IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Test for 7526

Browse Source 
Add a test for issue 7526: install a client with a bulk enrollment
password, enrolling to an externally-signed CA master.
Without the fix, the master does not publish the whole cert chain
in /usr/share/ipa/html/ca.crt. As the client installer downloads the
cert from this location, client installation fails.
With the fix, the whole cert chain is available and client installation
succeeds.
The test_external_ca.py::TestExternalCA now requires 1 replica and 1
client, updated .freeipa-pr-ci.yaml accordingly.

Also removed the annotation @tasks.collect_logs from test_external_ca
as it messes with test ordering (and the test collects logs even
without this annotation).

Related to:
https://pagure.io/freeipa/issue/7526

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Florence Blanc-Renaud 2018-05-18 17:39:51 +02:00 committed by Christian Heimes
parent af99032d90
commit 1d70ce850e
2 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.freeipa-pr-ci.yaml
View File

@ -61,7 +61,7 @@ jobs:
test_suite: test_integration/test_external_ca.py::TestExternalCA test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall test_suite: test_integration/test_external_ca.py::TestExternalCA test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall
template: *ci-master-f28 template: *ci-master-f28
timeout: 3600 timeout: 3600
topology: *master_1repl topology: *master_1repl_1client
fedora-28/test_topologies: fedora-28/test_topologies:
requires: [fedora-28/build] requires: [fedora-28/build]

28
ipatests/test_integration/test_external_ca.py
View File

@ -109,11 +109,11 @@ def service_control_dirsrv(host, function):
class TestExternalCA(IntegrationTest): class TestExternalCA(IntegrationTest):
""" """
Test of FreeIPA server installation with exernal CA Test of FreeIPA server installation with external CA
""" """
num_replicas = 1 num_replicas = 1
num_clients = 1
@tasks.collect_logs
def test_external_ca(self): def test_external_ca(self):
# Step 1 of ipa-server-install. # Step 1 of ipa-server-install.
result = install_server_external_ca_step1(self.master) result = install_server_external_ca_step1(self.master)
@ -136,6 +136,30 @@ class TestExternalCA(IntegrationTest):
# check that we can also install replica # check that we can also install replica
tasks.install_replica(self.master, self.replicas[0]) tasks.install_replica(self.master, self.replicas[0])
def test_client_installation_with_otp(self):
# Test for issue 7526: client installation fails with one-time
# password when the master is installed with an externally signed
# CA because the whole cert chain is not published in
# /usr/share/ipa/html/ca.crt
# Create a random password for the client
client = self.clients[0]
client_pwd = 'Secret123'
args = ['ipa',
'host-add', client.hostname,
'--ip-address', client.ip,
'--no-reverse',
'--password', client_pwd]
self.master.run_command(args)
# Enroll the client with the client_pwd
client.run_command(
['ipa-client-install',
'--domain', self.master.domain.name,
'--server', self.master.hostname,
'-w', client_pwd,
'-U'])
class TestSelfExternalSelf(IntegrationTest): class TestSelfExternalSelf(IntegrationTest):
""" """