Re: [Freeipa-devel] [PATCHES 0321 - 0322] CI: vault CI test

2015-10-12 Thread Martin Basti 



On 12.10.2015 15:18, Martin Basti wrote:



On 12.10.2015 13:37, Milan Kubík wrote:

On 10/08/2015 06:53 PM, Martin Basti wrote:

Patches attached.

Tests for https://fedorahosted.org/freeipa/ticket/5302



LGTM, ACK.

--
Milan Kubik

Pushed to:
ipa-4-2: ad345b4e2572cbc5ce26501f4a73fc4eb02bfaf0
master: 573d3323afa558c791fc0ad2a788b75e33144481




I accidentally pushed just one patch, here is the rest
Pushed to:
ipa-4-2: a23b1ca0562707562dac16b4ecd352e1fd571b0f
master: 5f3784520b5183a75f85b3c235b1e9178c0d5e2f

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCHES 0321 - 0322] CI: vault CI test

2015-10-12 Thread Martin Basti 



On 12.10.2015 13:37, Milan Kubík wrote:

On 10/08/2015 06:53 PM, Martin Basti wrote:

Patches attached.

Tests for https://fedorahosted.org/freeipa/ticket/5302



LGTM, ACK.

--
Milan Kubik

Pushed to:
ipa-4-2: ad345b4e2572cbc5ce26501f4a73fc4eb02bfaf0
master: 573d3323afa558c791fc0ad2a788b75e33144481

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCHES 0321 - 0322] CI: vault CI test

2015-10-12 Thread Milan Kubík 

On 10/08/2015 06:53 PM, Martin Basti wrote:

Patches attached.

Tests for https://fedorahosted.org/freeipa/ticket/5302



LGTM, ACK.

--
Milan Kubik

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCHES 0321 - 0322] CI: vault CI test

2015-10-08 Thread Martin Basti 

Patches attached.

Tests for https://fedorahosted.org/freeipa/ticket/5302
From 9c87a6c66a72fc5f1a35c39529c0e518b4736a18 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 6 Oct 2015 20:28:18 +0200
Subject: [PATCH 1/2] CI Test: add setup_kra options into install scripts

https://fedorahosted.org/freeipa/ticket/5302
---
 ipatests/test_integration/tasks.py | 30 +++---
 .../test_integration/test_backup_and_restore.py|  8 +-
 2 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index 7bfd12dce4ce0330ad18180948efec41f8f82fe2..918f78cde23d65a20fdab1a9484ea29ecceb4d10 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -246,7 +246,7 @@ def enable_replication_debugging(host):
  stdin_text=logging_ldif)
 
 
-def install_master(host, setup_dns=True):
+def install_master(host, setup_dns=True, setup_kra=False):
 host.collect_log(paths.IPASERVER_INSTALL_LOG)
 host.collect_log(paths.IPACLIENT_INSTALL_LOG)
 inst = host.domain.realm.replace('.', '-')
@@ -273,10 +273,23 @@ def install_master(host, setup_dns=True):
 enable_replication_debugging(host)
 setup_sssd_debugging(host)
 
+if setup_kra:
+args = [
+"ipa-kra-install",
+"-p", host.config.dirman_password,
+"-U",
+]
+host.run_command(args)
+
 kinit_admin(host)
 
 
-def install_replica(master, replica, setup_ca=True, setup_dns=False):
+def get_replica_filename(replica):
+return os.path.join(replica.config.test_dir, 'replica-info.gpg')
+
+
+def install_replica(master, replica, setup_ca=True, setup_dns=False,
+setup_kra=False):
 replica.collect_log(paths.IPAREPLICA_INSTALL_LOG)
 replica.collect_log(paths.IPAREPLICA_CONNCHECK_LOG)
 
@@ -289,8 +302,7 @@ def install_replica(master, replica, setup_ca=True, setup_dns=False):
 replica.hostname])
 replica_bundle = master.get_file_contents(
 paths.REPLICA_INFO_GPG_TEMPLATE % replica.hostname)
-replica_filename = os.path.join(replica.config.test_dir,
-'replica-info.gpg')
+replica_filename = get_replica_filename(replica)
 replica.put_file_contents(replica_filename, replica_bundle)
 args = ['ipa-replica-install', '-U',
 '-p', replica.config.dirman_password,
@@ -309,6 +321,16 @@ def install_replica(master, replica, setup_ca=True, setup_dns=False):
 enable_replication_debugging(replica)
 setup_sssd_debugging(replica)
 
+if setup_kra:
+assert setup_ca, "CA must be installed on replica with KRA"
+args = [
+"ipa-kra-install",
+replica_filename,
+"-p", replica.config.dirman_password,
+"-U",
+]
+replica.run_command(args)
+
 kinit_admin(replica)
 
 
diff --git a/ipatests/test_integration/test_backup_and_restore.py b/ipatests/test_integration/test_backup_and_restore.py
index c0d30fc8188384c0886f65d68e73e07436bcc897..8b9cd2dc4af146b2c00e6d2224625c4288854be8 100644
--- a/ipatests/test_integration/test_backup_and_restore.py
+++ b/ipatests/test_integration/test_backup_and_restore.py
@@ -354,13 +354,7 @@ class BaseBackupAndRestoreWithKRA(IntegrationTest):
 
 @classmethod
 def install(cls, mh):
-tasks.install_master(cls.master, setup_dns=True)
-args = [
-"ipa-kra-install",
-"-p", cls.master.config.dirman_password,
-"-U",
-]
-cls.master.run_command(args)
+tasks.install_master(cls.master, setup_dns=True, setup_kra=True)
 
 def _full_backup_restore_with_vault(self, reinstall=False):
 with restore_checker(self.master):
-- 
2.4.3

From 0a8614835e12b960a30fb9f52380a9de5ebe3d68 Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Tue, 6 Oct 2015 20:26:01 +0200
Subject: [PATCH 2/2] CI TEST: Vault

Simple CI test for vault feature, including testing with replica

Covers https://fedorahosted.org/freeipa/ticket/5302
---
 ipatests/test_integration/test_vault.py | 205 
 1 file changed, 205 insertions(+)
 create mode 100644 ipatests/test_integration/test_vault.py

diff --git a/ipatests/test_integration/test_vault.py b/ipatests/test_integration/test_vault.py
new file mode 100644
index ..ba472af7152b508fb8a6fd92ebf18879518d2246
--- /dev/null
+++ b/ipatests/test_integration/test_vault.py
@@ -0,0 +1,205 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+import time
+
+from ipatests.test_integration.base import IntegrationTest
+from ipatests.test_integration import tasks
+
+WAIT_AFTER_ARCHIVE = 30  # give some time to replication
+
+
+class TestInstallKRA(IntegrationTest):
+"""
+Test if vault feature behaves as expected, when KRA is