Hi, With this patch, there's no need to run make-testcert separately before running make-test. Unit test framework will check whether service.crt file exists, and if not, will generate one if needed.
New location of service.crt file is in ~/.ipa directory. Part of https://fedorahosted.org/freeipa/ticket/3621 Tomas
From dfaa28eaac37a30a6181a9ddf27de169f39eb06b Mon Sep 17 00:00:00 2001 From: Tomas Babej <tba...@redhat.com> Date: Thu, 23 May 2013 12:05:36 +0200 Subject: [PATCH] Make testcert automagically when needed by unit test framework With this patch, there's no need to run make-testcert separately before running make-test. Unit test framework will check whether service.crt file exists, and if not, will generate one if needed. New location of service.crt file is in ~/.ipa directory. Part of https://fedorahosted.org/freeipa/ticket/3621 --- tests/test_xmlrpc/test_host_plugin.py | 29 ++++++++++---- tests/test_xmlrpc/test_service_plugin.py | 28 +++++++++++--- make-testcert => tests/testcert.py | 66 ++++++++++++-------------------- 3 files changed, 68 insertions(+), 55 deletions(-) rename make-testcert => tests/testcert.py (68%) diff --git a/tests/test_xmlrpc/test_host_plugin.py b/tests/test_xmlrpc/test_host_plugin.py index 07faf77607284b2193716854b287208f563d9472..7dba8b788c4ac68690e4a7cbfc9f21af1c53c181 100644 --- a/tests/test_xmlrpc/test_host_plugin.py +++ b/tests/test_xmlrpc/test_host_plugin.py @@ -34,6 +34,7 @@ from tests.test_xmlrpc.xmlrpc_test import (Declarative, XMLRPC_test, fuzzy_hex) from tests.test_xmlrpc import objectclasses import base64 +from tests import testcert fqdn1 = u'testhost1.%s' % api.env.domain @@ -55,18 +56,32 @@ dn4 = DN(('fqdn',fqdn4),('cn','computers'),('cn','accounts'), api.env.basedn) invalidfqdn1 = u'foo_bar.lab.%s' % api.env.domain -# We can use the same cert we generated for the service tests -fd = open('tests/test_xmlrpc/service.crt', 'r') -servercert = fd.readlines() -servercert = ''.join(servercert) -servercert = x509.strip_header(servercert) -fd.close() - sshpubkey = u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGAX3xAeLeaJggwTqMjxNwa6XHBUAikXPGMzEpVrlLDCZtv00djsFTBi38PkgxBJVkgRWMrcBsr/35lq7P6w8KGIwA8GI48Z0qBS2NBMJ2u9WQ2hjLN6GdMlo77O0uJY3251p12pCVIS/bHRSq8kHO2No8g7KA9fGGcagPfQH+ee3t7HUkpbQkFTmbPPN++r3V8oVUk5LxbryB3UIIVzNmcSIn3JrXynlvui4MixvrtX6zx+O/bBo68o8/eZD26QrahVbA09fivrn/4h3TM019Eu/c2jOdckfU3cHUV/3Tno5d6JicibyaoDDK7S/yjdn5jhaz8MSEayQvFkZkiF0L public key test' sshpubkeyfp = u'13:67:6B:BF:4E:A2:05:8E:AE:25:8B:A1:31:DE:6F:1B public key test (ssh-rsa)' +servercert = '' + +# Create the testing server cert if it does not already exist +# Returns True if successful, error message if not +if not os.path.exists(testcert.CERTPATH): + servercert_ret = testcert.main() + +if os.path.exists(testcert.CERTPATH): + fd = open(testcert.CERTPATH, 'r') + servercert = fd.readlines() + servercert = ''.join(servercert) + servercert = x509.strip_header(servercert) + fd.close() + + class test_host(Declarative): + def setUp(self): + super(Declarative, self).setUp() + if servercert == '': + raise SkipTest('Testcert generation problem: %s' % + servercert_ret) + cleanup_commands = [ ('host_del', [fqdn1], {}), ('host_del', [fqdn2], {}), diff --git a/tests/test_xmlrpc/test_service_plugin.py b/tests/test_xmlrpc/test_service_plugin.py index 6f8dbbee713405083d92d65f1add170661527bf9..b7cecf0f602711323be1a7ecbf23b2f7f757f29f 100644 --- a/tests/test_xmlrpc/test_service_plugin.py +++ b/tests/test_xmlrpc/test_service_plugin.py @@ -28,6 +28,9 @@ from tests.test_xmlrpc.xmlrpc_test import fuzzy_hex from tests.test_xmlrpc import objectclasses import base64 from ipapython.dn import DN +from tests import testcert +import nose +import os.path fqdn1 = u'testhost1.%s' % api.env.domain fqdn2 = u'testhost2.%s' % api.env.domain @@ -39,17 +42,30 @@ host1dn = DN(('fqdn',fqdn1),('cn','computers'),('cn','accounts'),api.env.basedn) host2dn = DN(('fqdn',fqdn2),('cn','computers'),('cn','accounts'),api.env.basedn) host3dn = DN(('fqdn',fqdn3),('cn','computers'),('cn','accounts'),api.env.basedn) -fd = open('tests/test_xmlrpc/service.crt', 'r') -servercert = fd.readlines() -servercert = ''.join(servercert) -servercert = x509.strip_header(servercert) -fd.close() - +servercert = '' badservercert = 'MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXDuqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHYd+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pekiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgUgMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0WyDGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv' +# Create the testing server cert if it does not already exist +# Returns True if successful, error message if not +if not os.path.exists(testcert.CERTPATH): + servercert_ret = testcert.main() + +if os.path.exists(testcert.CERTPATH): + fd = open(testcert.CERTPATH, 'r') + servercert = fd.readlines() + servercert = ''.join(servercert) + servercert = x509.strip_header(servercert) + fd.close() + class test_service(Declarative): + def setUp(self): + super(Declarative, self).setUp() + if servercert == '': + raise nose.SkipTest('Testcert generation problem: %s' % + servercert_ret) + cleanup_commands = [ ('host_del', [fqdn1], {}), ('host_del', [fqdn2], {}), diff --git a/make-testcert b/tests/testcert.py similarity index 68% rename from make-testcert rename to tests/testcert.py index a5814e1de9428e74a6343f5f13193748e3e04df6..9b1bcbfe334a623021e3f91da642a7600d38347b 100755 --- a/make-testcert +++ b/tests/testcert.py @@ -23,17 +23,17 @@ Generate a custom certificate used in the service unit tests. The certificate will be created in tests/test_xmlrpc/service.crt """ -import sys + import os import tempfile import shutil -import nss.nss as nss -from ipalib import api, x509, backend, errors +from ipalib import api, errors, x509 from ipaserver.plugins import rabase from ipapython import ipautil from ipapython.dn import DN -CERTPATH = 'tests/test_xmlrpc/service.crt' +CERTPATH = '{home}/.ipa/service.crt'.format(home=api.env.home) + def run_certutil(reqdir, args, stdin=None): """ @@ -43,6 +43,7 @@ def run_certutil(reqdir, args, stdin=None): new_args = new_args + args return ipautil.run(new_args, stdin) + def generateCSR(reqdir, pwname, subject): """ Create a CSR for the given subject. @@ -58,35 +59,17 @@ def generateCSR(reqdir, pwname, subject): fp.close() return data -class client(backend.Executioner): - """ - A simple-minded IPA client that can execute remote commands. - """ - - def run(self, method, *args, **options): - self.create_context() - result = self.execute(method, *args, **options) - return result - def makecert(reqdir): """ Generate a service certificate that can be used during unit testing. """ - cfg = dict( - context='cli', - in_server=False, - debug=False, - verbose=0, - ) - - api.bootstrap(**cfg) - api.register(client) - api.finalize() ra = rabase.rabase() - if not os.path.exists(ra.sec_dir) and api.env.xmlrpc_uri == 'http://localhost:8888/ipa/xml': - sys.exit('The in-tree self-signed CA is not configured, see tests/test_xmlrpc/test_cert.py') + if not os.path.exists(ra.sec_dir)\ + and api.env.xmlrpc_uri == 'http://localhost:8888/ipa/xml': + return 'The in-tree self-signed CA is not configured, ' + \ + 'see tests/test_xmlrpc/test_cert.py' pwname = reqdir + "/pwd" @@ -98,7 +81,7 @@ def makecert(reqdir): # Generate NSS cert database to store the private key for our CSR run_certutil(reqdir, ["-N", "-f", pwname]) - res = api.Backend.client.run('config_show') + res = api.Command['config_show']() subject_base = res['result']['ipacertificatesubjectbase'][0] cert = None @@ -107,8 +90,7 @@ def makecert(reqdir): csr = unicode(generateCSR(reqdir, pwname, str(subject))) try: - res = api.Backend.client.run('cert_request', csr, principal=princ, - add=True) + res = api.Command['cert_request'](csr, principal=princ, add=True) cert = x509.make_pem(res['result']['certificate']) fd = open(CERTPATH, 'w') fd.write(cert) @@ -118,19 +100,19 @@ def makecert(reqdir): except errors.CommandError: return "You need to set enable_ra=True in ~/.ipa/default.conf" - nss.nss_init_nodb() - c = x509.load_certificate(cert, x509.PEM) - print c - return 0 +def main(): + reqdir = None -reqdir = None + if os.path.exists(CERTPATH): + return -if os.path.exists(CERTPATH): - print "Test certificate %s exists, skipping." % CERTPATH - sys.exit(0) -try: - reqdir = tempfile.mkdtemp(prefix = "tmp-") - sys.exit(makecert(reqdir)) -finally: - shutil.rmtree(reqdir) + try: + reqdir = tempfile.mkdtemp(prefix="tmp-") + ret = makecert(reqdir) + except Exception, e: + ret = str(e) + finally: + shutil.rmtree(reqdir) + + return ret -- 1.8.1.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel