Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix CA cloning test with secure DS connection #4845

Merged
merged 1 commit into from
Sep 9, 2024
Merged

Conversation

edewata
Copy link
Contributor

@edewata edewata commented Sep 6, 2024

The tests for CA with secure DS connection (including cloning) have been updated to use DS containers instead of DS RPM packages from Fedora to avoid DS issue #6316.

389ds/389-ds-base#6316

The tests for CA with secure DS connection (including
cloning) have been updated to use DS containers instead
of DS RPM packages from Fedora to avoid DS issue #6316.

389ds/389-ds-base#6316
Copy link

sonarcloud bot commented Sep 6, 2024

Copy link
Member

@fmarco76 fmarco76 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

I have only a concern. We have replaced the pki-runner container for DS with the one available in quay.io in many places however I think it is useful to maintain some tests with the rpm DS installation to identify problems introduced in DS which create error with dogtag as soon as possible.
Not sure if we should have a separate test for that so feel free to merge this change.

@edewata
Copy link
Contributor Author

edewata commented Sep 9, 2024

@fmarco76 Thanks! I'll merge but feel free to continue the discussion.

I think the focus of PKI CI should be to make sure that PKI itself, not the dependencies, is free of issues, and in order to achieve that we require that the dependencies themselves are also free of issues. The DS container doesn't have issues, at least for the cases that we're testing, but the DS RPM does, so we cannot use the RPM at least for now. Ideally this DS issue should have been tested and caught by DS CI or maybe IdM test farm. I don't think we should repeat the same test in PKI CI considering our resources are limited.

From PKI's perspective the DS container and RPM are functionally identical, so technically we should be able to use any of them to test PKI. Also, if needed, we can still use the DS RPM by configuring the DS_IMAGE variable, but it should not be the default because of this issue and also it's relatively slower to install.

In contrast, Tomcat 9 and 10 will require different code in PKI, so it would make sense to test both Tomcat versions in PKI CI in case we need to support both of them at the same time (e.g. for different platforms).

@edewata edewata merged commit 59ea649 into dogtagpki:master Sep 9, 2024
151 of 157 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants