freeipa

Clone
Source Code
GIT

8b7e17a ipatests: update tests for ipa-server-certinstall

1 file Authored by frenaud 5 years ago, Committed by cheimes 5 years ago,
raw patch tree parent
1 file changed. 9 lines added. 3 lines removed.
ipatests/test_integration/test_caless.py
file modified
+9 -3 
    ipatests: update tests for ipa-server-certinstall
    
    The test test_http_intermediate_ca was expecting success when
    it should expect a failure. Scenario:
    - install IPA ca-less with certs signed by rootCA
    - call ipa-server-certinstall with a cert signed by a subCA
    to replace http cert.
    In this case, the command should refust changing the cert
    (otherwise the clients won't be able any more to use
    ipa * commands as the subca is not installed in /etc/ipa/nssdb
    or in /etc/ipa/ca.crt).
    
    The commit fixes the test expectation and marks the test as
    xfail (see ticket 7759).
    
    The test test_ds_intermediate_ca was expecting success when
    it should expect a failure. Same scenario as above, but for
    the ldap server cert.
    
    The commit fixes the test expectation and removes the xfail
    (ticket 6959 was closed as invalid).
    
    Note:
    The behavior differs for ldap and http cert because LDAP server
    is using a NSSDB and http server is using openssl, hence
    ipa-server-certinstall follows 2 different code paths when
    changing the server cert.
    
    Related to https://pagure.io/freeipa/issue/7759
    Related to https://pagure.io/freeipa/issue/6959
    
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
file modified
+9 -3
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.