From 392e60e3fa0e39a2e364268a21d869a2f3a85905 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Mon, 19 Jun 2023 19:04:32 +0200
Subject: [PATCH] Integration test: add a test for upgrade and PKI drop-in file

Add an upgrade test with the following scenario:
- remove PKI drop-in file (to simulate an upgrade from an old
version)
- remove caECServerCertWithSCT profile from LDAP
- launch the ipa-server-upgrade command
- check that the upgrade added the file

Related: https://pagure.io/freeipa/issue/9381

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
 ipatests/test_integration/test_upgrade.py | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/ipatests/test_integration/test_upgrade.py b/ipatests/test_integration/test_upgrade.py
index 9203503cdccf4478f9864bd487e458761e9a2a2f..182e3b5da3c758cc10913ad4eed119b0983fcc23 100644
--- a/ipatests/test_integration/test_upgrade.py
+++ b/ipatests/test_integration/test_upgrade.py
@@ -455,3 +455,25 @@ class TestUpgrade(IntegrationTest):
             assert 'tXTRecord' in location_krb_rec
             assert len(location_krb_rec['tXTRecord']) == 1
             assert location_krb_rec['tXTRecord'][0] == f'"{realm}"'
+
+    def test_pki_dropin_file(self):
+        """Test that upgrade adds the drop-in file if missing
+
+        Test for ticket 9381
+        Simulate an update from a version that didn't provide
+        /etc/systemd/system/pki-tomcatd@pki-tomcat.service.d/ipa.conf,
+        remove one of the certificate profiles from LDAP and check that upgrade
+        completes successfully and adds the missing file.
+        When the drop-in file is missing, the upgrade tries to login to
+        PKI in order to migrate the profile and fails because PKI failed to
+        start.
+        """
+        self.master.run_command(["rm", "-f", paths.SYSTEMD_PKI_TOMCAT_IPA_CONF])
+        ldif = textwrap.dedent("""
+             dn: cn=caECServerCertWithSCT,ou=certificateProfiles,ou=ca,o=ipaca
+             changetype: delete
+             """)
+        tasks.ldapmodify_dm(self.master, ldif)
+        self.master.run_command(['ipa-server-upgrade'])
+        assert self.master.transport.file_exists(
+            paths.SYSTEMD_PKI_TOMCAT_IPA_CONF)
-- 
2.41.0