8e1ca3
From bfe074ed478c20a9537dc2a714bba50dbc2cd34f Mon Sep 17 00:00:00 2001
8e1ca3
From: Sumedh Sidhaye <ssidhaye@redhat.com>
8e1ca3
Date: Fri, 5 Aug 2022 11:22:59 +0530
8e1ca3
Subject: [PATCH] Additional tests for RSN v3
8e1ca3
8e1ca3
New Tests include
8e1ca3
TestRSNPKIConfig
8e1ca3
TestRSNVault
8e1ca3
8e1ca3
The new tests are just extending existing classes to be run
8e1ca3
with random serial numbers enabled
8e1ca3
8e1ca3
The tests also include a new method to check params set in CS.cfg for both CA and
8e1ca3
KRA, and another test to check Random Serial Number version while
8e1ca3
running `ipa ca-find`
8e1ca3
8e1ca3
Added nightly definitions
8e1ca3
8e1ca3
Related Ticket: https://pagure.io/freeipa/issue/2016
8e1ca3
8e1ca3
Signed-off-by: Sumedh Sidhaye <ssidhaye@redhat.com>
8e1ca3
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
8e1ca3
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
8e1ca3
---
8e1ca3
 .../nightly_ipa-4-10_latest.yaml              | 24 +++++++++
8e1ca3
 .../nightly_ipa-4-10_latest_selinux.yaml      | 26 ++++++++++
8e1ca3
 .../nightly_ipa-4-10_previous.yaml            | 24 +++++++++
8e1ca3
 .../test_random_serial_numbers.py             | 51 ++++++++++++++++++-
8e1ca3
 ipatests/test_integration/test_vault.py       |  4 +-
8e1ca3
 5 files changed, 127 insertions(+), 2 deletions(-)
8e1ca3
8e1ca3
diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml
8e1ca3
index 027b2a5b6c0b7ec3c3b5784ec4569661a06d4ed7..547320d258f51132266b56e9193533d2291c623c 100644
8e1ca3
--- a/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml
8e1ca3
+++ b/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml
8e1ca3
@@ -1821,3 +1821,27 @@ jobs:
8e1ca3
         template: *ci-ipa-4-10-latest
8e1ca3
         timeout: 5400
8e1ca3
         topology: *master_1repl
8e1ca3
+
8e1ca3
+  fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNPKIConfig:
8e1ca3
+    requires: [fedora-latest-ipa-4-10/build]
8e1ca3
+    priority: 50
8e1ca3
+    job:
8e1ca3
+      class: RunPytest
8e1ca3
+      args:
8e1ca3
+        build_url: '{fedora-latest-ipa-4-10/build_url}'
8e1ca3
+        test_suite: test_integration/test_random_serial_numbers.py::TestRSNPKIConfig
8e1ca3
+        template: *ci-ipa-4-10-latest
8e1ca3
+        timeout: 10800
8e1ca3
+        topology: *master_3repl_1client
8e1ca3
+
8e1ca3
+  fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNVault:
8e1ca3
+    requires: [fedora-latest-ipa-4-10/build]
8e1ca3
+    priority: 50
8e1ca3
+    job:
8e1ca3
+      class: RunPytest
8e1ca3
+      args:
8e1ca3
+        build_url: '{fedora-latest-ipa-4-10/build_url}'
8e1ca3
+        test_suite: test_integration/test_random_serial_numbers.py::TestRSNVault
8e1ca3
+        template: *ci-ipa-4-10-latest
8e1ca3
+        timeout: 10800
8e1ca3
+        topology: *master_1repl
8e1ca3
\ No newline at end of file
8e1ca3
diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml
8e1ca3
index bcc17bef935666735bfb2c2e51209362a374b511..f6e5f1cff22de9db4df4577d1cd615499cf0fab3 100644
8e1ca3
--- a/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml
8e1ca3
+++ b/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml
8e1ca3
@@ -1966,3 +1966,29 @@ jobs:
8e1ca3
         template: *ci-ipa-4-10-latest
8e1ca3
         timeout: 5400
8e1ca3
         topology: *master_1repl
8e1ca3
+
8e1ca3
+  fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNPKIConfig:
8e1ca3
+    requires: [fedora-latest-ipa-4-10/build]
8e1ca3
+    priority: 50
8e1ca3
+    job:
8e1ca3
+      class: RunPytest
8e1ca3
+      args:
8e1ca3
+        build_url: '{fedora-latest-ipa-4-10/build_url}'
8e1ca3
+        selinux_enforcing: True
8e1ca3
+        test_suite: test_integration/test_random_serial_numbers.py::TestRSNPKIConfig
8e1ca3
+        template: *ci-ipa-4-10-latest
8e1ca3
+        timeout: 10800
8e1ca3
+        topology: *master_3repl_1client
8e1ca3
+
8e1ca3
+  fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNVault:
8e1ca3
+    requires: [fedora-latest-ipa-4-10/build]
8e1ca3
+    priority: 50
8e1ca3
+    job:
8e1ca3
+      class: RunPytest
8e1ca3
+      args:
8e1ca3
+        build_url: '{fedora-latest-ipa-4-10/build_url}'
8e1ca3
+        selinux_enforcing: True
8e1ca3
+        test_suite: test_integration/test_random_serial_numbers.py::TestRSNVault
8e1ca3
+        template: *ci-ipa-4-10-latest
8e1ca3
+        timeout: 10800
8e1ca3
+        topology: *master_1repl
8e1ca3
diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml
8e1ca3
index 37d38762e696a6394ef146a0e2b68bbc8ced515d..463f4b92fecc7fbc0be969de422352fb7baeb797 100644
8e1ca3
--- a/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml
8e1ca3
+++ b/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml
8e1ca3
@@ -1821,3 +1821,27 @@ jobs:
8e1ca3
         template: *ci-ipa-4-10-previous
8e1ca3
         timeout: 5400
8e1ca3
         topology: *master_1repl
8e1ca3
+
8e1ca3
+  fedora-previous-ipa-4-10/test_random_serial_numbers_TestRSNPKIConfig:
8e1ca3
+    requires: [fedora-previous-ipa-4-10/build]
8e1ca3
+    priority: 50
8e1ca3
+    job:
8e1ca3
+      class: RunPytest
8e1ca3
+      args:
8e1ca3
+        build_url: '{fedora-previous-ipa-4-10/build_url}'
8e1ca3
+        test_suite: test_integration/test_random_serial_numbers.py::TestRSNPKIConfig
8e1ca3
+        template: *ci-ipa-4-10-previous
8e1ca3
+        timeout: 10800
8e1ca3
+        topology: *master_3repl_1client
8e1ca3
+
8e1ca3
+  fedora-previous-ipa-4-10/test_random_serial_numbers_TestRSNVault:
8e1ca3
+    requires: [fedora-previous-ipa-4-10/build]
8e1ca3
+    priority: 50
8e1ca3
+    job:
8e1ca3
+      class: RunPytest
8e1ca3
+      args:
8e1ca3
+        build_url: '{fedora-previous-ipa-4-10/build_url}'
8e1ca3
+        test_suite: test_integration/test_random_serial_numbers.py::TestRSNVault
8e1ca3
+        template: *ci-ipa-4-10-previous
8e1ca3
+        timeout: 10800
8e1ca3
+        topology: *master_1repl
8e1ca3
diff --git a/ipatests/test_integration/test_random_serial_numbers.py b/ipatests/test_integration/test_random_serial_numbers.py
8e1ca3
index c52cfa4ed50e2718791b0844d743fb240d26b365..ab58b1c622b010994ed93a17dd80cfd02095508d 100644
8e1ca3
--- a/ipatests/test_integration/test_random_serial_numbers.py
8e1ca3
+++ b/ipatests/test_integration/test_random_serial_numbers.py
8e1ca3
@@ -4,12 +4,15 @@
8e1ca3
 
8e1ca3
 import pytest
8e1ca3
 
8e1ca3
+from ipaplatform.paths import paths
8e1ca3
+
8e1ca3
+from ipatests.pytest_ipa.integration import tasks
8e1ca3
 from ipatests.test_integration.test_installation import (
8e1ca3
     TestInstallWithCA_DNS1,
8e1ca3
     TestInstallWithCA_KRA1,
8e1ca3
 )
8e1ca3
 from ipatests.test_integration.test_caless import TestServerCALessToExternalCA
8e1ca3
-
8e1ca3
+from ipatests.test_integration.test_vault import TestInstallKRA
8e1ca3
 from ipatests.test_integration.test_commands import TestIPACommand
8e1ca3
 
8e1ca3
 
8e1ca3
@@ -26,6 +29,18 @@ def pki_supports_RSNv3(host):
8e1ca3
     return False
8e1ca3
 
8e1ca3
 
8e1ca3
+def check_pki_config_params(host):
8e1ca3
+    # Check CS.cfg
8e1ca3
+    try:
8e1ca3
+        cs_cfg = host.get_file_contents(paths.CA_CS_CFG_PATH)
8e1ca3
+        kra_cfg = host.get_file_contents(paths.KRA_CS_CFG_PATH)
8e1ca3
+        assert "dbs.cert.id.generator=random".encode() in cs_cfg
8e1ca3
+        assert "dbs.request.id.generator=random".encode() in cs_cfg
8e1ca3
+        assert "dbs.key.id.generator=random".encode() in kra_cfg
8e1ca3
+    except IOError:
8e1ca3
+        pytest.skip("PKI config not present.Skipping test")
8e1ca3
+
8e1ca3
+
8e1ca3
 class TestInstallWithCA_DNS1_RSN(TestInstallWithCA_DNS1):
8e1ca3
     random_serial = True
8e1ca3
 
8e1ca3
@@ -70,3 +85,37 @@ class TestServerCALessToExternalCA_RSN(TestServerCALessToExternalCA):
8e1ca3
         if not pki_supports_RSNv3(mh.master):
8e1ca3
             raise pytest.skip("RSNv3 not supported")
8e1ca3
         super(TestServerCALessToExternalCA_RSN, cls).uninstall(mh)
8e1ca3
+
8e1ca3
+
8e1ca3
+class TestRSNPKIConfig(TestInstallWithCA_KRA1):
8e1ca3
+    random_serial = True
8e1ca3
+    num_replicas = 3
8e1ca3
+
8e1ca3
+    @classmethod
8e1ca3
+    def install(cls, mh):
8e1ca3
+        if not pki_supports_RSNv3(mh.master):
8e1ca3
+            raise pytest.skip("RSNv3 not supported")
8e1ca3
+        super(TestRSNPKIConfig, cls).install(mh)
8e1ca3
+
8e1ca3
+    def test_check_pki_config(self):
8e1ca3
+        check_pki_config_params(self.master)
8e1ca3
+        check_pki_config_params(self.replicas[0])
8e1ca3
+        check_pki_config_params(self.replicas[1])
8e1ca3
+
8e1ca3
+    def test_check_rsn_version(self):
8e1ca3
+        tasks.kinit_admin(self.master)
8e1ca3
+        res = self.master.run_command(['ipa', 'ca-find'])
8e1ca3
+        assert 'RSN Version: 3' in res.stdout_text
8e1ca3
+        tasks.kinit_admin(self.replicas[0])
8e1ca3
+        res = self.replicas[0].run_command(['ipa', 'ca-find'])
8e1ca3
+        assert 'RSN Version: 3' in res.stdout_text
8e1ca3
+
8e1ca3
+
8e1ca3
+class TestRSNVault(TestInstallKRA):
8e1ca3
+    random_serial = True
8e1ca3
+
8e1ca3
+    @classmethod
8e1ca3
+    def install(cls, mh):
8e1ca3
+        if not pki_supports_RSNv3(mh.master):
8e1ca3
+            raise pytest.skip("RSNv3 not supported")
8e1ca3
+        super(TestRSNVault, cls).install(mh)
8e1ca3
diff --git a/ipatests/test_integration/test_vault.py b/ipatests/test_integration/test_vault.py
8e1ca3
index 548822d049070d6f9d42da772264eb24010fafda..6288e557f96cae60d031b44c49fbe830712eb7be 100644
8e1ca3
--- a/ipatests/test_integration/test_vault.py
8e1ca3
+++ b/ipatests/test_integration/test_vault.py
8e1ca3
@@ -33,7 +33,9 @@ class TestInstallKRA(IntegrationTest):
8e1ca3
 
8e1ca3
     @classmethod
8e1ca3
     def install(cls, mh):
8e1ca3
-        tasks.install_master(cls.master, setup_kra=True)
8e1ca3
+        tasks.install_master(cls.master,
8e1ca3
+                             setup_kra=True,
8e1ca3
+                             random_serial=cls.random_serial)
8e1ca3
         # do not install KRA on replica, it is part of test
8e1ca3
         tasks.install_replica(cls.master, cls.replicas[0], setup_kra=False)
8e1ca3
 
8e1ca3
-- 
8e1ca3
2.37.2
8e1ca3