fix(lib.validation): properly validate ca-signed keypairs

BrennanPaciorek commented 3 days ago

Change the mechanism we use to validate keypairs to not assume that a certificate is self-signed. This causes some valid keypairs to fail.

Testing steps:

tox -e py311 -- -n0 -k test_validate_cert_with_signed_certificate
verify passing
drop commit "fix(lib.validation): Do not treat ca-signed keypairs as invalid"
- Save the commit digest from most recent commit before doing this
- Or branch before doing this, so you can just switch back to the actual PR branch
tox -e py311 -- -n0 -k test_validate_cert_with_signed_certificate
verify failing test
Cleanup: git reset --hard ${remote-branch or commit you reset from)

AAP-33294

BrennanPaciorek commented 3 days ago

Sonar cloud output seems bugged, maybe it expects test to be committed after? If it fails again, I'll reorder the commits.

sonarcloud[bot] commented 3 days ago

Quality Gate passed

Issues
7 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

john-westcott-iv commented 3 days ago

We might want to exclude lib/testsing/fixtures.py from the sonar analysis. This can be done in= sonar-project.properties. @relrod, any thoughts on this?

ansible / django-ansible-base

fix(lib.validation): properly validate ca-signed keypairs #652

Quality Gate passed