mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
ipatests: Test healthcheck revocation checker
Revoke the Apache certificate and ensure that healthcheck properly reports the problem. Reviewed-By: Mohammad Rizwan <myusuf@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
606f1abd05
commit
61db3527e3
@ -21,6 +21,7 @@ from ipapython.certdb import NSS_SQL_FILES
|
||||
from ipatests.pytest_ipa.integration import tasks
|
||||
from ipaplatform.paths import paths
|
||||
from ipatests.test_integration.base import IntegrationTest
|
||||
from ipatests.test_integration.test_cert import get_certmonger_fs_id
|
||||
|
||||
HEALTHCHECK_LOG = "/var/log/ipa/healthcheck/healthcheck.log"
|
||||
HEALTHCHECK_SYSTEMD_FILE = (
|
||||
@ -645,6 +646,43 @@ class TestIpaHealthCheck(IntegrationTest):
|
||||
ruvs.remove(check["kw"]["ruv"])
|
||||
assert not ruvs
|
||||
|
||||
def test_ipa_healthcheck_revocation(self):
|
||||
"""
|
||||
Ensure that healthcheck reports when IPA certs are revoked.
|
||||
"""
|
||||
error_msg = (
|
||||
"Certificate tracked by {key} is revoked {revocation_reason}"
|
||||
)
|
||||
|
||||
result = self.master.run_command(
|
||||
["getcert", "list", "-f", paths.HTTPD_CERT_FILE]
|
||||
)
|
||||
request_id = get_certmonger_fs_id(result.stdout_text)
|
||||
|
||||
# Revoke the web cert
|
||||
certfile = self.master.get_file_contents(paths.HTTPD_CERT_FILE)
|
||||
cert = x509.load_certificate_list(certfile)
|
||||
serial = cert[0].serial_number
|
||||
self.master.run_command(["ipa", "cert-revoke", str(serial)])
|
||||
|
||||
# re-run to confirm
|
||||
returncode, data = run_healthcheck(
|
||||
self.master,
|
||||
"ipahealthcheck.ipa.certs",
|
||||
"IPACertRevocation"
|
||||
)
|
||||
|
||||
assert returncode == 1
|
||||
assert len(data) == 12
|
||||
|
||||
for check in data:
|
||||
if check["kw"]["key"] == request_id:
|
||||
assert check["result"] == "ERROR"
|
||||
assert check["kw"]["revocation_reason"] == "unspecified"
|
||||
assert check["kw"]["msg"] == error_msg
|
||||
else:
|
||||
assert check["result"] == "SUCCESS"
|
||||
|
||||
def test_ipa_healthcheck_without_trust_setup(self):
|
||||
"""
|
||||
This testcase checks that when trust isn't setup between IPA
|
||||
|
Loading…
Reference in New Issue
Block a user