RE: https://github.com/openshift/openshift-ansible/pull/3449 cert parsing tests

fixup_cert_parsing_tests.patch

From 21713422e20dd80e24a758ff4c700da2e4c1c3b8 Mon Sep 17 00:00:00 2001
From: Tim Bielawa <[email protected]>
Date: Tue, 28 Feb 2017 11:19:48 -0800
Subject: [PATCH] Add another cert parsing test

---
 .../test/test_fakeopensslclasses.py                | 55 +++++++++++++++++++++-
 1 file changed, 53 insertions(+), 2 deletions(-)

diff --git a/roles/openshift_certificate_expiry/test/test_fakeopensslclasses.py b/roles/openshift_certificate_expiry/test/test_fakeopensslclasses.py
index 226cae3..c87655c 100644
--- a/roles/openshift_certificate_expiry/test/test_fakeopensslclasses.py
+++ b/roles/openshift_certificate_expiry/test/test_fakeopensslclasses.py
@@ -1,7 +1,7 @@
 '''
  Unit tests for the FakeOpenSSL classes
 '''
-
+import datetime
 import os
 import subprocess
 import sys
@@ -11,8 +11,9 @@ import pytest
 module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-2]), 'library')
 sys.path.insert(0, module_path)
 
-from openshift_cert_expiry import FakeOpenSSLCertificate  # noqa: E402
+from openshift_cert_expiry import FakeOpenSSLCertificate, load_and_handle_cert  # noqa: E402
 
+cert_serials = [6, 5, 4]
 
 @pytest.fixture(scope='module')
 def fake_valid_cert(valid_cert):
@@ -77,3 +78,53 @@ def test_subject_alt_names(valid_cert, fake_valid_cert):
     # Verify all dns sans are present
     for name in valid_cert['dns']:
         assert 'DNS:{}'.format(name) in f_san
+
+
+def test_load_and_handle_cert(valid_cert, fake_valid_cert):
+    """Params:
+
+* `valid_cert` comes from the 'valid_cert' fixture in conftest.py
+* `fake_valid_cert` comes from the `fake_valid_cert` fixture in this file
+    """
+    NOW = datetime.datetime.now()
+
+    # Verify load_and_handle accepts valid certs created for testing
+
+    # valid_cert.realpath() returns a `LocalPath` object from the
+    # `py.path` library. The string rep of this object is the actual
+    # path to the file it encapsulates.
+    valid_file_path = str(valid_cert['cert_file'])
+    with open(valid_file_path) as fp:
+        cert_string = fp.read()
+
+    (cert_subject,
+     cert_expiry_date,
+     time_remaining,
+     cert_serial) = load_and_handle_cert(cert_string, NOW)
+
+    # And this verifies we can handle fake certs
+    (fake_cert_subject,
+     fake_cert_expiry_date,
+     fake_time_remaining,
+     fake_cert_serial) = load_and_handle_cert(fake_valid_cert.cert_string, NOW)
+
+    # Do the serials match up?
+    assert fake_cert_serial == cert_serial
+
+    # We examine 3 certificates (see the test fixture wrapping
+    # `valid_cert` in conftest.py). They start with 4 and increment up
+    # to 6. This test function is ran for each certificate. As they
+    # come in, pop the last cert off the list and verify it matches
+    # the cert that was created.
+    assert cert_serial == cert_serials.pop()
+
+    # Does the date math add up?
+    assert cert_expiry_date == NOW + time_remaining
+    assert fake_cert_expiry_date == NOW + fake_time_remaining
+
+    # More testing on the results of the load_and_handle_cert function
+    # could be implemented here as well, such as verifying subjects
+    # match up.
+
+    # Additionally, we still need a way to test the case where
+    # OpenSSL.crypto isn't able to be imported.
-- 
2.9.3