From fd222273a544f9e8c7a1749ff797880db7edbf25 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Mon, 25 Nov 2024 13:14:50 +0100
Subject: [PATCH] ipatests: pruning is enabled by default with LMDB

The test test_acme.py::TestACMEPrune::test_enable_pruning expects
certificate pruning to be disabled by default. That assumption
is valid only if the backend is BDB (if the backend is LMDB,
RSNv3 + cert pruning are enabled by default).

Update the test to be consistent with the new defaults.

Fixes: https://pagure.io/freeipa/issue/9706

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
 ipatests/test_integration/test_acme.py | 37 +++++++++++++++++---------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/ipatests/test_integration/test_acme.py b/ipatests/test_integration/test_acme.py
index 4032d266a8dc72fae6ee11857c306aa3a21e51bc..709d90715823672a3d85a1ef7896fb10ee63fdc5 100644
--- a/ipatests/test_integration/test_acme.py
+++ b/ipatests/test_integration/test_acme.py
@@ -17,6 +17,7 @@ from ipatests.test_integration.test_random_serial_numbers import (
 )
 from ipaplatform.osinfo import osinfo
 from ipaplatform.paths import paths
+from ipapython.dn import DN
 from ipatests.test_integration.test_external_ca import (
     install_server_external_ca_step1,
     install_server_external_ca_step2,
@@ -144,6 +145,15 @@ def certbot_standalone_cert(host, acme_server, no_of_cert=1):
         )
 
 
+def get_389ds_backend(host):
+    """ Return the backend type used by 389ds (either 'bdb' or 'lmdb')"""
+    conn = host.ldap_connect()
+    entry = conn.get_entry(
+        DN('cn=config,cn=ldbm database,cn=plugins,cn=config'))
+    backend = entry.single_value.get('nsslapd-backend-implement')
+    return backend
+
+
 class TestACME(CALessBase):
     """
     Test the FreeIPA ACME service by using ACME clients on a FreeIPA client.
@@ -397,21 +407,22 @@ class TestACME(CALessBase):
         assert status == 'disabled'
 
     def test_acme_pruning_no_random_serial(self):
-        """This ACME install is configured without random serial
+        """BDB install is configured without random serial
            numbers. Verify that we can't enable pruning on it.
-
-           This test is located here because by default installs
-           don't enable RSNv3.
         """
         if (tasks.get_pki_version(self.master)
            < tasks.parse_version('11.3.0')):
             raise pytest.skip("Certificate pruning is not available")
         self.master.run_command(['ipa-acme-manage', 'enable'])
-        result = self.master.run_command(
-            ['ipa-acme-manage', 'pruning', '--enable'],
-            raiseonerr=False)
-        assert result.returncode == 1
-        assert "requires random serial numbers" in result.stderr_text
+
+        # This test is only relevant with BDB backend
+        # as with LMDB, the installer now enable RSNv3 and cert pruning
+        if get_389ds_backend(self.master) == 'bdb':
+            result = self.master.run_command(
+                ['ipa-acme-manage', 'pruning', '--enable'],
+                raiseonerr=False)
+            assert result.returncode == 1
+            assert "requires random serial numbers" in result.stderr_text
 
     @server_install_teardown
     def test_third_party_certs(self):
@@ -707,10 +718,12 @@ class TestACMEPrune(IntegrationTest):
         if (tasks.get_pki_version(self.master)
            < tasks.parse_version('11.3.0')):
             raise pytest.skip("Certificate pruning is not available")
-        cs_cfg = self.master.get_file_contents(paths.CA_CS_CFG_PATH)
-        assert "jobsScheduler.job.pruning.enabled=false".encode() in cs_cfg
 
-        self.master.run_command(['ipa-acme-manage', 'pruning', '--enable'])
+        # Pruning is enabled by default when the host supports lmdb
+        if get_389ds_backend(self.master) == 'bdb':
+            cs_cfg = self.master.get_file_contents(paths.CA_CS_CFG_PATH)
+            assert "jobsScheduler.job.pruning.enabled=false".encode() in cs_cfg
+            self.master.run_command(['ipa-acme-manage', 'pruning', '--enable'])
 
         cs_cfg = self.master.get_file_contents(paths.CA_CS_CFG_PATH)
         assert "jobsScheduler.enabled=true".encode() in cs_cfg
-- 
2.47.0