From b182b41ee1665c67b315fad4575a69e9508388eb Mon Sep 17 00:00:00 2001 From: Russel Vela Date: Thu, 3 Feb 2022 16:29:45 -0600 Subject: [PATCH 1/4] - Added tests for json/yaml parsing of a PolicySpecification file --- tests/resources/policy_specification.yaml | 4 +-- tests/test_pm.py | 32 +++++++++++++++++------ 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/tests/resources/policy_specification.yaml b/tests/resources/policy_specification.yaml index c62aaa7..47ffb7b 100644 --- a/tests/resources/policy_specification.yaml +++ b/tests/resources/policy_specification.yaml @@ -8,9 +8,9 @@ policy: maxValidDays: 120 subject: orgs: - - venafi_yaml + - venafi.com orgUnits: - - DevOps_yaml + - DevOps localities: - Merida states: diff --git a/tests/test_pm.py b/tests/test_pm.py index 3893843..002a393 100644 --- a/tests/test_pm.py +++ b/tests/test_pm.py @@ -42,10 +42,8 @@ def __init__(self, *args, **kwargs): self.yaml_file = _resolve_resources_path(POLICY_SPEC_YAML) def test_json_parsing(self): - # data = json_parser.parse_file(self.json_file) - # print_data = parse_policy_spec(data) - # pprint(print_data) - pass + ps = json_parser.parse_file(self.json_file) + self._assert_policy_spec(ps) def test_json_serialization(self): ps = PolicySpecification(policy=_get_policy_obj(), defaults=_get_defaults_obj()) @@ -55,15 +53,33 @@ def test_yaml_11_parsing(self): pass def test_yaml_12_parsing(self): - # data = yaml_parser.parse_file(self.yaml_file) - # print_data = parse_policy_spec(data) - # pprint(print_data) - pass + ps = yaml_parser.parse_file(self.yaml_file) + self._assert_policy_spec(ps) def test_yaml_serialization(self): ps = PolicySpecification(policy=_get_policy_obj(), defaults=_get_defaults_obj()) yaml_parser.serialize(ps, 'test_yaml_serialization.yaml') + def _assert_policy_spec(self, ps): + """ + + :param vcert.policy.PolicySpecification ps: + :return: + """ + self.assertIsNotNone(ps) + self.assertIn("venafi.com", ps.policy.domains) + self.assertIn("kwan.com", ps.policy.domains) + self.assertIn("venafi.com", ps.policy.subject.orgs) + self.assertTrue(len(ps.policy.subject.orgs) == 1) + self.assertIn("DevOps", ps.policy.subject.org_units) + self.assertTrue(len(ps.policy.subject.org_units) == 1) + self.assertIn("Merida", ps.policy.subject.localities) + self.assertTrue(len(ps.policy.subject.localities) == 1) + self.assertIn("RSA", ps.policy.key_pair.key_types) + self.assertTrue(len(ps.policy.key_pair.key_types) == 1) + self.assertIn(2048, ps.policy.key_pair.rsa_key_sizes) + self.assertTrue(len(ps.policy.key_pair.rsa_key_sizes) == 1) + class TestTPPPolicyManagement(unittest.TestCase): def __init__(self, *args, **kwargs): From 054bbe2f5068c9beb4f3da3aa9664348761ca412 Mon Sep 17 00:00:00 2001 From: Russel Vela Date: Thu, 3 Feb 2022 17:00:48 -0600 Subject: [PATCH 2/4] - Fixing file paths to work from the project root instead of the tests folder --- tests/test_pm.py | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/tests/test_pm.py b/tests/test_pm.py index 002a393..ed4b75f 100644 --- a/tests/test_pm.py +++ b/tests/test_pm.py @@ -28,8 +28,9 @@ PolicySpecification) from vcert.policy.pm_cloud import CA_TYPE_DIGICERT, CA_TYPE_ENTRUST -POLICY_SPEC_JSON = 'resources/policy_specification.json' -POLICY_SPEC_YAML = 'resources/policy_specification.yaml' +# This values are loaded from the project root which is vcert-python, not tests folder +POLICY_SPEC_JSON = './tests/resources/policy_specification.json' +POLICY_SPEC_YAML = './tests/resources/policy_specification.yaml' CA_TYPE_TPP = 'TPP' log = logger.get_child("test-pm") @@ -38,8 +39,8 @@ class TestParsers(unittest.TestCase): def __init__(self, *args, **kwargs): super(TestParsers, self).__init__(*args, **kwargs) - self.json_file = _resolve_resources_path(POLICY_SPEC_JSON) - self.yaml_file = _resolve_resources_path(POLICY_SPEC_YAML) + self.json_file = POLICY_SPEC_JSON + self.yaml_file = POLICY_SPEC_YAML def test_json_parsing(self): ps = json_parser.parse_file(self.json_file) @@ -86,8 +87,8 @@ def __init__(self, *args, **kwargs): self.tpp_conn = TPPTokenConnection(url=TPP_TOKEN_URL, http_request_kwargs={'verify': "/tmp/chain.pem"}) auth = Authentication(user=TPP_USER, password=TPP_PASSWORD, scope=SCOPE_PM) self.tpp_conn.get_access_token(auth) - self.json_file = _resolve_resources_path(POLICY_SPEC_JSON) - self.yaml_file = _resolve_resources_path(POLICY_SPEC_YAML) + self.json_file = POLICY_SPEC_JSON + self.yaml_file = POLICY_SPEC_YAML super(TestTPPPolicyManagement, self).__init__(*args, **kwargs) def test_create_policy_from_json(self): @@ -124,8 +125,8 @@ def _create_policy_tpp(self, policy_spec=None, policy=None, defaults=None): class TestCloudPolicyManagement(unittest.TestCase): def __init__(self, *args, **kwargs): self.cloud_conn = CloudConnection(token=CLOUD_APIKEY, url=CLOUD_URL) - self.json_file = _resolve_resources_path(POLICY_SPEC_JSON) - self.yaml_file = _resolve_resources_path(POLICY_SPEC_YAML) + self.json_file = POLICY_SPEC_JSON + self.yaml_file = POLICY_SPEC_YAML super(TestCloudPolicyManagement, self).__init__(*args, **kwargs) def test_create_policy_from_json(self): @@ -262,10 +263,12 @@ def _get_tpp_policy_name(): time = timestamp() return f"{_get_app_name().format(time)}" - -def _resolve_resources_path(path): - resources_dir = os.path.dirname(__file__) - log.debug(f"Testing root folder: [{resources_dir}]") - resolved_path = f"./{path}" if resources_dir.endswith('tests') else f"./tests/{path}" - log.debug(f"resolved path: [{resolved_path}]") - return resolved_path +# def _resolve_resources_path(path): +# resources_dir = os.path.dirname(__file__) +# log.debug(f"Testing root folder: [{resources_dir}]") +# if resources_dir.endswith('tests'): +# resolved_path = f"./{path}" +# else: +# resolved_path = f"./tests/{path}" +# log.debug(f"resolved path: [{resolved_path}]") +# return resolved_path From 526fc905740646a3cb3a760921721fcc45323924 Mon Sep 17 00:00:00 2001 From: Russel Vela Date: Thu, 3 Feb 2022 17:30:15 -0600 Subject: [PATCH 3/4] - Added test for legacy TPP connection to retrieve SHH CA public key and principals --- tests/test_ssh.py | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/tests/test_ssh.py b/tests/test_ssh.py index 1c2ac11..d357541 100644 --- a/tests/test_ssh.py +++ b/tests/test_ssh.py @@ -19,10 +19,10 @@ import unittest from assets import SSH_CERT_DATA, SSH_PRIVATE_KEY, SSH_PUBLIC_KEY -from test_env import TPP_TOKEN_URL, TPP_USER, TPP_PASSWORD, TPP_SSH_CADN +from test_env import TPP_TOKEN_URL, TPP_USER, TPP_PASSWORD, TPP_SSH_CADN, TPP_URL from test_utils import timestamp from vcert import (CommonConnection, SSHCertRequest, TPPTokenConnection, Authentication, - SCOPE_SSH, write_ssh_files, logger, venafi_connection, VenafiPlatform) + SCOPE_SSH, write_ssh_files, logger, venafi_connection, VenafiPlatform, TPPConnection) from vcert.ssh_utils import SSHRetrieveResponse, SSHKeyPair, SSHCATemplateRequest log = logger.get_child("test-ssh") @@ -31,12 +31,12 @@ SSH_CERT_DATA_ERROR = "Certificate data is empty for Certificate {}" # type: str -class TestTPPSSHCertificate(unittest.TestCase): +class TestTPPTokenSSHCertificate(unittest.TestCase): def __init__(self, *args, **kwargs): self.tpp_conn = TPPTokenConnection(url=TPP_TOKEN_URL, http_request_kwargs={'verify': "/tmp/chain.pem"}) auth = Authentication(user=TPP_USER, password=TPP_PASSWORD, scope=SCOPE_SSH) self.tpp_conn.get_access_token(auth) - super(TestTPPSSHCertificate, self).__init__(*args, **kwargs) + super(TestTPPTokenSSHCertificate, self).__init__(*args, **kwargs) def test_enroll_local_generated_keypair(self): keypair = SSHKeyPair() @@ -75,8 +75,20 @@ def test_retrieve_ca_public_key(self): log.debug(f"{TPP_SSH_CADN} Public Key data:\n{ssh_config.ca_public_key}") def test_retrieve_ca_public_key_and_principals(self): - request = SSHCATemplateRequest(ca_template=TPP_SSH_CADN) - ssh_config = self.tpp_conn.retrieve_ssh_config(ca_request=request) + ssh_config = _retrieve_ssh_config(self.tpp_conn) + self.assertIsNotNone(ssh_config.ca_public_key, f"{TPP_SSH_CADN} Public Key data is empty") + self.assertIsNotNone(ssh_config.ca_principals, f"{TPP_SSH_CADN} default principals is empty") + log.debug(f"{TPP_SSH_CADN} Public Key data: {ssh_config.ca_public_key}") + log.debug(f"{TPP_SSH_CADN} default principals: {ssh_config.ca_principals}") + + +class TestTPPSSHCertificate(unittest.TestCase): + def __init__(self, *args, **kwargs): + self.tpp_conn = TPPConnection(TPP_USER, TPP_PASSWORD, TPP_URL, http_request_kwargs={'verify': "/tmp/chain.pem"}) + super(TestTPPSSHCertificate, self).__init__(*args, **kwargs) + + def test_retrieve_ca_public_key_and_principals(self): + ssh_config = _retrieve_ssh_config(self.tpp_conn) self.assertIsNotNone(ssh_config.ca_public_key, f"{TPP_SSH_CADN} Public Key data is empty") self.assertIsNotNone(ssh_config.ca_principals, f"{TPP_SSH_CADN} default principals is empty") log.debug(f"{TPP_SSH_CADN} Public Key data: {ssh_config.ca_public_key}") @@ -122,5 +134,16 @@ def _enroll_ssh_cert(connector, request): return response +def _retrieve_ssh_config(connection): + """ + + :param vcert.AbstractTPPConnection connection: + :rtype: vcert.SSHConfig + """ + request = SSHCATemplateRequest(ca_template=TPP_SSH_CADN) + ssh_config = connection.retrieve_ssh_config(ca_request=request) + return ssh_config + + def _random_key_id(): return f"vcert-python-ssh-{timestamp()}" From 12099fd92ea73a7d9385e560cc8bc26869445a5d Mon Sep 17 00:00:00 2001 From: Russel Vela Date: Thu, 3 Feb 2022 17:48:17 -0600 Subject: [PATCH 4/4] - Added version_history.md --- .github/version_history.md | 22 ++++++++++++++++++++++ README.md | 4 ++++ 2 files changed, 26 insertions(+) create mode 100644 .github/version_history.md diff --git a/.github/version_history.md b/.github/version_history.md new file mode 100644 index 0000000..4ea8f1f --- /dev/null +++ b/.github/version_history.md @@ -0,0 +1,22 @@ +[![Venafi](./images/Venafi_logo.png)](https://www.venafi.com/) + +[![Apache 2.0 License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) +![Community Supported](https://img.shields.io/badge/Support%20Level-Community-brightgreen) +![Compatible with TPP 17.3+ & VaaS](https://img.shields.io/badge/Compatibility-TPP%2017.3+%20%26%20VaaS-f9a90c) +[![pypi Downloads](https://img.shields.io/pypi/dw/vcert)](https://pypi.org/project/vcert/) +[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=Venafi_vcert-python&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=Venafi_vcert-python) + +_**This open source project is community-supported.** To report a problem or share an idea, use +**[Issues](../../issues)**; and if you have a suggestion for fixing the issue, please include those details, too. +In addition, use **[Pull Requests](../../pulls)** to contribute actual bug fixes or proposed enhancements. +We welcome and appreciate all contributions. Got questions or want to discuss something with our team? +**[Join us on Slack](https://join.slack.com/t/venafi-integrations/shared_invite/zt-i8fwc379-kDJlmzU8OiIQOJFSwiA~dg)**!_ + +# Venafi Collection for Ansible +## Version History + +#### 0.14.0 +* **Dropped support for Python2. New baseline is Python 3.6+** +* Minor bug fixes on Policy Management +* Added integration with sonarcloud for code analysis +* Created version history file diff --git a/README.md b/README.md index 3fd1719..38a652a 100644 --- a/README.md +++ b/README.md @@ -100,6 +100,10 @@ NOTE: While developing with vcert-python, it is helpful if you are using a virtu install the vcert-python library from source in development mode with `pip install --editable`. See https://packaging.python.org/guides/installing-using-pip-and-virtual-environments/ +## Version History + +[Check version history here](.github/version_history.md) + ## License Copyright © Venafi, Inc. All rights reserved.