Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test_automation_for_RFE_Need_Method_to_copy_SKI_from_CSR_to_Certifica… #3351

Merged
merged 2 commits into from
Nov 5, 2020
Merged

Test_automation_for_RFE_Need_Method_to_copy_SKI_from_CSR_to_Certifica… #3351

merged 2 commits into from
Nov 5, 2020

Conversation

gswami90-pf9
Copy link
Contributor

Test Case Added.

1] Updating existing caCACert.cfg profile with parameter 'policyset.caCertSet.8.default.params.useSKIFromCertRequest=true'.

2] Generating CSR using certutil with --extSKID extension and submitting same to the CA subsystem, upon approving request with profile caCACert , verify if SKI extension identical in CSR and Signed Certificate.

Signed-off-by: Gaurav Swami gswami@redhat.com

SilleBille
SilleBille reviewed Oct 11, 2020
View reviewed changes
Copy link
Member

@SilleBille SilleBille left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gswami90 Thanks for the PR. Please see my suggestions below.

Also, this PR seems to be an extension to an already existing PR that I and @06shalini worked on: #556

There are 2 reasons why the CI fails:

 E           pytest_ansible.errors.AnsibleModuleError: The module pki was not found in configured module paths.

Check if the /vagrant/tests/dogtag/pytest-ansible/common-modules/ is being exported correctly.

  1. Regex issue

.github/workflows/qe-tests.yml Outdated Show resolved Hide resolved
...ytest-ansible/pytest/ca/bugzilla/test_bug_1787115_Copy_SKI_from_CSR_to_Certificate_Signed.py Outdated Show resolved Hide resolved
...ytest-ansible/pytest/ca/bugzilla/test_bug_1787115_Copy_SKI_from_CSR_to_Certificate_Signed.py Outdated Show resolved Hide resolved
@06shalini
Copy link
Contributor

@SilleBille
I notice that with the new tests which @gswami90 has added, it failed to find pki ansible module.

I tried to look into the runner. And it failed even :

  1. after exporting the ANSIBLE_LIBRARY=/vagrant/tests/dogtag/pytest-ansible/common-modules/
  2. and parsing the path in test argument --ansible-module-path /vagrant/tests/dogtag/pytest-ansible/common-modules/

How did you make /vagrant/tests/dogtag/pytest-ansible/pytest/sanity/test_role_users.py work for you ?
Could you please have a look.

@SilleBille
Copy link
Member

@06shalini This seems to be weird. You'll have to debug this on the runner directly.

At first, when trying to run ca-profile-show, it throws an error that pki module is missing. Check the logs:

>   	profile_show = ansible_module.pki(cli='ca-profile-show',
    	                                  nssdb=constants.NSSDB,
    	                                  port=constants.CA_HTTP_PORT,
    	                                  dbpassword=constants.CLIENT_DATABASE_PASSWORD,
    	                                  certnick='"{}"'.format(constants.CA_ADMIN_NICK),
    	                                  extra_args='{} --raw'.format(profile))

/vagrant/tests/dogtag/pytest-ansible/pytest/ca/bugzilla/test_bug_1787115_Copy_SKI_from_CSR_to_Certificate_Signed.py:76: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <pytest_ansible.module_dispatcher.v28.ModuleDispatcherV28 object at 0x7feb37e99eb0>
name = 'pki'

    def __getattr__(self, name):
        """Run the ansible module matching the provided `name`.
    
        Raise `AnsibleModuleError` when no such module exists.
        """
        if not self.has_module(name):
            # TODO: should we just raise an AttributeError, or a more
            # raise AttributeError("'{0}' object has no attribute '{1}'".format(self.__class__.__name__, name))
>           raise AnsibleModuleError("The module {0} was not found in configured module paths.".format(name))
E           pytest_ansible.errors.AnsibleModuleError: The module pki was not found in configured module paths.

Then, when it tries to run the ca-cert-show, the module seems to have been imported correctly. Check this:

    	cert_show = ansible_module.pki(cli='ca-cert-show',
    	                               nssdb=constants.NSSDB,
    	                               port=constants.CA_HTTP_PORT,
    	                               dbpassword=constants.CLIENT_DATABASE_PASSWORD,
    	                               extra_args='{}  --output {}'.format(cert_request_id, SKI_CRT))
    
    	ansible_module.package(name='dumpasn1', state='latest')
    	ansible_module.shell('AtoB  {} {}'.format(SKI_CRT, SKI_CRT))
    	dumpasn1 = ansible_module.command('dumpasn1 -a -d -v -l  {}'.format(SKI_CRT))
    	for res in dumpasn1.values():
    		log.info("Running : {}".format(res['cmd']))
    		if res['rc'] == 0:
>   			assert "OCTET STRING CB A7 AA 1E 3D 27 84 15 3D 47" in res['stdout']
E      assert 'OCTET STRING CB A7 AA 1E 3D 27 84 15 3D 47' in "    <30 82 03 B1>\n  0 945: SEQUENCE {\n    <30 82 02 99>\n  4 665: . SEQUENCE {\n    <A0 03>\n  8   3: . . [0] {\n  ... . F9 91 E3 8D 1F 98 ED 29    .......)\n       : . . C0 D1 9F 4C 05 63 B8 C8                            \n       : . }"

So, I think there is an issue with the python source code itself rather than the environment in runners

@gswami90-pf9 gswami90-pf9 force-pushed the test_BZ_1787115 branch 3 times, most recently from 016959a to 13c0fd9 Compare October 14, 2020 10:42
@gswami90-pf9 gswami90-pf9 force-pushed the test_BZ_1787115 branch 3 times, most recently from f1bc3db to dde17c3 Compare October 23, 2020 14:43
edewata
edewata approved these changes Nov 3, 2020
View reviewed changes
Copy link
Contributor

@edewata edewata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not really familiar with this area, but I have no objection. If QE thinks this is fine, feel free to merge.

06shalini
06shalini reviewed Nov 5, 2020
View reviewed changes
Copy link
Contributor

@06shalini 06shalini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gswami90 Looks goo to me.! But you need to rebase the PR

tests/dogtag/pytest-ansible/pki.testlib.egg-info/PKG-INFO Outdated Show resolved Hide resolved
...ytest-ansible/pytest/ca/bugzilla/test_bug_1787115_Copy_SKI_from_CSR_to_Certificate_Signed.py Show resolved Hide resolved
@gswami90-pf9
Test_automation_for_RFE_Need_Method_to_copy_SKI_from_CSR_to_Certifica…
ffd865b 
…te_signed

Signed-off-by: Gaurav Swami <gswami@redhat.com>
@gswami90-pf9
Test_automation_for_RFE_Need_Method_to_copy_SKI_from_CSR_to_Certifica…
bf46425 
…te_signed

Signed-off-by: Gaurav Swami <gswami@redhat.com>
@06shalini 06shalini merged commit 9e450c2 into dogtagpki:master Nov 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cipherboy cipherboy cipherboy left review comments

@SilleBille SilleBille SilleBille left review comments

@06shalini 06shalini 06shalini left review comments

@edewata edewata edewata approved these changes

@dpuniaredhat dpuniaredhat dpuniaredhat approved these changes

@jmagne jmagne Awaiting requested review from jmagne

@PsOverflow PsOverflow Awaiting requested review from PsOverflow

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@gswami90-pf9 @06shalini @SilleBille @cipherboy @edewata @dpuniaredhat