From ed70380cbb97a355a4d84ca61fd27120cda902b9 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 12 Sep 2024 13:52:55 -0400
Subject: [PATCH] ipatests: Test that when lmdb is available, enable RSN

Related: https://pagure.io/freeipa/issue/9661

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>
---
 .../test_random_serial_numbers.py             | 71 +++++++++++++++++++
 1 file changed, 71 insertions(+)

diff --git a/ipatests/test_integration/test_random_serial_numbers.py b/ipatests/test_integration/test_random_serial_numbers.py
index ab58b1c622b010994ed93a17dd80cfd02095508d..c45d15b583bac0faec80780edd00b60b47e334a9 100644
--- a/ipatests/test_integration/test_random_serial_numbers.py
+++ b/ipatests/test_integration/test_random_serial_numbers.py
@@ -3,10 +3,12 @@
 #
 
 import pytest
+import textwrap
 
 from ipaplatform.paths import paths
 
 from ipatests.pytest_ipa.integration import tasks
+from ipatests.test_integration.base import IntegrationTest
 from ipatests.test_integration.test_installation import (
     TestInstallWithCA_DNS1,
     TestInstallWithCA_KRA1,
@@ -119,3 +121,72 @@ class TestRSNVault(TestInstallKRA):
         if not pki_supports_RSNv3(mh.master):
             raise pytest.skip("RSNv3 not supported")
         super(TestRSNVault, cls).install(mh)
+
+
+class TestInstall_RSN_MDB(IntegrationTest):
+    """
+    Test installation when the 389-ds mdb backend is used. This has
+    poor performance for VLV compared to the older bdb backend so
+    RSN will be required.
+    """
+    num_replicas = 1
+
+    def disable_rsn(self):
+        """Mark RSN as disabled in the topology by setting
+           ipaCaRandomSerialNumberVersion to 0.
+        """
+        entry_ldif = textwrap.dedent("""
+            dn: cn=ipa,cn=cas,cn=ca,{base_dn}
+            changetype: modify
+            replace: ipaCaRandomSerialNumberVersion
+            ipaCaRandomSerialNumberVersion: 0
+        """).format(base_dn=str(self.master.domain.basedn))
+        tasks.ldapmodify_dm(self.master, entry_ldif)
+
+    def check_rsn_status(self, host):
+        """Verify that RSN is enabled on a host"""
+        base_dn = str(host.domain.basedn)
+        result = tasks.ldapsearch_dm(
+            host,
+            'cn=ipa,cn=cas,cn=ca,{base_dn}'.format(
+                base_dn=base_dn),
+            ['ipacarandomserialnumberversion',],
+            scope='base'
+        )
+        output = result.stdout_text.lower()
+        assert 'ipacarandomserialnumberversion: 3' in output
+
+        cs_cfg = host.get_file_contents(paths.CA_CS_CFG_PATH)
+        assert "dbs.cert.id.generator=random".encode() in cs_cfg
+
+    @classmethod
+    def install(cls, mh):
+        if not pki_supports_RSNv3(mh.master):
+            raise pytest.skip("RNSv3 not supported")
+        result = cls.replicas[0].run_command(
+            "python -c 'from lib389.utils import get_default_db_lib; "
+            "print(get_default_db_lib())'"
+        )
+        if 'mdb' not in result.stdout_text:
+            raise pytest.skip("MDB not supported")
+        tasks.install_master(cls.master, setup_dns=True)
+
+    def test_replica_install(self):
+        self.disable_rsn()
+        tasks.install_replica(
+            self.master, self.replicas[0], setup_ca=True)
+        self.check_rsn_status(self.replicas[0])
+        tasks.run_server_del(
+            self.master, self.replicas[0].hostname, force=True,
+            ignore_topology_disconnect=True, ignore_last_of_role=True)
+        tasks.uninstall_replica(
+            master=self.master,
+            replica=self.replicas[0]
+        )
+
+    def test_replica_install_noca(self):
+        self.disable_rsn()
+        tasks.install_replica(
+            self.master, self.replicas[0], setup_ca=False)
+        tasks.install_ca(self.replicas[0])
+        self.check_rsn_status(self.replicas[0])
-- 
2.47.0