From def06e0b6126737202a0ece849c521f643ccc542 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Thu, 24 Oct 2024 17:11:38 -0500 Subject: [PATCH] Update test scripts for SSNv2 The test scripts have been updated to use ou=ranges_v2 subtree for SSNv2 range objects. --- .github/workflows/ca-clone-ssnv1-test.yml | 20 ++++++------- .github/workflows/ca-clone-ssnv2-test.yml | 20 ++++++------- .github/workflows/ca-ssnv1-test.yml | 12 ++++---- .github/workflows/ca-ssnv2-test.yml | 36 +++++++++++------------ tests/ca/bin/ca-cert-range-objects.sh | 23 +++++++++++++-- tests/ca/bin/ca-request-range-objects.sh | 23 +++++++++++++-- 6 files changed, 86 insertions(+), 48 deletions(-) diff --git a/.github/workflows/ca-clone-ssnv1-test.yml b/.github/workflows/ca-clone-ssnv1-test.yml index 09f3eb8d484..9934edcf1d2 100644 --- a/.github/workflows/ca-clone-ssnv1-test.yml +++ b/.github/workflows/ca-clone-ssnv1-test.yml @@ -1003,8 +1003,8 @@ jobs: - name: Switch primary to legacy2 run: | - docker exec primary pki-server ca-id-generator-update --type legacy2 request - docker exec primary pki-server ca-id-generator-update --type legacy2 cert + docker exec primary pki-server ca-id-generator-update -v --type legacy2 request + docker exec primary pki-server ca-id-generator-update -v --type legacy2 cert - name: Check old request range objects run: | @@ -1028,7 +1028,7 @@ jobs: - name: Check new request range objects run: | - tests/ca/bin/ca-request-range-objects.sh primaryds ou=requests,ou=ranges_v2 | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 primaryds | tee output # request ranges should remain the same cat > expected << EOF @@ -1075,7 +1075,7 @@ jobs: - name: Check new cert range objects run: | - tests/ca/bin/ca-cert-range-objects.sh primaryds ou=certificateRepository,ou=ranges_v2 | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 primaryds | tee output # cert ranges should remain the same but converted from hex to decimal # the range value for the primary move from 13-30 (hex) to 19-48 (dec) @@ -1102,8 +1102,8 @@ jobs: - name: Switch secondary to legacy2 run: | - docker exec secondary pki-server ca-id-generator-update --type legacy2 request - docker exec secondary pki-server ca-id-generator-update --type legacy2 cert + docker exec secondary pki-server ca-id-generator-update -v --type legacy2 request + docker exec secondary pki-server ca-id-generator-update -v --type legacy2 cert - name: Start the CAs run: | @@ -1223,7 +1223,7 @@ jobs: - name: Check new request range objects run: | - tests/ca/bin/ca-request-range-objects.sh primaryds ou=requests,ou=ranges_v2 | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 primaryds | tee output cat > expected << EOF SecurePort: 8443 @@ -1272,7 +1272,7 @@ jobs: - name: Check new cert range objects run: | - tests/ca/bin/ca-cert-range-objects.sh primaryds ou=certificateRepository,ou=ranges_v2 | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 primaryds | tee output # cert ranges should remain the same but in dec. # the range value for the primary move from 13-30 (hex) to 19-48 (dec) @@ -1502,7 +1502,7 @@ jobs: - name: Check new request range objects run: | - tests/ca/bin/ca-request-range-objects.sh primaryds ou=requests,ou=ranges_v2 | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 primaryds | tee output cat > expected << EOF SecurePort: 8443 @@ -1576,7 +1576,7 @@ jobs: - name: Check new cert range objects run: | - tests/ca/bin/ca-cert-range-objects.sh primaryds ou=certificateRepository,ou=ranges_v2 | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 primaryds | tee output cat > expected << EOF SecurePort: 8443 diff --git a/.github/workflows/ca-clone-ssnv2-test.yml b/.github/workflows/ca-clone-ssnv2-test.yml index 357fcb99c3b..53172899473 100644 --- a/.github/workflows/ca-clone-ssnv2-test.yml +++ b/.github/workflows/ca-clone-ssnv2-test.yml @@ -172,7 +172,7 @@ jobs: - name: Check request range objects if: always() run: | - tests/ca/bin/ca-request-range-objects.sh primaryds | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 primaryds | tee output # new range should be 11 - 20 (size: 10) cat > expected << EOF @@ -188,7 +188,7 @@ jobs: - name: Check cert range objects if: always() run: | - tests/ca/bin/ca-cert-range-objects.sh primaryds | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 primaryds | tee output # there should be no new range diff /dev/null output @@ -386,7 +386,7 @@ jobs: - name: Check request range objects if: always() run: | - tests/ca/bin/ca-request-range-objects.sh secondaryds | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 secondaryds | tee output # there should be no new range # NOTE: there's no indication that part of is has @@ -404,7 +404,7 @@ jobs: - name: Check cert range objects if: always() run: | - tests/ca/bin/ca-cert-range-objects.sh secondaryds | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 secondaryds | tee output # there should be no new range diff /dev/null output @@ -555,7 +555,7 @@ jobs: - name: Check request range objects if: always() run: | - tests/ca/bin/ca-request-range-objects.sh primaryds | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 primaryds | tee output # there should be no new range cat > expected << EOF @@ -571,7 +571,7 @@ jobs: - name: Check cert range objects if: always() run: | - tests/ca/bin/ca-cert-range-objects.sh primaryds | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 primaryds | tee output # there should be no new range diff /dev/null output @@ -843,7 +843,7 @@ jobs: - name: Check request range objects if: always() run: | - tests/ca/bin/ca-request-range-objects.sh primaryds | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 primaryds | tee output # new range should be 21 - 30 (size: 10) cat > expected << EOF @@ -864,7 +864,7 @@ jobs: - name: Check cert range objects if: always() run: | - tests/ca/bin/ca-cert-range-objects.sh primaryds | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 primaryds | tee output # new range should be 0x2b - 0x3c or 43 - 60 (size: 0x12) cat > expected << EOF @@ -1039,7 +1039,7 @@ jobs: - name: Check request range objects if: always() run: | - tests/ca/bin/ca-request-range-objects.sh primaryds | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 primaryds | tee output # there should be no new range cat > expected << EOF @@ -1060,7 +1060,7 @@ jobs: - name: Check cert range objects if: always() run: | - tests/ca/bin/ca-cert-range-objects.sh primaryds | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 primaryds | tee output # there should be no new range cat > expected << EOF diff --git a/.github/workflows/ca-ssnv1-test.yml b/.github/workflows/ca-ssnv1-test.yml index 2c0d6ed0733..8e951adff17 100644 --- a/.github/workflows/ca-ssnv1-test.yml +++ b/.github/workflows/ca-ssnv1-test.yml @@ -1161,8 +1161,8 @@ jobs: - name: Switch to legacy2 run: | docker exec pki pki-server stop - docker exec pki pki-server ca-id-generator-update --type legacy2 request - docker exec pki pki-server ca-id-generator-update --type legacy2 cert + docker exec pki pki-server ca-id-generator-update -v --type legacy2 request + docker exec pki pki-server ca-id-generator-update -v --type legacy2 cert docker exec pki pki-server start --wait @@ -1268,7 +1268,7 @@ jobs: - name: Check new request range objects run: | - tests/ca/bin/ca-request-range-objects.sh ds ou=requests,ou=ranges_v2 | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output # new request range should be 31 - 40 decimal (total: 10) cat > expected << EOF @@ -1320,7 +1320,7 @@ jobs: - name: Check new cert range objects run: | - tests/ca/bin/ca-cert-range-objects.sh ds ou=certificateRepository,ou=ranges_v2 | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output # new cert range should be the same but converted to decimal # first range move from 19-36 (hex) to 25-54 (dec) @@ -1484,7 +1484,7 @@ jobs: - name: Check new request range objects run: | - tests/ca/bin/ca-request-range-objects.sh ds ou=requests,ou=ranges_v2 | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output cat > expected << EOF SecurePort: 8443 @@ -1560,7 +1560,7 @@ jobs: - name: Check new cert range objects run: | - tests/ca/bin/ca-cert-range-objects.sh ds ou=certificateRepository,ou=ranges_v2 | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output cat > expected << EOF SecurePort: 8443 diff --git a/.github/workflows/ca-ssnv2-test.yml b/.github/workflows/ca-ssnv2-test.yml index 9bf74070047..a5e09d01685 100644 --- a/.github/workflows/ca-ssnv2-test.yml +++ b/.github/workflows/ca-ssnv2-test.yml @@ -156,7 +156,7 @@ jobs: - name: Check request range objects if: always() run: | - tests/ca/bin/ca-request-range-objects.sh ds | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output # there should be no new range diff /dev/null output @@ -164,7 +164,7 @@ jobs: - name: Check cert range objects if: always() run: | - tests/ca/bin/ca-cert-range-objects.sh ds | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output # there should be no new range diff /dev/null output @@ -256,7 +256,7 @@ jobs: - name: Check request range objects if: always() run: | - tests/ca/bin/ca-request-range-objects.sh ds | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output # new range should be 11 - 20 (size: 10) cat > expected << EOF @@ -272,7 +272,7 @@ jobs: - name: Check cert range objects if: always() run: | - tests/ca/bin/ca-cert-range-objects.sh ds | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output # there should be no new range diff /dev/null output @@ -391,7 +391,7 @@ jobs: - name: Check request range objects if: always() run: | - tests/ca/bin/ca-request-range-objects.sh ds | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output # there should be no new range cat > expected << EOF @@ -407,7 +407,7 @@ jobs: - name: Check cert range objects if: always() run: | - tests/ca/bin/ca-cert-range-objects.sh ds | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output # there should be no new range diff /dev/null output @@ -519,7 +519,7 @@ jobs: - name: Check request range objects if: always() run: | - tests/ca/bin/ca-request-range-objects.sh ds | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output # there should be no new range cat > expected << EOF @@ -535,7 +535,7 @@ jobs: - name: Check cert range objects if: always() run: | - tests/ca/bin/ca-cert-range-objects.sh ds | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output # there should be no new range diff /dev/null output @@ -616,7 +616,7 @@ jobs: - name: Check request range objects if: always() run: | - tests/ca/bin/ca-request-range-objects.sh ds | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output # new request range should be 21 - 30 (size: 10) cat > expected << EOF @@ -637,7 +637,7 @@ jobs: - name: Check cert range objects if: always() run: | - tests/ca/bin/ca-cert-range-objects.sh ds | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output # new cert range should be 0x19 - 0x2a or 25 - 42 (size: 0x12) cat > expected << EOF @@ -753,7 +753,7 @@ jobs: - name: Check request range objects if: always() run: | - tests/ca/bin/ca-request-range-objects.sh ds | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output # request range objects should be the same cat > expected << EOF @@ -774,7 +774,7 @@ jobs: - name: Check cert range objects if: always() run: | - tests/ca/bin/ca-cert-range-objects.sh ds | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output # cert range objects should be the same cat > expected << EOF @@ -892,7 +892,7 @@ jobs: - name: Check request range objects if: always() run: | - tests/ca/bin/ca-request-range-objects.sh ds | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output # request range objects should be the same cat > expected << EOF @@ -913,7 +913,7 @@ jobs: - name: Check cert range objects if: always() run: | - tests/ca/bin/ca-cert-range-objects.sh ds | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output # cert range objects should be the same cat > expected << EOF @@ -1002,7 +1002,7 @@ jobs: - name: Check request range objects if: always() run: | - tests/ca/bin/ca-request-range-objects.sh ds | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output # new range should be 31 - 40 (size: 10) cat > expected << EOF @@ -1028,7 +1028,7 @@ jobs: - name: Check cert range objects if: always() run: | - tests/ca/bin/ca-cert-range-objects.sh ds | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output # new range should be 0x2b - 0x3c or 43 - 60 (size: 0x12) cat > expected << EOF @@ -1149,7 +1149,7 @@ jobs: - name: Check request range objects if: always() run: | - tests/ca/bin/ca-request-range-objects.sh ds | tee output + tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output # request range objects should be the same cat > expected << EOF @@ -1175,7 +1175,7 @@ jobs: - name: Check cert range objects if: always() run: | - tests/ca/bin/ca-cert-range-objects.sh ds | tee output + tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output # cert range objects should be the same cat > expected << EOF diff --git a/tests/ca/bin/ca-cert-range-objects.sh b/tests/ca/bin/ca-cert-range-objects.sh index fd98641e337..e63d84c89da 100755 --- a/tests/ca/bin/ca-cert-range-objects.sh +++ b/tests/ca/bin/ca-cert-range-objects.sh @@ -1,13 +1,32 @@ #!/bin/bash -e +GENERATOR_TYPE=legacy + +while getopts "t:" arg ; do + case $arg in + t) + GENERATOR_TYPE=$OPTARG + ;; + esac +done + +# remove parsed options and args from $@ list +shift $((OPTIND-1)) + NAME=$1 -RANGE_OBJECT=$2 + +if [ "$GENERATOR_TYPE" == "legacy2" ] +then + RANGE_DN=ou=certificateRepository,ou=ranges_v2,dc=ca,dc=pki,dc=example,dc=com +else + RANGE_DN=ou=certificateRepository,ou=ranges,dc=ca,dc=pki,dc=example,dc=com +fi LIST=$(docker exec $NAME ldapsearch \ -H ldap://$NAME.example.com:3389 \ -D "cn=Directory Manager" \ -w Secret.123 \ - -b ${RANGE_OBJECT:-ou=certificateRepository,ou=ranges},dc=ca,dc=pki,dc=example,dc=com \ + -b $RANGE_DN \ -s one \ -o ldif_wrap=no \ -LLL \ diff --git a/tests/ca/bin/ca-request-range-objects.sh b/tests/ca/bin/ca-request-range-objects.sh index 50cce9b00bb..96036669994 100755 --- a/tests/ca/bin/ca-request-range-objects.sh +++ b/tests/ca/bin/ca-request-range-objects.sh @@ -1,13 +1,32 @@ #!/bin/bash -e +GENERATOR_TYPE=legacy + +while getopts "t:" arg ; do + case $arg in + t) + GENERATOR_TYPE=$OPTARG + ;; + esac +done + +# remove parsed options and args from $@ list +shift $((OPTIND-1)) + NAME=$1 -RANGE_OBJECT=$2 + +if [ "$GENERATOR_TYPE" == "legacy2" ] +then + RANGE_DN=ou=requests,ou=ranges_v2,dc=ca,dc=pki,dc=example,dc=com +else + RANGE_DN=ou=requests,ou=ranges,dc=ca,dc=pki,dc=example,dc=com +fi LIST=$(docker exec $NAME ldapsearch \ -H ldap://$NAME.example.com:3389 \ -D "cn=Directory Manager" \ -w Secret.123 \ - -b ${RANGE_OBJECT:-ou=requests,ou=ranges},dc=ca,dc=pki,dc=example,dc=com \ + -b $RANGE_DN \ -s one \ -o ldif_wrap=no \ -LLL \