From 107e20a158c867a52eadb0d65982ce2f7f3ce699 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fcami@redhat.com>

Date: Tue, 20 Nov 2018 17:05:30 +0100

Subject: [PATCH] Add a shared-vault-retrieve test

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Add a shared-vault-retrieve test when:

* master has KRA installed

* replica has no KRA

This currently fails because of issue#7691

Related-to: https://pagure.io/freeipa/issue/7691

Signed-off-by: François Cami <fcami@redhat.com>

Reviewed-By: Christian Heimes <cheimes@redhat.com>

---

 ipatests/test_integration/test_vault.py | 65 ++++++++++++++++++++++++-

 1 file changed, 64 insertions(+), 1 deletion(-)

diff --git a/ipatests/test_integration/test_vault.py b/ipatests/test_integration/test_vault.py

index 496ccb1bbdd06407e9b356ac210f639436312a22..c3465799ff933ae175684ade83b4bf276b921a96 100644

--- a/ipatests/test_integration/test_vault.py

+++ b/ipatests/test_integration/test_vault.py

@@ -20,14 +20,17 @@ class TestInstallKRA(IntegrationTest):

     vault_password = "password"

     vault_data = "SSBsb3ZlIENJIHRlc3RzCg=="

+    vault_user = "vault_user"

+    vault_user_password = "vault_user_password"

     vault_name_master = "ci_test_vault_master"

     vault_name_master2 = "ci_test_vault_master2"

     vault_name_master3 = "ci_test_vault_master3"

     vault_name_replica_without_KRA = "ci_test_vault_replica_without_kra"

+    shared_vault_name_replica_without_KRA = ("ci_test_shared"

+                                             "_vault_replica_without_kra")

     vault_name_replica_with_KRA = "ci_test_vault_replica_with_kra"

     vault_name_replica_KRA_uninstalled = "ci_test_vault_replica_KRA_uninstalled"

-

     @classmethod

     def install(cls, mh):

         tasks.install_master(cls.master, setup_kra=True)

@@ -89,6 +92,66 @@ class TestInstallKRA(IntegrationTest):

         self._retrieve_secret([self.vault_name_replica_without_KRA])

+    def test_create_and_retrieve_shared_vault_replica_without_kra(self):

+        # create vault

+        self.replicas[0].run_command([

+            "ipa", "vault-add",

+            self.shared_vault_name_replica_without_KRA,

+            "--shared",

+            "--type", "standard",

+        ])

+

+        # archive secret

+        self.replicas[0].run_command([

+            "ipa", "vault-archive",

+            self.shared_vault_name_replica_without_KRA,

+            "--shared",

+            "--data", self.vault_data,

+        ])

+        time.sleep(WAIT_AFTER_ARCHIVE)

+

+        # add non-admin user

+        self.replicas[0].run_command([

+            'ipa', 'user-add', self.vault_user,

+            '--first', self.vault_user,

+            '--last', self.vault_user,

+            '--password'],

+            stdin_text=self.vault_user_password)

+

+        # add it to vault

+        self.replicas[0].run_command([

+            "ipa", "vault-add-member",

+            self.shared_vault_name_replica_without_KRA,

+            "--shared",

+            "--users", self.vault_user,

+        ])

+

+        self.replicas[0].run_command([

+            'kdestroy', '-A'])

+

+        user_kinit = "%s\n%s\n%s\n" % (self.vault_user_password,

+                                       self.vault_user_password,

+                                       self.vault_user_password)

+

+        self.replicas[0].run_command([

+            'kinit', self.vault_user],

+            stdin_text=user_kinit)

+

+        # TODO: possibly refactor with:

+        # self._retrieve_secret([self.vault_name_replica_without_KRA])

+

+        self.replicas[0].run_command([

+            "ipa", "vault-retrieve",

+            "--shared",

+            self.shared_vault_name_replica_without_KRA,

+            "--out=test.txt"])

+

+        self.replicas[0].run_command([

+            'kdestroy', '-A'])

+

+        tasks.kinit_admin(self.replicas[0])

+

+

     def test_create_and_retrieve_vault_replica_with_kra(self):

         # install KRA on replica

-- 

2.17.2