[Freeipa-devel] [PATCH] 0257 Add initial CA-less installation tests

Jan Cholasta jcholast at redhat.com
Wed Aug 28 13:23:27 UTC 2013 

On 27.8.2013 10:16, Petr Viktorin wrote:
> On 08/26/2013 09:23 AM, Jan Cholasta wrote:
>> On 22.8.2013 09:46, Petr Viktorin wrote:
>>> On 08/16/2013 07:13 PM, Petr Viktorin wrote:
>>>> On 07/30/2013 05:47 PM, Petr Viktorin wrote:
>>>>> Hello,
>>>>> This patch implements the first batch of integration tests for CA-less
>>>>> intallation. Tests from http://www.freeipa.org/page/V3/CA-less_install
>>>>> up to "IPA server install with missing DS PKCS#12 password" are
>>>>> included.
>>>>>
>>>>> Running this already takes an hour in the lab I use, so I decided to
>>>>> split the patch up and post the first part for review now.
>>>>>
>>>>> The two tests for revoked certificates fail. This is expected as we
>>>>> don't handle revoked certs yet.
>>>>
>>>> Continuing, this patch includes all tests except the ones for UI
>>>> (pvoborni's patch 443) and certinstall (I'll review jcholast's fixes
>>>> first).
>>>> See commit message for details.
>>>
>>> Here is the completed patch, with all test except the Web UI ones.
>>>
>>
>>  >- The following case is omitted as it is invalid:
>>  >  - Verify that IPA client install does not configure certmonger
>>
>> Instead of making a note in the commit, I would prefer if you deleted
>> the test case. There's no need to keep it if it's invalid, right?
>>
>> Honza
>>
>
> You're right. I've deleted the case from the test plan.
>

Thanks.

The service-disable and host-disable tests fail with AlreadyInactive, 
because the certificate is removed with service-mod and host-mod in 
earlier tests. I think the service and host command tests should look 
like this:

1. Verify that {service,host}-del does not attempt to revoke 
{host,service}'s certificate
     {service,host}-add
     {service,host}-del

2. Verify that {service,host}-mod does not attempt to revoke 
{host,service}'s certificate
     {service,host}-add
     {service,host}-mod
     {service,host}-del

3. Verify that {service,host}-disable does not attempt to revoke 
{host,service}'s certificate
     {service,host}-add
     {service,host}-disable
     {service,host}-del

There are a few wrong docstrings:

+    def test_service_mod_doesnt_revoke(self):
+        "Verify that service-mod does not attempt to revoke host's 
certificate"

+    def test_service_del_doesnt_revoke(self):
+        "Verify that service-del does not attempt to revoke host's 
certificate"

+    def test_ds_san(self):
+        "Install new HTTP certificate with SAN"

-- 
Jan Cholasta

More information about the Freeipa-devel mailing list