Passing test output:
https://paste.fedoraproject.org/385774/71035231/
--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
From 7bc97eb762c951a8bc3762d8bd23da4ee06a6edb Mon Sep 17 00:00:00 2001
From: Oleg Fayans <ofay...@redhat.com>
Date: Tue, 28 Jun 2016 10:33:13 +0200
Subject: [PATCH] Added methods to manipulate certs
---
ipatests/test_integration/tasks.py | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index 38218fa709c2c220d5fea98a092b55e995d48d77..41b44ae8389510ec0ec9c8c1c4c5a9ee21e81ae4 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -1209,3 +1209,18 @@ def assert_error(result, stderr_text, returncode=None):
assert result.returncode == returncode
else:
assert result.returncode > 0
+
+
+def run_certutil(host, args, reqdir, stdin=None):
+ new_args = [paths.CERTUTIL, "-d", reqdir]
+ new_args = new_args + args
+ return host.run_command(new_args, raiseonerr=False,
+ stdin_text=stdin)
+
+
+def generate_csr(host, subject, reqdir, reqfile, pwname):
+ args = ["-R", "-s", subject, "-o", reqfile,
+ "-z", paths.GROUP, "-f", pwname, "-a"]
+ result = run_certutil(host, args, reqdir)
+ host.run_command(['cat', reqfile], raiseonerr=False)
+ return result.stdout_text
--
1.8.3.1
From f032df3a1d58e200d0f8bf8dbc121e5f03eb041e Mon Sep 17 00:00:00 2001
From: Oleg Fayans <ofay...@redhat.com>
Date: Tue, 28 Jun 2016 10:16:06 +0200
Subject: [PATCH] Automated test for certs in idoverrides feature
https://fedorahosted.org/freeipa/ticket/6005
---
.../test_integration/test_certs_in_idoverrides.py | 85 ++++++++++++++++++++++
1 file changed, 85 insertions(+)
create mode 100644 ipatests/test_integration/test_certs_in_idoverrides.py
diff --git a/ipatests/test_integration/test_certs_in_idoverrides.py b/ipatests/test_integration/test_certs_in_idoverrides.py
new file mode 100644
index 0000000000000000000000000000000000000000..a6b5a60ad5c171ef9fb35848d81a637df979ccaf
--- /dev/null
+++ b/ipatests/test_integration/test_certs_in_idoverrides.py
@@ -0,0 +1,85 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+import os
+import re
+from ipatests.test_integration import tasks
+from ipatests.test_integration.base import IntegrationTest
+from ipatests.test_integration.test_caless import assert_error
+
+
+class TestCertsInIDOverrides(IntegrationTest):
+ topology = "line"
+ service_certprofile = 'caIPAserviceCert'
+ user_certprofile = 'caIPAuserCert'
+ user = 'testuser'
+ user_cn = "CN=%s" % user
+ idview = 'MyView'
+ cert_re = re.compile('Certificate: (?P<cert>.*?)\\s+.*')
+
+ @classmethod
+ def install(cls, mh):
+ super(TestCertsInIDOverrides, cls).install(mh)
+ master = cls.master
+ master.run_command(['ipa', 'certprofile-show', cls.service_certprofile,
+ "--out=%s.txt" % cls.user_certprofile])
+ master.run_command("sed -i \"s/profileId=%s/profileId=%s/\" %s.txt" % (
+ cls.service_certprofile, cls.user_certprofile,
+ cls.user_certprofile)
+ )
+ master.run_command(['ipa', 'certprofile-import', cls.user_certprofile,
+ "--file=%s.txt" % cls.user_certprofile,
+ '--store=true', '--desc="User Certs"'])
+
+ master.run_command(['ipa', 'idview-add', cls.idview,
+ '--desc=description'])
+
+ cls.reqdir = os.path.join(master.config.test_dir, "certs")
+ cls.reqfile1 = os.path.join(cls.reqdir, "test1.csr")
+ cls.reqfile2 = os.path.join(cls.reqdir, "test2.csr")
+ cls.pwname = os.path.join(cls.reqdir, "pwd")
+
+ # Create an empty password file
+ master.run_command(['mkdir', cls.reqdir])
+ # Create an empty password file
+ master.run_command(["touch", cls.pwname])
+
+ # Create our temporary NSS database
+ tasks.run_certutil(master, ["-N", "-f", cls.pwname], cls.reqdir)
+ tasks.generate_csr(master, cls.user_cn, cls.reqdir,
+ cls.reqfile1, cls.pwname)
+ tasks.generate_csr(master, cls.user_cn, cls.reqdir,
+ cls.reqfile2, cls.pwname)
+ master.run_command(['ipa', 'user-add', cls.user,
+ '--first', 'a', '--last', 'b', '--random'])
+
+ def test_certs_in_idoverrides(self):
+ self.master.run_command(['ipa', 'idoverrideuser-add',
+ self.idview, self.user])
+ result1 = self.master.run_command([
+ 'ipa', 'cert-request', self.reqfile1,
+ "--principal=%s" % self.user, '--add',
+ "--profile-id=%s" % self.user_certprofile])
+ cert1 = self.cert_re.search(result1.stdout_text).group('cert')
+ result2 = self.master.run_command([
+ 'ipa', 'cert-request', self.reqfile2,
+ "--principal=%s" % self.user, '--add',
+ "--profile-id=%s" % self.user_certprofile])
+ cert2 = self.cert_re.search(result2.stdout_text).group('cert')
+
+ args1 = ['ipa', 'idoverrideuser-add-cert', self.idview,
+ self.user, "--certificate=%s" % cert1]
+ args2 = ['ipa', 'idoverrideuser-add-cert', self.idview,
+ self.user, "--certificate=%s" % cert2]
+ self.master.run_command(args1)
+ result3 = self.master.run_command(args1, raiseonerr=False)
+ assert_error(result3, "already contains one or more values")
+ result4 = self.master.run_command(args2, raiseonerr=False)
+ assert(result4.returncode == 0), 'Failed to add second certificate'
+ self.master.run_command(['ipa', 'idoverrideuser-remove-cert',
+ self.idview, self.user,
+ "--certificate=%s" % cert2])
+ self.master.run_command(['ipa', 'idoverrideuser-remove-cert',
+ self.idview, self.user,
+ "--certificate=%s" % cert1])
--
1.8.3.1
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
