mirror of
https://github.com/valitydev/salt.git
synced 2024-11-07 17:09:03 +00:00
Finish up mac_keychain tests
This commit is contained in:
parent
b8f271bdc9
commit
635263ab1c
@ -2,10 +2,12 @@
|
||||
'''
|
||||
Install certificates into the keychain on Mac OS
|
||||
|
||||
.. versionadded:: 2016.3.0
|
||||
|
||||
'''
|
||||
from __future__ import absolute_import
|
||||
|
||||
# Import python libs
|
||||
from __future__ import absolute_import
|
||||
import logging
|
||||
import re
|
||||
|
||||
@ -39,16 +41,14 @@ def __virtual__():
|
||||
return False
|
||||
|
||||
|
||||
def install(cert, password, keychain="/Library/Keychains/System.keychain", allow_any=False, keychain_password=None):
|
||||
def install(cert,
|
||||
password,
|
||||
keychain="/Library/Keychains/System.keychain",
|
||||
allow_any=False,
|
||||
keychain_password=None):
|
||||
'''
|
||||
Install a certificate
|
||||
|
||||
CLI Example:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
salt '*' keychain.install test.p12 test123
|
||||
|
||||
cert
|
||||
The certificate to install
|
||||
|
||||
@ -73,7 +73,11 @@ def install(cert, password, keychain="/Library/Keychains/System.keychain", allow
|
||||
Note: The password given here will show up as plaintext in the returned job
|
||||
info.
|
||||
|
||||
CLI Example:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
salt '*' keychain.install test.p12 test123
|
||||
'''
|
||||
if keychain_password is not None:
|
||||
unlock_keychain(keychain, keychain_password)
|
||||
@ -84,16 +88,12 @@ def install(cert, password, keychain="/Library/Keychains/System.keychain", allow
|
||||
return __salt__['cmd.run'](cmd)
|
||||
|
||||
|
||||
def uninstall(cert_name, keychain="/Library/Keychains/System.keychain", keychain_password=None):
|
||||
def uninstall(cert_name,
|
||||
keychain="/Library/Keychains/System.keychain",
|
||||
keychain_password=None):
|
||||
'''
|
||||
Uninstall a certificate from a keychain
|
||||
|
||||
CLI Example:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
salt '*' keychain.install test.p12 test123
|
||||
|
||||
cert_name
|
||||
The name of the certificate to remove
|
||||
|
||||
@ -108,6 +108,11 @@ def uninstall(cert_name, keychain="/Library/Keychains/System.keychain", keychain
|
||||
Note: The password given here will show up as plaintext in the returned job
|
||||
info.
|
||||
|
||||
CLI Example:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
salt '*' keychain.install test.p12 test123
|
||||
|
||||
'''
|
||||
if keychain_password is not None:
|
||||
@ -131,7 +136,6 @@ def list_certs(keychain="/Library/Keychains/System.keychain"):
|
||||
|
||||
salt '*' keychain.list_certs
|
||||
|
||||
|
||||
'''
|
||||
cmd = 'security find-certificate -a {0} | grep -o "alis".*\\" | ' \
|
||||
'grep -o \'\\"[-A-Za-z0-9.:() ]*\\"\''.format(_quote(keychain))
|
||||
@ -143,12 +147,6 @@ def get_friendly_name(cert, password):
|
||||
'''
|
||||
Get the friendly name of the given certificate
|
||||
|
||||
CLI Example:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
salt '*' keychain.get_friendly_name /tmp/test.p12 test123
|
||||
|
||||
cert
|
||||
The certificate to install
|
||||
|
||||
@ -159,6 +157,12 @@ def get_friendly_name(cert, password):
|
||||
Note: The password given here will show up as plaintext in the returned job
|
||||
info.
|
||||
|
||||
CLI Example:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
salt '*' keychain.get_friendly_name /tmp/test.p12 test123
|
||||
|
||||
'''
|
||||
cmd = 'openssl pkcs12 -in {0} -passin pass:{1} -info -nodes -nokeys 2> /dev/null | ' \
|
||||
'grep friendlyName:'.format(_quote(cert), _quote(password))
|
||||
@ -176,6 +180,12 @@ def get_default_keychain(user=None, domain="user"):
|
||||
domain
|
||||
The domain to use valid values are user|system|common|dynamic, the default is user
|
||||
|
||||
CLI Example:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
salt '*' keychain.get_default_keychain
|
||||
|
||||
'''
|
||||
cmd = "security default-keychain -d {0}".format(domain)
|
||||
return __salt__['cmd.run'](cmd, runas=user)
|
||||
@ -185,12 +195,6 @@ def set_default_keychain(keychain, domain="user", user=None):
|
||||
'''
|
||||
Set the default keychain
|
||||
|
||||
CLI Example:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
salt '*' keychain.set_keychain /Users/fred/Library/Keychains/login.keychain
|
||||
|
||||
keychain
|
||||
The location of the keychain to set as default
|
||||
|
||||
@ -200,6 +204,12 @@ def set_default_keychain(keychain, domain="user", user=None):
|
||||
user
|
||||
The user to set the default keychain as
|
||||
|
||||
CLI Example:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
salt '*' keychain.set_keychain /Users/fred/Library/Keychains/login.keychain
|
||||
|
||||
'''
|
||||
cmd = "security default-keychain -d {0} -s {1}".format(domain, keychain)
|
||||
return __salt__['cmd.run'](cmd, runas=user)
|
||||
@ -218,6 +228,12 @@ def unlock_keychain(keychain, password):
|
||||
Note: The password given here will show up as plaintext in the returned job
|
||||
info.
|
||||
|
||||
CLI Example:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
salt '*' keychain.unlock_keychain /tmp/test.p12 test123
|
||||
|
||||
'''
|
||||
cmd = 'security unlock-keychain -p {0} {1}'.format(password, keychain)
|
||||
__salt__['cmd.run'](cmd)
|
||||
|
@ -4,6 +4,7 @@ Validate the mac-keychain module
|
||||
'''
|
||||
|
||||
# Import Python Libs
|
||||
from __future__ import absolute_import
|
||||
import os
|
||||
|
||||
# Import Salt Testing Libs
|
||||
@ -19,12 +20,19 @@ ensure_in_syspath('../../')
|
||||
import integration
|
||||
from salt.exceptions import CommandExecutionError
|
||||
|
||||
CERT = 'salttest.p12'
|
||||
CERT = os.path.join(
|
||||
integration.FILES,
|
||||
'file',
|
||||
'base',
|
||||
'certs',
|
||||
'salttest.p12'
|
||||
)
|
||||
CERT_ALIAS = 'Salt Test'
|
||||
CERT_DEST= '/tmp/salttest.p12'
|
||||
PASSWD = 'salttest'
|
||||
|
||||
|
||||
@destructiveTest
|
||||
@skipIf(os.geteuid() != 0, 'You must be logged in as root to run this test')
|
||||
class MacKeychainModuleTest(integration.ModuleCase):
|
||||
'''
|
||||
Integration tests for the mac_keychain module
|
||||
@ -41,45 +49,43 @@ class MacKeychainModuleTest(integration.ModuleCase):
|
||||
**os_grain
|
||||
)
|
||||
)
|
||||
# Must copy the cert to the mac for all tests
|
||||
copy_cert = self.run_function('cp.get_file', ['salt://certs.{0}'.format(CERT), CERT_DEST])
|
||||
|
||||
# self.assertTrue(copy_cert)
|
||||
# check_cert = self.run_function('file.find', ['/tmp'], name='{0}'.format(CERT))
|
||||
# if CERT not in str(check_cert):
|
||||
# self.skipTest(
|
||||
# 'Can not copy the cert {0} to dir {1}'.format(CERT, CERT_DEST))
|
||||
def tearDown(self):
|
||||
'''
|
||||
Clean up after tests
|
||||
'''
|
||||
# Remove the salttest cert, if left over.
|
||||
certs_list = self.run_function('keychain.list_certs')
|
||||
if CERT_ALIAS in certs_list:
|
||||
self.run_function('keychain.uninstall', [CERT_ALIAS])
|
||||
|
||||
|
||||
@destructiveTest
|
||||
@skipIf(os.geteuid() != 0, 'You must be logged in as root to run this test')
|
||||
@requires_system_grains
|
||||
def test_mac_keychain_install(self, grains=None):
|
||||
'''
|
||||
Tests that attempts to install a certificate
|
||||
'''
|
||||
install_cert = self.run_function('keychain.install', [CERT_DEST, PASSWD])
|
||||
install_cert = self.run_function('keychain.install', [CERT, PASSWD])
|
||||
self.assertTrue(install_cert)
|
||||
|
||||
# check to ensure the cert was installed
|
||||
certs_list = self.run_function('keychain.list_certs')
|
||||
self.assertIn(CERT_ALIAS, certs_list)
|
||||
|
||||
@destructiveTest
|
||||
@skipIf(os.geteuid() != 0, 'You must be logged in as root to run this test')
|
||||
@requires_system_grains
|
||||
def test_mac_keychain_uninstall(self, grains=None):
|
||||
'''
|
||||
Tests that attempts to uninstall a certificate
|
||||
'''
|
||||
self.run_function('keychain.install', [CERT_DEST, PASSWD])
|
||||
self.run_function('keychain.install', [CERT, PASSWD])
|
||||
certs_list = self.run_function('keychain.list_certs')
|
||||
|
||||
if CERT_ALIAS not in certs_list:
|
||||
self.run_function('keychain.uninstall', [CERT_ALIAS])
|
||||
self.skipTest('Failed to install keychain')
|
||||
|
||||
uninstall_cert = self.run_function('keychain.uninstall', [CERT_ALIAS])
|
||||
# uninstall cert
|
||||
self.run_function('keychain.uninstall', [CERT_ALIAS])
|
||||
certs_list = self.run_function('keychain.list_certs')
|
||||
|
||||
# check to ensure the cert was uninstalled
|
||||
@ -88,40 +94,39 @@ class MacKeychainModuleTest(integration.ModuleCase):
|
||||
except CommandExecutionError:
|
||||
self.run_function('keychain.uninstall', [CERT_ALIAS])
|
||||
|
||||
@destructiveTest
|
||||
@skipIf(os.geteuid() != 0, 'You must be logged in as root to run this test')
|
||||
@requires_system_grains
|
||||
def test_mac_keychain_get_friendly_name(self, grains=None):
|
||||
'''
|
||||
Test that attempts to get friendly name of a cert
|
||||
'''
|
||||
|
||||
self.run_function('keychain.install', [CERT_DEST, PASSWD])
|
||||
self.run_function('keychain.install', [CERT, PASSWD])
|
||||
certs_list = self.run_function('keychain.list_certs')
|
||||
if CERT_ALIAS not in certs_list:
|
||||
self.run_function('keychain.uninstall', [CERT_ALIAS])
|
||||
self.skipTest('Failed to install keychain')
|
||||
|
||||
get_name = self.run_function('keychain.get_friendly_name', [CERT_DEST, PASSWD])
|
||||
get_name = self.run_function('keychain.get_friendly_name', [CERT, PASSWD])
|
||||
self.assertEqual(get_name, CERT_ALIAS)
|
||||
|
||||
@destructiveTest
|
||||
@skipIf(os.geteuid() != 0, 'You must be logged in as root to run this test')
|
||||
@requires_system_grains
|
||||
def test_mac_keychain_get_default_keychain(self, grains=None):
|
||||
'''
|
||||
Test that attempts to get the default keychain
|
||||
'''
|
||||
salt_get_keychain = self.run_function('keychain.get_default_keychain')
|
||||
sys_get_keychain = self.run_function('cmd.run', ['security default-keychain -d systemj'])
|
||||
sys_get_keychain = self.run_function('cmd.run',
|
||||
['security default-keychain -d user'])
|
||||
self.assertEqual(salt_get_keychain, sys_get_keychain)
|
||||
|
||||
@destructiveTest
|
||||
@skipIf(os.geteuid() != 0, 'You must be logged in as root to run this test')
|
||||
@requires_system_grains
|
||||
def test_mac_keychain_set_default_keychain(self, grains=None):
|
||||
salt_get_keychain = self.run_function('keychain.get_default_keychain')
|
||||
set_keychain = self.run_function('keychain.set_default_keychain', ['/tmp/test'])
|
||||
def test_mac_keychain_list_certs(self, grains=None):
|
||||
'''
|
||||
Test that attempts to list certs
|
||||
'''
|
||||
cert_default = 'com.apple.systemdefault'
|
||||
certs = self.run_function('keychain.list_certs')
|
||||
self.assertIn(cert_default, certs)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
from integration import run_tests
|
||||
|
Loading…
Reference in New Issue
Block a user