Integration test: add a test for upgrade and PKI drop-in file

Add an upgrade test with the following scenario:
- remove PKI drop-in file (to simulate an upgrade from an old
version)
- remove caECServerCertWithSCT profile from LDAP
- launch the ipa-server-upgrade command
- check that the upgrade added the file

Related: https://pagure.io/freeipa/issue/9381

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Florence Blanc-Renaud 2023-06-19 19:04:32 +02:00
parent 0472067ca6
commit d76f8fceda

View File

@ -455,3 +455,25 @@ class TestUpgrade(IntegrationTest):
assert 'tXTRecord' in location_krb_rec assert 'tXTRecord' in location_krb_rec
assert len(location_krb_rec['tXTRecord']) == 1 assert len(location_krb_rec['tXTRecord']) == 1
assert location_krb_rec['tXTRecord'][0] == f'"{realm}"' assert location_krb_rec['tXTRecord'][0] == f'"{realm}"'
def test_pki_dropin_file(self):
"""Test that upgrade adds the drop-in file if missing
Test for ticket 9381
Simulate an update from a version that didn't provide
/etc/systemd/system/pki-tomcatd@pki-tomcat.service.d/ipa.conf,
remove one of the certificate profiles from LDAP and check that upgrade
completes successfully and adds the missing file.
When the drop-in file is missing, the upgrade tries to login to
PKI in order to migrate the profile and fails because PKI failed to
start.
"""
self.master.run_command(["rm", "-f", paths.SYSTEMD_PKI_TOMCAT_IPA_CONF])
ldif = textwrap.dedent("""
dn: cn=caECServerCertWithSCT,ou=certificateProfiles,ou=ca,o=ipaca
changetype: delete
""")
tasks.ldapmodify_dm(self.master, ldif)
self.master.run_command(['ipa-server-upgrade'])
assert self.master.transport.file_exists(
paths.SYSTEMD_PKI_TOMCAT_IPA_CONF)