From bfe074ed478c20a9537dc2a714bba50dbc2cd34f Mon Sep 17 00:00:00 2001 From: Sumedh Sidhaye Date: Fri, 5 Aug 2022 11:22:59 +0530 Subject: [PATCH] Additional tests for RSN v3 New Tests include TestRSNPKIConfig TestRSNVault The new tests are just extending existing classes to be run with random serial numbers enabled The tests also include a new method to check params set in CS.cfg for both CA and KRA, and another test to check Random Serial Number version while running `ipa ca-find` Added nightly definitions Related Ticket: https://pagure.io/freeipa/issue/2016 Signed-off-by: Sumedh Sidhaye Reviewed-By: Rob Crittenden Reviewed-By: Florence Blanc-Renaud --- .../nightly_ipa-4-10_latest.yaml | 24 +++++++++ .../nightly_ipa-4-10_latest_selinux.yaml | 26 ++++++++++ .../nightly_ipa-4-10_previous.yaml | 24 +++++++++ .../test_random_serial_numbers.py | 51 ++++++++++++++++++- ipatests/test_integration/test_vault.py | 4 +- 5 files changed, 127 insertions(+), 2 deletions(-) diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml index 027b2a5b6c0b7ec3c3b5784ec4569661a06d4ed7..547320d258f51132266b56e9193533d2291c623c 100644 --- a/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml +++ b/ipatests/prci_definitions/nightly_ipa-4-10_latest.yaml @@ -1821,3 +1821,27 @@ jobs: template: *ci-ipa-4-10-latest timeout: 5400 topology: *master_1repl + + fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNPKIConfig: + requires: [fedora-latest-ipa-4-10/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-latest-ipa-4-10/build_url}' + test_suite: test_integration/test_random_serial_numbers.py::TestRSNPKIConfig + template: *ci-ipa-4-10-latest + timeout: 10800 + topology: *master_3repl_1client + + fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNVault: + requires: [fedora-latest-ipa-4-10/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-latest-ipa-4-10/build_url}' + test_suite: test_integration/test_random_serial_numbers.py::TestRSNVault + template: *ci-ipa-4-10-latest + timeout: 10800 + topology: *master_1repl \ No newline at end of file diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml index bcc17bef935666735bfb2c2e51209362a374b511..f6e5f1cff22de9db4df4577d1cd615499cf0fab3 100644 --- a/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml +++ b/ipatests/prci_definitions/nightly_ipa-4-10_latest_selinux.yaml @@ -1966,3 +1966,29 @@ jobs: template: *ci-ipa-4-10-latest timeout: 5400 topology: *master_1repl + + fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNPKIConfig: + requires: [fedora-latest-ipa-4-10/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-latest-ipa-4-10/build_url}' + selinux_enforcing: True + test_suite: test_integration/test_random_serial_numbers.py::TestRSNPKIConfig + template: *ci-ipa-4-10-latest + timeout: 10800 + topology: *master_3repl_1client + + fedora-latest-ipa-4-10/test_random_serial_numbers_TestRSNVault: + requires: [fedora-latest-ipa-4-10/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-latest-ipa-4-10/build_url}' + selinux_enforcing: True + test_suite: test_integration/test_random_serial_numbers.py::TestRSNVault + template: *ci-ipa-4-10-latest + timeout: 10800 + topology: *master_1repl diff --git a/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml b/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml index 37d38762e696a6394ef146a0e2b68bbc8ced515d..463f4b92fecc7fbc0be969de422352fb7baeb797 100644 --- a/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml +++ b/ipatests/prci_definitions/nightly_ipa-4-10_previous.yaml @@ -1821,3 +1821,27 @@ jobs: template: *ci-ipa-4-10-previous timeout: 5400 topology: *master_1repl + + fedora-previous-ipa-4-10/test_random_serial_numbers_TestRSNPKIConfig: + requires: [fedora-previous-ipa-4-10/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-previous-ipa-4-10/build_url}' + test_suite: test_integration/test_random_serial_numbers.py::TestRSNPKIConfig + template: *ci-ipa-4-10-previous + timeout: 10800 + topology: *master_3repl_1client + + fedora-previous-ipa-4-10/test_random_serial_numbers_TestRSNVault: + requires: [fedora-previous-ipa-4-10/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-previous-ipa-4-10/build_url}' + test_suite: test_integration/test_random_serial_numbers.py::TestRSNVault + template: *ci-ipa-4-10-previous + timeout: 10800 + topology: *master_1repl diff --git a/ipatests/test_integration/test_random_serial_numbers.py b/ipatests/test_integration/test_random_serial_numbers.py index c52cfa4ed50e2718791b0844d743fb240d26b365..ab58b1c622b010994ed93a17dd80cfd02095508d 100644 --- a/ipatests/test_integration/test_random_serial_numbers.py +++ b/ipatests/test_integration/test_random_serial_numbers.py @@ -4,12 +4,15 @@ import pytest +from ipaplatform.paths import paths + +from ipatests.pytest_ipa.integration import tasks from ipatests.test_integration.test_installation import ( TestInstallWithCA_DNS1, TestInstallWithCA_KRA1, ) from ipatests.test_integration.test_caless import TestServerCALessToExternalCA - +from ipatests.test_integration.test_vault import TestInstallKRA from ipatests.test_integration.test_commands import TestIPACommand @@ -26,6 +29,18 @@ def pki_supports_RSNv3(host): return False +def check_pki_config_params(host): + # Check CS.cfg + try: + cs_cfg = host.get_file_contents(paths.CA_CS_CFG_PATH) + kra_cfg = host.get_file_contents(paths.KRA_CS_CFG_PATH) + assert "dbs.cert.id.generator=random".encode() in cs_cfg + assert "dbs.request.id.generator=random".encode() in cs_cfg + assert "dbs.key.id.generator=random".encode() in kra_cfg + except IOError: + pytest.skip("PKI config not present.Skipping test") + + class TestInstallWithCA_DNS1_RSN(TestInstallWithCA_DNS1): random_serial = True @@ -70,3 +85,37 @@ class TestServerCALessToExternalCA_RSN(TestServerCALessToExternalCA): if not pki_supports_RSNv3(mh.master): raise pytest.skip("RSNv3 not supported") super(TestServerCALessToExternalCA_RSN, cls).uninstall(mh) + + +class TestRSNPKIConfig(TestInstallWithCA_KRA1): + random_serial = True + num_replicas = 3 + + @classmethod + def install(cls, mh): + if not pki_supports_RSNv3(mh.master): + raise pytest.skip("RSNv3 not supported") + super(TestRSNPKIConfig, cls).install(mh) + + def test_check_pki_config(self): + check_pki_config_params(self.master) + check_pki_config_params(self.replicas[0]) + check_pki_config_params(self.replicas[1]) + + def test_check_rsn_version(self): + tasks.kinit_admin(self.master) + res = self.master.run_command(['ipa', 'ca-find']) + assert 'RSN Version: 3' in res.stdout_text + tasks.kinit_admin(self.replicas[0]) + res = self.replicas[0].run_command(['ipa', 'ca-find']) + assert 'RSN Version: 3' in res.stdout_text + + +class TestRSNVault(TestInstallKRA): + random_serial = True + + @classmethod + def install(cls, mh): + if not pki_supports_RSNv3(mh.master): + raise pytest.skip("RSNv3 not supported") + super(TestRSNVault, cls).install(mh) diff --git a/ipatests/test_integration/test_vault.py b/ipatests/test_integration/test_vault.py index 548822d049070d6f9d42da772264eb24010fafda..6288e557f96cae60d031b44c49fbe830712eb7be 100644 --- a/ipatests/test_integration/test_vault.py +++ b/ipatests/test_integration/test_vault.py @@ -33,7 +33,9 @@ class TestInstallKRA(IntegrationTest): @classmethod def install(cls, mh): - tasks.install_master(cls.master, setup_kra=True) + tasks.install_master(cls.master, + setup_kra=True, + random_serial=cls.random_serial) # do not install KRA on replica, it is part of test tasks.install_replica(cls.master, cls.replicas[0], setup_kra=False) -- 2.37.2