diff --git a/gating.yaml b/gating.yaml
new file mode 100644
index 0000000..8f8606b
--- /dev/null
+++ b/gating.yaml
@@ -0,0 +1,8 @@
+# recipients: rhcs-team
+--- !Policy
+product_versions:
+ - rhel-9
+decision_context: osci_compose_gate
+rules:
+ - !PassingTestCaseRule {test_case_name: baseos-ci.redhat-module.tier0.functional}
+ - !PassingTestCaseRule {test_case_name: idm-ci.redhat-module.tier1.functional}
diff --git a/tests/roles/Test_Execution/files/config_templates/ansible_constants.py b/tests/roles/Test_Execution/files/config_templates/ansible_constants.py
new file mode 100644
index 0000000..8fa9004
--- /dev/null
+++ b/tests/roles/Test_Execution/files/config_templates/ansible_constants.py
@@ -0,0 +1,56 @@
+#common to all subsystems
+MASTER_HOSTNAME = 'pki1.example.com'
+CLONE_HOSTNAME = 'pki2.example.com'
+
+CLIENT_PKCS12_PASSWORD = 'SECret.123'
+CLIENT_DIR_PASSWORD = 'SECret.123'
+BACKUP_PASSWORD = 'SECret.123'
+CLIENT_DATABASE_PASSWORD = 'SECret.123'
+NSSDB = '/opt/pki/certdb'
+#CA Instance
+CA_HTTPS_PORT = '20443'
+CA_HTTP_PORT = '20080'
+CA_AJP_PORT = '20009'
+CA_TOMCAT_PORT = '20005'
+CA_CLIENT_DIR = '/opt/topology-CA'
+CA_INSTANCE_NAME = 'topology-CA'
+SECURITY_DOMAIN_PASSWORD = 'SECret.123'
+CA_PASSWORD = 'SECret.123'
+CA_SECURITY_DOMAIN_NAME = 'topology_Foobarmaster.org'
+CA_ADMIN_USERNAME = 'caadmin'
+CA_ADMIN_NICK = 'PKI CA Administrator for Example.Org'
+#KRA Instance
+KRA_INSTANCE_NAME = 'topology-KRA'
+KRA_HTTPS_PORT = 21443
+KRA_HTTP_PORT = 21080
+KRA_AJP_PORT = 21009
+KRA_TOMCAT_PORT = 21005
+KRA_PASSWORD = 'SECret.123'
+KRA_CLIENT_DIR = '/opt/topology-KRA'
+KRA_ADMIN_NICK = 'PKI KRA Administrator for Example.Org'
+#OCSP Instance
+OCSP_INSTANCE_NAME = 'topology-OCSP'
+OCSP_HTTPS_PORT = 22443
+OCSP_HTTP_PORT = 22080
+OCSP_AJP_PORT = 22009
+OCSP_TOMCAT_PORT = 22005
+OCSP_PASSWORD = 'SECret.123'
+OCSP_CLIENT_DIR = '/opt/topology-OCSP'
+OCSP_ADMIN_NICK = 'PKI OCSP Administrator for Example.Org'
+#TKS Instance
+TKS_INSTANCE_NAME = 'topology-TKS'
+TKS_HTTPS_PORT = 23443
+TKS_HTTP_PORT = 23080
+TKS_AJP_PORT = 23009
+TKS_TOMCAT_PORT = 23005
+TKS_PASSWORD = 'SECret.123'
+TKS_CLIENT_DIR = '/opt/topology-TKS'
+#TPS instance
+TPS_INSTANCE_NAME = 'topology-TPS'
+TPS_HTTPS_PORT = '25443'
+TPS_HTTP_PORT = '25080'
+TPS_AJP_PORT = '25009'
+TPS_TOMCAT_PORT = '25005'
+TPS_PASSWORD = 'SECret.123'
+TPS_CLIENT_DIR = '/opt/topology-TPS'
+TPS_ADMIN_NICK = 'PKI TPS Administrator for Example.Org'
diff --git a/tests/roles/Test_Execution/files/test/script b/tests/roles/Test_Execution/files/test/script
new file mode 100755
index 0000000..c98e4ae
--- /dev/null
+++ b/tests/roles/Test_Execution/files/test/script
@@ -0,0 +1,79 @@
+#!/bin/sh
+#Generate Noise using Openssl
+echo "Defining variables "
+tks_password="/tmp/tkspassword.txt"
+tps_password="/tmp/tpspassword.txt"
+tks_alias="/var/lib/pki/$1-TKS/alias"
+tps_alias="/var/lib/pki/$1-TPS/alias"
+tks_noise="/tmp/tks_noise"
+tks_shared_secret="sharedSecret"
+tks_conf="/var/lib/pki/$1-TKS/tks/conf/CS.cfg"
+tps_conf="/var/lib/pki/$1-TPS/tps/conf/CS.cfg"
+tps_input_file="/tmp/tps-input.txt"
+tks_secret_output="/tmp/secret"
+tks_input_file="/tmp/tks-input.txt"
+tks_input="proceed\r\n"
+tks_secret_output="/tmp/sharedSecret.out"
+tps_key_import_status="/tmp/sharedSecretImport.out"
+echo "proceed\r\n" > $tks_input_file
+echo "Generate Noise using OpenSSL"
+openssl rand -hex 2048 | perl -p -e 's/\n//' > $tks_noise
+cat /var/lib/pki/$1-TKS/conf/password.conf | sed 's/^internal=//' > $tks_password
+cat /var/lib/pki/$1-TPS/conf/password.conf | sed 's/^internal=//' > $tps_password
+
+echo "Stopping TKS & TPS instance"
+systemctl stop pki-tomcatd@$1-TKS.service
+systemctl stop pki-tomcatd@$1-TPS.service
+echo "Generating shared secret"
+/usr/bin/tkstool -D -d $tks_alias -n "TPS-`hostname`-25443 sharedSecret" -f $tks_password
+/usr/bin/tkstool -T -d $tks_alias -n $tks_shared_secret -f $tks_password -z $tks_noise > $tks_secret_output < $tks_input_file
+/usr/bin/tkstool -L -d $tks_alias -n $tks_shared_secret -f $tks_password > /tmp/sharedSecretList1.out
+grep "$tks_shared_secret" /tmp/sharedSecretList1.out
+first_session_tmp1=$(cat $tks_secret_output | grep -A1 "first\ssession\skey\sshare:")
+first_session_tmp2=$(echo $first_session_tmp1 | sed 's/^first session key share://')
+first_session_key=$(echo ${first_session_tmp2%% })
+first_session_KCV_tmp1=$(cat $tks_secret_output | grep "first\ssession\skey\sshare\sKCV:")
+first_session_KCV_tmp2=$(echo $first_session_KCV_tmp1 | sed 's/^first session key share KCV://')
+first_session_KCV_key=$(echo ${first_session_KCV_tmp2%% })
+
+second_session_tmp1=$(cat $tks_secret_output | grep -A1 "second\ssession\skey\sshare:")
+second_session_tmp2=$(echo $second_session_tmp1 | sed 's/^second session key share://')
+second_session_key=$(echo ${second_session_tmp2%% })
+second_session_KCV_tmp1=$(cat $tks_secret_output | grep "second\ssession\skey\sshare\sKCV:")
+second_session_KCV_tmp2=$(echo $second_session_KCV_tmp1 | sed 's/^second session key share KCV://')
+second_session_KCV_key=$(echo ${second_session_KCV_tmp2%% })
+
+third_session_tmp1=$(cat $tks_secret_output | grep -A1 "third\ssession\skey\sshare:")
+third_session_tmp2=$(echo $third_session_tmp1 | sed 's/^third session key share://')
+third_session_key=$(echo ${third_session_tmp2%% })
+third_session_KCV_tmp1=$(cat $tks_secret_output | grep "third\ssession\skey\sshare\sKCV:")
+third_session_KCV_tmp2=$(echo $third_session_KCV_tmp1 | sed 's/^third session key share KCV://')
+third_session_KCV_key=$(echo ${third_session_KCV_tmp2%% })
+
+sed -i -e "/tps.0.nickname=/s/=.*/=$tks_shared_secret/g" $tks_conf
+sed -i -e "/tks.tksSharedSymKeyName=/s/=.*/=$tks_shared_secret/g" $tks_conf
+echo "Restart $1-TKS instance"
+systemctl restart pki-tomcatd@$1-TKS.service
+echo "proceed\r\n" > $tps_input_file
+echo "$first_session_key\r\n" >> $tps_input_file
+echo "\r\n" >> $tps_input_file
+echo "$first_session_KCV_key\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "$second_session_key\r\n" >> $tps_input_file
+echo "\r\n" >> $tps_input_file
+echo "$second_session_KCV_key\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "$third_session_key\r\n" >> $tps_input_file
+echo "\r\n" >> $tps_input_file
+echo "$third_session_KCV_key\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+
+/usr/bin/tkstool -I -d $tps_alias -n $tks_shared_secret -f $tps_password < $tps_input_file > $tps_key_import_status
+/usr/bin/tkstool -L -d $tps_alias -n $tks_shared_secret -f $tps_password > /tmp/sharedSecretList2.out
+grep "$tks_shared_secret" /tmp/sharedSecretList2.out
+sed -i -e "/tps.connector.tks1.tksSharedSymKeyName=/s/=.*/=$tks_shared_secret/g" $tps_conf
+sed -i -e "/conn.tks1.tksSharedSymKeyName=/s/=.*/=$tks_shared_secret/g" $tps_conf
+echo "Restart $1-TPS instance"
+systemctl restart pki-tomcatd@$1-TPS.service
diff --git a/tests/roles/Test_Execution/handlers/config_templates/ansible_constants.py b/tests/roles/Test_Execution/handlers/config_templates/ansible_constants.py
new file mode 100644
index 0000000..8fa9004
--- /dev/null
+++ b/tests/roles/Test_Execution/handlers/config_templates/ansible_constants.py
@@ -0,0 +1,56 @@
+#common to all subsystems
+MASTER_HOSTNAME = 'pki1.example.com'
+CLONE_HOSTNAME = 'pki2.example.com'
+
+CLIENT_PKCS12_PASSWORD = 'SECret.123'
+CLIENT_DIR_PASSWORD = 'SECret.123'
+BACKUP_PASSWORD = 'SECret.123'
+CLIENT_DATABASE_PASSWORD = 'SECret.123'
+NSSDB = '/opt/pki/certdb'
+#CA Instance
+CA_HTTPS_PORT = '20443'
+CA_HTTP_PORT = '20080'
+CA_AJP_PORT = '20009'
+CA_TOMCAT_PORT = '20005'
+CA_CLIENT_DIR = '/opt/topology-CA'
+CA_INSTANCE_NAME = 'topology-CA'
+SECURITY_DOMAIN_PASSWORD = 'SECret.123'
+CA_PASSWORD = 'SECret.123'
+CA_SECURITY_DOMAIN_NAME = 'topology_Foobarmaster.org'
+CA_ADMIN_USERNAME = 'caadmin'
+CA_ADMIN_NICK = 'PKI CA Administrator for Example.Org'
+#KRA Instance
+KRA_INSTANCE_NAME = 'topology-KRA'
+KRA_HTTPS_PORT = 21443
+KRA_HTTP_PORT = 21080
+KRA_AJP_PORT = 21009
+KRA_TOMCAT_PORT = 21005
+KRA_PASSWORD = 'SECret.123'
+KRA_CLIENT_DIR = '/opt/topology-KRA'
+KRA_ADMIN_NICK = 'PKI KRA Administrator for Example.Org'
+#OCSP Instance
+OCSP_INSTANCE_NAME = 'topology-OCSP'
+OCSP_HTTPS_PORT = 22443
+OCSP_HTTP_PORT = 22080
+OCSP_AJP_PORT = 22009
+OCSP_TOMCAT_PORT = 22005
+OCSP_PASSWORD = 'SECret.123'
+OCSP_CLIENT_DIR = '/opt/topology-OCSP'
+OCSP_ADMIN_NICK = 'PKI OCSP Administrator for Example.Org'
+#TKS Instance
+TKS_INSTANCE_NAME = 'topology-TKS'
+TKS_HTTPS_PORT = 23443
+TKS_HTTP_PORT = 23080
+TKS_AJP_PORT = 23009
+TKS_TOMCAT_PORT = 23005
+TKS_PASSWORD = 'SECret.123'
+TKS_CLIENT_DIR = '/opt/topology-TKS'
+#TPS instance
+TPS_INSTANCE_NAME = 'topology-TPS'
+TPS_HTTPS_PORT = '25443'
+TPS_HTTP_PORT = '25080'
+TPS_AJP_PORT = '25009'
+TPS_TOMCAT_PORT = '25005'
+TPS_PASSWORD = 'SECret.123'
+TPS_CLIENT_DIR = '/opt/topology-TPS'
+TPS_ADMIN_NICK = 'PKI TPS Administrator for Example.Org'
diff --git a/tests/roles/Test_Execution/handlers/main.yml b/tests/roles/Test_Execution/handlers/main.yml
new file mode 100644
index 0000000..3342a9a
--- /dev/null
+++ b/tests/roles/Test_Execution/handlers/main.yml
@@ -0,0 +1,3 @@
+- name: Inclue pki-core handlers
+ include: pki-core.yml
+ tags: pki-core
\ No newline at end of file
diff --git a/tests/roles/Test_Execution/handlers/pki-core.yml b/tests/roles/Test_Execution/handlers/pki-core.yml
new file mode 100644
index 0000000..ed22477
--- /dev/null
+++ b/tests/roles/Test_Execution/handlers/pki-core.yml
@@ -0,0 +1,54 @@
+- name: STOPCA
+ service:
+ name: pki-tomcatd@{{ topology }}-CA
+ state: stopped
+
+- name: STARTCA
+ service:
+ name: pki-tomcatd@{{ topology }}-CA
+ state: started
+
+- name: STOPKRA
+ service:
+ name: pki-tomcatd@{{ topology }}-KRA
+ state: stopped
+
+- name: STARTKRA
+ service:
+ name: pki-tomcatd@{{ topology }}-KRA
+ state: started
+
+- name: STOPOCSP
+ service:
+ name: pki-tomcatd@{{ topology }}-OCSP
+ state: stopped
+
+- name: STARTOCSP
+ service:
+ name: pki-tomcatd@{{ topology }}-OCSP
+ state: started
+
+- name: STOPTKS
+ service:
+ name: pki-tomcatd@{{ topology }}-TKS
+ state: stopped
+
+- name: STARTTKS
+ service:
+ name: pki-tomcatd@{{ topology }}-TKS
+ state: started
+
+- name: STOPTPS
+ service:
+ name: pki-tomcatd@{{ topology }}-TPS
+ state: stopped
+
+- name: STARTTPS
+ service:
+ name: pki-tomcatd@{{ topology }}-TPS
+ state: started
+
+- name: INC_CONSTANTS
+ include_vars:
+ file: /tmp/test_dir/constants.yml
+ name: variable
diff --git a/tests/roles/Test_Execution/tasks/configure_ca.yml b/tests/roles/Test_Execution/tasks/configure_ca.yml
new file mode 100644
index 0000000..a1de87d
--- /dev/null
+++ b/tests/roles/Test_Execution/tasks/configure_ca.yml
@@ -0,0 +1,18 @@
+- name: Install CA master
+ shell: pkispawn -s CA -f /tmp/test_dir/ca.cfg
+
+- name : Stopping CA Subsystem
+ shell: systemctl stop pki-tomcatd@{{ topology }}-CA.service
+
+- name: Enable SignedAudit for Subsystem
+ replace: dest=/etc/pki/{{ topology }}-CA/ca/CS.cfg regexp="log.instance.SignedAudit.logSigning=false" replace="log.instance.SignedAudit.logSigning=true"
+
+- name: Getting certificate nickname for CA CS.cfg
+ shell: grep "ca.ocsp_signing.nickname" /etc/pki/{{ topology }}-CA/ca/CS.cfg |awk -F"=" ' { print $2 } '
+ register: nickname_ocsp
+
+- name: Importing client certificate for OCSP
+ shell: certutil -L -d /var/lib/pki/{{ topology }}-CA/alias -n "{{ nickname_ocsp.stdout }}" -a > /tmp/test_dir/ocsp_signing.crt
+
+- name : Starting CA Subsystem
+ shell: systemctl start pki-tomcatd@{{ topology }}-CA.service
diff --git a/tests/roles/Test_Execution/tasks/configure_common.yml b/tests/roles/Test_Execution/tasks/configure_common.yml
new file mode 100644
index 0000000..9b4e6e8
--- /dev/null
+++ b/tests/roles/Test_Execution/tasks/configure_common.yml
@@ -0,0 +1,80 @@
+- name: Disable firewalld before LDAP and Subsystem installation
+ systemd: state=stopped name=firewalld
+ when: ansible_distribution == "RedHat" and ansible_distribution_version <= '7.4'
+
+- name : Set hostname for machines Bydefault we choose pki1 for master and pki2 for clones.
+ hostname: name=pki1.example.com
+ tags: platform-ci
+
+- name: Install a required package for modify hostname task below
+ dnf: pkg={{item}} state=latest
+ with_items:
+ - libselinux-python
+ when: ansible_distribution == "Fedora"
+
+- name : Modify hostname for master in /etc/hosts
+ lineinfile: dest=/etc/hosts regexp='.*{{ inventory_hostname }}$' create=yes insertafter=EOF line="{{ inventory_hostname }} {{ansible_fqdn}}" state=present
+ tags: platform-ci
+
+- name: install 389-ds-base module rhel8
+ shell: dnf module enable 389-ds:1.4 -y
+ when: ansible_distribution == "RedHat" and ansible_distribution_major_version == '8'
+
+- name: install 389-ds-base
+ shell: dnf -y install 389-ds-base 389-ds-base-snmp 389-ds-base-legacy-tools
+ when: ansible_distribution == "RedHat" and ansible_distribution_major_version == '8'
+
+- name: install pki-core module rhel8
+ shell: dnf module enable pki-core:10.6 -y
+ when: ansible_distribution == "RedHat" and ansible_distribution_major_version == '8'
+
+- name: install pki-core module rhel8
+ shell: dnf install pki-ca pki-kra -y
+ when: ansible_distribution == "RedHat" and ansible_distribution_major_version == '8'
+
+- name: Install list of packages for CS Master for Redhat
+ yum : pkg={{item}} state=latest
+ with_items:
+ - redhat-pki
+ - redhat-pki-console-theme
+ - redhat-pki-server-theme
+ - pki-console
+ - 389-ds-base
+ - pki-ca
+ - pki-kra
+ - pki-ocsp
+ - pki-tks
+ - pki-tps
+ - policycoreutils-python
+ - expect
+ - libselinux-python
+ when: ansible_distribution == "RedHat" and ansible_distribution_version <= '7.6'
+ tags: platform-ci
+
+- name: Install list of packages for CS Master for Fedora
+ dnf : pkg={{item}} state=latest
+ with_items:
+ - 389-ds-base
+ - dogtag-pki
+ - dogtag-pki-console-theme
+ - dogtag-pki-server-theme
+ - policycoreutils-python
+ - expect
+ when: ansible_distribution == "Fedora"
+ tags: platform-ci
+
+- name: Check for Removed dependency from mod_revocator and mod_nss.If failes refer BZ 1295276
+ command: rpm -q {{item}}
+ with_items:
+ - mod_revocator
+ - mod_nss
+ register: rpm_check
+ failed_when: "rpm_check.rc == 0"
+
+- name: Check for Removed dependency of perl from pki-server.If fails, refer BZ 1305769
+ command: rpm -qR pki-server | grep perl
+ register: rpm_check
+ failed_when: "rpm_check.rc == 0"
+
+- name: Making constants.py file compatable for including as vars.
+ shell: sed -e "s/ =/:/g;s/'//g" /tmp/test_dir/constants.py > /tmp/test_dir/constants.yml
diff --git a/tests/roles/Test_Execution/tasks/configure_kra.yml b/tests/roles/Test_Execution/tasks/configure_kra.yml
new file mode 100644
index 0000000..a8bdc87
--- /dev/null
+++ b/tests/roles/Test_Execution/tasks/configure_kra.yml
@@ -0,0 +1,36 @@
+- name: Install KRA master
+ shell: pkispawn -s KRA -f /tmp/test_dir/kra.cfg
+
+- name : Stopping KRA Subsystem
+ shell: echo "Stopping Subsystem for enabling Audit logging"
+ notify:
+ - STOPKRA
+ - INC_CONSTANTS
+
+- meta: flush_handlers
+
+- name: Enable SignedAudit
+ replace: dest=/etc/pki/{{ topology }}-KRA/kra/CS.cfg regexp="log.instance.SignedAudit.logSigning=false" replace="log.instance.SignedAudit.logSigning=true"
+
+- name: Enable OCSP for KRA
+ replace: dest=/etc/pki/{{ topology }}-KRA/server.xml regexp='enableOCSP="false"' replace='enableOCSP="true"'
+
+- name: Pointing KRA to correct OCSP port
+ replace: dest=/etc/pki/{{ topology }}-KRA/server.xml regexp='([0-9]+)/ca/ocsp' replace={{ variable.CA_HTTP_PORT }}/ca/ocsp
+
+- name: Picking the password in run-time from password.conf of KRA
+ shell: grep -i "internal=" /etc/pki/{{ topology }}-KRA/password.conf | awk -F"=" ' { print $2 } ' > /tmp/test_dir/certutil_password
+
+- name: Importing OCSP certificate in kra nssdb
+ shell: certutil -A -d /etc/pki/{{ topology }}-KRA/alias -n "ocspSigningCert cert-pki-ca" -t "C,," -i /tmp/test_dir/ocsp_signing.crt -f /tmp/test_dir/certutil_password
+ notify:
+ - STARTKRA
+
+- name: Removing file generated with password
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - /tmp/test_dir/certutil_password
+
+
diff --git a/tests/roles/Test_Execution/tasks/configure_ldap.yml b/tests/roles/Test_Execution/tasks/configure_ldap.yml
new file mode 100644
index 0000000..18a79c1
--- /dev/null
+++ b/tests/roles/Test_Execution/tasks/configure_ldap.yml
@@ -0,0 +1,26 @@
+- name: add nondefault port to selinux context
+ shell: |
+ semanage port -a -t ldap_port_t -p tcp 3389
+ semanage port -a -t ldap_port_t -p udp 3389
+ semanage port -l | grep ldap_port_t
+ when: topology == "topology-02"
+
+- name: Setup DS Service
+ shell: setup-ds.pl --silent --file=/tmp/test_dir/ldap.cfg
+ when: topology == "topology-01" or topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology == "topology-05" or topology == "topology-ecc"
+
+- name: Setup DS Service
+ shell: setup-ds.pl --silent --file=/tmp/test_dir/ldap_kra.cfg
+ when: topology == "topology-05"
+
+- name: Setup DS Service
+ shell: setup-ds.pl --silent --file=/tmp/test_dir/ldap_ocsp.cfg
+ when: topology == "topology-05"
+
+- name: Setup DS Service
+ shell: setup-ds.pl --silent --file=/tmp/test_dir/ldap_tks.cfg
+ when: topology == "topology-05"
+
+- name: Setup DS Service
+ shell: setup-ds.pl --silent --file=/tmp/test_dir/ldap_tps.cfg
+ when: topology == "topology-05"
diff --git a/tests/roles/Test_Execution/tasks/configure_ocsp.yml b/tests/roles/Test_Execution/tasks/configure_ocsp.yml
new file mode 100644
index 0000000..688f64d
--- /dev/null
+++ b/tests/roles/Test_Execution/tasks/configure_ocsp.yml
@@ -0,0 +1,35 @@
+- name: sleep
+ shell: sleep 5s
+
+- name: Install OCSP master
+ shell: pkispawn -s OCSP -f /tmp/test_dir/ocsp.cfg
+
+- name : Stopping OCSP Subsystem
+ shell: echo "Stopping Subsystem for enabling Audit logging"
+ notify:
+ - STOPOCSP
+
+- name: Enable SignedAudit
+ replace: dest=/etc/pki/{{ topology }}-OCSP/ocsp/CS.cfg regexp="log.instance.SignedAudit.logSigning=false" replace="log.instance.SignedAudit.logSigning=true"
+ notify:
+ - STARTOCSP
+
+- meta: flush_handlers
+
+- name: Enable OCSP
+ replace: dest=/etc/pki/{{ topology }}-OCSP/server.xml regexp='enableOCSP="false"' replace='enableOCSP="true"'
+
+- name: Picking the password in run-time from password.conf of OCSP.
+ shell: grep -i "internal=" /etc/pki/{{ topology }}-OCSP/password.conf | awk -F"=" ' { print $2 } ' > /tmp/test_dir/certutil_password
+
+- name: Importing OCSP certificate in ocsp nssdb
+ shell: certutil -A -d /etc/pki/{{ topology }}-OCSP/alias -n "ocspSigningCert cert-pki-ca" -t "C,," -i /tmp/test_dir/ocsp_signing.crt -f /tmp/test_dir/certutil_password
+ notify:
+ - STARTOCSP
+
+- name: Removing file generated with password
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - /tmp/test_dir/certutil_password
diff --git a/tests/roles/Test_Execution/tasks/configure_shared.yml b/tests/roles/Test_Execution/tasks/configure_shared.yml
new file mode 100644
index 0000000..3a858af
--- /dev/null
+++ b/tests/roles/Test_Execution/tasks/configure_shared.yml
@@ -0,0 +1,19 @@
+- name: Install CA master
+ shell: pkispawn -s CA -f /tmp/test_dir/ca.cfg
+
+- name: Install KRA master
+ shell: pkispawn -s KRA -f /tmp/test_dir/kra.cfg
+
+- name : Stopping pki-tomcat Instance
+ shell: systemctl stop pki-tomcatd@pki-tomcat.service
+# notify:
+# - INC_CONSTANTS
+
+- name: Enable SignedAudit for all subsystem
+ replace: dest=/etc/pki/pki-tomcat/{{ item }}/CS.cfg regexp="log.instance.SignedAudit.logSigning=false" replace="log.instance.SignedAudit.logSigning=true"
+ with_items:
+ - ca
+ - kra
+
+- name : Starting pki-tomcat Instance
+ shell: systemctl start pki-tomcatd@pki-tomcat.service
\ No newline at end of file
diff --git a/tests/roles/Test_Execution/tasks/configure_sharedsecret.yml b/tests/roles/Test_Execution/tasks/configure_sharedsecret.yml
new file mode 100644
index 0000000..f2e4de4
--- /dev/null
+++ b/tests/roles/Test_Execution/tasks/configure_sharedsecret.yml
@@ -0,0 +1,4 @@
+- name: Shared Secret sharing between TPS and TKS
+ script: test/script {{ topology }}
+ when: topology == "topology-02" or topology == "topology-05"
+ tags: platform-ci
diff --git a/tests/roles/Test_Execution/tasks/configure_tks.yml b/tests/roles/Test_Execution/tasks/configure_tks.yml
new file mode 100644
index 0000000..2d578a5
--- /dev/null
+++ b/tests/roles/Test_Execution/tasks/configure_tks.yml
@@ -0,0 +1,39 @@
+- name: Install TKS master
+ shell: pkispawn -s TKS -f /tmp/test_dir/tks.cfg
+
+- name : Stopping TKS Subsystem
+ shell: echo "Stopping Subsystem for enabling Audit logging"
+ notify:
+ - STOPTKS
+ - INC_CONSTANTS
+
+- meta: flush_handlers
+
+- name: Enable SignedAudit
+ replace: dest=/etc/pki/{{ topology }}-TKS/tks/CS.cfg regexp="log.instance.SignedAudit.logSigning=false" replace="log.instance.SignedAudit.logSigning=true"
+
+- name: Enable OCSP for TKS
+ replace: dest=/etc/pki/{{ topology }}-TKS/server.xml regexp='enableOCSP="false"' replace='enableOCSP="true"'
+
+- name: Pointing TKS to correct OCSP port
+ replace: dest=/etc/pki/{{ topology }}-TKS/server.xml regexp='([0-9]+)/ca/ocsp' replace={{ variable.CA_HTTP_PORT }}/ca/ocsp
+
+- name: Picking the password in run-time from password.conf of TKS
+ shell: grep -i "internal=" /etc/pki/{{ topology }}-TKS/password.conf | awk -F"=" ' { print $2 } ' > /tmp/test_dir/certutil_password
+
+- name: Importing OCSP certificate in TKS nssdb
+ shell: certutil -A -d /etc/pki/{{ topology }}-TKS/alias -n "ocspSigningCert cert-pki-ca" -t "C,," -i /tmp/test_dir/ocsp_signing.crt -f /tmp/test_dir/certutil_password
+ notify:
+ - STARTTKS
+
+- meta: flush_handlers
+
+- name: Sleep for a while to start TKS
+ shell: sleep 3s
+
+- name: Removing file generated with password
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - /tmp/test_dir/certutil_password
diff --git a/tests/roles/Test_Execution/tasks/configure_tps.yml b/tests/roles/Test_Execution/tasks/configure_tps.yml
new file mode 100644
index 0000000..b8292b7
--- /dev/null
+++ b/tests/roles/Test_Execution/tasks/configure_tps.yml
@@ -0,0 +1,34 @@
+- name: Install TPS master
+ shell: pkispawn -s TPS -f /tmp/test_dir/tps.cfg
+
+- name : Stopping TPS Subsystem
+ shell: echo "Stopping Subsystem for enabling Audit logging"
+ notify:
+ - STOPTPS
+ - INC_CONSTANTS
+
+- meta: flush_handlers
+
+- name: Enable SignedAudit
+ replace: dest=/etc/pki/{{ topology }}-TPS/tps/CS.cfg regexp="log.instance.SignedAudit.logSigning=false" replace="log.instance.SignedAudit.logSigning=true"
+
+- name: Enable OCSP for TPS
+ replace: dest=/etc/pki/{{ topology }}-TPS/server.xml regexp='enableOCSP="false"' replace='enableOCSP="true"'
+
+- name: Pointing TPS to correct OCSP port
+ replace: dest=/etc/pki/{{ topology }}-TPS/server.xml regexp='([0-9]+)/ca/ocsp' replace={{ variable.CA_HTTP_PORT }}/ca/ocsp
+
+- name: Picking the password in run-time from password.conf of TPS
+ shell: grep -i "internal=" /etc/pki/{{ topology }}-TPS/password.conf | awk -F"=" ' { print $2 } ' > /tmp/test_dir/certutil_password
+
+- name: Importing OCSP certificate in tps nssdb
+ shell: certutil -A -d /etc/pki/{{ topology }}-TPS/alias -n "ocspSigningCert cert-pki-ca" -t "C,," -i /tmp/test_dir/ocsp_signing.crt -f /tmp/test_dir/certutil_password
+ notify:
+ - STARTTPS
+
+- name: Removing file generated with password
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - /tmp/test_dir/certutil_password
diff --git a/tests/roles/Test_Execution/tasks/main.yml b/tests/roles/Test_Execution/tasks/main.yml
new file mode 100644
index 0000000..f56ccfa
--- /dev/null
+++ b/tests/roles/Test_Execution/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- include: configure_common.yml
+ when: topology == "topology-00" or topology == "topology-01" or topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology == "topology-05" or topology == "topology-ecc"
+- include: configure_ldap.yml
+ when: topology == "topology-01" or topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology == "topology-05" or topology == "topology-ecc"
+- include: configure_shared.yml
+ when: topology == "topology-01"
+- include: configure_ca.yml
+ when: topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology == "topology-05" or topology == "topology-ecc"
+- include: configure_kra.yml
+ when: topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology == "topology-05" or topology == "topology-ecc"
diff --git a/tests/roles/Test_Trigger/files/config_templates/ansible_constants.py b/tests/roles/Test_Trigger/files/config_templates/ansible_constants.py
new file mode 100644
index 0000000..c530163
--- /dev/null
+++ b/tests/roles/Test_Trigger/files/config_templates/ansible_constants.py
@@ -0,0 +1,75 @@
+#common to all subsystems
+MASTER_HOSTNAME = 'pki1.example.com'
+CLONE_HOSTNAME = 'pki2.example.com'
+
+CLIENT_PKCS12_PASSWORD = 'SECret.123'
+CLIENT_DIR_PASSWORD = 'SECret.123'
+BACKUP_PASSWORD = 'SECret.123'
+CLIENT_DATABASE_PASSWORD = 'SECret.123'
+NSSDB = '/opt/pki/certdb'
+#CA Instance
+CA_HTTPS_PORT = '20443'
+CA_HTTP_PORT = '20080'
+CA_AJP_PORT = '20009'
+CA_TOMCAT_PORT = '20005'
+CA_CLIENT_DIR = '/opt/topology-CA'
+CA_INSTANCE_NAME = 'topology-CA'
+SECURITY_DOMAIN_PASSWORD = 'SECret.123'
+CA_PASSWORD = 'SECret.123'
+CA_SECURITY_DOMAIN_NAME = 'topology_Foobarmaster.org'
+CA_ADMIN_USERNAME = 'caadmin'
+CA_ADMIN_NICK = 'PKI CA Administrator for Example.Org'
+#KRA Instance
+KRA_INSTANCE_NAME = 'topology-KRA'
+KRA_HTTPS_PORT = 21443
+KRA_HTTP_PORT = 21080
+KRA_AJP_PORT = 21009
+KRA_TOMCAT_PORT = 21005
+KRA_PASSWORD = 'SECret.123'
+KRA_CLIENT_DIR = '/opt/topology-KRA'
+KRA_ADMIN_NICK = 'PKI KRA Administrator for Example.Org'
+#OCSP Instance
+OCSP_INSTANCE_NAME = 'topology-OCSP'
+OCSP_HTTPS_PORT = 22443
+OCSP_HTTP_PORT = 22080
+OCSP_AJP_PORT = 22009
+OCSP_TOMCAT_PORT = 22005
+OCSP_PASSWORD = 'SECret.123'
+OCSP_CLIENT_DIR = '/opt/topology-OCSP'
+OCSP_ADMIN_NICK = 'PKI OCSP Administrator for Example.Org'
+#TKS Instance
+TKS_INSTANCE_NAME = 'topology-TKS'
+TKS_HTTPS_PORT = 23443
+TKS_HTTP_PORT = 23080
+TKS_AJP_PORT = 23009
+TKS_TOMCAT_PORT = 23005
+TKS_PASSWORD = 'SECret.123'
+TKS_CLIENT_DIR = '/opt/topology-TKS'
+#TPS instance
+TPS_INSTANCE_NAME = 'topology-TPS'
+TPS_HTTPS_PORT = '25443'
+TPS_HTTP_PORT = '25080'
+TPS_AJP_PORT = '25009'
+TPS_TOMCAT_PORT = '25005'
+TPS_PASSWORD = 'SECret.123'
+TPS_CLIENT_DIR = '/opt/topology-TPS'
+TPS_ADMIN_NICK = 'PKI TPS Administrator for Example.Org'
+#LDAP Details
+LDAP_PORT = 'ldapServerPort'
+LDAP_BIND_DN = 'cn=Directory Manager'
+LDAP_PASSWD = 'SECret.123'
+LDAP_BASE_DN = 'dc=example,dc=org'
+LDAP_KRA_PORT = 'ldapkraServerPort'
+LDAP_OCSP_PORT = 'ldapocspServerPort'
+LDAP_TKS_PORT = 'ldaptksServerPort'
+LDAP_TPS_PORT = 'ldaptpsServerPort'
+LDAP_USER = 'foobar'
+LDAP_USER_ENROLL = 'testuser'
+CUID = '40906145C76224192D2B'
+CUID_01 = '40906145C76224192D11'
+TPS_OPERATION = 'ra_enroll'
+#Details for tps-activity cli automation
+LDAP_USER1 = 'jdoe'
+TOKEN_FORMAT = 'ra_format'
+TOKEN_RESET_PIN = 'ra_reset_pin'
+TOKEN_CUID = '40000000000000000002'
diff --git a/tests/roles/Test_Trigger/files/test/ca.cfg b/tests/roles/Test_Trigger/files/test/ca.cfg
new file mode 100644
index 0000000..c142381
--- /dev/null
+++ b/tests/roles/Test_Trigger/files/test/ca.cfg
@@ -0,0 +1,55 @@
+[DEFAULT]
+pki_instance_name = topology-CA
+pki_https_port = capki_https_port
+pki_http_port = capki_http_port
+
+pki_token_password = SECret.123
+
+
+pki_admin_password = SECret.123
+pki_admin_key_type=rsa
+pki_admin_key_size=2048
+pki_admin_key_algorithm=SHA512withRSA
+
+pki_hostname = SERVERNAME
+pki_security_domain_name = topology_Foobarmaster.org
+pki_security_domain_password = SECret.123
+
+pki_client_dir = /opt/topology-CA
+pki_client_pkcs12_password = SECret.123
+pki_backup_keys = True
+pki_backup_password = SECret.123
+pki_ds_password = SECret.123
+pki_ds_ldap_port = ldapServerPort
+
+pki_sslserver_key_algorithm=SHA512withRSA
+pki_sslserver_key_size=2048
+pki_sslserver_key_type=rsa
+
+pki_subsystem_key_type=rsa
+pki_subsystem_key_size=2048
+pki_subsystem_key_algorithm=SHA512withRSA
+
+pki_audit_signing_key_algorithm=SHA512withRSA
+pki_audit_signing_key_size=2048
+pki_audit_signing_key_type=rsa
+pki_audit_signing_signing_algorithm=SHA512withRSA
+
+[Tomcat]
+pki_ajp_port = capki_ajp_port
+pki_tomcat_server_port = capki_tomcat_port
+
+[CA]
+pki_import_admin_cert = False
+pki_ds_hostname = SERVERNAME
+pki_admin_nickname = PKI CA Administrator for Example.Org
+
+pki_ca_signing_key_algorithm=SHA512withRSA
+pki_ca_signing_key_size=2048
+pki_ca_signing_key_type=rsa
+pki_ca_signing_signing_algorithm=SHA512withRSA
+
+pki_ocsp_signing_key_algorithm=SHA512withRSA
+pki_ocsp_signing_key_size=2048
+pki_ocsp_signing_key_type=rsa
+pki_ocsp_signing_signing_algorithm=SHA512withRSA
\ No newline at end of file
diff --git a/tests/roles/Test_Trigger/files/test/constants.py b/tests/roles/Test_Trigger/files/test/constants.py
new file mode 100644
index 0000000..c0bd59a
--- /dev/null
+++ b/tests/roles/Test_Trigger/files/test/constants.py
@@ -0,0 +1,76 @@
+#common to all subsystems
+MASTER_HOSTNAME = 'pki1.example.com'
+CLONE_HOSTNAME = 'pki2.example.com'
+
+CLIENT_PKCS12_PASSWORD = 'SECret.123'
+CLIENT_DIR_PASSWORD = 'SECret.123'
+BACKUP_PASSWORD = 'SECret.123'
+CLIENT_DATABASE_PASSWORD = 'SECret.123'
+NSSDB = '/opt/pki/certdb'
+#CA Instance
+CA_HTTPS_PORT = 'capki_https_port'
+CA_HTTP_PORT = 'capki_http_port'
+CA_AJP_PORT = 'capki_ajp_port'
+CA_TOMCAT_PORT = 'capki_tomcat_port'
+CA_CLIENT_DIR = '/opt/topology-CA'
+CA_INSTANCE_NAME = 'topology-CA'
+SECURITY_DOMAIN_PASSWORD = 'SECret.123'
+CA_PASSWORD = 'SECret.123'
+CA_SECURITY_DOMAIN_NAME = 'topology_Foobarmaster.org'
+CA_ADMIN_USERNAME = 'caadmin'
+CA_ADMIN_NICK = 'PKI CA Administrator for Example.Org'
+#KRA Instance
+KRA_INSTANCE_NAME = 'topology-KRA'
+KRA_HTTPS_PORT = 'krapki_https_port'
+KRA_HTTP_PORT = 'krapki_http_port'
+KRA_AJP_PORT = 'krapki_ajp_port'
+KRA_TOMCAT_PORT = 'krapki_tomcat_server_port'
+KRA_PASSWORD = 'SECret.123'
+KRA_CLIENT_DIR = '/opt/topology-KRA'
+KRA_ADMIN_NICK = 'PKI KRA Administrator for Example.Org'
+#OCSP Instance
+OCSP_INSTANCE_NAME = 'topology-OCSP'
+OCSP_HTTPS_PORT = 'ocsppki_https_port'
+OCSP_HTTP_PORT = 'ocsppki_http_port'
+OCSP_AJP_PORT = 'ocsppki_ajp_port'
+OCSP_TOMCAT_PORT = 'ocsppki_tomcat_server_port'
+OCSP_PASSWORD = 'SECret.123'
+OCSP_CLIENT_DIR = '/opt/topology-OCSP'
+OCSP_ADMIN_NICK = 'PKI OCSP Administrator for Example.Org'
+#TKS Instance
+TKS_INSTANCE_NAME = 'topology-TKS'
+TKS_HTTPS_PORT = 'tkspki_https_port'
+TKS_HTTP_PORT = 'tkspki_http_port'
+TKS_AJP_PORT = 'tkspki_ajp_port'
+TKS_TOMCAT_PORT = 'tkspki_tomcat_server_port'
+TKS_PASSWORD = 'SECret.123'
+TKS_CLIENT_DIR = '/opt/topology-TKS'
+TKS_ADMIN_NICK = 'PKI TKS Administrator for Example.Org'
+#TPS instance
+TPS_INSTANCE_NAME = 'topology-TPS'
+TPS_HTTPS_PORT = 'tpspki_https_port'
+TPS_HTTP_PORT = 'tpspki_http_port'
+TPS_AJP_PORT = 'tpspki_ajp_port'
+TPS_TOMCAT_PORT = 'tpspki_tomcat_server_port'
+TPS_PASSWORD = 'SECret.123'
+TPS_CLIENT_DIR = '/opt/topology-TPS'
+TPS_ADMIN_NICK = 'PKI TPS Administrator for Example.Org'
+#LDAP Details
+LDAP_PORT = 'ldapServerPort'
+LDAP_BIND_DN = 'cn=Directory Manager'
+LDAP_PASSWD = 'SECret.123'
+LDAP_BASE_DN = 'dc=example,dc=org'
+LDAP_KRA_PORT = 'ldapkraServerPort'
+LDAP_OCSP_PORT = 'ldapocspServerPort'
+LDAP_TKS_PORT = 'ldaptksServerPort'
+LDAP_TPS_PORT = 'ldaptpsServerPort'
+LDAP_USER = 'foobar'
+LDAP_USER_ENROLL = 'testuser'
+CUID = '40906145C76224192D2B'
+CUID_01 = '40906145C76224192D11'
+TPS_OPERATION = 'ra_enroll'
+#Details for tps-activity cli automation
+LDAP_USER1 = 'jdoe'
+TOKEN_FORMAT = 'ra_format'
+TOKEN_RESET_PIN = 'ra_reset_pin'
+TOKEN_CUID = '40000000000000000002'
\ No newline at end of file
diff --git a/tests/roles/Test_Trigger/files/test/kra.cfg b/tests/roles/Test_Trigger/files/test/kra.cfg
new file mode 100644
index 0000000..6f33f52
--- /dev/null
+++ b/tests/roles/Test_Trigger/files/test/kra.cfg
@@ -0,0 +1,61 @@
+[DEFAULT]
+pki_instance_name = topology-KRA
+pki_https_port = krapki_https_port
+pki_http_port = krapki_http_port
+
+pki_token_password = SECret.123
+pki_admin_password = SECret.123
+pki_admin_key_type=rsa
+pki_admin_key_size=2048
+pki_admin_key_algorithm=SHA512withRSA
+
+pki_hostname = SERVERNAME
+pki_security_domain_hostname = SERVERNAME
+pki_security_domain_https_port = secure_domain_port
+pki_security_domain_name = topology_Foobarmaster.org
+pki_security_domain_password = SECret.123
+
+pki_client_dir = /opt/topology-KRA
+pki_client_pkcs12_password = SECret.123
+pki_client_database_password = SECret.123
+
+pki_backup_keys = True
+pki_backup_password = SECret.123
+
+pki_ds_password = SECret.123
+pki_ds_ldap_port = ldapServerPort
+
+
+pki_sslserver_key_algorithm=SHA512withRSA
+pki_sslserver_key_size=2048
+pki_sslserver_key_type=rsa
+
+pki_subsystem_key_algorithm=SHA512withRSA
+pki_subsystem_key_size=2048
+pki_subsystem_key_type=rsa
+
+pki_audit_signing_key_algorithm=SHA512withRSA
+pki_audit_signing_key_size=2048
+pki_audit_signing_key_type=rsa
+pki_audit_signing_signing_algorithm=SHA512withRSA
+
+[Tomcat]
+pki_ajp_port = krapki_ajp_port
+pki_tomcat_server_port = krapki_tomcat_server_port
+
+[KRA]
+pki_import_admin_cert = False
+pki_admin_nickname = PKI KRA Administrator for Example.Org
+
+pki_ds_hostname = SERVERNAME
+
+pki_storage_key_algorithm=SHA512withRSA
+pki_storage_key_size=2048
+pki_storage_key_type=rsa
+pki_storage_signing_algorithm=SHA512withRSA
+
+pki_transport_key_algorithm=SHA512withRSA
+pki_transport_key_size=2048
+pki_transport_key_type=rsa
+pki_transport_signing_algorithm=SHA512withRSA
+
diff --git a/tests/roles/Test_Trigger/files/test/ldap.cfg b/tests/roles/Test_Trigger/files/test/ldap.cfg
new file mode 100644
index 0000000..b7cde1f
--- /dev/null
+++ b/tests/roles/Test_Trigger/files/test/ldap.cfg
@@ -0,0 +1,12 @@
+[General]
+FullMachineName = SERVERNAME
+SuiteSpotUserID = nobody
+SuiteSpotGroup = nobody
+ConfigDirectoryAdminID = admin
+
+[slapd]
+ServerIdentifier = topology-testingmaster
+ServerPort = ldapServerPort
+Suffix = dc=example,dc=com
+RootDN = CN=Directory Manager
+RootDNPwd = SECret.123
diff --git a/tests/roles/Test_Trigger/files/test/ocsp.cfg b/tests/roles/Test_Trigger/files/test/ocsp.cfg
new file mode 100644
index 0000000..e91bd3b
--- /dev/null
+++ b/tests/roles/Test_Trigger/files/test/ocsp.cfg
@@ -0,0 +1,56 @@
+[DEFAULT]
+pki_instance_name = topology-OCSP
+pki_https_port = ocsppki_https_port
+pki_http_port = ocsppki_http_port
+
+pki_token_password = SECret.123
+
+pki_admin_password = SECret.123
+pki_admin_key_type=rsa
+pki_admin_key_size=2048
+pki_admin_key_algorithm=SHA512withRSA
+
+pki_hostname = SERVERNAME
+pki_security_domain_hostname = SERVERNAME
+pki_security_domain_name = topology_Foobarmaster.org
+pki_security_domain_password = SECret.123
+pki_security_domain_https_port = secure_domain_port
+
+pki_client_dir = /opt/topology-OCSP
+pki_client_pkcs12_password = SECret.123
+pki_client_database_password = SECret.123
+
+pki_backup_keys = True
+pki_backup_password = SECret.123
+
+pki_ds_password = SECret.123
+pki_ds_ldap_port = ldapServerPort
+
+pki_sslserver_key_algorithm=SHA512withRSA
+pki_sslserver_key_size=2048
+pki_sslserver_key_type=rsa
+
+pki_subsystem_key_algorithm=SHA512withRSA
+pki_subsystem_key_size=2048
+pki_subsystem_key_type=rsa
+
+pki_audit_signing_key_type=rsa
+pki_audit_signing_key_size=2048
+pki_audit_signing_key_algorithm=SHA512withRSA
+pki_audit_signing_signing_algorithm=SHA512withRSA
+
+[Tomcat]
+pki_ajp_port = ocsppki_ajp_port
+pki_tomcat_server_port = ocsppki_tomcat_server_port
+
+[OCSP]
+pki_import_admin_cert = False
+pki_admin_nickname= PKI OCSP Administrator for Example.Org
+
+
+pki_ds_hostname = SERVERNAME
+
+pki_ocsp_signing_key_algorithm=SHA512withRSA
+pki_ocsp_signing_key_size=2048
+pki_ocsp_signing_key_type=rsa
+pki_ocsp_signing_signing_algorithm=SHA512withRSA
\ No newline at end of file
diff --git a/tests/roles/Test_Trigger/files/test/script b/tests/roles/Test_Trigger/files/test/script
new file mode 100755
index 0000000..c98e4ae
--- /dev/null
+++ b/tests/roles/Test_Trigger/files/test/script
@@ -0,0 +1,79 @@
+#!/bin/sh
+#Generate Noise using Openssl
+echo "Defining variables "
+tks_password="/tmp/tkspassword.txt"
+tps_password="/tmp/tpspassword.txt"
+tks_alias="/var/lib/pki/$1-TKS/alias"
+tps_alias="/var/lib/pki/$1-TPS/alias"
+tks_noise="/tmp/tks_noise"
+tks_shared_secret="sharedSecret"
+tks_conf="/var/lib/pki/$1-TKS/tks/conf/CS.cfg"
+tps_conf="/var/lib/pki/$1-TPS/tps/conf/CS.cfg"
+tps_input_file="/tmp/tps-input.txt"
+tks_secret_output="/tmp/secret"
+tks_input_file="/tmp/tks-input.txt"
+tks_input="proceed\r\n"
+tks_secret_output="/tmp/sharedSecret.out"
+tps_key_import_status="/tmp/sharedSecretImport.out"
+echo "proceed\r\n" > $tks_input_file
+echo "Generate Noise using OpenSSL"
+openssl rand -hex 2048 | perl -p -e 's/\n//' > $tks_noise
+cat /var/lib/pki/$1-TKS/conf/password.conf | sed 's/^internal=//' > $tks_password
+cat /var/lib/pki/$1-TPS/conf/password.conf | sed 's/^internal=//' > $tps_password
+
+echo "Stopping TKS & TPS instance"
+systemctl stop pki-tomcatd@$1-TKS.service
+systemctl stop pki-tomcatd@$1-TPS.service
+echo "Generating shared secret"
+/usr/bin/tkstool -D -d $tks_alias -n "TPS-`hostname`-25443 sharedSecret" -f $tks_password
+/usr/bin/tkstool -T -d $tks_alias -n $tks_shared_secret -f $tks_password -z $tks_noise > $tks_secret_output < $tks_input_file
+/usr/bin/tkstool -L -d $tks_alias -n $tks_shared_secret -f $tks_password > /tmp/sharedSecretList1.out
+grep "$tks_shared_secret" /tmp/sharedSecretList1.out
+first_session_tmp1=$(cat $tks_secret_output | grep -A1 "first\ssession\skey\sshare:")
+first_session_tmp2=$(echo $first_session_tmp1 | sed 's/^first session key share://')
+first_session_key=$(echo ${first_session_tmp2%% })
+first_session_KCV_tmp1=$(cat $tks_secret_output | grep "first\ssession\skey\sshare\sKCV:")
+first_session_KCV_tmp2=$(echo $first_session_KCV_tmp1 | sed 's/^first session key share KCV://')
+first_session_KCV_key=$(echo ${first_session_KCV_tmp2%% })
+
+second_session_tmp1=$(cat $tks_secret_output | grep -A1 "second\ssession\skey\sshare:")
+second_session_tmp2=$(echo $second_session_tmp1 | sed 's/^second session key share://')
+second_session_key=$(echo ${second_session_tmp2%% })
+second_session_KCV_tmp1=$(cat $tks_secret_output | grep "second\ssession\skey\sshare\sKCV:")
+second_session_KCV_tmp2=$(echo $second_session_KCV_tmp1 | sed 's/^second session key share KCV://')
+second_session_KCV_key=$(echo ${second_session_KCV_tmp2%% })
+
+third_session_tmp1=$(cat $tks_secret_output | grep -A1 "third\ssession\skey\sshare:")
+third_session_tmp2=$(echo $third_session_tmp1 | sed 's/^third session key share://')
+third_session_key=$(echo ${third_session_tmp2%% })
+third_session_KCV_tmp1=$(cat $tks_secret_output | grep "third\ssession\skey\sshare\sKCV:")
+third_session_KCV_tmp2=$(echo $third_session_KCV_tmp1 | sed 's/^third session key share KCV://')
+third_session_KCV_key=$(echo ${third_session_KCV_tmp2%% })
+
+sed -i -e "/tps.0.nickname=/s/=.*/=$tks_shared_secret/g" $tks_conf
+sed -i -e "/tks.tksSharedSymKeyName=/s/=.*/=$tks_shared_secret/g" $tks_conf
+echo "Restart $1-TKS instance"
+systemctl restart pki-tomcatd@$1-TKS.service
+echo "proceed\r\n" > $tps_input_file
+echo "$first_session_key\r\n" >> $tps_input_file
+echo "\r\n" >> $tps_input_file
+echo "$first_session_KCV_key\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "$second_session_key\r\n" >> $tps_input_file
+echo "\r\n" >> $tps_input_file
+echo "$second_session_KCV_key\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "$third_session_key\r\n" >> $tps_input_file
+echo "\r\n" >> $tps_input_file
+echo "$third_session_KCV_key\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+
+/usr/bin/tkstool -I -d $tps_alias -n $tks_shared_secret -f $tps_password < $tps_input_file > $tps_key_import_status
+/usr/bin/tkstool -L -d $tps_alias -n $tks_shared_secret -f $tps_password > /tmp/sharedSecretList2.out
+grep "$tks_shared_secret" /tmp/sharedSecretList2.out
+sed -i -e "/tps.connector.tks1.tksSharedSymKeyName=/s/=.*/=$tks_shared_secret/g" $tps_conf
+sed -i -e "/conn.tks1.tksSharedSymKeyName=/s/=.*/=$tks_shared_secret/g" $tps_conf
+echo "Restart $1-TPS instance"
+systemctl restart pki-tomcatd@$1-TPS.service
diff --git a/tests/roles/Test_Trigger/files/test/tks.cfg b/tests/roles/Test_Trigger/files/test/tks.cfg
new file mode 100644
index 0000000..8e5289a
--- /dev/null
+++ b/tests/roles/Test_Trigger/files/test/tks.cfg
@@ -0,0 +1,52 @@
+[DEFAULT]
+pki_instance_name = topology-TKS
+pki_https_port = tkspki_https_port
+pki_http_port = tkspki_http_port
+
+pki_token_password = SECret.123
+
+pki_admin_password = SECret.123
+pki_admin_key_type=rsa
+pki_admin_key_size=2048
+pki_admin_key_algorithm=SHA512withRSA
+
+pki_hostname = SERVERNAME
+pki_security_domain_hostname = SERVERNAME
+pki_security_domain_name = topology_Foobarmaster.org
+pki_security_domain_password = SECret.123
+pki_security_domain_https_port = secure_domain_port
+
+pki_client_dir = /opt/topology-TKS
+pki_client_pkcs12_password = SECret.123
+pki_client_database_password = SECret.123
+
+pki_backup_keys = True
+pki_backup_password = SECret.123
+
+pki_ds_password = SECret.123
+pki_ds_ldap_port = ldapServerPort
+
+pki_subsystem_key_type=rsa
+pki_subsystem_key_size=2048
+pki_subsystem_key_algorithm=SHA512withRSA
+pki_subsystem_signing_algorithm=SHA512withRSA
+
+pki_sslserver_key_type=rsa
+pki_sslserver_key_size=2048
+pki_sslserver_key_algorithm=SHA512withRSA
+pki_sslserver_signing_algorithm=SHA512withRSA
+
+[Tomcat]
+pki_ajp_port = tkspki_ajp_port
+pki_tomcat_server_port = tkspki_tomcat_server_port
+
+[TKS]
+pki_import_admin_cert = False
+pki_admin_nickname= PKI TKS Administrator for Example.Org
+
+pki_ds_hostname = SERVERNAME
+
+pki_audit_signing_key_algorithm=SHA512withRSA
+pki_audit_signing_key_size=2048
+pki_audit_signing_key_type=rsa
+pki_audit_signing_signing_algorithm=SHA512withRSA
\ No newline at end of file
diff --git a/tests/roles/Test_Trigger/files/test/tps.cfg b/tests/roles/Test_Trigger/files/test/tps.cfg
new file mode 100644
index 0000000..9252560
--- /dev/null
+++ b/tests/roles/Test_Trigger/files/test/tps.cfg
@@ -0,0 +1,34 @@
+[DEFAULT]
+pki_instance_name = topology-TPS
+pki_https_port = tpspki_https_port
+pki_http_port = tpspki_http_port
+pki_token_password = SECret.123
+pki_admin_password = SECret.123
+pki_hostname = SERVERNAME
+pki_security_domain_hostname = SERVERNAME
+pki_security_domain_https_port = secure_domain_port
+pki_security_domain_name = topology_Foobarmaster.org
+pki_security_domain_password = SECret.123
+pki_client_dir = /opt/topology-TPS
+pki_client_pkcs12_password = SECret.123
+pki_backup_keys = True
+pki_backup_password = SECret.123
+pki_ds_password = SECret.123
+pki_ds_ldap_port = ldapServerPort
+pki_client_database_password = SECret.123
+
+[Tomcat]
+pki_ajp_port = tpspki_ajp_port
+pki_tomcat_server_port = tpspki_tomcat_server_port
+
+[TPS]
+pki_import_admin_cert = False
+pki_ds_hostname = SERVERNAME
+pki_authdb_basedn = ou=People,dc=example,dc=org
+pki_authdb_hostname=SERVERNAME
+pki_authdb_port=3389
+pki_ca_uri=https://SERVERNAME:capki_https_port
+pki_tks_uri=https://SERVERNAME:tkspki_https_port
+pki_kra_uri=https://SERVERNAME:krapki_https_port
+pki_admin_nickname=PKI TPS Administrator for Example.Org
+pki_enable_server_side_keygen=True
diff --git a/tests/roles/Test_Trigger/tasks/configure_ca.yml b/tests/roles/Test_Trigger/tasks/configure_ca.yml
new file mode 100644
index 0000000..fd109ee
--- /dev/null
+++ b/tests/roles/Test_Trigger/tasks/configure_ca.yml
@@ -0,0 +1,24 @@
+
+- name: Replace CA specific changes
+ replace: dest={{item}} regexp="capki_https_port" replace={{capki_https_port}}
+ with_items:
+ - /tmp/test_dir/ca.cfg
+ - /tmp/test_dir/constants.py
+
+- name: Replace http port for CA.
+ replace: dest={{item}} regexp="capki_http_port" replace={{capki_http_port}}
+ with_items:
+ - /tmp/test_dir/ca.cfg
+ - /tmp/test_dir/constants.py
+
+- name: Replace ajp port for CA
+ replace: dest={{item}} regexp="capki_ajp_port" replace={{capki_ajp_port}}
+ with_items:
+ - /tmp/test_dir/ca.cfg
+ - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for CA
+ replace: dest={{item}} regexp="capki_tomcat_port" replace={{capki_tomcat_port}}
+ with_items:
+ - /tmp/test_dir/ca.cfg
+ - /tmp/test_dir/constants.py
diff --git a/tests/roles/Test_Trigger/tasks/configure_common.yml b/tests/roles/Test_Trigger/tasks/configure_common.yml
new file mode 100644
index 0000000..7d74d7a
--- /dev/null
+++ b/tests/roles/Test_Trigger/tasks/configure_common.yml
@@ -0,0 +1,145 @@
+- name: Pick constants based on {{topology}}
+ include_vars: "{{ item }}"
+ with_items:
+ - "{{ playbook_dir }}/vars/ldap_shared.yml"
+ - "{{ playbook_dir }}/vars/ca_shared.yml"
+ when: topology == "topology-01"
+
+- name: Pick constants based on {{topology}}
+ include_vars: "{{ item }}"
+ with_items:
+ - "{{ playbook_dir }}/vars/ldap.yml"
+ - "{{ playbook_dir }}/vars/ca.yml"
+ - "{{ playbook_dir }}/vars/kra.yml"
+ - "{{ playbook_dir }}/vars/ocsp.yml"
+ - "{{ playbook_dir }}/vars/tks.yml"
+ - "{{ playbook_dir }}/vars/tps.yml"
+ when: topology == "topology-02"
+
+- name: Pick constants based on {{topology}}
+ include_vars: "{{ item }}"
+ with_items:
+ - "{{ playbook_dir }}/vars/ldap.yml"
+ - "{{ playbook_dir }}/vars/ca.yml"
+ - "{{ playbook_dir }}/vars/kra.yml"
+ - "{{ playbook_dir }}/vars/ocsp.yml"
+ when: topology == "topology-03"
+
+- name: Pick constants based on {{topology}}
+ include_vars: "{{ item }}"
+ with_items:
+ - "{{ playbook_dir }}/vars/ldap.yml"
+ - "{{ playbook_dir }}/vars/ca.yml"
+ - "{{ playbook_dir }}/vars/kra.yml"
+ - "{{ playbook_dir }}/vars/tks.yml"
+ - "{{ playbook_dir }}/vars/tps.yml"
+ when: topology == "topology-04"
+
+- name: Pick constants based on {{topology}}
+ include_vars: "{{ item }}"
+ with_items:
+ - "{{ playbook_dir }}/vars/ldap.yml"
+ - "{{ playbook_dir }}/vars/ca.yml"
+ - "{{ playbook_dir }}/vars/kra.yml"
+ - "{{ playbook_dir }}/vars/ocsp.yml"
+ - "{{ playbook_dir }}/vars/tks.yml"
+ - "{{ playbook_dir }}/vars/tps.yml"
+ when: topology == "topology-05"
+
+- name: Pick constants based on {{topology}}
+ include_vars: "{{ item }}"
+ with_items:
+ - "{{ playbook_dir }}/vars/ldap.yml"
+ - "{{ playbook_dir }}/vars/ca.yml"
+ - "{{ playbook_dir }}/vars/kra.yml"
+ - "{{ playbook_dir }}/vars/ocsp.yml"
+ - "{{ playbook_dir }}/vars/tks.yml"
+ - "{{ playbook_dir }}/vars/tps.yml"
+ when: topology == "topology-ecc"
+
+- name: Creates directory
+ file: path=/tmp/test_files state=directory
+
+- name: Copying templates to /tmp folder
+ copy : src=test/ dest=/tmp/test_dir
+
+- name: Replace Ldap server port in all configuration files
+ replace: dest={{item}} regexp="ldapServerPort" replace={{ldapServerPort}}
+ with_items:
+ - /tmp/test_dir/ldap.cfg
+ - /tmp/test_dir/ca.cfg
+ - /tmp/test_dir/kra.cfg
+ - /tmp/test_dir/ocsp.cfg
+ - /tmp/test_dir/tks.cfg
+ - /tmp/test_dir/tps.cfg
+ - /tmp/test_dir/constants.py
+
+- name: Replace topology in use in all configuration files
+ replace: dest={{item}} regexp="topology" replace={{topology}}
+ with_items:
+ - /tmp/test_dir/ldap.cfg
+ - /tmp/test_dir/ca.cfg
+ - /tmp/test_dir/kra.cfg
+ - /tmp/test_dir/ocsp.cfg
+ - /tmp/test_dir/tks.cfg
+ - /tmp/test_dir/tps.cfg
+ - /tmp/test_dir/constants.py
+
+
+- name : Substitute SHA512withEC with SHA512withRSA when topology=topology-ecc
+ replace: dest={{item}} regexp="SHA512withRSA" replace="SHA512withEC"
+ with_items:
+ - /tmp/test_dir/ca.cfg
+ - /tmp/test_dir/kra.cfg
+ - /tmp/test_dir/ocsp.cfg
+ - /tmp/test_dir/tks.cfg
+ when: topology == "topology-ecc"
+
+- name : Substitute ecc with rsa when topology=topology-ecc
+ replace: dest={{item}} regexp="rsa" replace="ecc"
+ with_items:
+ - /tmp/test_dir/ca.cfg
+ - /tmp/test_dir/kra.cfg
+ - /tmp/test_dir/ocsp.cfg
+ - /tmp/test_dir/tks.cfg
+ when: topology == "topology-ecc"
+
+- name : Substitute keysize nistp521 with keysize 2048 when topology=topology-ecc
+ replace: dest={{item}} regexp="2048" replace="nistp521"
+ with_items:
+ - /tmp/test_dir/ca.cfg
+ - /tmp/test_dir/kra.cfg
+ - /tmp/test_dir/ocsp.cfg
+ - /tmp/test_dir/tks.cfg
+ when: topology == "topology-ecc"
+
+- name : For topology-01
+ replace: dest={{item}} regexp="pki_instance_name" replace="#pki_instance_name"
+ with_items:
+ - /tmp/test_dir/ca.cfg
+ - /tmp/test_dir/kra.cfg
+ - /tmp/test_dir/ocsp.cfg
+ - /tmp/test_dir/tks.cfg
+ - /tmp/test_dir/tps.cfg
+ when:
+ - topology == "topology-01"
+
+
+- name: Replace ServerName in all configuration files.
+ replace: dest={{item}} regexp="SERVERNAME" replace=pki1.example.com
+ with_items:
+ - /tmp/test_dir/ldap.cfg
+ - /tmp/test_dir/ca.cfg
+ - /tmp/test_dir/kra.cfg
+ - /tmp/test_dir/ocsp.cfg
+ - /tmp/test_dir/tks.cfg
+ - /tmp/test_dir/tps.cfg
+
+- name: Replace ServerName in all configuration files.
+ replace: dest={{item}} regexp="SERVERNAME" replace=pki1.example.com
+ with_items:
+ - /tmp/test_dir/ldap_kra.cfg
+ - /tmp/test_dir/ldap_ocsp.cfg
+ - /tmp/test_dir/ldap_tks.cfg
+ - /tmp/test_dir/ldap_tps.cfg
+ when: topology == "topology-05"
diff --git a/tests/roles/Test_Trigger/tasks/configure_kra.yml b/tests/roles/Test_Trigger/tasks/configure_kra.yml
new file mode 100644
index 0000000..adb3a76
--- /dev/null
+++ b/tests/roles/Test_Trigger/tasks/configure_kra.yml
@@ -0,0 +1,28 @@
+- name: Replace KRA specific changes
+ replace: dest={{item}} regexp="krapki_https_port" replace={{krapki_https_port}}
+ with_items:
+ - /tmp/test_dir/kra.cfg
+ - /tmp/test_dir/constants.py
+
+- name: Replace http port for KRA.
+ replace: dest={{item}} regexp="krapki_http_port" replace={{krapki_http_port}}
+ with_items:
+ - /tmp/test_dir/kra.cfg
+ - /tmp/test_dir/constants.py
+
+- name: Replace ajp port for KRA
+ replace: dest={{item}} regexp="krapki_ajp_port" replace={{krapki_ajp_port}}
+ with_items:
+ - /tmp/test_dir/kra.cfg
+ - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for KRA
+ replace: dest={{item}} regexp="krapki_tomcat_server_port" replace={{krapki_tomcat_server_port}}
+ with_items:
+ - /tmp/test_dir/kra.cfg
+ - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for KRA
+ replace: dest={{item}} regexp="secure_domain_port" replace={{capki_https_port}}
+ with_items:
+ - /tmp/test_dir/kra.cfg
diff --git a/tests/roles/Test_Trigger/tasks/configure_ldap.yml b/tests/roles/Test_Trigger/tasks/configure_ldap.yml
new file mode 100644
index 0000000..f9af68c
--- /dev/null
+++ b/tests/roles/Test_Trigger/tasks/configure_ldap.yml
@@ -0,0 +1,47 @@
+- name : Create different ldap files for ca,kra,ocsp,tks and tps.
+ shell : for i in kra ocsp tks tps ;do cp /tmp/test_dir/ldap.cfg /tmp/test_dir/ldap_$i.cfg ; sed -i "s/testingmaster/$i-testingmaster/" /tmp/test_dir/ldap_$i.cfg; done
+ when: topology == "topology-05"
+
+- name : Conditional check before replacing values in ldap.cfg file.
+ replace: dest={{item}} regexp="3389" replace={{ldapkraServerPort}}
+ with_items:
+ - /tmp/test_dir/ldap_kra.cfg
+ - /tmp/test_dir/kra.cfg
+ when: topology == "topology-05"
+
+- name : Conditional check before replacing values in ldap.cfg file.
+ replace: dest={{item}} regexp="3389" replace={{ldapocspServerPort}}
+ with_items:
+ - /tmp/test_dir/ldap_ocsp.cfg
+ - /tmp/test_dir/ocsp.cfg
+ when: topology == "topology-05"
+
+- name : Conditional check before replacing values in ldap.cfg file.
+ replace: dest={{item}} regexp="3389" replace={{ldaptksServerPort}}
+ with_items:
+ - /tmp/test_dir/ldap_tks.cfg
+ - /tmp/test_dir/tks.cfg
+ when: topology == "topology-05"
+
+- name : Conditional check before replacing values in ldap.cfg file.
+ replace: dest={{item}} regexp="3389" replace={{ldaptpsServerPort}}
+ with_items:
+ - /tmp/test_dir/ldap_tps.cfg
+ - /tmp/test_dir/tps.cfg
+ when: topology == "topology-05"
+
+- name: Replace Ldap server port in all configuration files
+ replace: dest=/tmp/test_dir/constants.py regexp="ldapkraServerPort" replace={{ldapkraServerPort}}
+ when: topology == "topology-05"
+
+- name: Replace Ldap server port in all configuration files
+ replace: dest=/tmp/test_dir/constants.py regexp="ldapocspServerPort" replace={{ldapocspServerPort}}
+ when: topology == "topology-05"
+
+- name: Replace Ldap server port in all configuration files
+ replace: dest=/tmp/test_dir/constants.py regexp="ldaptksServerPort" replace={{ldaptksServerPort}}
+ when: topology == "topology-05"
+
+- name: Replace Ldap server port in all configuration files
+ replace: dest=/tmp/test_dir/constants.py regexp="ldaptpsServerPort" replace={{ldaptpsServerPort}}
+ when: topology == "topology-05"
diff --git a/tests/roles/Test_Trigger/tasks/configure_ocsp.yml b/tests/roles/Test_Trigger/tasks/configure_ocsp.yml
new file mode 100644
index 0000000..5aa9758
--- /dev/null
+++ b/tests/roles/Test_Trigger/tasks/configure_ocsp.yml
@@ -0,0 +1,28 @@
+- name: Replace OCSP specific changes
+ replace: dest={{item}} regexp="ocsppki_https_port" replace={{ocsppki_https_port}}
+ with_items:
+ - /tmp/test_dir/ocsp.cfg
+ - /tmp/test_dir/constants.py
+
+- name: Replace http port for OCSP.
+ replace: dest={{item}} regexp="ocsppki_http_port" replace={{ocsppki_http_port}}
+ with_items:
+ - /tmp/test_dir/ocsp.cfg
+ - /tmp/test_dir/constants.py
+
+- name: Replace ajp port for OCSP
+ replace: dest={{item}} regexp="ocsppki_ajp_port" replace={{ocsppki_ajp_port}}
+ with_items:
+ - /tmp/test_dir/ocsp.cfg
+ - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for OCSP
+ replace: dest={{item}} regexp="ocsppki_tomcat_server_port" replace={{ocsppki_tomcat_server_port}}
+ with_items:
+ - /tmp/test_dir/ocsp.cfg
+ - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for OCSP
+ replace: dest={{item}} regexp="secure_domain_port" replace={{capki_https_port}}
+ with_items:
+ - /tmp/test_dir/ocsp.cfg
diff --git a/tests/roles/Test_Trigger/tasks/configure_tks.yml b/tests/roles/Test_Trigger/tasks/configure_tks.yml
new file mode 100644
index 0000000..8b0b49e
--- /dev/null
+++ b/tests/roles/Test_Trigger/tasks/configure_tks.yml
@@ -0,0 +1,28 @@
+- name: Replace TKS specific changes
+ replace: dest={{item}} regexp="tkspki_https_port" replace={{tkspki_https_port}}
+ with_items:
+ - /tmp/test_dir/tks.cfg
+ - /tmp/test_dir/constants.py
+
+- name: Replace http port for TKS.
+ replace: dest={{item}} regexp="tkspki_http_port" replace={{tkspki_http_port}}
+ with_items:
+ - /tmp/test_dir/tks.cfg
+ - /tmp/test_dir/constants.py
+
+- name: Replace ajp port for TKS
+ replace: dest={{item}} regexp="tkspki_ajp_port" replace={{tkspki_ajp_port}}
+ with_items:
+ - /tmp/test_dir/tks.cfg
+ - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for TKS
+ replace: dest={{item}} regexp="tkspki_tomcat_server_port" replace={{tkspki_tomcat_server_port}}
+ with_items:
+ - /tmp/test_dir/tks.cfg
+ - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for TKS
+ replace: dest={{item}} regexp="secure_domain_port" replace={{capki_https_port}}
+ with_items:
+ - /tmp/test_dir/tks.cfg
diff --git a/tests/roles/Test_Trigger/tasks/configure_tps.yml b/tests/roles/Test_Trigger/tasks/configure_tps.yml
new file mode 100644
index 0000000..69fe4c5
--- /dev/null
+++ b/tests/roles/Test_Trigger/tasks/configure_tps.yml
@@ -0,0 +1,39 @@
+- name: Replace TPS specific changes
+ replace: dest={{item}} regexp="tpspki_https_port" replace={{tpspki_https_port}}
+ with_items:
+ - /tmp/test_dir/tps.cfg
+ - /tmp/test_dir/constants.py
+
+- name: Replace http port for TPS.
+ replace: dest={{item}} regexp="tpspki_http_port" replace={{tpspki_http_port}}
+ with_items:
+ - /tmp/test_dir/tps.cfg
+ - /tmp/test_dir/constants.py
+
+- name: Replace ajp port for TPS
+ replace: dest={{item}} regexp="tpspki_ajp_port" replace={{tpspki_ajp_port}}
+ with_items:
+ - /tmp/test_dir/tps.cfg
+ - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for TPS
+ replace: dest={{item}} regexp="tpspki_tomcat_server_port" replace={{tpspki_tomcat_server_port}}
+ with_items:
+ - /tmp/test_dir/tps.cfg
+ - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for TPS
+ replace: dest={{item}} regexp="secure_domain_port" replace={{capki_https_port}}
+ with_items:
+ - /tmp/test_dir/tps.cfg
+ - /tmp/test_dir/constants.py
+
+- name : Replace ca uri for TPS
+ replace: dest=/tmp/test_dir/tps.cfg regexp="capki_https_port" replace={{capki_https_port}}
+
+- name : Replace kra uri for TPS
+ replace: dest=/tmp/test_dir/tps.cfg regexp="krapki_https_port" replace={{krapki_https_port}}
+
+- name : Replace tks uri for TPS
+ replace: dest=/tmp/test_dir/tps.cfg regexp="tkspki_https_port" replace={{tkspki_https_port}}
+
diff --git a/tests/roles/Test_Trigger/tasks/main.yml b/tests/roles/Test_Trigger/tasks/main.yml
new file mode 100644
index 0000000..0c8e25d
--- /dev/null
+++ b/tests/roles/Test_Trigger/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- include: configure_common.yml
+ when: topology == "topology-01" or topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology == "topology-05" or topology == "topology-ecc"
+- include: configure_ca.yml
+ when: topology == "topology-01" or topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology == "topology-05" or topology == "topology-ecc"
+- include: configure_ldap.yml
+ when: topology == "topology-05"
+- include: configure_kra.yml
+ when: topology == "topology-01" or topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology == "topology-05" or topology == "topology-ecc"
+- include: configure_ocsp.yml
+ when: topology == "topology-01" or topology == "topology-02" or topology == "topology-03" or topology == "topology-05" or topology == "topology-ecc"
+- include: configure_tks.yml
+ when: topology == "topology-01" or topology == "topology-02" or topology == "topology-04" or topology == "topology-05"
+- include: configure_tps.yml
+ when: topology == "topology-01" or topology == "topology-02" or topology == "topology-04" or topology == "topology-05"
diff --git a/tests/tests.yml b/tests/tests.yml
new file mode 100644
index 0000000..31fb099
--- /dev/null
+++ b/tests/tests.yml
@@ -0,0 +1,32 @@
+- hosts: localhost
+ vars:
+ - topology: 'topology-01'
+ remote_user: root
+ roles:
+ - role: Test_Trigger
+ - role: Test_Execution
+ - role: standard-test-basic
+ tags:
+ - classic
+ tests:
+ - verify_spawn_ca:
+ dir: .
+ run: "curl http://localhost:8080/ca/admin/ca/getStatus | grep 'running'"
+ - verify_spawn_kra:
+ dir: .
+ run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep 'running'"
+ - destroy_kra:
+ dir: .
+ run: "pkidestroy -i pki-tomcat -s KRA && sleep 5"
+ - verify_destroy_kra:
+ dir: .
+ run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep 'HTTP Status 404'"
+ - destroy_ca:
+ dir: .
+ run: "pkidestroy -i pki-tomcat -s CA"
+ - verify_destroy_ca:
+ dir: .
+ run: "curl http://localhost:8080/ca/admin/ca/getStatus &> testfile.log || true && grep 'Connection refused' testfile.log"
+ required_packages:
+ - pki-ca
+ - pki-kra
diff --git a/tests/vars/ca.yml b/tests/vars/ca.yml
new file mode 100644
index 0000000..6768f66
--- /dev/null
+++ b/tests/vars/ca.yml
@@ -0,0 +1,4 @@
+capki_https_port: '20443'
+capki_http_port: '20080'
+capki_ajp_port: '20009'
+capki_tomcat_port: '20005'
diff --git a/tests/vars/ca_shared.yml b/tests/vars/ca_shared.yml
new file mode 100644
index 0000000..83aa43e
--- /dev/null
+++ b/tests/vars/ca_shared.yml
@@ -0,0 +1,24 @@
+capki_https_port: '8443'
+capki_http_port: '8080'
+capki_ajp_port: '8009'
+capki_tomcat_port: '8005'
+capki_https_port: '8443'
+capki_http_port: '8080'
+capki_ajp_port: '8009'
+capki_tomcat_port: '8005'
+krapki_https_port: '8443'
+krapki_http_port: '8080'
+krapki_ajp_port: '8009'
+krapki_tomcat_server_port: '8005'
+ocsppki_https_port: '8443'
+ocsppki_http_port: '8080'
+ocsppki_ajp_port: '8009'
+ocsppki_tomcat_server_port: '8005'
+tkspki_https_port: '8443'
+tkspki_http_port: '8080'
+tkspki_ajp_port: '8009'
+tkspki_tomcat_server_port: '8005'
+tpspki_https_port: '8443'
+tpspki_http_port: '8080'
+tpspki_ajp_port: '8009'
+tpspki_tomcat_server_port: '8005'
diff --git a/tests/vars/kra.yml b/tests/vars/kra.yml
new file mode 100644
index 0000000..2d45fab
--- /dev/null
+++ b/tests/vars/kra.yml
@@ -0,0 +1,4 @@
+krapki_https_port: '21443'
+krapki_http_port: '21080'
+krapki_ajp_port: '21009'
+krapki_tomcat_server_port: '21005'
diff --git a/tests/vars/ldap.yml b/tests/vars/ldap.yml
new file mode 100644
index 0000000..401c4a7
--- /dev/null
+++ b/tests/vars/ldap.yml
@@ -0,0 +1,8 @@
+ldapServerPort: '3389'
+ldapRootDN: CN=Directory Manager
+ldapRootDNPwd: Secret123
+ldapcaServerPort: '4389'
+ldapkraServerPort: '5389'
+ldapocspServerPort: '6389'
+ldaptksServerPort: '7389'
+ldaptpsServerPort: '8389'
diff --git a/tests/vars/ldap_shared.yml b/tests/vars/ldap_shared.yml
new file mode 100644
index 0000000..0e1d7e6
--- /dev/null
+++ b/tests/vars/ldap_shared.yml
@@ -0,0 +1,3 @@
+ldapServerPort: '2389'
+ldapRootDN: CN=Directory Manager
+ldapRootDNPwd: Secret123
diff --git a/tests/vars/ocsp.yml b/tests/vars/ocsp.yml
new file mode 100644
index 0000000..497ebb8
--- /dev/null
+++ b/tests/vars/ocsp.yml
@@ -0,0 +1,4 @@
+ocsppki_https_port: '22443'
+ocsppki_http_port: '22080'
+ocsppki_ajp_port: '22009'
+ocsppki_tomcat_server_port: '22005'
diff --git a/tests/vars/tks.yml b/tests/vars/tks.yml
new file mode 100644
index 0000000..3f402a4
--- /dev/null
+++ b/tests/vars/tks.yml
@@ -0,0 +1,4 @@
+tkspki_https_port: '23443'
+tkspki_http_port: '23080'
+tkspki_ajp_port: '23009'
+tkspki_tomcat_server_port: '23005'
diff --git a/tests/vars/tps.yml b/tests/vars/tps.yml
new file mode 100644
index 0000000..92534c2
--- /dev/null
+++ b/tests/vars/tps.yml
@@ -0,0 +1,4 @@
+tpspki_https_port: '25443'
+tpspki_http_port: '25080'
+tpspki_ajp_port: '25009'
+tpspki_tomcat_server_port: '25005'