mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
Move fixture outside the class and add setup_kra capability
Moved fixture to use across multiple classes. Added capability to install the KRA to the fixture Signed-off-by: Mohammad Rizwan <myusuf@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Anuja More <amore@redhat.com>
This commit is contained in:
parent
f49c7dafc4
commit
f7ef6d5ab7
@ -48,6 +48,33 @@ def check_status(host, cert_count, state, timeout=600):
|
||||
return count
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def expire_cert_critical():
|
||||
"""
|
||||
Fixture to expire the certs by moving the system date using
|
||||
date -s command and revert it back
|
||||
"""
|
||||
|
||||
hosts = dict()
|
||||
|
||||
def _expire_cert_critical(host, setup_kra=False):
|
||||
hosts['host'] = host
|
||||
# Do not install NTP as the test plays with the date
|
||||
tasks.install_master(host, setup_dns=False,
|
||||
extra_args=['--no-ntp'])
|
||||
if setup_kra:
|
||||
tasks.install_kra(host)
|
||||
host.run_command(['systemctl', 'stop', 'chronyd'])
|
||||
host.run_command(['date', '-s', '+3Years+1day'])
|
||||
|
||||
yield _expire_cert_critical
|
||||
|
||||
host = hosts.pop('host')
|
||||
tasks.uninstall_master(host)
|
||||
host.run_command(['date', '-s', '-3Years-1day'])
|
||||
host.run_command(['systemctl', 'start', 'chronyd'])
|
||||
|
||||
|
||||
class TestIpaCertFix(IntegrationTest):
|
||||
@classmethod
|
||||
def uninstall(cls, mh):
|
||||
@ -55,22 +82,6 @@ class TestIpaCertFix(IntegrationTest):
|
||||
# the fixture
|
||||
pass
|
||||
|
||||
@pytest.fixture
|
||||
def expire_cert_critical(self):
|
||||
"""
|
||||
Fixture to expire the certs by moving the system date using
|
||||
date -s command and revert it back
|
||||
"""
|
||||
# Do not install NTP as the test plays with the date
|
||||
tasks.install_master(self.master, setup_dns=False,
|
||||
extra_args=['--no-ntp'])
|
||||
self.master.run_command(['systemctl', 'stop', 'chronyd'])
|
||||
self.master.run_command(['date','-s', '+3Years+1day'])
|
||||
yield
|
||||
tasks.uninstall_master(self.master)
|
||||
self.master.run_command(['date','-s', '-3Years-1day'])
|
||||
self.master.run_command(['systemctl', 'start', 'chronyd'])
|
||||
|
||||
def test_missing_csr(self, expire_cert_critical):
|
||||
"""
|
||||
Test that ipa-cert-fix succeeds when CSR is missing from CS.cfg
|
||||
@ -82,6 +93,7 @@ class TestIpaCertFix(IntegrationTest):
|
||||
- call getcert resubmit in order to create the CSR in certmonger file
|
||||
- use ipa-cert-fix, no issue should be seen
|
||||
"""
|
||||
expire_cert_critical(self.master)
|
||||
# pki must be stopped in order to edit CS.cfg
|
||||
self.master.run_command(['ipactl', 'stop'])
|
||||
self.master.run_command(['sed', '-i', r'/ca\.sslserver\.certreq=/d',
|
||||
@ -139,6 +151,8 @@ class TestIpaCertFix(IntegrationTest):
|
||||
|
||||
related: https://pagure.io/freeipa/issue/7885
|
||||
"""
|
||||
expire_cert_critical(self.master)
|
||||
|
||||
# wait for cert expiry
|
||||
check_status(self.master, 8, "CA_UNREACHABLE")
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user