test_integration: add tests for custom CA subject DN

Define integration test for custom CA subject DN and subject base scenarios. Add to nightly CI runs. Part of: https://pagure.io/freeipa/issue/8084 Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2025-02-25 18:55:28 -06:00 · 2019-10-14 13:31:16 +11:00 · 2019-10-14 13:31:16 +11:00 · e767386e71
commit e767386e71
parent 7ea50ff76d
6 changed files with 129 additions and 0 deletions
--- a/ipatests/prci_definitions/nightly_f29.yaml
+++ b/ipatests/prci_definitions/nightly_f29.yaml
@ -1336,3 +1336,15 @@ jobs:
        template: *ci-master-f29
        timeout: 3600
        topology: *ad_master
+
+  fedora-29/test_ca_custom_sdn:
+    requires: [fedora-29/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{fedora-29/build_url}'
+        test_suite: test_integration/test_ca_custom_sdn.py
+        template: *ci-master-f29
+        timeout: 7200
+        topology: *master_1repl
--- a/ipatests/prci_definitions/nightly_master.yaml
+++ b/ipatests/prci_definitions/nightly_master.yaml
@ -1348,3 +1348,15 @@ jobs:
        template: *ci-master-f30
        timeout: 3600
        topology: *ad_master
+
+  fedora-30/test_ca_custom_sdn:
+    requires: [fedora-30/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{fedora-30/build_url}'
+        test_suite: test_integration/test_ca_custom_sdn.py
+        template: *ci-master-f30
+        timeout: 7200
+        topology: *master_1repl
--- a/ipatests/prci_definitions/nightly_master_pki.yaml
+++ b/ipatests/prci_definitions/nightly_master_pki.yaml
@ -782,3 +782,16 @@ jobs:
        template: *pki-master-f30
        timeout: 3600
        topology: *master_1repl
+
+  fedora-30/test_ca_custom_sdn:
+    requires: [fedora-30/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{fedora-30/build_url}'
+        update_packages: True
+        test_suite: test_integration/test_ca_custom_sdn.py
+        template: *pki-master-f30
+        timeout: 7200
+        topology: *master_1repl
--- a/ipatests/prci_definitions/nightly_master_testing.yaml
+++ b/ipatests/prci_definitions/nightly_master_testing.yaml
@ -1454,3 +1454,16 @@ jobs:
        template: *testing-master-f30
        timeout: 3600
        topology: *ad_master
+
+  fedora-30/test_ca_custom_sdn:
+    requires: [fedora-30/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{fedora-30/build_url}'
+        update_packages: True
+        test_suite: test_integration/test_ca_custom_sdn.py
+        template: *testing-master-f30
+        timeout: 7200
+        topology: *master_1repl
--- a/ipatests/prci_definitions/nightly_rawhide.yaml
+++ b/ipatests/prci_definitions/nightly_rawhide.yaml
@ -1348,3 +1348,15 @@ jobs:
        template: *ci-master-frawhide
        timeout: 3600
        topology: *ad_master
+
+  fedora-rawhide/test_ca_custom_sdn:
+    requires: [fedora-rawhide/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{fedora-rawhide/build_url}'
+        test_suite: test_integration/test_ca_custom_sdn.py
+        template: *ci-master-frawhide
+        timeout: 7200
+        topology: *master_1repl
--- a/ipatests/test_integration/test_ca_custom_sdn.py
+++ b/ipatests/test_integration/test_ca_custom_sdn.py
@ -0,0 +1,67 @@
+#
+# Copyright (C) 2019  FreeIPA Contributors see COPYING for license
+#
+
+import time
+
+from ipapython.dn import DN
+
+from ipatests.test_integration.base import IntegrationTest
+from ipatests.pytest_ipa.integration import tasks
+
+
+class TestCACustomSubjectDN(IntegrationTest):
+    """
+    Test that everything works properly when IPA CA has a custom Subject DN.
+    We will also choose a custom Subject Base, that does not have anything
+    in common with the CA Subject DN.
+
+    Generating a random DN might be interest, but for now we construct one
+    that regression tests some previously encountered issues:
+
+    * Comma in RDN value: https://pagure.io/freeipa/issue/7347
+
+    * KRA authentication failed for all custom subject DNs:
+      https://pagure.io/freeipa/issue/8084
+
+    """
+
+    num_replicas = 0
+
+    @classmethod
+    def install(cls, mh):
+        """
+        Successful installation is sufficient to verify
+        https://pagure.io/freeipa/issue/7347.
+
+        """
+        tasks.install_master(
+            cls.master,
+            setup_kra=True,
+            extra_args=[
+                '--subject-base', str(create_custom_subject_base()),
+                '--ca-subject', str(create_custom_ca_subject()),
+            ],
+        )
+
+    def test_kra_authn(self):
+        """
+        vault-add is sufficient to verify
+        https://pagure.io/freeipa/issue/8084.
+
+        """
+        self.master.run_command([
+            'ipa', 'vault-add', "test1",
+            '--password', 'Secret.123', '--type', 'symmetric',
+        ])
+
+
+def create_custom_ca_subject():
+    return DN(
+        ('CN', 'IPA CA'),
+        ('O', 'Corporation {}, Inc.'.format(int(time.time()))),
+    )
+
+
+def create_custom_subject_base():
+    return DN(('O', 'Red Hat, Inc.'))