ipatests: add test for PKINIT renewal on hidden replica

Test scenario: on a hidden replica, force the renewal of
PKINIT cert by calling getcert resubmit.

Related: https://pagure.io/freeipa/issue/9611
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Florence Blanc-Renaud 2024-06-24 09:18:54 +02:00
parent c8e3fdeb00
commit 467ec04f93

View File

@ -26,6 +26,7 @@ from ipalib.constants import (
)
from ipaplatform.paths import paths
from ipapython import certdb
from ipatests.test_integration.test_cert import get_certmonger_fs_id
from ipatests.test_integration.test_dns_locations import (
resolve_records_from_server, IPA_DEFAULT_MASTER_SRV_REC
)
@ -1241,6 +1242,23 @@ class TestHiddenReplicaPromotion(IntegrationTest):
'ipa-crlgen-manage', 'status'])
assert "CRL generation: enabled" in result.stdout_text
def test_hidden_replica_renew_pkinit_cert(self):
"""Renew the PKINIT cert on a hidden replica.
Test for https://pagure.io/freeipa/issue/9611
"""
# Get Request ID
cmd = ['getcert', 'list', '-f', paths.KDC_CERT]
result = self.replicas[0].run_command(cmd)
req_id = get_certmonger_fs_id(result.stdout_text)
self.replicas[0].run_command([
'getcert', 'resubmit', '-f', paths.KDC_CERT
])
tasks.wait_for_certmonger_status(
self.replicas[0], ('MONITORING'), req_id, timeout=600
)
class TestHiddenReplicaKRA(IntegrationTest):
"""Test KRA & hidden replica features.