diff options
-rw-r--r-- | cloudinit/CloudConfig/cc_ca_certs.py | 21 | ||||
-rw-r--r-- | debian.trunk/control | 1 | ||||
-rw-r--r-- | tests/unittests/test_handler_ca_certs.py | 64 |
3 files changed, 82 insertions, 4 deletions
diff --git a/cloudinit/CloudConfig/cc_ca_certs.py b/cloudinit/CloudConfig/cc_ca_certs.py index 1c866f12..e2110890 100644 --- a/cloudinit/CloudConfig/cc_ca_certs.py +++ b/cloudinit/CloudConfig/cc_ca_certs.py @@ -23,8 +23,20 @@ import ConfigParser import cloudinit.CloudConfig as cc import cloudinit.util as util +CERT_FILENAME = "/usr/share/ca-certificates/cloud-init-provided.crt" + +def write_file(filename, contents, owner, group, mode): + raise Exception() + def handle(name, cfg, cloud, log, args): - # If there isn't a chef key in the configuration don't do anything + """ + @param name: The module name "ca-cert" from cloud.cfg + @param cfg: A nested dict containing the entire cloud config contents. + @param cloud: The L{CloudInit} object in use + @param log: Pre-initialized Python logger object to use for logging + @param args: Any module arguments from cloud.cfg + """ + # If there isn't a ca-certs section in the configuration don't do anything if not cfg.has_key('ca-certs'): return ca_cert_cfg = cfg['ca-certs'] @@ -33,6 +45,7 @@ def handle(name, cfg, cloud, log, args): # or 'validation_cert'. In the case where both exist, 'validation_key' # takes precedence if ca_cert_cfg.has_key('trusted'): - trusted_certs = util.get_cfg_option_str(chef_cfg, 'trusted') - with open('/etc/cert.pem', 'w') as cert_file: - cert_file.write(trusted_certs) + trusted_certs = util.get_cfg_option_list_or_str(ca_cert_cfg, 'trusted') + if trusted_certs: + cert_file_contents = "\n".join(trusted_certs) + write_file(CERT_FILENAME, cert_file_contents, "root", "root", "644") diff --git a/debian.trunk/control b/debian.trunk/control index c877f673..eef3cd1d 100644 --- a/debian.trunk/control +++ b/debian.trunk/control @@ -8,6 +8,7 @@ Build-Depends: cdbs, python-nose, pyflakes, pylint, + python-mocker, XS-Python-Version: all Standards-Version: 3.9.1 diff --git a/tests/unittests/test_handler_ca_certs.py b/tests/unittests/test_handler_ca_certs.py new file mode 100644 index 00000000..21eddf18 --- /dev/null +++ b/tests/unittests/test_handler_ca_certs.py @@ -0,0 +1,64 @@ +from unittest import TestCase +from mocker import MockerTestCase + +from cloudinit.CloudConfig.cc_ca_certs import handle, write_file + +class TestAddCaCerts(MockerTestCase): + def setUp(self): + super(TestAddCaCerts, self).setUp() + self.name = "ca-certs" + self.cloud_init = None + self.log = None + self.args = [] + + def test_no_config(self): + """Test that no certificate are written if not provided.""" + config = {"unknown-key": "value"} + + mock = self.mocker.replace(write_file, passthrough=False) + self.mocker.replay() + + handle(self.name, config, self.cloud_init, self.log, self.args) + + def test_no_trusted_list(self): + """Test that no certificate are written if not provided.""" + config = {"ca-certs": {}} + + mock = self.mocker.replace(write_file, passthrough=False) + self.mocker.replay() + + handle(self.name, config, self.cloud_init, self.log, self.args) + + def test_no_certs_in_list(self): + """Test that no certificate are written if not provided.""" + config = {"ca-certs": {"trusted": []}} + + mock = self.mocker.replace(write_file, passthrough=False) + self.mocker.replay() + + handle(self.name, config, self.cloud_init, self.log, self.args) + + def test_single_cert(self): + """Test adding a single certificate to the trusted CAs""" + cert = "CERT1\nLINE2\nLINE3" + config = {"ca-certs": {"trusted": cert}} + + mock = self.mocker.replace(write_file, passthrough=False) + mock("/usr/share/ca-certificates/cloud-init-provided.crt", + cert, "root", "root", "644") + self.mocker.replay() + + handle(self.name, config, self.cloud_init, self.log, self.args) + + def test_multiple_certs(self): + """Test adding multiple certificate to the trusted CAs""" + certs = ["CERT1\nLINE2\nLINE3", "CERT2\nLINE2\nLINE3"] + cert_file = "\n".join(certs) + config = {"ca-certs": {"trusted": certs}} + + mock = self.mocker.replace(write_file, passthrough=False) + mock("/usr/share/ca-certificates/cloud-init-provided.crt", + cert_file, "root", "root", "644") + self.mocker.replay() + + handle(self.name, config, self.cloud_init, self.log, self.args) |