URL: https://github.com/freeipa/freeipa/pull/1516 Author: Rezney Title: #1516: ipa_tests: test subca key replication Action: opened
PR body: """ Test if key replication is not failing. https://pagure.io/freeipa/issue/7387 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1516/head:pr1516 git checkout pr1516
From fda723b05175048ace56861a3757713f98632169 Mon Sep 17 00:00:00 2001 From: Michal Reznik <mrez...@redhat.com> Date: Thu, 1 Feb 2018 13:17:48 +0100 Subject: [PATCH] ipa_tests: test subca key replication Test if key replication is not failing. https://pagure.io/freeipa/issue/7387 --- .../test_integration/test_replica_promotion.py | 53 ++++++++++++++++++++-- 1 file changed, 50 insertions(+), 3 deletions(-) diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index de71c82b7a..8b1f2c9399 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -11,9 +11,9 @@ from ipatests.pytest_plugins.integration import tasks from ipatests.pytest_plugins.integration.tasks import ( assert_error, replicas_cleanup) -from ipalib.constants import DOMAIN_LEVEL_0 -from ipalib.constants import DOMAIN_LEVEL_1 -from ipalib.constants import DOMAIN_SUFFIX_NAME +from ipalib.constants import ( + DOMAIN_LEVEL_0, DOMAIN_LEVEL_1, DOMAIN_SUFFIX_NAME, IPA_CA_NICKNAME) +from ipaplatform.paths import paths class ReplicaPromotionBase(IntegrationTest): @@ -570,3 +570,50 @@ def test_replica_install_with_existing_entry(self): master.run_command(arg) tasks.install_replica(master, replica) + + +class TestSubCAkeyReplication(IntegrationTest): + """ + Test if subca key replication is not failing. + """ + topology = 'line' + num_replicas = 1 + + SUBCA = 'test_subca' + SUBCA_CN = 'cn=' + SUBCA + + PKI_DEBUG_PATH = '/var/log/pki/pki-tomcat/ca/debug' + + ERR_MESS = 'Caught exception during cert/key import' + + def test_sub_ca_key_replication(self): + master = self.master + replica = self.replicas[0] + + result = master.run_command(['ipa', 'ca-add', self.SUBCA, '--subject', + self.SUBCA_CN]) + assert result.returncode == 0 + + uuid = '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + auth_id = re.compile('Authority ID: ({})'.format(uuid), re.IGNORECASE) + auth_id = "".join(re.findall(auth_id, result.stdout_text)) + + cert_nick = '{} {}'.format(IPA_CA_NICKNAME, auth_id) + + # give replication some time + time.sleep(30) + + result = replica.run_command(['ipa-certupdate']) + assert result.returncode == 0 + + result = replica.run_command(['ipa', 'ca-show', self.SUBCA]) + assert result.returncode == 0 + + result = tasks.run_certutil(replica, ['-L', '-n', cert_nick], + paths.PKI_TOMCAT_ALIAS_DIR) + assert result.returncode == 0 + + pki_debug_log = replica.get_file_contents(self.PKI_DEBUG_PATH, + encoding='utf-8') + # check for cert/key import error message + assert self.ERR_MESS not in pki_debug_log
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
