Test for improved Custodia key distribution

The test checks that custodia keys are properly replicated from the source and are successfully distributed amongst peer system upon successful replica installation. Fixes: https://pagure.io/freeipa/issue/7518 Signed-off-by: Nikhil Dehadrai <ndehadra@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-06-14 17:24:51 +05:30 · 2018-06-14 17:24:51 +05:30 · dcaa62f6a4
commit dcaa62f6a4
parent 00dceb434d
1 changed files with 30 additions and 0 deletions
--- a/ipatests/test_integration/test_replica_promotion.py
+++ b/ipatests/test_integration/test_replica_promotion.py
@ -660,3 +660,33 @@ class TestSubCAkeyReplication(IntegrationTest):
        ssl_cmd = ['openssl', 'x509', '-text', '-in', TEST_CRT_FILE]
        ssl = replica.run_command(ssl_cmd)
        assert 'Issuer: CN = {}'.format(self.SUBCA) in ssl.stdout_text
+
+
+class TestReplicaInstallCustodia(IntegrationTest):
+    """
+    Pagure Reference: https://pagure.io/freeipa/issue/7518
+    """
+
+    topology = 'line'
+    num_replicas = 2
+    domain_level = DOMAIN_LEVEL_1
+
+    @classmethod
+    def install(cls, mh):
+        tasks.install_master(cls.master, domain_level=cls.domain_level)
+
+    def test_replica_install_for_custodia(self):
+        master = self.master
+        replica1 = self.replicas[0]
+        replica2 = self.replicas[1]
+
+        # Install Replica1 without CA and stop ipa-custodia
+        tasks.install_replica(master, replica1, setup_ca=False)
+        replica1.run_command(['ipactl', 'status'])
+        replica1.run_command(['systemctl', 'stop', 'ipa-custodia'])
+        replica1.run_command(['ipactl', 'status'])
+
+        # Install Replica2 with CA with source as Replica1.
+        tasks.install_replica(replica1, replica2, setup_ca=True)
+        result = replica2.run_command(['ipactl', 'status'])
+        assert 'ipa-custodia Service: RUNNING' in result.stdout_text