URL: https://github.com/freeipa/freeipa/pull/1574 Author: Rezney Title: #1574: [Backport][ipa-4-5] - ipa_tests: test subca key replication Action: opened
PR body: """ Test if key replication is not failing. https://pagure.io/freeipa/issue/7387 Reviewed-By: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1574/head:pr1574 git checkout pr1574
From 759a38370027d3c610a78afeec1f8059d006790d Mon Sep 17 00:00:00 2001 From: Michal Reznik <mrez...@redhat.com> Date: Thu, 1 Feb 2018 13:17:48 +0100 Subject: [PATCH] ipa_tests: test subca key replication Test if key replication is not failing. https://pagure.io/freeipa/issue/7387 Reviewed-By: Christian Heimes <chei...@redhat.com> --- .../test_integration/test_replica_promotion.py | 49 ++++++++++++++++++++-- 1 file changed, 46 insertions(+), 3 deletions(-) diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index 4629d1ff05..67b596209f 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -10,9 +10,9 @@ from ipatests.pytest_plugins.integration import tasks from ipatests.pytest_plugins.integration.tasks import ( assert_error, replicas_cleanup) -from ipalib.constants import DOMAIN_LEVEL_0 -from ipalib.constants import DOMAIN_LEVEL_1 -from ipalib.constants import DOMAIN_SUFFIX_NAME +from ipalib.constants import ( + DOMAIN_LEVEL_0, DOMAIN_LEVEL_1, DOMAIN_SUFFIX_NAME, IPA_CA_NICKNAME) +from ipaplatform.paths import paths class ReplicaPromotionBase(IntegrationTest): @@ -527,3 +527,46 @@ def test_replica_install_with_existing_entry(self): master.run_command(arg) tasks.install_replica(master, replica) + + +class TestSubCAkeyReplication(IntegrationTest): + """ + Test if subca key replication is not failing. + """ + topology = 'line' + num_replicas = 1 + + SUBCA = 'test_subca' + SUBCA_CN = 'cn=' + SUBCA + + PKI_DEBUG_PATH = '/var/log/pki/pki-tomcat/ca/debug' + + ERR_MESS = 'Caught exception during cert/key import' + + def test_sub_ca_key_replication(self): + master = self.master + replica = self.replicas[0] + + result = master.run_command(['ipa', 'ca-add', self.SUBCA, '--subject', + self.SUBCA_CN]) + + uuid = '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' + auth_id_re = re.compile('Authority ID: ({})'.format(uuid), + re.IGNORECASE) + auth_id = "".join(re.findall(auth_id_re, result.stdout_text)) + + cert_nick = '{} {}'.format(IPA_CA_NICKNAME, auth_id) + + # give replication some time + time.sleep(30) + + replica.run_command(['ipa-certupdate']) + replica.run_command(['ipa', 'ca-show', self.SUBCA]) + + tasks.run_certutil(replica, ['-L', '-n', cert_nick], + paths.PKI_TOMCAT_ALIAS_DIR) + + pki_debug_log = replica.get_file_contents(self.PKI_DEBUG_PATH, + encoding='utf-8') + # check for cert/key import error message + assert self.ERR_MESS not in pki_debug_log
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org