Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update test for installing CA with existing NSS database #4608

Merged
merged 1 commit into from
Nov 10, 2023
Merged

Update test for installing CA with existing NSS database #4608

merged 1 commit into from
Nov 10, 2023

Conversation

edewata
Copy link
Contributor

@edewata edewata commented Nov 10, 2023

The test for installing CA with existing NSS database has been updated to store the CSRs in /etc/pki/pki-tomcat/certs folder directly so that it's no longer necessary to specify the CSR paths for pkispawn.

@edewata
Update test for installing CA with existing NSS database
a760eff 
The test for installing CA with existing NSS database has been
updated to store the CSRs in /etc/pki/pki-tomcat/certs folder
directly so that it's no longer necessary to specify the CSR
paths for pkispawn.
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 10, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication

fmarco76
fmarco76 approved these changes Nov 10, 2023
View reviewed changes
Copy link
Member

@fmarco76 fmarco76 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just a comment.

I am not sure this change is an improvement. If we provide the CSR to pkispawn we can test the code for CSR import so unless we plan to remove that option we should keep some tests. However, we could add other tests later. Feel free to merge.

@edewata
Copy link
Contributor Author

edewata commented Nov 10, 2023

@fmarco76 Thanks!

This test is meant to simulate reconstructing a CA using a blank instance (without any subsystems) that has a pre-configured NSS database which might have come from a backup or another instance and already has certs/keys in it or maybe pointing to an HSM. Since the CSRs for those certs are also coming from the same source (i.e. from a backup or another instance), they are most likely already arranged in the /etc/pki/pki-tomcat/certs folder with the right file ownership, so pkispawn doesn't need to touch these files at all.

We do have other tests using pki_<tag>_csr_path to import the CSRs from other locations (since the instance folder did not exist yet when pkispawn was called), for example:
https://github.com/dogtagpki/pki/blob/master/.github/workflows/ca-existing-certs-test.yml#L247-L251

I'll merge this PR, but if you have other concerns/questions we can certainly discuss it. Thanks!

@edewata edewata merged commit f46d531 into dogtagpki:master Nov 10, 2023
131 of 132 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fmarco76 fmarco76 fmarco76 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@edewata @fmarco76