Skip to content

Commit

Permalink
Update CA and IPA clone tests to check CRL params
Browse files Browse the repository at this point in the history
  • Loading branch information
@edewata
edewata committed Oct 21, 2023
1 parent f8aecf2 commit 80017fc
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
8 changes: 8 additions & 0 deletions .github/workflows/ca-clone-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,8 @@ jobs:
# get CS.cfg from primary CA after cloning
docker cp primary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.primary.after
docker exec primary pki-server ca-config-find | grep ca.crl.MasterCRL
# normalize expected result:
# - remove params that cannot be compared
# - set dbs.enableSerialManagement to true (automatically enabled when cloned)
Expand Down Expand Up @@ -145,6 +147,8 @@ jobs:
# get CS.cfg from secondary CA
docker cp secondary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.secondary
docker exec secondary pki-server ca-config-find | grep ca.crl.MasterCRL
# normalize expected result:
# - remove params that cannot be compared
# - replace primary.example.com with secondary.example.com
Expand Down Expand Up @@ -263,6 +267,8 @@ jobs:
# get CS.cfg from secondary CA after cloning
docker cp secondary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.secondary.after
docker exec secondary pki-server ca-config-find | grep ca.crl.MasterCRL
# normalize expected result:
# - remove params that cannot be compared
sed -e '/^dbs.beginReplicaNumber=/d' \
Expand All @@ -288,6 +294,8 @@ jobs:
# get CS.cfg from tertiary CA
docker cp tertiary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.tertiary
docker exec tertiary pki-server ca-config-find | grep ca.crl.MasterCRL
# normalize expected result:
# - remove params that cannot be compared
# - replace secondary.example.com with tertiary.example.com
Expand Down
10 changes: 10 additions & 0 deletions .github/workflows/ipa-clone-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@ jobs:
- name: Check CA config in primary IPA
run: |
docker exec primary pki-server ca-config-find | grep ca.crl.MasterCRL
# CRL cache should be enabled
echo "true" > expected
docker exec primary pki-server ca-config-show ca.crl.MasterCRL.enableCRLCache | tee actual
Expand Down Expand Up @@ -155,6 +157,8 @@ jobs:
- name: Check CA config in primary IPA
run: |
docker exec primary pki-server ca-config-find | grep ca.crl.MasterCRL
# CRL cache should be enabled
echo "true" > expected
docker exec primary pki-server ca-config-show ca.crl.MasterCRL.enableCRLCache | tee actual
Expand All @@ -172,6 +176,8 @@ jobs:
- name: Check CA config in secondary IPA
run: |
docker exec secondary pki-server ca-config-find | grep ca.crl.MasterCRL
# CRL cache should be disabled
echo "false" > expected
docker exec secondary pki-server ca-config-show ca.crl.MasterCRL.enableCRLCache | tee actual
Expand Down Expand Up @@ -321,6 +327,8 @@ jobs:
# get CS.cfg from primary CA after CRL generation update
docker cp primary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.primary.after-crl-update
docker exec primary pki-server ca-config-find | grep ca.crl.MasterCRL
# normalize expected result:
# - CRL cache and CRL updates should be disabled in primary CA
sed -e 's/^\(ca.crl.MasterCRL.enableCRLCache\)=.*$/\1=false/' \
Expand All @@ -338,6 +346,8 @@ jobs:
# get CS.cfg from secondary CA after CRL generation update
docker cp secondary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.secondary.after-crl-update
docker exec secondary pki-server ca-config-find | grep ca.crl.MasterCRL
# normalize expected result:
# - CRL cache and CRL updates should be enabled in secondary CA
sed -e 's/^\(ca.crl.MasterCRL.enableCRLCache\)=.*$/\1=true/' \
Expand Down

0 comments on commit 80017fc

Please sign in to comment.