The nightly test test_cert.py::TestCAShowErrorHandling::test_ca_show_error_handling is failing on fedora 40+, see for instance this run with report and logs:
test_cert.py::TestCAShowErrorHandling::test_ca_show_error_handling
self = <ipatests.test_integration.test_cert.TestCAShowErrorHandling object at 0x7fc51f4fbcb0> def test_ca_show_error_handling(self): """ Test to verify if the case of a request for /ca/rest/authority/{id}/cert (or .../chain) where {id} is an unknown authority ID. Test Steps: 1. Setup a freeipa server and a replica 2. Stop ipa-custodia service on replica 3. Create a LWCA on the replica 4. Verify LWCA is recognized on the server 5. Run `ipa ca-show <LWCA>` PKI Github Link: https://github.com/dogtagpki/pki/pull/3605/ """ self.replicas[0].run_command(['systemctl', 'stop', 'ipa-custodia']) lwca = 'lwca1' result = self.replicas[0].run_command([ 'ipa', 'ca-add', lwca, '--subject', 'CN=LWCA 1' ]) assert 'Created CA "{}"'.format(lwca) in result.stdout_text result = self.master.run_command(['ipa', 'ca-find']) assert 'Name: {}'.format(lwca) in result.stdout_text result = self.master.run_command( ['ipa', 'ca-show', lwca, ], raiseonerr=False ) error_msg = 'ipa: ERROR: The certificate for ' \ '{} is not available on this server.'.format(lwca) > assert error_msg in result.stderr_text E AssertionError: assert 'ipa: ERROR: The certificate for lwca1 is not available on this server.' in 'ipa: ERROR: Request failed with status 500: Non-2xx response from CA REST API: 500. \n' E + where 'ipa: ERROR: Request failed with status 500: Non-2xx response from CA REST API: 500. \n' = <pytest_multihost.transport.SSHCommand object at 0x7fc51dd84980>.stderr_text test_integration/test_cert.py:558: AssertionError
Test scenario: 1. setup server and replica 2. stop ipa-custodia on the replica 3. create a lwca on the replica 4. look for the lwca on the master with ipa ca-find 5. Print the lwca details on the master with ipa ca-show lwca
ipa ca-find
ipa ca-show lwca
The test expects an error "ipa: ERROR: The certificate for lwca1 is not available on this server" in the last call but the message is instead: "ipa: ERROR: Request failed with status 500: Non-2xx response from CA REST API: 500."
The pki ca/debug logs show the following exception:
org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException: Cannot invoke "com.netscape.ca.CASigningUnit.getCert()" because "this.mSigningUnit" is null
Already reported againt pki-core at https://issues.redhat.com/browse/RHEL-29727
master:
ipa-4-12:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @frenaud: - Issue status updated to: Open (was: Closed)
Log in to comment on this ticket.