Skip to content

Commit

Permalink
Add EST to pkidestroy
Browse files Browse the repository at this point in the history
Add est to the list of subsystems and the command help.
  • Loading branch information
fmarco76 committed Sep 23, 2024
1 parent 5181954 commit be8e5c0
Show file tree
Hide file tree
Showing 6 changed files with 353 additions and 10 deletions.
173 changes: 170 additions & 3 deletions .github/workflows/est-ds-realm-separate-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,104 @@ jobs:
-D pki_server_pkcs12_path=$SHARED/est_server.p12 \
-D pki_server_pkcs12_password=Secret.123 \
-v
- name: Check EST server base dir after installation
run: |
# check file types, owners, and permissions
docker exec est ls -l /var/lib/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
# TODO: review permissions
cat > expected << EOF
lrwxrwxrwx pkiuser pkiuser alias -> /var/lib/pki/pki-tomcat/conf/alias
lrwxrwxrwx pkiuser pkiuser bin -> /usr/share/tomcat/bin
drwxrwx--- pkiuser pkiuser common
lrwxrwxrwx pkiuser pkiuser conf -> /etc/pki/pki-tomcat
drwxrwx--- pkiuser pkiuser est
lrwxrwxrwx pkiuser pkiuser lib -> /usr/share/pki/server/lib
lrwxrwxrwx pkiuser pkiuser logs -> /var/log/pki/pki-tomcat
drwxrwx--- pkiuser pkiuser temp
drwxr-xr-x pkiuser pkiuser webapps
drwxrwx--- pkiuser pkiuser work
EOF
diff expected output
- name: Check EST server conf dir after installation
run: |
# check file types, owners, and permissions
docker exec est ls -l /etc/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
# TODO: review permissions
cat > expected << EOF
drwxrwx--- pkiuser pkiuser Catalina
drwxrwx--- pkiuser pkiuser alias
-rw-r--r-- pkiuser pkiuser catalina.policy
lrwxrwxrwx pkiuser pkiuser catalina.properties -> /usr/share/pki/server/conf/catalina.properties
drwxrwx--- pkiuser pkiuser certs
lrwxrwxrwx pkiuser pkiuser context.xml -> /etc/tomcat/context.xml
drwxrwx--- pkiuser pkiuser est
lrwxrwxrwx pkiuser pkiuser logging.properties -> /usr/share/pki/server/conf/logging.properties
-rw-rw---- pkiuser pkiuser password.conf
-rw-rw---- pkiuser pkiuser server.xml
-rw-rw---- pkiuser pkiuser tomcat.conf
lrwxrwxrwx pkiuser pkiuser web.xml -> /etc/tomcat/web.xml
EOF
diff expected output
- name: Check EST server logs dir after installation
run: |
# check file types, owners, and permissions
docker exec est ls -l /var/log/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
DATE=$(date +'%Y-%m-%d')
# TODO: review permissions
cat > expected << EOF
drwxr-x--- pkiuser pkiuser backup
-rw-r--r-- pkiuser pkiuser catalina.$DATE.log
drwxrwx--- pkiuser pkiuser est
-rw-r--r-- pkiuser pkiuser host-manager.$DATE.log
-rw-r--r-- pkiuser pkiuser localhost.$DATE.log
-rw-r--r-- pkiuser pkiuser localhost_access_log.$DATE.txt
-rw-r--r-- pkiuser pkiuser manager.$DATE.log
drwxr-xr-x pkiuser pkiuser pki
EOF
diff expected output
- name: Check EST conf dir
run: |
# check file types, owners, and permissions
docker exec est ls -l /etc/pki/pki-tomcat/est \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
# TODO: review permissions
cat > expected << EOF
-rw-rw-r-- pkiuser pkiuser CS.cfg
-rw-rw---- pkiuser pkiuser authorizer.conf
-rw-rw---- pkiuser pkiuser backend.conf
-rw-rw-r-- pkiuser pkiuser realm.conf
-rw-r--r-- pkiuser pkiuser registry.cfg
EOF
diff expected output
- name: Test CA certs
run: |
docker exec est curl -o cacert.p7 -k https://est.example.com:8443/.well-known/est/cacerts
Expand Down Expand Up @@ -190,11 +288,80 @@ jobs:
- name: Remove EST
run: |
docker exec est pki-server est-undeploy --wait
docker exec est pki-server est-remove
docker exec est pkidestroy -i pki-tomcat -s EST -v
- name: Remove CA
run: docker exec ca pkidestroy -i pki-tomcat -s CA -v
run: |
docker exec ca pkidestroy -i pki-tomcat -s CA -v
- name: Check EST server base dir after removal
run: |
# check file types, owners, and permissions
docker exec est ls -l /var/lib/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
# TODO: review permissions
cat > expected << EOF
lrwxrwxrwx pkiuser pkiuser conf -> /etc/pki/pki-tomcat
lrwxrwxrwx pkiuser pkiuser logs -> /var/log/pki/pki-tomcat
EOF
diff expected output
- name: Check EST server conf dir after removal
run: |
# check file types, owners, and permissions
docker exec est ls -l /etc/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
# TODO: review permissions
cat > expected << EOF
drwxrwx--- pkiuser pkiuser Catalina
drwxrwx--- pkiuser pkiuser alias
-rw-r--r-- pkiuser pkiuser catalina.policy
lrwxrwxrwx pkiuser pkiuser catalina.properties -> /usr/share/pki/server/conf/catalina.properties
drwxrwx--- pkiuser pkiuser certs
lrwxrwxrwx pkiuser pkiuser context.xml -> /etc/tomcat/context.xml
drwxrwx--- pkiuser pkiuser est
lrwxrwxrwx pkiuser pkiuser logging.properties -> /usr/share/pki/server/conf/logging.properties
-rw-rw---- pkiuser pkiuser password.conf
-rw-rw---- pkiuser pkiuser server.xml
-rw-rw---- pkiuser pkiuser tomcat.conf
lrwxrwxrwx pkiuser pkiuser web.xml -> /etc/tomcat/web.xml
EOF
diff expected output
- name: Check EST server logs dir after removal
run: |
# check file types, owners, and permissions
docker exec est ls -l /var/log/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
DATE=$(date +'%Y-%m-%d')
# TODO: review permissions
cat > expected << EOF
drwxr-x--- pkiuser pkiuser backup
-rw-r--r-- pkiuser pkiuser catalina.$DATE.log
drwxrwx--- pkiuser pkiuser est
-rw-r--r-- pkiuser pkiuser host-manager.$DATE.log
-rw-r--r-- pkiuser pkiuser localhost.$DATE.log
-rw-r--r-- pkiuser pkiuser localhost_access_log.$DATE.txt
-rw-r--r-- pkiuser pkiuser manager.$DATE.log
drwxr-xr-x pkiuser pkiuser pki
EOF
diff expected output
- name: Check CA DS server systemd journal
if: always()
Expand Down
179 changes: 176 additions & 3 deletions .github/workflows/est-ds-realm-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,107 @@ jobs:
docker exec pki pki-server webapp-show est
docker exec pki pki-server webapp-show pki
- name: Check PKI server base dir after installation
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/lib/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
# TODO: review permissions
cat > expected << EOF
lrwxrwxrwx pkiuser pkiuser alias -> /var/lib/pki/pki-tomcat/conf/alias
lrwxrwxrwx pkiuser pkiuser bin -> /usr/share/tomcat/bin
drwxrwx--- pkiuser pkiuser ca
drwxrwx--- pkiuser pkiuser common
lrwxrwxrwx pkiuser pkiuser conf -> /etc/pki/pki-tomcat
drwxrwx--- pkiuser pkiuser est
lrwxrwxrwx pkiuser pkiuser lib -> /usr/share/pki/server/lib
lrwxrwxrwx pkiuser pkiuser logs -> /var/log/pki/pki-tomcat
drwxrwx--- pkiuser pkiuser temp
drwxr-xr-x pkiuser pkiuser webapps
drwxrwx--- pkiuser pkiuser work
EOF
diff expected output
- name: Check PKI server conf dir after installation
run: |
# check file types, owners, and permissions
docker exec pki ls -l /etc/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
# TODO: review permissions
cat > expected << EOF
drwxrwx--- pkiuser pkiuser Catalina
drwxrwx--- pkiuser pkiuser alias
drwxrwx--- pkiuser pkiuser ca
-rw-r--r-- pkiuser pkiuser catalina.policy
lrwxrwxrwx pkiuser pkiuser catalina.properties -> /usr/share/pki/server/conf/catalina.properties
drwxrwx--- pkiuser pkiuser certs
lrwxrwxrwx pkiuser pkiuser context.xml -> /etc/tomcat/context.xml
drwxrwx--- pkiuser pkiuser est
lrwxrwxrwx pkiuser pkiuser logging.properties -> /usr/share/pki/server/conf/logging.properties
-rw-rw---- pkiuser pkiuser password.conf
-rw-rw---- pkiuser pkiuser server.xml
-rw-rw---- pkiuser pkiuser serverCertNick.conf
-rw-rw---- pkiuser pkiuser tomcat.conf
lrwxrwxrwx pkiuser pkiuser web.xml -> /etc/tomcat/web.xml
EOF
diff expected output
- name: Check PKI server logs dir after installation
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/log/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
DATE=$(date +'%Y-%m-%d')
# TODO: review permissions
cat > expected << EOF
drwxr-x--- pkiuser pkiuser backup
drwxrwx--- pkiuser pkiuser ca
-rw-rw-r-- pkiuser pkiuser catalina.$DATE.log
drwxrwx--- pkiuser pkiuser est
-rw-rw-r-- pkiuser pkiuser host-manager.$DATE.log
-rw-rw-r-- pkiuser pkiuser localhost.$DATE.log
-rw-r--r-- pkiuser pkiuser localhost_access_log.$DATE.txt
-rw-rw-r-- pkiuser pkiuser manager.$DATE.log
drwxr-xr-x pkiuser pkiuser pki
EOF
diff expected output
- name: Check EST conf dir
run: |
# check file types, owners, and permissions
docker exec pki ls -l /etc/pki/pki-tomcat/est \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
# TODO: review permissions
cat > expected << EOF
-rw-rw-r-- pkiuser pkiuser CS.cfg
-rw-rw---- pkiuser pkiuser authorizer.conf
-rw-rw---- pkiuser pkiuser backend.conf
-rw-rw-r-- pkiuser pkiuser realm.conf
EOF
diff expected output
- name: Create EST users
run: |
docker exec -i pki ldapadd -x -H ldap://ds.example.com:3389 \
Expand Down Expand Up @@ -187,11 +288,83 @@ jobs:
- name: Remove EST
run: |
docker exec pki pki-server est-undeploy --wait
docker exec pki pki-server est-remove
docker exec pki pkidestroy -i pki-tomcat -s EST -v
- name: Remove CA
run: docker exec pki pkidestroy -i pki-tomcat -s CA -v
run: |
docker exec pki pkidestroy -i pki-tomcat -s CA -v
- name: Check PKI server base dir after removal
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/lib/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
# TODO: review permissions
cat > expected << EOF
lrwxrwxrwx pkiuser pkiuser conf -> /etc/pki/pki-tomcat
lrwxrwxrwx pkiuser pkiuser logs -> /var/log/pki/pki-tomcat
EOF
diff expected output
- name: Check PKI server conf dir after removal
run: |
# check file types, owners, and permissions
docker exec pki ls -l /etc/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
# TODO: review permissions
cat > expected << EOF
drwxrwx--- pkiuser pkiuser Catalina
drwxrwx--- pkiuser pkiuser alias
drwxrwx--- pkiuser pkiuser ca
-rw-r--r-- pkiuser pkiuser catalina.policy
lrwxrwxrwx pkiuser pkiuser catalina.properties -> /usr/share/pki/server/conf/catalina.properties
drwxrwx--- pkiuser pkiuser certs
lrwxrwxrwx pkiuser pkiuser context.xml -> /etc/tomcat/context.xml
drwxrwx--- pkiuser pkiuser est
lrwxrwxrwx pkiuser pkiuser logging.properties -> /usr/share/pki/server/conf/logging.properties
-rw-rw---- pkiuser pkiuser password.conf
-rw-rw---- pkiuser pkiuser server.xml
-rw-rw---- pkiuser pkiuser serverCertNick.conf
-rw-rw---- pkiuser pkiuser tomcat.conf
lrwxrwxrwx pkiuser pkiuser web.xml -> /etc/tomcat/web.xml
EOF
diff expected output
- name: Check PKI server logs dir after removal
run: |
# check file types, owners, and permissions
docker exec pki ls -l /var/log/pki/pki-tomcat \
| sed \
-e '/^total/d' \
-e 's/^\(\S*\) *\S* *\(\S*\) *\(\S*\) *\S* *\S* *\S* *\S* *\(.*\)$/\1 \2 \3 \4/' \
| tee output
DATE=$(date +'%Y-%m-%d')
# TODO: review permissions
cat > expected << EOF
drwxr-x--- pkiuser pkiuser backup
drwxrwx--- pkiuser pkiuser ca
-rw-rw-r-- pkiuser pkiuser catalina.$DATE.log
drwxrwx--- pkiuser pkiuser est
-rw-rw-r-- pkiuser pkiuser host-manager.$DATE.log
-rw-rw-r-- pkiuser pkiuser localhost.$DATE.log
-rw-r--r-- pkiuser pkiuser localhost_access_log.$DATE.txt
-rw-rw-r-- pkiuser pkiuser manager.$DATE.log
drwxr-xr-x pkiuser pkiuser pki
EOF
diff expected output
- name: Check DS server systemd journal
if: always()
Expand Down
2 changes: 1 addition & 1 deletion base/server/python/pki/server/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@
ETC_SYSTEMD_DIR = '/etc/systemd'
LIB_SYSTEMD_DIR = '/lib/systemd'

SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks', 'tps', 'acme']
SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks', 'tps', 'acme', 'est']

DEFAULT_DIR_MODE = 0o0770
DEFAULT_FILE_MODE = 0o0660
Expand Down
Loading

0 comments on commit be8e5c0

Please sign in to comment.