Move fixture outside the class and add setup_kra capability

Moved fixture to use across multiple classes. Added capability
to install the KRA to the fixture

Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Anuja More <amore@redhat.com>
This commit is contained in:
Mohammad Rizwan 2021-02-11 16:54:22 +05:30 committed by Florence Blanc-Renaud
parent f49c7dafc4
commit f7ef6d5ab7

View File

@ -48,6 +48,33 @@ def check_status(host, cert_count, state, timeout=600):
return count
@pytest.fixture
def expire_cert_critical():
"""
Fixture to expire the certs by moving the system date using
date -s command and revert it back
"""
hosts = dict()
def _expire_cert_critical(host, setup_kra=False):
hosts['host'] = host
# Do not install NTP as the test plays with the date
tasks.install_master(host, setup_dns=False,
extra_args=['--no-ntp'])
if setup_kra:
tasks.install_kra(host)
host.run_command(['systemctl', 'stop', 'chronyd'])
host.run_command(['date', '-s', '+3Years+1day'])
yield _expire_cert_critical
host = hosts.pop('host')
tasks.uninstall_master(host)
host.run_command(['date', '-s', '-3Years-1day'])
host.run_command(['systemctl', 'start', 'chronyd'])
class TestIpaCertFix(IntegrationTest):
@classmethod
def uninstall(cls, mh):
@ -55,22 +82,6 @@ class TestIpaCertFix(IntegrationTest):
# the fixture
pass
@pytest.fixture
def expire_cert_critical(self):
"""
Fixture to expire the certs by moving the system date using
date -s command and revert it back
"""
# Do not install NTP as the test plays with the date
tasks.install_master(self.master, setup_dns=False,
extra_args=['--no-ntp'])
self.master.run_command(['systemctl', 'stop', 'chronyd'])
self.master.run_command(['date','-s', '+3Years+1day'])
yield
tasks.uninstall_master(self.master)
self.master.run_command(['date','-s', '-3Years-1day'])
self.master.run_command(['systemctl', 'start', 'chronyd'])
def test_missing_csr(self, expire_cert_critical):
"""
Test that ipa-cert-fix succeeds when CSR is missing from CS.cfg
@ -82,6 +93,7 @@ class TestIpaCertFix(IntegrationTest):
- call getcert resubmit in order to create the CSR in certmonger file
- use ipa-cert-fix, no issue should be seen
"""
expire_cert_critical(self.master)
# pki must be stopped in order to edit CS.cfg
self.master.run_command(['ipactl', 'stop'])
self.master.run_command(['sed', '-i', r'/ca\.sslserver\.certreq=/d',
@ -139,6 +151,8 @@ class TestIpaCertFix(IntegrationTest):
related: https://pagure.io/freeipa/issue/7885
"""
expire_cert_critical(self.master)
# wait for cert expiry
check_status(self.master, 8, "CA_UNREACHABLE")