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
mgr.update()
# the expired certs should be delete/rogue and expired
report = self.update_action_syslog_mock.call_args[0][0]
self.assertTrue(self.stub_ent1 in report.rogue)
def setUp(self):
self.stub_uep = stubs.StubUEP()
self.expected_facts = {'fact1': 'F1', 'fact2': 'F2'}
self.fl = factlib.FactLib(lock=stubs.MockActionLock(),
uep=self.stub_uep,
facts=stubs.StubFacts(self.expected_facts))
def _get_idcertlib(self):
self.stub_uep = stubs.StubUEP()
self.stub_uep.getConsumer = getConsumerData
self.stub_uep.getSerialNumber = getSerialNumber
return certlib.IdentityCertLib(lock=stubs.MockActionLock(),
uep=self.stub_uep)
def test_gone_exception(self, mock_update):
mock_update.side_effect = GoneException(410, "bye bye", " 234234")
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
self.assertRaises(GoneException, mgr.update)
def test_init(self):
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
mgr.update()