From f42a868f4be40f9f8e6c96a6100f15bd16ac1c3b Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Wed, 25 Nov 2020 10:00:39 +0100 Subject: [PATCH] ipatests: add test for PKI subsystem detection Add a new upgrade test. Scenario: - create an empty /var/lib/pki/pki-tomcat/kra directory - call ipa-server-upgrade With issue 8596, the upgrade fails because it assumes KRA is installed. With the fix, ipa-server-upgrade completes successfully. Related: https://pagure.io/freeipa/issue/8596 Reviewed-By: Alexander Bokovoy Reviewed-By: Rob Crittenden Reviewed-By: Alexander Bokovoy --- ipatests/pytest_ipa/integration/tasks.py | 12 +++++++++ ipatests/test_integration/test_upgrade.py | 31 +++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py index 26e03e90cb40519a209baf17c088c18af841e2df..6384f0bf29c30e1c5345beb6c7a4cb3029d922e2 100755 --- a/ipatests/pytest_ipa/integration/tasks.py +++ b/ipatests/pytest_ipa/integration/tasks.py @@ -1903,3 +1903,15 @@ def ldapmodify_dm(host, ldif_text, **kwargs): '-w', host.config.dirman_password ] return host.run_command(args, stdin_text=ldif_text, **kwargs) + + +def get_pki_version(host): + """Get pki version on remote host.""" + data = host.get_file_contents("/usr/share/pki/VERSION", encoding="utf-8") + + groups = re.match(r'.*\nSpecification-Version: ([\d+\.]*)\n.*', data) + if groups: + version_string = groups.groups(0)[0] + return parse_version(version_string) + else: + raise ValueError("get_pki_version: pki is not installed") diff --git a/ipatests/test_integration/test_upgrade.py b/ipatests/test_integration/test_upgrade.py index 5cc890e2e93b77a9259d72ad9d4961983942a7ce..c866b28dda6efdd10ccd1bee42253ccb6e1285be 100644 --- a/ipatests/test_integration/test_upgrade.py +++ b/ipatests/test_integration/test_upgrade.py @@ -5,9 +5,14 @@ """ Module provides tests to verify that the upgrade script works. """ +from __future__ import absolute_import import base64 +import os from cryptography.hazmat.primitives import serialization +import pytest + +from ipaplatform.paths import paths from ipapython.dn import DN from ipatests.test_integration.base import IntegrationTest from ipatests.pytest_ipa.integration import tasks @@ -58,3 +63,29 @@ class TestUpgrade(IntegrationTest): except ValueError: raise AssertionError('%s contains a double-encoded cert' % entry.dn) + + def test_kra_detection(self): + """Test that ipa-server-upgrade correctly detects KRA presence + + Test for https://pagure.io/freeipa/issue/8596 + When the directory /var/lib/pki/pki-tomcat/kra/ exists, the upgrade + wrongly assumes that KRA component is installed and crashes. + The test creates an empty dir and calls ipa-server-upgrade + to make sure that KRA detection is not based on the directory + presence. + """ + # Skip test if pki 10.10.0 is installed + # because of https://github.com/dogtagpki/pki/issues/3397 + # pki fails to start if empty dir /var/lib/pki/pki-tomcat/kra exists + if tasks.get_pki_version(self.master) \ + == tasks.parse_version('10.10.0'): + pytest.skip("Skip test with pki 10.10.0") + + kra_path = os.path.join(paths.VAR_LIB_PKI_TOMCAT_DIR, "kra") + try: + self.master.run_command(["mkdir", "-p", kra_path]) + result = self.master.run_command(['ipa-server-upgrade']) + err_msg = 'Upgrade failed with no such entry' + assert err_msg not in result.stderr_text + finally: + self.master.run_command(["rmdir", kra_path]) -- 2.26.2