URL: https://github.com/freeipa/freeipa/pull/4462 Author: fcami Title: #4462: [Backport][ipa-4-8] ipatests: test_replica_promotion.py: test KRA on Hidden Replica Action: opened
PR body: """ MANUAL CHERRY-PICK OF https://github.com/freeipa/freeipa/pull/4428 The Hidden replica tests did not test what happened when KRA was installed on a hidden replica and then other KRAs instantiated from this original one. Add a test scenario that covers this. Related: https://pagure.io/freeipa/issue/8240 Signed-off-by: François Cami <fc...@redhat.com> Reviewed-By: Christian Heimes <chei...@redhat.com> Reviewed-By: Michal Polovka <mpolo...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4462/head:pr4462 git checkout pr4462
From 1ab8c02739bc0211f17e69d6b93fe93871d09020 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fc...@redhat.com> Date: Tue, 24 Mar 2020 10:21:15 +0100 Subject: [PATCH] ipatests: test_replica_promotion.py: test KRA on Hidden Replica MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Hidden replica tests did not test what happened when KRA was installed on a hidden replica and then other KRAs instantiated from this original one. Add a test scenario that covers this. Related: https://pagure.io/freeipa/issue/8240 Signed-off-by: François Cami <fc...@redhat.com> Reviewed-By: Christian Heimes <chei...@redhat.com> Reviewed-By: Michal Polovka <mpolo...@redhat.com> --- .../nightly_ipa-4-8_latest.yaml | 12 ++++ .../nightly_ipa-4-8_previous.yaml | 12 ++++ .../test_replica_promotion.py | 60 +++++++++++++++++++ 3 files changed, 84 insertions(+) diff --git a/ipatests/prci_definitions/nightly_ipa-4-8_latest.yaml b/ipatests/prci_definitions/nightly_ipa-4-8_latest.yaml index 06460dc508..2c6ffb6f0b 100644 --- a/ipatests/prci_definitions/nightly_ipa-4-8_latest.yaml +++ b/ipatests/prci_definitions/nightly_ipa-4-8_latest.yaml @@ -884,6 +884,18 @@ jobs: timeout: 7200 topology: *master_2repl_1client + fedora-latest-ipa-4-8/test_replica_promotion_TestHiddenReplicaKRA: + requires: [fedora-latest-ipa-4-8/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-latest-ipa-4-8/build_url}' + test_suite: test_integration/test_replica_promotion.py::TestHiddenReplicaKRA + template: *ci-ipa-4-8-latest + timeout: 7200 + topology: *master_2repl_1client + fedora-latest-ipa-4-8/test_upgrade: requires: [fedora-latest-ipa-4-8/build] priority: 50 diff --git a/ipatests/prci_definitions/nightly_ipa-4-8_previous.yaml b/ipatests/prci_definitions/nightly_ipa-4-8_previous.yaml index ba28caf6a5..2dade790f4 100644 --- a/ipatests/prci_definitions/nightly_ipa-4-8_previous.yaml +++ b/ipatests/prci_definitions/nightly_ipa-4-8_previous.yaml @@ -884,6 +884,18 @@ jobs: timeout: 7200 topology: *master_2repl_1client + fedora-previous-ipa-4-8/test_replica_promotion_TestHiddenReplicaKRA: + requires: [fedora-previous-ipa-4-8/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-previous-ipa-4-8/build_url}' + test_suite: test_integration/test_replica_promotion.py::TestHiddenReplicaKRA + template: *ci-ipa-4-8-previous + timeout: 7200 + topology: *master_2repl_1client + fedora-previous-ipa-4-8/test_upgrade: requires: [fedora-previous-ipa-4-8/build] priority: 50 diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index c06e061772..d11976aae2 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -970,3 +970,63 @@ def test_hidden_replica_automatic_crl(self): result = self.replicas[0].run_command([ 'ipa-crlgen-manage', 'status']) assert "CRL generation: enabled" in result.stdout_text + + +class TestHiddenReplicaKRA(IntegrationTest): + """Test KRA & hidden replica features. + """ + topology = 'star' + num_replicas = 2 + + @classmethod + def install(cls, mh): + tasks.install_master(cls.master, setup_dns=True, setup_kra=False) + # hidden replica with CA and DNS + tasks.install_replica( + cls.master, cls.replicas[0], + setup_dns=True, setup_kra=False, + extra_args=('--hidden-replica',) + ) + # normal replica with CA and DNS + tasks.install_replica( + cls.replicas[0], cls.replicas[1], + setup_dns=True, setup_kra=False + ) + + def test_install_kra_on_hidden_replica(self): + # manually install KRA on hidden replica. + tasks.install_kra(self.replicas[0]) + + @pytest.mark.xfail(reason='freeipa ticket 8240', strict=True) + def test_kra_hidden_no_preconfig(self): + """Test installing KRA on a replica when all KRAs are hidden. + https://pagure.io/freeipa/issue/8240 + """ + + result = tasks.install_kra(self.replicas[1], raiseonerr=False) + + if result.returncode == 0: + # If KRA installation was successful, the only clean-up possible is + # uninstalling the whole replica as hiding the last visible KRA + # member is inhibited by design. + # This step is necessary so that the next test runs with all KRA + # members hidden too. + tasks.uninstall_replica(self.master, self.replicas[1]) + + assert "Failed to find an active KRA server!" not in result.stderr_text + assert result.returncode == 0 + + def test_kra_hidden_temp(self): + """Test for workaround: temporarily un-hide the hidden replica. + https://pagure.io/freeipa/issue/8240 + """ + self.replicas[0].run_command([ + 'ipa', 'server-state', + self.replicas[0].hostname, '--state=enabled' + ]) + result = tasks.install_kra(self.master, raiseonerr=False) + self.replicas[0].run_command([ + 'ipa', 'server-state', + self.replicas[0].hostname, '--state=hidden' + ]) + assert result.returncode == 0
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
