From 467ec04f93a29fd31ba037cef348c09547541fe7 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Mon, 24 Jun 2024 09:18:54 +0200 Subject: [PATCH] ipatests: add test for PKINIT renewal on hidden replica Test scenario: on a hidden replica, force the renewal of PKINIT cert by calling getcert resubmit. Related: https://pagure.io/freeipa/issue/9611 Signed-off-by: Florence Blanc-Renaud Reviewed-By: Rob Crittenden --- .../test_integration/test_replica_promotion.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index b71f2d5d7e1517ab73d79b62477a3377839b0b7a..7ef44c571c8a4106577d27f4712f661be873dacc 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -26,6 +26,7 @@ from ipalib.constants import ( ) from ipaplatform.paths import paths from ipapython import certdb +from ipatests.test_integration.test_cert import get_certmonger_fs_id from ipatests.test_integration.test_dns_locations import ( resolve_records_from_server, IPA_DEFAULT_MASTER_SRV_REC ) @@ -1241,6 +1242,23 @@ class TestHiddenReplicaPromotion(IntegrationTest): 'ipa-crlgen-manage', 'status']) assert "CRL generation: enabled" in result.stdout_text + def test_hidden_replica_renew_pkinit_cert(self): + """Renew the PKINIT cert on a hidden replica. + + Test for https://pagure.io/freeipa/issue/9611 + """ + # Get Request ID + cmd = ['getcert', 'list', '-f', paths.KDC_CERT] + result = self.replicas[0].run_command(cmd) + req_id = get_certmonger_fs_id(result.stdout_text) + + self.replicas[0].run_command([ + 'getcert', 'resubmit', '-f', paths.KDC_CERT + ]) + tasks.wait_for_certmonger_status( + self.replicas[0], ('MONITORING'), req_id, timeout=600 + ) + class TestHiddenReplicaKRA(IntegrationTest): """Test KRA & hidden replica features. -- 2.45.2