Re: [Freeipa-devel] [PATCH] 0257 Add initial CA-less installation tests

Wed, 28 Aug 2013 06:22:58 -0700 

On 27.8.2013 10:16, Petr Viktorin wrote:

On 08/26/2013 09:23 AM, Jan Cholasta wrote:

On 22.8.2013 09:46, Petr Viktorin wrote:

On 08/16/2013 07:13 PM, Petr Viktorin wrote:

On 07/30/2013 05:47 PM, Petr Viktorin wrote:

Hello,
This patch implements the first batch of integration tests for CA-less
intallation. Tests from http://www.freeipa.org/page/V3/CA-less_install
up to "IPA server install with missing DS PKCS#12 password" are
included.

Running this already takes an hour in the lab I use, so I decided to
split the patch up and post the first part for review now.

The two tests for revoked certificates fail. This is expected as we
don't handle revoked certs yet.


Continuing, this patch includes all tests except the ones for UI
(pvoborni's patch 443) and certinstall (I'll review jcholast's fixes
first).
See commit message for details.


Here is the completed patch, with all test except the Web UI ones.



 >- The following case is omitted as it is invalid:
 >  - Verify that IPA client install does not configure certmonger

Instead of making a note in the commit, I would prefer if you deleted
the test case. There's no need to keep it if it's invalid, right?

Honza



You're right. I've deleted the case from the test plan.



Thanks.
The service-disable and host-disable tests fail with AlreadyInactive, because the certificate is removed with service-mod and host-mod in earlier tests. I think the service and host command tests should look like this:
1. Verify that {service,host}-del does not attempt to revoke {host,service}'s certificate 
    {service,host}-add
    {service,host}-del
2. Verify that {service,host}-mod does not attempt to revoke {host,service}'s certificate 
    {service,host}-add
    {service,host}-mod
    {service,host}-del
3. Verify that {service,host}-disable does not attempt to revoke {host,service}'s certificate 
    {service,host}-add
    {service,host}-disable
    {service,host}-del

There are a few wrong docstrings:

+    def test_service_mod_doesnt_revoke(self):
+ "Verify that service-mod does not attempt to revoke host's certificate" 

+    def test_service_del_doesnt_revoke(self):
+ "Verify that service-del does not attempt to revoke host's certificate" 

+    def test_ds_san(self):
+        "Install new HTTP certificate with SAN"

--
Jan Cholasta

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to