From e8307b92bfaa9ef009f4a9074281aeaf7ccd013a Mon Sep 17 00:00:00 2001
From: sumenon <sumenon@redhat.com>
Date: Thu, 2 Jul 2020 19:35:37 +0530
Subject: [PATCH 1/2] ipatests: Tests for ipahealthcheck tool with IPA external

This testsuite checks whether the healthcheck tool reports
correct status in a scenario when IPA server is setup with
external self-signed CA. Below are the checks covered

IPACRLManagerCheck
IPACertmongerCA
IPAOpenSSLChainValidation
IPANSSChainValidation
IPARAAgent
---
 .../test_integration/test_ipahealthcheck.py   | 98 +++++++++++++++++++
 1 file changed, 98 insertions(+)

diff --git a/ipatests/test_integration/test_ipahealthcheck.py b/ipatests/test_integration/test_ipahealthcheck.py
index ac13dbdfb3..f718286064 100644
--- a/ipatests/test_integration/test_ipahealthcheck.py
+++ b/ipatests/test_integration/test_ipahealthcheck.py
@@ -904,3 +904,101 @@ def test_ipahealthcheck_trust_agent_member_check(self):
         for check in data:
             assert check["result"] == "SUCCESS"
             assert check["kw"]["key"] == self.master.hostname
+
+
+class TestIpaHealthCheckWithExternalSelfSignedCA(IntegrationTest):
+    """
+    Tests to run and check whether ipa-healthcheck tool reports correct status when
+    IPA Master has external self signed CA.
+    """
+
+    @classmethod
+    def install(cls, mh):
+        result = install_server_external_ca_step1(cls.master)
+        assert result.returncode == 0
+        root_ca_fname, ipa_ca_fname = tasks.sign_ca_and_transport(
+            cls.master, paths.ROOT_IPA_CSR, ROOT_CA, IPA_CA
+        )
+
+        result = install_server_external_ca_step2(
+            cls.master, ipa_ca_fname, root_ca_fname
+        )
+        assert result.returncode == 0
+        tasks.kinit_admin(cls.master)
+
+    def test_ipahealthcheck_crlmanagercheck(self):
+        """
+        Test for IPACRLManagerCheck
+        """
+        returncode, data = run_healthcheck(
+            self.master, "ipahealthcheck.ipa.roles", "IPACRLManagerCheck"
+        )
+        assert returncode == 0
+        for check in data:
+            assert check["result"] == "SUCCESS"
+            assert check["kw"]["key"] == "crl_manager"
+            assert check["kw"]["crlgen_enabled"] is True
+
+    def test_ipahealthcheck_certmongerca(self):
+        """
+        Test for IPACertmongerCA
+        """
+        returncode, data = run_healthcheck(
+            self.master, "ipahealthcheck.ipa.certs", "IPACertmongerCA",
+        )
+        assert returncode == 0
+        for check in data:
+            assert check["result"] == "SUCCESS"
+            assert (
+                check["kw"]["key"] == "IPA"
+                or check["kw"]["key"] == "dogtag-ipa-ca-renew-agent"
+                or check["kw"]["key"] == "dogtag-ipa-ca-renew-agent-reuse"
+            )
+
+    def test_ipahealthcheck_ipaopensslchainvalidation(self):
+        """
+        Test for IPAOpenSSLChainValidation
+        """
+        returncode, data = run_healthcheck(
+            self.master,
+            "ipahealthcheck.ipa.certs",
+            "IPAOpenSSLChainValidation",
+        )
+        assert returncode == 0
+        for check in data:
+            assert check["result"] == "SUCCESS"
+            assert (
+                check["kw"]["key"] == paths.HTTPD_CERT_FILE
+                or check["kw"]["key"] == paths.RA_AGENT_PEM
+            )
+
+    def test_ipahealthcheck_ipansschainvalidation(self):
+        """
+        Test for IPANSSChainValidation
+        """
+        instance = realm_to_serverid(self.master.domain.realm)
+        returncode, data = run_healthcheck(
+            self.master, "ipahealthcheck.ipa.certs", "IPANSSChainValidation",
+        )
+        assert returncode == 0
+        for check in data:
+            if check["kw"]["dbdir"] == (paths.PKI_TOMCAT_ALIAS_DIR):
+                assert check["result"] == "SUCCESS"
+                assert check["kw"]["nickname"] == "Server-Cert cert-pki-ca"
+            elif check["kw"]["dbdir"] == (
+                paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % instance
+            ):
+                assert check["result"] == "SUCCESS"
+                assert check["kw"]["nickname"] == "Server-Cert"
+
+    def test_ipahealthcheck_iparaagent(self):
+        """
+        Test for IPARAAgent
+        """
+        returncode, data = run_healthcheck(
+            self.master, "ipahealthcheck.ipa.certs", "IPARAAgent"
+        )
+        assert returncode == 0
+        for check in data:
+            assert check["result"] == "SUCCESS"
+            assert check["kw"] == {}

From e36c90bd12a183fed94b5fa3e9f5f1837607b53d Mon Sep 17 00:00:00 2001
From: sumenon <sumenon@redhat.com>
Date: Thu, 2 Jul 2020 19:41:35 +0530
Subject: [PATCH 2/2] Temp Commit

---
 .freeipa-pr-ci.yaml                        | 2 +-
 ipatests/prci_definitions/temp_commit.yaml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index abcf8c5b63..8065669008 120000
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -1 +1 @@
-ipatests/prci_definitions/gating.yaml
\ No newline at end of file
+ipatests/prci_definitions/temp_commit.yaml
\ No newline at end of file
diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml
index 88e59833d1..3754e881b1 100644
--- a/ipatests/prci_definitions/temp_commit.yaml
+++ b/ipatests/prci_definitions/temp_commit.yaml
@@ -68,7 +68,7 @@ jobs:
       class: RunPytest
       args:
         build_url: '{fedora-latest/build_url}'
-        test_suite: test_integration/test_REPLACEME.py
+        test_suite: test_integration/test_ipahealthcheck.py::TestIpaHealthCheckWithExternalCA
         template: *ci-master-latest
         timeout: 3600
-        topology: *master_1repl_1client
+        topology: *master_1repl