diff --git a/tests/integration/files/conf/minion.d/signing_policies.conf b/tests/integration/files/conf/minion.d/signing_policies.conf deleted file mode 100644 index d3fc6b5c30..0000000000 --- a/tests/integration/files/conf/minion.d/signing_policies.conf +++ /dev/null @@ -1,14 +0,0 @@ -x509_signing_policies: - ca_policy: - - minions: '*' - - signing_private_key: /etc/pki/ca.key - - signing_cert: /etc/pki/ca.crt - - O: Test Company - - basicConstraints: "CA:false" - - keyUsage: "critical digitalSignature, keyEncipherment" - - extendedKeyUsage: "critical serverAuth, clientAuth" - - subjectKeyIdentifier: hash - - authorityKeyIdentifier: keyid - - days_valid: 730 - - copypath: /etc/pki - diff --git a/tests/integration/files/file/base/test_cert.sls b/tests/integration/files/file/base/test_cert.sls index e2ca8b120a..a04142a47a 100644 --- a/tests/integration/files/file/base/test_cert.sls +++ b/tests/integration/files/file/base/test_cert.sls @@ -1,9 +1,4 @@ {% set tmp_dir = pillar['tmp_dir'] %} -#salt-minion: -# service.running: -# - enable: True -# - listen: -# - file: {{ tmp_dir }}/config/minion.d/signing_policies.conf {{ tmp_dir }}/pki: file.directory @@ -37,7 +32,6 @@ backup: True - require: - file: {{ tmp_dir }}/pki - - salt-minion - {{ tmp_dir }}/pki/ca.key mine.send: @@ -66,3 +60,6 @@ test_crt: name: {{ tmp_dir }}/pki/test.key bits: 4096 backup: True + - require: + - {{ tmp_dir }}/pki/ca.crt + - {{ tmp_dir }}/pki/test.key diff --git a/tests/integration/states/test_x509.py b/tests/integration/states/test_x509.py index 28be7579c0..8e7c44bd42 100644 --- a/tests/integration/states/test_x509.py +++ b/tests/integration/states/test_x509.py @@ -5,9 +5,10 @@ import logging import salt.utils.files from salt.ext import six +import textwrap from tests.support.helpers import with_tempfile -from tests.support.paths import BASE_FILES, TMP +from tests.support.paths import BASE_FILES, TMP, TMP_PILLAR_TREE, PILLAR_DIR from tests.support.case import ModuleCase from tests.support.unit import skipIf from tests.support.mixins import SaltReturnAssertsMixin @@ -27,10 +28,37 @@ class x509Test(ModuleCase, SaltReturnAssertsMixin): @classmethod def setUpClass(cls): + with salt.utils.files.fopen(os.path.join(TMP_PILLAR_TREE, 'signing_policies.sls'), 'w') as fp: + fp.write(textwrap.dedent('''\ + x509_signing_policies: + ca_policy: + - minions: '*' + - signing_private_key: {0}/pki/ca.key + - signing_cert: {0}/pki/ca.crt + - O: Test Company + - basicConstraints: "CA:false" + - keyUsage: "critical digitalSignature, keyEncipherment" + - extendedKeyUsage: "critical serverAuth, clientAuth" + - subjectKeyIdentifier: hash + - authorityKeyIdentifier: keyid + - days_valid: 730 + - copypath: {0}/pki + '''.format(TMP))) + with salt.utils.files.fopen(os.path.join(TMP_PILLAR_TREE, 'top.sls'), 'w') as fp: + fp.write(textwrap.dedent('''\ + base: + '*': + - signing_policies + ''')) cert_path = os.path.join(BASE_FILES, 'x509_test.crt') with salt.utils.files.fopen(cert_path) as fp: cls.x509_cert_text = fp.read() + @classmethod + def tearDownClass(cls): + os.remove(os.path.join(TMP_PILLAR_TREE, 'signing_policies.sls')) + os.remove(os.path.join(TMP_PILLAR_TREE, 'top.sls')) + def run_function(self, *args, **kwargs): ret = super(x509Test, self).run_function(*args, **kwargs) log.debug('ret = %s', ret)