108 lines
2.7 KiB
Python
108 lines
2.7 KiB
Python
|
|
from __future__ import annotations
|
||
|
|
|
||
|
|
import json
|
||
|
|
import sys
|
||
|
|
from pathlib import Path
|
||
|
|
|
||
|
|
import pytest
|
||
|
|
|
||
|
|
ROOT = Path(__file__).resolve().parents[1]
|
||
|
|
sys.path.insert(0, str(ROOT / "scripts"))
|
||
|
|
|
||
|
|
from ssl_check import ConfigError, load_targets # noqa: E402
|
||
|
|
from ssl_discovery import build_lld # noqa: E402
|
||
|
|
|
||
|
|
|
||
|
|
def write_config(tmp_path: Path, data: object) -> Path:
|
||
|
|
config = tmp_path / "ssl_targets.json"
|
||
|
|
config.write_text(json.dumps(data), encoding="utf-8")
|
||
|
|
return config
|
||
|
|
|
||
|
|
|
||
|
|
def test_valid_config_is_normalized_and_deduplicated(tmp_path: Path) -> None:
|
||
|
|
config = write_config(
|
||
|
|
tmp_path,
|
||
|
|
[
|
||
|
|
{
|
||
|
|
"name": "Example",
|
||
|
|
"host": "example.test",
|
||
|
|
"port": 443,
|
||
|
|
"owner": "ops",
|
||
|
|
"profile": "relaxed",
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"name": "Duplicate",
|
||
|
|
"host": "example.test",
|
||
|
|
"port": 443,
|
||
|
|
"owner": "ops",
|
||
|
|
"profile": "relaxed",
|
||
|
|
},
|
||
|
|
],
|
||
|
|
)
|
||
|
|
|
||
|
|
targets = load_targets(config)
|
||
|
|
|
||
|
|
assert len(targets) == 1
|
||
|
|
assert targets[0]["expected_hostname"] == "example.test"
|
||
|
|
assert targets[0]["timeout"] == 10.0
|
||
|
|
|
||
|
|
|
||
|
|
def test_invalid_profile_fails(tmp_path: Path) -> None:
|
||
|
|
config = write_config(
|
||
|
|
tmp_path,
|
||
|
|
[
|
||
|
|
{
|
||
|
|
"name": "Example",
|
||
|
|
"host": "example.test",
|
||
|
|
"port": 443,
|
||
|
|
"owner": "ops",
|
||
|
|
"profile": "wild-west",
|
||
|
|
}
|
||
|
|
],
|
||
|
|
)
|
||
|
|
|
||
|
|
with pytest.raises(ConfigError):
|
||
|
|
load_targets(config)
|
||
|
|
|
||
|
|
|
||
|
|
def test_invalid_port_fails(tmp_path: Path) -> None:
|
||
|
|
config = write_config(
|
||
|
|
tmp_path,
|
||
|
|
[
|
||
|
|
{
|
||
|
|
"name": "Example",
|
||
|
|
"host": "example.test",
|
||
|
|
"port": 70000,
|
||
|
|
"owner": "ops",
|
||
|
|
"profile": "relaxed",
|
||
|
|
}
|
||
|
|
],
|
||
|
|
)
|
||
|
|
|
||
|
|
with pytest.raises(ConfigError):
|
||
|
|
load_targets(config)
|
||
|
|
|
||
|
|
|
||
|
|
def test_discovery_output_contains_lld_macros(tmp_path: Path) -> None:
|
||
|
|
config = write_config(
|
||
|
|
tmp_path,
|
||
|
|
[
|
||
|
|
{
|
||
|
|
"name": "Example",
|
||
|
|
"host": "example.test",
|
||
|
|
"port": 443,
|
||
|
|
"owner": "ops",
|
||
|
|
"profile": "internal",
|
||
|
|
}
|
||
|
|
],
|
||
|
|
)
|
||
|
|
|
||
|
|
discovery = build_lld(load_targets(config))
|
||
|
|
|
||
|
|
assert "data" in discovery
|
||
|
|
assert discovery["data"][0]["{#SSL_NAME}"] == "Example"
|
||
|
|
assert discovery["data"][0]["{#SSL_HOST}"] == "example.test"
|
||
|
|
assert discovery["data"][0]["{#SSL_PORT}"] == "443"
|
||
|
|
assert discovery["data"][0]["{#SSL_OWNER}"] == "ops"
|
||
|
|
assert discovery["data"][0]["{#SSL_PROFILE}"] == "internal"
|