summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cloudinit/CloudConfig/cc_ca_certs.py21
-rw-r--r--debian.trunk/control1
-rw-r--r--tests/unittests/test_handler_ca_certs.py64
3 files changed, 82 insertions, 4 deletions
diff --git a/cloudinit/CloudConfig/cc_ca_certs.py b/cloudinit/CloudConfig/cc_ca_certs.py
index 1c866f12..e2110890 100644
--- a/cloudinit/CloudConfig/cc_ca_certs.py
+++ b/cloudinit/CloudConfig/cc_ca_certs.py
@@ -23,8 +23,20 @@ import ConfigParser
import cloudinit.CloudConfig as cc
import cloudinit.util as util
+CERT_FILENAME = "/usr/share/ca-certificates/cloud-init-provided.crt"
+
+def write_file(filename, contents, owner, group, mode):
+ raise Exception()
+
def handle(name, cfg, cloud, log, args):
- # If there isn't a chef key in the configuration don't do anything
+ """
+ @param name: The module name "ca-cert" from cloud.cfg
+ @param cfg: A nested dict containing the entire cloud config contents.
+ @param cloud: The L{CloudInit} object in use
+ @param log: Pre-initialized Python logger object to use for logging
+ @param args: Any module arguments from cloud.cfg
+ """
+ # If there isn't a ca-certs section in the configuration don't do anything
if not cfg.has_key('ca-certs'):
return
ca_cert_cfg = cfg['ca-certs']
@@ -33,6 +45,7 @@ def handle(name, cfg, cloud, log, args):
# or 'validation_cert'. In the case where both exist, 'validation_key'
# takes precedence
if ca_cert_cfg.has_key('trusted'):
- trusted_certs = util.get_cfg_option_str(chef_cfg, 'trusted')
- with open('/etc/cert.pem', 'w') as cert_file:
- cert_file.write(trusted_certs)
+ trusted_certs = util.get_cfg_option_list_or_str(ca_cert_cfg, 'trusted')
+ if trusted_certs:
+ cert_file_contents = "\n".join(trusted_certs)
+ write_file(CERT_FILENAME, cert_file_contents, "root", "root", "644")
diff --git a/debian.trunk/control b/debian.trunk/control
index c877f673..eef3cd1d 100644
--- a/debian.trunk/control
+++ b/debian.trunk/control
@@ -8,6 +8,7 @@ Build-Depends: cdbs,
python-nose,
pyflakes,
pylint,
+ python-mocker,
XS-Python-Version: all
Standards-Version: 3.9.1
diff --git a/tests/unittests/test_handler_ca_certs.py b/tests/unittests/test_handler_ca_certs.py
new file mode 100644
index 00000000..21eddf18
--- /dev/null
+++ b/tests/unittests/test_handler_ca_certs.py
@@ -0,0 +1,64 @@
+from unittest import TestCase
+from mocker import MockerTestCase
+
+from cloudinit.CloudConfig.cc_ca_certs import handle, write_file
+
+class TestAddCaCerts(MockerTestCase):
+ def setUp(self):
+ super(TestAddCaCerts, self).setUp()
+ self.name = "ca-certs"
+ self.cloud_init = None
+ self.log = None
+ self.args = []
+
+ def test_no_config(self):
+ """Test that no certificate are written if not provided."""
+ config = {"unknown-key": "value"}
+
+ mock = self.mocker.replace(write_file, passthrough=False)
+ self.mocker.replay()
+
+ handle(self.name, config, self.cloud_init, self.log, self.args)
+
+ def test_no_trusted_list(self):
+ """Test that no certificate are written if not provided."""
+ config = {"ca-certs": {}}
+
+ mock = self.mocker.replace(write_file, passthrough=False)
+ self.mocker.replay()
+
+ handle(self.name, config, self.cloud_init, self.log, self.args)
+
+ def test_no_certs_in_list(self):
+ """Test that no certificate are written if not provided."""
+ config = {"ca-certs": {"trusted": []}}
+
+ mock = self.mocker.replace(write_file, passthrough=False)
+ self.mocker.replay()
+
+ handle(self.name, config, self.cloud_init, self.log, self.args)
+
+ def test_single_cert(self):
+ """Test adding a single certificate to the trusted CAs"""
+ cert = "CERT1\nLINE2\nLINE3"
+ config = {"ca-certs": {"trusted": cert}}
+
+ mock = self.mocker.replace(write_file, passthrough=False)
+ mock("/usr/share/ca-certificates/cloud-init-provided.crt",
+ cert, "root", "root", "644")
+ self.mocker.replay()
+
+ handle(self.name, config, self.cloud_init, self.log, self.args)
+
+ def test_multiple_certs(self):
+ """Test adding multiple certificate to the trusted CAs"""
+ certs = ["CERT1\nLINE2\nLINE3", "CERT2\nLINE2\nLINE3"]
+ cert_file = "\n".join(certs)
+ config = {"ca-certs": {"trusted": certs}}
+
+ mock = self.mocker.replace(write_file, passthrough=False)
+ mock("/usr/share/ca-certificates/cloud-init-provided.crt",
+ cert_file, "root", "root", "644")
+ self.mocker.replay()
+
+ handle(self.name, config, self.cloud_init, self.log, self.args)