From d4f81ecda2eeaee2d402a175aa1d9be5ea415233 Mon Sep 17 00:00:00 2001
From: Marco Fargetta <mfargett@redhat.com>
Date: Mon, 16 Oct 2023 13:29:10 +0200
Subject: [PATCH] Add CSR job in IPA cline test

Add a check of CSR between CA master and clone.
---
 .github/workflows/ipa-clone-test.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/ipa-clone-test.yml b/.github/workflows/ipa-clone-test.yml
index a69283eafab..342b1491686 100644
--- a/.github/workflows/ipa-clone-test.yml
+++ b/.github/workflows/ipa-clone-test.yml
@@ -273,6 +273,16 @@ jobs:
           # renewal config is maintained by IPA, so there should be no change in PKI
           diff CS.cfg.secondary.orig CS.cfg.secondary.after-renewal-update
 
+      - name: Check CA CSR copied correctly 
+        run: |
+          docker cp primary:/etc/pki/pki-tomcat/certs primary-certs
+          docker cp secondary:/etc/pki/pki-tomcat/certs secondary-certs
+
+          diff primary-certs/ca_signing.csr secondary-certs/ca_signing.csr
+          diff primary-certs/ca_ocsp_signing.csr secondary-certs/ca_ocsp_signing.csr
+          diff primary-certs/ca_audit_signing.csr secondary-certs/ca_audit_signing.csr
+          diff primary-certs/subsystem.csr secondary-certs/subsystem.csr          
+
       - name: Check CRL generation config
         run: |
           docker exec primary ipa-crlgen-manage status | tee output