#5646 Add CI tests for conversion of CA-less master to self-signed and externally-signed CA
Opened 8 years ago by mbabinsk. Modified 2 years ago

There were recently quite a number of bugs (e.g #5595, #5598, #5602, #5611, #5636) related to the CA-less to full-CA/externally signed CA conversion of IPA master and creation of replicas from it.

In order to catch bugs like these earlier in the development cycle, we need a comprehensive suite testing these scenarios as a part of continuous integration workflow.

These are some test cases we would need to cover:

1.) promotion of CA-less master to full CA

2.) installation of client against this master and requesting client certificate

3.) updating client-side nss databases using ipa-certupdate

4.) testing various cert-related commands (ipa cert-show, ipa certprofile-show --out, etc.) on the client and the master

5.) installation of CA-less and CA replicas against the master in both domain levels

A similar suite of test cases can be constructed for the conversion of CA-less master to externally signed CA.


Metadata Update from @mbabinsk:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog

7 years ago

Note: we already have tests for

  • server ca-less, replica ca-less, install self-signed CA on master, install CA on replica (ipatests/test_integration/test_caless.py::TestServerReplicaCALessToCAFull)
  • server ca-less, replica ca-less, install self-signed CA on replica (ipatests/test_integration/test_caless.py::TestReplicaCALessToCAFull)
  • server CA-less, install externally-signed CA on master (ipatests/test_integration/test_caless.py::TestServerCALessToExternalCA)

Metadata Update from @frenaud:
- Issue close_status updated to: None
- Issue set to the milestone: None (was: FreeIPA 4.5 backlog)

2 years ago

Login to comment on this ticket.

Metadata