def expire_cert_critical():
"""
Fixture to expire the certs by moving the system date using
date -s command and revert it back
"""
hosts = dict()
def _expire_cert_critical(host, setup_kra=False):
hosts['host'] = host
# Do not install NTP as the test plays with the date
tasks.install_master(host, setup_dns=False, extra_args=['--no-ntp'])
if setup_kra:
tasks.install_kra(host)
# move date to expire certs
tasks.move_date(host, 'stop', '+3Years+1day')
yield _expire_cert_critical
host = hosts.pop('host')
# Prior to uninstall remove all the cert tracking to prevent
# errors from certmonger trying to check the status of certs
# that don't matter because we are uninstalling.
host.run_command(['systemctl', 'stop', 'certmonger'])
host.run_command(['rm', '-f', paths.CERTMONGER_REQUESTS_DIR + '/*'])
tasks.uninstall_master(host)
tasks.move_date(host, 'start', '-3Years-1day')
def _expire_cert_critical(host, setup_kra=False):
hosts['host'] = host
# Do not install NTP as the test plays with the date
tasks.install_master(host, setup_dns=False, extra_args=['--no-ntp'])
if setup_kra:
tasks.install_kra(host)
# move date to expire certs
tasks.move_date(host, 'stop', '+3Years+1day')
def expire_ca_cert(self):
tasks.install_master(self.master, setup_dns=False,
extra_args=['--no-ntp'])
tasks.move_date(self.master, 'stop', '+20Years+1day')
yield
tasks.uninstall_master(self.master)
tasks.move_date(self.master, 'start', '-20Years-1day')
def expire_certs(self):
# move system date to expire certs
for host in self.master, self.replicas[0]:
tasks.move_date(host, 'stop', '+3years+1days')
yield
# move date back on replica and master
for host in self.master, self.replicas[0]:
tasks.move_date(host, 'start', '-3years-1days')
def issue_and_expire_cert(self):
"""Fixture to expire cert by moving date past expiry of acme cert"""
# enable the ACME service on master
self.master.run_command(['ipa-acme-manage', 'enable'])
# register the account with certbot
certbot_register(self.clients[0], self.acme_server)
# request a standalone acme cert
certbot_standalone_cert(self.clients[0], self.acme_server)
# move system date to expire acme cert
for host in self.clients[0], self.master:
tasks.kdestroy_all(host)
tasks.move_date(host, 'stop', '+90days')
tasks.get_kdcinfo(host)
# Note raiseonerr=False:
# the assert is located after kdcinfo retrieval.
result = host.run_command(
"KRB5_TRACE=/dev/stdout kinit %s" % 'admin',
stdin_text='{0}\n{0}\n{0}\n'.format(
self.clients[0].config.admin_password
),
raiseonerr=False
)
# Retrieve kdc.$REALM after the password change, just in case SSSD
# domain status flipped to online during the password change.
tasks.get_kdcinfo(host)
assert result.returncode == 0
yield
# move back date
for host in self.clients[0], self.master:
tasks.kdestroy_all(host)
tasks.move_date(host, 'start', '-90days')
tasks.kinit_admin(host)
def expire_cert_critical():
"""
Fixture to expire the certs by moving the system date using
date -s command and revert it back
"""
hosts = dict()
def _expire_cert_critical(host, setup_kra=False):
hosts['host'] = host
# Do not install NTP as the test plays with the date
tasks.install_master(host, setup_dns=False, extra_args=['--no-ntp'])
if setup_kra:
tasks.install_kra(host)
# move date to expire certs
tasks.move_date(host, 'stop', '+3Years+1day')
yield _expire_cert_critical
host = hosts.pop('host')
tasks.uninstall_master(host)
tasks.move_date(host, 'start', '-3Years-1day')