valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 08:58:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Finish up mac_keychain tests

Browse Source
This commit is contained in:
rallytime 2016-03-25 15:15:34 -06:00
parent b8f271bdc9
commit 635263ab1c
2 changed files with 80 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
salt/modules/mac_keychain.py
View File

@ -2,10 +2,12 @@
'''
Install certificates into the keychain on Mac OS
.. versionadded:: 2016.3.0
'''
from __future__ import absolute_import
# Import python libs
from __future__ import absolute_import
import logging
import re
@ -39,16 +41,14 @@ def __virtual__():
return False
def install(cert, password, keychain="/Library/Keychains/System.keychain", allow_any=False, keychain_password=None):
def install(cert,
password,
keychain="/Library/Keychains/System.keychain",
allow_any=False,
keychain_password=None):
'''
Install a certificate
CLI Example:
.. code-block:: bash
salt '*' keychain.install test.p12 test123
cert
The certificate to install
@ -73,7 +73,11 @@ def install(cert, password, keychain="/Library/Keychains/System.keychain", allow
Note: The password given here will show up as plaintext in the returned job
info.
CLI Example:
.. code-block:: bash
salt '*' keychain.install test.p12 test123
'''
if keychain_password is not None:
unlock_keychain(keychain, keychain_password)
@ -84,16 +88,12 @@ def install(cert, password, keychain="/Library/Keychains/System.keychain", allow
return __salt__['cmd.run'](cmd)
def uninstall(cert_name, keychain="/Library/Keychains/System.keychain", keychain_password=None):
def uninstall(cert_name,
keychain="/Library/Keychains/System.keychain",
keychain_password=None):
'''
Uninstall a certificate from a keychain
CLI Example:
.. code-block:: bash
salt '*' keychain.install test.p12 test123
cert_name
The name of the certificate to remove
@ -108,6 +108,11 @@ def uninstall(cert_name, keychain="/Library/Keychains/System.keychain", keychain
Note: The password given here will show up as plaintext in the returned job
info.
CLI Example:
.. code-block:: bash
salt '*' keychain.install test.p12 test123
'''
if keychain_password is not None:
@ -131,7 +136,6 @@ def list_certs(keychain="/Library/Keychains/System.keychain"):
salt '*' keychain.list_certs
'''
cmd = 'security find-certificate -a {0} | grep -o "alis".*\\" | ' \
'grep -o \'\\"[-A-Za-z0-9.:() ]*\\"\''.format(_quote(keychain))
@ -143,12 +147,6 @@ def get_friendly_name(cert, password):
'''
Get the friendly name of the given certificate
CLI Example:
.. code-block:: bash
salt '*' keychain.get_friendly_name /tmp/test.p12 test123
cert
The certificate to install
@ -159,6 +157,12 @@ def get_friendly_name(cert, password):
Note: The password given here will show up as plaintext in the returned job
info.
CLI Example:
.. code-block:: bash
salt '*' keychain.get_friendly_name /tmp/test.p12 test123
'''
cmd = 'openssl pkcs12 -in {0} -passin pass:{1} -info -nodes -nokeys 2> /dev/null | ' \
'grep friendlyName:'.format(_quote(cert), _quote(password))
@ -176,6 +180,12 @@ def get_default_keychain(user=None, domain="user"):
domain
The domain to use valid values are user|system|common|dynamic, the default is user
CLI Example:
.. code-block:: bash
salt '*' keychain.get_default_keychain
'''
cmd = "security default-keychain -d {0}".format(domain)
return __salt__['cmd.run'](cmd, runas=user)
@ -185,12 +195,6 @@ def set_default_keychain(keychain, domain="user", user=None):
'''
Set the default keychain
CLI Example:
.. code-block:: bash
salt '*' keychain.set_keychain /Users/fred/Library/Keychains/login.keychain
keychain
The location of the keychain to set as default
@ -200,6 +204,12 @@ def set_default_keychain(keychain, domain="user", user=None):
user
The user to set the default keychain as
CLI Example:
.. code-block:: bash
salt '*' keychain.set_keychain /Users/fred/Library/Keychains/login.keychain
'''
cmd = "security default-keychain -d {0} -s {1}".format(domain, keychain)
return __salt__['cmd.run'](cmd, runas=user)
@ -218,6 +228,12 @@ def unlock_keychain(keychain, password):
Note: The password given here will show up as plaintext in the returned job
info.
CLI Example:
.. code-block:: bash
salt '*' keychain.unlock_keychain /tmp/test.p12 test123
'''
cmd = 'security unlock-keychain -p {0} {1}'.format(password, keychain)
__salt__['cmd.run'](cmd)

67
tests/integration/modules/mac_keychain.py
View File

@ -4,6 +4,7 @@ Validate the mac-keychain module
'''
# Import Python Libs
from __future__ import absolute_import
import os
# Import Salt Testing Libs
@ -19,12 +20,19 @@ ensure_in_syspath('../../')
import integration
from salt.exceptions import CommandExecutionError
CERT = 'salttest.p12'
CERT = os.path.join(
integration.FILES,
'file',
'base',
'certs',
'salttest.p12'
)
CERT_ALIAS = 'Salt Test'
CERT_DEST= '/tmp/salttest.p12'
PASSWD = 'salttest'
@destructiveTest
@skipIf(os.geteuid() != 0, 'You must be logged in as root to run this test')
class MacKeychainModuleTest(integration.ModuleCase):
'''
Integration tests for the mac_keychain module
@ -41,87 +49,84 @@ class MacKeychainModuleTest(integration.ModuleCase):
**os_grain
)
)
# Must copy the cert to the mac for all tests
copy_cert = self.run_function('cp.get_file', ['salt://certs.{0}'.format(CERT), CERT_DEST])
# self.assertTrue(copy_cert)
# check_cert = self.run_function('file.find', ['/tmp'], name='{0}'.format(CERT))
# if CERT not in str(check_cert):
# self.skipTest(
# 'Can not copy the cert {0} to dir {1}'.format(CERT, CERT_DEST))
def tearDown(self):
'''
Clean up after tests
'''
# Remove the salttest cert, if left over.
certs_list = self.run_function('keychain.list_certs')
if CERT_ALIAS in certs_list:
self.run_function('keychain.uninstall', [CERT_ALIAS])
@destructiveTest
@skipIf(os.geteuid() != 0, 'You must be logged in as root to run this test')
@requires_system_grains
def test_mac_keychain_install(self, grains=None):
'''
Tests that attempts to install a certificate
'''
install_cert = self.run_function('keychain.install', [CERT_DEST, PASSWD])
install_cert = self.run_function('keychain.install', [CERT, PASSWD])
self.assertTrue(install_cert)
#check to ensure the cert was installed
# check to ensure the cert was installed
certs_list = self.run_function('keychain.list_certs')
self.assertIn(CERT_ALIAS, certs_list)
@destructiveTest
@skipIf(os.geteuid() != 0, 'You must be logged in as root to run this test')
@requires_system_grains
def test_mac_keychain_uninstall(self, grains=None):
'''
Tests that attempts to uninstall a certificate
'''
self.run_function('keychain.install', [CERT_DEST, PASSWD])
self.run_function('keychain.install', [CERT, PASSWD])
certs_list = self.run_function('keychain.list_certs')
if CERT_ALIAS not in certs_list:
self.run_function('keychain.uninstall', [CERT_ALIAS])
self.skipTest('Failed to install keychain')
uninstall_cert = self.run_function('keychain.uninstall', [CERT_ALIAS])
# uninstall cert
self.run_function('keychain.uninstall', [CERT_ALIAS])
certs_list = self.run_function('keychain.list_certs')
#check to ensure the cert was uninstalled
# check to ensure the cert was uninstalled
try:
self.assertNotIn(CERT_ALIAS, str(certs_list))
except CommandExecutionError:
self.run_function('keychain.uninstall', [CERT_ALIAS])
@destructiveTest
@skipIf(os.geteuid() != 0, 'You must be logged in as root to run this test')
@requires_system_grains
def test_mac_keychain_get_friendly_name(self, grains=None):
'''
Test that attempts to get friendly name of a cert
'''
self.run_function('keychain.install', [CERT_DEST, PASSWD])
self.run_function('keychain.install', [CERT, PASSWD])
certs_list = self.run_function('keychain.list_certs')
if CERT_ALIAS not in certs_list:
self.run_function('keychain.uninstall', [CERT_ALIAS])
self.skipTest('Failed to install keychain')
get_name = self.run_function('keychain.get_friendly_name', [CERT_DEST, PASSWD])
get_name = self.run_function('keychain.get_friendly_name', [CERT, PASSWD])
self.assertEqual(get_name, CERT_ALIAS)
@destructiveTest
@skipIf(os.geteuid() != 0, 'You must be logged in as root to run this test')
@requires_system_grains
def test_mac_keychain_get_default_keychain(self, grains=None):
'''
Test that attempts to get the default keychain
'''
salt_get_keychain = self.run_function('keychain.get_default_keychain')
sys_get_keychain = self.run_function('cmd.run', ['security default-keychain -d systemj'])
sys_get_keychain = self.run_function('cmd.run',
['security default-keychain -d user'])
self.assertEqual(salt_get_keychain, sys_get_keychain)
@destructiveTest
@skipIf(os.geteuid() != 0, 'You must be logged in as root to run this test')
@requires_system_grains
def test_mac_keychain_set_default_keychain(self, grains=None):
salt_get_keychain = self.run_function('keychain.get_default_keychain')
set_keychain = self.run_function('keychain.set_default_keychain', ['/tmp/test'])
def test_mac_keychain_list_certs(self, grains=None):
'''
Test that attempts to list certs
'''
cert_default = 'com.apple.systemdefault'
certs = self.run_function('keychain.list_certs')
self.assertIn(cert_default, certs)
if __name__ == '__main__':
from integration import run_tests