c8a18bb46d
- Related: RHEL-59788 Rebase Samba to the latest 4.21.x release - Fixes: RHEL-61642 Uninstall ACME separately during PKI uninstallation - Fixes: RHEL-56963 SSSD offline causing test-adtrust-install failure - Fixes: RHEL-56473 Include latest fixes in python3-ipatests packages - Fixes: RHEL-48104 Default hbac rules are duplicated on remote server post ipa-migrate in prod-mode - Fixes: RHEL-45330 [RFE] add a tool to quickly detect and fix issues with IPA ID ranges - Fixes: RHEL-40376 SID generation task is failing when SELinux is in Enforcing mode - Fixes: RHEL-4915 Last expired OTP token would be c Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
117 lines
4.8 KiB
Diff
117 lines
4.8 KiB
Diff
From 142f52fc981fe9f1d693b79a7b49506af2e98829 Mon Sep 17 00:00:00 2001
|
|
From: Mohammad Rizwan <myusuf@redhat.com>
|
|
Date: Mon, 19 Aug 2024 16:08:53 +0530
|
|
Subject: [PATCH] ipatests: refactor password file handling in TestHSMInstall
|
|
|
|
When token and associated certs are not being cleaned
|
|
up properly, the subsequent installation fails. Hence
|
|
Password file related scenarios moved out to new test class
|
|
so that it have fresh installation.
|
|
|
|
Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
|
|
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
|
|
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
|
|
---
|
|
.../nightly_ipa-4-12_latest.yaml | 12 ++++++++
|
|
.../nightly_ipa-4-12_latest_selinux.yaml | 13 ++++++++
|
|
ipatests/test_integration/test_hsm.py | 30 ++++++++++---------
|
|
3 files changed, 41 insertions(+), 14 deletions(-)
|
|
|
|
diff --git a/ipatests/prci_definitions/nightly_ipa-4-12_latest.yaml b/ipatests/prci_definitions/nightly_ipa-4-12_latest.yaml
|
|
index 6d18e708fb0512ce21d8db68d4f1ab26849f40b7..07e2a8399ae4cc953adb415b975101ed20c67fd2 100644
|
|
--- a/ipatests/prci_definitions/nightly_ipa-4-12_latest.yaml
|
|
+++ b/ipatests/prci_definitions/nightly_ipa-4-12_latest.yaml
|
|
@@ -1950,6 +1950,18 @@ jobs:
|
|
timeout: 6300
|
|
topology: *master_3repl_1client
|
|
|
|
+ fedora-latest-ipa-4-12/test_hsm_TestHSMInstallPasswordFile:
|
|
+ requires: [fedora-latest-ipa-4-12/build]
|
|
+ priority: 50
|
|
+ job:
|
|
+ class: RunPytest
|
|
+ args:
|
|
+ build_url: '{fedora-latest-ipa-4-12/build_url}'
|
|
+ test_suite: test_integration/test_hsm.py::TestHSMInstallPasswordFile
|
|
+ template: *ci-ipa-4-12-latest
|
|
+ timeout: 6300
|
|
+ topology: *master_1repl
|
|
+
|
|
fedora-latest-ipa-4-12/test_hsm_TestHSMInstallADTrustBase:
|
|
requires: [fedora-latest-ipa-4-12/build]
|
|
priority: 50
|
|
diff --git a/ipatests/prci_definitions/nightly_ipa-4-12_latest_selinux.yaml b/ipatests/prci_definitions/nightly_ipa-4-12_latest_selinux.yaml
|
|
index 52686df9713975c9590b8a99edb7c3442531fecc..11046be13fca1e7403d0fd74329a66ded3927a6c 100644
|
|
--- a/ipatests/prci_definitions/nightly_ipa-4-12_latest_selinux.yaml
|
|
+++ b/ipatests/prci_definitions/nightly_ipa-4-12_latest_selinux.yaml
|
|
@@ -2105,6 +2105,19 @@ jobs:
|
|
timeout: 6300
|
|
topology: *master_3repl_1client
|
|
|
|
+ fedora-latest-ipa-4-12/test_hsm_TestHSMInstallPasswordFile:
|
|
+ requires: [fedora-latest-ipa-4-12/build]
|
|
+ priority: 50
|
|
+ job:
|
|
+ class: RunPytest
|
|
+ args:
|
|
+ build_url: '{fedora-latest-ipa-4-12/build_url}'
|
|
+ selinux_enforcing: True
|
|
+ test_suite: test_integration/test_hsm.py::TestHSMInstallPasswordFile
|
|
+ template: *ci-ipa-4-12-latest
|
|
+ timeout: 6300
|
|
+ topology: *master_1repl
|
|
+
|
|
fedora-latest-ipa-4-12/test_hsm_TestHSMInstallADTrustBase:
|
|
requires: [fedora-latest-ipa-4-12/build]
|
|
priority: 50
|
|
diff --git a/ipatests/test_integration/test_hsm.py b/ipatests/test_integration/test_hsm.py
|
|
index 374f5c25fd3453cd45a15d2b0f20cee424282595..42895fcd60a7c02d3b6103c2f6751a367da30b2f 100644
|
|
--- a/ipatests/test_integration/test_hsm.py
|
|
+++ b/ipatests/test_integration/test_hsm.py
|
|
@@ -312,24 +312,26 @@ class TestHSMInstall(BaseHSMTest):
|
|
assert returncode == 0
|
|
assert output == "No issues found."
|
|
|
|
- def test_hsm_install_server_password_file(self):
|
|
- check_version(self.master)
|
|
- # cleanup before fresh install with password file
|
|
- for client in self.clients:
|
|
- tasks.uninstall_client(client)
|
|
|
|
- for replica in self.replicas:
|
|
- tasks.uninstall_master(replica)
|
|
+class TestHSMInstallPasswordFile(BaseHSMTest):
|
|
|
|
- tasks.uninstall_master(self.master)
|
|
+ num_replicas = 1
|
|
|
|
- delete_hsm_token([self.master] + self.replicas, self.token_name)
|
|
- self.token_name, self.token_password = get_hsm_token(self.master)
|
|
- self.master.put_file_contents(self.token_password_file,
|
|
- self.token_password)
|
|
- self.replicas[0].put_file_contents(self.token_password_file,
|
|
- self.token_password)
|
|
+ @classmethod
|
|
+ def install(cls, mh):
|
|
+ check_version(cls.master)
|
|
+ # Enable pkiuser to read softhsm tokens
|
|
+ cls.master.run_command(['usermod', 'pkiuser', '-a', '-G', 'ods'])
|
|
+ cls.token_name, cls.token_password = get_hsm_token(cls.master)
|
|
+ cls.master.put_file_contents(
|
|
+ cls.token_password_file, cls.token_password
|
|
+ )
|
|
+ cls.replicas[0].put_file_contents(
|
|
+ cls.token_password_file, cls.token_password
|
|
+ )
|
|
|
|
+ def test_hsm_install_server_password_file(self):
|
|
+ check_version(self.master)
|
|
tasks.install_master(
|
|
self.master, setup_dns=self.master_with_dns,
|
|
setup_kra=self.master_with_kra,
|
|
--
|
|
2.46.2
|
|
|