1 line
7.7 KiB
Python
1 line
7.7 KiB
Python
|
[{}, {"response.get('message')}": 'if message_contains:\n assert message_contains.lower() in response.get(', 'f': "xpected message to contain '{message_contains"}, {"response.get('message')}": 'return data\n\n\ndef assert_error(exc: ApiError', 'expected_status': 'int', 'expected_error_type': 'str | None = None):', 'Inspect an ApiError raised by the client."': 'assert exc.status_code == expected_status', 'f': 'xpected status {expected_status'}, {'f': 'RL: {exc.method'}, {'f': 'esponse: {exc.response_data'}, {'{exc.error_type}': 'Tier 1 — C. SSH Certificate Signing\n# =============================================================================\n\nclass TestCertificateSigning:', 'Test SSH certificate signing at POST /ssh/sign."': 'def _setup_cert_env(self', 'create_test_membership)': '', 'CA."': 'import tempfile\n import subprocess\n import os\n import base64\n\n # Create a user and login\n user = create_test_user(password=', 'password="MyPassword123!': 'Generate a fresh Ed25519 key pair to avoid fingerprint collisions\n with tempfile.TemporaryDirectory() as tmpdir:\n key_path = os.path.join(tmpdir', 'test_key")\n gen_proc = subprocess.run(\n ["ssh-keygen", "-t", "ed25519", "-f", key_path, "-N", "': '-C', 'test@example.com': 'capture_output=True', 'pytest.skip(f': 'sh-keygen not available: {gen_proc.stderr.decode()'}, ['data'], ['id'], ['data'], ['challenge_text'], ['ssh-keygen', '-Y', 'sign', '-f', 'key_path, "-n', 'file', 'sig_path],\n input=challenge_text.encode(),\n capture_output=True,\n )\n if sign_proc.returncode != 0:\n pytest.skip(f"ssh-keygen sign failed: {sign_proc.stderr.decode()}', 'with open(sig_path, "rb', 'as sf:\n signature_b64 = base64.b64encode(sf.read()).decode()\n\n # Verify the key\n integration_client.ssh.verify_key(key_id, signature_b64)\n\n # Create an org and add user as member\n org = create_test_org(name="Test Org for Cert Signing")\n create_test_membership(user["id'], ['id'], ['id'], ['data'], ['id'], ['id'], ['email'], ['id'], ['serial'], ['email'], ['principals'], {'principals': 'ef test_sign_certificate_custom_principals_positive(self', 'create_test_membership)': '', 'TEST': 'SSH-CERT-04 — Reject signing with unverified key.\n\n WHAT: User with UNVERIFIED key', 'WHY': 'Only verified keys should be able to sign certificates.\n EXPECTED: 400 Bad Request with error_type=', '\n user, org, key_id = self._setup_cert_env(\n integration_app, integration_client, create_test_user, create_test_org, create_test_membership\n )\n\n # Sign certificate with custom principals\n result = integration_client.ssh.sign_certificate(key_id=key_id, principals=["deploy"])\n data = assert_success(result, "certificate")\n\n # Verify response contains expected fields\n assert "certificate" in data, "Response missing certificate"\n assert "serial" in data, "Response missing serial"\n assert data["serial"] is not None, "Serial should not be None"\n assert "principals" in data, "Response missing principals"\n # Should contain the requested principal\n assert "deploy" in data["principals"], "Requested principal \'deploy\' not in principals': 'ef test_sign_certificate_unverified_key_negative(self', '\n user = create_test_user(password="MyPassword123!")\n integration_client.auth.login(email=user["email"], password="MyPassword123!': "Generate a fresh Ed25519 key pair but DON'T verify it\n with tempfile.TemporaryDirectory() as tmpdir:\n key_path = os.path.join(tmpdir", 'test_key")\n gen_proc = subprocess.run(\n ["ssh-keygen", "-t", "ed25519", "-f", key_path, "-N", "': '-C', 'test@example.com': 'capture_output=True', 'pytest.skip(f': 'sh-keygen not available: {gen_proc.stderr.decode()'}, ['data'], ['id'], ['id'], ['id'], ['id'], ['data'], ['id'], ['id'
|