From 2759fd37bf6a0042a4a7cacdecb1c80dbd837439 Mon Sep 17 00:00:00 2001 From: Luis Presuel Date: Fri, 18 Apr 2025 00:42:59 -0600 Subject: [PATCH 1/8] Unifies dummy passwords and adds new branding --- Makefile | 2 + aruba/features/credmgmt/credmgmt.feature | 2 +- aruba/features/enroll/basic.enroll.feature | 2 +- .../enroll/enroll-deprecated-options.feature | 6 +- .../enroll/enroll-with-csr-PS-tests.feature | 14 ++--- aruba/features/enroll/enroll-with-csr.feature | 8 +-- aruba/features/enroll/pickup.feature | 2 +- aruba/features/format/jks.feature | 4 +- aruba/features/format/pkcs12.feature | 30 +++++----- aruba/features/gencsr/output.feature | 6 +- .../gencsr/step_definitions/my_steps.rb | 6 ++ .../renew/renew-with-csr-local.feature | 12 ++-- .../renew/renew-with-csr-service.feature | 12 ++-- aruba/features/step_definitions/actions.rb | 57 +++++++++++++------ aruba/features/step_definitions/openssl.rb | 30 +++++++++- aruba/features/support/aruba.rb | 2 + cmd/vcert/playbook_test.go | 2 +- cmd/vcert/utils.go | 1 + examples/simple-cli/main.go | 8 +-- examples/simple-cli/main_test.go | 8 +-- examples/simple-cli/vars.go | 2 + pkg/certificate/certificateCollection_test.go | 5 +- pkg/util/constants.go | 1 + pkg/venafi/tpp/connector_test.go | 2 +- test-files/playbook/bad_sample.yaml | 2 +- test-files/playbook/bad_tpl.yaml | 2 +- test-files/playbook/sample.yaml | 2 +- test-files/playbook/sample_tpl.yaml | 2 +- 28 files changed, 149 insertions(+), 83 deletions(-) create mode 100644 aruba/features/gencsr/step_definitions/my_steps.rb diff --git a/Makefile b/Makefile index c564bbb1..5b06e439 100644 --- a/Makefile +++ b/Makefile @@ -12,6 +12,8 @@ define cucumber_image_build docker build --tag vcert.auto aruba/ endef +DUMMY_PASS="CyberArkT3stP4ZZC0de%jQX^J=4H" + define cucumber_tests_run if [ -n "$(FEATURE)" ] && [ -n "$(PLATFORM)" ]; then \ echo "running cucumber tests for both feature $(FEATURE) and platform $(PLATFORM)"; \ diff --git a/aruba/features/credmgmt/credmgmt.feature b/aruba/features/credmgmt/credmgmt.feature index 09da2214..327a77a2 100644 --- a/aruba/features/credmgmt/credmgmt.feature +++ b/aruba/features/credmgmt/credmgmt.feature @@ -35,7 +35,7 @@ Feature: Managing credentials tokens from TPP Scenario: request with PKCS12 if possible with no password When I interactively get credentials from TPP with PKSC12 and no password - And I type "newPassw0rd!" + And I type dummy password And I remember the output And it should output access token And it should output refresh token diff --git a/aruba/features/enroll/basic.enroll.feature b/aruba/features/enroll/basic.enroll.feature index 8bee2f71..a2631f56 100644 --- a/aruba/features/enroll/basic.enroll.feature +++ b/aruba/features/enroll/basic.enroll.feature @@ -23,7 +23,7 @@ Feature: Enroll certificate @FAKE Scenario: Passphrases don't match When I run `vcert enroll -test-mode -test-mode-delay 0 -cn vfidev.example.com` interactively - And I type "newPassw0rd!" + And I type dummy password And I type "different password" Then it should fail with "Passphrases don't match" diff --git a/aruba/features/enroll/enroll-deprecated-options.feature b/aruba/features/enroll/enroll-deprecated-options.feature index 0d88009c..1ce1aa1d 100644 --- a/aruba/features/enroll/enroll-deprecated-options.feature +++ b/aruba/features/enroll/enroll-deprecated-options.feature @@ -13,7 +13,7 @@ Feature: Tests with deprecated TPP options # if ERRORLEVEL 1 goto :DONE # timeout /t 10 Scenario: ~ Service Generated CSR with RSA key ~ - When I enroll a certificate in TPPdeprecated with -csr service -key-type rsa -key-size 4096 -cn service-gen-rsa.vcert.example -format json -key-password newPassw0rd! + When I enroll a certificate with dummy password in TPPdeprecated with -csr service -key-type rsa -key-size 4096 -cn service-gen-rsa.vcert.example -format json Then it should retrieve certificate Then I get JSON response And that certificate should contain "Public-Key: (4096 bit)" @@ -31,7 +31,7 @@ Feature: Tests with deprecated TPP options Scenario: ~ Service Generated CSR pickup later ID as param ~ When I enroll certificate using TPPdeprecated with -csr service -cn service-gen-pickup-id-as-param.vcert.example -no-pickup Then it should post certificate request - And I retrieve the certificate from TPPdeprecated using the same Pickup ID with -key-password newPassw0rd! -timeout 59 + And I retrieve the certificate from TPPdeprecated using the same Pickup ID and using a dummy password with -timeout 59 Then it should retrieve certificate Then it should output encrypted private key @@ -46,7 +46,7 @@ Feature: Tests with deprecated TPP options Scenario: ~ Service Generated CSR pickup later ID in file~ When I enroll certificate using TPPdeprecated with -csr service -cn service-gen-pickup-id-in-file.vcert.example -no-pickup -pickup-id-file pickup_id.txt Then it should post certificate request - And I retrieve the certificate from TPPdeprecated with -pickup-id-file pickup_id.txt -key-password newPassw0rd! -timeout 59 + And I retrieve the certificate using a dummy password from TPPdeprecated with -pickup-id-file pickup_id.txt -timeout 59 Then it should retrieve certificate Then it should output encrypted private key diff --git a/aruba/features/enroll/enroll-with-csr-PS-tests.feature b/aruba/features/enroll/enroll-with-csr-PS-tests.feature index f0b2adff..4ab2ef06 100644 --- a/aruba/features/enroll/enroll-with-csr-PS-tests.feature +++ b/aruba/features/enroll/enroll-with-csr-PS-tests.feature @@ -13,7 +13,7 @@ Feature: few more tests from Ryan # if ERRORLEVEL 1 goto :DONE # timeout /t 10 Scenario: ~ Service Generated CSR with RSA key ~ - When I enroll a certificate in TPP with -csr service -key-type rsa -key-size 4096 -cn service-gen-rsa.vcert.example -format json -key-password newPassw0rd! + When I enroll a certificate with dummy password in TPP with -csr service -key-type rsa -key-size 4096 -cn service-gen-rsa.vcert.example -format json Then it should retrieve certificate Then I get JSON response And that certificate should contain "Public-Key: (4096 bit)" @@ -24,7 +24,7 @@ Feature: few more tests from Ryan # if ERRORLEVEL 1 goto :DONE # timeout /t 10 Scenario: ~ Service Generated CSR with ECC key ~ - When I enroll random certificate using TPPecdsa with -csr service -key-type ecdsa -key-curve p521 -format json -key-password newPassw0rd! + When I enroll random certificate with dummy password using TPPecdsa with -csr service -key-type ecdsa -key-curve p521 -format json Then it should post certificate request And it should retrieve certificate And the JSON response at "PrivateKey" should include "-----BEGIN EC PRIVATE KEY-----" @@ -42,7 +42,7 @@ Feature: few more tests from Ryan Scenario: ~ Service Generated CSR pickup later ID as param ~ When I enroll certificate using TPP with -csr service -cn service-gen-pickup-id-as-param.vcert.example -no-pickup Then it should post certificate request - And I retrieve the certificate from TPP using the same Pickup ID with -key-password newPassw0rd! -timeout 59 + And I retrieve the certificate from TPP using the same Pickup ID and using a dummy password with -timeout 59 Then it should retrieve certificate Then it should output encrypted private key @@ -57,7 +57,7 @@ Feature: few more tests from Ryan Scenario: ~ Service Generated CSR pickup later ID in file~ When I enroll certificate using TPP with -csr service -cn service-gen-pickup-id-in-file.vcert.example -no-pickup -pickup-id-file pickup_id.txt Then it should post certificate request - And I retrieve the certificate from TPP with -pickup-id-file pickup_id.txt -key-password newPassw0rd! -timeout 59 + And I retrieve the certificate using a dummy password from TPP with -pickup-id-file pickup_id.txt -timeout 59 Then it should retrieve certificate Then it should output encrypted private key @@ -96,7 +96,7 @@ Feature: few more tests from Ryan # if ERRORLEVEL 1 goto :DONE # timeout /t 10 Scenario: ~ Service Generated CSR with SANS and should be no log output ~ - When I enroll random certificate using TPP with -csr service -san-dns one.vcert.example -san-dns two.vcert.example -san-ip 10.20.30.40 -san-ip 198.168.144.120 -san-email zack.jackson@vcert.example -format json -key-password newPassw0rd! + When I enroll random certificate with dummy password using TPP with -csr service -san-dns one.vcert.example -san-dns two.vcert.example -san-ip 10.20.30.40 -san-ip 198.168.144.120 -san-email zack.jackson@vcert.example -format json And I get JSON response And that certificate should contain "DNS:one.vcert.example" And that certificate should contain "DNS:two.vcert.example" @@ -112,7 +112,7 @@ Feature: few more tests from Ryan # if ERRORLEVEL 1 goto :DONE # timeout /t 10 Scenario: ~ User Provided CSR with SANs ~ - Given I generate CSR with -cn user-provided-with-sans.vcert.example -san-dns one.vcert.example -san-dns two.vcert.example -san-ip 10.20.30.40 -san-ip 198.168.144.120 -san-email zack.jackson@vcert.example -key-file user-provided-with-sans.key -csr-file user-provided-with-sans.req -key-password newPassw0rd! + Given I generate CSR using dummy password with flags -cn user-provided-with-sans.vcert.example -san-dns one.vcert.example -san-dns two.vcert.example -san-ip 10.20.30.40 -san-ip 198.168.144.120 -san-email zack.jackson@vcert.example -key-file user-provided-with-sans.key -csr-file user-provided-with-sans.req And I enroll certificate using TPP with -csr file:user-provided-with-sans.req -cert-file c.pem And I decode certificate from file "c.pem" And that certificate should contain "DNS:one.vcert.example" @@ -130,7 +130,7 @@ Feature: few more tests from Ryan # if ERRORLEVEL 1 goto :DONE # timeout /t 10 Scenario: ~ User Provided CSR with full Subject DN ~ - Given I generate CSR with -cn user-provided-full-subject.vcert.example -ou "DevOps Integrations" -o "Swordfish Security" -l "St. Petersburg" -st Russia -c RU -key-file user-provided-full-subject.key -csr-file user-provided-full-subject.req -key-password newPassw0rd! + Given I generate CSR using dummy password with flags cn user-provided-full-subject.vcert.example -ou "DevOps Integrations" -o "Swordfish Security" -l "St. Petersburg" -st Russia -c RU -key-file user-provided-full-subject.key -csr-file user-provided-full-subject.req And I enroll certificate using TPP with -csr file:user-provided-full-subject.req -format json And I get JSON response Then that certificate Subject should contain "C = RU" diff --git a/aruba/features/enroll/enroll-with-csr.feature b/aruba/features/enroll/enroll-with-csr.feature index 3f75270b..a2e3abd0 100644 --- a/aruba/features/enroll/enroll-with-csr.feature +++ b/aruba/features/enroll/enroll-with-csr.feature @@ -75,7 +75,7 @@ Feature: enrolling certificates with -csr option (VEN-40652) | Cloud | Scenario Outline: where it enrolls certificates with -csr local -no-prompt -key-password ... - Given I enroll random certificate using with -csr local -no-prompt -key-password newPassw0rd! + Given I enroll random certificate with dummy password using with -csr local -no-prompt And it should post certificate request Then it should retrieve certificate And it should output encrypted private key @@ -98,7 +98,7 @@ Feature: enrolling certificates with -csr option (VEN-40652) Scenario Outline: where it should however enroll a certificate with -csr service, empty -key-password and -no-pickup - When I enroll random certificate using with -csr service -no-prompt -no-pickup + When I enroll random certificate with dummy password using with -csr service -no-prompt -no-pickup Then it should post certificate request @FAKE @@ -117,7 +117,7 @@ Feature: enrolling certificates with -csr option (VEN-40652) | Cloud | Scenario Outline: where it should enroll a certificate with -csr service -no-prompt -key-password ... - When I enroll random certificate using with -csr service -no-prompt -key-password newPassw0rd! + When I enroll random certificate with dummy password using with -csr service -no-prompt Then it should post certificate request And it should retrieve certificate And it should output encrypted private key @@ -138,7 +138,7 @@ Feature: enrolling certificates with -csr option (VEN-40652) Then I retrieve the certificate using using the same Pickup ID with -timeout 180 And it should retrieve certificate And it should not output private key - Then I retrieve the certificate using using the same Pickup ID with -key-password newPassw0rd! -timeout 180 + Then I retrieve the certificate using using the same Pickup ID and using a dummy password with -timeout 180 And it should retrieve certificate And it should output encrypted private key diff --git a/aruba/features/enroll/pickup.feature b/aruba/features/enroll/pickup.feature index 3955b313..6e309e16 100644 --- a/aruba/features/enroll/pickup.feature +++ b/aruba/features/enroll/pickup.feature @@ -9,6 +9,6 @@ Feature: pickup is an action for retrieving certificates Scenario: should write private key to -key-file if specified (makes sense only with -csr service) Given I enroll a certificate in test-mode with -no-prompt -cn vfidev.example.com -csr service -no-pickup -pickup-id-file p.txt - Then I retrieve the certificate in test-mode with -pickup-id-file p.txt -key-password newPassw0rd! + Then I retrieve the certificate using a dummy password in test-mode with -pickup-id-file p.txt And it should retrieve certificate And it should output encrypted private key diff --git a/aruba/features/format/jks.feature b/aruba/features/format/jks.feature index 76efd998..1c2cf9e1 100644 --- a/aruba/features/format/jks.feature +++ b/aruba/features/format/jks.feature @@ -204,8 +204,8 @@ Feature: JKS format output Scenario Outline: where it pickups up service-generated certificate and outputs it in JKS format When I enroll random certificate using with -no-prompt -no-pickup -csr service - And I retrieve the certificate using using the same Pickup ID with -timeout 180 -key-password newPassw0rd! -file all.jks -format jks -jks-alias abc - And "all.jks" should be JKS archive with password "newPassw0rd!" + And I retrieve the certificate using using the same Pickup ID and using a dummy password with -timeout 180 -file all.jks -format jks -jks-alias abc +# And "all.jks" should be JKS archive with password "dummy password" # currently, we don't have JKS steps @FAKE Examples: diff --git a/aruba/features/format/pkcs12.feature b/aruba/features/format/pkcs12.feature index ac15c43d..e182aa91 100644 --- a/aruba/features/format/pkcs12.feature +++ b/aruba/features/format/pkcs12.feature @@ -47,9 +47,9 @@ Feature: PKCS#12 format output And "all.p12" should be PKCS#12 archive with password "" Scenario Outline: where all objects are written to one PKCS#12 archive with key password - When I enroll random certificate in with -format pkcs12 -file all.p12 -key-password newPassw0rd! + When I enroll random certificate with dummy password in with -format pkcs12 -file all.p12 Then the exit status should be 0 - And "all.p12" should be PKCS#12 archive with password "newPassw0rd!" + And "all.p12" should be PKCS#12 archive with dummy password @FAKE Examples: @@ -67,9 +67,9 @@ Feature: PKCS#12 format output | Cloud | Scenario Outline: where all objects are written to one PKCS#12 legacy archive with key password - When I enroll random certificate in with -format legacy-pkcs12 -file all.p12 -key-password newPassw0rd! + When I enroll random certificate with dummy password in with -format legacy-pkcs12 -file all.p12 Then the exit status should be 0 - And "all.p12" should be PKCS#12 archive in legacy mode with password "newPassw0rd!" + And "all.p12" should be PKCS#12 archive in legacy mode with dummy password @FAKE Examples: @@ -166,8 +166,8 @@ Feature: PKCS#12 format output Scenario Outline: where it pickups up service-generated certificate and outputs it in PKCS#12 format When I enroll random certificate using with -no-prompt -no-pickup -csr service - And I retrieve the certificate using using the same Pickup ID with -timeout 180 -key-password newPassw0rd! -file all.p12 -format pkcs12 - And "all.p12" should be PKCS#12 archive with password "newPassw0rd!" + And I retrieve the certificate using using the same Pickup ID and using a dummy password with -timeout 180 -file all.p12 -format pkcs12 + And "all.p12" should be PKCS#12 archive with dummy password @FAKE Examples: @@ -181,8 +181,8 @@ Feature: PKCS#12 format output Scenario Outline: where it pickups up service-generated certificate and outputs it in PKCS#12 legacy format When I enroll random certificate using with -no-prompt -no-pickup -csr service - And I retrieve the certificate using using the same Pickup ID with -timeout 180 -key-password newPassw0rd! -file all.p12 -format legacy-pkcs12 - And "all.p12" should be PKCS#12 archive in legacy mode with password "newPassw0rd!" + And I retrieve the certificate using using the same Pickup ID and using a dummy password with -timeout 180 -file all.p12 -format legacy-pkcs12 + And "all.p12" should be PKCS#12 archive in legacy mode with dummy password @FAKE Examples: @@ -199,24 +199,24 @@ Feature: PKCS#12 format output # Examples: # | endpoint | # | Cloud | # -csr service is not supported by Cloud - +# # Scenario Outline: Pickup PKCS12 with typing pass phrases # When I enroll random certificate using with -no-prompt -no-pickup -csr service # And I interactively retrieve the certificate using using the same Pickup ID with -timeout 99 -file all.p12 -format pkcs12 -# And I type "newPassw0rd!" -# And I type "newPassw0rd!" +# And I type dummy password +# And I type dummy password # Then the exit status should be 0 -# And "all.p12" should be PKCS#12 archive with password "newPassw0rd!" +# And "all.p12" should be PKCS#12 archive with dummy password # Examples: # | endpoint | # | test-mode | - # | TPP | - # | Cloud | # -csr service is not supported by Cloud +# | TPP | +# | Cloud | # -csr service is not supported by Cloud Scenario Outline: where it should enroll a PKCS12 certificate with -csr service and without file option (VEN-48622) When I enroll random certificate using with -csr service -no-prompt -no-pickup -format pkcs12 Then it should post certificate request - Then I retrieve the certificate using using the same Pickup ID with -key-password newPassw0rd! -timeout 59 + Then I retrieve the certificate using using the same Pickup ID and using a dummy password with -timeout 59 And it should retrieve certificate And it should output encrypted private key diff --git a/aruba/features/gencsr/output.feature b/aruba/features/gencsr/output.feature index fefb58a3..46c3ec70 100644 --- a/aruba/features/gencsr/output.feature +++ b/aruba/features/gencsr/output.feature @@ -16,8 +16,8 @@ Feature: Generating simple certificate request Scenario: where CSR is generated interactively with non-empty key-password When I run `vcert gencsr -cn vfidev.example.com` interactively - And I type "newPassw0rd!" - And I type "newPassw0rd!" + And I type dummy password + And I type dummy password Then the exit status should be 0 And it should output encrypted private key And it should output CSR @@ -29,7 +29,7 @@ Feature: Generating simple certificate request And it should output CSR Scenario: where CSR is generated and the private key is encrypted - When I run `vcert gencsr -cn vfidev.example.com -key-password newPassw0rd!` + When I generate CSR using dummy password with flags -cn vfidev.example.com Then the exit status should be 0 And it should output encrypted private key And it should output CSR diff --git a/aruba/features/gencsr/step_definitions/my_steps.rb b/aruba/features/gencsr/step_definitions/my_steps.rb new file mode 100644 index 00000000..82532c86 --- /dev/null +++ b/aruba/features/gencsr/step_definitions/my_steps.rb @@ -0,0 +1,6 @@ +And(/^I type dummy password$/) do |arg| + steps %{ + And I type "#{DUMMY_PASSWORD}" + } +end# frozen_string_literal: true + diff --git a/aruba/features/renew/renew-with-csr-local.feature b/aruba/features/renew/renew-with-csr-local.feature index da5b3c32..7ff35177 100644 --- a/aruba/features/renew/renew-with-csr-local.feature +++ b/aruba/features/renew/renew-with-csr-local.feature @@ -65,14 +65,14 @@ Feature: renew action with -csr local (default) option | Cloud | Scenario Outline: renew certificate using -id using `-csr local` with PKCS12 flag - Given I enroll random certificate using with -key-password Passcode123! -key-file k.pem -cert-file c.pem -csr local + Given I enroll random certificate with dummy password using with -key-file k.pem -cert-file c.pem -csr local And it should write private key to the file "k.pem" And it should write certificate to the file "c.pem" And it should output Pickup ID And I decode certificate from file "c.pem" - Then I renew the certificate in using the same Pickup ID with flags -key-password Passcode123! -file all.p12 -format pkcs12 + Then I renew the certificate using a dummy password in using the same Pickup ID with flags -file all.p12 -format pkcs12 And it should retrieve certificate - And "all.p12" should be PKCS#12 archive with password "Passcode123!" + And "all.p12" should be PKCS#12 archive with dummy password @TPP Examples: @@ -85,14 +85,14 @@ Feature: renew action with -csr local (default) option | Cloud | Scenario Outline: renew certificate using -id using `-csr local` with PKCS12 legacy flag - Given I enroll random certificate using with -key-password Passcode123! -key-file k.pem -cert-file c.pem -csr local + Given I enroll random certificate with dummy password using with -key-file k.pem -cert-file c.pem -csr local And it should write private key to the file "k.pem" And it should write certificate to the file "c.pem" And it should output Pickup ID And I decode certificate from file "c.pem" - Then I renew the certificate in using the same Pickup ID with flags -key-password Passcode123! -file all.p12 -format legacy-pkcs12 + Then I renew the certificate using a dummy password in using the same Pickup ID with flags -file all.p12 -format legacy-pkcs12 And it should retrieve certificate - And "all.p12" should be PKCS#12 archive in legacy mode with password "Passcode123!" + And "all.p12" should be PKCS#12 archive in legacy mode with dummy password @TPP Examples: diff --git a/aruba/features/renew/renew-with-csr-service.feature b/aruba/features/renew/renew-with-csr-service.feature index d3af071f..9d59b983 100644 --- a/aruba/features/renew/renew-with-csr-service.feature +++ b/aruba/features/renew/renew-with-csr-service.feature @@ -76,19 +76,19 @@ Feature: renew action with `-csr service` option And certificate in "c.pem" and certificate in "c1.pem" should not have the same serial Scenario: renew service-generated-CSR certificate in TPP with `-csr service` option with PKCS12 flag - Given I enroll random certificate using TPP with -csr service -key-password Passcode123! -key-file k.pem -cert-file c.pem + Given I enroll random certificate with dummy password using TPP with -csr service -key-file k.pem -cert-file c.pem And it should write private key to the file "k.pem" And it should write certificate to the file "c.pem" And it should output Pickup ID - When I renew the certificate in TPP using the same Pickup ID with flags -csr service -key-password Passcode123! -file all.p12 -format pkcs12 + When I renew the certificate using a dummy password in TPP using the same Pickup ID with flags -csr service -file all.p12 -format pkcs12 Then it should retrieve certificate - And "all.p12" should be PKCS#12 archive with password "Passcode123!" + And "all.p12" should be PKCS#12 archive with dummy password Scenario: renew service-generated-CSR certificate in TPP with `-csr service` option with PKCS12 legacy flag - Given I enroll random certificate using TPP with -csr service -key-password Passcode123! -key-file k.pem -cert-file c.pem + Given I enroll random certificate with dummy password using TPP with -csr service -key-file k.pem -cert-file c.pem And it should write private key to the file "k.pem" And it should write certificate to the file "c.pem" And it should output Pickup ID - When I renew the certificate in TPP using the same Pickup ID with flags -csr service -key-password Passcode123! -file all.p12 -format legacy-pkcs12 + When I renew the certificate using a dummy password in TPP using the same Pickup ID with flags -csr service -file all.p12 -format legacy-pkcs12 Then it should retrieve certificate - And "all.p12" should be PKCS#12 archive in legacy mode with password "Passcode123!" + And "all.p12" should be PKCS#12 archive in legacy mode with dummy password diff --git a/aruba/features/step_definitions/actions.rb b/aruba/features/step_definitions/actions.rb index 6677d0c0..e134c119 100644 --- a/aruba/features/step_definitions/actions.rb +++ b/aruba/features/step_definitions/actions.rb @@ -9,7 +9,7 @@ end end -When(/^I enroll(?: a)?( random)? certificate (and_random_instance )?(?:in|from|using) (\S+) with (.+)?$/) do |random, random_instance, endpoint, flags| +When(/^I enroll(?: a)?( random)? certificate( with dummy password)? (and_random_instance )?(?:in|from|using) (\S+) with (.+)?$/) do |random, dummy_password, random_instance, endpoint, flags| if random cn = " -cn " + random_cn end @@ -17,7 +17,12 @@ if random_instance instance = "-instance devops-instance:" + random_string end - cmd = "vcert enroll #{ENDPOINTS[endpoint]} #{ZONE[endpoint]} #{cn} #{flags} #{instance}" + + if dummy_password + key_pass_flag = " -key-password #{DUMMY_PASSWORD}" + end + + cmd = "vcert enroll #{ENDPOINTS[endpoint]} #{ZONE[endpoint]} #{cn} #{flags} #{instance} #{key_pass_flag}" steps %{Then I try to run `#{cmd}`} m = last_command_started.output.match /^PickupID="(.+)"$/ @@ -27,19 +32,28 @@ end #I retreive the certificate from TPP using the same PickupID interactively -When(/^I interactively retrieve(?: the) certificate (?:in|from|using) (\S+) using (the same Pickup ID)(?: with)?(.+)?$/) do |endpoint, same_pickup_id, flags| - cmd = "vcert pickup #{ENDPOINTS[endpoint]} -pickup-id '#{@pickup_id}'#{flags}" +When(/^I interactively retrieve(?: the) certificate (?:in|from|using) (\S+) using the same Pickup ID( and using a dummy password)? (?: with)?(.+)?$/) do |endpoint, dummy_password, flags| + if dummy_password + key_pass_flag = " -key-password #{DUMMY_PASSWORD}" + end + cmd = "vcert pickup #{ENDPOINTS[endpoint]} -pickup-id '#{@pickup_id}'#{flags} #{key_pass_flag}" steps %{Then I try to run `#{cmd}` interactively} end #I retreive the certificate from TPP using the same PickupID -When(/^I retrieve(?: the) certificate (?:in|from|using) (\S+) using (the same Pickup ID)(?: with)?(.+)?$/) do |endpoint, same_pickup_id, flags| - cmd = "vcert pickup #{ENDPOINTS[endpoint]} -pickup-id '#{@pickup_id}'#{flags}" +When(/^I retrieve(?: the) certificate (?:in|from|using) (\S+) using the same Pickup ID( and using a dummy password)?(?: with)?(.+)?$/) do |endpoint, dummy_password, flags| + if dummy_password + key_pass_flag = " -key-password #{DUMMY_PASSWORD}" + end + cmd = "vcert pickup #{ENDPOINTS[endpoint]} -pickup-id '#{@pickup_id}'#{flags} #{key_pass_flag}" steps %{Then I try to run `#{cmd}`} end -When(/^I retrieve(?: the) certificate (?:from|in|using) (\S+) with (.+)$/) do |endpoint, flags| - cmd = "vcert pickup #{ENDPOINTS[endpoint]} #{flags}" +When(/^I retrieve(?: the) certificate( using a dummy password)? (?:from|in|using) (\S+) with (.+)$/) do |dummy_password, endpoint, flags| + if dummy_password + key_pass_flag = " -key-password #{DUMMY_PASSWORD}" + end + cmd = "vcert pickup #{ENDPOINTS[endpoint]} #{key_pass_flag} #{flags}" steps %{Then I try to run `#{cmd}`} end @@ -68,14 +82,19 @@ end # renewal via memorized PickupId or thumbprint -When(/^I renew(?: the)? certificate (?:from|in|using) (\S+) using the same (Pickup ID|Thumbprint)(?: with)?(?: flags)?(.+)?$/) do |endpoint, field, flags| +When(/^I renew(?: the)? certificate( using a dummy password)? (?:from|in|using) (\S+) using the same (Pickup ID|Thumbprint)(?: with)?(?: flags)?(.+)?$/) do |dummy_password, endpoint, field, flags| sleep 2 if field == "Pickup ID" - cmd = "vcert renew #{ENDPOINTS[endpoint]} -id '#{@pickup_id}' #{flags}" + pickup_id_flag = " -id '#{@pickup_id}'" end if field == "Thumbprint" - cmd = "vcert renew #{ENDPOINTS[endpoint]} -thumbprint '#{@certificate_fingerprint}' #{flags}" + thumbprint_flag = " -thumbprint '#{@certificate_fingerprint}'" end + if dummy_password + key_pass_flag = " -key-password #{DUMMY_PASSWORD}" + end + + cmd = "vcert renew #{ENDPOINTS[endpoint]} #{thumbprint_flag} #{pickup_id_flag} #{key_pass_flag} #{flags}" if flags != "" # we try to get key-password # This regex basically tries to get everything after and including "-key-password " (note the space in the string) @@ -102,14 +121,18 @@ end end steps %{Then I try to run `#{cmd}`} + steps %{Then I try to run `#{cmd}`} end -When(/^I generate( random)? CSR(?: with)?(.+)?$/) do |random, flags| - if random - cn = " -cn " + random_cn - end - cmd = "vcert gencsr#{cn}#{flags}" - steps %{Then I try to run `#{cmd}`} +When(/^I generate( random)? CSR( using dummy password)?(?: with flags (.+))?$/) do |random, dummy_password, flags| + if random + cn = " -cn " + random_cn + end + if dummy_password + key_pass_flag = " -key-password #{DUMMY_PASSWORD}" + end + cmd = "vcert gencsr#{cn}#{key_pass_flag}#{flags}" + steps %{Then I try to run `#{cmd}`} end # Getting credentials diff --git a/aruba/features/step_definitions/openssl.rb b/aruba/features/step_definitions/openssl.rb index a2fe5994..87e9c7ca 100644 --- a/aruba/features/step_definitions/openssl.rb +++ b/aruba/features/step_definitions/openssl.rb @@ -75,7 +75,7 @@ steps %{ When I run `openssl req -modulus -noout -in #{csr_file}` And I remember the output - And I run `openssl rsa -modulus -passin pass:newPassw0rd! -noout -in #{key_file}` + And I run `openssl rsa -modulus -passin pass:#{DUMMY_PASSWORD} -noout -in #{key_file}` Then the outputs should#{negated} be the same } end @@ -84,7 +84,7 @@ steps %{ Then I run `openssl req -modulus -noout -in #{csr_file}` And I remember the output - Then I run `openssl rsa -modulus -passin pass:newPassw0rd! -noout -in #{key_file}` + Then I run `openssl rsa -modulus -passin pass:#{DUMMY_PASSWORD} -noout -in #{key_file}` And the outputs should be the same And I remember the output And I run `openssl x509 -modulus -noout -in #{cert_file}` @@ -134,6 +134,19 @@ # -nodes Don't encrypt private keys end +When(/^"([^"]*)" should be PKCS#12 archive with dummy password$/) do |filename| + steps %{ + Then I try to run `openssl pkcs12 -in "#{filename}" -passin pass:#{DUMMY_PASSWORD} -noout` + And the exit status should be 0 + } + # -nokeys Don't output private keys + # -nocerts Don't output certificates + # -clcerts Only output client certificates + # -cacerts Only output CA certificates + # -noout Don't output anything, just verify + # -nodes Don't encrypt private keys +end + When(/^"([^"]*)" should be PKCS#12 archive in legacy mode with password "([^"]*)"$/) do |filename, password| steps %{ Then I try to run `openssl pkcs12 -in "#{filename}" -legacy -passin pass:#{password} -noout` @@ -147,6 +160,19 @@ # -nodes Don't encrypt private keys end +When(/^"([^"]*)" should be PKCS#12 archive in legacy mode with dummy password/) do |filename| + steps %{ + Then I try to run `openssl pkcs12 -in "#{filename}" -legacy -passin pass:#{DUMMY_PASSWORD} -noout` + And the exit status should be 0 + } + # -nokeys Don't output private keys + # -nocerts Don't output certificates + # -clcerts Only output client certificates + # -cacerts Only output CA certificates + # -noout Don't output anything, just verify + # -nodes Don't encrypt private keys +end + When(/^"([^"]*)" should be RSA private key with password "([^"]*)"$/) do |filename, password| steps %{ Then I try to run `openssl rsa -in "#{filename}" -passin pass:#{password} -noout` diff --git a/aruba/features/support/aruba.rb b/aruba/features/support/aruba.rb index 9164381d..e5de683f 100644 --- a/aruba/features/support/aruba.rb +++ b/aruba/features/support/aruba.rb @@ -31,6 +31,8 @@ AZURE_KEYSTORE_NAME = ENV["AZURE_KEYSTORE_NAME"] AZURE_PROVIDER_NAME = ENV["AZURE_PROVIDER_NAME"] +DUMMY_PASSWORD = "CyberArkT3stP4ZZC0de%jQX^J=4H" + def last_json last_command_started.stdout.to_s end diff --git a/cmd/vcert/playbook_test.go b/cmd/vcert/playbook_test.go index 47884abe..b71d063e 100644 --- a/cmd/vcert/playbook_test.go +++ b/cmd/vcert/playbook_test.go @@ -39,7 +39,7 @@ func TestPlaybook(t *testing.T) { func (s *PlaybookSuite) TestPlaybook_SetTLSConfig() { p12FileLocation := "../../test-files/playbook/cert.p12" - p12Password := "newPassword!" + p12Password := os.Getenv(ENV_DUMMY_PASS) playbook := domain.Playbook{ CertificateTasks: domain.CertificateTasks{ diff --git a/cmd/vcert/utils.go b/cmd/vcert/utils.go index 21781aea..209d3e0a 100644 --- a/cmd/vcert/utils.go +++ b/cmd/vcert/utils.go @@ -53,6 +53,7 @@ const ( SshCertPubKeyLocal = "local" sshCertFileExt = "-cert.pub" sshPubKeyFileExt = ".pub" + ENV_DUMMY_PASS = "DUMMY_PASS" ) func parseCustomField(s string) (key, value string, err error) { diff --git a/examples/simple-cli/main.go b/examples/simple-cli/main.go index 0b75bcb3..668c7ef7 100644 --- a/examples/simple-cli/main.go +++ b/examples/simple-cli/main.go @@ -87,7 +87,7 @@ func main() { KeyType: certificate.KeyTypeRSA, KeyLength: 2048, ChainOption: certificate.ChainOptionRootLast, - KeyPassword: "newPassw0rd!", + KeyPassword: os.Getenv(util.ENV_DUMMY_PASS), //Before setting custom field in request you need to configure custom field on TPP CustomFields: []certificate.CustomField{ {Name: "custom", Value: "2019-12-10"}, @@ -108,7 +108,7 @@ func main() { KeyType: certificate.KeyTypeRSA, KeyLength: 2048, ChainOption: certificate.ChainOptionRootLast, - KeyPassword: "newPassw0rd!", + KeyPassword: os.Getenv(util.ENV_DUMMY_PASS), } } @@ -218,7 +218,7 @@ func main() { ObjectName: importObjectName, CertificateData: pcc.Certificate, PrivateKeyData: pcc.PrivateKey, - Password: "newPassw0rd!", + Password: os.Getenv(util.ENV_DUMMY_PASS), Reconcile: false, } case config.ConnectorType == endpoint.ConnectorTypeCloud: @@ -248,7 +248,7 @@ func main() { importedRetriveReq = &certificate.Request{ PickupID: importResp.CertificateDN, Timeout: 180 * time.Second, - KeyPassword: "newPassw0rd!", + KeyPassword: os.Getenv(util.ENV_DUMMY_PASS), FetchPrivateKey: true, } case config.ConnectorType == endpoint.ConnectorTypeCloud: diff --git a/examples/simple-cli/main_test.go b/examples/simple-cli/main_test.go index be0b0c15..2a1ed995 100644 --- a/examples/simple-cli/main_test.go +++ b/examples/simple-cli/main_test.go @@ -65,7 +65,7 @@ func TestRequestCertificate(t *testing.T) { KeyType: certificate.KeyTypeRSA, KeyLength: 2048, ChainOption: certificate.ChainOptionRootLast, - KeyPassword: "newPassw0rd!", + KeyPassword: dummy_pass, } // @@ -225,7 +225,7 @@ func TestImportCertificate(t *testing.T) { KeyType: certificate.KeyTypeRSA, KeyLength: 2048, ChainOption: certificate.ChainOptionRootLast, - KeyPassword: "newPassw0rd!", + KeyPassword: dummy_pass, } err = c.GenerateRequest(nil, req) @@ -259,7 +259,7 @@ func TestImportCertificate(t *testing.T) { ObjectName: importCertDN, CertificateData: pcc.Certificate, PrivateKeyData: pcc.PrivateKey, - Password: "newPassw0rd!", + Password: dummy_pass, Reconcile: false, } importResp, err := c.ImportCertificate(importReq) @@ -275,7 +275,7 @@ func TestImportCertificate(t *testing.T) { req = &certificate.Request{ PickupID: importResp.CertificateDN, Timeout: 180 * time.Second, - KeyPassword: "newPassw0rd!", + KeyPassword: dummy_pass, FetchPrivateKey: true, } pcc2, err := c.RetrieveCertificate(req) diff --git a/examples/simple-cli/vars.go b/examples/simple-cli/vars.go index 37250736..dfb3967a 100644 --- a/examples/simple-cli/vars.go +++ b/examples/simple-cli/vars.go @@ -29,6 +29,8 @@ import ( var mockConfig, cloudConfig, tppConfig *vcert.Config +var dummy_pass = "CyberArkT3stP4ZZC0de%jQX^J=4H" + func init() { mockConfig = &vcert.Config{ ConnectorType: endpoint.ConnectorTypeFake, diff --git a/pkg/certificate/certificateCollection_test.go b/pkg/certificate/certificateCollection_test.go index 3e7c7924..e9837753 100644 --- a/pkg/certificate/certificateCollection_test.go +++ b/pkg/certificate/certificateCollection_test.go @@ -19,8 +19,11 @@ package certificate import ( "crypto/x509" "encoding/pem" + "os" "strings" "testing" + + "github.com/Venafi/vcert/v5/pkg/util" ) var pkPEM = `-----BEGIN RSA PRIVATE KEY----- @@ -330,7 +333,7 @@ func TestAddPrivateKey(t *testing.T) { pk, _ := GenerateRSAPrivateKey(512) pcc, _ := NewPEMCollection(nil, nil, nil) - err := pcc.AddPrivateKey(pk, []byte("newPassw0rd!")) + err := pcc.AddPrivateKey(pk, []byte(os.Getenv(util.ENV_DUMMY_PASS))) if !strings.Contains(pcc.PrivateKey, "PRIVATE KEY") || err != nil { t.Fatalf("collection should have PEM encoded private key") } diff --git a/pkg/util/constants.go b/pkg/util/constants.go index c151fda9..50c6c4b2 100644 --- a/pkg/util/constants.go +++ b/pkg/util/constants.go @@ -6,4 +6,5 @@ const ( // DefaultUserAgent is the default value of the UserAgent header in HTTP // requests to Venafi API endpoints. DefaultUserAgent = "vcert/v5" + ENV_DUMMY_PASS = "DUMMY_PASS" ) diff --git a/pkg/venafi/tpp/connector_test.go b/pkg/venafi/tpp/connector_test.go index e55db5c6..4f2a4968 100644 --- a/pkg/venafi/tpp/connector_test.go +++ b/pkg/venafi/tpp/connector_test.go @@ -1273,7 +1273,7 @@ func TestRequestCertificateServiceGenerated(t *testing.T) { req.CsrOrigin = certificate.ServiceGeneratedCSR req.FetchPrivateKey = true - req.KeyPassword = "newPassw0rd!" + req.KeyPassword = os.Getenv(util.ENV_DUMMY_PASS) config.UpdateCertificateRequest(req) pickupId, err := tpp.RequestCertificate(req) diff --git a/test-files/playbook/bad_sample.yaml b/test-files/playbook/bad_sample.yaml index 9cd7dff9..f8061182 100644 --- a/test-files/playbook/bad_sample.yaml +++ b/test-files/playbook/bad_sample.yaml @@ -18,7 +18,7 @@ certificateTasks: - engineering - marketing csrOrigin: service - keyPassword: "newPassword!" + keyPassword: "CyberArkT3stP4ZZC0de%jQX^J=4H" installations - type: PEM location: "/Users/rvela/venafi/supertreat/pem" diff --git a/test-files/playbook/bad_tpl.yaml b/test-files/playbook/bad_tpl.yaml index 51cc1bf4..8f9c031a 100644 --- a/test-files/playbook/bad_tpl.yaml +++ b/test-files/playbook/bad_tpl.yaml @@ -17,7 +17,7 @@ certificateTasks: - engineering - marketing csrOrigin: service - keyPassword: "newPassword!" + keyPassword: "CyberArkT3stP4ZZC0de%jQX^J=4H" installations: - type: JKS location: "/Users/rvela/venafi/supertreat/jks/foo.jks" diff --git a/test-files/playbook/sample.yaml b/test-files/playbook/sample.yaml index 7b82e29b..1dbe861d 100644 --- a/test-files/playbook/sample.yaml +++ b/test-files/playbook/sample.yaml @@ -19,7 +19,7 @@ certificateTasks: - engineering - marketing csrOrigin: service - keyPassword: "newPassword!" + keyPassword: "Passcode123!" installations: - type: PKCS12 location: "/Users/rvela/venafi/supertreat/p12/foo.p12" diff --git a/test-files/playbook/sample_tpl.yaml b/test-files/playbook/sample_tpl.yaml index 0de01c42..d2354c6a 100644 --- a/test-files/playbook/sample_tpl.yaml +++ b/test-files/playbook/sample_tpl.yaml @@ -20,7 +20,7 @@ certificateTasks: - engineering - marketing csrOrigin: service - keyPassword: "newPassword!" + keyPassword: "Passcode123!" installations: - type: PEM location: "/Users/rvela/venafi/supertreat/pem" From cb7aa0067dab9f0e9689ae4a527f4f625661023f Mon Sep 17 00:00:00 2001 From: Luis Presuel Date: Fri, 18 Apr 2025 01:55:56 -0600 Subject: [PATCH 2/8] makes sure dummy password is exported. Fixes cucumber tests --- Makefile | 2 +- aruba/features/enroll/enroll-with-csr-PS-tests.feature | 2 +- aruba/features/gencsr/step_definitions/my_steps.rb | 2 +- aruba/features/step_definitions/actions.rb | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 5b06e439..ee1b4552 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ define cucumber_image_build docker build --tag vcert.auto aruba/ endef -DUMMY_PASS="CyberArkT3stP4ZZC0de%jQX^J=4H" +export DUMMY_PASS="CyberArkT3stP4ZZC0de%jQX^J=4H" define cucumber_tests_run if [ -n "$(FEATURE)" ] && [ -n "$(PLATFORM)" ]; then \ diff --git a/aruba/features/enroll/enroll-with-csr-PS-tests.feature b/aruba/features/enroll/enroll-with-csr-PS-tests.feature index 4ab2ef06..abc63a9c 100644 --- a/aruba/features/enroll/enroll-with-csr-PS-tests.feature +++ b/aruba/features/enroll/enroll-with-csr-PS-tests.feature @@ -120,7 +120,7 @@ Feature: few more tests from Ryan And that certificate should contain "email:zack.jackson@vcert.example" And that certificate should contain "IP Address:10.20.30.40" And that certificate should contain "IP Address:198.168.144.120" - And that certificate Subject should contain "CN = user-provided-with-sans.vcert.example" + And that certificate Subject should contain "CN=user-provided-with-sans.vcert.example" # cls # title ~ User Provided CSR with full Subject DN ~ diff --git a/aruba/features/gencsr/step_definitions/my_steps.rb b/aruba/features/gencsr/step_definitions/my_steps.rb index 82532c86..6ac65580 100644 --- a/aruba/features/gencsr/step_definitions/my_steps.rb +++ b/aruba/features/gencsr/step_definitions/my_steps.rb @@ -1,4 +1,4 @@ -And(/^I type dummy password$/) do |arg| +And(/^I type dummy password$/) do steps %{ And I type "#{DUMMY_PASSWORD}" } diff --git a/aruba/features/step_definitions/actions.rb b/aruba/features/step_definitions/actions.rb index e134c119..476ba788 100644 --- a/aruba/features/step_definitions/actions.rb +++ b/aruba/features/step_definitions/actions.rb @@ -131,7 +131,7 @@ if dummy_password key_pass_flag = " -key-password #{DUMMY_PASSWORD}" end - cmd = "vcert gencsr#{cn}#{key_pass_flag}#{flags}" + cmd = "vcert gencsr#{cn} #{key_pass_flag} #{flags}" steps %{Then I try to run `#{cmd}`} end From 4f174aa345c45bb79e8d40d0eea324494c2efca3 Mon Sep 17 00:00:00 2001 From: Luis Presuel Date: Fri, 18 Apr 2025 02:20:33 -0600 Subject: [PATCH 3/8] adds more small fixes --- aruba/features/enroll/enroll-with-csr-PS-tests.feature | 2 +- cmd/vcert/playbook_test.go | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/aruba/features/enroll/enroll-with-csr-PS-tests.feature b/aruba/features/enroll/enroll-with-csr-PS-tests.feature index abc63a9c..4ab2ef06 100644 --- a/aruba/features/enroll/enroll-with-csr-PS-tests.feature +++ b/aruba/features/enroll/enroll-with-csr-PS-tests.feature @@ -120,7 +120,7 @@ Feature: few more tests from Ryan And that certificate should contain "email:zack.jackson@vcert.example" And that certificate should contain "IP Address:10.20.30.40" And that certificate should contain "IP Address:198.168.144.120" - And that certificate Subject should contain "CN=user-provided-with-sans.vcert.example" + And that certificate Subject should contain "CN = user-provided-with-sans.vcert.example" # cls # title ~ User Provided CSR with full Subject DN ~ diff --git a/cmd/vcert/playbook_test.go b/cmd/vcert/playbook_test.go index b71d063e..1280e591 100644 --- a/cmd/vcert/playbook_test.go +++ b/cmd/vcert/playbook_test.go @@ -15,6 +15,7 @@ import ( "golang.org/x/crypto/pkcs12" "github.com/Venafi/vcert/v5/pkg/playbook/app/domain" + "github.com/Venafi/vcert/v5/pkg/util" "github.com/Venafi/vcert/v5/pkg/venafi" ) @@ -39,7 +40,7 @@ func TestPlaybook(t *testing.T) { func (s *PlaybookSuite) TestPlaybook_SetTLSConfig() { p12FileLocation := "../../test-files/playbook/cert.p12" - p12Password := os.Getenv(ENV_DUMMY_PASS) + p12Password := os.Getenv(util.ENV_DUMMY_PASS) playbook := domain.Playbook{ CertificateTasks: domain.CertificateTasks{ From 1264aa2aa42a86a3b5b8ea4d6169edbdac711afb Mon Sep 17 00:00:00 2001 From: Luis Presuel Date: Mon, 21 Apr 2025 11:13:39 -0600 Subject: [PATCH 4/8] fixes p12 to meet current expected and fixes cli cucumber test --- .../enroll/enroll-with-csr-PS-tests.feature | 2 +- cmd/vcert/playbook_test.go | 2 +- test-files/playbook/cert.p12 | Bin 5095 -> 5101 bytes 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/aruba/features/enroll/enroll-with-csr-PS-tests.feature b/aruba/features/enroll/enroll-with-csr-PS-tests.feature index 4ab2ef06..7217f9a7 100644 --- a/aruba/features/enroll/enroll-with-csr-PS-tests.feature +++ b/aruba/features/enroll/enroll-with-csr-PS-tests.feature @@ -130,7 +130,7 @@ Feature: few more tests from Ryan # if ERRORLEVEL 1 goto :DONE # timeout /t 10 Scenario: ~ User Provided CSR with full Subject DN ~ - Given I generate CSR using dummy password with flags cn user-provided-full-subject.vcert.example -ou "DevOps Integrations" -o "Swordfish Security" -l "St. Petersburg" -st Russia -c RU -key-file user-provided-full-subject.key -csr-file user-provided-full-subject.req + Given I generate CSR using dummy password with flags -cn user-provided-full-subject.vcert.example -ou "DevOps Integrations" -o "Swordfish Security" -l "St. Petersburg" -st Russia -c RU -key-file user-provided-full-subject.key -csr-file user-provided-full-subject.req And I enroll certificate using TPP with -csr file:user-provided-full-subject.req -format json And I get JSON response Then that certificate Subject should contain "C = RU" diff --git a/cmd/vcert/playbook_test.go b/cmd/vcert/playbook_test.go index 1280e591..54338820 100644 --- a/cmd/vcert/playbook_test.go +++ b/cmd/vcert/playbook_test.go @@ -39,7 +39,7 @@ func TestPlaybook(t *testing.T) { } func (s *PlaybookSuite) TestPlaybook_SetTLSConfig() { - p12FileLocation := "../../test-files/playbook/cert.p12" + p12FileLocation := "../../test-files/playbook/new.p12" p12Password := os.Getenv(util.ENV_DUMMY_PASS) playbook := domain.Playbook{ diff --git a/test-files/playbook/cert.p12 b/test-files/playbook/cert.p12 index 803ecf46204013fdfd85477326c4b6b973371f2c..74277721a1fa2e80ddcfac44bf6b4ff5c0438fc5 100644 GIT binary patch delta 4958 zcmV-k6QS(qC+#N$FoF~5kpx+PD2re9>}~tu0s;sCfPxMPHAQ)FokZ6}_a%XA0jB52 zLqtFB2+v{SY?^Qt6Z0w^d zNDz+o52Up?UX+z`)?-}}MdQPnk*E0mDxK_0MjqZl^leeK@X0%xZ((}KVyATF-}E1Dxfdr8W=)XZ4m zw-hVo1eJCX`3dur*F2KPEhVH4V?XIJYs7eH+H+;=!DU{g-!A4G11-_v3Ge|eyPeKAIsffSjfF!7_Z)$M>| zK4p~&u&WJ!H_H*;Rg{sV%BcpC6yjTgL@&IIb)(IeG@q(l&kY+DED{KbI?yZ|a?x7p zs}_+YlOUU<7pR|=Dehq8MPZ*(fp1Q-uMI!M&4k-oxW{!4HN_Iw&(c|kNYIenjgFuD zOI;%h@pa07Y}R~*Y+Xe+e;5(1;_{A-)HH?}y=`Zq1PG}qItGZIBVSZRajtjxE8feo zuD?e>zNT340kNQ=2fJ$q>{BB{6iYrt+#oRw(f(witUf$Up>TSc@K65Zd;MK~-z`5q zfGO<@t@g~MZvVHYle+NNXXb}LW<~O50P!uf8qf8AKta`J+sRbCEHYZCxm?VAonbd` z;N{aWSswFO!@|E%rvu<%!pfK**7h{Nz@;Ftpau0m=Bp_jn_(C!LY9>uPasNN0;O*l z3{Fe(jE`7-qHa2V&JBq;-%cz)v9}?rzS<_n=wd@I?fJV0-YH1<75aa-ff^6*xhBvv zO@W1f+J);<5PI@>xV?z?3d*|Ovos=_E)x}5I^!e};fBT88$XB|kz^(ils;sqZ7 zs*6q&Xgt4&%ec}QEk?TqZj}kRHj*lo66Gv^v-1~164u>U7mlY=7Yj>#H#|gapZnaI zG<+=^eg&fY7jvviAAx(6-mN|f3B|IS(AmRN*vzURr>y6NA(xy&;53n)K`J;p1MZM6vju>7e}%BelwoM!>=S)2S}2}> zujiC76Jo``@%(%^`E+YIWje2*F0lFZH$`ML9&DYZ)e!|NVPvt?HlQSET_X*9srnWoeR>)6W~CeUt%?-oQ(ybwe`n|+2apzbyQDI$5s^= zWoM0tkm~0S3UIEycYTjD@ybx&zGEBFiJZ26LD`D2B-W2IM+6TUfFWQ1+}yRRAS}jO zXKuGj?sZVG8Y&kAwH#Yp^9Z2|>9*=AX{i;K7b&}D#w)d5X<9W%y(6s`*y+fBQPs=m zytcmIdv=Wx7WLCs#NT3Ia38o}TEk$Pgf|(+*WshZ5o9$V6mlSPMe|qQPI|98nPW?JHpy9QPwnCA6DzY!4gJf9+5yfu1xKjH!_mN-^|@9R-&JWBh1UOfScX$= z!@{Mu(me12Ktf63X?xHlynk(64SyCW8Aco&OT+x4ffvNGdo?$qY%QsOjM#S}RA@4d zbfQ>?jA)a0UB%|h0#nOFAWBR}c3B2l_$JS}jYrtjUD*pgMa3*~W;H23MRhMEwr2&* z?@;}zKmdn`LZ{a(p*nSL9vE%9OAj#7MQ5V{SMHYljWh5);$e(9>2`OoVx^)I)wWP! zx4uUh6$J3(#AqKRgVD=>4yb96-*EBv$*6?n31nST!SABRjW!hybl6&Bv$~^R42*Cx zjh|bdl!`~NSDys26i!NzL#OGVOji9FnKa(&64}f|>V-ewBOz}Uz#Ei>mF0(=^{@-( zM^A#_yXyCyPA98=qT?Pg!@%)T5GfW{0B}ON)x52hp*h?zBA#r2^y>RcRhjwrX5Z{{ z^`>|_<2Yh^PsAsTLEVfg81umtwd+x{V@@cc=fflO-Y2fm!w1CK#c@k^2fcw+6)k zaq9{y)KAY07#nkca+X5kr?h;A{x=vlIdTkc^Zx2lk%9Dx73rInM)SGaHM1Yd)ntZ;?R6)NtqFT22%Ru^Kdg3uYoG{|?;pxmge(_uUY@ zpS?_b_B;XMSP7fzr)VX+Tk=sCwD(0M#3ybS*C;$vV!%nXk&52RwVhVs_t5u!uBd7N zjh}DNXsG7qF#cADa~Yc2z@)4v3)6699q=v%jbw@&@$<{F%(oQuEZ7 zt|XYrw;H#9S#C`Zt`3@xQew8$EzW-=4ND8V{5K9~UI7s(1y5SUFoY_whtjmnBNOU) zFPydl1mvv5Xo=0wefHH{Ei9FbS8o9IYwREcXAsKb9fvRC1oflqq(a;2hu4rvRm`zw zRuMCJIZ`Ac-wc+}geSCJ<#*cRRs6TFiTf%BG0?()DsgOyet~c2ByS^&3~X{FNYh(? zGp94{%)I`m4)gek5)Hn@E4&&80B*1=JVi7wswaP6(}_b)#QeI`1~|;z`X16VG3^ii zx%`Mgqw$q-1o=NI7v~+n4!9p;0o(@>OncjRRL$L-&4f&YmcF&3U1@DEUbWWK(YM(S3#M5pF@Nr-xXT`HXb zR7wXTSF;{N%`}tLGDJV;Z)pHs2E9@FUR$m5e8rwaG=2u(5k;A|A15|P~Kf!#Yo z6Epr@&doX(yX&2vzS0WnJOmb}t~~51-GNho8~?2!RQ_Xc<&lc$3(+>WAH)3YtrEhi zMYn2?dz`rr)!M~c#l&Ey0gIG7&!vgj048|Xh_=Z5#VAT!^zHbLKm!|u$y*BBbfyx# zA;KvSQiPeQ)^`sL-Ox(Okvwr+M{m*6k$;%PpLFy zmUp|2wC-KYYeJwV5&>K~H^Vg~Z%aQ=hG*|z0a?(N^fu_Xg=n*o&?!@-kT1-C@vMMI zq?0BMNSF|cz>^6AtC=pfSb$;Vgu3RDe?$RPC$hdzfm9}Xh!92l*SXyba zM!rY)cB>K~3d~^+GZaMc`6(M1;FL)n45Ylz5Q*bEiYh#1JQ_MuN|KBrNP*zeM}X3G z78NsEfPSJb2+`c{121WA%caqObB)o@K)>fG2cXMMMx3HiD9hJ*fB&#YQum!0#$&g` ztKXNiYAM*D@M4$talz<=Hgv-a{DJCufz?^x1etf{jvna;Gl7IGjiW|5_UL-C^*z~| z4yZBnLt||3VZ7e+!a;oV#xu2P{d78cc~{`%@a)Yr_xQei2sq=l=JG^;a?duzCU#ZB zn*x1XI_kNO??jKGB(W208r-Sd?piu%ump#>Kh4SHz&I`Z4K=&Vyl+yZE^ea_*r3^m zkt0%D*8KYmIvpVA&FgWnV;ccRP8Ug(z}#xo{=+A;l>OY!9zlc>w;CIbgY|VdwYQ{B zc6eB&=sDAh2LPExye>16hDq9 zGDiNcQb3o&YWys_3Sh*flXVV8e~V0EI1{_9bOHhh00e>r$eCZFKBvN~QrS=b)b7DgNb8qii-%cBL^R-Ve{}6gMI9{q z3qRumXfA9ojhl_n?Dvh1?37LnOzM-NXY^l@k~>r5c$G~VIH&6bcbh{|RIv5OCV@`q zx)refrNw2R+!dW-047Z;f|1uHxikejif0bZ4mc0Hz85F+;`6p$MmJQP!{mJLYSQa2 z7zNpem>?VTmt2`o9Tfasf7-nz*{pNhDFK^kUhu;$La1jwFyjivgp+K%GNEq6ZF=WS z$Tsyq_L#sIIdsOqcbU?k_d3RempU6c;ljNs@a$lyV&`M#_vG!_^xILYm<*5xK0Kyh z$`g~=$qQ^b_%Bq}{6^pIE{EI{^y@hj*w>qYl~NlGq#p;ZS68u7e@PL=O1Qe=BBPxx z@NS+7=OX-PM)A(?x-`}vjHFZ7QJSVIY%wbRqe`y^VyxP`_>S>4rZhwc| zLm(Zz|5gwcFg`9+aj*PsR=;mLW!E;|A(+xAAr$xY*S^u%aKcIpraU-u3eN*T6<-94 zaNChNoSxzx*XtLN3JoW#_)s+iqp6BeIKt3-W*g!#b)4Q9FVGm0FeJ*LbF7i0q7=s| zKLo!xnz@b!f0P#7>`9obYh;hjsBzB3|EL0vUimmDa4Y(&awBE2XsE{8$kUzkaJgv1 zF<~=PO2=+=t5`>s64g6!$nLg({t&){t+D_uGM@k!MqFms`d+W2wpm77BF zQWu#=?&KBoBurz9I~DP9UnPzG;bpc8-d-`H?~}{z%eg7e*M<05O9A7XaQ?83ga8Xj z>^(YAe2k*)-(@+)g51Pzm@dgfP2d?REZG)ot$khp0}}rkAL|KM8Oyg=TVm8sE_bY; z7cE79f8NzdM~rZ1M*V|IbD7r&sOuk{;a{yjGZm-Blr~<=-r{W`ES`KCQG{Phu4<5hDgP?8eX^8Bfbcg`7 zT9l!Mm#Z4B!62RdG-$%Ps}TzcwmFlN6DTqt}J00yCuYybcN delta 4952 zcmV-e6Q}I$C+8;wFoF}~kpx+PtDwCb`4dt60s;sCfPxMP;E329L~AbVPg*v^a=lFQ zKo{9zLsg31!-5q`4*2*(gjnLy=Nl2bTKHcCwsI83H{yzX;8lY%Wu% z#THyEUG?d~W2Xo*`#M~#Z_W^HkBTZ-h|HB0m^A={G+Gu=xUD{NZ`ZTQWd*bayS~S$1pV{7DcD_~XUt!aH8Ejrja~)CWWzq=J~inD&FO;rAIk@T)1*FiDcTxh5Z_fAToYHThPg!t3qRsl}K9((-c#}mPSYkuz`-AxQXuS>mp ziZ`aN4m=Jn zA|7DCAL5p-#JfOtIEJ=_?uXLITSf@?(w!&zNz%>Zvv&7#9;ZGCwc#4pi&J+-Y&^0< zzg!9{7n#(`E29U0*1?eV74V1o43ks?>D3(^*t_^0RAdc|cP>-#=WS;6)G4sdL00YJ7c9~Cp`P$ggSti zR@P2x3qcsCI+Yp8&ze$vuH}ivcGN0E-mCTan2SnS141F}5r6VD*k- zrL@st25Tysm7226>^JYgu3vv&V{uV>PGoR@eBMT|1k^l{Qb=JW1%=XGiWOvAT@!0M zCGqZx6EZwwrMCJiJvo_e(>j8lNkq5bdnT0}Z^-!8cMoTbGo*%FZU76^Nf9$bOM_17>f7!3ukGy*5m=I`#b>JNu7>)FNyZR= zt(2%Hi;*3H?@htWmD%XXi{vZ_h^{AU+8cr%bc*2 zL_{c2Lny4I4hNk*&AYO~9Hhn4Oxv%k&<_UN=xq~vO!2}juEA#VOt)Qn!bJvC!ysir z^iQA!NBA$8r5`O@svpNM9|IQ2O<7X$cthA2ph&wmwHy&hH)F>Z+XNVCY{SZb7_Jpr zA5!-jw)B9ztH?6N(o#8}>uE-kMl3)3u7(`>syWuCT^Cw&c@7ZkrJ`>KHyUvx5N)*Fe12B2nLx);Ih0Eyj08US~-PEq84AUHSxndN_63p^$G= zXvfwZ`f5BdQfI&7>+alt0F3Y(V@?}!=~?9J0*U?Twj6>*2r^1$8b0Zo#e`@tq?##t5RrYS0e6jSA_1@(+It4afz?3g~{4 zR=3HRp9x@W5txx5y{n22R{{6(*?yaY7AVh=L#p}dcvp^mzqz%L2b%)&M+@n^_zl&N z0SP@Y>v`(>#QYqfA&(H{afDvvM^o6Uu4*4B^DnhD&{P)&XuUai)rcXV@!jPJr^;n_ zJUQ>g-S3#QQn87DJY}<%Ji;Nz6zhldn4bjs-dX^d>467H5E1b-&OzrrV+igHdXt=S z-`@m$8p*cNS&|`Fp4}F(Y}nk2Fu2UPeKXAy8Bk(h?(bO8D;9wo{@$fdxS8i zNjV24fml}%Bu98y&2QcLeGQ?IV<@KLlMQ!vpRVvKo0isplY%XOqLQ)AT{Q%eG!wct z;T$vpy*1S=FSTDWih4K3YhH5ghsZ$`49Yo{7`XKEA_7qPFBCXH%%}t_Z#+Ji5l(sTAT%p7e7AELFTSbjTjMtKr;JQGj)|`ns#~y&RjD}VK2L3JT3|$~{ zkTJpvNFm;T=M>uk>YWS8&*(l{5eQufA_htPGU~cqhNU#K$qG`%mnsXee)h*SF&5u7 z(&W@aBa5!nj@3nQ{T?v}IyBY_Jq<-=fm61?<=RK(MldNO+YDKYa&iyn_{|xjP4g5pbpU@k}xtS`IyX~p-xrL zw5wknS;(i@;b$iY2;`X8!yB3NcqJCgJRi3tAR@z$w05k@rHth6AM3^K=}+tcmDWQe z&U6od2R!f69qD9^B}pt44OnaFqrz)>+l=T_j>oLH#O$L-QMeq#15Ye{{g6`Ql4l#{ zY0gxJW%1-y6oNJY6es^8xPrc;|w+r;*%xnoe=cS)pQeifKOedllMr6iafBcZgMb6uU>;KtQ z3J)AVJS~?!-GL_18syV87>g&Pzo=S^R_N7{>CZGq=M^#77S94ykZE4eLEnlLic6D! z2rTw2_W$Mv9qdOhZ1CKx-toXnYKxwv<{q#-O~HRt`9`B&z=qVF>0hOND?Qo&PZKnW7GRCVEc z`Ly$~*4M$L7%^+-?MUs`p)dgzjpIarQok0Zl7Jp=(+e3Uu?{E#gz40v69r8eSaA2t z5pRk(n-&TBK@t=lHyob<^rzm8NFhHl7GF}E~ zbdfj%F)j$RR{MhQ2pOJ;t3D0UEl8>ei(1KlM%>?qTZJq%(# z*69JdR<0HSg?p|5Ucy_FqOwxM%$8>{SiG~Ki^q5BQF4IaW;noEC+c`8iGUu8din_2 zwbs|@sl9)L2x_wRyXNw6M#VXQm3@6q?5QQ>V5v%lIheiA>1(4O$o|G^@jh1o{VHFs zg2Tq5Jb4PhjA6r%E8FJxX8(NtLTGcxrL)SEM)4^s z`TU%%RB8;flUB9$A+S7wpy)aDC?*(ECHa3Jsmhm$mU6Q61$xaTmI}cT&?X?HbAs#T zxpY%5hcDd8VGxxbB%EFJO{yY;mLtUL?ut{KUFHfG;&{&29d$ylXVV8f7Lp7dMBY3CjtTp00e>r$ZnP&@$n2#%?)d{vp#rU zd81Jq9eQ3eK}iUxCa3VBOax~6OllFL13fc?Uf@M-V<6>5%RX&Ep-T0NY76Bkm>+Et z2EZ$Oea2BfF8WIFgsm0by?I-NMOQA8l_j`8;|SWTmEFWjP&Uq{`3xxCfBWT^QZcjo z($;dS%r$t4TXOH>rt@ofZSXdCYl4^LkdWC6(RzzEfxsW6vM!oI0pncxksu@jjr^$I z$3EIrT?lvz1Vf|Jz$%i&4&!@^&A-~n7+|&OV{q3NR3=3YkUUlrH=Sf!gX1xRZp3-)CnYxHY-2UoDTUX7AZkKk`yTVJ zSbUOk$H`v^^}LGVx5OJ>&d#sP4ZmI9i$sFmQ0?pD2_VI2=^*Abf1;8Ggju`8M?pMR zsppyIC6m8jg&l8s&@)vjC&GDH2J!I&c1S@c3fFKjP~}eeVmc`s zIsZze0E?Bq#5i&3cSdf+mvxSKvi(iGh`(gsV1#&Fqe9Tsm4Am;Uh8q%F_?9mNWxVQ zerJFwhyx+ut(Om*e>>#;QK|F{7sWlI>HCC5{X?D#{68)c!oV|JB{++%{^e^)wHk68 zbqXxzVWGuGYBxK&8R7PuKM(eSW~aY2q|ZP#8+m|nkx6%PeeuM2zOi$0BC!bnahltZ z!e8ce3@{iK%kE391Sh3UZVK!8rR9?@>*u7F@7`;+vo={sf9f~-i<6vosZ^*)_sgIi zDL+Tq_wBi)=uPU?CgO-4@>Ar@3m`61$#kniatiZ5#t$uD`FGGbH^M6qhn=;-6ZBmg zwzQqQEpas%NIz7x$ z`)i}#-t12=1LuBH+KcGDUvtB!o@Qq842uA8wmKKpm!RH@Zr;87sM_ga^%ll>)@ncD zc>T%S_Vja#5?M>pWM4m31`2nVm|V1{Ogy<4M^kfF{v}7hQy~-@33oh->O_FjRp2nF zVooGqf4j(UDgDtw@FA6vN!c6w1%)gU&cKzfu7N#hXZ4YybYqp1#ZL#nrtQ)A^~d7y z0x}$;9(jHmFeElgBT)u0=jbDe!clV+epv{%dQ`*DSL}QVvapd4I)?4h|GsdVMkFo)FMZ33eqF{nDR&@d;Qf`ucPsh z^UPo~d;3|oyu(x$7&l7(=lU4ZYUaTvU9O)vt+oGpc}m}*z-XS)w|;$(cff~yD2o$> z1!p*8lmS(p2Vm&q1x7gQVDRB@$xV}!6DTYzFdr}n1_dh)0|FWZ6bjZ^S|UJRPAPTt WczFB%1LXSeAp{5<*ymr9yxiUM0fY1a From b7359bc930f8d21e7c4299f62dbef5d9cf1c7053 Mon Sep 17 00:00:00 2001 From: Luis Presuel Date: Mon, 21 Apr 2025 11:34:10 -0600 Subject: [PATCH 5/8] fixes p12 cert path for tests --- cmd/vcert/playbook_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/vcert/playbook_test.go b/cmd/vcert/playbook_test.go index 54338820..1280e591 100644 --- a/cmd/vcert/playbook_test.go +++ b/cmd/vcert/playbook_test.go @@ -39,7 +39,7 @@ func TestPlaybook(t *testing.T) { } func (s *PlaybookSuite) TestPlaybook_SetTLSConfig() { - p12FileLocation := "../../test-files/playbook/new.p12" + p12FileLocation := "../../test-files/playbook/cert.p12" p12Password := os.Getenv(util.ENV_DUMMY_PASS) playbook := domain.Playbook{ From b746b2c4f6c647315c092a578a36361292701454 Mon Sep 17 00:00:00 2001 From: Luis Presuel Date: Tue, 22 Apr 2025 16:34:12 -0600 Subject: [PATCH 6/8] fixes cucumber tests --- aruba/features/step_definitions/actions.rb | 1 - cmd/vcert/playbook_test.go | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/aruba/features/step_definitions/actions.rb b/aruba/features/step_definitions/actions.rb index 476ba788..f3c44e0f 100644 --- a/aruba/features/step_definitions/actions.rb +++ b/aruba/features/step_definitions/actions.rb @@ -121,7 +121,6 @@ end end steps %{Then I try to run `#{cmd}`} - steps %{Then I try to run `#{cmd}`} end When(/^I generate( random)? CSR( using dummy password)?(?: with flags (.+))?$/) do |random, dummy_password, flags| diff --git a/cmd/vcert/playbook_test.go b/cmd/vcert/playbook_test.go index 1280e591..acc1262a 100644 --- a/cmd/vcert/playbook_test.go +++ b/cmd/vcert/playbook_test.go @@ -5,6 +5,7 @@ import ( "crypto/tls" "encoding/json" "encoding/pem" + "fmt" "net/http" "os" "testing" @@ -41,6 +42,7 @@ func TestPlaybook(t *testing.T) { func (s *PlaybookSuite) TestPlaybook_SetTLSConfig() { p12FileLocation := "../../test-files/playbook/cert.p12" p12Password := os.Getenv(util.ENV_DUMMY_PASS) + fmt.Println("p12password: ", p12Password) playbook := domain.Playbook{ CertificateTasks: domain.CertificateTasks{ From 808230fb3b5492e5f8aa19a9648206d1b98891d7 Mon Sep 17 00:00:00 2001 From: Luis Presuel Date: Wed, 23 Apr 2025 10:36:21 -0600 Subject: [PATCH 7/8] removes double quotes from environment variable of dummy password --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index ee1b4552..596fac37 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ define cucumber_image_build docker build --tag vcert.auto aruba/ endef -export DUMMY_PASS="CyberArkT3stP4ZZC0de%jQX^J=4H" +export DUMMY_PASS=CyberArkT3stP4ZZC0de%jQX^J=4H define cucumber_tests_run if [ -n "$(FEATURE)" ] && [ -n "$(PLATFORM)" ]; then \ From 5fe6a68c3eb16c751c1c23017d785e8b09414c6f Mon Sep 17 00:00:00 2001 From: Luis Presuel Date: Wed, 23 Apr 2025 11:19:04 -0600 Subject: [PATCH 8/8] removes print --- cmd/vcert/playbook_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/cmd/vcert/playbook_test.go b/cmd/vcert/playbook_test.go index acc1262a..1280e591 100644 --- a/cmd/vcert/playbook_test.go +++ b/cmd/vcert/playbook_test.go @@ -5,7 +5,6 @@ import ( "crypto/tls" "encoding/json" "encoding/pem" - "fmt" "net/http" "os" "testing" @@ -42,7 +41,6 @@ func TestPlaybook(t *testing.T) { func (s *PlaybookSuite) TestPlaybook_SetTLSConfig() { p12FileLocation := "../../test-files/playbook/cert.p12" p12Password := os.Getenv(util.ENV_DUMMY_PASS) - fmt.Println("p12password: ", p12Password) playbook := domain.Playbook{ CertificateTasks: domain.CertificateTasks{