mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-22 23:23:30 -06:00
e767386e71
Define integration test for custom CA subject DN and subject base scenarios. Add to nightly CI runs. Part of: https://pagure.io/freeipa/issue/8084 Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
68 lines
1.7 KiB
Python
68 lines
1.7 KiB
Python
#
|
|
# Copyright (C) 2019 FreeIPA Contributors see COPYING for license
|
|
#
|
|
|
|
import time
|
|
|
|
from ipapython.dn import DN
|
|
|
|
from ipatests.test_integration.base import IntegrationTest
|
|
from ipatests.pytest_ipa.integration import tasks
|
|
|
|
|
|
class TestCACustomSubjectDN(IntegrationTest):
|
|
"""
|
|
Test that everything works properly when IPA CA has a custom Subject DN.
|
|
We will also choose a custom Subject Base, that does not have anything
|
|
in common with the CA Subject DN.
|
|
|
|
Generating a random DN might be interest, but for now we construct one
|
|
that regression tests some previously encountered issues:
|
|
|
|
* Comma in RDN value: https://pagure.io/freeipa/issue/7347
|
|
|
|
* KRA authentication failed for all custom subject DNs:
|
|
https://pagure.io/freeipa/issue/8084
|
|
|
|
"""
|
|
|
|
num_replicas = 0
|
|
|
|
@classmethod
|
|
def install(cls, mh):
|
|
"""
|
|
Successful installation is sufficient to verify
|
|
https://pagure.io/freeipa/issue/7347.
|
|
|
|
"""
|
|
tasks.install_master(
|
|
cls.master,
|
|
setup_kra=True,
|
|
extra_args=[
|
|
'--subject-base', str(create_custom_subject_base()),
|
|
'--ca-subject', str(create_custom_ca_subject()),
|
|
],
|
|
)
|
|
|
|
def test_kra_authn(self):
|
|
"""
|
|
vault-add is sufficient to verify
|
|
https://pagure.io/freeipa/issue/8084.
|
|
|
|
"""
|
|
self.master.run_command([
|
|
'ipa', 'vault-add', "test1",
|
|
'--password', 'Secret.123', '--type', 'symmetric',
|
|
])
|
|
|
|
|
|
def create_custom_ca_subject():
|
|
return DN(
|
|
('CN', 'IPA CA'),
|
|
('O', 'Corporation {}, Inc.'.format(int(time.time()))),
|
|
)
|
|
|
|
|
|
def create_custom_subject_base():
|
|
return DN(('O', 'Red Hat, Inc.'))
|