24 lines
1.1 KiB
Plaintext
24 lines
1.1 KiB
Plaintext
|
# SSH Certificate Signing Tests
|
||
|
|
|
||
|
|
This file contains the new test class `TestCertificateSigning` that should be appended to the end of `test_ssh_workflows.py`.
|
||
|
|
|
||
|
|
## Test Class: TestCertificateSigning
|
||
|
|
|
||
|
|
The class includes the following tests:
|
||
|
|
|
||
|
|
1. `test_sign_certificate_default_principals_positive` (SSH-CERT-01)
|
||
|
|
2. `test_sign_certificate_custom_principals_positive` (SSH-CERT-02)
|
||
|
|
3. `test_sign_certificate_unverified_key_negative` (SSH-CERT-04)
|
||
|
|
4. `test_sign_certificate_no_principals_negative` (SSH-CERT-05)
|
||
|
|
5. `test_sign_certificate_unauthorized_principals_negative` (SSH-CERT-06)
|
||
|
|
6. `test_sign_certificate_suspended_account_negative` (SSH-CERT-07)
|
||
|
|
7. `test_sign_certificate_no_ca_negative` (SSH-CERT-08)
|
||
|
|
8. `test_sign_certificate_cross_user_key_negative` (SSH-CERT-09)
|
||
|
|
|
||
|
|
## Implementation Details
|
||
|
|
|
||
|
|
The tests require:
|
||
|
|
- A setup helper function `_setup_cert_env` that creates a user with verified key, org membership, principal assignment, and CA
|
||
|
|
- Use of `tempfile`, `subprocess`, `os`, and `base64` for key generation and signing
|
||
|
|
- Proper error assertions using `assert_error` helper
|
||
|
|
- Direct database manipulation to suspend users for the suspended account test
|