4ee9f40e62
* convert aws_acm_facts to AnsibleAWSModule * factor aws_acm_facts into module_utils * add more filtering options for aws_acm_info * add aws_acm module and tests * uncomment aws_acm test * fix linting for aws_acm * fix __future__ linting for aws_acm * fix linting for aws_acm * fix linting for aws_acm * fix linting for aws_acm * fix linting for aws_acm * fix aws_acm_info arg type * remove test for old module name aws_acm_facts * simplify AWS ACM client creation * fix indent typo in aws_acm test * catch BotoCoreError in aws_acm * fix indent typo in aws_acm test * tighten AWS ACM test policy resource * move aws acm int test to venv * remove errant file * fix AWS ACM int test perms * undo copyright addition to wrong file * fix invalid log message in aws_acm Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com> * rephrase aws_acm_info doc from facts to information Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com> * rename aws_facts var to aws_info * remove case insensitivity for aws_acm pem compare * add no_log for aws_acm credential setting * add per-test prefix to aws_acm test resource names * make aws_acm use crypto module_util * clarify copyright for aws_acm * make aws_acm int test clearer * add explicit crypto dependency to aws_acm * change requests for aws_acm pr * fix wrong copyright owner aws_acm test * fix wrong copyright owner aws_acm test * rewrite aws_acm cert chain compare with regex, no dependency * fix linting for aws_acm unit test * fix linting for aws_acm unit test * fix linting and duplicate ignore * fix failed cert chain split in aws_acm, add more tests * remove errant file * more linting fixes for aws_acm * fix sanity ignore * rewrite cert compare in aws_acm to use base64 decode * improve regex for pem cert chain split in aws_acm * undo changes to crypto module util for aws_acm * increment ansible version for new aws_acm module * convert aws_acm return(x) to return x * increment version added for aws_acm_info new features * fix linting * fix bugs with AWS ACM * fix bad rebase * disable AWS ACM integration test, due to AWS account limit issue * remove aws acm integration test from shippable group
122 lines
4.5 KiB
Python
122 lines
4.5 KiB
Python
# (c) 2019 Telstra Corporation Limited
|
|
#
|
|
# This file is part of Ansible
|
|
#
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
from __future__ import (absolute_import, division, print_function)
|
|
__metaclass__ = type
|
|
from ansible.modules.cloud.amazon.aws_acm import pem_chain_split, chain_compare
|
|
from ansible.module_utils._text import to_bytes, to_text
|
|
from pprint import pprint
|
|
|
|
|
|
def test_chain_compare():
|
|
|
|
# The functions we're testing take module as an argument
|
|
# Just so they can call module.fail_json
|
|
# Let's just use None for the unit tests,
|
|
# Because they shouldn't fail
|
|
# And if they do, fail_json is not applicable
|
|
module = None
|
|
|
|
fixture_suffix = 'test/units/modules/cloud/amazon/fixtures/certs'
|
|
|
|
# Test chain split function on super simple (invalid) certs
|
|
expected = ['aaa', 'bbb', 'ccc']
|
|
|
|
for fname in ['simple-chain-a.cert', 'simple-chain-b.cert']:
|
|
path = fixture_suffix + '/' + fname
|
|
with open(path, 'r') as f:
|
|
pem = to_text(f.read())
|
|
actual = pem_chain_split(module, pem)
|
|
actual = [a.strip() for a in actual]
|
|
if actual != expected:
|
|
print("Expected:")
|
|
pprint(expected)
|
|
print("Actual:")
|
|
pprint(actual)
|
|
raise AssertionError("Failed to properly split %s" % fname)
|
|
|
|
# Now test real chains
|
|
# chains with same same_as should be considered equal
|
|
test_chains = [
|
|
{ # Original Cert chain
|
|
'path': fixture_suffix + '/chain-1.0.cert',
|
|
'same_as': 1,
|
|
'length': 3
|
|
},
|
|
{ # Same as 1.0, but longer PEM lines
|
|
'path': fixture_suffix + '/chain-1.1.cert',
|
|
'same_as': 1,
|
|
'length': 3
|
|
},
|
|
{ # Same as 1.0, but without the stuff before each --------
|
|
'path': fixture_suffix + '/chain-1.2.cert',
|
|
'same_as': 1,
|
|
'length': 3
|
|
},
|
|
{ # Same as 1.0, but in a different order, so should be considered different
|
|
'path': fixture_suffix + '/chain-1.3.cert',
|
|
'same_as': 2,
|
|
'length': 3
|
|
},
|
|
{ # Same as 1.0, but with last link missing
|
|
'path': fixture_suffix + '/chain-1.4.cert',
|
|
'same_as': 3,
|
|
'length': 2
|
|
},
|
|
{ # Completely different cert chain to all the others
|
|
'path': fixture_suffix + '/chain-4.cert',
|
|
'same_as': 4,
|
|
'length': 3
|
|
},
|
|
{ # Single cert
|
|
'path': fixture_suffix + '/a.pem',
|
|
'same_as': 5,
|
|
'length': 1
|
|
},
|
|
{ # a different, single cert
|
|
'path': fixture_suffix + '/b.pem',
|
|
'same_as': 6,
|
|
'length': 1
|
|
}
|
|
]
|
|
|
|
for chain in test_chains:
|
|
with open(chain['path'], 'r') as f:
|
|
chain['pem_text'] = to_text(f.read())
|
|
|
|
# Test to make sure our regex isn't too greedy
|
|
chain['split'] = pem_chain_split(module, chain['pem_text'])
|
|
if len(chain['split']) != chain['length']:
|
|
print("Cert before split")
|
|
print(chain['pem_text'])
|
|
print("Cert after split")
|
|
pprint(chain['split'])
|
|
print("path: %s" % chain['path'])
|
|
print("Expected chain length: %d" % chain['length'])
|
|
print("Actual chain length: %d" % len(chain['split']))
|
|
raise AssertionError("Chain %s was not split properly" % chain['path'])
|
|
|
|
for chain_a in test_chains:
|
|
for chain_b in test_chains:
|
|
expected = (chain_a['same_as'] == chain_b['same_as'])
|
|
|
|
# Now test the comparison function
|
|
actual = chain_compare(module, chain_a['pem_text'], chain_b['pem_text'])
|
|
if expected != actual:
|
|
print("Error, unexpected comparison result between \n%s\nand\n%s" % (chain_a['path'], chain_b['path']))
|
|
print("Expected %s got %s" % (str(expected), str(actual)))
|
|
assert(expected == actual)
|