URL: https://github.com/freeipa/freeipa/pull/5738 Author: mrizwan93 Title: #5738: ipatests: wait while http/ldap/pkinit cert get renew on replica Action: opened
PR body: """ LDAP/HTTP/PKINIT certificates should be renewed on replica after moving system date. Test was failing because ipa-cert-fix ran while these cert was not renewed and it tried to fix it. Fixes: https://pagure.io/freeipa/issue/8815 Signed-off-by: Mohammad Rizwan <myu...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5738/head:pr5738 git checkout pr5738
From eaf13ca7d3ce7f286134eb54a3f2b5b15edd36b2 Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan <myu...@redhat.com> Date: Mon, 26 Apr 2021 15:50:20 +0530 Subject: [PATCH] ipatests: wait while http/ldap/pkinit cert get renew on replica LDAP/HTTP/PKINIT certificates should be renewed on replica after moving system date. Test was failing because ipa-cert-fix ran while these cert was not renewed and it tried to fix it. Fixes: https://pagure.io/freeipa/issue/8815 Signed-off-by: Mohammad Rizwan <myu...@redhat.com> --- ipatests/test_integration/test_ipa_cert_fix.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ipatests/test_integration/test_ipa_cert_fix.py b/ipatests/test_integration/test_ipa_cert_fix.py index 6d5d8a058dd..03d7e1db55a 100644 --- a/ipatests/test_integration/test_ipa_cert_fix.py +++ b/ipatests/test_integration/test_ipa_cert_fix.py @@ -301,14 +301,16 @@ def test_renew_expired_cert_replica(self): # RA agent cert will be expired and in CA_UNREACHABLE state check_status(self.replicas[0], 1, "CA_UNREACHABLE") + # check that 4 certificate(CA,HTTP,LDAP,PKINIT) are renewd + # and in MONITORING state + check_status(self.replicas[0], 4, "MONITORING") + # renew RA agent cert self.replicas[0].run_command( ['ipa-cert-fix', '-v'], stdin_text='yes\n' ) - # LDAP/HTTP/PKINIT certs will be renewed automaticaly - # after moving date on replica. This 3, 1 CA cert, - # 1 RA agent cert. Check for total 5 valid certs. + # 5 cert should be in monitoring state check_status(self.replicas[0], 5, "MONITORING") # get the req ids of all certs to renew remaining
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
