From bfe074ed478c20a9537dc2a714bba50dbc2cd34f Mon Sep 17 00:00:00 2001
From: Sumedh Sidhaye <ssidhaye@redhat.com>
Date: Fri, 5 Aug 2022 11:22:59 +0530
Subject: [PATCH] Additional tests for RSN v3
New Tests include
TestRSNPKIConfig
TestRSNVault
The new tests are just extending existing classes to be run
with random serial numbers enabled
The tests also include a new method to check params set in CS.cfg for both CA and
KRA, and another test to check Random Serial Number version while
running `ipa ca-find`
Added nightly definitions
Related Ticket: https://pagure.io/freeipa/issue/2016
Signed-off-by: Sumedh Sidhaye <ssidhaye@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
---
.../nightly_ipa-4-10_latest.yaml | 24 +++++++++
.../nightly_ipa-4-10_latest_selinux.yaml | 26 ++++++++++
.../nightly_ipa-4-10_previous.yaml | 24 +++++++++
.../test_random_serial_numbers.py | 51 ++++++++++++++++++-
ipatests/test_integration/test_vault.py | 4 +-
5 files changed, 127 insertions(+), 2 deletions(-)
diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml
index 027b2a5b6c0b7ec3c3b5784ec4569661a06d4ed7..547320d258f51132266b56e9193533d2291c623c 100644
--- a/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml
+++ b/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml
@@ -1821,3 +1821,27 @@ jobs:
template: *ci-ipa-4-10-latest
timeout: 5400
topology: *master_1repl
+
+ fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNPKIConfig:
+ requires: [fedora-latest-ipa-4-10/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-latest-ipa-4-10/build_url}'
+ test_suite: test_integration/test_random_serial_numbers.py::TestRSNPKIConfig
+ template: *ci-ipa-4-10-latest
+ timeout: 10800
+ topology: *master_3repl_1client
+
+ fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNVault:
+ requires: [fedora-latest-ipa-4-10/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-latest-ipa-4-10/build_url}'
+ test_suite: test_integration/test_random_serial_numbers.py::TestRSNVault
+ template: *ci-ipa-4-10-latest
+ timeout: 10800
+ topology: *master_1repl
\ No newline at end of file
diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml
index bcc17bef935666735bfb2c2e51209362a374b511..f6e5f1cff22de9db4df4577d1cd615499cf0fab3 100644
--- a/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml
+++ b/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml
@@ -1966,3 +1966,29 @@ jobs:
template: *ci-ipa-4-10-latest
timeout: 5400
topology: *master_1repl
+
+ fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNPKIConfig:
+ requires: [fedora-latest-ipa-4-10/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-latest-ipa-4-10/build_url}'
+ selinux_enforcing: True
+ test_suite: test_integration/test_random_serial_numbers.py::TestRSNPKIConfig
+ template: *ci-ipa-4-10-latest
+ timeout: 10800
+ topology: *master_3repl_1client
+
+ fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNVault:
+ requires: [fedora-latest-ipa-4-10/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-latest-ipa-4-10/build_url}'
+ selinux_enforcing: True
+ test_suite: test_integration/test_random_serial_numbers.py::TestRSNVault
+ template: *ci-ipa-4-10-latest
+ timeout: 10800
+ topology: *master_1repl
diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml
index 37d38762e696a6394ef146a0e2b68bbc8ced515d..463f4b92fecc7fbc0be969de422352fb7baeb797 100644
--- a/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml
+++ b/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml
@@ -1821,3 +1821,27 @@ jobs:
template: *ci-ipa-4-10-previous
timeout: 5400
topology: *master_1repl
+
+ fedora-previous-ipa-4-10/test_random_serial_numbers_TestRSNPKIConfig:
+ requires: [fedora-previous-ipa-4-10/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-previous-ipa-4-10/build_url}'
+ test_suite: test_integration/test_random_serial_numbers.py::TestRSNPKIConfig
+ template: *ci-ipa-4-10-previous
+ timeout: 10800
+ topology: *master_3repl_1client
+
+ fedora-previous-ipa-4-10/test_random_serial_numbers_TestRSNVault:
+ requires: [fedora-previous-ipa-4-10/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-previous-ipa-4-10/build_url}'
+ test_suite: test_integration/test_random_serial_numbers.py::TestRSNVault
+ template: *ci-ipa-4-10-previous
+ timeout: 10800
+ topology: *master_1repl
diff --git a/ipatests/test_integration/test_random_serial_numbers.py b/ipatests/test_integration/test_random_serial_numbers.py
index c52cfa4ed50e2718791b0844d743fb240d26b365..ab58b1c622b010994ed93a17dd80cfd02095508d 100644
--- a/ipatests/test_integration/test_random_serial_numbers.py
+++ b/ipatests/test_integration/test_random_serial_numbers.py
@@ -4,12 +4,15 @@
import pytest
+from ipaplatform.paths import paths
+
+from ipatests.pytest_ipa.integration import tasks
from ipatests.test_integration.test_installation import (
TestInstallWithCA_DNS1,
TestInstallWithCA_KRA1,
)
from ipatests.test_integration.test_caless import TestServerCALessToExternalCA
-
+from ipatests.test_integration.test_vault import TestInstallKRA
from ipatests.test_integration.test_commands import TestIPACommand
@@ -26,6 +29,18 @@ def pki_supports_RSNv3(host):
return False
+def check_pki_config_params(host):
+ # Check CS.cfg
+ try:
+ cs_cfg = host.get_file_contents(paths.CA_CS_CFG_PATH)
+ kra_cfg = host.get_file_contents(paths.KRA_CS_CFG_PATH)
+ assert "dbs.cert.id.generator=random".encode() in cs_cfg
+ assert "dbs.request.id.generator=random".encode() in cs_cfg
+ assert "dbs.key.id.generator=random".encode() in kra_cfg
+ except IOError:
+ pytest.skip("PKI config not present.Skipping test")
+
+
class TestInstallWithCA_DNS1_RSN(TestInstallWithCA_DNS1):
random_serial = True
@@ -70,3 +85,37 @@ class TestServerCALessToExternalCA_RSN(TestServerCALessToExternalCA):
if not pki_supports_RSNv3(mh.master):
raise pytest.skip("RSNv3 not supported")
super(TestServerCALessToExternalCA_RSN, cls).uninstall(mh)
+
+
+class TestRSNPKIConfig(TestInstallWithCA_KRA1):
+ random_serial = True
+ num_replicas = 3
+
+ @classmethod
+ def install(cls, mh):
+ if not pki_supports_RSNv3(mh.master):
+ raise pytest.skip("RSNv3 not supported")
+ super(TestRSNPKIConfig, cls).install(mh)
+
+ def test_check_pki_config(self):
+ check_pki_config_params(self.master)
+ check_pki_config_params(self.replicas[0])
+ check_pki_config_params(self.replicas[1])
+
+ def test_check_rsn_version(self):
+ tasks.kinit_admin(self.master)
+ res = self.master.run_command(['ipa', 'ca-find'])
+ assert 'RSN Version: 3' in res.stdout_text
+ tasks.kinit_admin(self.replicas[0])
+ res = self.replicas[0].run_command(['ipa', 'ca-find'])
+ assert 'RSN Version: 3' in res.stdout_text
+
+
+class TestRSNVault(TestInstallKRA):
+ random_serial = True
+
+ @classmethod
+ def install(cls, mh):
+ if not pki_supports_RSNv3(mh.master):
+ raise pytest.skip("RSNv3 not supported")
+ super(TestRSNVault, cls).install(mh)
diff --git a/ipatests/test_integration/test_vault.py b/ipatests/test_integration/test_vault.py
index 548822d049070d6f9d42da772264eb24010fafda..6288e557f96cae60d031b44c49fbe830712eb7be 100644
--- a/ipatests/test_integration/test_vault.py
+++ b/ipatests/test_integration/test_vault.py
@@ -33,7 +33,9 @@ class TestInstallKRA(IntegrationTest):
@classmethod
def install(cls, mh):
- tasks.install_master(cls.master, setup_kra=True)
+ tasks.install_master(cls.master,
+ setup_kra=True,
+ random_serial=cls.random_serial)
# do not install KRA on replica, it is part of test
tasks.install_replica(cls.master, cls.replicas[0], setup_kra=False)
--
2.37.2