URL: https://github.com/freeipa/freeipa/pull/5001 Author: mrizwan93 Title: #5001: ipatests: Test certmonger rekey command works fine Action: opened
PR body: """ Certmonger's rekey command was throwing an error as unrecognized command. Test is to check if it is working fine. related: https://bugzilla.redhat.com/show_bug.cgi?id=1249165 Signed-off-by: Mohammad Rizwan <myu...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5001/head:pr5001 git checkout pr5001
From 3aea605e4bc500c59770183e64e6faee317605d9 Mon Sep 17 00:00:00 2001 From: Sergey Orlov <sor...@redhat.com> Date: Wed, 5 Aug 2020 16:37:05 +0200 Subject: [PATCH 1/2] Fix password file permission Invalid permission makes file unreadable by owner if he is not root. Reviewed-By: Alexander Bokovoy <aboko...@redhat.com> --- ipatests/test_integration/test_cert.py | 40 ++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/ipatests/test_integration/test_cert.py b/ipatests/test_integration/test_cert.py index 865578941c..0bdec34c46 100644 --- a/ipatests/test_integration/test_cert.py +++ b/ipatests/test_integration/test_cert.py @@ -9,6 +9,7 @@ import ipaddress import pytest import re +import time from ipaplatform.paths import paths from cryptography import x509 @@ -216,6 +217,45 @@ def test_getcert_list_profile_using_subca(self, test_subca_certs): raise AssertionError("certmonger request is " "in state {}". format(status)) + def test_certmonger_rekey_option(self): + """Test certmonger rekey command works fine + + Certmonger's rekey command was throwing an error as + unrecognized command. Test is to check if it is working fine. + + related: https://bugzilla.redhat.com/show_bug.cgi?id=1249165 + """ + result = self.master.run_command([ + 'ipa-getcert', 'request', + '-f', '/etc/pki/tls/certs/test_rekey.pem', + '-k', '/etc/pki/tls/private/test.key', + '-K', 'test/{}'.format(self.master.hostname)]) + request_id = re.findall(r'\d+', result.stdout_text) + certdata = self.master.get_file_contents( + '/etc/pki/tls/certs/test_rekey.pem' + ) + cert = x509.load_pem_x509_certificate( + certdata, default_backend() + ) + assert cert.public_key().key_size == 2048 + + # rekey with key size 3072 + self.master.run_command(['getcert', 'rekey', + '-i', request_id[0], + '-g', '3072']) + time.sleep(60) + certdata = self.master.get_file_contents( + '/etc/pki/tls/certs/test_rekey.pem' + ) + cert = x509.load_pem_x509_certificate( + certdata, default_backend() + ) + # check if rekey command updated the key size + assert cert.public_key().key_size == 3072 + + self.master.run_command(['getcert', 'stop-tracking' + '-i', request_id[0]]) + class TestCertmongerInterruption(IntegrationTest): num_replicas = 1 From 72d24dac1f72334f6d8534b68378725dc3426990 Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan <myu...@redhat.com> Date: Thu, 6 Aug 2020 16:56:45 +0530 Subject: [PATCH 2/2] ipatests: Test certmonger rekey command works fine Certmonger's rekey command was throwing an error as unrecognized command. Test is to check if it is working fine. related: https://bugzilla.redhat.com/show_bug.cgi?id=1249165 Signed-off-by: Mohammad Rizwan <myu...@redhat.com> --- ipatests/test_integration/test_cert.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/ipatests/test_integration/test_cert.py b/ipatests/test_integration/test_cert.py index 0bdec34c46..fd478116ab 100644 --- a/ipatests/test_integration/test_cert.py +++ b/ipatests/test_integration/test_cert.py @@ -9,7 +9,6 @@ import ipaddress import pytest import re -import time from ipaplatform.paths import paths from cryptography import x509 @@ -231,6 +230,10 @@ def test_certmonger_rekey_option(self): '-k', '/etc/pki/tls/private/test.key', '-K', 'test/{}'.format(self.master.hostname)]) request_id = re.findall(r'\d+', result.stdout_text) + + status = tasks.wait_for_request(self.master, request_id[0], 50) + assert status == "MONITORING" + certdata = self.master.get_file_contents( '/etc/pki/tls/certs/test_rekey.pem' ) @@ -243,7 +246,10 @@ def test_certmonger_rekey_option(self): self.master.run_command(['getcert', 'rekey', '-i', request_id[0], '-g', '3072']) - time.sleep(60) + + status = tasks.wait_for_request(self.master, request_id[0], 50) + assert status == "MONITORING" + certdata = self.master.get_file_contents( '/etc/pki/tls/certs/test_rekey.pem' )
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org