|
|
863b3c |
From 90f0b7c16c68d1dd876fc88b56b58c04bc565230 Mon Sep 17 00:00:00 2001
|
|
|
863b3c |
From: Stanislav Levin <slev@altlinux.org>
|
|
|
863b3c |
Date: Fri, 6 Nov 2020 15:18:33 +0300
|
|
|
863b3c |
Subject: [PATCH] tests: Generate a proper `not-valid-after` field
|
|
|
863b3c |
|
|
|
863b3c |
Some tests assume that the mocked certificate will be valid in N
|
|
|
863b3c |
days from now(). There was a hardcoded `not-valid-after` value
|
|
|
863b3c |
which pointed to 20201205214850Z. So, from Nov 06 2020 the assertion
|
|
|
863b3c |
20201205214850Z - now() < cert_expiration_days(30days) fails.
|
|
|
863b3c |
|
|
|
863b3c |
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/159
|
|
|
863b3c |
Signed-off-by: Stanislav Levin <slev@altlinux.org>
|
|
|
863b3c |
---
|
|
|
863b3c |
tests/mock_certmonger.py | 18 ++++++++++++++++--
|
|
|
863b3c |
tests/test_ipa_expiration.py | 8 ++++++--
|
|
|
863b3c |
3 files changed, 30 insertions(+), 8 deletions(-)
|
|
|
863b3c |
|
|
|
863b3c |
diff --git a/tests/mock_certmonger.py b/tests/mock_certmonger.py
|
|
|
863b3c |
index ab53620..8fa4d36 100644
|
|
|
863b3c |
--- a/tests/mock_certmonger.py
|
|
|
863b3c |
+++ b/tests/mock_certmonger.py
|
|
|
863b3c |
@@ -3,6 +3,7 @@
|
|
|
863b3c |
#
|
|
|
863b3c |
|
|
|
863b3c |
import copy
|
|
|
863b3c |
+from datetime import datetime, timedelta, timezone
|
|
|
863b3c |
|
|
|
863b3c |
from ipaplatform.paths import paths
|
|
|
863b3c |
|
|
|
863b3c |
@@ -10,6 +11,8 @@ from ipaplatform.paths import paths
|
|
|
863b3c |
# distinct from the value from the overrident get_defaults() method.
|
|
|
863b3c |
template = paths.CERTMONGER_COMMAND_TEMPLATE
|
|
|
863b3c |
|
|
|
863b3c |
+CERT_EXPIRATION_DAYS = 30
|
|
|
863b3c |
+
|
|
|
863b3c |
pristine_cm_requests = [
|
|
|
863b3c |
{
|
|
|
863b3c |
'nickname': '1234',
|
|
|
863b3c |
@@ -20,7 +23,11 @@ pristine_cm_requests = [
|
|
|
863b3c |
'cert-storage': 'FILE',
|
|
|
863b3c |
'cert-presave-command': template % 'renew_ra_cert_pre',
|
|
|
863b3c |
'cert-postsave-command': template % 'renew_ra_cert',
|
|
|
863b3c |
- 'not-valid-after': 1024,
|
|
|
863b3c |
+ 'not-valid-after': (
|
|
|
863b3c |
+ int(
|
|
|
863b3c |
+ datetime(1970, 1, 1, 0, 17, 4, tzinfo=timezone.utc).timestamp()
|
|
|
863b3c |
+ )
|
|
|
863b3c |
+ ),
|
|
|
863b3c |
},
|
|
|
863b3c |
{
|
|
|
863b3c |
'nickname': '5678',
|
|
|
863b3c |
@@ -30,7 +37,14 @@ pristine_cm_requests = [
|
|
|
863b3c |
'template_profile': 'caIPAserviceCert',
|
|
|
863b3c |
'cert-storage': 'FILE',
|
|
|
863b3c |
'cert-postsave-command': template % 'restart_httpd',
|
|
|
863b3c |
- 'not-valid-after': 1607204930,
|
|
|
863b3c |
+ 'not-valid-after': (
|
|
|
863b3c |
+ int(
|
|
|
863b3c |
+ (
|
|
|
863b3c |
+ datetime.now(timezone.utc) +
|
|
|
863b3c |
+ timedelta(days=CERT_EXPIRATION_DAYS + 1)
|
|
|
863b3c |
+ ).timestamp()
|
|
|
863b3c |
+ )
|
|
|
863b3c |
+ ),
|
|
|
863b3c |
},
|
|
|
863b3c |
]
|
|
|
863b3c |
|
|
|
863b3c |
diff --git a/tests/test_ipa_expiration.py b/tests/test_ipa_expiration.py
|
|
|
863b3c |
index ff3564b..fb7105b 100644
|
|
|
863b3c |
--- a/tests/test_ipa_expiration.py
|
|
|
863b3c |
+++ b/tests/test_ipa_expiration.py
|
|
|
863b3c |
@@ -11,7 +11,11 @@ from ipahealthcheck.ipa.certs import IPACertmongerExpirationCheck
|
|
|
863b3c |
from ipahealthcheck.ipa.certs import IPACAChainExpirationCheck
|
|
|
863b3c |
from unittest.mock import Mock, patch
|
|
|
863b3c |
from mock_certmonger import create_mock_dbus, _certmonger
|
|
|
863b3c |
-from mock_certmonger import get_expected_requests, set_requests
|
|
|
863b3c |
+from mock_certmonger import (
|
|
|
863b3c |
+ get_expected_requests,
|
|
|
863b3c |
+ set_requests,
|
|
|
863b3c |
+ CERT_EXPIRATION_DAYS,
|
|
|
863b3c |
+)
|
|
|
863b3c |
|
|
|
863b3c |
from datetime import datetime, timedelta, timezone
|
|
|
863b3c |
|
|
|
863b3c |
@@ -67,7 +71,7 @@ class TestExpiration(BaseTest):
|
|
|
863b3c |
registry.initialize(framework, config.Config)
|
|
|
863b3c |
f = IPACertmongerExpirationCheck(registry)
|
|
|
863b3c |
|
|
|
863b3c |
- f.config.cert_expiration_days = '30'
|
|
|
863b3c |
+ f.config.cert_expiration_days = str(CERT_EXPIRATION_DAYS)
|
|
|
863b3c |
self.results = capture_results(f)
|
|
|
863b3c |
|
|
|
863b3c |
assert len(self.results) == 2
|
|
|
863b3c |
--
|
|
|
863b3c |
2.31.1
|
|
|
863b3c |
|