From 80017fcd6600f4991dc65449ed88cb49b25f0101 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 20 Oct 2023 18:55:06 -0500 Subject: [PATCH] Update CA and IPA clone tests to check CRL params --- .github/workflows/ca-clone-test.yml | 8 ++++++++ .github/workflows/ipa-clone-test.yml | 10 ++++++++++ 2 files changed, 18 insertions(+) diff --git a/.github/workflows/ca-clone-test.yml b/.github/workflows/ca-clone-test.yml index f5ecdd8d0ca..b2ee546269e 100644 --- a/.github/workflows/ca-clone-test.yml +++ b/.github/workflows/ca-clone-test.yml @@ -118,6 +118,8 @@ jobs: # get CS.cfg from primary CA after cloning docker cp primary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.primary.after + docker exec primary pki-server ca-config-find | grep ca.crl.MasterCRL + # normalize expected result: # - remove params that cannot be compared # - set dbs.enableSerialManagement to true (automatically enabled when cloned) @@ -145,6 +147,8 @@ jobs: # get CS.cfg from secondary CA docker cp secondary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.secondary + docker exec secondary pki-server ca-config-find | grep ca.crl.MasterCRL + # normalize expected result: # - remove params that cannot be compared # - replace primary.example.com with secondary.example.com @@ -263,6 +267,8 @@ jobs: # get CS.cfg from secondary CA after cloning docker cp secondary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.secondary.after + docker exec secondary pki-server ca-config-find | grep ca.crl.MasterCRL + # normalize expected result: # - remove params that cannot be compared sed -e '/^dbs.beginReplicaNumber=/d' \ @@ -288,6 +294,8 @@ jobs: # get CS.cfg from tertiary CA docker cp tertiary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.tertiary + docker exec tertiary pki-server ca-config-find | grep ca.crl.MasterCRL + # normalize expected result: # - remove params that cannot be compared # - replace secondary.example.com with tertiary.example.com diff --git a/.github/workflows/ipa-clone-test.yml b/.github/workflows/ipa-clone-test.yml index d0cd547a890..c5d7ce93b3d 100644 --- a/.github/workflows/ipa-clone-test.yml +++ b/.github/workflows/ipa-clone-test.yml @@ -51,6 +51,8 @@ jobs: - name: Check CA config in primary IPA run: | + docker exec primary pki-server ca-config-find | grep ca.crl.MasterCRL + # CRL cache should be enabled echo "true" > expected docker exec primary pki-server ca-config-show ca.crl.MasterCRL.enableCRLCache | tee actual @@ -155,6 +157,8 @@ jobs: - name: Check CA config in primary IPA run: | + docker exec primary pki-server ca-config-find | grep ca.crl.MasterCRL + # CRL cache should be enabled echo "true" > expected docker exec primary pki-server ca-config-show ca.crl.MasterCRL.enableCRLCache | tee actual @@ -172,6 +176,8 @@ jobs: - name: Check CA config in secondary IPA run: | + docker exec secondary pki-server ca-config-find | grep ca.crl.MasterCRL + # CRL cache should be disabled echo "false" > expected docker exec secondary pki-server ca-config-show ca.crl.MasterCRL.enableCRLCache | tee actual @@ -321,6 +327,8 @@ jobs: # get CS.cfg from primary CA after CRL generation update docker cp primary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.primary.after-crl-update + docker exec primary pki-server ca-config-find | grep ca.crl.MasterCRL + # normalize expected result: # - CRL cache and CRL updates should be disabled in primary CA sed -e 's/^\(ca.crl.MasterCRL.enableCRLCache\)=.*$/\1=false/' \ @@ -338,6 +346,8 @@ jobs: # get CS.cfg from secondary CA after CRL generation update docker cp secondary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.secondary.after-crl-update + docker exec secondary pki-server ca-config-find | grep ca.crl.MasterCRL + # normalize expected result: # - CRL cache and CRL updates should be enabled in secondary CA sed -e 's/^\(ca.crl.MasterCRL.enableCRLCache\)=.*$/\1=true/' \