diff --git a/.github/workflows/ca-clone-ssnv1-test.yml b/.github/workflows/ca-clone-ssnv1-test.yml index 7556dcd7183..217e1395ac0 100644 --- a/.github/workflows/ca-clone-ssnv1-test.yml +++ b/.github/workflows/ca-clone-ssnv1-test.yml @@ -1006,7 +1006,7 @@ jobs: docker exec primary pki-server ca-id-generator-update --type legacy2 request docker exec primary pki-server ca-id-generator-update --type legacy2 cert - - name: Check request range objects + - name: Check old request range objects run: | tests/ca/bin/ca-request-range-objects-ssnv1.sh primaryds | tee output @@ -1026,6 +1026,21 @@ jobs: diff expected output + - name: Check new request range objects + run: | + tests/ca/bin/ca-request-range-objects-ssnv1.sh primaryds ou=requests,ou=ranges_v2 | tee output + + # request ranges should remain the same + cat > expected << EOF + SecurePort: 8443 + beginRange: 11 + endRange: 20 + host: primary.example.com + + EOF + + diff expected output + - name: Check request next range run: | tests/ca/bin/ca-request-next-range-ssnv1.sh primaryds | tee output @@ -1037,18 +1052,34 @@ jobs: diff expected output - - name: Check cert range objects + - name: Check old cert range objects run: | tests/ca/bin/ca-cert-range-objects-ssnv1.sh primaryds | tee output # cert ranges should remain the same but converted from hex to decimal # the range value for the primary move from 13-30 (hex) to 19-48 (dec) cat > expected << EOF + SecurePort: 8443 + beginRange: 13 + endRange: 30 + host: primary.example.com + SecurePort: 8443 beginRange: 31 endRange: 48 host: secondary.example.com + EOF + + diff expected output + + - name: Check new cert range objects + run: | + tests/ca/bin/ca-cert-range-objects-ssnv1.sh primaryds ou=certificateRepository,ou=ranges_v2 | tee output + + # cert ranges should remain the same but converted from hex to decimal + # the range value for the primary move from 13-30 (hex) to 19-48 (dec) + cat > expected << EOF SecurePort: 8443 beginRange: 19 endRange: 48 @@ -1127,6 +1158,22 @@ jobs: diff expected output + - name: Check the new range object is configured in a different DN in all CAs + run: | + docker exec primary pki-server ca-config-show dbs.serialRangeDN | tee output + docker exec primary pki-server ca-config-show dbs.requestRangeDN | tee -a output + docker exec secondary pki-server ca-config-show dbs.serialRangeDN | tee -a output + docker exec secondary pki-server ca-config-show dbs.requestRangeDN | tee -a output + + cat > expected < expected << EOF + SecurePort: 8443 + beginRange: 11 + endRange: 20 + host: primary.example.com + + SecurePort: 8443 + beginRange: 21 + endRange: 30 + host: secondary.example.com + SecurePort: 8443 beginRange: 31 endRange: 40 @@ -1184,10 +1250,30 @@ jobs: diff expected output - - name: Check cert range objects + - name: Check old cert range objects run: | tests/ca/bin/ca-cert-range-objects-ssnv1.sh primaryds | tee output + # cert ranges should remain the same + cat > expected << EOF + SecurePort: 8443 + beginRange: 13 + endRange: 30 + host: primary.example.com + + SecurePort: 8443 + beginRange: 31 + endRange: 48 + host: secondary.example.com + + EOF + + diff expected output + + - name: Check new cert range objects + run: | + tests/ca/bin/ca-cert-range-objects-ssnv1.sh primaryds ou=certificateRepository,ou=ranges_v2 | tee output + # cert ranges should remain the same but in dec. # the range value for the primary move from 13-30 (hex) to 19-48 (dec) # the range value for the secondary move from 31-48 (hex) to 49-72 (dec) @@ -1395,7 +1481,7 @@ jobs: diff expected output - - name: Check request range objects + - name: Check old request range objects run: | tests/ca/bin/ca-request-range-objects-ssnv1.sh primaryds | tee output @@ -1410,6 +1496,25 @@ jobs: endRange: 30 host: secondary.example.com + EOF + + diff expected output + + - name: Check new request range objects + run: | + tests/ca/bin/ca-request-range-objects-ssnv1.sh primaryds ou=requests,ou=ranges_v2 | tee output + + cat > expected << EOF + SecurePort: 8443 + beginRange: 11 + endRange: 20 + host: primary.example.com + + SecurePort: 8443 + beginRange: 21 + endRange: 30 + host: secondary.example.com + SecurePort: 8443 beginRange: 31 endRange: 40 @@ -1449,10 +1554,30 @@ jobs: diff expected output - - name: Check cert range objects + - name: Check old cert range objects run: | tests/ca/bin/ca-cert-range-objects-ssnv1.sh primaryds | tee output + # cert ranges should remain the same + cat > expected << EOF + SecurePort: 8443 + beginRange: 13 + endRange: 30 + host: primary.example.com + + SecurePort: 8443 + beginRange: 31 + endRange: 48 + host: secondary.example.com + + EOF + + diff expected output + + - name: Check new cert range objects + run: | + tests/ca/bin/ca-cert-range-objects-ssnv1.sh primaryds ou=certificateRepository,ou=ranges_v2 | tee output + cat > expected << EOF SecurePort: 8443 beginRange: 19 diff --git a/.github/workflows/ca-ssnv1-test.yml b/.github/workflows/ca-ssnv1-test.yml index dfc512678ec..f572996ef5d 100644 --- a/.github/workflows/ca-ssnv1-test.yml +++ b/.github/workflows/ca-ssnv1-test.yml @@ -1196,18 +1196,30 @@ jobs: diff expected output - - name: Check the radix in for the new generator + - name: Check the radix configured for the new generator run: | docker exec pki pki-server ca-config-show dbs.request.id.radix | tee output docker exec pki pki-server ca-config-show dbs.cert.id.radix | tee -a output - cat > expected < expected < expected < expected << EOF + SecurePort: 8443 + beginRange: 11 + endRange: 20 + host: pki.example.com + + SecurePort: 8443 + beginRange: 21 + endRange: 30 + host: pki.example.com + + SecurePort: 8443 + beginRange: 31 + endRange: 40 + host: pki.example.com + SecurePort: 8443 beginRange: 41 endRange: 50 @@ -1259,10 +1296,32 @@ jobs: diff expected output - - name: Check cert range objects + - name: Check old cert range objects run: | tests/ca/bin/ca-cert-range-objects-ssnv1.sh ds | tee output + # new cert range should be the same but converted to decimal + # first range move from 19-36 (hex) to 25-54 (dec) + # second range move from 37-54 (hex) to 55-84 (dec) + cat > expected << EOF + SecurePort: 8443 + beginRange: 19 + endRange: 36 + host: pki.example.com + + SecurePort: 8443 + beginRange: 37 + endRange: 54 + host: pki.example.com + + EOF + + diff expected output + + - name: Check new cert range objects + run: | + tests/ca/bin/ca-cert-range-objects-ssnv1.sh ds ou=certificateRepository,ou=ranges_v2 | tee output + # new cert range should be the same but converted to decimal # first range move from 19-36 (hex) to 25-54 (dec) # second range move from 37-54 (hex) to 55-84 (dec) @@ -1398,10 +1457,35 @@ jobs: diff expected output - - name: Check request range objects + - name: Check old request range objects run: | tests/ca/bin/ca-request-range-objects-ssnv1.sh ds | tee output + # new request range should be 31 - 40 decimal (total: 10) + cat > expected << EOF + SecurePort: 8443 + beginRange: 11 + endRange: 20 + host: pki.example.com + + SecurePort: 8443 + beginRange: 21 + endRange: 30 + host: pki.example.com + + SecurePort: 8443 + beginRange: 31 + endRange: 40 + host: pki.example.com + + EOF + + diff expected output + + - name: Check new request range objects + run: | + tests/ca/bin/ca-request-range-objects-ssnv1.sh ds ou=requests,ou=ranges_v2 | tee output + cat > expected << EOF SecurePort: 8443 beginRange: 11 @@ -1452,10 +1536,32 @@ jobs: diff expected output - - name: Check cert range objects + - name: Check old cert range objects run: | tests/ca/bin/ca-cert-range-objects-ssnv1.sh ds | tee output + # new cert range should be the same but converted to decimal + # first range move from 19-36 (hex) to 25-54 (dec) + # second range move from 37-54 (hex) to 55-84 (dec) + cat > expected << EOF + SecurePort: 8443 + beginRange: 19 + endRange: 36 + host: pki.example.com + + SecurePort: 8443 + beginRange: 37 + endRange: 54 + host: pki.example.com + + EOF + + diff expected output + + - name: Check new cert range objects + run: | + tests/ca/bin/ca-cert-range-objects-ssnv1.sh ds ou=certificateRepository,ou=ranges_v2 | tee output + cat > expected << EOF SecurePort: 8443 beginRange: 25 diff --git a/tests/ca/bin/ca-cert-range-objects-ssnv1.sh b/tests/ca/bin/ca-cert-range-objects-ssnv1.sh index 6524da82127..fd98641e337 100755 --- a/tests/ca/bin/ca-cert-range-objects-ssnv1.sh +++ b/tests/ca/bin/ca-cert-range-objects-ssnv1.sh @@ -1,12 +1,13 @@ #!/bin/bash -e NAME=$1 +RANGE_OBJECT=$2 LIST=$(docker exec $NAME ldapsearch \ -H ldap://$NAME.example.com:3389 \ -D "cn=Directory Manager" \ -w Secret.123 \ - -b ou=certificateRepository,ou=ranges,dc=ca,dc=pki,dc=example,dc=com \ + -b ${RANGE_OBJECT:-ou=certificateRepository,ou=ranges},dc=ca,dc=pki,dc=example,dc=com \ -s one \ -o ldif_wrap=no \ -LLL \ diff --git a/tests/ca/bin/ca-request-range-objects-ssnv1.sh b/tests/ca/bin/ca-request-range-objects-ssnv1.sh index c17a316bfbd..50cce9b00bb 100755 --- a/tests/ca/bin/ca-request-range-objects-ssnv1.sh +++ b/tests/ca/bin/ca-request-range-objects-ssnv1.sh @@ -1,12 +1,13 @@ #!/bin/bash -e NAME=$1 +RANGE_OBJECT=$2 LIST=$(docker exec $NAME ldapsearch \ -H ldap://$NAME.example.com:3389 \ -D "cn=Directory Manager" \ -w Secret.123 \ - -b ou=requests,ou=ranges,dc=ca,dc=pki,dc=example,dc=com \ + -b ${RANGE_OBJECT:-ou=requests,ou=ranges},dc=ca,dc=pki,dc=example,dc=com \ -s one \ -o ldif_wrap=no \ -LLL \