ansible/test/units/modules/cloud/amazon/test_aws_acm.py

123 lines
4.5 KiB
Python
Raw Normal View History

Add aws_acm module (#60552) * convert aws_acm_facts to AnsibleAWSModule * factor aws_acm_facts into module_utils * add more filtering options for aws_acm_info * add aws_acm module and tests * uncomment aws_acm test * fix linting for aws_acm * fix __future__ linting for aws_acm * fix linting for aws_acm * fix linting for aws_acm * fix linting for aws_acm * fix linting for aws_acm * fix aws_acm_info arg type * remove test for old module name aws_acm_facts * simplify AWS ACM client creation * fix indent typo in aws_acm test * catch BotoCoreError in aws_acm * fix indent typo in aws_acm test * tighten AWS ACM test policy resource * move aws acm int test to venv * remove errant file * fix AWS ACM int test perms * undo copyright addition to wrong file * fix invalid log message in aws_acm Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com> * rephrase aws_acm_info doc from facts to information Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com> * rename aws_facts var to aws_info * remove case insensitivity for aws_acm pem compare * add no_log for aws_acm credential setting * add per-test prefix to aws_acm test resource names * make aws_acm use crypto module_util * clarify copyright for aws_acm * make aws_acm int test clearer * add explicit crypto dependency to aws_acm * change requests for aws_acm pr * fix wrong copyright owner aws_acm test * fix wrong copyright owner aws_acm test * rewrite aws_acm cert chain compare with regex, no dependency * fix linting for aws_acm unit test * fix linting for aws_acm unit test * fix linting and duplicate ignore * fix failed cert chain split in aws_acm, add more tests * remove errant file * more linting fixes for aws_acm * fix sanity ignore * rewrite cert compare in aws_acm to use base64 decode * improve regex for pem cert chain split in aws_acm * undo changes to crypto module util for aws_acm * increment ansible version for new aws_acm module * convert aws_acm return(x) to return x * increment version added for aws_acm_info new features * fix linting * fix bugs with AWS ACM * fix bad rebase * disable AWS ACM integration test, due to AWS account limit issue * remove aws acm integration test from shippable group
2019-11-05 19:57:08 +01:00
# (c) 2019 Telstra Corporation Limited
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
from ansible.modules.cloud.amazon.aws_acm import pem_chain_split, chain_compare
from ansible.module_utils._text import to_bytes, to_text
from pprint import pprint
def test_chain_compare():
# The functions we're testing take module as an argument
# Just so they can call module.fail_json
# Let's just use None for the unit tests,
# Because they shouldn't fail
# And if they do, fail_json is not applicable
module = None
fixture_suffix = 'test/units/modules/cloud/amazon/fixtures/certs'
# Test chain split function on super simple (invalid) certs
expected = ['aaa', 'bbb', 'ccc']
for fname in ['simple-chain-a.cert', 'simple-chain-b.cert']:
path = fixture_suffix + '/' + fname
with open(path, 'r') as f:
pem = to_text(f.read())
actual = pem_chain_split(module, pem)
actual = [a.strip() for a in actual]
if actual != expected:
print("Expected:")
pprint(expected)
print("Actual:")
pprint(actual)
raise AssertionError("Failed to properly split %s" % fname)
# Now test real chains
# chains with same same_as should be considered equal
test_chains = [
{ # Original Cert chain
'path': fixture_suffix + '/chain-1.0.cert',
'same_as': 1,
'length': 3
},
{ # Same as 1.0, but longer PEM lines
'path': fixture_suffix + '/chain-1.1.cert',
'same_as': 1,
'length': 3
},
{ # Same as 1.0, but without the stuff before each --------
'path': fixture_suffix + '/chain-1.2.cert',
'same_as': 1,
'length': 3
},
{ # Same as 1.0, but in a different order, so should be considered different
'path': fixture_suffix + '/chain-1.3.cert',
'same_as': 2,
'length': 3
},
{ # Same as 1.0, but with last link missing
'path': fixture_suffix + '/chain-1.4.cert',
'same_as': 3,
'length': 2
},
{ # Completely different cert chain to all the others
'path': fixture_suffix + '/chain-4.cert',
'same_as': 4,
'length': 3
},
{ # Single cert
'path': fixture_suffix + '/a.pem',
'same_as': 5,
'length': 1
},
{ # a different, single cert
'path': fixture_suffix + '/b.pem',
'same_as': 6,
'length': 1
}
]
for chain in test_chains:
with open(chain['path'], 'r') as f:
chain['pem_text'] = to_text(f.read())
# Test to make sure our regex isn't too greedy
chain['split'] = pem_chain_split(module, chain['pem_text'])
if len(chain['split']) != chain['length']:
print("Cert before split")
print(chain['pem_text'])
print("Cert after split")
pprint(chain['split'])
print("path: %s" % chain['path'])
print("Expected chain length: %d" % chain['length'])
print("Actual chain length: %d" % len(chain['split']))
raise AssertionError("Chain %s was not split properly" % chain['path'])
for chain_a in test_chains:
for chain_b in test_chains:
expected = (chain_a['same_as'] == chain_b['same_as'])
# Now test the comparison function
actual = chain_compare(module, chain_a['pem_text'], chain_b['pem_text'])
if expected != actual:
print("Error, unexpected comparison result between \n%s\nand\n%s" % (chain_a['path'], chain_b['path']))
print("Expected %s got %s" % (str(expected), str(actual)))
assert(expected == actual)