From e767386e7120be3515d6a34529b51ae658248038 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Mon, 14 Oct 2019 13:31:16 +1100 Subject: [PATCH] test_integration: add tests for custom CA subject DN Define integration test for custom CA subject DN and subject base scenarios. Add to nightly CI runs. Part of: https://pagure.io/freeipa/issue/8084 Reviewed-By: Florence Blanc-Renaud --- ipatests/prci_definitions/nightly_f29.yaml | 12 ++++ ipatests/prci_definitions/nightly_master.yaml | 12 ++++ .../prci_definitions/nightly_master_pki.yaml | 13 ++++ .../nightly_master_testing.yaml | 13 ++++ .../prci_definitions/nightly_rawhide.yaml | 12 ++++ .../test_integration/test_ca_custom_sdn.py | 67 +++++++++++++++++++ 6 files changed, 129 insertions(+) create mode 100644 ipatests/test_integration/test_ca_custom_sdn.py diff --git a/ipatests/prci_definitions/nightly_f29.yaml b/ipatests/prci_definitions/nightly_f29.yaml index 083769d76..45b997a45 100644 --- a/ipatests/prci_definitions/nightly_f29.yaml +++ b/ipatests/prci_definitions/nightly_f29.yaml @@ -1336,3 +1336,15 @@ jobs: template: *ci-master-f29 timeout: 3600 topology: *ad_master + + fedora-29/test_ca_custom_sdn: + requires: [fedora-29/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-29/build_url}' + test_suite: test_integration/test_ca_custom_sdn.py + template: *ci-master-f29 + timeout: 7200 + topology: *master_1repl diff --git a/ipatests/prci_definitions/nightly_master.yaml b/ipatests/prci_definitions/nightly_master.yaml index 070b13bbf..746948112 100644 --- a/ipatests/prci_definitions/nightly_master.yaml +++ b/ipatests/prci_definitions/nightly_master.yaml @@ -1348,3 +1348,15 @@ jobs: template: *ci-master-f30 timeout: 3600 topology: *ad_master + + fedora-30/test_ca_custom_sdn: + requires: [fedora-30/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-30/build_url}' + test_suite: test_integration/test_ca_custom_sdn.py + template: *ci-master-f30 + timeout: 7200 + topology: *master_1repl diff --git a/ipatests/prci_definitions/nightly_master_pki.yaml b/ipatests/prci_definitions/nightly_master_pki.yaml index 063bd13a3..4cd568010 100644 --- a/ipatests/prci_definitions/nightly_master_pki.yaml +++ b/ipatests/prci_definitions/nightly_master_pki.yaml @@ -782,3 +782,16 @@ jobs: template: *pki-master-f30 timeout: 3600 topology: *master_1repl + + fedora-30/test_ca_custom_sdn: + requires: [fedora-30/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-30/build_url}' + update_packages: True + test_suite: test_integration/test_ca_custom_sdn.py + template: *pki-master-f30 + timeout: 7200 + topology: *master_1repl diff --git a/ipatests/prci_definitions/nightly_master_testing.yaml b/ipatests/prci_definitions/nightly_master_testing.yaml index bb3673ad3..0cb524755 100644 --- a/ipatests/prci_definitions/nightly_master_testing.yaml +++ b/ipatests/prci_definitions/nightly_master_testing.yaml @@ -1454,3 +1454,16 @@ jobs: template: *testing-master-f30 timeout: 3600 topology: *ad_master + + fedora-30/test_ca_custom_sdn: + requires: [fedora-30/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-30/build_url}' + update_packages: True + test_suite: test_integration/test_ca_custom_sdn.py + template: *testing-master-f30 + timeout: 7200 + topology: *master_1repl diff --git a/ipatests/prci_definitions/nightly_rawhide.yaml b/ipatests/prci_definitions/nightly_rawhide.yaml index 3c36bb3ba..8a072a9c2 100644 --- a/ipatests/prci_definitions/nightly_rawhide.yaml +++ b/ipatests/prci_definitions/nightly_rawhide.yaml @@ -1348,3 +1348,15 @@ jobs: template: *ci-master-frawhide timeout: 3600 topology: *ad_master + + fedora-rawhide/test_ca_custom_sdn: + requires: [fedora-rawhide/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-rawhide/build_url}' + test_suite: test_integration/test_ca_custom_sdn.py + template: *ci-master-frawhide + timeout: 7200 + topology: *master_1repl diff --git a/ipatests/test_integration/test_ca_custom_sdn.py b/ipatests/test_integration/test_ca_custom_sdn.py new file mode 100644 index 000000000..f6df36f5f --- /dev/null +++ b/ipatests/test_integration/test_ca_custom_sdn.py @@ -0,0 +1,67 @@ +# +# Copyright (C) 2019 FreeIPA Contributors see COPYING for license +# + +import time + +from ipapython.dn import DN + +from ipatests.test_integration.base import IntegrationTest +from ipatests.pytest_ipa.integration import tasks + + +class TestCACustomSubjectDN(IntegrationTest): + """ + Test that everything works properly when IPA CA has a custom Subject DN. + We will also choose a custom Subject Base, that does not have anything + in common with the CA Subject DN. + + Generating a random DN might be interest, but for now we construct one + that regression tests some previously encountered issues: + + * Comma in RDN value: https://pagure.io/freeipa/issue/7347 + + * KRA authentication failed for all custom subject DNs: + https://pagure.io/freeipa/issue/8084 + + """ + + num_replicas = 0 + + @classmethod + def install(cls, mh): + """ + Successful installation is sufficient to verify + https://pagure.io/freeipa/issue/7347. + + """ + tasks.install_master( + cls.master, + setup_kra=True, + extra_args=[ + '--subject-base', str(create_custom_subject_base()), + '--ca-subject', str(create_custom_ca_subject()), + ], + ) + + def test_kra_authn(self): + """ + vault-add is sufficient to verify + https://pagure.io/freeipa/issue/8084. + + """ + self.master.run_command([ + 'ipa', 'vault-add', "test1", + '--password', 'Secret.123', '--type', 'symmetric', + ]) + + +def create_custom_ca_subject(): + return DN( + ('CN', 'IPA CA'), + ('O', 'Corporation {}, Inc.'.format(int(time.time()))), + ) + + +def create_custom_subject_base(): + return DN(('O', 'Red Hat, Inc.'))