Re: [Freeipa-devel] [test][patch-0057] test for ticket N 6146 (installing rules with service principals)
The patch was added to existing PR: https://github.com/freeipa/freeipa/pull/224 On 11/08/2016 05:24 PM, Oleg Fayans wrote: And this one. On 11/03/2016 09:42 AM, Oleg Fayans wrote: One more ping for review On 10/27/2016 02:21 PM, Oleg Fayans wrote: ping for review On 10/25/2016 11:29 AM, Oleg Fayans wrote: The patch was rebased to be able to apply on top of latest version of certs in idoverrides patch. As before, it requires patches NN 0049 and 0059 to apply On 08/10/2016 01:46 PM, Oleg Fayans wrote: Hi Martin, I am sorry, yes it depends on my patches 0049 and 0050. On 08/10/2016 12:27 PM, Martin Basti wrote: On 10.08.2016 10:38, Oleg Fayans wrote: Hello, I cannot apply this patch error: ipatests/test_integration/test_certs_in_idoverrides.py: does not exist in index It probably depends on another patch (which one?) Please, use human readable subjects in email, I do not remember from top of my head what #6146 is. Martin^2 -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [test][patch-0057] test for ticket N 6146 (installing rules with service principals)
And this one. On 11/03/2016 09:42 AM, Oleg Fayans wrote: One more ping for review On 10/27/2016 02:21 PM, Oleg Fayans wrote: ping for review On 10/25/2016 11:29 AM, Oleg Fayans wrote: The patch was rebased to be able to apply on top of latest version of certs in idoverrides patch. As before, it requires patches NN 0049 and 0059 to apply On 08/10/2016 01:46 PM, Oleg Fayans wrote: Hi Martin, I am sorry, yes it depends on my patches 0049 and 0050. On 08/10/2016 12:27 PM, Martin Basti wrote: On 10.08.2016 10:38, Oleg Fayans wrote: Hello, I cannot apply this patch error: ipatests/test_integration/test_certs_in_idoverrides.py: does not exist in index It probably depends on another patch (which one?) Please, use human readable subjects in email, I do not remember from top of my head what #6146 is. Martin^2 -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [test][patch-0057] test for ticket N 6146 (installing rules with service principals)
One more ping for review On 10/27/2016 02:21 PM, Oleg Fayans wrote: ping for review On 10/25/2016 11:29 AM, Oleg Fayans wrote: The patch was rebased to be able to apply on top of latest version of certs in idoverrides patch. As before, it requires patches NN 0049 and 0059 to apply On 08/10/2016 01:46 PM, Oleg Fayans wrote: Hi Martin, I am sorry, yes it depends on my patches 0049 and 0050. On 08/10/2016 12:27 PM, Martin Basti wrote: On 10.08.2016 10:38, Oleg Fayans wrote: Hello, I cannot apply this patch error: ipatests/test_integration/test_certs_in_idoverrides.py: does not exist in index It probably depends on another patch (which one?) Please, use human readable subjects in email, I do not remember from top of my head what #6146 is. Martin^2 -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [test][patch-0057] test for ticket N 6146 (installing rules with service principals)
ping for review On 10/25/2016 11:29 AM, Oleg Fayans wrote: The patch was rebased to be able to apply on top of latest version of certs in idoverrides patch. As before, it requires patches NN 0049 and 0059 to apply On 08/10/2016 01:46 PM, Oleg Fayans wrote: Hi Martin, I am sorry, yes it depends on my patches 0049 and 0050. On 08/10/2016 12:27 PM, Martin Basti wrote: On 10.08.2016 10:38, Oleg Fayans wrote: Hello, I cannot apply this patch error: ipatests/test_integration/test_certs_in_idoverrides.py: does not exist in index It probably depends on another patch (which one?) Please, use human readable subjects in email, I do not remember from top of my head what #6146 is. Martin^2 -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [test][patch-0057] test for ticket N 6146 (installing rules with service principals)
Hi Martin, I am sorry, yes it depends on my patches 0049 and 0050. On 08/10/2016 12:27 PM, Martin Basti wrote: On 10.08.2016 10:38, Oleg Fayans wrote: Hello, I cannot apply this patch error: ipatests/test_integration/test_certs_in_idoverrides.py: does not exist in index It probably depends on another patch (which one?) Please, use human readable subjects in email, I do not remember from top of my head what #6146 is. Martin^2 -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [test][patch-0057] test for ticket N 6146 (installing rules with service principals)
On 10.08.2016 10:38, Oleg Fayans wrote: Hello, I cannot apply this patch error: ipatests/test_integration/test_certs_in_idoverrides.py: does not exist in index It probably depends on another patch (which one?) Please, use human readable subjects in email, I do not remember from top of my head what #6146 is. Martin^2 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [test][patch-0057] test for ticket N 6146
-- Oleg Fayans Quality Engineer FreeIPA team RedHat. From a33a5aea0f12f63d53ff773b3d5e615b1f582d7f Mon Sep 17 00:00:00 2001 From: Oleg FayansDate: Wed, 10 Aug 2016 10:29:59 +0200 Subject: [PATCH] Test for installing rules with service principals https://fedorahosted.org/freeipa/ticket/6146 --- .../test_integration/test_certs_in_idoverrides.py | 82 ++ 1 file changed, 82 insertions(+) diff --git a/ipatests/test_integration/test_certs_in_idoverrides.py b/ipatests/test_integration/test_certs_in_idoverrides.py index 9114c4f91cd6378acc53caa068b852ae15670d7a..b9eabdf36abff73d8cd5daab0a1ada2c4dffbca6 100644 --- a/ipatests/test_integration/test_certs_in_idoverrides.py +++ b/ipatests/test_integration/test_certs_in_idoverrides.py @@ -10,6 +10,88 @@ from ipatests.test_integration.base import IntegrationTest from ipatests.test_integration.tasks import assert_error +class TestRulesWithServicePrincipals(IntegrationTest): +""" +https://fedorahosted.org/freeipa/ticket/6146 +""" + +topology = 'star' +num_replicas = 0 +service_certprofile = 'caIPAserviceCert' +caacl = 'test_caacl' +keytab = "replica.keytab" +csr = "my.csr" +csr_conf = "replica.cnf" + +@classmethod +def prepare_config(cls): +template = """ +req_extensions = v3_req +distinguished_name = req_distinguished_name + +[req_distinguished_name] +commonName = %s + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = %s +DNS.2 = %s +EOF +""" + +contents = template % (cls.replica, cls.replica, cls.master.hostname) +cls.master.run_command("cat < %s\n%s" % (cls.csr_conf, contents)) + +@classmethod +def install(cls, mh): +super(TestRulesWithServicePrincipals, cls).install(mh) +master = cls.master +tasks.kinit_admin(master) +cls.replica = "replica.%s" % master.domain.name +master.run_command(['ipa', 'host-add', cls.replica, '--force']) +cls.service_name = "svc/%s" % master.hostname +cls.replica_service_name = "svc/%s" % cls.replica +master.run_command("ipa service-add %s" % cls.service_name) +master.run_command("ipa service-add %s --force" % + cls.replica_service_name) +master.run_command("ipa service-add-host %s --hosts %s" % ( +cls.service_name, cls.replica)) +master.run_command("ipa caacl-add %s --desc \"test\"" % cls.caacl) +master.run_command("ipa caacl-add-host %s --hosts %s" % (cls.caacl, + cls.replica)) +master.run_command("ipa caacl-add-service %s --services" + " svc/`hostname`" % cls.caacl) +master.run_command("ipa-getkeytab -p host/%s@%s -k %s" % ( +cls.replica, master.domain.realm, cls.keytab)) +master.run_command("kinit -kt %s host/%s" % (cls.keytab, cls.replica)) + +# Prepare a CSR + +cls.prepare_config() +stdin_text = "qwerty\nqwerty\n%s\n" % cls.replica + +master.run_command(['openssl', 'req', '-config', cls.csr_conf, '-new', +'-out', cls.csr], stdin_text=stdin_text) + +def test_rules_with_service_principals(self): +result = self.master.run_command(['ipa', 'cert-request', self.csr, + '--principal', "svc/%s@%s" % ( + self.replica, + self.master.domain.realm), + '--profile-id', + self.service_certprofile], + raiseonerr=False) +assert(result.returncode == 0), ( +'Failed to add a cert to custom certprofile') + + class TestCertsInIDOverrides(IntegrationTest): topology = "line" service_certprofile = 'caIPAserviceCert' -- 1.8.3.1 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code