ipa/0031-ipatests-ipa-migrate-tool-with-Z-option-CACERTFILE.patch

From 8046023fc46c628c099d84b026ab866f7c6e16d6 Mon Sep 17 00:00:00 2001
From: Sudhir Menon <sumenon@redhat.com>
Date: Thu, 25 Jul 2024 18:32:21 +0530
Subject: [PATCH] ipatests: ipa-migrate tool with -Z option (CACERTFILE)

This patch add tests to check the scenarios associated with
pagure tickets

https://pagure.io/freeipa/issue/9642 - ipa-migrate - properly handle invalid certificates
https://pagure.io/freeipa/issue/9619 - ipa-migrate starttls does not work

Signed-off-by: Sudhir Menon <sumenon@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
 .../test_ipa_ipa_migration.py                 | 48 +++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/ipatests/test_integration/test_ipa_ipa_migration.py b/ipatests/test_integration/test_ipa_ipa_migration.py
index a516941047315e07407b8063a7010526d384ab3b..f697bbfbfc6169309274db689501c99fe148cc70 100644
--- a/ipatests/test_integration/test_ipa_ipa_migration.py
+++ b/ipatests/test_integration/test_ipa_ipa_migration.py
@@ -872,3 +872,51 @@ class TestIPAMigrateScenario1(IntegrationTest):
             extra_args=params,
         )
         assert self.replicas[0].transport.file_exists(custom_log_file)
+
+    def test_ipa_migrate_stage_mode_with_cert(self):
+        """
+        This testcase checks that ipa-migrate command
+        works without the 'ValuerError'
+        when -Z <cert> option is used with valid cert
+        """
+        cert_file = '/tmp/ipa.crt'
+        remote_server_cert = self.master.get_file_contents(
+            paths.IPA_CA_CRT, encoding="utf-8"
+        )
+        self.replicas[0].put_file_contents(cert_file, remote_server_cert)
+        params = ['-x', '-n', '-Z', cert_file]
+        result = run_migrate(
+            self.replicas[0],
+            "stage-mode",
+            self.master.hostname,
+            "cn=Directory Manager",
+            self.master.config.admin_password,
+            extra_args=params,
+        )
+        assert result.returncode == 0
+
+    def test_ipa_migrate_stage_mode_with_invalid_cert(self):
+        """
+        This test checks ipa-migrate tool throws
+        error when invalid cert is specified with
+        -Z option
+        """
+        cert_file = '/tmp/invaid_cert.crt'
+        invalid_cert = (
+            b'-----BEGIN CERTIFICATE-----\n'
+            b'MIIFazCCDQYJKoZIhvcNAQELBQAw\n'
+            b'-----END CERTIFICATE-----\n'
+        )
+        ERR_MSG = "Failed to connect to remote server: "
+        params = ['-x', '-n', '-Z', cert_file]
+        self.replicas[0].put_file_contents(cert_file, invalid_cert)
+        result = run_migrate(
+            self.replicas[0],
+            "stage-mode",
+            self.master.hostname,
+            "cn=Directory Manager",
+            self.master.config.admin_password,
+            extra_args=params,
+        )
+        assert result.returncode == 1
+        assert ERR_MSG in result.stderr_text
-- 
2.45.2
ipa-4.12.1-4 - Resolves: RHEL-53501 adtrustinstance only prints issues in check_inst() and does not log them - Resolves: RHEL-52305 Unconditionally add MS-PAC to global config - Resolves: RHEL-52223 ipa-replica/server-install with softhsm needs to check permission/ownership of /var/lib/softhsm/tokens to avoid install failure - Resolves: RHEL-51937 Include latest fixes in python3-ipatests packages - Resolves: RHEL-50805 ipa-migrate -Z with invalid cert options fails with 'ValueError: option error' - Resolves: RHEL-49805 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w - Resolves: RHEL-49592 'Unable to log in as uid=admin-replica.testrealm.test,ou=people,o=ipaca' during replica install - Resolves: RHEL-4879 RFE - Keep the configured value for the "nsslapd-ignore-time-skew" after a "force-sync" Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> 2024-08-08 13:57:12 +00:00			`From 8046023fc46c628c099d84b026ab866f7c6e16d6 Mon Sep 17 00:00:00 2001`
			`From: Sudhir Menon <sumenon@redhat.com>`
			`Date: Thu, 25 Jul 2024 18:32:21 +0530`
			`Subject: [PATCH] ipatests: ipa-migrate tool with -Z option (CACERTFILE)`

			`This patch add tests to check the scenarios associated with`
			`pagure tickets`

			`https://pagure.io/freeipa/issue/9642 - ipa-migrate - properly handle invalid certificates`
			`https://pagure.io/freeipa/issue/9619 - ipa-migrate starttls does not work`

			`Signed-off-by: Sudhir Menon <sumenon@redhat.com>`
			`Reviewed-By: Rob Crittenden <rcritten@redhat.com>`
			`---`
			`.../test_ipa_ipa_migration.py \| 48 +++++++++++++++++++`
			`1 file changed, 48 insertions(+)`

			`diff --git a/ipatests/test_integration/test_ipa_ipa_migration.py b/ipatests/test_integration/test_ipa_ipa_migration.py`
			`index a516941047315e07407b8063a7010526d384ab3b..f697bbfbfc6169309274db689501c99fe148cc70 100644`
			`--- a/ipatests/test_integration/test_ipa_ipa_migration.py`
			`+++ b/ipatests/test_integration/test_ipa_ipa_migration.py`
			`@@ -872,3 +872,51 @@ class TestIPAMigrateScenario1(IntegrationTest):`
			`extra_args=params,`
			`)`
			`assert self.replicas[0].transport.file_exists(custom_log_file)`
			`+`
			`+ def test_ipa_migrate_stage_mode_with_cert(self):`
			`+ """`
			`+ This testcase checks that ipa-migrate command`
			`+ works without the 'ValuerError'`
			`+ when -Z <cert> option is used with valid cert`
			`+ """`
			`+ cert_file = '/tmp/ipa.crt'`
			`+ remote_server_cert = self.master.get_file_contents(`
			`+ paths.IPA_CA_CRT, encoding="utf-8"`
			`+ )`
			`+ self.replicas[0].put_file_contents(cert_file, remote_server_cert)`
			`+ params = ['-x', '-n', '-Z', cert_file]`
			`+ result = run_migrate(`
			`+ self.replicas[0],`
			`+ "stage-mode",`
			`+ self.master.hostname,`
			`+ "cn=Directory Manager",`
			`+ self.master.config.admin_password,`
			`+ extra_args=params,`
			`+ )`
			`+ assert result.returncode == 0`
			`+`
			`+ def test_ipa_migrate_stage_mode_with_invalid_cert(self):`
			`+ """`
			`+ This test checks ipa-migrate tool throws`
			`+ error when invalid cert is specified with`
			`+ -Z option`
			`+ """`
			`+ cert_file = '/tmp/invaid_cert.crt'`
			`+ invalid_cert = (`
			`+ b'-----BEGIN CERTIFICATE-----\n'`
			`+ b'MIIFazCCDQYJKoZIhvcNAQELBQAw\n'`
			`+ b'-----END CERTIFICATE-----\n'`
			`+ )`
			`+ ERR_MSG = "Failed to connect to remote server: "`
			`+ params = ['-x', '-n', '-Z', cert_file]`
			`+ self.replicas[0].put_file_contents(cert_file, invalid_cert)`
			`+ result = run_migrate(`
			`+ self.replicas[0],`
			`+ "stage-mode",`
			`+ self.master.hostname,`
			`+ "cn=Directory Manager",`
			`+ self.master.config.admin_password,`
			`+ extra_args=params,`
			`+ )`
			`+ assert result.returncode == 1`
			`+ assert ERR_MSG in result.stderr_text`
			`--`
			`2.45.2`