ipa/0007-ipatests-add-test-for-PKINIT-renewal-on-hidden-repli.patch

From 467ec04f93a29fd31ba037cef348c09547541fe7 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Mon, 24 Jun 2024 09:18:54 +0200
Subject: [PATCH] ipatests: add test for PKINIT renewal on hidden replica

Test scenario: on a hidden replica, force the renewal of
PKINIT cert by calling getcert resubmit.

Related: https://pagure.io/freeipa/issue/9611
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
 .../test_integration/test_replica_promotion.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
index b71f2d5d7e1517ab73d79b62477a3377839b0b7a..7ef44c571c8a4106577d27f4712f661be873dacc 100644
--- a/ipatests/test_integration/test_replica_promotion.py
+++ b/ipatests/test_integration/test_replica_promotion.py
@@ -26,6 +26,7 @@ from ipalib.constants import (
 )
 from ipaplatform.paths import paths
 from ipapython import certdb
+from ipatests.test_integration.test_cert import get_certmonger_fs_id
 from ipatests.test_integration.test_dns_locations import (
     resolve_records_from_server, IPA_DEFAULT_MASTER_SRV_REC
 )
@@ -1241,6 +1242,23 @@ class TestHiddenReplicaPromotion(IntegrationTest):
             'ipa-crlgen-manage', 'status'])
         assert "CRL generation: enabled" in result.stdout_text
 
+    def test_hidden_replica_renew_pkinit_cert(self):
+        """Renew the PKINIT cert on a hidden replica.
+
+        Test for https://pagure.io/freeipa/issue/9611
+        """
+        # Get Request ID
+        cmd = ['getcert', 'list', '-f', paths.KDC_CERT]
+        result = self.replicas[0].run_command(cmd)
+        req_id = get_certmonger_fs_id(result.stdout_text)
+
+        self.replicas[0].run_command([
+            'getcert', 'resubmit', '-f', paths.KDC_CERT
+        ])
+        tasks.wait_for_certmonger_status(
+            self.replicas[0], ('MONITORING'), req_id, timeout=600
+        )
+
 
 class TestHiddenReplicaKRA(IntegrationTest):
     """Test KRA & hidden replica features.
-- 
2.45.2