ipatests: fix CA less expectations

The test TestServerInstall::test_ca_2_certs has a
wrong expectation. Scenario:
install a CA-less master with
ipa-server-install --ca-cert-file root.pem
where root.pem contains the CA that signed the http and ldap
certificates + an additional (unneeded) CA cert.

The test was expecting a failure, but this scenario is not
problematic as long as the unneeded CA cert is not added.

Related to https://pagure.io/freeipa/issue/6289 which has been
closed as won't fix

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
This commit is contained in:
Florence Blanc-Renaud 2018-11-12 14:39:23 +01:00 committed by Christian Heimes
parent 35d1d345c1
commit 1e6a77a6da

View File

@ -446,7 +446,6 @@ class TestServerInstall(CALessBase):
'The full certificate chain is not present in '
'%s/server.p12' % self.master.config.test_dir)
@pytest.mark.xfail(reason='Ticket N 6289', strict=True)
@server_install_teardown
def test_ca_2_certs(self):
"IPA server install with CA PEM file with 2 certificates"
@ -459,7 +458,13 @@ class TestServerInstall(CALessBase):
ca1.write(ca2.read())
result = self.install_server()
assert_error(result, 'root.pem contains more than one certificate')
assert result.returncode == 0
# Check that ca2 has not been added to /etc/ipa/ca.crt
# because it is not needed in the cert chain
with open(os.path.join(self.cert_dir, self.ca2_crt), 'r') as ca2:
ca2_body = ca2.read()
result = self.master.run_command(['cat', '/etc/ipa/ca.crt'])
assert ca2_body not in result.stdout_text
@server_install_teardown
def test_nonexistent_http_pkcs12_file(self):