GC-28: Build and install supported Python versions with custom script:
- Drops external dependency on pyenv. - Makes the process actually simpler because pyenv does not play nicely with some built-in tools likes virtualenv/virtualenvwrapper.
GC-28: Added initial set-up for running tests within Vagrant machine:
- Added Vagrantfile that deploys Debian 9 Stretch and provisions it. - Added provisioning script that will set-up multiple Python versions. - Updated development instructions to include information on how to use Vagrant to run all the tests. - Ignore Vagrant artifacts in gitignore.
- List supported Python versions a bit more explicitly (improves readibility/stands out better). - Use dashes instead of asterisks for lists of items (just a syntax change). - Added link to documentation (RTD) to README file.
- Updated package requirements for development to include twine (for the release process). - Added initial version of release script. The script takes care of preparing the local git repository (maintenance branches, tags, updates to release notes and setup.py), as well as pushing the changes to both origin git repository and distribution package to PyPI. - Switched to using version 0.0.0 as development version.
GC-23: Updated documentation related to move of --update-dns-option from server to renew command:
- Updated the server command usage instructions to include reference to --update-dns-option in the renew command. - Added relevant documentation on use of the --update-dns-names option to the usage instructions for renew command. - Update the CLI examples.
GC-23: Removed option to update DNS names from server command:
- Removed functional test. - Dropped the option from CLI. - Dropped the option from command function implementation. - Updating code for new command function signature. - Updated existing unit tests. - Removed unneeded unit tests.
GC-23: Implemend option for updating DNS names for renew command:
- Added functional test covering the new functionality. - Implemented ability to accept new DNS names in the renew command. - Updated existing unit tests for new function signature. - Added unit tests covering the new functionality.
- Fixed invocation of pexepect.spawnu to convert the passed-in arguments explicitly into a list. Necessary since Python 3.4 can't use the *args construct outside of assignment. - Updated the certificate_to_pem function to return str instead of bytes. Necessary since Python 3.4 does not support things like b"%s" % mybytes. - Fixed test for existence of help CLI command. Previous code was referencing a wrong/non-existent function help (the actual name has to be help_ in order not to shadow the built-in function). - Updated unit test invocations that use the read_certificate function. - Updated tests for the read_certificate function.
GC-22: Updated CLI and regular documentation for the new CSR options:
- Updated quick usage instructions to give an example of issuing a server certificate using CSR. - Updated documentation for server, client, and renew commands. - Updated CLI examples to include some usage of the --csr option. - Updated CLI CSR documentation to emphasize that only the public key is taken from the CSR.
GC-22: Updated status command to display path to CSR if certificate was issued using CSR:
- Updated the existing functional test for validating output from the status command on an initialised directory. - Updated status command to check for existence or private key or CSR, and display appropriate message and path to it. - Updated unit tests covering the status command output.
GC-22: Updated renew command to allow reading of CSR from stdin:
- Implemented functional test covering reading of CSR from stdin for the renew command. - Updated renew command CLI help. - Updated renew command to read CSR from stdin if passed-in path is set to '-'. - Implemented relevant unit tests.
GC-22: Updated client command to allow reading of CSR from stdin:
- Implemented functional test covering reading of CSR from stdin for the client command. - Updated client command CLI help. - Updated client command to read CSR from stdin if passed-in path is set to '-'. - Implemented relevant unit tests.
GC-22: Updated server command to allow reading of CSR from stdin:
- Implemented an additional helper for functional tests for running interactive commands. - Implemented functional test covering passing-in CSR to the server command via stdin (interactively). - Updated server command implementation. - Implemented utility function for reading input from user. - Implemented utility function for reading CSR from string in (in OpenSSL-style PEM format) - Fixed some missing imports in the custom pytest fixture. - Implemented relevant unit tests.
GC-22: Server command should refuse to update DNS names if custom CSR was passed-in as well:
- Passing-in the custom CSR means the user wants to create a new entity. Therefore, the case where update of DNS name has been requested in conjunction with passing the CSR, and certificate has already been issued, we need to fail.
GC-22: Refactored server command tests for testing output on success:
- Introduced custom pytest fixture that sets-up a small Gimmecert project. - Introduced custom pytest fixture that sets-up private key with CSR. - Replaced all server command tests that check the resulting output with a parametrised test. One test should actually fail, but this is a bug in implementation. Will fix in subsequent commit. - Introduced separate tests that ensure the server private key or CSR do no get overwritten in case DNS name update is requested.
GC-22: Updated renew command to replace existing private key with CSR if passed-in:
- Added functional test which covers renewal of server and client certificates by generating new private key when previous certificate was issued using custom CSR. - Replace the CSR with generate private key when renewing certificate in case where previous certificate was issued with CSR. - Added unit tests covering new functionality.
GC-22: Updated renew command to replace existing private key with CSR if passed-in:
- Added functional test which covers renewal of server and client certificates using CSR when previous certificate was issued using private key. - Replaced the private key with CSR when renewing certificate using CSR in case where previous certificate was issued with private key. - Updated signature for renew command to accept path to custom CSR. - Updated existing unit tests for new renew command signature. - Added unit tests covering new functionality.
GC-22: Updated renew command to report correct artefact if CSR was originally used for issuing certificate:
- Added functional test for covering the scenario. - Updated printout from the command to display path to CSR if CSR artefact was used for initial (previous) certificate issuance. - Updated existing unit tests and implemented new ones.
GC-22: Implemented issuance of server certificates using passed-in CSR:
- Added functional test. - Expanded server command to accept path to custom CSR file and handle it appropriatelly. - Updated existing unit tests to fix command server invocation. - Added new unit tests.
GC-22: Make server command invocation explicit by requiring the update_dns_names argument:
- Updated the server command to require providing the update_dns_names argument. Helps with consistency to other commands. - Updated unit tests for the server command to invoke it with correct parameters.
GC-22: Implemented issuance of client certificates using passed-in CSR:
- Added functional test covering the issuance of client certificate using CSR. - Updated default value for the CSR client command option to be explicitly None. - Updated the client command to take in the CSR as an argument and process it accordingly. - Added helpers for generating CSR, as well as writing and reading them to/from file. - Updated existing tests to use new signature for the client command. - Added new unit tests for implemented functionality.
GC-22: Added options to parser for accepting CSR for issuing/renewing certificates:
- Implemented functional test for verifying option availability. - Added CSR option to server, client, and renew commands. - Make the new CSR option and --new-private-key option exclusive with each other.
GC-20: Added documentation for status command and fixed output when server/client certificates have been issued:
- Updated quickstart instructions. - Added more detailed usage instructions describing what information gets shown. - Fixed issue with status command reporting no server/client certificates have been issued even if this is not the case.
GC-20: Updated status command to have explicit message if no server or client certificates have been issued:
- Updated the statuc command to inform user that no server or client certificates have been issued if so (instead of just showing empty section). - Implemented unit tests.
GC-20: Implemented status command for initialised directory:
- Added functional test. - Implemented showing CA hierarchy, server and client certificate information for initialised directories. - Implemented helper functions for generating string representation of DNs, DNS subject alternative names, and date range. - Return correct error when calling status command on uninitialised directory. - Updated gitignore to exclude *.pyc from repository. - Implemented unit tests.
GC-20: Show informative message when calling status command on uninitialised directory:
- Added small function test to cover the scenario when status command is called on an uninitalised directory. - Updated the status command implementation. - Implemented the necessary unit tests.
GC-20: Added initial dummy implementation of status command:
- Added functional test checking if the command is available and has help. - Updated unit tests for new CLI command. - The command does not do anything at the moment.
Noticket: Deduplicate testing of functions that set-up subcommand parsers:
- Updated the CLI tests. - Introduced parametrized tests for checking return object of set-up subcommand parser functions (will go through all registered functions). - Introduced parametrized test for checking if functions used for setting-up subcommand parsers had been registred correctly via decorator. - Remove old tests that got replaced as part of this paramtrization.
Noticket: Deduplicate testing of command availaibility and help flags:
- Updated CLI tests related to testing of what commands are available, and if they accept the help (long and short form) flag. - Commands are provided via Pytest parametrisation. - Changed tests cover primarily the parser behaviour.
- Updated CLI tests related to testing of acceptable/expected invocations. - Introduced mechanism for specifying CLI invocation that should not produce errors using Pytest parametirsation. - Replaced all tests that verify just the parser handling of input arguments (presence, not necessarily content).
GC-18: Added option for generating a new private key during certificate renewal:
- Implemented functional test for the new scenario. - Fixed incorrect check for client certificate validity in existing functional test for client certificate renewal. - Updated documentation to include information about generating a new private key during certificate renewal. - Added option of generating a new private key to the renewal command. - Updated existing code to use new signature for renewal command and function. - Added inline function documentation for the renew command code. - Implemented relevant unti tests that cover new option.
- Added functional test covering the use of renew command for server and client certificates. - Added new crypto function for renewing a certificate based on existing certificate, issuer private key, and issuer certificate. - Fixed use of incorrect output stream in one of the existing tests for the renew command. - Added unit tests covering new functionality.
GC-18: Fail the renew command if requested entity has not certificate:
- Added functional test for scenario where renewal is requested for server or client certificate that do not exist already. - Updated the renew command to return a new error code and show appropriate error message. - Added unit tests.
GC-18: Error-out in case renew is called on uninitialised hierarchy:
- Added functional test for scenario. - Implemented dummy renew command that for now just verifies the hierarchy has been initialised. - Implemented unit tests.
GC-18: Added initial dummy implementation of the renew command:
- Added functional test covering testing of available help for the renew command. - Implemented unit tests - Registered a renew command parser setup function with CLI.
GC-19: Updated server --update-dns-names implementation to inform user about unchanged private key:
- Updated functional and unit tests. - Updated message shown to user when using --update-dns-names server option to include information about private key remaining the same.
GC-19: Added documentation for the --update-dns-names server option:
- Updated CLI help examples. - Added documentation for the server command describing the --update-dns-names option - Fixed invalid documentation for server and client commands that states the existing artifacts will be overwritten.
GC-19: Added option for updating server certificate DNS names:
- Added functional test covering the new scenario. - Added option to server command for updating DNS names for already issued certificate. Private key is kept for this purpose. - Implemented unit tests. - Fixed functional test related to viewing short usage instructions.
GC-16: Added user documentation for the client command:
- Updated the features entry in README file, adding some missing information about other features implemented as well. - Added quick usage instruction for issuing a client certificate. - Added the client certificate artifacts directory to listing of directories used. - Added expanded usage instructions for the client command. - Fixed some invalid invocation example for the server command.
GC-16: Do not overwrite existing client artifacts:
- Added functional test for the scenario. - Implemented unit tests that ensure client artifacts are not getting overwritten if they already exist. - Added check that ensures the client certificate has not been issued previously.
GC-16: Implemented issuance of client certificates:
- Added functional test covering basic issuance of client certificates. - Replaced the dummy command implementation. - Added new crypto function that can be used for issuing TLS client certificates. - Implemented relevant unit tests.
GC-16: Implemented scenario for issuing client certificates when hierarchy is not initialised:
- Added functional test that checks if an error is shown to user in case the hierarchy hasn't been initialised prior to issuing a client certificate. - Added initial dummy client command implementation.
GC-17: Removed redundant tests, cleaned-up tests for commands module and fixed wrong directory used for outputting server artifacts in server command:
- Removed CLI tests that check if command errors-out in case the hierarchy has already been initialised (for init command) or has not been initialised (for server command). These are part of commands module tests already. - Removed unnecessary changing of directory within the commands tests. - Fixed issue where server artifacts paths are not calculated correctly when writing them out (parent directory was not part of path).
GC-17: Deduplicate exits in command wrapper functions:
- Move all calls to exit to the main function. - Update signature of all wrapper functions to return status code. - Update a couple of CLI tests to not fail due to systemexit being thrown (instead of mocking away too much).
GC-17: Refactored calls to help and usage printing functions:
- Introduced distinct help/usage functions in commands module. - Wrap the help/usage in similar way to existing commands. - Added unit tests for new commands and their invocation from CLI.
GC-17: Refactored server command to handle output and return exit code:
- Updated server command to return just a status code. - Updated existing code and tests that call out to the server command to use correct function signature. - Moved output from cli module to commands module. - Updated existing tests for the server command to test for output being produced in correct streams.
GC-17: Refactored init command to handle output and return exit code:
- Introduced a holder class for command exit codes. - Moved output for the cli module to commands module. - Implemented new tests for verifying the command output. - Updated existing tests for verifying return value of command output. - Updated existing code and tests to use the new signature for init command.
GC-15: Prevent server command from overwriting artifacts and clean-up incorrect CLI tests:
- Added functional test for scenario where a server certificate has already been issued. - Updated server certificate issuance command not to overwrite the artifacts. - Fixed a couple of both server and init tests related to CLI parsing to not create artifacts unless necessary, and if necessary to create artifacts in temporary (test) directory. Otherwise intermittent failures will happen.
GC-15: Added user documentation for the server command:
- Updated quickstart section to include samples for issuing server certificates. - Updated the initialisation section to mention creation of directory used for storing server private keys and certificates. - Added new section covering command for issuing server certificates.
GC-15: Implemented functionality for including extra DNS names in server certificates:
- Added functional test covering the new scenario. - Updated invocations of relevant commands in existing code to pass-in the list of extra DNS names where appropriate. - Updated server command and high-level function for issuing server certificates to accept list of additional DNS subject alternative names to include in certificate. - Fixed existing unit tests. - Added additional unit tests that cover the new function.
GC-15: Implemented functionality for issuing a server certificate:
- Added functional test covering the user scenario. - Updated CLI implementation to show user message about issued server artifacts. - Implemented functionality in the server command. - Fixed a small typo in docstring for issue_certificate function. - Implemented high-level crypto function for issuing server certificates. - Implemented additional storage functions for reading an entire CA hierarchy, individual private keys, and individual certificates. - Implemented the necessary unit tests covering newly implemented code.
GC-15: Implemented scenario for server certificate issuance where user has not initialised the CA hierarchy:
- Added functional test that tests if correct error is shown to user in case he/she has not initialised the CA hierarchy. - Introduced new function to check if storage is initialised. - Added initial simplified server command implementation.
GC-14: Cleaned-up testing and development configuration and documentation:
- Enforce 100% coverage in tests (fail the tests otherwise). - Updated development documentation to list: - How to run tests with coverage. - How to generate coverage in html format. - How to build documentation. - What tests are included when running test via tox. - Default to running just the unit tests when not passing in any arguments to pytest. - Removed use of pytest-flake8. - Do not run coverage tests by default outside of tox. - Ensure documentation is built inside of tox environment, and that it does not pollute the source directory. - Have all Python interpreters specified in same section in tox configuration file.
GC-3: Added usage instructions to documentation for init command:
- Added beginnings of a quickstart section. - Added more detailed description on how initialisation behaves, what it generates and how, and what options can be provided.
GC-3: Implement option for specifying CA hierarchy depth during initialisation:
- Minor fix for option checks to make the more reliable (for short flags). - Added functional test for initialising a CA hierarchy with custom depth. - Added option for specifying the CA hierarchy depth (defaults to 1). - Updated the init command to accept and process the CA hierarchy depth option correctly. - Updated function used for issuing certificates to accept list of extensions to be added to certificate. - Updated function used for generating the CA hierarchy to add the CA basic constraint extension.
GC-3: Added ability to provide custom CA base name to init command:
- Added functional test to cover the new scenario (providing CA base name). - Updated init command to accept the CA base name to be used when constructing the CA subject DN. - Updated the existing tests to pass-in the CA base name explicitly. - Updated the CLI code to allow for user to pass-in the CA base name via option (both short and long form available).
GC-3: Updated init command to avoid errors and overwrites on already initialised directories:
- Added functional test covering the scenario where user has already initialised the directory and is re-running the tool. - Updated the init command to return status based on whether the directory is already initialised or not. - Implemented unit tests.
GC-3: Add example for init command to CLI help and fix formatting:
- Updated CLI help to include example on initialising the CA hierarchy. - Use formatter class that preserves description formatting (otherwise everything ends-up in a single paragrpah).
GC-3: Refactored main functionality of the init command into separate function:
- Introduced a new module (commands) where the majority of command implementation should reside. - The cli module should now be a thin wrapper around commands, in charge of processing input system arguments. - Refactored the tests accordingly.
- Added functional test for initialising hierarchy on a fresh directory. - Implemented the init command. - Added two new modules for working with storage and crypto. - Added cryptography (for certificate issuance and crypto) and python-dateutil (for better handling of certificate validities) as installation dependencies. - Added freezegun as test dependency (helps with testing validity dates). - Implemented necessary unit tests.
- Updated functional test for checking on the help subcommand as well. - Implemented the 'help' subcommand. - Updated required function signature for the subcommand_parser decorator (functions should return ArgumentParser instance). - Fixed a typo in inline documentation. - Updated the test for subcommand_parser decorator to be a more robust when checking if function registration works.
- Added terse description to the CLI. - Implemented small mechanism for invoking callback functions attached to parser. - Fixed some linting issues in setup script.
- Register entry point in the package setup script. - Implemented a very basic main function as entry point that constructs an empty argument parser. - Implemented functional test for testing if the CLI tool gets invoked correctly after installation. - Added unit tests for implemented functionality.