github.com/Venafi/vcert/v5@v5.10.2/aruba/features/playbook/steps_definitions/my_steps.rb (about) 1 require 'yaml' 2 3 Given(/^I have playbook with (\S+) connection details$/) do |platform| 4 5 @playbook_data = { 6 config: { 7 connection: nil 8 } 9 } 10 11 if platform == PLATFORM_TPP 12 validate_tpp_envs 13 connection_tpp = { 14 platform: "tpp", 15 url: ENV['TPP_URL'], 16 trustBundle: ENV['TPP_TRUST_BUNDLE'] 17 } 18 credentials = { 19 clientId: "vcert-sdk", 20 accessToken: ENV['TPP_ACCESS_TOKEN'] 21 } 22 connection_tpp['credentials'] = credentials 23 @playbook_data[:config][:connection] = connection_tpp 24 elsif platform == PLATFORM_VAAS or platform == PLATFORM_VCP 25 validate_vaas_envs 26 connection_vaas = { 27 platform: "vaas" 28 } 29 credentials = { 30 clientId: "vcert-sdk", 31 apiKey: ENV['CLOUD_APIKEY'] 32 } 33 connection_vaas['credentials'] = credentials 34 @playbook_data[:config][:connection] = connection_vaas 35 end 36 end 37 38 Then(/^I created playbook named "(.*)" with previous content$/) do |fname| 39 new_data = object_to_hash(@playbook_data) 40 stringified_data = stringify_keys(new_data) 41 path_name="tmp/aruba/#{fname}" 42 File.write(path_name, stringified_data.to_yaml) 43 end 44 45 And(/^I have playbook with certificateTasks block$/) do 46 @playbook_data['certificateTasks'] = Array.new 47 end 48 49 And(/^I have playbook with task named "(.*)"$/) do |task_name| 50 aux_playbook_task = PlaybookTask.new() 51 aux_playbook_task.name = task_name 52 @playbook_data['certificateTasks'].push(aux_playbook_task) 53 end 54 55 And(/^task named "(.*)" has request$/) do |task_name| 56 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 57 current_certificate_task.request = Request.new 58 end 59 60 And(/^task named "(.*)" has request with "(.*)" value "(.*)"$/) do |task_name, key, value| 61 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 62 63 if request_key_should_be_string(key) 64 if value.is_a?(String) 65 current_certificate_task.request.send "#{key}=", value 66 else 67 fail(ArgumentError.new("Wrong type of value provided for key: #{key}, expected a String but got: #{value.class}")) 68 end 69 elsif request_key_should_be_integer(key) 70 value_int = to_integer(key, value) 71 current_certificate_task.request.send "#{key}=", value_int 72 elsif request_key_should_be_boolean(key) 73 value_bool = to_boolean_kv(key, value) 74 current_certificate_task.request.send "#{key}=", value_bool 75 elsif request_key_should_be_array_of_strings(key) 76 array_string = value.split(',') 77 if array_string.all? { |elem_value| 78 unless elem_value.is_a?(String) 79 fail(ArgumentError.new("Wrong type of value provided for key: #{key}, expected an Array if strings but got value in array that is: #{elem_value.class}")) 80 end 81 } 82 current_certificate_task.request.send "#{key}=", array_string 83 end 84 elsif key == "location" 85 fail(ArgumentError.new("request key: #{key} should be defined with regex: \"task name <name> has request with Location instance\"")) 86 elsif key == "subject" 87 fail(ArgumentError.new("request key: #{key} should be defined with regex: \"task name <name> request has subject with: <key> value <value>\"")) 88 else 89 fail(ArgumentError.new("type of value #{value.to_s} is not valid for request key: #{key}")) 90 end 91 end 92 93 And(/^task named "(.*)" has request with default "(.*)" zone$/) do |task_name, platform| 94 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 95 if platform == "TPP" 96 current_certificate_task.request.zone=ENV['TPP_ZONE'] 97 elsif platform == "VaaS" 98 current_certificate_task.request.zone=ENV['CLOUD_ZONE'] 99 else 100 fail(ArgumentError.new("Unknown platform: #{platform}")) 101 end 102 end 103 104 And(/^task named "(.*)" has request with default Elliptic Curve "(.*)" zone$/) do |task_name, platform| 105 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 106 if platform == "TPP" 107 current_certificate_task.request.zone=ENV['TPP_ZONE_ECDSA'] 108 elsif platform == "VaaS" 109 current_certificate_task.request.zone=ENV['VAAS_ZONE_EC'] 110 else 111 fail(ArgumentError.new("Unknown platform: #{platform}")) 112 end 113 end 114 115 And(/^task named "(.*)" has request with Location instance "(.*)", workload prefixed by "(.*)", tlsAddress "(.*)" and replace "(.*)"$/) do |task_name, instance, workload_prefix, tls_address, replace| 116 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 117 current_certificate_task.request.location = Location.new 118 workload = "#{workload_prefix}-#{Time.now.to_i.to_s}" 119 120 current_certificate_task.request.location.instance = instance 121 current_certificate_task.request.location.workload = workload 122 current_certificate_task.request.location.tlsAddress = tls_address 123 current_certificate_task.request.location.replace = to_boolean(replace) 124 end 125 126 And(/^task named "(.*)" request has subject$/) do |task_name| 127 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 128 current_certificate_task.request.subject = Subject.new 129 end 130 131 And(/^task named "(.*)" request has subject with default values$/) do |task_name| 132 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 133 134 org_units = "engineering,marketing" 135 current_certificate_task.request.subject.locality = "Salt Lake City" 136 current_certificate_task.request.subject.organization = "Venafi Inc" 137 if current_certificate_task.request.zone == ENV['VAAS_ZONE_EC'] 138 current_certificate_task.request.subject.locality = "Salt Lake" 139 current_certificate_task.request.subject.organization = "Venafi Inc." 140 org_units = "Integrations,Integration" 141 end 142 array_org_units = org_units.split(',') 143 current_certificate_task.request.subject.country = "US" 144 current_certificate_task.request.subject.state = "Utah" 145 current_certificate_task.request.subject.orgUnits = array_org_units 146 end 147 148 And(/^task named "(.*)" request has subject with "(.*)" value "(.*)"$/) do |task_name, key, value| 149 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 150 if request_subject_key_should_be_string(key) 151 if value.is_a?(String) 152 current_certificate_task.request.subject.send "#{key}=", value 153 else 154 fail(ArgumentError.new("Wrong type of value provided for key: #{key}, expected a String but got: #{value.class}")) 155 end 156 elsif request_subject_key_should_be_array_of_strings(key) 157 array_string = value.split(',') 158 if array_string.all? { |elem_value| 159 unless elem_value.is_a?(String) 160 fail(ArgumentError.new("Wrong type of value provided for key: #{key}, expected an Array if strings but got value in array that is: #{elem_value.class}")) 161 end 162 } 163 current_certificate_task.request.subject.send "#{key}=", array_string 164 end 165 else 166 fail(ArgumentError.new("type of value #{value.to_s} is not valid for request subject key: #{key}")) 167 end 168 end 169 170 And(/^task named "(.*)" request has subject random CommonName$/) do |task_name| 171 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 172 cn = random_cn 173 current_certificate_task.request.subject.commonName = cn 174 end 175 176 And(/^task named "(.*)" request has subject random CommonName with random site name and fixed Domain Name "(.*)"$/) do |task_name, domain_name| 177 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 178 cn = random_string + "." + domain_name 179 current_certificate_task.request.subject.commonName = cn 180 current_certificate_task.request.sanDNS = [ cn ] 181 end 182 183 And(/^task named "(.*)" has installations$/) do |task_name| 184 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 185 current_certificate_task.installations = Array.new 186 end 187 188 And(/^task named "(.*)" has installation format PEM with file name "(.*)", chain name "(.*)", key name "(.*)"(?: with)?( password)?(?:,| and)?( installation)?(?:,| and)?( validation)?(?: and uses)?( backup)?$/) do |task_name, cert_name, chain_name, key_name, password, installation, validation, backup| 189 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 190 aux_installation = Installation.new 191 aux_installation.format = "PEM" 192 aux_installation.file = "{{- Env \"PWD\" }}" + PATH_SEPARATOR + TEMP_PATH + PATH_SEPARATOR + cert_name 193 aux_installation.chainFile = "{{- Env \"PWD\" }}" + PATH_SEPARATOR + TEMP_PATH + PATH_SEPARATOR + chain_name 194 aux_installation.keyFile = "{{- Env \"PWD\" }}" + PATH_SEPARATOR + TEMP_PATH + PATH_SEPARATOR + + key_name 195 if password 196 aux_installation.keyPassword = "Passcode123!" 197 end 198 if installation 199 aux_installation.afterInstallAction = "echo SuccessInstall" 200 end 201 if validation 202 aux_installation.installValidationAction = "echo SuccessValidation" 203 end 204 if backup 205 aux_installation.backupFiles = true 206 end 207 current_certificate_task.installations.push(aux_installation) 208 end 209 210 And(/^task named "(.*)" has installation format JKS with cert name "(.*)", jksAlias "(.*)" and jksPassword "(.*)"(?: with)( installation)?(?: and|)( validation)?$/) do |task_name, cert_name, jks_alias, jks_password, installation, validation| 211 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 212 aux_installation = Installation.new 213 aux_installation.format = "JKS" 214 aux_installation.file = "{{- Env \"PWD\" }}" + PATH_SEPARATOR + TEMP_PATH + PATH_SEPARATOR + cert_name 215 aux_installation.jksAlias = jks_alias 216 aux_installation.jksPassword = jks_password 217 if installation 218 aux_installation.afterInstallAction = "echo SuccessInstall" 219 end 220 if validation 221 aux_installation.installValidationAction = "echo SuccessValidation" 222 end 223 current_certificate_task.installations.push(aux_installation) 224 end 225 226 And(/^task named "(.*)" has installation format PKCS12 with cert name "(.*)" and password "(.*)"(?: with)( installation)?(?: and|)( validation)?$/) do |task_name, cert_name, p12_password, installation, validation| 227 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 228 aux_installation = Installation.new 229 aux_installation.format = "PKCS12" 230 aux_installation.file = "{{- Env \"PWD\" }}" + PATH_SEPARATOR + TEMP_PATH + PATH_SEPARATOR + cert_name 231 aux_installation.p12Password = p12_password 232 if installation 233 aux_installation.afterInstallAction = "echo SuccessInstall" 234 end 235 if validation 236 aux_installation.installValidationAction = "echo SuccessValidation" 237 end 238 current_certificate_task.installations.push(aux_installation) 239 end 240 241 And(/^task named "(.*)" has installation format PKCS12 with cert name "(.*)" and password "(.*)" and useLegacyP12 (?: with)( installation)?(?: and|)( validation)?$/) do |task_name, cert_name, p12_password, installation, validation| 242 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 243 aux_installation = Installation.new 244 aux_installation.format = "PKCS12" 245 aux_installation.file = "{{- Env \"PWD\" }}" + PATH_SEPARATOR + TEMP_PATH + PATH_SEPARATOR + cert_name 246 aux_installation.p12Password = p12_password 247 aux_installation.useLegacyP12 = true 248 if installation 249 aux_installation.afterInstallAction = "echo SuccessInstall" 250 end 251 if validation 252 aux_installation.installValidationAction = "echo SuccessValidation" 253 end 254 current_certificate_task.installations.push(aux_installation) 255 end 256 257 And(/^task named "(.*)" has setenvvars "(.*)"$/) do |task_name, set_env_vars| 258 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 259 current_certificate_task.setenvvars = set_env_vars.split(',') 260 end 261 262 And(/^task named "(.*)" has renewBefore with value "(.*)"$/) do |task_name, renew_before| 263 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 264 current_certificate_task.renewBefore = renew_before 265 end 266 267 And(/^task named "(.*)" has request with nickname based on commonName$/) do |task_name| 268 current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name } 269 if current_certificate_task.request == Request.new 270 fail(ArgumentError.new("Error while trying to set friendlyName based on commonName: no request defined")) 271 end 272 if current_certificate_task.request.subject == Subject.new 273 fail(ArgumentError.new("Error while trying to set friendlyName based on commonName: no subject defined")) 274 end 275 if current_certificate_task.request.subject.commonName.nil? or current_certificate_task.request.subject.commonName == "" 276 fail(ArgumentError.new("Error while trying to set friendlyName based on commonName: no commonName defined")) 277 end 278 current_certificate_task.request.nickname = "friendly.#{current_certificate_task.request.subject.commonName}" 279 end 280 281 And(/^I uninstall file named "(.*)"$/) do |file_name| 282 file_path = Dir.pwd + PATH_SEPARATOR + TEMP_PATH + PATH_SEPARATOR + file_name 283 steps %{ 284 Then a file named "#{file_path}" does not exist 285 } 286 end 287 288 When(/^playbook generated private key in "([^"]*)" and certificate in "([^"]*)" should have the same modulus(?: with password |)(.*)?$/) do |key_file, cert_file, password| 289 cert_path = Dir.pwd + PATH_SEPARATOR + TEMP_PATH + PATH_SEPARATOR + cert_file 290 key_path = Dir.pwd + PATH_SEPARATOR + TEMP_PATH + PATH_SEPARATOR + key_file 291 292 if password != "" 293 steps %{ 294 Then I run `openssl rsa -modulus -noout -passin pass:#{password} -in #{key_path}` 295 And the exit status should be 0 296 } 297 else 298 steps %{ Then I run `openssl rsa -modulus -noout -in #{key_path}` } 299 end 300 steps %{ 301 And I remember the output 302 And I run `openssl x509 -modulus -noout -in #{cert_path}` 303 Then the outputs should be the same 304 } 305 end 306 307 When(/^playbook generated "([^"]*)" should be PKCS#12 archive with password "([^"]*)"$/) do |filename, password| 308 cert_path = Dir.pwd + PATH_SEPARATOR + TEMP_PATH + PATH_SEPARATOR + filename 309 310 steps %{ 311 Then I try to run `openssl pkcs12 -in "#{cert_path}" -passin pass:#{password} -noout` 312 And the exit status should be 0 313 } 314 end 315 316 And(/^"(.*)" should( not)? be encrypted "(.*)" private key$/) do |filename, negated, key_type| 317 318 if key_type == "RSA" 319 header = "-----BEGIN RSA PRIVATE KEY-----" 320 elsif key_type == "ECDSA" 321 header = "-----BEGIN EC PRIVATE KEY-----" 322 else 323 fail(ArgumentError.new("Unexpected Key Type. Unknown Key Type: #{key_type}")) 324 end 325 326 file_path = Dir.pwd + PATH_SEPARATOR + TEMP_PATH + PATH_SEPARATOR + filename 327 lines = File.open(file_path).first(2).map(&:strip) 328 329 if lines[0] == header then 330 if lines[1].include?("ENCRYPTED") 331 if negated 332 fail(ArgumentError.new("Expected #{key_type} key to not be encrypted but fail to found on first line: #{lines[1]}")) 333 end 334 else 335 unless negated 336 fail(ArgumentError.new("Expected #{key_type} key to be encrypted but fail to found on first line: #{lines[1]}")) 337 end 338 end 339 else 340 fail(ArgumentError.new("Expected #{key_type} key headers: #{header} but got in first line: #{lines[0]}")) 341 end 342 end