1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
import os
import dcoscli.constants as cli_constants
from dcos import constants
import pytest
from .common import config_set, config_unset, exec_command
@pytest.fixture
def env():
r = os.environ.copy()
r.update({
constants.PATH_ENV: os.environ[constants.PATH_ENV],
constants.DCOS_CONFIG_ENV: os.path.join("tests",
"data", "ssl", "ssl.toml"),
cli_constants.DCOS_PRODUCTION_ENV: 'false'
})
return r
def test_dont_verify_ssl_with_env_var(env):
env[constants.DCOS_SSL_VERIFY_ENV] = 'false'
returncode, stdout, stderr = exec_command(
['dcos', 'marathon', 'app', 'list'], env)
assert returncode == 0
assert stderr == b''
env.pop(constants.DCOS_SSL_VERIFY_ENV)
def test_dont_verify_ssl_with_config(env):
config_set('core.ssl_verify', 'false', env)
returncode, stdout, stderr = exec_command(
['dcos', 'marathon', 'app', 'list'], env)
assert returncode == 0
assert stderr == b''
config_unset('core.ssl_verify', None, env)
def test_verify_ssl_without_cert_env_var(env):
env[constants.DCOS_SSL_VERIFY_ENV] = 'true'
returncode, stdout, stderr = exec_command(
['dcos', 'marathon', 'app', 'list'], env)
assert returncode == 1
assert "certificate verify failed" in stderr.decode('utf-8')
env.pop(constants.DCOS_SSL_VERIFY_ENV)
def test_verify_ssl_without_cert_config(env):
config_set('core.ssl_verify', 'true', env)
returncode, stdout, stderr = exec_command(
['dcos', 'marathon', 'app', 'list'], env)
assert returncode == 1
assert "certificate verify failed" in stderr.decode('utf-8')
config_unset('core.ssl_verify', None, env)
def test_verify_ssl_with_bad_cert_env_var(env):
env[constants.DCOS_SSL_VERIFY_ENV] = 'tests/data/ssl/fake.pem'
returncode, stdout, stderr = exec_command(
['dcos', 'marathon', 'app', 'list'], env)
assert returncode == 1
assert "PEM lib" in stderr.decode('utf-8') # wrong private key
env.pop(constants.DCOS_SSL_VERIFY_ENV)
def test_verify_ssl_with_bad_cert_config(env):
config_set('core.ssl_verify', 'tests/data/ssl/fake.pem', env)
returncode, stdout, stderr = exec_command(
['dcos', 'marathon', 'app', 'list'], env)
assert returncode == 1
assert "PEM lib" in stderr.decode('utf-8') # wrong private key
config_unset('core.ssl_verify', None, env)
def test_verify_ssl_with_good_cert_env_var(env):
env[constants.DCOS_SSL_VERIFY_ENV] = '/adminrouter/snakeoil.crt'
returncode, stdout, stderr = exec_command(
['dcos', 'marathon', 'app', 'list'], env)
assert returncode == 0
assert stderr == b''
env.pop(constants.DCOS_SSL_VERIFY_ENV)
def test_verify_ssl_with_good_cert_config(env):
config_set('core.ssl_verify', '/adminrouter/snakeoil.crt', env)
returncode, stdout, stderr = exec_command(
['dcos', 'marathon', 'app', 'list'], env)
assert returncode == 0
assert stderr == b''
config_unset('core.ssl_verify', None, env)
|
