|
 |
7e1b55 |
From e5df4dc4884f1a66ccbca79b9a0d83874c996d1d Mon Sep 17 00:00:00 2001
|
|
|
7e1b55 |
From: Michal Polovka <mpolovka@redhat.com>
|
|
|
7e1b55 |
Date: Mon, 31 May 2021 14:43:28 +0200
|
|
|
7e1b55 |
Subject: [PATCH] ipatests: test_installation: move tracking_reqs dependency to
|
|
|
7e1b55 |
ipalib constants ipaserver: krainstance: utilize moved tracking_reqs
|
|
|
7e1b55 |
dependency
|
|
|
7e1b55 |
|
|
|
7e1b55 |
KRA instance import depends on lib389 package, which is not always
|
|
|
7e1b55 |
installed and that results in failure. Furthermore, test_installation
|
|
|
7e1b55 |
utilizes krainstance import. This fix moves relevant parts from
|
|
|
7e1b55 |
krainstance to ipalib constants where those are subsequently imported
|
|
|
7e1b55 |
from.
|
|
|
7e1b55 |
|
|
|
7e1b55 |
Related: https://pagure.io/freeipa/issue/8795
|
|
|
7e1b55 |
|
|
|
7e1b55 |
Signed-off-by: Michal Polovka <mpolovka@redhat.com>
|
|
|
7e1b55 |
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
|
|
|
7e1b55 |
Reviewed-By: Francois Cami <fcami@redhat.com>
|
|
|
7e1b55 |
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
|
|
|
7e1b55 |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
7e1b55 |
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
|
|
7e1b55 |
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
|
|
|
7e1b55 |
---
|
|
|
7e1b55 |
ipalib/constants.py | 8 ++++++++
|
|
|
7e1b55 |
ipaserver/install/krainstance.py | 7 ++-----
|
|
|
7e1b55 |
ipatests/test_integration/test_installation.py | 7 +++----
|
|
|
7e1b55 |
3 files changed, 13 insertions(+), 9 deletions(-)
|
|
|
7e1b55 |
|
|
|
7e1b55 |
diff --git a/ipalib/constants.py b/ipalib/constants.py
|
|
|
7e1b55 |
index bff899ba6..2aeafac7a 100644
|
|
|
7e1b55 |
--- a/ipalib/constants.py
|
|
|
7e1b55 |
+++ b/ipalib/constants.py
|
|
|
7e1b55 |
@@ -360,3 +360,11 @@ SUBID_RANGE_MAX = (2 ** 32) - (2 * SUBID_COUNT)
|
|
|
7e1b55 |
SUBID_RANGE_SIZE = SUBID_RANGE_MAX - SUBID_RANGE_START
|
|
|
7e1b55 |
# threshold before DNA plugin requests a new range
|
|
|
7e1b55 |
SUBID_DNA_THRESHOLD = 500
|
|
|
7e1b55 |
+
|
|
|
7e1b55 |
+# moved from ipaserver/install/krainstance.py::KRAInstance to avoid duplication
|
|
|
7e1b55 |
+# as per https://pagure.io/freeipa/issue/8795
|
|
|
7e1b55 |
+KRA_TRACKING_REQS = {
|
|
|
7e1b55 |
+ 'auditSigningCert cert-pki-kra': 'caAuditSigningCert',
|
|
|
7e1b55 |
+ 'transportCert cert-pki-kra': 'caTransportCert',
|
|
|
7e1b55 |
+ 'storageCert cert-pki-kra': 'caStorageCert',
|
|
|
7e1b55 |
+}
|
|
|
7e1b55 |
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
|
|
|
7e1b55 |
index e63db3fef..13cb2dcaa 100644
|
|
|
7e1b55 |
--- a/ipaserver/install/krainstance.py
|
|
|
7e1b55 |
+++ b/ipaserver/install/krainstance.py
|
|
|
7e1b55 |
@@ -27,6 +27,7 @@ import base64
|
|
|
7e1b55 |
|
|
|
7e1b55 |
from ipalib import api
|
|
|
7e1b55 |
from ipalib import x509
|
|
|
7e1b55 |
+from ipalib.constants import KRA_TRACKING_REQS
|
|
|
7e1b55 |
from ipaplatform.paths import paths
|
|
|
7e1b55 |
from ipapython import directivesetter
|
|
|
7e1b55 |
from ipapython import ipautil
|
|
|
7e1b55 |
@@ -64,11 +65,7 @@ class KRAInstance(DogtagInstance):
|
|
|
7e1b55 |
# Mapping of nicknames for tracking requests, and the profile to
|
|
|
7e1b55 |
# use for that certificate. 'configure_renewal()' reads this
|
|
|
7e1b55 |
# dict. The profile MUST be specified.
|
|
|
7e1b55 |
- tracking_reqs = {
|
|
|
7e1b55 |
- 'auditSigningCert cert-pki-kra': 'caAuditSigningCert',
|
|
|
7e1b55 |
- 'transportCert cert-pki-kra': 'caTransportCert',
|
|
|
7e1b55 |
- 'storageCert cert-pki-kra': 'caStorageCert',
|
|
|
7e1b55 |
- }
|
|
|
7e1b55 |
+ tracking_reqs = KRA_TRACKING_REQS
|
|
|
7e1b55 |
|
|
|
7e1b55 |
def __init__(self, realm):
|
|
|
7e1b55 |
super(KRAInstance, self).__init__(
|
|
|
7e1b55 |
diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py
|
|
|
7e1b55 |
index 0c96536f0..27f15dbe5 100644
|
|
|
7e1b55 |
--- a/ipatests/test_integration/test_installation.py
|
|
|
7e1b55 |
+++ b/ipatests/test_integration/test_installation.py
|
|
|
7e1b55 |
@@ -20,7 +20,7 @@ from cryptography.hazmat.primitives import hashes
|
|
|
7e1b55 |
from cryptography import x509 as crypto_x509
|
|
|
7e1b55 |
|
|
|
7e1b55 |
from ipalib import x509
|
|
|
7e1b55 |
-from ipalib.constants import DOMAIN_LEVEL_0
|
|
|
7e1b55 |
+from ipalib.constants import DOMAIN_LEVEL_0, KRA_TRACKING_REQS
|
|
|
7e1b55 |
from ipalib.constants import IPA_CA_RECORD
|
|
|
7e1b55 |
from ipalib.sysrestore import SYSRESTORE_STATEFILE, SYSRESTORE_INDEXFILE
|
|
|
7e1b55 |
from ipapython.dn import DN
|
|
|
7e1b55 |
@@ -34,7 +34,7 @@ from ipatests.pytest_ipa.integration.env_config import get_global_config
|
|
|
7e1b55 |
from ipatests.test_integration.base import IntegrationTest
|
|
|
7e1b55 |
from ipatests.test_integration.test_caless import CALessBase, ipa_certs_cleanup
|
|
|
7e1b55 |
from ipaplatform import services
|
|
|
7e1b55 |
-from ipaserver.install import krainstance
|
|
|
7e1b55 |
+
|
|
|
7e1b55 |
|
|
|
7e1b55 |
config = get_global_config()
|
|
|
7e1b55 |
|
|
|
7e1b55 |
@@ -1282,8 +1282,7 @@ class TestInstallMasterKRA(IntegrationTest):
|
|
|
7e1b55 |
"""
|
|
|
7e1b55 |
Test that the KRA subsystem certificates renew properly
|
|
|
7e1b55 |
"""
|
|
|
7e1b55 |
- kra = krainstance.KRAInstance(self.master.domain.realm)
|
|
|
7e1b55 |
- for nickname in kra.tracking_reqs:
|
|
|
7e1b55 |
+ for nickname in KRA_TRACKING_REQS:
|
|
|
7e1b55 |
cert = tasks.certutil_fetch_cert(
|
|
|
7e1b55 |
self.master,
|
|
|
7e1b55 |
paths.PKI_TOMCAT_ALIAS_DIR,
|
|
|
7e1b55 |
--
|
|
|
7e1b55 |
2.31.1
|
|
|
7e1b55 |
|