The patch was rebased to be able to apply on top of latest version of certs in idoverrides patch. As before, it requires patches NN 0049 and 0059 to apply

On 08/10/2016 01:46 PM, Oleg Fayans wrote:
Hi Martin,

I am sorry, yes it depends on my patches 0049 and 0050.


On 08/10/2016 12:27 PM, Martin Basti wrote:


On 10.08.2016 10:38, Oleg Fayans wrote:



Hello,

I cannot apply this patch
error: ipatests/test_integration/test_certs_in_idoverrides.py: does not
exist in index
It probably depends on another patch (which one?)

Please, use human readable subjects in email, I do not remember from top
of my head what #6146 is.

Martin^2




--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
From bfbd42c9c626a8eecde7f855b8bfaa336bc4e014 Mon Sep 17 00:00:00 2001
From: Oleg Fayans <ofay...@redhat.com>
Date: Tue, 25 Oct 2016 11:19:05 +0200
Subject: [PATCH] Test for installing rules with service principals

https://fedorahosted.org/freeipa/ticket/6146
---
 ipatests/test_integration/test_idviews.py | 82 +++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)

diff --git a/ipatests/test_integration/test_idviews.py b/ipatests/test_integration/test_idviews.py
index fa87f09493c7e9677bc6c7e5081e0ee29c999cb4..3047b8e2c7f67fee05d668f193d273b99266adff 100644
--- a/ipatests/test_integration/test_idviews.py
+++ b/ipatests/test_integration/test_idviews.py
@@ -153,3 +153,85 @@ class TestCertsInIDOverrides(IntegrationTest):
             " string:\"org.freedesktop.sssd.infopipe.Users.User\"" % userpath
             )
         assert('dict entry' in result2.stdout_text)
+
+
+class TestRulesWithServicePrincipals(IntegrationTest):
+    """
+    https://fedorahosted.org/freeipa/ticket/6146
+    """
+
+    topology = 'star'
+    num_replicas = 0
+    service_certprofile = 'caIPAserviceCert'
+    caacl = 'test_caacl'
+    keytab = "replica.keytab"
+    csr = "my.csr"
+    csr_conf = "replica.cnf"
+
+    @classmethod
+    def prepare_config(cls):
+        template = """
+req_extensions = v3_req
+distinguished_name = req_distinguished_name
+
+[req_distinguished_name]
+commonName = %s
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = %s
+DNS.2 = %s
+EOF
+        """
+
+        contents = template % (cls.replica, cls.replica, cls.master.hostname)
+        cls.master.run_command("cat <<EOF > %s\n%s" % (cls.csr_conf, contents))
+
+    @classmethod
+    def install(cls, mh):
+        super(TestRulesWithServicePrincipals, cls).install(mh)
+        master = cls.master
+        tasks.kinit_admin(master)
+        cls.replica = "replica.%s" % master.domain.name
+        master.run_command(['ipa', 'host-add', cls.replica, '--force'])
+        cls.service_name = "svc/%s" % master.hostname
+        cls.replica_service_name = "svc/%s" % cls.replica
+        master.run_command("ipa service-add %s" % cls.service_name)
+        master.run_command("ipa service-add %s --force" %
+                           cls.replica_service_name)
+        master.run_command("ipa service-add-host %s --hosts %s" % (
+            cls.service_name, cls.replica))
+        master.run_command("ipa caacl-add %s --desc \"test\"" % cls.caacl)
+        master.run_command("ipa caacl-add-host %s --hosts %s" % (cls.caacl,
+                                                                 cls.replica))
+        master.run_command("ipa caacl-add-service %s --services"
+                           " svc/`hostname`" % cls.caacl)
+        master.run_command("ipa-getkeytab -p host/%s@%s -k %s" % (
+            cls.replica, master.domain.realm, cls.keytab))
+        master.run_command("kinit -kt %s host/%s" % (cls.keytab, cls.replica))
+
+        # Prepare a CSR
+
+        cls.prepare_config()
+        stdin_text = "qwerty\nqwerty\n%s\n" % cls.replica
+
+        master.run_command(['openssl', 'req', '-config', cls.csr_conf, '-new',
+                            '-out', cls.csr], stdin_text=stdin_text)
+
+    def test_rules_with_service_principals(self):
+        result = self.master.run_command(['ipa', 'cert-request', self.csr,
+                                          '--principal', "svc/%s@%s" % (
+                                              self.replica,
+                                              self.master.domain.realm),
+                                          '--profile-id',
+                                          self.service_certprofile],
+                                         raiseonerr=False)
+        assert(result.returncode == 0), (
+            'Failed to add a cert to custom certprofile')
-- 
2.7.4

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to