From 142f52fc981fe9f1d693b79a7b49506af2e98829 Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Date: Mon, 19 Aug 2024 16:08:53 +0530 Subject: [PATCH] ipatests: refactor password file handling in TestHSMInstall When token and associated certs are not being cleaned up properly, the subsequent installation fails. Hence Password file related scenarios moved out to new test class so that it have fresh installation. Signed-off-by: Mohammad Rizwan Reviewed-By: Rob Crittenden Reviewed-By: Florence Blanc-Renaud Reviewed-By: Rob Crittenden Reviewed-By: Florence Blanc-Renaud --- .../nightly_ipa-4-12_latest.yaml | 12 ++++++++ .../nightly_ipa-4-12_latest_selinux.yaml | 13 ++++++++ ipatests/test_integration/test_hsm.py | 30 ++++++++++--------- 3 files changed, 41 insertions(+), 14 deletions(-) diff --git a/ipatests/prci_definitions/nightly_ipa-4-12_latest.yaml b/ipatests/prci_definitions/nightly_ipa-4-12_latest.yaml index 6d18e708fb0512ce21d8db68d4f1ab26849f40b7..07e2a8399ae4cc953adb415b975101ed20c67fd2 100644 --- a/ipatests/prci_definitions/nightly_ipa-4-12_latest.yaml +++ b/ipatests/prci_definitions/nightly_ipa-4-12_latest.yaml @@ -1950,6 +1950,18 @@ jobs: timeout: 6300 topology: *master_3repl_1client + fedora-latest-ipa-4-12/test_hsm_TestHSMInstallPasswordFile: + requires: [fedora-latest-ipa-4-12/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-latest-ipa-4-12/build_url}' + test_suite: test_integration/test_hsm.py::TestHSMInstallPasswordFile + template: *ci-ipa-4-12-latest + timeout: 6300 + topology: *master_1repl + fedora-latest-ipa-4-12/test_hsm_TestHSMInstallADTrustBase: requires: [fedora-latest-ipa-4-12/build] priority: 50 diff --git a/ipatests/prci_definitions/nightly_ipa-4-12_latest_selinux.yaml b/ipatests/prci_definitions/nightly_ipa-4-12_latest_selinux.yaml index 52686df9713975c9590b8a99edb7c3442531fecc..11046be13fca1e7403d0fd74329a66ded3927a6c 100644 --- a/ipatests/prci_definitions/nightly_ipa-4-12_latest_selinux.yaml +++ b/ipatests/prci_definitions/nightly_ipa-4-12_latest_selinux.yaml @@ -2105,6 +2105,19 @@ jobs: timeout: 6300 topology: *master_3repl_1client + fedora-latest-ipa-4-12/test_hsm_TestHSMInstallPasswordFile: + requires: [fedora-latest-ipa-4-12/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-latest-ipa-4-12/build_url}' + selinux_enforcing: True + test_suite: test_integration/test_hsm.py::TestHSMInstallPasswordFile + template: *ci-ipa-4-12-latest + timeout: 6300 + topology: *master_1repl + fedora-latest-ipa-4-12/test_hsm_TestHSMInstallADTrustBase: requires: [fedora-latest-ipa-4-12/build] priority: 50 diff --git a/ipatests/test_integration/test_hsm.py b/ipatests/test_integration/test_hsm.py index 374f5c25fd3453cd45a15d2b0f20cee424282595..42895fcd60a7c02d3b6103c2f6751a367da30b2f 100644 --- a/ipatests/test_integration/test_hsm.py +++ b/ipatests/test_integration/test_hsm.py @@ -312,24 +312,26 @@ class TestHSMInstall(BaseHSMTest): assert returncode == 0 assert output == "No issues found." - def test_hsm_install_server_password_file(self): - check_version(self.master) - # cleanup before fresh install with password file - for client in self.clients: - tasks.uninstall_client(client) - for replica in self.replicas: - tasks.uninstall_master(replica) +class TestHSMInstallPasswordFile(BaseHSMTest): - tasks.uninstall_master(self.master) + num_replicas = 1 - delete_hsm_token([self.master] + self.replicas, self.token_name) - self.token_name, self.token_password = get_hsm_token(self.master) - self.master.put_file_contents(self.token_password_file, - self.token_password) - self.replicas[0].put_file_contents(self.token_password_file, - self.token_password) + @classmethod + def install(cls, mh): + check_version(cls.master) + # Enable pkiuser to read softhsm tokens + cls.master.run_command(['usermod', 'pkiuser', '-a', '-G', 'ods']) + cls.token_name, cls.token_password = get_hsm_token(cls.master) + cls.master.put_file_contents( + cls.token_password_file, cls.token_password + ) + cls.replicas[0].put_file_contents( + cls.token_password_file, cls.token_password + ) + def test_hsm_install_server_password_file(self): + check_version(self.master) tasks.install_master( self.master, setup_dns=self.master_with_dns, setup_kra=self.master_with_kra, -- 2.46.2