def setUp(self): self.temp_dir = tempfile.mkdtemp( prefix='subman-container-plugin-tests') self.src_certs_dir = join(self.temp_dir, "etc/pki/entitlement") os.makedirs(self.src_certs_dir) # This is where we'll setup for container certs: container_dir = join(self.temp_dir, "etc/docker/certs.d/") os.makedirs(container_dir) # Where we expect our certs to actually land: self.dest_dir = join(container_dir, 'cdn.redhat.com') self.report = ContainerUpdateReport() self.container_dir = ContainerCertDir(self.report, 'cdn.redhat.com', host_cert_dir=container_dir) self.container_dir._rh_cdn_ca_exists = mock.Mock(return_value=True)
def setUp(self): self.temp_dir = tempfile.mkdtemp(prefix='subman-container-plugin-tests') self.src_certs_dir = join(self.temp_dir, "etc/pki/entitlement") os.makedirs(self.src_certs_dir) # This is where we'll setup for container certs: container_dir = join(self.temp_dir, "etc/docker/certs.d/") os.makedirs(container_dir) # Where we expect our certs to actually land: self.dest_dir = join(container_dir, 'cdn.redhat.com') self.report = ContainerUpdateReport() self.container_dir = ContainerCertDir(self.report, 'cdn.redhat.com', host_cert_dir=container_dir) self.container_dir._rh_cdn_ca_exists = mock.Mock(return_value=True)
class TestContainerCertDir(fixture.SubManFixture): def setUp(self): self.temp_dir = tempfile.mkdtemp(prefix='subman-container-plugin-tests') self.src_certs_dir = join(self.temp_dir, "etc/pki/entitlement") os.makedirs(self.src_certs_dir) # This is where we'll setup for container certs: container_dir = join(self.temp_dir, "etc/docker/certs.d/") os.makedirs(container_dir) # Where we expect our certs to actually land: self.dest_dir = join(container_dir, 'cdn.redhat.com') self.report = ContainerUpdateReport() self.container_dir = ContainerCertDir(self.report, 'cdn.redhat.com', host_cert_dir=container_dir) self.container_dir._rh_cdn_ca_exists = mock.Mock(return_value=True) def tearDown(self): shutil.rmtree(self.temp_dir) def _touch(self, dir_path, filename): """ Create an empty file in the given directory with the given filename. """ if not exists(dir_path): os.makedirs(dir_path) open(join(dir_path, filename), 'a').close() def test_first_install(self): cert1 = '1234.pem' key1 = '1234-key.pem' self._touch(self.src_certs_dir, cert1) self._touch(self.src_certs_dir, key1) kp = KeyPair(join(self.src_certs_dir, cert1), join(self.src_certs_dir, key1)) self.container_dir.sync([kp]) self.assertTrue(exists(join(self.dest_dir, '1234.cert'))) self.assertTrue(exists(join(self.dest_dir, '1234.key'))) self.assertEquals(2, len(self.report.added)) def test_old_certs_cleaned_out(self): cert1 = '1234.cert' key1 = '1234.key' ca = 'myca.crt' # This file extension should be left alone: self._touch(self.dest_dir, cert1) self._touch(self.dest_dir, key1) self._touch(self.dest_dir, ca) self.assertTrue(exists(join(self.dest_dir, '1234.cert'))) self.assertTrue(exists(join(self.dest_dir, '1234.key'))) self.assertTrue(exists(join(self.dest_dir, ca))) self.container_dir.sync([]) self.assertFalse(exists(join(self.dest_dir, '1234.cert'))) self.assertFalse(exists(join(self.dest_dir, '1234.key'))) self.assertTrue(exists(join(self.dest_dir, ca))) self.assertEquals(2, len(self.report.removed)) def test_all_together_now(self): cert1 = '1234.pem' key1 = '1234-key.pem' cert2 = '12345.pem' key2 = '12345-key.pem' old_cert = '444.cert' old_key = '444.key' old_key2 = 'another.key' self._touch(self.src_certs_dir, cert1) self._touch(self.src_certs_dir, key1) self._touch(self.src_certs_dir, cert2) self._touch(self.src_certs_dir, key2) self._touch(self.dest_dir, old_cert) self._touch(self.dest_dir, old_key) self._touch(self.dest_dir, old_key2) kp = KeyPair(join(self.src_certs_dir, cert1), join(self.src_certs_dir, key1)) kp2 = KeyPair(join(self.src_certs_dir, cert2), join(self.src_certs_dir, key2)) self.container_dir.sync([kp, kp2]) self.assertTrue(exists(join(self.dest_dir, '1234.cert'))) self.assertTrue(exists(join(self.dest_dir, '1234.key'))) self.assertTrue(exists(join(self.dest_dir, '12345.cert'))) self.assertTrue(exists(join(self.dest_dir, '12345.key'))) self.assertFalse(exists(join(self.dest_dir, '444.cert'))) self.assertFalse(exists(join(self.dest_dir, '444.key'))) self.assertEquals(4, len(self.report.added)) self.assertEquals(3, len(self.report.removed)) @mock.patch("os.symlink") def test_cdn_ca_symlink(self, mock_link): cert1 = '1234.pem' key1 = '1234-key.pem' self._touch(self.src_certs_dir, cert1) self._touch(self.src_certs_dir, key1) kp = KeyPair(join(self.src_certs_dir, cert1), join(self.src_certs_dir, key1)) self.container_dir.sync([kp]) expected_symlink = join(self.dest_dir, "%s.crt" % os.path.splitext(CA_NAME)[0]) mock_link.assert_called_once_with(RH_CDN_CA, expected_symlink) def test_cdn_ca_doesnt_exist_no_symlink(self): cert1 = '1234.pem' key1 = '1234-key.pem' self._touch(self.src_certs_dir, cert1) self._touch(self.src_certs_dir, key1) kp = KeyPair(join(self.src_certs_dir, cert1), join(self.src_certs_dir, key1)) # Mock that /etc/rhsm/ca/redhat-entitlement-authority.pem doesn't exist: self.container_dir._rh_cdn_ca_exists = mock.Mock(return_value=False) self.container_dir.sync([kp]) expected_symlink = join(self.dest_dir, "%s.crt" % os.path.splitext(CA_NAME)[0]) self.assertFalse(exists(expected_symlink)) def test_cdn_ca_symlink_already_exists(self): cert1 = '1234.pem' key1 = '1234-key.pem' self._touch(self.src_certs_dir, cert1) self._touch(self.src_certs_dir, key1) kp = KeyPair(join(self.src_certs_dir, cert1), join(self.src_certs_dir, key1)) self.container_dir.sync([kp]) expected_symlink = join(self.dest_dir, "%s.crt" % os.path.splitext(CA_NAME)[0]) # Run it again, the symlink already exists: with mock.patch("os.symlink") as mock_link: with mock.patch("os.path.exists") as mock_exists: # Make the real os.path.exists call unless the module is asking # about the symlink which should already exist in this test def side_effects(path): if path == expected_symlink: return True return os.path.exists(path) mock_exists.side_effects = side_effects self.container_dir.sync([kp]) self.assertFalse(mock_link.called)
class TestContainerCertDir(fixture.SubManFixture): def setUp(self): self.temp_dir = tempfile.mkdtemp( prefix='subman-container-plugin-tests') self.src_certs_dir = join(self.temp_dir, "etc/pki/entitlement") os.makedirs(self.src_certs_dir) # This is where we'll setup for container certs: container_dir = join(self.temp_dir, "etc/docker/certs.d/") os.makedirs(container_dir) # Where we expect our certs to actually land: self.dest_dir = join(container_dir, 'cdn.redhat.com') self.report = ContainerUpdateReport() self.container_dir = ContainerCertDir(self.report, 'cdn.redhat.com', host_cert_dir=container_dir) self.container_dir._rh_cdn_ca_exists = mock.Mock(return_value=True) def tearDown(self): shutil.rmtree(self.temp_dir) def _touch(self, dir_path, filename): """ Create an empty file in the given directory with the given filename. """ if not exists(dir_path): os.makedirs(dir_path) open(join(dir_path, filename), 'a').close() def test_first_install(self): cert1 = '1234.pem' key1 = '1234-key.pem' self._touch(self.src_certs_dir, cert1) self._touch(self.src_certs_dir, key1) kp = KeyPair(join(self.src_certs_dir, cert1), join(self.src_certs_dir, key1)) self.container_dir.sync([kp]) self.assertTrue(exists(join(self.dest_dir, '1234.cert'))) self.assertTrue(exists(join(self.dest_dir, '1234.key'))) self.assertEqual(2, len(self.report.added)) def test_old_certs_cleaned_out(self): cert1 = '1234.cert' key1 = '1234.key' ca = 'myca.crt' # This file extension should be left alone: self._touch(self.dest_dir, cert1) self._touch(self.dest_dir, key1) self._touch(self.dest_dir, ca) self.assertTrue(exists(join(self.dest_dir, '1234.cert'))) self.assertTrue(exists(join(self.dest_dir, '1234.key'))) self.assertTrue(exists(join(self.dest_dir, ca))) self.container_dir.sync([]) self.assertFalse(exists(join(self.dest_dir, '1234.cert'))) self.assertFalse(exists(join(self.dest_dir, '1234.key'))) self.assertTrue(exists(join(self.dest_dir, ca))) self.assertEqual(2, len(self.report.removed)) def test_all_together_now(self): cert1 = '1234.pem' key1 = '1234-key.pem' cert2 = '12345.pem' key2 = '12345-key.pem' old_cert = '444.cert' old_key = '444.key' old_key2 = 'another.key' self._touch(self.src_certs_dir, cert1) self._touch(self.src_certs_dir, key1) self._touch(self.src_certs_dir, cert2) self._touch(self.src_certs_dir, key2) self._touch(self.dest_dir, old_cert) self._touch(self.dest_dir, old_key) self._touch(self.dest_dir, old_key2) kp = KeyPair(join(self.src_certs_dir, cert1), join(self.src_certs_dir, key1)) kp2 = KeyPair(join(self.src_certs_dir, cert2), join(self.src_certs_dir, key2)) self.container_dir.sync([kp, kp2]) self.assertTrue(exists(join(self.dest_dir, '1234.cert'))) self.assertTrue(exists(join(self.dest_dir, '1234.key'))) self.assertTrue(exists(join(self.dest_dir, '12345.cert'))) self.assertTrue(exists(join(self.dest_dir, '12345.key'))) self.assertFalse(exists(join(self.dest_dir, '444.cert'))) self.assertFalse(exists(join(self.dest_dir, '444.key'))) self.assertEqual(4, len(self.report.added)) self.assertEqual(3, len(self.report.removed)) @mock.patch("os.symlink") def test_cdn_ca_symlink(self, mock_link): cert1 = '1234.pem' key1 = '1234-key.pem' self._touch(self.src_certs_dir, cert1) self._touch(self.src_certs_dir, key1) kp = KeyPair(join(self.src_certs_dir, cert1), join(self.src_certs_dir, key1)) self.container_dir.sync([kp]) expected_symlink = join(self.dest_dir, "%s.crt" % os.path.splitext(CA_NAME)[0]) mock_link.assert_called_once_with(RH_CDN_CA, expected_symlink) def test_cdn_ca_doesnt_exist_no_symlink(self): cert1 = '1234.pem' key1 = '1234-key.pem' self._touch(self.src_certs_dir, cert1) self._touch(self.src_certs_dir, key1) kp = KeyPair(join(self.src_certs_dir, cert1), join(self.src_certs_dir, key1)) # Mock that /etc/rhsm/ca/redhat-entitlement-authority.pem doesn't exist: self.container_dir._rh_cdn_ca_exists = mock.Mock(return_value=False) self.container_dir.sync([kp]) expected_symlink = join(self.dest_dir, "%s.crt" % os.path.splitext(CA_NAME)[0]) self.assertFalse(exists(expected_symlink)) def test_cdn_ca_symlink_already_exists(self): cert1 = '1234.pem' key1 = '1234-key.pem' self._touch(self.src_certs_dir, cert1) self._touch(self.src_certs_dir, key1) kp = KeyPair(join(self.src_certs_dir, cert1), join(self.src_certs_dir, key1)) self.container_dir.sync([kp]) expected_symlink = join(self.dest_dir, "%s.crt" % os.path.splitext(CA_NAME)[0]) # Run it again, the symlink already exists: with mock.patch("os.symlink") as mock_link: with mock.patch("os.path.exists") as mock_exists: # Make the real os.path.exists call unless the module is asking # about the symlink which should already exist in this test def side_effects(path): if path == expected_symlink: return True return os.path.exists(path) mock_exists.side_effects = side_effects self.container_dir.sync([kp]) self.assertFalse(mock_link.called)