From bfe074ed478c20a9537dc2a714bba50dbc2cd34f Mon Sep 17 00:00:00 2001

From: Sumedh Sidhaye <ssidhaye@redhat.com>

Date: Fri, 5 Aug 2022 11:22:59 +0530

Subject: [PATCH] Additional tests for RSN v3

New Tests include

TestRSNPKIConfig

TestRSNVault

The new tests are just extending existing classes to be run

with random serial numbers enabled

The tests also include a new method to check params set in CS.cfg for both CA and

KRA, and another test to check Random Serial Number version while

running `ipa ca-find`

Added nightly definitions

Related Ticket: https://pagure.io/freeipa/issue/2016

Signed-off-by: Sumedh Sidhaye <ssidhaye@redhat.com>

Reviewed-By: Rob Crittenden <rcritten@redhat.com>

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>

---

 .../nightly_ipa-4-10_latest.yaml              | 24 +++++++++

 .../nightly_ipa-4-10_latest_selinux.yaml      | 26 ++++++++++

 .../nightly_ipa-4-10_previous.yaml            | 24 +++++++++

 .../test_random_serial_numbers.py             | 51 ++++++++++++++++++-

 ipatests/test_integration/test_vault.py       |  4 +-

 5 files changed, 127 insertions(+), 2 deletions(-)

diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml

index 027b2a5b6c0b7ec3c3b5784ec4569661a06d4ed7..547320d258f51132266b56e9193533d2291c623c 100644

--- a/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml

+++ b/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml

@@ -1821,3 +1821,27 @@ jobs:

         template: *ci-ipa-4-10-latest

         timeout: 5400

         topology: *master_1repl

+

+  fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNPKIConfig:

+    requires: [fedora-latest-ipa-4-10/build]

+    priority: 50

+    job:

+      class: RunPytest

+      args:

+        build_url: '{fedora-latest-ipa-4-10/build_url}'

+        test_suite: test_integration/test_random_serial_numbers.py::TestRSNPKIConfig

+        template: *ci-ipa-4-10-latest

+        timeout: 10800

+        topology: *master_3repl_1client

+

+  fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNVault:

+    requires: [fedora-latest-ipa-4-10/build]

+    priority: 50

+    job:

+      class: RunPytest

+      args:

+        build_url: '{fedora-latest-ipa-4-10/build_url}'

+        test_suite: test_integration/test_random_serial_numbers.py::TestRSNVault

+        template: *ci-ipa-4-10-latest

+        timeout: 10800

+        topology: *master_1repl

\ No newline at end of file

diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml

index bcc17bef935666735bfb2c2e51209362a374b511..f6e5f1cff22de9db4df4577d1cd615499cf0fab3 100644

--- a/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml

+++ b/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml

@@ -1966,3 +1966,29 @@ jobs:

         template: *ci-ipa-4-10-latest

         timeout: 5400

         topology: *master_1repl

+

+  fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNPKIConfig:

+    requires: [fedora-latest-ipa-4-10/build]

+    priority: 50

+    job:

+      class: RunPytest

+      args:

+        build_url: '{fedora-latest-ipa-4-10/build_url}'

+        selinux_enforcing: True

+        test_suite: test_integration/test_random_serial_numbers.py::TestRSNPKIConfig

+        template: *ci-ipa-4-10-latest

+        timeout: 10800

+        topology: *master_3repl_1client

+

+  fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNVault:

+    requires: [fedora-latest-ipa-4-10/build]

+    priority: 50

+    job:

+      class: RunPytest

+      args:

+        build_url: '{fedora-latest-ipa-4-10/build_url}'

+        selinux_enforcing: True

+        test_suite: test_integration/test_random_serial_numbers.py::TestRSNVault

+        template: *ci-ipa-4-10-latest

+        timeout: 10800

+        topology: *master_1repl

diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml

index 37d38762e696a6394ef146a0e2b68bbc8ced515d..463f4b92fecc7fbc0be969de422352fb7baeb797 100644

--- a/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml

+++ b/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml

@@ -1821,3 +1821,27 @@ jobs:

         template: *ci-ipa-4-10-previous

         timeout: 5400

         topology: *master_1repl

+

+  fedora-previous-ipa-4-10/test_random_serial_numbers_TestRSNPKIConfig:

+    requires: [fedora-previous-ipa-4-10/build]

+    priority: 50

+    job:

+      class: RunPytest

+      args:

+        build_url: '{fedora-previous-ipa-4-10/build_url}'

+        test_suite: test_integration/test_random_serial_numbers.py::TestRSNPKIConfig

+        template: *ci-ipa-4-10-previous

+        timeout: 10800

+        topology: *master_3repl_1client

+

+  fedora-previous-ipa-4-10/test_random_serial_numbers_TestRSNVault:

+    requires: [fedora-previous-ipa-4-10/build]

+    priority: 50

+    job:

+      class: RunPytest

+      args:

+        build_url: '{fedora-previous-ipa-4-10/build_url}'

+        test_suite: test_integration/test_random_serial_numbers.py::TestRSNVault

+        template: *ci-ipa-4-10-previous

+        timeout: 10800

+        topology: *master_1repl

diff --git a/ipatests/test_integration/test_random_serial_numbers.py b/ipatests/test_integration/test_random_serial_numbers.py

index c52cfa4ed50e2718791b0844d743fb240d26b365..ab58b1c622b010994ed93a17dd80cfd02095508d 100644

--- a/ipatests/test_integration/test_random_serial_numbers.py

+++ b/ipatests/test_integration/test_random_serial_numbers.py

@@ -4,12 +4,15 @@

 import pytest

+from ipaplatform.paths import paths

+

+from ipatests.pytest_ipa.integration import tasks

 from ipatests.test_integration.test_installation import (

     TestInstallWithCA_DNS1,

     TestInstallWithCA_KRA1,

 )

 from ipatests.test_integration.test_caless import TestServerCALessToExternalCA

-

+from ipatests.test_integration.test_vault import TestInstallKRA

 from ipatests.test_integration.test_commands import TestIPACommand

@@ -26,6 +29,18 @@ def pki_supports_RSNv3(host):

     return False

+def check_pki_config_params(host):

+    # Check CS.cfg

+    try:

+        cs_cfg = host.get_file_contents(paths.CA_CS_CFG_PATH)

+        kra_cfg = host.get_file_contents(paths.KRA_CS_CFG_PATH)

+        assert "dbs.cert.id.generator=random".encode() in cs_cfg

+        assert "dbs.request.id.generator=random".encode() in cs_cfg

+        assert "dbs.key.id.generator=random".encode() in kra_cfg

+    except IOError:

+        pytest.skip("PKI config not present.Skipping test")

+

+

 class TestInstallWithCA_DNS1_RSN(TestInstallWithCA_DNS1):

     random_serial = True

@@ -70,3 +85,37 @@ class TestServerCALessToExternalCA_RSN(TestServerCALessToExternalCA):

         if not pki_supports_RSNv3(mh.master):

             raise pytest.skip("RSNv3 not supported")

         super(TestServerCALessToExternalCA_RSN, cls).uninstall(mh)

+

+

+class TestRSNPKIConfig(TestInstallWithCA_KRA1):

+    random_serial = True

+    num_replicas = 3

+

+    @classmethod

+    def install(cls, mh):

+        if not pki_supports_RSNv3(mh.master):

+            raise pytest.skip("RSNv3 not supported")

+        super(TestRSNPKIConfig, cls).install(mh)

+

+    def test_check_pki_config(self):

+        check_pki_config_params(self.master)

+        check_pki_config_params(self.replicas[0])

+        check_pki_config_params(self.replicas[1])

+

+    def test_check_rsn_version(self):

+        tasks.kinit_admin(self.master)

+        res = self.master.run_command(['ipa', 'ca-find'])

+        assert 'RSN Version: 3' in res.stdout_text

+        tasks.kinit_admin(self.replicas[0])

+        res = self.replicas[0].run_command(['ipa', 'ca-find'])

+        assert 'RSN Version: 3' in res.stdout_text

+

+

+class TestRSNVault(TestInstallKRA):

+    random_serial = True

+

+    @classmethod

+    def install(cls, mh):

+        if not pki_supports_RSNv3(mh.master):

+            raise pytest.skip("RSNv3 not supported")

+        super(TestRSNVault, cls).install(mh)

diff --git a/ipatests/test_integration/test_vault.py b/ipatests/test_integration/test_vault.py

index 548822d049070d6f9d42da772264eb24010fafda..6288e557f96cae60d031b44c49fbe830712eb7be 100644

--- a/ipatests/test_integration/test_vault.py

+++ b/ipatests/test_integration/test_vault.py

@@ -33,7 +33,9 @@ class TestInstallKRA(IntegrationTest):

     @classmethod

     def install(cls, mh):

-        tasks.install_master(cls.master, setup_kra=True)

+        tasks.install_master(cls.master,

+                             setup_kra=True,

+                             random_serial=cls.random_serial)

         # do not install KRA on replica, it is part of test

         tasks.install_replica(cls.master, cls.replicas[0], setup_kra=False)

-- 

2.37.2