mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-08 15:23:00 -06:00
ipatests: add test for PKINIT renewal on hidden replica
Test scenario: on a hidden replica, force the renewal of PKINIT cert by calling getcert resubmit. Related: https://pagure.io/freeipa/issue/9611 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
parent
c8e3fdeb00
commit
467ec04f93
@ -26,6 +26,7 @@ from ipalib.constants import (
|
||||
)
|
||||
from ipaplatform.paths import paths
|
||||
from ipapython import certdb
|
||||
from ipatests.test_integration.test_cert import get_certmonger_fs_id
|
||||
from ipatests.test_integration.test_dns_locations import (
|
||||
resolve_records_from_server, IPA_DEFAULT_MASTER_SRV_REC
|
||||
)
|
||||
@ -1241,6 +1242,23 @@ class TestHiddenReplicaPromotion(IntegrationTest):
|
||||
'ipa-crlgen-manage', 'status'])
|
||||
assert "CRL generation: enabled" in result.stdout_text
|
||||
|
||||
def test_hidden_replica_renew_pkinit_cert(self):
|
||||
"""Renew the PKINIT cert on a hidden replica.
|
||||
|
||||
Test for https://pagure.io/freeipa/issue/9611
|
||||
"""
|
||||
# Get Request ID
|
||||
cmd = ['getcert', 'list', '-f', paths.KDC_CERT]
|
||||
result = self.replicas[0].run_command(cmd)
|
||||
req_id = get_certmonger_fs_id(result.stdout_text)
|
||||
|
||||
self.replicas[0].run_command([
|
||||
'getcert', 'resubmit', '-f', paths.KDC_CERT
|
||||
])
|
||||
tasks.wait_for_certmonger_status(
|
||||
self.replicas[0], ('MONITORING'), req_id, timeout=600
|
||||
)
|
||||
|
||||
|
||||
class TestHiddenReplicaKRA(IntegrationTest):
|
||||
"""Test KRA & hidden replica features.
|
||||
|
Loading…
Reference in New Issue
Block a user