ipa/0007-ipatests-add-test-for-PKINIT-renewal-on-hidden-repli.patch

From 467ec04f93a29fd31ba037cef348c09547541fe7 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Mon, 24 Jun 2024 09:18:54 +0200
Subject: [PATCH] ipatests: add test for PKINIT renewal on hidden replica

Test scenario: on a hidden replica, force the renewal of
PKINIT cert by calling getcert resubmit.

Related: https://pagure.io/freeipa/issue/9611
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
 .../test_integration/test_replica_promotion.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
index b71f2d5d7e1517ab73d79b62477a3377839b0b7a..7ef44c571c8a4106577d27f4712f661be873dacc 100644
--- a/ipatests/test_integration/test_replica_promotion.py
+++ b/ipatests/test_integration/test_replica_promotion.py
@@ -26,6 +26,7 @@ from ipalib.constants import (
 )
 from ipaplatform.paths import paths
 from ipapython import certdb
+from ipatests.test_integration.test_cert import get_certmonger_fs_id
 from ipatests.test_integration.test_dns_locations import (
     resolve_records_from_server, IPA_DEFAULT_MASTER_SRV_REC
 )
@@ -1241,6 +1242,23 @@ class TestHiddenReplicaPromotion(IntegrationTest):
             'ipa-crlgen-manage', 'status'])
         assert "CRL generation: enabled" in result.stdout_text
 
+    def test_hidden_replica_renew_pkinit_cert(self):
+        """Renew the PKINIT cert on a hidden replica.
+
+        Test for https://pagure.io/freeipa/issue/9611
+        """
+        # Get Request ID
+        cmd = ['getcert', 'list', '-f', paths.KDC_CERT]
+        result = self.replicas[0].run_command(cmd)
+        req_id = get_certmonger_fs_id(result.stdout_text)
+
+        self.replicas[0].run_command([
+            'getcert', 'resubmit', '-f', paths.KDC_CERT
+        ])
+        tasks.wait_for_certmonger_status(
+            self.replicas[0], ('MONITORING'), req_id, timeout=600
+        )
+
 
 class TestHiddenReplicaKRA(IntegrationTest):
     """Test KRA & hidden replica features.
-- 
2.45.2
ipa-4.12.1-2 - Resolves: RHEL-46607 kdc.crt certificate not getting automatically renewed by certmonger in IPA Hidden replica - Resolves: RHEL-46606 ipa-client rpm post script creates always ssh_config.orig even if nothing needs to be changed - Resolves: RHEL-46605 IPA Web UI not showing replication agreement for non-admin users - Resolves: RHEL-46592 [RFE] Allow IPA SIDgen task to continue if it finds an entity that SID can't be assigned to - Resolves: RHEL-46556 Include latest fixes in python3-ipatests packages - Resolves: RHEL-42705 PSKC.xml issues with ipa_otptoken_import.py Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> 2024-07-08 17:27:27 +00:00			`From 467ec04f93a29fd31ba037cef348c09547541fe7 Mon Sep 17 00:00:00 2001`
			`From: Florence Blanc-Renaud <flo@redhat.com>`
			`Date: Mon, 24 Jun 2024 09:18:54 +0200`
			`Subject: [PATCH] ipatests: add test for PKINIT renewal on hidden replica`

			`Test scenario: on a hidden replica, force the renewal of`
			`PKINIT cert by calling getcert resubmit.`

			`Related: https://pagure.io/freeipa/issue/9611`
			`Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>`
			`Reviewed-By: Rob Crittenden <rcritten@redhat.com>`
			`---`
			`.../test_integration/test_replica_promotion.py \| 18 ++++++++++++++++++`
			`1 file changed, 18 insertions(+)`

			`diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py`
			`index b71f2d5d7e1517ab73d79b62477a3377839b0b7a..7ef44c571c8a4106577d27f4712f661be873dacc 100644`
			`--- a/ipatests/test_integration/test_replica_promotion.py`
			`+++ b/ipatests/test_integration/test_replica_promotion.py`
			`@@ -26,6 +26,7 @@ from ipalib.constants import (`
			`)`
			`from ipaplatform.paths import paths`
			`from ipapython import certdb`
			`+from ipatests.test_integration.test_cert import get_certmonger_fs_id`
			`from ipatests.test_integration.test_dns_locations import (`
			`resolve_records_from_server, IPA_DEFAULT_MASTER_SRV_REC`
			`)`
			`@@ -1241,6 +1242,23 @@ class TestHiddenReplicaPromotion(IntegrationTest):`
			`'ipa-crlgen-manage', 'status'])`
			`assert "CRL generation: enabled" in result.stdout_text`

			`+ def test_hidden_replica_renew_pkinit_cert(self):`
			`+ """Renew the PKINIT cert on a hidden replica.`
			`+`
			`+ Test for https://pagure.io/freeipa/issue/9611`
			`+ """`
			`+ # Get Request ID`
			`+ cmd = ['getcert', 'list', '-f', paths.KDC_CERT]`
			`+ result = self.replicas[0].run_command(cmd)`
			`+ req_id = get_certmonger_fs_id(result.stdout_text)`
			`+`
			`+ self.replicas[0].run_command([`
			`+ 'getcert', 'resubmit', '-f', paths.KDC_CERT`
			`+ ])`
			`+ tasks.wait_for_certmonger_status(`
			`+ self.replicas[0], ('MONITORING'), req_id, timeout=600`
			`+ )`
			`+`

			`class TestHiddenReplicaKRA(IntegrationTest):`
			`"""Test KRA & hidden replica features.`
			`--`
			`2.45.2`