-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update KRA and OCSP tests #4602
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Just a small comment but feel free to merge as it is.
.github/workflows/kra-basic-test.yml
Outdated
securitydomain.select=new | ||
securitydomain.source=ldap | ||
EOF | ||
docker exec pki pki-server ca-config-find | grep ^securitydomain. | tee actual |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The expected
file contains a sorted list of element but IIUC ca-config-find
is not forced to return a sorted list of items (or I have not find that in the code). If this is the case I would add a sort in the pipeline.
run: | | ||
docker exec pki pki-server ca-config-find | grep ^ca.connector.KRA. | sort | tee output |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See above
securitydomain.flushinterval=86400000 | ||
securitydomain.source=ldap | ||
EOF | ||
docker exec ca pki-server ca-config-find | grep ^securitydomain. | tee actual |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See above.
securitydomain.select=new | ||
securitydomain.source=ldap | ||
EOF | ||
docker exec pki pki-server ca-config-find | grep ^securitydomain. | tee actual |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See above.
run: | | ||
docker exec pki pki-server ca-config-find | grep ca.publish. | ||
docker exec pki pki-server ca-config-find | grep ^ca.publish. | sort > output |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See above.
securitydomain.flushinterval=86400000 | ||
securitydomain.source=ldap | ||
EOF | ||
docker exec ca pki-server ca-config-find | grep ^securitydomain. | tee actual |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See above.
The test for basic KRA has been updated to check the security domain and KRA connector in CA. The test for standalone KRA has been updated to use a standalone CA so the CA should not have a security domain and KRA connector. Similarly, the test for basic OCSP has been updated to check the security domain and OCSP publishing in CA. The test for standalone OCSP has been updated to use a standalone CA as well so the CA should not have a security domain and OCSP publishing either. Note: The KRA connector and the OCSP publishing can be added later as a post-install task.
@fmarco76 Good catch! I've updated the PR, I'll merge after the tests are complete. Thanks! |
Kudos, SonarCloud Quality Gate passed! |
The test for basic KRA has been updated to check the security domain and KRA connector in CA. The test for standalone KRA has been updated to use a standalone CA so the CA should not have a security domain and KRA connector.
Similarly, the test for basic OCSP has been updated to check the security domain and OCSP publishing in CA. The test for standalone OCSP has been updated to use a standalone CA as well so the CA should not have a security domain and OCSP publishing either.
Note: The KRA connector and the OCSP publishing can be added later as a post-install task.