Update KRA and OCSP tests #4602
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fmarco76
approved these changes
Nov 7, 2023
.github/workflows/kra-basic-test.yml
Outdated
| securitydomain.select=new | ||
| securitydomain.source=ldap | ||
| EOF | ||
| docker exec pki pki-server ca-config-find | grep ^securitydomain. | tee actual |
There was a problem hiding this comment.
The expected file contains a sorted list of element but IIUC ca-config-find is not forced to return a sorted list of items (or I have not find that in the code). If this is the case I would add a sort in the pipeline.
| run: | | ||
| docker exec pki pki-server ca-config-find | grep ^ca.connector.KRA. | sort | tee output |
| securitydomain.flushinterval=86400000 | ||
| securitydomain.source=ldap | ||
| EOF | ||
| docker exec ca pki-server ca-config-find | grep ^securitydomain. | tee actual |
| securitydomain.select=new | ||
| securitydomain.source=ldap | ||
| EOF | ||
| docker exec pki pki-server ca-config-find | grep ^securitydomain. | tee actual |
| run: | | ||
| docker exec pki pki-server ca-config-find | grep ca.publish. | ||
| docker exec pki pki-server ca-config-find | grep ^ca.publish. | sort > output |
| securitydomain.flushinterval=86400000 | ||
| securitydomain.source=ldap | ||
| EOF | ||
| docker exec ca pki-server ca-config-find | grep ^securitydomain. | tee actual |
The test for basic KRA has been updated to check the security domain and KRA connector in CA. The test for standalone KRA has been updated to use a standalone CA so the CA should not have a security domain and KRA connector. Similarly, the test for basic OCSP has been updated to check the security domain and OCSP publishing in CA. The test for standalone OCSP has been updated to use a standalone CA as well so the CA should not have a security domain and OCSP publishing either. Note: The KRA connector and the OCSP publishing can be added later as a post-install task.
|
@fmarco76 Good catch! I've updated the PR, I'll merge after the tests are complete. Thanks! |
|
Kudos, SonarCloud Quality Gate passed!
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The test for basic KRA has been updated to check the security domain and KRA connector in CA. The test for standalone KRA has been updated to use a standalone CA so the CA should not have a security domain and KRA connector.
Similarly, the test for basic OCSP has been updated to check the security domain and OCSP publishing in CA. The test for standalone OCSP has been updated to use a standalone CA as well so the CA should not have a security domain and OCSP publishing either.
Note: The KRA connector and the OCSP publishing can be added later as a post-install task.