Fix certificate integration test

src/middlewared/middlewared/plugins/crypto_/certificates.py

@@ -301,7 +301,10 @@ async def do_create(self, job, data):
             for key in ('key_length', 'key_type', 'ec_curve'):
                 data.pop(key, None)
 
+        add_to_trusted_store = data.pop('add_to_trusted_store', False)
         verrors = await self.validate_common_attributes(data, 'certificate_create')
+        if add_to_trusted_store and create_type in ('CERTIFICATE_CREATE_IMPORTED_CSR', 'CERTIFICATE_CREATE_CSR'):
+            verrors.add('certificate_create.add_to_trusted_store', 'Cannot add CSR to trusted store')
 
         if create_type == 'CERTIFICATE_CREATE_IMPORTED' and not load_certificate(data['certificate']):
             verrors.add('certificate_create.certificate', 'Unable to parse certificate')
@@ -333,6 +336,7 @@ async def do_create(self, job, data):
                 'domains_authenticators', 'renew_days', 'add_to_trusted_store',
             ]
         }
+        data['add_to_trusted_store'] = add_to_trusted_store
 
         pk = await self.middleware.call(
             'datastore.insert',

tests/api2/test_certs.py

@@ -1,16 +1,13 @@
+import os.path
+import textwrap
+
 import pytest
 
-from truenas_api_client import ValidationErrors
 from middlewared.test.integration.assets.crypto import (
     certificate_signing_request, get_cert_params, intermediate_certificate_authority, root_certificate_authority
 )
 from middlewared.test.integration.utils import call
-
-import sys
-import textwrap
-import os
-apifolder = os.getcwd()
-sys.path.append(apifolder)
+from truenas_api_client import ValidationErrors
 
 
 # We would like to test the following cases
@@ -199,6 +196,31 @@ def test_cert_issuer_reported_correctly():
             call('certificate.delete', cert['id'], job=True)
 
 
+@pytest.mark.parametrize('add_to_trusted_store_enabled', [
+    True,
+    False,
+])
+def test_cert_add_to_trusted_store(add_to_trusted_store_enabled):
+    with intermediate_certificate_authority('root_ca', 'intermediate_ca') as (root_ca, intermediate_ca):
+        cert = call('certificate.create', {
+            'name': 'cert_trusted_store_test',
+            'signedby': intermediate_ca['id'],
+            'create_type': 'CERTIFICATE_CREATE_INTERNAL',
+            'add_to_trusted_store': add_to_trusted_store_enabled,
+            **get_cert_params(),
+        }, job=True)
+        try:
+            assert cert['add_to_trusted_store'] == add_to_trusted_store_enabled
+            args = ['filesystem.stat', os.path.join('/var/local/ca-certificates', f'cert_{cert["name"]}.crt')]
+            if add_to_trusted_store_enabled:
+                assert call(*args)
+            else:
+                with pytest.raises(Exception):
+                    call(*args)
+        finally:
+            call('certificate.delete', cert['id'], job=True)
+
+
 def test_creating_csr():
     with certificate_signing_request('csr_test') as csr:
         assert csr['cert_type_CSR'] is True, csr