IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 00:31:56 -06:00
Code Issues Packages Projects Releases Wiki Activity

Remove test for minimum ACME support and rely on package deps

Browse Source 
This method was added temporarily while the required packages
were still under development and not available in stable
repositories.

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
This commit is contained in:
Rob Crittenden 2020-11-30 09:55:22 -05:00 committed by Alexander Bokovoy
parent 5d8c04448f
commit 81c97bb992
2 changed files with 4 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
ipaserver/install/cainstance.py
View File

@ -37,7 +37,6 @@ import syslog
import time import time
import tempfile import tempfile
from configparser import RawConfigParser from configparser import RawConfigParser
from pkg_resources import parse_version
from ipalib import api from ipalib import api
from ipalib import x509 from ipalib import x509
@ -430,8 +429,7 @@ class CAInstance(DogtagInstance):
if promote: if promote:
self.step("destroying installation admin user", self.step("destroying installation admin user",
self.teardown_admin) self.teardown_admin)
if minimum_acme_support(): self.step("deploying ACME service", self.setup_acme)
self.step("deploying ACME service", self.setup_acme)
# Materialize config changes and new ACLs # Materialize config changes and new ACLs
self.step("starting certificate server instance", self.step("starting certificate server instance",
self.start_instance) self.start_instance)
@ -771,10 +769,9 @@ class CAInstance(DogtagInstance):
self.basedn) self.basedn)
conn.add_entry_to_group(user_dn, group_dn, 'uniqueMember') conn.add_entry_to_group(user_dn, group_dn, 'uniqueMember')
if minimum_acme_support(): group_dn = DN(('cn', ACME_AGENT_GROUP), ('ou', 'groups'),
group_dn = DN(('cn', ACME_AGENT_GROUP), ('ou', 'groups'), self.basedn)
self.basedn) conn.add_entry_to_group(user_dn, group_dn, 'uniqueMember')
conn.add_entry_to_group(user_dn, group_dn, 'uniqueMember')
def __get_ca_chain(self): def __get_ca_chain(self):
try: try:
@ -1487,9 +1484,6 @@ class CAInstance(DogtagInstance):
logger.debug('ACME service is already deployed') logger.debug('ACME service is already deployed')
return False return False
if not minimum_acme_support():
return False
self._ldap_mod('/usr/share/pki/acme/database/ds/schema.ldif') self._ldap_mod('/usr/share/pki/acme/database/ds/schema.ldif')
configure_acme_acls() configure_acme_acls()
@ -1732,33 +1726,6 @@ def ensure_lightweight_cas_container():
) )
def minimum_acme_support(data=None):
"""
ACME with global enable/disable is required.
This first shipped in dogtag version 10.10.0.
Parse the version string to determine if the minimum version
is met. If parsing fails return False.
:param: data: The string value to parse for version. Defaults to
reading from the filesystem.
"""
if not data:
with open('/usr/share/pki/VERSION', 'r') as fd:
data = fd.read()
groups = re.match(r'.*\nSpecification-Version: ([\d+\.]*)\n.*', data)
if groups:
version_string = groups.groups(0)[0]
minimum_version = parse_version('10.10.0')
return parse_version(version_string) >= minimum_version
else:
logger.debug('Unable to parse version from %s', data)
return False
def ensure_acme_containers(): def ensure_acme_containers():
""" """
Create the ACME container objects under ou=acme,o=ipaca if Create the ACME container objects under ou=acme,o=ipaca if

5
ipatests/test_integration/test_acme.py
View File

@ -14,7 +14,6 @@ from ipatests.pytest_ipa.integration import tasks
from ipatests.test_integration.test_caless import CALessBase, ipa_certs_cleanup from ipatests.test_integration.test_caless import CALessBase, ipa_certs_cleanup
from ipaplatform.osinfo import osinfo from ipaplatform.osinfo import osinfo
from ipaplatform.paths import paths from ipaplatform.paths import paths
from ipaserver.install import cainstance
from ipatests.test_integration.test_external_ca import ( from ipatests.test_integration.test_external_ca import (
install_server_external_ca_step1, install_server_external_ca_step1,
install_server_external_ca_step2, install_server_external_ca_step2,
@ -61,8 +60,6 @@ def server_install_teardown(func):
return wrapped return wrapped
@pytest.mark.skipif(not cainstance.minimum_acme_support(),
reason="does not provide ACME")
class TestACME(CALessBase): class TestACME(CALessBase):
""" """
Test the FreeIPA ACME service by using ACME clients on a FreeIPA client. Test the FreeIPA ACME service by using ACME clients on a FreeIPA client.
@ -402,8 +399,6 @@ class TestACME(CALessBase):
assert "invalid 'certificate'" in result.stderr_text assert "invalid 'certificate'" in result.stderr_text
@pytest.mark.skipif(not cainstance.minimum_acme_support(),
reason="does not provide ACME")
class TestACMECALess(IntegrationTest): class TestACMECALess(IntegrationTest):
"""Test to check the CA less replica setup""" """Test to check the CA less replica setup"""
num_replicas = 1 num_replicas = 1