URL: https://github.com/freeipa/freeipa/pull/5147 Author: mrizwan93 Title: #5147: External-CA scenarios for ACME service Action: opened
PR body: """ Inherited the TestACME class by overriding install() to install the ipa master with external CA. It will setup the External-CA and will call all the test method from TestACME class. related: https://pagure.io/freeipa/issue/4751 Signed-off-by: Mohammad Rizwan <myu...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5147/head:pr5147 git checkout pr5147
From 089e92ceb65180d200e01a0054316e71a58cd906 Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan <myu...@redhat.com> Date: Thu, 24 Sep 2020 19:24:01 +0530 Subject: [PATCH] External-CA scenarios for ACME service Inherited the TestACME class by overriding install() to install the ipa master with external CA. It will setup the External-CA and will call all the test method from TestACME class. related: https://pagure.io/freeipa/issue/4751 Signed-off-by: Mohammad Rizwan <myu...@redhat.com> --- ipatests/test_integration/test_acme.py | 45 ++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/ipatests/test_integration/test_acme.py b/ipatests/test_integration/test_acme.py index 9185aba81b..43c82bdcd5 100644 --- a/ipatests/test_integration/test_acme.py +++ b/ipatests/test_integration/test_acme.py @@ -12,8 +12,17 @@ from ipatests.test_integration.base import IntegrationTest from ipatests.pytest_ipa.integration import tasks from ipaplatform.osinfo import osinfo +from ipaplatform.paths import paths +from ipatests.test_integration.test_external_ca import ( + install_server_external_ca_step1, + install_server_external_ca_step2, + ISSUER_CN, +) +IPA_CA = "ipa_ca.crt" +ROOT_CA = "root_ca.crt" + # RHEL does not have certbot. EPEL's version is broken with # python-cryptography-2.3; likewise recent PyPI releases. # So for now, on RHEL we suppress tests that use certbot. @@ -252,3 +261,39 @@ def test_disable_acme_service(self): ['curl', '--fail', self.acme_server], ok_returncode=22, ) + + +class TestACMEwithExternalCA(TestACME): + """Test the FreeIPA ACME service with external CA""" + + num_replicas = 0 + num_clients = 1 + + @classmethod + def install(cls, mh): + # cache the acme service uri + acme_host = f'{IPA_CA_RECORD}.{cls.master.domain.name}' + cls.acme_server = f'https://{acme_host}/acme/directory' + + # install packages before client install in case of IPA DNS problems + if not skip_certbot_tests: + cls.clients[0].run_command(['dnf', 'install', '-y', 'certbot']) + if not skip_mod_md_tests: + cls.clients[0].run_command(['dnf', 'install', '-y', 'mod_md']) + + # install master with external-ca + result = install_server_external_ca_step1(cls.master) + assert result.returncode == 0 + root_ca_fname, ipa_ca_fname = tasks.sign_ca_and_transport( + cls.master, paths.ROOT_IPA_CSR, ROOT_CA, IPA_CA + ) + + install_server_external_ca_step2( + cls.master, ipa_ca_fname, root_ca_fname + ) + tasks.kinit_admin(cls.master) + + tasks.install_client(cls.master, cls.clients[0]) + tasks.config_host_resolvconf_with_master_data( + cls.master, cls.clients[0] + )
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org