From f42a868f4be40f9f8e6c96a6100f15bd16ac1c3b Mon Sep 17 00:00:00 2001

From: Florence Blanc-Renaud <flo@redhat.com>

Date: Wed, 25 Nov 2020 10:00:39 +0100

Subject: [PATCH] ipatests: add test for PKI subsystem detection

Add a new upgrade test. Scenario:

- create an empty /var/lib/pki/pki-tomcat/kra directory

- call ipa-server-upgrade

With issue 8596, the upgrade fails because it assumes KRA is

installed. With the fix, ipa-server-upgrade completes successfully.

Related: https://pagure.io/freeipa/issue/8596

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

Reviewed-By: Rob Crittenden <rcritten@redhat.com>

Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>

---

 ipatests/pytest_ipa/integration/tasks.py  | 12 +++++++++

 ipatests/test_integration/test_upgrade.py | 31 +++++++++++++++++++++++

 2 files changed, 43 insertions(+)

diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py

index 26e03e90cb40519a209baf17c088c18af841e2df..6384f0bf29c30e1c5345beb6c7a4cb3029d922e2 100755

--- a/ipatests/pytest_ipa/integration/tasks.py

+++ b/ipatests/pytest_ipa/integration/tasks.py

@@ -1903,3 +1903,15 @@ def ldapmodify_dm(host, ldif_text, **kwargs):

         '-w', host.config.dirman_password

     ]

     return host.run_command(args, stdin_text=ldif_text, **kwargs)

+

+

+def get_pki_version(host):

+    """Get pki version on remote host."""

+    data = host.get_file_contents("/usr/share/pki/VERSION", encoding="utf-8")

+

+    groups = re.match(r'.*\nSpecification-Version: ([\d+\.]*)\n.*', data)

+    if groups:

+        version_string = groups.groups(0)[0]

+        return parse_version(version_string)

+    else:

+        raise ValueError("get_pki_version: pki is not installed")

diff --git a/ipatests/test_integration/test_upgrade.py b/ipatests/test_integration/test_upgrade.py

index 5cc890e2e93b77a9259d72ad9d4961983942a7ce..c866b28dda6efdd10ccd1bee42253ccb6e1285be 100644

--- a/ipatests/test_integration/test_upgrade.py

+++ b/ipatests/test_integration/test_upgrade.py

@@ -5,9 +5,14 @@

 """

 Module provides tests to verify that the upgrade script works.

 """

+from __future__ import absolute_import

 import base64

+import os

 from cryptography.hazmat.primitives import serialization

+import pytest

+

+from ipaplatform.paths import paths

 from ipapython.dn import DN

 from ipatests.test_integration.base import IntegrationTest

 from ipatests.pytest_ipa.integration import tasks

@@ -58,3 +63,29 @@ class TestUpgrade(IntegrationTest):

         except ValueError:

             raise AssertionError('%s contains a double-encoded cert'

                                  % entry.dn)

+

+    def test_kra_detection(self):

+        """Test that ipa-server-upgrade correctly detects KRA presence

+

+        Test for https://pagure.io/freeipa/issue/8596

+        When the directory /var/lib/pki/pki-tomcat/kra/ exists, the upgrade

+        wrongly assumes that KRA component is installed and crashes.

+        The test creates an empty dir and calls ipa-server-upgrade

+        to make sure that KRA detection is not based on the directory

+        presence.

+        """

+        # Skip test if pki 10.10.0 is installed

+        # because of https://github.com/dogtagpki/pki/issues/3397

+        # pki fails to start if empty dir /var/lib/pki/pki-tomcat/kra exists

+        if tasks.get_pki_version(self.master) \

+           == tasks.parse_version('10.10.0'):

+            pytest.skip("Skip test with pki 10.10.0")

+

+        kra_path = os.path.join(paths.VAR_LIB_PKI_TOMCAT_DIR, "kra")

+        try:

+            self.master.run_command(["mkdir", "-p", kra_path])

+            result = self.master.run_command(['ipa-server-upgrade'])

+            err_msg = 'Upgrade failed with no such entry'

+            assert err_msg not in result.stderr_text

+        finally:

+            self.master.run_command(["rmdir", kra_path])

-- 

2.26.2