From 4ea1ad6acae910574a524403bc82c80d24b525d6 Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Date: Thu, 13 Jun 2024 14:07:57 +0530 Subject: [PATCH] ipatests: tests related to --token-password-file Test automation added around the --token-password-file option for server/replica/kra install. Related: https://pagure.io/freeipa/issue/9603 Signed-off-by: Mohammad Rizwan Reviewed-By: Florence Blanc-Renaud --- ipatests/test_integration/test_hsm.py | 85 ++++++++++++++++++++++++--- 1 file changed, 77 insertions(+), 8 deletions(-) diff --git a/ipatests/test_integration/test_hsm.py b/ipatests/test_integration/test_hsm.py index b49af1249..3a33c3bda 100644 --- a/ipatests/test_integration/test_hsm.py +++ b/ipatests/test_integration/test_hsm.py @@ -163,6 +163,7 @@ class BaseHSMTest(IntegrationTest): master_extra_args = [] token_password = None token_name = None + token_password_file = '/tmp/token_password' random_serial = False @classmethod @@ -191,7 +192,7 @@ class BaseHSMTest(IntegrationTest): delete_hsm_token([cls.master] + cls.replicas, cls.token_name) @classmethod - def sync_tokens(cls, source): + def sync_tokens(cls, source, token_name=None): """Synchronize non-networked HSM tokens between machines source: source host for the token data """ @@ -207,7 +208,8 @@ class BaseHSMTest(IntegrationTest): for host in [cls.master] + cls.replicas: if host == source: continue - copy_token_files(source, [host], cls.token_name) + copy_token_files(source, [host], + token_name if token_name else cls.token_name) class TestHSMInstall(BaseHSMTest): @@ -218,6 +220,10 @@ class TestHSMInstall(BaseHSMTest): def test_hsm_install_replica0_ca_less_install(self): check_version(self.master) + + self.master.put_file_contents( + self.token_password_file, self.token_password + ) tasks.install_replica( self.master, self.replicas[0], setup_ca=False, setup_dns=True, @@ -307,6 +313,50 @@ class TestHSMInstall(BaseHSMTest): assert returncode == 0 assert output == "No issues found." + def test_hsm_install_server_password_file(self): + check_version(self.master) + # cleanup before fresh install with password file + for client in self.clients: + tasks.uninstall_client(client) + + for replica in self.replicas: + tasks.uninstall_master(replica) + + tasks.uninstall_master(self.master) + + delete_hsm_token([self.master] + self.replicas, self.token_name) + self.token_name, self.token_password = get_hsm_token(self.master) + self.master.put_file_contents(self.token_password_file, + self.token_password) + self.replicas[0].put_file_contents(self.token_password_file, + self.token_password) + + tasks.install_master( + self.master, setup_dns=self.master_with_dns, + setup_kra=self.master_with_kra, + setup_adtrust=self.master_with_ad, + extra_args=( + '--token-name', self.token_name, + '--token-library-path', hsm_lib_path, + '--token-password-file', self.token_password_file + ) + ) + self.sync_tokens(self.master, token_name=self.token_name) + + def test_hsm_install_replica0_password_file(self): + check_version(self.master) + tasks.install_replica( + self.master, self.replicas[0], setup_ca=True, + extra_args=('--token-password-file', self.token_password_file,) + ) + + def test_hsm_install_replica0_kra_password_file(self): + check_version(self.master) + tasks.install_kra( + self.replicas[0], + extra_args=('--token-password-file', self.token_password_file,) + ) + class TestHSMInstallADTrustBase(BaseHSMTest): """ @@ -321,7 +371,7 @@ class TestHSMInstallADTrustBase(BaseHSMTest): check_version(self.master) tasks.install_replica( self.master, self.replicas[0], setup_ca=True, - setup_adtrust=True, setup_kra=True, setup_dns=True, + setup_adtrust=False, setup_kra=True, setup_dns=True, nameservers='master' if self.master_with_dns else None, extra_args=('--token-password', self.token_password,) ) @@ -356,7 +406,8 @@ class TestHSMcertRenewal(BaseHSMTest): 'auditSigningCert cert-pki-ca': 'caauditSigningCert' } CA_TRACKING_REQS.update(KRA_TRACKING_REQS) - self.master.put_file_contents('/tmp/token_passwd', self.token_password) + self.master.put_file_contents(self.token_password_file, + self.token_password) for nickname in CA_TRACKING_REQS: cert = tasks.certutil_fetch_cert( self.master, @@ -772,6 +823,7 @@ class TestHSMcertFixReplica(BaseHSMTest): class TestHSMNegative(IntegrationTest): master_with_dns = False + token_password_file = '/tmp/token_password' @classmethod def install(cls, mh): @@ -792,7 +844,6 @@ class TestHSMNegative(IntegrationTest): '--token-password', self.token_password ) ) - # assert 'error message non existing token name' in result.stderr_text assert result.returncode != 0 # wrong token password @@ -804,7 +855,6 @@ class TestHSMNegative(IntegrationTest): '--token-password', 'token_passwd' ) ) - # assert 'error message wrong passwd' in result.stderr_text assert result.returncode != 0 # wrong token lib @@ -816,7 +866,6 @@ class TestHSMNegative(IntegrationTest): '--token-password', self.token_password ) ) - # assert 'error message non existing token lib' in result.stderr_text assert result.returncode != 0 def test_hsm_negative_special_char_token_name(self): @@ -842,7 +891,27 @@ class TestHSMNegative(IntegrationTest): '--token-password', token_passwd ) ) - # assert 'error message non existing token lib' in result.stderr_text + assert result.returncode != 0 + + def test_hsm_negative_token_password_and_file(self): + """Test token-password and token-password-file at same time + + Test if command fails when --token-password and --token-password-file + provided at the same time results into command failure. + """ + check_version(self.master) + self.master.put_file_contents( + self.token_password_file, self.token_password + ) + result = tasks.install_master( + self.master, raiseonerr=False, + extra_args=( + '--token-name', self.token_name, + '--token-library-path', hsm_lib_path, + '--token-password', self.token_password, + '--token-password-file', self.token_password_file + ) + ) assert result.returncode != 0