Add TestGetCertInfo tests for get_cert_info() in ssl.py

[Raavi29]

Proposed change

Summary

Adds 13 unit tests for get_cert_info() in nettacker/core/lib/ssl.py as a new TestGetCertInfo class appended to the existing test suite. Original 574-line SSL test site is fully preserved

##What was tested

• Return type is dict
• All required keys present: expired, self_signed, issuer, sbject, signing_algo, weak_signing_algo, activation_date, expiration_date, not_activated, expiring_soon
• Self-signed certificate correctly detected
• Expiry stats correct for valid certificate
• Subject contains expected CN value
• Date fields are correctly formatted (YYYY-MM-DD)
• weak_signing_algo is False for sha256 certificate
• is_weak_hash_algo mocked to True - verifies get_cert_info passes result through correctly
• is_weak_hash_algo mocked to False - same verification
• not_activated and expiring_soon return bool type

Approach

Tests use a real self-signed certificate generated with pyOpenSSL (sha256, valid 2026-04-01 to 2027-04-01). Two tests mock is_weak_hash_algo via patch("nettacker.core.lib.ssl.is_weak_hash") to isolate the weak signing logo field from the actual hash logic, as suggested in the PR#1453 review.

Type of change

• New core framework functionality
• Bugfix (non-breaking change which fixes an issue)
• Code refactoring without any functionality changes
• New or existing module/payload change
• Documentation/localization improvement
• Test coverage improvement
• Dependency upgrade
• Other improvement (best practice, cleanup, optimization, etc)

Checklist

• I've followed the contributing guidelines
• I have digitally signed all my commits in this PR
• I've run make pre-commit and confirm it didn't generate any warnings/changes
• I've run make test, I confirm all tests passed locally
• I've added/updated any relevant documentation in the docs/ folder
• I've linked this PR with an open issue
• I've tested and verified that my code works as intended and resolves the issue as described
• I have attached screenshots demonstrating my code works as intended
• I've checked all other open PRs to avoid submitting duplicate work
• I confirm that the code and comments in this PR are not direct unreviewed outputs of AI
• I confirm that I am the Sole Responsible Author for every line of code, comment, and design decision

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Added module-scoped pytest fixtures and a new TestGetCertInfo test class in tests/core/lib/test_ssl.py; generates a runtime self-signed PEM, calls get_cert_info(), validates returned dict keys/values, and tests weak-signing detection via mocking.

Changes

Cohort / File(s)

Summary

SSL Certificate Testing tests/core/lib/test_ssl.py

Added OpenSSL.crypto import and get_cert_info usage. Converted fixtures (ssl_engine, ssl_library, substeps, responses, connection_params) to scope="module". Added self_signed_cert_pem fixture to generate a runtime RSA PEM and TestGetCertInfo class that asserts returned dict structure, boolean/string/datetime fields (self_signed, expired, subject CN, activation_date, expiration_date) and verifies weak_signing_algo via unittest.mock.patch of is_weak_hash_algo.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• arkid15r
• securestep9

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 1.23% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding a TestGetCertInfo test suite for the get_cert_info() function in ssl.py.
Description check	✅ Passed	The description clearly relates to the changeset, providing comprehensive details about the 13 unit tests added for get_cert_info(), the testing approach, and verification steps taken.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

tests/test_ip.py (2)

1-12: Remove unused import MagicMock.

MagicMock is imported but never used in this file.

Proposed fix

 import pytest
-from unittest.mock import patch, MagicMock
+from unittest.mock import patch
 from nettacker.core.ip import (

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/test_ip.py` around lines 1 - 12, The import list in tests/test_ip.py
includes an unused symbol MagicMock; remove MagicMock from the from
unittest.mock import line so only needed names are imported (e.g., keep patch)
and update the import statement that currently references MagicMock to avoid
linter/test warnings.

---

57-58: Add blank lines between class definitions.

PEP 8 recommends two blank lines between top-level class definitions. Several class boundaries are missing blank lines (e.g., lines 57-58, 97-98, 164-165, 220-221, 259-260).

Example fix at line 57-58

     def test_none_input(self):
         # str(None) = "None" — not a valid IP, should be False
         assert is_single_ipv4(None) is False
+
+
 class TestIsSingleIPv6:

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/test_ip.py` around lines 57 - 58, Add a blank line between top-level
class definitions to satisfy PEP 8: insert a single empty line before each class
declaration (e.g., place a blank line between the assertion using
is_single_ipv4(None) and the class TestIsSingleIPv6 definition) and do the same
at the other top-level class boundaries called out in the review so each class
(like TestIsSingleIPv6 and the other test classes) is separated by two blank
lines from preceding top-level code.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/core/lib/test_ssl.py`:
- Around line 590-638: The hard-coded SELF_SIGNED_CERT will expire on 2027-04-01
and break test_not_expired; replace the static fixture with a runtime-generated
self-signed certificate (or swap to a long-lived fixture) so dates are relative
to now: add a helper (e.g., make_test_self_signed_cert or
generate_self_signed_cert) that creates a cert valid_from = now - 1 day and
valid_to = now + 1 year, use that helper in tests (test_returns_dict,
test_required_keys_present, test_self_signed_is_true, test_not_expired) instead
of SELF_SIGNED_CERT, and keep assertions using get_cert_info(...) unchanged
(ensure the helper returns PEM string compatible with get_cert_info).

---

Nitpick comments:
In `@tests/test_ip.py`:
- Around line 1-12: The import list in tests/test_ip.py includes an unused
symbol MagicMock; remove MagicMock from the from unittest.mock import line so
only needed names are imported (e.g., keep patch) and update the import
statement that currently references MagicMock to avoid linter/test warnings.
- Around line 57-58: Add a blank line between top-level class definitions to
satisfy PEP 8: insert a single empty line before each class declaration (e.g.,
place a blank line between the assertion using is_single_ipv4(None) and the
class TestIsSingleIPv6 definition) and do the same at the other top-level class
boundaries called out in the review so each class (like TestIsSingleIPv6 and the
other test classes) is separated by two blank lines from preceding top-level
code.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 46a942d7-825c-4d9b-9f15-fb9d3c3d037f

📥 Commits

Reviewing files that changed from the base of the PR and between f4c1bbf and 5aaf8f1.

📒 Files selected for processing (2)

• tests/core/lib/test_ssl.py
• tests/test_ip.py

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

tests/test_ip.py (1)

275-311: Add one success-path test for get_ip_range.

Current tests validate fallback behavior well, but the happy path (valid RIPE JSON → parsed range) is still unverified.

Suggested additional test

 class TestGetIPRange:
@@
     def test_returns_list_type(self):
         # Whatever happens, result must always be a list
         with patch("nettacker.core.ip.requests.get") as mock_get:
             mock_get.side_effect = Exception("timeout")
             result = get_ip_range("8.8.8.8")
             assert isinstance(result, list)
+
+    def test_success_response_returns_generated_range(self):
+        with patch("nettacker.core.ip.requests.get") as mock_get:
+            mock_get.return_value.content = (
+                b'{"objects":{"object":[{"primary-key":{"attribute":[{"value":"10.0.0.1-10.0.0.3"}]}}]}}'
+            )
+            result = get_ip_range("8.8.8.8")
+            assert result == ["10.0.0.1", "10.0.0.2", "10.0.0.3"]

Based on learnings, "Enforce test coverage via --cov=nettacker as configured in pyproject.toml under tool.pytest.ini_options."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/test_ip.py` around lines 275 - 311, Add a success-path unit test to
TestGetIPRange that mocks nettacker.core.ip.requests.get to return a valid
RIPE-style JSON payload in .content (bytes) and asserts get_ip_range("A.B.C.D")
returns the parsed range; specifically, construct the mock response JSON so it
matches the expected structure used by get_ip_range and compare the result to
generate_ip_range("A.B.C.D") (import or reference generate_ip_range from
nettacker.core.ip) to validate the happy path.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/test_ip.py`:
- Line 1: Test file tests/test_ip.py is in the wrong location; move it to mirror
the package layout (e.g., tests/core/test_ip.py) so it matches
nettacker/core/ip.py, then update any imports inside the test to reflect the new
path (change from importing nettacker.core.ip or relative paths if needed) and
run tests to ensure discovery still works with the new file location.
- Around line 99-103: The test test_none_raises currently uses a broad
pytest.raises((TypeError, Exception)); tighten it to assert the specific
expected exception by using pytest.raises(TypeError) when calling
is_single_ipv6(None) so the test only passes for the intended TypeError and
won’t swallow unrelated exceptions.

---

Nitpick comments:
In `@tests/test_ip.py`:
- Around line 275-311: Add a success-path unit test to TestGetIPRange that mocks
nettacker.core.ip.requests.get to return a valid RIPE-style JSON payload in
.content (bytes) and asserts get_ip_range("A.B.C.D") returns the parsed range;
specifically, construct the mock response JSON so it matches the expected
structure used by get_ip_range and compare the result to
generate_ip_range("A.B.C.D") (import or reference generate_ip_range from
nettacker.core.ip) to validate the happy path.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: cdcb06c5-5ff6-4b75-beed-df313ab40ddb

📥 Commits

Reviewing files that changed from the base of the PR and between 5aaf8f1 and 1938893.

📒 Files selected for processing (2)

• tests/core/lib/test_ssl.py
• tests/test_ip.py

✅ Files skipped from review due to trivial changes (1)

• tests/core/lib/test_ssl.py

[Raavi29]

Latest commits: switched from hardcoded certificate to runtime-generated cert using pyOpenSSL with 10-year validity - addresses CodeRabbit feedback about time-coupled fixture. Also removed tests/test_ip.py duplicate.

[Copilot]

Pull request overview

Adds dedicated unit coverage for get_cert_info() in nettacker/core/lib/ssl.py by extending the existing SSL test suite.

Changes:

• Import get_cert_info into the SSL test module.
• Add TestGetCertInfo with runtime-generated self-signed cert coverage for expected fields/behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

tests/core/lib/test_ssl.py (1)

639-649: Strengthen date-format assertions.

Checking length and dash positions leaves room for strings like "abcd-ef-gh" to pass. Parsing with datetime.strptime(..., "%Y-%m-%d") would verify both format and numeric validity in a single assertion.

♻️ Proposed refactor

+    from datetime import datetime
+
     def test_activation_date_format(self, self_signed_cert_pem):
         result = get_cert_info(self_signed_cert_pem)
-        assert len(result["activation_date"]) == 10
-        assert result["activation_date"][4] == "-"
-        assert result["activation_date"][7] == "-"
+        datetime.strptime(result["activation_date"], "%Y-%m-%d")

     def test_expiration_date_format(self, self_signed_cert_pem):
         result = get_cert_info(self_signed_cert_pem)
-        assert len(result["expiration_date"]) == 10
-        assert result["expiration_date"][4] == "-"
-        assert result["expiration_date"][7] == "-"
+        datetime.strptime(result["expiration_date"], "%Y-%m-%d")

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/core/lib/test_ssl.py` around lines 639 - 649, Replace the weak string
checks in test_activation_date_format and test_expiration_date_format (which
call get_cert_info) with a strict parse using datetime.strptime(..., "%Y-%m-%d")
to validate both format and numeric date validity; update the tests to call
datetime.datetime.strptime(result["activation_date"], "%Y-%m-%d") and
datetime.datetime.strptime(result["expiration_date"], "%Y-%m-%d") respectively
and add/import datetime at the top of the test file if not already present.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/core/lib/test_ssl.py`:
- Line 1: The file containing the line "import ssl" has mixed CRLF/LF endings;
normalize the file to use consistent LF line endings (remove any CR characters)
and re-save, then run the pre-commit hooks (e.g., make pre-commit) to verify the
mixed-line-ending check passes and commit the normalized file so CI succeeds.
- Around line 580-600: The fixture self_signed_cert_pem declares scope="module"
but the docstring says the cert is "created fresh for each test run"; update
either the docstring to state the certificate is generated once per test module
and reused, or change the fixture scope to a narrower one (remove scope or use
scope="class"/"function") so it really is recreated per test; locate the fixture
definition named self_signed_cert_pem and apply the chosen change so wording and
behavior match.

---

Nitpick comments:
In `@tests/core/lib/test_ssl.py`:
- Around line 639-649: Replace the weak string checks in
test_activation_date_format and test_expiration_date_format (which call
get_cert_info) with a strict parse using datetime.strptime(..., "%Y-%m-%d") to
validate both format and numeric date validity; update the tests to call
datetime.datetime.strptime(result["activation_date"], "%Y-%m-%d") and
datetime.datetime.strptime(result["expiration_date"], "%Y-%m-%d") respectively
and add/import datetime at the top of the test file if not already present.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f14d83a7-ced3-47c7-857c-771344bd6767

📥 Commits

Reviewing files that changed from the base of the PR and between 1938893 and c13e83b.

📒 Files selected for processing (1)

• tests/core/lib/test_ssl.py

[coderabbitai]

♻️ Duplicate comments (1)

tests/core/lib/test_ssl.py (1)

580-585: ⚠️ Potential issue | 🟡 Minor

Docstring still contradicts the module-scoped fixture, and line 583 exceeds the 99-char limit.

The wording "created fresh for each test run" still conflicts with scope="module" (the cert is generated once and reused across all tests in the class). Additionally, line 583 is well over 99 characters, which will be flagged by ruff/ruff-format.

📝 Proposed wording + wrapping fix

-    Uses a runtime-generated self-signed certificate so tests never rely on a hardcoded certificate that could expire. Certificate is created fresh for each test run using
-    pyOpenSSL with a 10-year validity window.
+    Uses a runtime-generated self-signed certificate so tests never rely on a
+    hardcoded certificate that could expire. The certificate is generated once
+    per test module (module-scoped fixture) using pyOpenSSL with a 10-year
+    validity window.

As per coding guidelines: "Line length: maximum 99 characters (enforced by ruff, ruff-format, and isort with black profile)".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/core/lib/test_ssl.py` around lines 580 - 585, Update the module
docstring for the get_cert_info(cert) tests to accurately state that the
self-signed certificate is generated once per test module (because a
module-scoped fixture is used) instead of "created fresh for each test run", and
reflow/wrap the long sentence that describes certificate creation so no line
exceeds 99 characters; locate the docstring referencing get_cert_info(cert) and
the module-scoped cert fixture and adjust the wording and line breaks
accordingly.

🧹 Nitpick comments (1)

tests/core/lib/test_ssl.py (1)

639-649: Prefer a strict parse over length/character checks for date format.

len == 10 and [4]/[7] == "-" also accept malformed strings like "ABCD-EF-GH". A datetime.strptime(..., "%Y-%m-%d") round-trip is a stricter and more readable assertion and aligns with what get_cert_info actually produces.

♻️ Proposed refactor

+from datetime import datetime
+
-    def test_activation_date_format(self, self_signed_cert_pem):
-        result = get_cert_info(self_signed_cert_pem)
-        assert len(result["activation_date"]) == 10
-        assert result["activation_date"][4] == "-"
-        assert result["activation_date"][7] == "-"
-
-    def test_expiration_date_format(self, self_signed_cert_pem):
-        result = get_cert_info(self_signed_cert_pem)
-        assert len(result["expiration_date"]) == 10
-        assert result["expiration_date"][4] == "-"
-        assert result["expiration_date"][7] == "-"
+    def test_activation_date_format(self, self_signed_cert_pem):
+        result = get_cert_info(self_signed_cert_pem)
+        datetime.strptime(result["activation_date"], "%Y-%m-%d")
+
+    def test_expiration_date_format(self, self_signed_cert_pem):
+        result = get_cert_info(self_signed_cert_pem)
+        datetime.strptime(result["expiration_date"], "%Y-%m-%d")

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/core/lib/test_ssl.py` around lines 639 - 649, Replace the brittle
length-and-character checks in test_activation_date_format and
test_expiration_date_format with strict parsing: call
get_cert_info(self_signed_cert_pem) as before, then use
datetime.strptime(result["activation_date"], "%Y-%m-%d") and
datetime.strptime(result["expiration_date"], "%Y-%m-%d") respectively to assert
they parse successfully (import datetime at top if missing); keep references to
the test functions and get_cert_info to locate and update the assertions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@tests/core/lib/test_ssl.py`:
- Around line 580-585: Update the module docstring for the get_cert_info(cert)
tests to accurately state that the self-signed certificate is generated once per
test module (because a module-scoped fixture is used) instead of "created fresh
for each test run", and reflow/wrap the long sentence that describes certificate
creation so no line exceeds 99 characters; locate the docstring referencing
get_cert_info(cert) and the module-scoped cert fixture and adjust the wording
and line breaks accordingly.

---

Nitpick comments:
In `@tests/core/lib/test_ssl.py`:
- Around line 639-649: Replace the brittle length-and-character checks in
test_activation_date_format and test_expiration_date_format with strict parsing:
call get_cert_info(self_signed_cert_pem) as before, then use
datetime.strptime(result["activation_date"], "%Y-%m-%d") and
datetime.strptime(result["expiration_date"], "%Y-%m-%d") respectively to assert
they parse successfully (import datetime at top if missing); keep references to
the test functions and get_cert_info to locate and update the assertions.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 01946007-f26c-4d34-b862-83e50ebff44f

📥 Commits

Reviewing files that changed from the base of the PR and between c13e83b and f38288e.

📒 Files selected for processing (1)

• tests/core/lib/test_ssl.py

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@tests/core/lib/test_ssl.py`:
- Around line 631-633: The test fails because get_cert_info builds subject from
all RDNs (x509.get_subject().get_components()) so result["subject"] contains
"C=US, CN=test.example.com" not just "test.example.com"; fix the test in
test_subject_contains_cn by asserting the CN is present (e.g., assert
"CN=test.example.com" in result["subject"]) or update the expectation to the
full formatted subject string, or alternatively change get_cert_info to extract
and return only the CN from the subject (use get_components() to find the
component with name b"CN" and decode its value).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6f151444-5583-4e78-9c52-e43122a82a79

📥 Commits

Reviewing files that changed from the base of the PR and between f38288e and a7984fc.

📒 Files selected for processing (1)

• tests/core/lib/test_ssl.py