def get_manager():
if 'subscription_manager.action_client' in sys.modules:
mgr = action_client.ActionClient()
else:
# for compatability with subscription-manager >= 1.13
mgr = certmgr.CertManager(uep=get_uep())
return mgr
def get_manager():
if 'subscription_manager.action_client' in sys.modules:
mgr = action_client.ActionClient()
else:
# for compatability with subscription-manager > =1.13
uep = connection.UEPConnection(cert_file=ConsumerIdentity.certpath(),
key_file=ConsumerIdentity.keypath())
mgr = certmgr.CertManager(uep=uep)
return mgr
def test_healing_needs_heal(self):
# need a stub product dir with prods with no entitlements,
# don't have to mock here since we can actually pass in a product
self.mock_cert_sorter.is_valid = mock.Mock(return_value=False)
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep,
product_dir=mock.Mock())
mgr.update(autoheal=True)
self.assertTrue(self.mock_uep.bind.called)
def test_idcertlib_gone_exception(self, mock_update):
mock_update.side_effect = GoneException(410, "bye bye", " 234234")
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
self.assertRaises(GoneException, mgr.update)
# just verify the certlib update worked
report = self.update_action_syslog_mock.call_args[0][0]
self.assertTrue(self.stub_ent1.serial in report.valid)
def test_healing_no_heal(self):
self.mock_cert_sorter.is_valid = mock.Mock(return_value=True)
self.mock_cert_sorter.compliant_until = datetime.now() + \
timedelta(days=15)
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep,
product_dir=self.stub_entitled_proddir)
mgr.update(autoheal=True)
self.assertFalse(self.mock_uep.bind.called)
def test_missing(self, cert_build_mock):
# mock no certs client side
self._stub_certificate_calls()
cert_build_mock.return_value = (mock.Mock(), self.stub_ent1)
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
mgr.update()
report = self.update_action_syslog_mock.call_args[0][0]
self.assertTrue(self.stub_ent1 in report.added)
def test_idcertlib_update_exception(self, mock_log, mock_update):
mock_update.side_effect = ExceptionalException()
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
mgr.update()
for call in mock_log.method_calls:
if call[0] == 'exception' and isinstance(call[1][0],
ExceptionalException):
return
self.fail("Did not ExceptionException in the logged exceptions")
def test_rogue(self):
# to mock "rogue" certs we need some local, that are not known to the
# server so getCertificateSerials to return nothing
self.mock_uep.getCertificateSerials = mock.Mock(return_value=[])
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
mgr.update()
report = self.update_action_syslog_mock.call_args[0][0]
# our local ent certs should be showing up as rogue
self.assertTrue(self.local_ent_certs[0] in report.rogue)
self.assertTrue(self.local_ent_certs[1] in report.rogue)
def test_healing_trigger_exception(self, mock_log):
# Forcing is_valid to throw the type error we used to expect from
# cert sorter using the product dir. Just making sure an unexpected
# exception is logged and not bubbling up.
self.mock_cert_sorter.is_valid = mock.Mock(side_effect=TypeError())
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep,
product_dir=mock.Mock())
mgr.update(autoheal=True)
for call in mock_log.method_calls:
if call[0] == 'exception' and isinstance(call[1][0], TypeError):
return
self.fail("Did not see TypeError in the logged exceptions")
def test_healing_needs_heal_tomorrow(self, cert_build_mock):
# Valid today, but not valid 24h from now:
self.mock_cert_sorter.is_valid = mock.Mock(return_value=True)
self.mock_cert_sorter.compliant_until = datetime.now(GMT()) + \
timedelta(hours=6)
cert_build_mock.return_value = (mock.Mock(),
self.stub_ent_expires_tomorrow)
self._stub_certificate_calls([self.stub_ent_expires_tomorrow])
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep,
product_dir=self.stub_entitled_proddir)
mgr.update(autoheal=True)
# see if we tried to update certs
self.assertTrue(self.mock_uep.bind.called)
def test_exception_on_cert_write(self, mock_log, mock_cert_build):
# this is basically the same as test_missing, expect we throw
# an exception attempting to write the certs out
self._stub_certificate_calls()
mock_cert_build.side_effect = ExceptionalException()
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
# we should fail on the certlib.update, but keep going...
# and handle it well.
mgr.update()
for call in mock_log.method_calls:
if call[0] == 'exception' and isinstance(call[1][0],
ExceptionalException):
return
self.fail("Did not ExceptionException in the logged exceptions")
def test_expired(self, cert_build_mock):
cert_build_mock.return_value = (mock.Mock(), self.stub_ent1)
# this makes the stub_entdir report all ents as being expired
# so we fetch new ones
self.stub_entdir.list_expired = mock.Mock(
return_value=self.stub_entdir.list())
# we don't want to find replacements, so this forces a delete
self.mock_uep.getCertificateSerials = mock.Mock(return_value=[])
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
mgr.update()
# the expired certs should be delete/rogue and expired
report = self.update_action_syslog_mock.call_args[0][0]
self.assertTrue(self.stub_ent1 in report.rogue)
def main(options, log):
if not ConsumerIdentity.existsAndValid():
log.error('Either the consumer is not registered or the certificates' +
' are corrupted. Certificate update using daemon failed.')
sys.exit(-1)
print _('Updating entitlement certificates & repositories')
try:
uep = connection.UEPConnection(cert_file=ConsumerIdentity.certpath(),
key_file=ConsumerIdentity.keypath())
mgr = certmgr.CertManager(uep=uep)
updates = mgr.update(options.autoheal)
print _('%d updates required') % updates
print _('done')
except connection.ExpiredIdentityCertException, e:
log.critical(_("Your identity certificate has expired"))
raise e
def main(options, log):
if not ConsumerIdentity.existsAndValid():
log.error('Either the consumer is not registered or the certificates' +
' are corrupted. Certificate update using daemon failed.')
sys.exit(-1)
print _('Updating entitlement certificates & repositories')
try:
uep = connection.UEPConnection(cert_file=ConsumerIdentity.certpath(),
key_file=ConsumerIdentity.keypath())
mgr = certmgr.CertManager(uep=uep)
updates = mgr.update(options.autoheal)
print _('%d updates required') % updates
print _('done')
except connection.GoneException, ge:
uuid = ConsumerIdentity.read().getConsumerId()
if ge.deleted_id == uuid:
log.critical(_("This consumer's profile has been deleted from the server. It's local certificates will now be archived"))
managerlib.clean_all_data()
log.critical(_("Certificates archived to '/etc/pki/consumer.old'. Contact your system administrator if you need more information."))
else:
raise ge
def test_gone_exception(self, mock_update):
mock_update.side_effect = GoneException(410, "bye bye", " 234234")
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
self.assertRaises(GoneException, mgr.update)
def test_init(self):
mgr = certmgr.CertManager(lock=stubs.MockActionLock(),
uep=self.mock_uep)
mgr.update()
