ipatests: add test for ipa-cacert-manage prune

Add test for prune option of ipa-cacert-manage. After a certificate is installed, a jump in time is performed to a date where the certificate is expired, and then it is pruned. Related: https://pagure.io/freeipa/issue/7404 Signed-off-by: Antonio Torres <antorres@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2021-02-08 17:03:03 +01:00 · 2021-02-08 17:03:03 +01:00 · 8a2e6ec320
commit 8a2e6ec320
parent 5d8cb1dd1f
1 changed files with 23 additions and 0 deletions
--- a/ipatests/test_integration/test_commands.py
+++ b/ipatests/test_integration/test_commands.py
@ -1465,3 +1465,26 @@ class TestIPACommand(IntegrationTest):
        if 'invalid option' not in nologin.stderr_text:
            assert 'This account is currently not available' in \
                result.stdout_text
+
+    def test_ipa_cacert_manage_prune(self):
+        """Test for ipa-cacert-manage prune"""
+
+        certfile = os.path.join(self.master.config.test_dir, 'cert.pem')
+        self.master.put_file_contents(certfile, isrgrootx1)
+        result = self.master.run_command(
+            [paths.IPA_CACERT_MANAGE, 'install', certfile])
+
+        certs_before_prune = self.master.run_command(
+            [paths.IPA_CACERT_MANAGE, 'list'], raiseonerr=False
+        ).stdout_text
+
+        assert isrgrootx1_nick in certs_before_prune
+
+        # Jump in time to make sure the cert is expired
+        self.master.run_command(['date', '-s', '+15Years'])
+        result = self.master.run_command(
+            [paths.IPA_CACERT_MANAGE, 'prune'], raiseonerr=False
+        ).stdout_text
+        self.master.run_command(['date', '-s', '-15Years'])
+
+        assert isrgrootx1_nick in result