IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-22 15:13:50 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipatests: tests related to --token-password-file

Browse Source 
Test automation added around the --token-password-file
option for server/replica/kra install.

Related: https://pagure.io/freeipa/issue/9603

Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
This commit is contained in:
Mohammad Rizwan 2024-06-13 14:07:57 +05:30 committed by Rob Crittenden
parent 7ab1bcb2d3
commit 4ea1ad6aca
1 changed files with 77 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
ipatests/test_integration/test_hsm.py
View File

@ -163,6 +163,7 @@ class BaseHSMTest(IntegrationTest):
master_extra_args = [] master_extra_args = []
token_password = None token_password = None
token_name = None token_name = None
token_password_file = '/tmp/token_password'
random_serial = False random_serial = False
@classmethod @classmethod
@ -191,7 +192,7 @@ class BaseHSMTest(IntegrationTest):
delete_hsm_token([cls.master] + cls.replicas, cls.token_name) delete_hsm_token([cls.master] + cls.replicas, cls.token_name)
@classmethod @classmethod
def sync_tokens(cls, source): def sync_tokens(cls, source, token_name=None):
"""Synchronize non-networked HSM tokens between machines """Synchronize non-networked HSM tokens between machines
source: source host for the token data source: source host for the token data
""" """
@ -207,7 +208,8 @@ class BaseHSMTest(IntegrationTest):
for host in [cls.master] + cls.replicas: for host in [cls.master] + cls.replicas:
if host == source: if host == source:
continue continue
copy_token_files(source, [host], cls.token_name) copy_token_files(source, [host],
token_name if token_name else cls.token_name)
class TestHSMInstall(BaseHSMTest): class TestHSMInstall(BaseHSMTest):
@ -218,6 +220,10 @@ class TestHSMInstall(BaseHSMTest):
def test_hsm_install_replica0_ca_less_install(self): def test_hsm_install_replica0_ca_less_install(self):
check_version(self.master) check_version(self.master)
self.master.put_file_contents(
self.token_password_file, self.token_password
)
tasks.install_replica( tasks.install_replica(
self.master, self.replicas[0], setup_ca=False, self.master, self.replicas[0], setup_ca=False,
setup_dns=True, setup_dns=True,
@ -307,6 +313,50 @@ class TestHSMInstall(BaseHSMTest):
assert returncode == 0 assert returncode == 0
assert output == "No issues found." assert output == "No issues found."
def test_hsm_install_server_password_file(self):
check_version(self.master)
# cleanup before fresh install with password file
for client in self.clients:
tasks.uninstall_client(client)
for replica in self.replicas:
tasks.uninstall_master(replica)
tasks.uninstall_master(self.master)
delete_hsm_token([self.master] + self.replicas, self.token_name)
self.token_name, self.token_password = get_hsm_token(self.master)
self.master.put_file_contents(self.token_password_file,
self.token_password)
self.replicas[0].put_file_contents(self.token_password_file,
self.token_password)
tasks.install_master(
self.master, setup_dns=self.master_with_dns,
setup_kra=self.master_with_kra,
setup_adtrust=self.master_with_ad,
extra_args=(
'--token-name', self.token_name,
'--token-library-path', hsm_lib_path,
'--token-password-file', self.token_password_file
)
)
self.sync_tokens(self.master, token_name=self.token_name)
def test_hsm_install_replica0_password_file(self):
check_version(self.master)
tasks.install_replica(
self.master, self.replicas[0], setup_ca=True,
extra_args=('--token-password-file', self.token_password_file,)
)
def test_hsm_install_replica0_kra_password_file(self):
check_version(self.master)
tasks.install_kra(
self.replicas[0],
extra_args=('--token-password-file', self.token_password_file,)
)
class TestHSMInstallADTrustBase(BaseHSMTest): class TestHSMInstallADTrustBase(BaseHSMTest):
""" """
@ -321,7 +371,7 @@ class TestHSMInstallADTrustBase(BaseHSMTest):
check_version(self.master) check_version(self.master)
tasks.install_replica( tasks.install_replica(
self.master, self.replicas[0], setup_ca=True, self.master, self.replicas[0], setup_ca=True,
setup_adtrust=True, setup_kra=True, setup_dns=True, setup_adtrust=False, setup_kra=True, setup_dns=True,
nameservers='master' if self.master_with_dns else None, nameservers='master' if self.master_with_dns else None,
extra_args=('--token-password', self.token_password,) extra_args=('--token-password', self.token_password,)
) )
@ -356,7 +406,8 @@ class TestHSMcertRenewal(BaseHSMTest):
'auditSigningCert cert-pki-ca': 'caauditSigningCert' 'auditSigningCert cert-pki-ca': 'caauditSigningCert'
} }
CA_TRACKING_REQS.update(KRA_TRACKING_REQS) CA_TRACKING_REQS.update(KRA_TRACKING_REQS)
self.master.put_file_contents('/tmp/token_passwd', self.token_password) self.master.put_file_contents(self.token_password_file,
self.token_password)
for nickname in CA_TRACKING_REQS: for nickname in CA_TRACKING_REQS:
cert = tasks.certutil_fetch_cert( cert = tasks.certutil_fetch_cert(
self.master, self.master,
@ -772,6 +823,7 @@ class TestHSMcertFixReplica(BaseHSMTest):
class TestHSMNegative(IntegrationTest): class TestHSMNegative(IntegrationTest):
master_with_dns = False master_with_dns = False
token_password_file = '/tmp/token_password'
@classmethod @classmethod
def install(cls, mh): def install(cls, mh):
@ -792,7 +844,6 @@ class TestHSMNegative(IntegrationTest):
'--token-password', self.token_password '--token-password', self.token_password
) )
) )
# assert 'error message non existing token name' in result.stderr_text
assert result.returncode != 0 assert result.returncode != 0
# wrong token password # wrong token password
@ -804,7 +855,6 @@ class TestHSMNegative(IntegrationTest):
'--token-password', 'token_passwd' '--token-password', 'token_passwd'
) )
) )
# assert 'error message wrong passwd' in result.stderr_text
assert result.returncode != 0 assert result.returncode != 0
# wrong token lib # wrong token lib
@ -816,7 +866,6 @@ class TestHSMNegative(IntegrationTest):
'--token-password', self.token_password '--token-password', self.token_password
) )
) )
# assert 'error message non existing token lib' in result.stderr_text
assert result.returncode != 0 assert result.returncode != 0
def test_hsm_negative_special_char_token_name(self): def test_hsm_negative_special_char_token_name(self):
@ -842,7 +891,27 @@ class TestHSMNegative(IntegrationTest):
'--token-password', token_passwd '--token-password', token_passwd
) )
) )
# assert 'error message non existing token lib' in result.stderr_text assert result.returncode != 0
def test_hsm_negative_token_password_and_file(self):
"""Test token-password and token-password-file at same time
Test if command fails when --token-password and --token-password-file
provided at the same time results into command failure.
"""
check_version(self.master)
self.master.put_file_contents(
self.token_password_file, self.token_password
)
result = tasks.install_master(
self.master, raiseonerr=False,
extra_args=(
'--token-name', self.token_name,
'--token-library-path', hsm_lib_path,
'--token-password', self.token_password,
'--token-password-file', self.token_password_file
)
)
assert result.returncode != 0 assert result.returncode != 0