IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipatests: enhance TestSubCAkeyReplication

Browse Source 
enhance the test suite so that it covers:
- deleting subCAs (disabling them first)
- checking what happens when creating a dozen+ subCAs at a time
- adding a subCA that already exists and expect failure

Related: https://pagure.io/freeipa/issue/8488
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-By: Lukas Vrabec <lvrabec@redhat.com>
Reviewed-By: Zdenek Pytela <zpytela@redhat.com>
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
This commit is contained in:
François Cami 2020-09-17 11:30:45 +02:00
parent bc128cae47
commit dfeea1644a
1 changed files with 47 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
ipatests/test_integration/test_replica_promotion.py
View File

@ -474,17 +474,35 @@ class TestSubCAkeyReplication(IntegrationTest):
SERVER_CERT_NICK: 'u,u,u', SERVER_CERT_NICK: 'u,u,u',
} }
def add_subca(self, host, name, subject): def add_subca(self, host, name, subject, raiseonerr=True):
result = host.run_command([ result = host.run_command([
'ipa', 'ca-add', name, 'ipa', 'ca-add', name,
'--subject', subject, '--subject', subject,
'--desc', self.SUBCA_DESC, '--desc', self.SUBCA_DESC],
]) raiseonerr=raiseonerr
)
if raiseonerr:
assert "ipa: ERROR:" not in result.stderr_text
auth_id = "".join(re.findall(AUTH_ID_RE, result.stdout_text)) auth_id = "".join(re.findall(AUTH_ID_RE, result.stdout_text))
return '{} {}'.format(IPA_CA_NICKNAME, auth_id) return '{} {}'.format(IPA_CA_NICKNAME, auth_id)
else:
assert "ipa: ERROR:" in result.stderr_text
assert result.returncode != 0
return result
def del_subca(self, host, name):
host.run_command([
'ipa', 'ca-disable', name
])
result = host.run_command([
'ipa', 'ca-del', name
])
assert "Deleted CA \"{}\"".format(name) in result.stdout_text
def check_subca(self, host, name, cert_nick): def check_subca(self, host, name, cert_nick):
host.run_command(['ipa', 'ca-show', name]) result = host.run_command(['ipa', 'ca-show', name])
# ipa ca-show returns 0 even if the cert cannot be found locally.
assert "ipa: ERROR:" not in result.stderr_text
tasks.run_certutil( tasks.run_certutil(
host, ['-L', '-n', cert_nick], paths.PKI_TOMCAT_ALIAS_DIR host, ['-L', '-n', cert_nick], paths.PKI_TOMCAT_ALIAS_DIR
) )
@ -627,6 +645,30 @@ class TestSubCAkeyReplication(IntegrationTest):
ssl = replica.run_command(ssl_cmd) ssl = replica.run_command(ssl_cmd)
assert 'Issuer: CN = {}'.format(self.SUBCA_MASTER) in ssl.stdout_text assert 'Issuer: CN = {}'.format(self.SUBCA_MASTER) in ssl.stdout_text
def test_del_subca_master_on_replica(self):
self.del_subca(self.replicas[0], self.SUBCA_MASTER)
def test_del_subca_replica(self):
self.del_subca(self.replicas[0], self.SUBCA_REPLICA)
def test_scale_add_subca(self):
master = self.master
replica = self.replicas[0]
subcas = {}
for i in range(0, 16):
name = "_".join((self.SUBCA_MASTER, str(i)))
cn = "_".join((self.SUBCA_MASTER_CN, str(i)))
subcas[name] = self.add_subca(master, name, cn)
self.add_subca(master, name, cn, raiseonerr=False)
# give replication some time
time.sleep(15)
for name in subcas:
self.check_subca(replica, name, subcas[name])
self.del_subca(replica, name)
class TestReplicaInstallCustodia(IntegrationTest): class TestReplicaInstallCustodia(IntegrationTest):
""" """