NSSDB: Let certutil decide its default db type

CertDB no longer makes any assumptions about the default db type of a NSS
DB. Instead it let's certutil decide when dbtype is set to 'auto'. This
makes it much easier to support F27 and F28 from a single code base.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>

ipatests/test_ipapython/test_certdb.py

@@ -1,9 +1,21 @@
 import os
 
-from ipapython.certdb import NSSDatabase, TRUSTED_PEER_TRUST_FLAGS
+import pytest
 
+from ipapython.certdb import NSSDatabase, TRUSTED_PEER_TRUST_FLAGS
+from ipaplatform._importhook import metaimporter
+
+OSRELEASE = metaimporter.parse_osrelease()
 CERTNICK = 'testcert'
 
+if OSRELEASE['ID'] == 'fedora':
+    if int(OSRELEASE['VERSION_ID']) >= 28:
+        NSS_DEFAULT = 'sql'
+    else:
+        NSS_DEFAULT = 'dbm'
+else:
+    NSS_DEFAULT = None
+
 
 def create_selfsigned(nssdb):
     # create self-signed cert + key
@@ -137,3 +149,20 @@ def test_convert_db_nokey():
         assert nssdb.certdb in nssdb.filenames
         assert os.path.basename(nssdb.keydb) == 'key4.db'
         assert os.path.basename(nssdb.secmod) == 'pkcs11.txt'
+
+
+def test_auto_db():
+    with NSSDatabase() as nssdb:
+        assert nssdb.dbtype == 'auto'
+        assert nssdb.filenames is None
+        assert not nssdb.exists()
+        with pytest.raises(RuntimeError):
+            nssdb.list_certs()
+
+        nssdb.create_db()
+        assert nssdb.dbtype in ('dbm', 'sql')
+        if NSS_DEFAULT is not None:
+            assert nssdb.dbtype == NSS_DEFAULT
+        assert nssdb.filenames is not None
+        assert nssdb.exists()
+        nssdb.list_certs()