cyberark-conjur-cli icon indicating copy to clipboard operation
cyberark-conjur-cli copied to clipboard

Published 20 hours ago verified publisher icon cyberark

Consistent test failures when run against CA signed cert configured server

Open sigalsax opened this issue 4 years ago • 1 comments

Summary

We have two tests that do no pass (and should not pass) when running against a Conjur server machine/LB that has been configured with a CA signed certificate.

test_https_cli_fails_if_cert_is_bad and test_https_cli_fails_if_cert_is_not_provided. The reason they should not pass is because these two tests check the cert_file field of the conjurrc and with the CA signed cert flow, we do not use that field to verify certificates. Instead we verify the certificate provided by the server on each request against known CA bundles on the machine. In other words, we don't use the cert_file field contents

FYI @eladkug

Steps to Reproduce

Steps to reproduce the behavior:

  1. Pack the cli and the test runner pyinstaller -F test/util/test_runners/integrations_tests_runner.py and pyinstaller -D ./pkg_bin/conjur on macOS

  2. Run ./dist/integrations_tests_runner
    --identifier test_with_process
    --urlhttps://sigallb.aim-dev.conjur.net/
    --account cucumber
    --login admin
    --password blah
    --files-folder test
    --cli-to-test ./dist/conjur/conjur

  3. See first two tests failing

Expected Results

Either fix the flow or add a filter on the tests that should be run

Reproducible

  • [x] Always
  • [ ] Sometimes
  • [ ] Non-Reproducible

sigalsax avatar Feb 23 '21 13:02 sigalsax