Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update test for CA with sequential serial numbers #4872

Merged
merged 2 commits into from
Oct 8, 2024

Conversation

edewata
Copy link
Contributor

@edewata edewata commented Oct 8, 2024

pkispawn has been modified to provide more params to configure the sequential serial numbers in CA. The params can also be added for KRA if needed later.

The test for CA with sequential serial numbers has been updated to perform more detailed steps and verification. The test will now use small ranges to make it easier to verify the changes in the CS.cfg and DS. The test will also use SerialNumberUpdateJob to update the ranges immediately instead of waiting for SerialNumberUpdateTask to run.

A more complex test with CA clones will be added separately later.

The SerialNumberUpdateJob has been added to update the ranges for sequential serial numbers, similar to SerialNumberUpdateTask. The job can be scheduled to run automatically at specific times, or can be run immediately by calling pki ca-job-start, whereas the task only supports a fixed interval.

An upgrade script has been added to add the default config params for SerialNumberUpdateJob into existing instances. In the future it might be possible to replace SerialNumberUpdateTask with SerialNumberUpdateJob automatically.

https://github.com/dogtagpki/pki/wiki/Configuring-SerialNumberUpdateJob

The SerialNumberUpdateJob has been added to update the ranges
for sequential serial numbers, similar to SerialNumberUpdateTask.
The job can be scheduled to run automatically at specific times,
or can be run immediately by calling pki ca-job-start, whereas
the task only supports a fixed interval.

An upgrade script has been added to add the default config params
for SerialNumberUpdateJob into existing instances. In the future
it might be possible to replace SerialNumberUpdateTask with
SerialNumberUpdateJob automatically.

https://github.com/dogtagpki/pki/wiki/Configuring-SerialNumberUpdateJob
pkispawn has been modified to provide more params to configure the
sequential serial numbers in CA. The params can also be added for
KRA if needed later.

The test for CA with sequential serial numbers has been updated to
perform more detailed steps and verification. The test will now use
small ranges to make it easier to verify the changes in the CS.cfg
and DS. The test will also use SerialNumberUpdateJob to update the
ranges immediately instead of waiting for SerialNumberUpdateTask
to run.

A more complex test with CA clones will be added separately later.
@edewata edewata requested a review from fmarco76 October 8, 2024 02:47
Copy link

sonarqubecloud bot commented Oct 8, 2024

Copy link
Member

@fmarco76 fmarco76 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

There is no test for the serial gap but we can add it later when the fix is included

@edewata
Copy link
Contributor Author

edewata commented Oct 8, 2024

@fmarco76 Thanks! I'll merge this now, but I'd like to add a test for the gap hopefully before we fix the issue.

How do we actually reproduce the gap? Do we need to use an increment that doesn't match the begin and the end? Or is it something only happening with clones?

@fmarco76
Copy link
Member

fmarco76 commented Oct 8, 2024

How do we actually reproduce the gap?
In my tests, if I use increments > 10 I get the gap after the second requested range and then there is a gap at each new range request. No need of clone for this test.

@edewata
Copy link
Contributor Author

edewata commented Oct 8, 2024

Thanks! I'll see if I can tweak this test.

@edewata edewata merged commit 2dd79f4 into dogtagpki:master Oct 8, 2024
158 of 165 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants