gimmecert Changeset - cdda72ee4c8a

Changeset - cdda72ee4c8a

Parent rev.

Child rev.

[Not reviewed]

0 4 0

Branko Majic (branko) - 6 years ago 2018-05-04 00:15:48
branko@majic.rs

GC-23: Refactored renew command to accept lists of DNS names instead of string.

4 files changed with 24 insertions and 16 deletions:

gimmecert/cli.py

gimmecert/commands.py

tests/test_cli.py

tests/test_commands.py

0 comments (0 inline, 0 general)

gimmecert/cli.py

➞

Show inline comments

@@ @@ -149,8 +149,19 @@ def setup_renew_subcommand_parser(parser, subparsers): @@
     subparser = subparsers.add_parser('renew', description='Renews existing certificates.')
     subparser.add_argument('entity_type', help='Type of entity to renew.', choices=['server', 'client'])
     subparser.add_argument('entity_name', help='Name of the entity')
     subparser.add_argument('--update-dns-names', '-u', dest="dns_names", default=None, type=str, help='''Replace the DNS subject alternative names \
     with new values. \
     def csv_list(csv):
         """
         Small helper that converts CSV string into a list.
         """
         if csv:
             return csv.split(",")
         return []
     subparser.add_argument('--update-dns-names', '-u', dest="dns_names", default=None, type=csv_list,
                            help='''Replace the DNS subject alternative names with new values. \
     Valid only for server certificate renewals. Multiple DNS names can be passed-in as comma-separated list. \
     Passing-in an empty string will result in all additional DNS subject alternative names being removed. \
     The entity name is kept as DNS subject alternative name in either case.''')

gimmecert/commands.py

➞

Show inline comments

     :param custom_csr_path: Path to custom CSR for issuing client certificate. Cannot be used together with generate_new_private_key.
     :type custom_csr_path: str or None
     :param dns_names: Comma-separated list of additional DNS names to use as replacement when renewing a server certificate. To remove additional DNS names,
         set the value to empty string (""). To keep the existing DNS names, set the value to None. Valid only for server certificates.
     :type dns_names: str or None
     :param dns_names: List of additional DNS names to use as replacement when renewing a server certificate. To remove additional DNS names,
         set the value to empty list. To keep the existing DNS names, set the value to None. Valid only for server certificates.
     :type dns_names: list[str] or None
     :returns: Status code, one from gimmecert.commands.ExitCode.
     :rtype: int
     # Issue and write out the new certificate.
     if entity_type == 'server' and dns_names is not None:
         if dns_names == "":
             extra_dns_names = []
         else:
             extra_dns_names = dns_names.split(',')
         certificate = gimmecert.crypto.issue_server_certificate(entity_name, public_key, issuer_private_key, issuer_certificate, extra_dns_names)
         certificate = gimmecert.crypto.issue_server_certificate(entity_name, public_key, issuer_private_key, issuer_certificate, dns_names)
     else:
         certificate = gimmecert.crypto.renew_certificate(old_certificate, public_key, issuer_private_key, issuer_certificate)
     gimmecert.storage.write_certificate(certificate, certificate_path)

tests/test_cli.py

➞

Show inline comments

     mock_renew.assert_called_once_with(sys.stdout, sys.stderr,
                                        tmpdir.strpath,
                                        'server', 'myserver', False, None, 'myservice1.example.com,myservice2.example.com')
+                                       'server', 'myserver', False, None, ['myservice1.example.com', 'myservice2.example.com'])
 @mock.patch('sys.argv', ['gimmecert', 'status'])

tests/test_commands.py

➞

Show inline comments

     with pytest.raises(gimmecert.commands.InvalidCommandInvocation) as e_info:
         gimmecert.commands.renew(io.StringIO(), io.StringIO(), sample_project_directory.strpath,
                                  'client', 'client-with-privkey-1',
                                  False, None, "myservice.example.com")
+                                 False, None, ["myservice.example.com"])
     assert str(e_info.value) == "Updating DNS subject alternative names can be done only for server certificates."
     status_code = gimmecert.commands.renew(stdout_stream, stderr_stream,
                                            sample_project_directory.strpath,
                                            'server', entity_name,
                                            False, None, "myservice.example.com")
+                                           False, None, ["myservice.example.com"])
     stdout = stdout_stream.getvalue()
     stderr = stderr_stream.getvalue()
@@ @@ -1520,7 +1520,9 @@ def test_renew_replaces_dns_names(tmpdir): @@
     old_certificate = gimmecert.storage.read_certificate(certificate_file.strpath)
     old_subject_alt_name = old_certificate.extensions.get_extension_for_class(cryptography.x509.SubjectAlternativeName).value
     gimmecert.commands.renew(io.StringIO(), io.StringIO(), tmpdir.strpath, 'server', 'myserver', False, None, "myservice1.example.com,myservice2.example.com")
     gimmecert.commands.renew(io.StringIO(), io.StringIO(), tmpdir.strpath,
                              'server', 'myserver',
                              False, None, ["myservice1.example.com", "myservice2.example.com"])
     new_certificate_pem = certificate_file.read()
     new_certificate = gimmecert.storage.read_certificate(certificate_file.strpath)
@@ @@ -1544,7 +1546,7 @@ def test_renew_removes_dns_names(tmpdir): @@
     old_certificate = gimmecert.storage.read_certificate(certificate_file.strpath)
     old_subject_alt_name = old_certificate.extensions.get_extension_for_class(cryptography.x509.SubjectAlternativeName).value
-    gimmecert.commands.renew(io.StringIO(), io.StringIO(), tmpdir.strpath, 'server', 'myserver', False, None, "")
+    gimmecert.commands.renew(io.StringIO(), io.StringIO(), tmpdir.strpath, 'server', 'myserver', False, None, [])
     new_certificate_pem = certificate_file.read()
     new_certificate = gimmecert.storage.read_certificate(certificate_file.strpath)

0 comments (0 inline, 0 general)