Use tmp pillar for signing policies

2024-11-07 08:58:59 +00:00 · 2019-04-02 19:48:52 +00:00 · 2019-04-02 19:48:52 +00:00 · 8c1b1dbd92
commit 8c1b1dbd92
parent a0e245800d
3 changed files with 32 additions and 21 deletions
--- a/tests/integration/files/conf/minion.d/signing_policies.conf
+++ b/tests/integration/files/conf/minion.d/signing_policies.conf
@ -1,14 +0,0 @@
-x509_signing_policies:
-  ca_policy:
-    - minions: '*'
-    - signing_private_key: /etc/pki/ca.key
-    - signing_cert: /etc/pki/ca.crt
-    - O: Test Company
-    - basicConstraints: "CA:false"
-    - keyUsage: "critical digitalSignature, keyEncipherment"
-    - extendedKeyUsage: "critical serverAuth, clientAuth"
-    - subjectKeyIdentifier: hash
-    - authorityKeyIdentifier: keyid
-    - days_valid: 730
-    - copypath: /etc/pki
-
--- a/tests/integration/files/file/base/test_cert.sls
+++ b/tests/integration/files/file/base/test_cert.sls
@ -1,9 +1,4 @@
 {% set tmp_dir = pillar['tmp_dir'] %}
-#salt-minion:
-#  service.running:
-#    - enable: True
-#    - listen:
-#      - file: {{ tmp_dir }}/config/minion.d/signing_policies.conf

 {{ tmp_dir }}/pki:
  file.directory
@ -37,7 +32,6 @@
        backup: True
    - require:
      - file: {{ tmp_dir  }}/pki
-      - salt-minion
      - {{ tmp_dir  }}/pki/ca.key

 mine.send:
@ -66,3 +60,6 @@ test_crt:
        name: {{ tmp_dir  }}/pki/test.key
        bits: 4096
        backup: True
+    - require:
+        - {{ tmp_dir  }}/pki/ca.crt
+        - {{ tmp_dir  }}/pki/test.key
--- a/tests/integration/states/test_x509.py
+++ b/tests/integration/states/test_x509.py
@ -5,9 +5,10 @@ import logging

 import salt.utils.files
 from salt.ext import six
+import textwrap

 from tests.support.helpers import with_tempfile
-from tests.support.paths import BASE_FILES, TMP
+from tests.support.paths import BASE_FILES, TMP, TMP_PILLAR_TREE, PILLAR_DIR
 from tests.support.case import ModuleCase
 from tests.support.unit import skipIf
 from tests.support.mixins import SaltReturnAssertsMixin
@ -27,10 +28,37 @@ class x509Test(ModuleCase, SaltReturnAssertsMixin):

    @classmethod
    def setUpClass(cls):
+        with salt.utils.files.fopen(os.path.join(TMP_PILLAR_TREE, 'signing_policies.sls'), 'w') as fp:
+            fp.write(textwrap.dedent('''\
+                x509_signing_policies:
+                  ca_policy:
+                    - minions: '*'
+                    - signing_private_key: {0}/pki/ca.key
+                    - signing_cert: {0}/pki/ca.crt
+                    - O: Test Company
+                    - basicConstraints: "CA:false"
+                    - keyUsage: "critical digitalSignature, keyEncipherment"
+                    - extendedKeyUsage: "critical serverAuth, clientAuth"
+                    - subjectKeyIdentifier: hash
+                    - authorityKeyIdentifier: keyid
+                    - days_valid: 730
+                    - copypath: {0}/pki
+                     '''.format(TMP)))
+        with salt.utils.files.fopen(os.path.join(TMP_PILLAR_TREE, 'top.sls'), 'w') as fp:
+            fp.write(textwrap.dedent('''\
+                     base:
+                       '*':
+                         - signing_policies
+                     '''))
        cert_path = os.path.join(BASE_FILES, 'x509_test.crt')
        with salt.utils.files.fopen(cert_path) as fp:
            cls.x509_cert_text = fp.read()

+    @classmethod
+    def tearDownClass(cls):
+        os.remove(os.path.join(TMP_PILLAR_TREE, 'signing_policies.sls'))
+        os.remove(os.path.join(TMP_PILLAR_TREE, 'top.sls'))
+
    def run_function(self, *args, **kwargs):
        ret = super(x509Test, self).run_function(*args, **kwargs)
        log.debug('ret = %s', ret)