IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Remove test for minimum ACME support and rely on package deps

Browse Source 
This method was added temporarily while the required packages
were still under development and not available in stable
repositories.

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Rob Crittenden
2020-11-30 09:55:22 -05:00
parent 3e530e93c3
commit 0d6caf5d0e
2 changed files with 4 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
ipaserver/install/cainstance.py
View File

@@ -37,7 +37,6 @@ import syslog
import time
import tempfile
from configparser import RawConfigParser
from pkg_resources import parse_version
from ipalib import api
from ipalib import x509
@@ -430,8 +429,7 @@ class CAInstance(DogtagInstance):
if promote:
self.step("destroying installation admin user",
self.teardown_admin)
if minimum_acme_support():
self.step("deploying ACME service", self.setup_acme)
self.step("deploying ACME service", self.setup_acme)
# Materialize config changes and new ACLs
self.step("starting certificate server instance",
self.start_instance)
@@ -771,10 +769,9 @@ class CAInstance(DogtagInstance):
self.basedn)
conn.add_entry_to_group(user_dn, group_dn, 'uniqueMember')
if minimum_acme_support():
group_dn = DN(('cn', ACME_AGENT_GROUP), ('ou', 'groups'),
self.basedn)
conn.add_entry_to_group(user_dn, group_dn, 'uniqueMember')
group_dn = DN(('cn', ACME_AGENT_GROUP), ('ou', 'groups'),
self.basedn)
conn.add_entry_to_group(user_dn, group_dn, 'uniqueMember')
def __get_ca_chain(self):
try:
@@ -1487,9 +1484,6 @@ class CAInstance(DogtagInstance):
logger.debug('ACME service is already deployed')
return False
if not minimum_acme_support():
return False
self._ldap_mod('/usr/share/pki/acme/database/ds/schema.ldif')
configure_acme_acls()
@@ -1732,33 +1726,6 @@ def ensure_lightweight_cas_container():
)
def minimum_acme_support(data=None):
"""
ACME with global enable/disable is required.
This first shipped in dogtag version 10.10.0.
Parse the version string to determine if the minimum version
is met. If parsing fails return False.
:param: data: The string value to parse for version. Defaults to
reading from the filesystem.
"""
if not data:
with open('/usr/share/pki/VERSION', 'r') as fd:
data = fd.read()
groups = re.match(r'.*\nSpecification-Version: ([\d+\.]*)\n.*', data)
if groups:
version_string = groups.groups(0)[0]
minimum_version = parse_version('10.10.0')
return parse_version(version_string) >= minimum_version
else:
logger.debug('Unable to parse version from %s', data)
return False
def ensure_acme_containers():
"""
Create the ACME container objects under ou=acme,o=ipaca if

5
ipatests/test_integration/test_acme.py
View File

@@ -14,7 +14,6 @@ from ipatests.pytest_ipa.integration import tasks
from ipatests.test_integration.test_caless import CALessBase, ipa_certs_cleanup
from ipaplatform.osinfo import osinfo
from ipaplatform.paths import paths
from ipaserver.install import cainstance
from ipatests.test_integration.test_external_ca import (
install_server_external_ca_step1,
install_server_external_ca_step2,
@@ -61,8 +60,6 @@ def server_install_teardown(func):
return wrapped
@pytest.mark.skipif(not cainstance.minimum_acme_support(),
reason="does not provide ACME")
class TestACME(CALessBase):
"""
Test the FreeIPA ACME service by using ACME clients on a FreeIPA client.
@@ -402,8 +399,6 @@ class TestACME(CALessBase):
assert "invalid 'certificate'" in result.stderr_text
@pytest.mark.skipif(not cainstance.minimum_acme_support(),
reason="does not provide ACME")
class TestACMECALess(IntegrationTest):
"""Test to check the CA less replica setup"""
num_replicas = 1