Add certificate and hostname checks

Signed-off-by: Dominik Gedon <dominik.gedon@suse.com>
uyuni-project · Oct 19, 2023 · 8238a2a · 8238a2a
1 parent 0cd3a6d
commit 8238a2a
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/testsuite/features/secondary/srv_rename_hostname.feature b/testsuite/features/secondary/srv_rename_hostname.feature
@@ -63,6 +63,9 @@ Feature: Reconfigure the server's hostname
   Scenario: Apply high state on the PXE boot minion to populate new server CA
     When I apply highstate on "pxeboot_minion"
 
+  Scenario: Check all new server certificates on the minions
+    When I check all certificates after renaming the server hostname
+
   Scenario: Do some minimal smoke test on the renamed server
     Given I am on the Systems overview page of this "sle_minion"
     When I follow "Details" in the content area
@@ -124,3 +127,6 @@ Feature: Reconfigure the server's hostname
 @pxeboot_minion
   Scenario: Apply high state on the PXE boot minion to populate new server CA
     When I apply highstate on "pxeboot_minion"
+
+  Scenario: Check all new server certificates on the minions
+    When I check all certificates after renaming the server hostname
diff --git a/testsuite/features/step_definitions/command_steps.rb b/testsuite/features/step_definitions/command_steps.rb
@@ -1508,7 +1508,7 @@
   hostname, _result = get_target('server').run("hostname")
   hostname.strip!
 
-  raise "Wrong hostname after changing it. Is: #{hostname}, should be: #{new_hostname}" if hostname != new_hostname
+  raise "Wrong hostname after changing it. Is: #{hostname}, should be: #{new_hostname}" unless hostname == new_hostname
 
   # Add the new hostname on controller's /etc/hosts to resolve in smoke tests
   `echo '#{server_node.public_ip} #{new_hostname}#{server_node.full_hostname.delete_prefix(server_node.hostname)} #{new_hostname}' >> /etc/hosts`
@@ -1546,6 +1546,29 @@
   raise 'Error in the output logs - see logs above' if out_spacewalk.include? 'No such file or directory'
 end
 
+When(/^I check all certificates after renaming the server hostname$/) do
+  # get server certificate serial to compare it with the other minions
+  command_server = "openssl x509 --noout --text -in /etc/pki/trust/anchors/LOCAL-RHN-ORG-TRUSTED-SSL-CERT | grep -A1 'Serial' | grep -v 'Serial'"
+  server_cert_serial, result_code = get_target('server').run(command_server)
+  server_cert_serial.strip!
+  log "Server certificate serial: #{server_cert_serial}"
+
+  raise 'Error getting server certificate serial!' unless result_code.zero?
+
+  command_minion = "openssl x509 --noout --text -in /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT | grep -A1 'Serial' | grep -v 'Serial'"
+  targets = %w[proxy sle_minion ssh_minion rhlike_minion deblike_minion build_host kvm_server]
+  targets.each do |target|
+    # get all defined minions from the environment variables and check their certificate serial
+    next unless ENV.key? ENV_VAR_BY_HOST[target]
+    minion_cert_serial, result_code = get_target(target).run(command_minion)
+    minion_cert_serial.strip!
+    log "#{target} certificate serial: #{minion_cert_serial}"
+
+    raise 'Error getting server certificate serial!' unless result_code.zero?
+    raise "Error comparing #{target} certificate with server!" unless minion_cert_serial == server_cert_serial
+  end
+end
+
 When(/^I change back the server's hostname$/) do
   server_node = get_target('server')
   old_hostname = server_node.hostname
@@ -1556,6 +1579,10 @@
                    sed -i \'$d\' /etc/hosts &&
                    sed -i \'$d\' /etc/hosts")
   get_target('server', refresh: true) # This will refresh the attributes of this node
+  hostname, _result = get_target('server').run("hostname")
+  hostname.strip!
+
+  raise "Wrong hostname after changing it. Is: #{hostname}, should be: #{new_hostname}" unless hostname == new_hostname
 
   # Cleanup the temporary entry in /etc/hosts on the controller
   `sed -i \'$d\' /etc/hosts`