1
from mocker import MockerTestCase
3
from cloudinit import cloud
4
from cloudinit import helpers
5
from cloudinit import util
7
from cloudinit.config import cc_ca_certs
12
class TestNoConfig(MockerTestCase):
14
super(TestNoConfig, self).setUp()
15
self.name = "ca-certs"
16
self.cloud_init = None
17
self.log = logging.getLogger("TestNoConfig")
20
def test_no_config(self):
22
Test that nothing is done if no ca-certs configuration is provided.
24
config = util.get_builtin_cfg()
25
self.mocker.replace(util.write_file, passthrough=False)
26
self.mocker.replace(cc_ca_certs.update_ca_certs, passthrough=False)
29
cc_ca_certs.handle(self.name, config, self.cloud_init, self.log,
33
class TestConfig(MockerTestCase):
35
super(TestConfig, self).setUp()
36
self.name = "ca-certs"
38
self.cloud = cloud.Cloud(None, self.paths, None, None, None)
39
self.log = logging.getLogger("TestNoConfig")
42
# Mock out the functions that actually modify the system
43
self.mock_add = self.mocker.replace(cc_ca_certs.add_ca_certs,
45
self.mock_update = self.mocker.replace(cc_ca_certs.update_ca_certs,
47
self.mock_remove = self.mocker.replace(
48
cc_ca_certs.remove_default_ca_certs, passthrough=False)
50
# Order must be correct
53
def test_no_trusted_list(self):
55
Test that no certificates are written if the 'trusted' key is not
58
config = {"ca-certs": {}}
60
# No functions should be called
64
cc_ca_certs.handle(self.name, config, self.cloud, self.log, self.args)
66
def test_empty_trusted_list(self):
67
"""Test that no certificate are written if 'trusted' list is empty."""
68
config = {"ca-certs": {"trusted": []}}
70
# No functions should be called
74
cc_ca_certs.handle(self.name, config, self.cloud, self.log, self.args)
76
def test_single_trusted(self):
77
"""Test that a single cert gets passed to add_ca_certs."""
78
config = {"ca-certs": {"trusted": ["CERT1"]}}
80
self.mock_add(self.paths, ["CERT1"])
84
cc_ca_certs.handle(self.name, config, self.cloud, self.log, self.args)
86
def test_multiple_trusted(self):
87
"""Test that multiple certs get passed to add_ca_certs."""
88
config = {"ca-certs": {"trusted": ["CERT1", "CERT2"]}}
90
self.mock_add(self.paths, ["CERT1", "CERT2"])
94
cc_ca_certs.handle(self.name, config, self.cloud, self.log, self.args)
96
def test_remove_default_ca_certs(self):
97
"""Test remove_defaults works as expected."""
98
config = {"ca-certs": {"remove-defaults": True}}
100
self.mock_remove(self.paths)
104
cc_ca_certs.handle(self.name, config, self.cloud, self.log, self.args)
106
def test_no_remove_defaults_if_false(self):
107
"""Test remove_defaults is not called when config value is False."""
108
config = {"ca-certs": {"remove-defaults": False}}
113
cc_ca_certs.handle(self.name, config, self.cloud, self.log, self.args)
115
def test_correct_order_for_remove_then_add(self):
116
"""Test remove_defaults is not called when config value is False."""
117
config = {"ca-certs": {"remove-defaults": True, "trusted": ["CERT1"]}}
119
self.mock_remove(self.paths)
120
self.mock_add(self.paths, ["CERT1"])
124
cc_ca_certs.handle(self.name, config, self.cloud, self.log, self.args)
127
class TestAddCaCerts(MockerTestCase):
130
super(TestAddCaCerts, self).setUp()
131
self.paths = helpers.Paths({
132
'cloud_dir': self.makeDir()
135
def test_no_certs_in_list(self):
136
"""Test that no certificate are written if not provided."""
137
self.mocker.replace(util.write_file, passthrough=False)
139
cc_ca_certs.add_ca_certs(self.paths, [])
141
def test_single_cert(self):
142
"""Test adding a single certificate to the trusted CAs."""
143
cert = "CERT1\nLINE2\nLINE3"
145
mock_write = self.mocker.replace(util.write_file, passthrough=False)
146
mock_write("/usr/share/ca-certificates/cloud-init-ca-certs.crt",
148
mock_write("/etc/ca-certificates.conf",
149
"\ncloud-init-ca-certs.crt", omode="ab")
152
cc_ca_certs.add_ca_certs(self.paths, [cert])
154
def test_multiple_certs(self):
155
"""Test adding multiple certificates to the trusted CAs."""
156
certs = ["CERT1\nLINE2\nLINE3", "CERT2\nLINE2\nLINE3"]
157
expected_cert_file = "\n".join(certs)
159
mock_write = self.mocker.replace(util.write_file, passthrough=False)
160
mock_write("/usr/share/ca-certificates/cloud-init-ca-certs.crt",
161
expected_cert_file, mode=0644)
162
mock_write("/etc/ca-certificates.conf",
163
"\ncloud-init-ca-certs.crt", omode="ab")
166
cc_ca_certs.add_ca_certs(self.paths, certs)
169
class TestUpdateCaCerts(MockerTestCase):
170
def test_commands(self):
171
mock_check_call = self.mocker.replace(util.subp,
173
mock_check_call(["update-ca-certificates"], capture=False)
176
cc_ca_certs.update_ca_certs()
179
class TestRemoveDefaultCaCerts(MockerTestCase):
182
super(TestRemoveDefaultCaCerts, self).setUp()
183
self.paths = helpers.Paths({
184
'cloud_dir': self.makeDir()
187
def test_commands(self):
188
mock_delete_dir_contents = self.mocker.replace(
189
util.delete_dir_contents, passthrough=False)
190
mock_write = self.mocker.replace(util.write_file, passthrough=False)
191
mock_subp = self.mocker.replace(util.subp,
194
mock_delete_dir_contents("/usr/share/ca-certificates/")
195
mock_delete_dir_contents("/etc/ssl/certs/")
196
mock_write("/etc/ca-certificates.conf", "", mode=0644)
197
mock_subp(('debconf-set-selections', '-'),
198
"ca-certificates ca-certificates/trust_new_crts select no")
201
cc_ca_certs.remove_default_ca_certs(self.paths)