rpms/ipa
5
0
Fork 0
Code Issues Pull Requests Releases Activity
c10s
ipa/0038-ipatests-Test-that-when-lmdb-is-available-enable-RSN.patch
Florence Blanc-Renaud 1e38d43370 ipa-4.12.2-8 
- Resolves: RHEL-69300 Support GSSAPI in Cockpit on IPA servers
- Resolves: RHEL-68447 ipa trust-add fails in FIPS mode with an internal error has occurred
- Resolves: RHEL-57674 Use RSNv3 and enable cert pruning by default in RHEL 10.0

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
2024-11-27 19:43:17 +01:00

109 lines
4.0 KiB
Diff
Raw Permalink Blame History

From ed70380cbb97a355a4d84ca61fd27120cda902b9 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 12 Sep 2024 13:52:55 -0400
Subject: [PATCH] ipatests: Test that when lmdb is available, enable RSN
Related: https://pagure.io/freeipa/issue/9661
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>
---
.../test_random_serial_numbers.py | 71 +++++++++++++++++++
1 file changed, 71 insertions(+)
diff --git a/ipatests/test_integration/test_random_serial_numbers.py b/ipatests/test_integration/test_random_serial_numbers.py
index ab58b1c622b010994ed93a17dd80cfd02095508d..c45d15b583bac0faec80780edd00b60b47e334a9 100644
--- a/ipatests/test_integration/test_random_serial_numbers.py
+++ b/ipatests/test_integration/test_random_serial_numbers.py
@@ -3,10 +3,12 @@
#
import pytest
+import textwrap
from ipaplatform.paths import paths
from ipatests.pytest_ipa.integration import tasks
+from ipatests.test_integration.base import IntegrationTest
from ipatests.test_integration.test_installation import (
TestInstallWithCA_DNS1,
TestInstallWithCA_KRA1,
@@ -119,3 +121,72 @@ class TestRSNVault(TestInstallKRA):
if not pki_supports_RSNv3(mh.master):
raise pytest.skip("RSNv3 not supported")
super(TestRSNVault, cls).install(mh)
+
+
+class TestInstall_RSN_MDB(IntegrationTest):
+ """
+ Test installation when the 389-ds mdb backend is used. This has
+ poor performance for VLV compared to the older bdb backend so
+ RSN will be required.
+ """
+ num_replicas = 1
+
+ def disable_rsn(self):
+ """Mark RSN as disabled in the topology by setting
+ ipaCaRandomSerialNumberVersion to 0.
+ """
+ entry_ldif = textwrap.dedent("""
+ dn: cn=ipa,cn=cas,cn=ca,{base_dn}
+ changetype: modify
+ replace: ipaCaRandomSerialNumberVersion
+ ipaCaRandomSerialNumberVersion: 0
+ """).format(base_dn=str(self.master.domain.basedn))
+ tasks.ldapmodify_dm(self.master, entry_ldif)
+
+ def check_rsn_status(self, host):
+ """Verify that RSN is enabled on a host"""
+ base_dn = str(host.domain.basedn)
+ result = tasks.ldapsearch_dm(
+ host,
+ 'cn=ipa,cn=cas,cn=ca,{base_dn}'.format(
+ base_dn=base_dn),
+ ['ipacarandomserialnumberversion',],
+ scope='base'
+ )
+ output = result.stdout_text.lower()
+ assert 'ipacarandomserialnumberversion: 3' in output
+
+ cs_cfg = host.get_file_contents(paths.CA_CS_CFG_PATH)
+ assert "dbs.cert.id.generator=random".encode() in cs_cfg
+
+ @classmethod
+ def install(cls, mh):
+ if not pki_supports_RSNv3(mh.master):
+ raise pytest.skip("RNSv3 not supported")
+ result = cls.replicas[0].run_command(
+ "python -c 'from lib389.utils import get_default_db_lib; "
+ "print(get_default_db_lib())'"
+ )
+ if 'mdb' not in result.stdout_text:
+ raise pytest.skip("MDB not supported")
+ tasks.install_master(cls.master, setup_dns=True)
+
+ def test_replica_install(self):
+ self.disable_rsn()
+ tasks.install_replica(
+ self.master, self.replicas[0], setup_ca=True)
+ self.check_rsn_status(self.replicas[0])
+ tasks.run_server_del(
+ self.master, self.replicas[0].hostname, force=True,
+ ignore_topology_disconnect=True, ignore_last_of_role=True)
+ tasks.uninstall_replica(
+ master=self.master,
+ replica=self.replicas[0]
+ )
+
+ def test_replica_install_noca(self):
+ self.disable_rsn()
+ tasks.install_replica(
+ self.master, self.replicas[0], setup_ca=False)
+ tasks.install_ca(self.replicas[0])
+ self.check_rsn_status(self.replicas[0])
--
2.47.0
Reference in New Issue View Git Blame Copy Permalink