use of rhsm.data.EntitlementCert in project rhsm-qe by RedHatQE.
the class ContentTests method testSubscribabilityOfSKUProvidingA185ContentSetProduct.
@// update=true // uncomment to make TestDefinition changes update Polarion testcases through the polarize testcase importer
TestDefinition(projectID = { Project.RHEL6, Project.RedHatEnterpriseLinux7 }, testCaseID = { "RHEL6-36652", "RHEL7-51484" }, level = DefTypes.Level.COMPONENT, component = "subscription-manager", testtype = @TestType(testtype = DefTypes.TestTypes.FUNCTIONAL, subtype1 = DefTypes.Subtypes.RELIABILITY, subtype2 = DefTypes.Subtypes.EMPTY), posneg = PosNeg.POSITIVE, importance = DefTypes.Importance.HIGH, automation = DefTypes.Automation.AUTOMATED, tags = "Tier2")
@Test(description = "Verify that a 185 content set product subscription is always subscribable", groups = { "Tier2Tests", "SubscribabilityOfContentSetProduct_Tests", "blockedByBug-871146", "blockedByBug-905546" }, enabled = true)
public // @ImplementsNitrateTest(caseId=)
void testSubscribabilityOfSKUProvidingA185ContentSetProduct() {
Map<String, String> factsMap = new HashMap<String, String>();
File entitlementCertFile;
EntitlementCert entitlementCert;
String systemCertificateVersionFactValue;
clienttasks.register(sm_clientUsername, sm_clientPassword, sm_clientOrg, null, null, null, null, null, null, null, (String) null, null, null, null, true, false, null, null, null, null);
SubscriptionPool pool = SubscriptionPool.findFirstInstanceWithMatchingFieldFromList("productId", subscriptionSKUProvidingA185ContentSetProduct, clienttasks.getCurrentlyAvailableSubscriptionPools());
Assert.assertNotNull(pool, "Found an available pool to subscribe to productId '" + subscriptionSKUProvidingA185ContentSetProduct + "': " + pool);
// test that it IS subscribable when system.certificate_version: None
factsMap.put("system.certificate_version", null);
clienttasks.createFactsFileWithOverridingValues(factsMap);
clienttasks.facts(null, true, null, null, null, null);
Assert.assertEquals(clienttasks.getFactValue("system.certificate_version"), "None", "When the system.certificate_version fact is null, its fact value is reported as 'None'.");
// entitlementCertFile = clienttasks.subscribeToProductId(skuTo185ContentSetProduct);
// entitlementCert = clienttasks.getEntitlementCertFromEntitlementCertFile(entitlementCertFile);
clienttasks.subscribe(null, null, pool.poolId, null, null, null, null, null, null, null, null, null, null);
entitlementCert = clienttasks.getEntitlementCertCorrespondingToSubscribedPool(pool);
entitlementCertFile = clienttasks.getEntitlementCertFileFromEntitlementCert(entitlementCert);
Assert.assertEquals(entitlementCert.version, "1.0", "When the system.certificate_version fact is null, the version of the entitlement certificate granted by candlepin is '1.0'.");
Assert.assertEquals(entitlementCert.contentNamespaces.size(), 185, "The number of content sets provided in the version 1.0 entitlement cert parsed using the rct cat-cert tool.");
entitlementCert = clienttasks.getEntitlementCertFromEntitlementCertFileUsingOpensslX509(entitlementCertFile);
Assert.assertEquals(entitlementCert.contentNamespaces.size(), 185, "The number of content sets provided in this version '" + entitlementCert.version + "' entitlement cert parsed using the openssl x509 tool.");
clienttasks.assertEntitlementCertsInYumRepolist(Arrays.asList(entitlementCert), true);
// clienttasks.unsubscribeFromAllOfTheCurrentlyConsumedProductSubscriptions();
clienttasks.unsubscribeFromSerialNumber(clienttasks.getSerialNumberFromEntitlementCertFile(entitlementCertFile));
// test that it IS subscribable when system.certificate_version: 1.0
factsMap.put("system.certificate_version", "1.0");
clienttasks.createFactsFileWithOverridingValues(factsMap);
clienttasks.facts(null, true, null, null, null, null);
Assert.assertEquals(clienttasks.getFactValue("system.certificate_version"), "1.0", "When the system.certificate_version fact is 1.0, its fact value is reported as '1.0'.");
// entitlementCertFile = clienttasks.subscribeToProductId(skuTo185ContentSetProduct);
// entitlementCert = clienttasks.getEntitlementCertFromEntitlementCertFile(entitlementCertFile);
clienttasks.subscribe(null, null, pool.poolId, null, null, null, null, null, null, null, null, null, null);
entitlementCert = clienttasks.getEntitlementCertCorrespondingToSubscribedPool(pool);
entitlementCertFile = clienttasks.getEntitlementCertFileFromEntitlementCert(entitlementCert);
Assert.assertEquals(entitlementCert.version, "1.0", "When the system.certificate_version fact is 1.0, the version of the entitlement certificate granted by candlepin is '1.0'.");
Assert.assertEquals(entitlementCert.contentNamespaces.size(), 185, "The number of content sets provided in the version 1.0 entitlement cert parsed using the rct cat-cert tool.");
entitlementCert = clienttasks.getEntitlementCertFromEntitlementCertFileUsingOpensslX509(entitlementCertFile);
Assert.assertEquals(entitlementCert.contentNamespaces.size(), 185, "The number of content sets provided in this version '" + entitlementCert.version + "' entitlement cert parsed using the openssl x509 tool.");
clienttasks.assertEntitlementCertsInYumRepolist(Arrays.asList(entitlementCert), true);
// clienttasks.unsubscribeFromAllOfTheCurrentlyConsumedProductSubscriptions();
clienttasks.unsubscribeFromSerialNumber(clienttasks.getSerialNumberFromEntitlementCertFile(entitlementCertFile));
// test that it IS subscribable when system.certificate_version is the system's default value (should be >=3.0)
clienttasks.deleteFactsFileWithOverridingValues();
systemCertificateVersionFactValue = clienttasks.getFactValue("system.certificate_version");
Assert.assertTrue(Float.valueOf(systemCertificateVersionFactValue) >= 3.0, "The actual default system.certificate_version fact '" + systemCertificateVersionFactValue + "' is >= 3.0.");
// entitlementCertFile = clienttasks.subscribeToProductId(skuTo185ContentSetProduct);
// entitlementCert = clienttasks.getEntitlementCertFromEntitlementCertFile(entitlementCertFile);
clienttasks.subscribe(null, null, pool.poolId, null, null, null, null, null, null, null, null, null, null);
entitlementCert = clienttasks.getEntitlementCertCorrespondingToSubscribedPool(pool);
entitlementCertFile = clienttasks.getEntitlementCertFileFromEntitlementCert(entitlementCert);
// TOO ASSERTIVE Assert.assertTrue(Float.valueOf(entitlementCert.version)<=Float.valueOf(systemCertificateVersionFactValue),"The version of the entitlement certificate '"+entitlementCert.version+"' granted by candlepin is less than or equal to the system.certificate_version '"+systemCertificateVersionFactValue+"' which indicates the maximum certificate version this system knows how to handle."); // This assert was too assertive according to https://bugzilla.redhat.com/show_bug.cgi?id=1425236#c2
// Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1425236#c2
Assert.assertEquals(Float.valueOf(entitlementCert.version).intValue(), Float.valueOf(systemCertificateVersionFactValue).intValue(), "The major value of the entitlement certificate '" + entitlementCert.version + "' granted by candlepin matches the major value of the system.certificate_version '" + systemCertificateVersionFactValue + "' which indicates certificate compatibility.");
Assert.assertEquals(entitlementCert.contentNamespaces.size(), 185, "The number of content sets provided in this version '" + entitlementCert.version + "' entitlement cert parsed using the rct cat-cert tool.");
clienttasks.assertEntitlementCertsInYumRepolist(Arrays.asList(entitlementCert), true);
// clienttasks.unsubscribeFromAllOfTheCurrentlyConsumedProductSubscriptions();
clienttasks.unsubscribeFromSerialNumber(clienttasks.getSerialNumberFromEntitlementCertFile(entitlementCertFile));
}
use of rhsm.data.EntitlementCert in project rhsm-qe by RedHatQE.
the class ContentTests method testRhelSubscriptionContentIsAvailable.
@// update=true // uncomment to make TestDefinition changes update Polarion testcases through the polarize testcase importer
TestDefinition(projectID = { Project.RHEL6, Project.RedHatEnterpriseLinux7 }, testCaseID = { "RHEL6-20084", "RHEL7-55189" }, level = DefTypes.Level.COMPONENT, component = "subscription-manager", testtype = @TestType(testtype = DefTypes.TestTypes.FUNCTIONAL, subtype1 = DefTypes.Subtypes.RELIABILITY, subtype2 = DefTypes.Subtypes.EMPTY), posneg = PosNeg.POSITIVE, importance = DefTypes.Importance.HIGH, automation = DefTypes.Automation.AUTOMATED, tags = "Tier1")
@Test(description = "Verify that all there is at least one available RHEL subscription and that yum content is available for the installed RHEL product cert", groups = { "Tier1Tests", "FipsTests", "blockedByBug-1156638" }, enabled = true)
public // @ImplementsNitrateTest(caseId=)
void testRhelSubscriptionContentIsAvailable() throws JSONException, Exception {
// TEMPORARY WORKAROUND
if (clienttasks.arch.equals("ppc64le")) {
boolean invokeWorkaroundWhileBugIsOpen = true;
// Bug 1156638 - "Red Hat Enterprise Linux for IBM POWER" subscriptions need to provide content for arch "ppc64le"
String bugId = "1156638";
try {
if (invokeWorkaroundWhileBugIsOpen && BzChecker.getInstance().isBugOpen(bugId)) {
log.fine("Invoking workaround for " + BzChecker.getInstance().getBugState(bugId).toString() + " Bugzilla " + bugId + ". (https://bugzilla.redhat.com/show_bug.cgi?id=" + bugId + ")");
SubscriptionManagerCLITestScript.addInvokedWorkaround(bugId);
} else {
invokeWorkaroundWhileBugIsOpen = false;
}
} catch (BugzillaAPIException be) {
/* ignore exception */
} catch (RuntimeException re) {
/* ignore exception */
}
if (invokeWorkaroundWhileBugIsOpen) {
throw new SkipException("Skipping this test on arch '" + clienttasks.arch + "' while blocking bug '" + bugId + "' is open.");
}
}
// END OF WORKAROUND
// get the currently installed RHEL product cert
ProductCert rhelProductCert = clienttasks.getCurrentRhelProductCert();
Assert.assertNotNull(rhelProductCert, "Expecting a RHEL Product Cert to be installed.");
log.info("RHEL product cert installed: " + rhelProductCert);
// register and make sure autoheal is off
clienttasks.register(sm_clientUsername, sm_clientPassword, sm_clientOrg, null, null, null, null, null, null, null, (String) null, null, null, null, true, null, null, null, null, null);
clienttasks.autoheal(null, null, true, null, null, null, null);
// verify that NO yum content is available since no entitlements have been granted
Integer yumRepolistPackageCount = clienttasks.getYumRepolistPackageCount("enabled");
// added only for debugging a failure
if (yumRepolistPackageCount > 0)
clienttasks.list_(null, null, true, null, null, null, null, null, null, null, null, null, null, null);
Assert.assertEquals(yumRepolistPackageCount, new Integer(0), "Expecting no available packages (actual='" + yumRepolistPackageCount + "') because no RHEL subscription have been explicitly attached.");
// loop through the available pools looking for those that provide content for this rhelProductCert
boolean rhelYumContentIsAvailable = true;
boolean rhelSubscriptionIsAvailable = false;
for (SubscriptionPool pool : clienttasks.getCurrentlyAvailableSubscriptionPools()) {
if (CandlepinTasks.getPoolProvidedProductIds(sm_clientUsername, sm_clientPassword, sm_serverUrl, pool.poolId).contains(rhelProductCert.productId)) {
// subscribe
EntitlementCert rhelEntitlementCert = clienttasks.getEntitlementCertFromEntitlementCertFile(clienttasks.subscribeToSubscriptionPool(pool, sm_clientUsername, sm_clientPassword, sm_serverUrl));
// Brand Name:
if (rhelProductCert.productId.equals("261") && clienttasks.arch.equals("aarch64")) {
boolean invokeWorkaroundWhileBugIsOpen = true;
String bugId = "1174966";
try {
if (invokeWorkaroundWhileBugIsOpen && BzChecker.getInstance().isBugOpen(bugId)) {
log.fine("Invoking workaround for " + BzChecker.getInstance().getBugState(bugId).toString() + " Bugzilla " + bugId + ". (https://bugzilla.redhat.com/show_bug.cgi?id=" + bugId + ")");
SubscriptionManagerCLITestScript.addInvokedWorkaround(bugId);
} else {
invokeWorkaroundWhileBugIsOpen = false;
}
} catch (BugzillaAPIException be) {
/* ignore exception */
} catch (RuntimeException re) {
/* ignore exception */
}
if (invokeWorkaroundWhileBugIsOpen) {
String enablerepo = "rhel-server-for-arm-development-preview-rpms";
log.info("Explicitly enabling repo '" + enablerepo + "' to gain access to ARM content.");
clienttasks.repos(null, null, null, enablerepo, null, null, null, null, null);
}
}
// WORKAROUND FOR RHEL-ALT-7.5 aarch64
if (clienttasks.redhatReleaseXY.equals("7.5") && rhelProductCert.productId.equals("433")) {
// Red Hat Enterprise Linux for IBM System z (Structure A) Beta
String repo = "rhel-7-for-system-z-a-beta-rpms";
log.info("WORKAROUND: Enabling beta repo '" + repo + "' for installed product '" + rhelProductCert.productName + "' (" + rhelProductCert.productId + ") because this is the debut release for this product. No GA content from repo rhel-7-for-system-z-a-rpms is available yet.");
clienttasks.repos(null, null, null, repo, null, null, null, null, null);
}
// END OF WORKAROUND
// verify that rhel yum content is available
yumRepolistPackageCount = clienttasks.getYumRepolistPackageCount("enabled");
if (yumRepolistPackageCount > 0) {
Assert.assertTrue(yumRepolistPackageCount > 0, "Expecting many available packages (actual='" + yumRepolistPackageCount + "') of enabled repo content because RHEL subscription '" + pool.subscriptionName + "' SKU '" + pool.productId + "' was just attached.");
} else {
log.warning("No enabled yum repo content packages are available after attaching RHEL subscription '" + pool.subscriptionName + "'. (This can happen when the RHEL product is brand new and content has not yet been pushed to '" + clienttasks.baseurl + "')");
rhelYumContentIsAvailable = false;
}
// unsubscribe
clienttasks.unsubscribe(null, rhelEntitlementCert.serialNumber, null, null, null, null, null);
rhelSubscriptionIsAvailable = true;
if (rhelYumContentIsAvailable)
break;
}
}
if (!rhelSubscriptionIsAvailable && sm_serverType.equals(CandlepinType.standalone))
throw new SkipException("Skipping this test against a standalone Candlepin server that has no RHEL subscriptions available.");
// TEMPORARY WORKAROUND FOR BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1090058
if (clienttasks.redhatReleaseX.equals("5") && clienttasks.arch.startsWith("ppc")) {
boolean invokeWorkaroundWhileBugIsOpen = true;
String bugId = "1090058";
try {
if (invokeWorkaroundWhileBugIsOpen && BzChecker.getInstance().isBugOpen(bugId)) {
log.fine("Invoking workaround for " + BzChecker.getInstance().getBugState(bugId).toString() + " Bugzilla " + bugId + ". (https://bugzilla.redhat.com/show_bug.cgi?id=" + bugId + ")");
SubscriptionManagerCLITestScript.addInvokedWorkaround(bugId);
} else {
invokeWorkaroundWhileBugIsOpen = false;
}
} catch (BugzillaAPIException be) {
/* ignore exception */
} catch (RuntimeException re) {
/* ignore exception */
}
if (invokeWorkaroundWhileBugIsOpen) {
if (!rhelSubscriptionIsAvailable)
throw new SkipException("skipping this test while bug '" + bugId + "' is open");
}
}
if (!rhelSubscriptionIsAvailable) {
clienttasks.facts_(true, null, null, null, null, null);
log.warning("This test is about to fail and may be due to the lack of an available subscription with enough socket/ram/core support to cover this system. Visually confirm by reviewing the system facts above.");
}
Assert.assertTrue(rhelSubscriptionIsAvailable, "Successfully subscribed to at least one available RHEL subscription that provided for our installed RHEL product cert: " + rhelProductCert);
Assert.assertTrue(rhelYumContentIsAvailable, "All of the RHEL subscriptions subscribed provided at least one enabled yum content package applicable for our installed RHEL product cert: " + rhelProductCert + " (See WARNINGS logged above for failed subscriptions)");
}
use of rhsm.data.EntitlementCert in project rhsm-qe by RedHatQE.
the class ContentTests method testGpgCheckValuesInYumRepos.
@// update=true // uncomment to make TestDefinition changes update Polarion testcases through the polarize testcase importer
TestDefinition(projectID = { Project.RHEL6, Project.RedHatEnterpriseLinux7 }, testCaseID = { "RHEL6-20082", "RHEL7-51098" }, level = DefTypes.Level.COMPONENT, component = "subscription-manager", testtype = @TestType(testtype = DefTypes.TestTypes.FUNCTIONAL, subtype1 = DefTypes.Subtypes.RELIABILITY, subtype2 = DefTypes.Subtypes.EMPTY), posneg = PosNeg.POSITIVE, importance = DefTypes.Importance.HIGH, automation = DefTypes.Automation.AUTOMATED, tags = "Tier1")
@Test(description = "subscription-manager content flag : gpgcheck value in redhat.repo should be disabled when gpg_url is empty or null", groups = { "Tier1Tests", "blockedByBug-741293", "blockedByBug-805690", "blockedByBug-962520" }, enabled = true)
public // @ImplementsNitrateTest(caseId=)
void testGpgCheckValuesInYumRepos() throws JSONException, Exception {
// [root@jsefler-r63-server ~]# cat /etc/yum.repos.d/redhat.repo
// #
// # Certificate-Based Repositories
// # Managed by (rhsm) subscription-manager
// #
// # If this file is empty and this system is subscribed consider
// # a "yum repolist" to refresh available repos
// #
//
// [content-label]
// name = content
// baseurl = https://cdn.redhat.com/foo/path
// enabled = 1
// gpgcheck = 1
// gpgkey = https://cdn.redhat.com/foo/path/gpg/
// sslverify = 1
// sslcacert = /etc/rhsm/ca/redhat-uep.pem
// sslclientkey = /etc/pki/entitlement/5488047145460852736-key.pem
// sslclientcert = /etc/pki/entitlement/5488047145460852736.pem
// metadata_expire = 0
// 1.3.6.1.4.1.2312.9.2 (Content Namespace)
// 1.3.6.1.4.1.2312.9.2.<content_hash> (Red Hat Enterprise Linux (core server))
// 1.3.6.1.4.1.2312.9.2.<content_hash>.1 (Yum repo type))
// 1.3.6.1.4.1.2312.9.2.<content_hash>.1.1 (Name) : Red Hat Enterprise Linux (core server)
// 1.3.6.1.4.1.2312.9.2.<content_hash>.1.2 (Label) : rhel-server
// 1.3.6.1.4.1.2312.9.2.<content_hash>.1.5 (Vendor ID): %Red_Hat_Id% or %Red_Hat_Label%
// 1.3.6.1.4.1.2312.9.2.<content_hash>.1.6 (Download URL): content/rhel-server/$releasever/$basearch
// 1.3.6.1.4.1.2312.9.2.<content_hash>.1.7 (GPG Key URL): file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
// 1.3.6.1.4.1.2312.9.2.<content_hash>.1.8 (Enabled): 1
// 1.3.6.1.4.1.2312.9.2.<content_hash>.1.9 (Metadata Expire Seconds): 604800
// 1.3.6.1.4.1.2312.9.2.<content_hash>.1.10 (Required Tags): TAG1,TAG2,TAG3
List<ProductCert> currentProductCerts = clienttasks.getCurrentProductCerts();
clienttasks.register(sm_clientUsername, sm_clientPassword, sm_clientOrg, null, null, null, null, null, null, null, (String) null, null, null, null, true, false, null, null, null, null);
if (clienttasks.subscribeToTheCurrentlyAvailableSubscriptionPoolsCollectively().size() <= 0)
throw new SkipException("No available subscriptions were found. Therefore we cannot perform this test.");
List<EntitlementCert> entitlementCerts = clienttasks.getCurrentEntitlementCerts();
// or maybe we should skip when nothing is consumed
Assert.assertTrue(!entitlementCerts.isEmpty(), "After subscribing to all available subscription pools, there must be some entitlements.");
ArrayList<String> repolist = clienttasks.getYumRepolist("enabled");
List<YumRepo> yumRepos = clienttasks.getCurrentlySubscribedYumRepos();
for (EntitlementCert entitlementCert : entitlementCerts) {
for (ContentNamespace contentNamespace : entitlementCert.contentNamespaces) {
if (!contentNamespace.type.equalsIgnoreCase("yum"))
continue;
if (contentNamespace.enabled) {
if (!clienttasks.areAllRequiredTagsInContentNamespaceProvidedByProductCerts(contentNamespace, currentProductCerts))
continue;
YumRepo yumRepo = YumRepo.findFirstInstanceWithMatchingFieldFromList("id", /*label*/
contentNamespace.label, yumRepos);
Assert.assertNotNull(yumRepo, "Found the yum repo within '" + clienttasks.redhatRepoFile + "' corresponding to the entitled content namespace label '" + contentNamespace.label + "'.");
// case 1: contentNamespace.gpgKeyUrl==null
if (contentNamespace.gpgKeyUrl == null) {
Assert.assertFalse(yumRepo.gpgcheck, "gpgcheck is False for Yum repo '" + yumRepo.id + "' when corresponding entitlement contentNamespace has a null gpgKeyUrl: contentNamespace: " + contentNamespace);
Assert.assertNull(yumRepo.gpgkey, "gpgkey is not set for Yum repo '" + yumRepo.id + "' when corresponding entitlement contentNamespace has a null gpgKeyUrl: contentNamespace: " + contentNamespace);
// case 2: contentNamespace.gpgKeyUrl==""
} else if (contentNamespace.gpgKeyUrl.equals("")) {
Assert.assertFalse(yumRepo.gpgcheck, "gpgcheck is False for Yum repo '" + yumRepo.id + "' when corresponding entitlement contentNamespace has an empty gpgKeyUrl: contentNamespace: " + contentNamespace);
Assert.assertNull(yumRepo.gpgkey, "gpgkey is not set for Yum repo '" + yumRepo.id + "' when corresponding entitlement contentNamespace has an empty gpgKeyUrl: contentNamespace: " + contentNamespace);
// case 3: contentNamespace.gpgKeyUrl.startsWith("http")
} else if (contentNamespace.gpgKeyUrl.startsWith("http:") || contentNamespace.gpgKeyUrl.startsWith("https:")) {
Assert.assertTrue(yumRepo.gpgcheck, "gpgcheck is True for Yum repo '" + yumRepo.id + "' when corresponding entitlement contentNamespace has a non-null/empty gpgKeyUrl: contentNamespace: " + contentNamespace);
Assert.assertEquals(yumRepo.gpgkey, contentNamespace.gpgKeyUrl, "gpgkey is set for Yum repo '" + yumRepo.id + "' when corresponding entitlement contentNamespace has a non-null/empty gpgKeyUrl: contentNamespace: " + contentNamespace);
// case 4: contentNamespace.gpgKeyUrl.startsWith("file:")
} else if (contentNamespace.gpgKeyUrl.startsWith("file:")) {
Assert.assertTrue(yumRepo.gpgcheck, "gpgcheck is True for Yum repo '" + yumRepo.id + "' when corresponding entitlement contentNamespace has a non-null/empty gpgKeyUrl: contentNamespace: " + contentNamespace);
Assert.assertEquals(yumRepo.gpgkey, contentNamespace.gpgKeyUrl, "gpgkey is set for Yum repo '" + yumRepo.id + "' when corresponding entitlement contentNamespace has a non-null/empty gpgKeyUrl: contentNamespace: " + contentNamespace);
// case 5: contentNamespace.gpgKeyUrl is a relative path
} else {
Assert.assertTrue(yumRepo.gpgcheck, "gpgcheck is True for Yum repo '" + yumRepo.id + "' when corresponding entitlement contentNamespace has a non-null/empty gpgKeyUrl: contentNamespace: " + contentNamespace);
Assert.assertEquals(yumRepo.gpgkey, clienttasks.baseurl + contentNamespace.gpgKeyUrl, "gpgkey is set for Yum repo '" + yumRepo.id + "' when corresponding entitlement contentNamespace has a non-null/empty gpgKeyUrl: contentNamespace: " + contentNamespace);
}
}
}
}
if (yumRepos.isEmpty())
throw new SkipException("Since no Red Hat repos were found in '" + clienttasks.redhatRepoFile + "', there are no gpgcheck values to verify.");
}
use of rhsm.data.EntitlementCert in project rhsm-qe by RedHatQE.
the class DockerTests method verifyEntitlementsProvidingContainerImageContentAreCopiedToRegistryHostnames.
protected boolean verifyEntitlementsProvidingContainerImageContentAreCopiedToRegistryHostnames(List<EntitlementCert> entitlementCerts, List<String> registryHostnames) {
// get a list of the currently installed product Certs
List<ProductCert> currentProductCerts = clienttasks.getCurrentProductCerts();
// verify that the entitlements which provide containerimage content are copied to registry_hostnames...
// [root@jsefler-os7 ~]# ls /etc/docker/certs.d/registry.access.redhat.com/
// 5109020365795659852.cert 5109020365795659852.key
// [root@jsefler-os7 ~]# ls /etc/docker/certs.d/cdn.redhat.com
// 5109020365795659852.cert 5109020365795659852.key redhat-uep.crt
boolean foundContainerImageContent = false;
for (EntitlementCert entitlementCert : entitlementCerts) {
List<ContentNamespace> containerImageContentNamespaces = ContentNamespace.findAllInstancesWithCaseInsensitiveMatchingFieldFromList("type", "containerimage", entitlementCert.contentNamespaces);
if (containerImageContentNamespaces.isEmpty()) {
// assert that the entitlementCert was NOT copied to the directory of registry_hostnames because it does not contain content of type 'containerimage' (case insensitive).
for (String registryHostname : registryHostnames) {
File certFile = getRegistryHostnameCertFileFromEntitlementCert(registryHostname, entitlementCert);
File keyFile = getRegistryHostnameCertKeyFileFromEntitlementCert(registryHostname, entitlementCert);
Assert.assertTrue(!RemoteFileTasks.testExists(client, certFile.getPath()), "Entitlement cert '" + entitlementCert.file + "' '" + entitlementCert.orderNamespace.productName + "' was NOT copied to '" + certFile + "' because it does not contain content of type 'containerimage' (case insensitive).");
Assert.assertTrue(!RemoteFileTasks.testExists(client, keyFile.getPath()), "Corresponding entitlement key '" + clienttasks.getEntitlementCertKeyFileFromEntitlementCert(entitlementCert) + "' was NOT copied to '" + keyFile + "' because it does not contain content of type 'containerimage' (case insensitive).");
}
} else {
foundContainerImageContent = true;
// assert that the entitlementCert was copied to the directory of registry_hostnames (but only if all of its required_tags are installed)
for (String registryHostname : registryHostnames) {
File certFile = getRegistryHostnameCertFileFromEntitlementCert(registryHostname, entitlementCert);
File keyFile = getRegistryHostnameCertKeyFileFromEntitlementCert(registryHostname, entitlementCert);
// determine if this entitlement contains at least one container image with required tags that are provided by the installed product certs
boolean entitlementContainsAtLeastOneContainerImageContentNamespaceWithRequiredTagsThatAreProvidedByInstalledProducts = false;
for (ContentNamespace containerImageContentNamespace : containerImageContentNamespaces) {
if (clienttasks.areAllRequiredTagsInContentNamespaceProvidedByProductCerts(containerImageContentNamespace, currentProductCerts)) {
entitlementContainsAtLeastOneContainerImageContentNamespaceWithRequiredTagsThatAreProvidedByInstalledProducts = true;
log.info("containerImageContentNamespace '" + containerImageContentNamespace.name + "' has requiredTags '" + containerImageContentNamespace.requiredTags + "' that ARE provided by the currently installed products.");
} else {
log.info("containerImageContentNamespace '" + containerImageContentNamespace.name + "' has requiredTags '" + containerImageContentNamespace.requiredTags + "' that are NOT provided by the currently installed products.");
}
}
if (entitlementContainsAtLeastOneContainerImageContentNamespaceWithRequiredTagsThatAreProvidedByInstalledProducts) {
Assert.assertTrue(RemoteFileTasks.testExists(client, certFile.getPath()), "Entitlement cert '" + entitlementCert.file + "' '" + entitlementCert.orderNamespace.productName + "' providing a 'containerimage' (case insensitive) was copied to '" + certFile + "' because at least one contentNamespace of type containerimage from the entitlement has required_tags that are provided by the currently installed product certs. Entitled content of type containeriamge: " + containerImageContentNamespaces);
Assert.assertTrue(RemoteFileTasks.testExists(client, keyFile.getPath()), "Corresponding entitlement key '" + clienttasks.getEntitlementCertKeyFileFromEntitlementCert(entitlementCert) + "' providing a 'containerimage' (case insensitive) was copied to '" + keyFile + "' because at least one contentNamespace of type containerimage from the entitlement has required_tags that are provided by the currently installed product certs. Entitled content of type containeriamge: " + containerImageContentNamespaces);
// also assert that the ca cert corresponding to registry hostname is copied to the directory as a ca.crt, but only if it appears to be a redhat.com CDN
verifyCaCertInEtcDockerCertsRegistryHostnameDir(registryHostname);
} else {
Assert.assertTrue(!RemoteFileTasks.testExists(client, certFile.getPath()), "Entitlement cert '" + entitlementCert.file + "' '" + entitlementCert.orderNamespace.productName + "' providing a 'containerimage' (case insensitive) was NOT copied to '" + certFile + "' because no contentNamespace of type containerimage from the entitlement has required_tags that are provided by the currently installed product certs. Entitled content of type containeriamge: " + containerImageContentNamespaces);
Assert.assertTrue(!RemoteFileTasks.testExists(client, keyFile.getPath()), "Corresponding entitlement key '" + clienttasks.getEntitlementCertKeyFileFromEntitlementCert(entitlementCert) + "' providing a 'containerimage' (case insensitive) was NOT copied to '" + keyFile + "' because no contentNamespace of type containerimage from the entitlement has required_tags that are provided by the currently installed product certs. Entitled content of type containeriamge: " + containerImageContentNamespaces);
}
}
}
}
return foundContainerImageContent;
}
use of rhsm.data.EntitlementCert in project rhsm-qe by RedHatQE.
the class DockerTests method testYumRepolistOnRunningDockerImageConsumedFromHostEntitlements.
@// update=true, // uncomment to make TestDefinition changes update Polarion testcases through the polarize testcase importer
TestDefinition(projectID = { Project.RedHatEnterpriseLinux7 }, testCaseID = { "RHEL7-55539" }, level = DefTypes.Level.COMPONENT, component = "subscription-manager", testtype = @TestType(testtype = DefTypes.TestTypes.FUNCTIONAL, subtype1 = DefTypes.Subtypes.RELIABILITY, subtype2 = DefTypes.Subtypes.EMPTY), posneg = PosNeg.POSITIVE, importance = DefTypes.Importance.HIGH, automation = DefTypes.Automation.AUTOMATED, tags = "Tier1")
@Test(description = "verify a running container has yum repolist access to appropriate content from the host's entitlement", groups = { "Tier1Tests" }, dependsOnMethods = { "testYumRepolistIsEmptyOnRunningDockerImageWhenHostIsUnregistered" }, dataProvider = "getDockerImageData", enabled = true)
public // @ImplementsNitrateTest(caseId=)
void testYumRepolistOnRunningDockerImageConsumedFromHostEntitlements(Object bugzilla, String dockerImage) {
// register the host and autosubscribe
clienttasks.register(sm_clientUsername, sm_clientPassword, sm_clientOrg, null, null, null, null, true, null, null, (String) null, null, null, null, true, false, null, null, null, null);
// get a list of the entitled yum repos on the host
List<String> enabledYumReposOnHost = clienttasks.getYumRepolist("enabled");
List<EntitlementCert> entitlementCertsOnHost = clienttasks.getCurrentEntitlementCerts();
Assert.assertTrue(!entitlementCertsOnHost.isEmpty(), "When the host has registered with autosubscribe, we expect to have been granted at least one entitlement.");
// determine what products are installed on the running docker image
// [root@bkr-hv03-guest07 ~]# docker run --rm registry.access.redhat.com/rhel7:latest find /etc/pki/product* -name *.pem
// /etc/pki/product/69.pem
// /etc/pki/product-default/69.pem
// SSHCommandResult lsResultOnRunningDockerImage = client.runCommandAndWait("docker run --rm "+dockerImage+" find /etc/pki/product* -name *.pem"); // assumes the productCertDir config within the image is /etc/pki/product
// assumes the productCertDir config within the image is /etc/pki/product // "find /etc/pki/product* -regex .+\.pem" IS MORE RELIABLE THAN "find /etc/pki/product* -name *.pem"
SSHCommandResult lsResultOnRunningDockerImage = client.runCommandAndWait("docker run --rm " + dockerImage + " find /etc/pki/product* -regex .+\\.pem");
List<ProductCert> productCertsOnRunningDockerImage = new ArrayList<ProductCert>();
for (String productCertFileOnRunningDockerImage : lsResultOnRunningDockerImage.getStdout().trim().split("\n")) {
SSHCommandResult rctCatCertResultOnRunningDockerImage = RemoteFileTasks.runCommandAndAssert(client, "docker run --rm " + dockerImage + " rct cat-cert " + productCertFileOnRunningDockerImage, 0);
// 201407071250:40.755 - FINE: ssh root@jsefler-7.usersys.redhat.com docker run --rm docker-registry.usersys.redhat.com/brew/rhel7:latest rct cat-cert /etc/pki/product/69.pem
// 201407071250:43.954 - FINE: Stdout:
//
// +-------------------------------------------+
// Product Certificate
// +-------------------------------------------+
//
// Certificate:
// Path: /etc/pki/product/69.pem
// Version: 1.0
// Serial: 12750047592154746969
// Start Date: 2014-01-28 18:37:08+00:00
// End Date: 2034-01-23 18:37:08+00:00
//
// Subject:
// CN: Red Hat Product ID [eb3b72ca-acb1-4092-9e67-f2915f6444f4]
//
// Issuer:
// C: US
// CN: Red Hat Entitlement Product Authority
// O: Red Hat, Inc.
// OU: Red Hat Network
// ST: North Carolina
// emailAddress: ca-support@redhat.com
//
// Product:
// ID: 69
// Name: Red Hat Enterprise Linux Server
// Version: 7.0
// Arch: x86_64
// Tags: rhel-7,rhel-7-server
// Brand Type:
// Brand Name:
productCertsOnRunningDockerImage.add(ProductCert.parse(rctCatCertResultOnRunningDockerImage.getStdout()).get(0));
}
// get the product tags installed on the running docker image
Set<String> providedTagsOnRunningDockerImage = new HashSet<String>();
for (ProductCert productCertOnRunningDockerImage : productCertsOnRunningDockerImage) {
if (productCertOnRunningDockerImage.productNamespace.providedTags != null) {
for (String providedTag : productCertOnRunningDockerImage.productNamespace.providedTags.split("\\s*,\\s*")) {
providedTagsOnRunningDockerImage.add(providedTag);
}
}
}
// get the arch on the running docker image
String archOnRunningDockerImage = RemoteFileTasks.runCommandAndAssert(client, "docker run --rm " + dockerImage + " uname --machine", 0).getStdout().trim();
// get the yum repolist of enabled repos on the running docker image
SSHCommandResult enabledYumRepolistResultOnRunningDockerImage = RemoteFileTasks.runCommandAndAssert(client, "docker run --rm " + dockerImage + " yum repolist enabled", 0, "repolist:", null);
List<String> enabledYumReposOnRunningDockerImage = clienttasks.getYumRepolistFromSSHCommandResult(enabledYumRepolistResultOnRunningDockerImage);
// TEMPORARY WORKAROUND FOR BUG
if (clienttasks.redhatReleaseX.equals("7") && clienttasks.variant.equals("Workstation") && enabledYumReposOnRunningDockerImage.isEmpty()) {
boolean invokeWorkaroundWhileBugIsOpen = true;
// Bug 1551129 - entitlements from a RHEL7.5 Workstation host fail to flow through to a docker container with docker from latest-EXTRAS-7-RHEL-7
String bugId = "1551129";
try {
if (invokeWorkaroundWhileBugIsOpen && BzChecker.getInstance().isBugOpen(bugId)) {
log.fine("Invoking workaround for " + BzChecker.getInstance().getBugState(bugId).toString() + " Bugzilla " + bugId + ". (https://bugzilla.redhat.com/show_bug.cgi?id=" + bugId + ")");
SubscriptionManagerCLITestScript.addInvokedWorkaround(bugId);
} else {
invokeWorkaroundWhileBugIsOpen = false;
}
} catch (BugzillaAPIException be) {
/* ignore exception */
} catch (RuntimeException re) {
/* ignore exception */
}
if (invokeWorkaroundWhileBugIsOpen) {
throw new SkipException("Skipping this test on variant '" + clienttasks.variant + "' while docker bug '" + bugId + "' is open");
}
}
// assert that only the appropriate entitled content sets appear in the yum repolist on the running docker image
for (EntitlementCert entitlementCertOnHost : entitlementCertsOnHost) {
for (ContentNamespace contentNamespaceOnHost : entitlementCertOnHost.contentNamespaces) {
// get the content namespace requiredTags
Set<String> contentNamespaceRequiredTags = new HashSet<String>();
if (contentNamespaceOnHost.requiredTags != null) {
for (String requiredTag : contentNamespaceOnHost.requiredTags.split("\\s*,\\s*")) {
if (requiredTag.isEmpty())
continue;
contentNamespaceRequiredTags.add(requiredTag);
}
}
// get the content namespace arches
Set<String> contentNamespaceArches = new HashSet<String>();
if (contentNamespaceOnHost.arches != null) {
for (String arch : contentNamespaceOnHost.arches.split("\\s*,\\s*")) {
if (arch.isEmpty())
continue;
contentNamespaceArches.add(arch);
}
}
// Note: x86 is a general arch to cover all 32-bit intel microprocessors
if (contentNamespaceArches.contains("x86")) {
contentNamespaceArches.addAll(Arrays.asList("i386", "i486", "i586", "i686"));
}
// when the content namespace is not of type "yum", it will not appear in either the yum repolist of the host or the running docker image
if (!contentNamespaceOnHost.type.equals("yum")) {
Assert.assertTrue(!enabledYumReposOnHost.contains(contentNamespaceOnHost.label), "Entitled content namespace '" + contentNamespaceOnHost.label + "' of type '" + contentNamespaceOnHost.type + "' should never appear on the yum repolist of the host.");
Assert.assertTrue(!enabledYumReposOnRunningDockerImage.contains(contentNamespaceOnHost.label), "Entitled content namespace '" + contentNamespaceOnHost.label + "' of type '" + contentNamespaceOnHost.type + "' should never appear on the yum repolist of the running docker container.");
// go to the next content namespace
continue;
}
// when the content namespace is not enabled, it will not appear in either the yum repolist of the host or the running docker image
if (!contentNamespaceOnHost.enabled) {
Assert.assertTrue(!enabledYumReposOnHost.contains(contentNamespaceOnHost.label), "Entitled content namespace '" + contentNamespaceOnHost.label + "' is disabled and should NOT appear on the yum repolist of the host because it is disabled by default.");
Assert.assertTrue(!enabledYumReposOnRunningDockerImage.contains(contentNamespaceOnHost.label), "Entitled content namespace '" + contentNamespaceOnHost.label + "' is disabled and should NOT appear on the yum repolist of the running docker container because it is disabled by default.");
// go to the next content namespace
continue;
}
// when the content namespace is enabled, it's appearance on the yum repolist of the running docker image depends on the installed product certs on the image.
if ((contentNamespaceArches.isEmpty() || contentNamespaceArches.contains(archOnRunningDockerImage)) && (contentNamespaceRequiredTags.isEmpty() || providedTagsOnRunningDockerImage.containsAll(contentNamespaceRequiredTags))) {
Assert.assertTrue(enabledYumReposOnRunningDockerImage.contains(contentNamespaceOnHost.label), "Entitled content namespace '" + contentNamespaceOnHost.label + "' on the host should be enabled in the running docker container because both the docker container arch '" + archOnRunningDockerImage + "' is among the supported content set arches " + contentNamespaceArches + " and the docker container providedTags " + providedTagsOnRunningDockerImage + " provides all the content set required tags " + contentNamespaceRequiredTags + ".");
} else {
Assert.assertTrue(!enabledYumReposOnRunningDockerImage.contains(contentNamespaceOnHost.label), "Entitled content namespace '" + contentNamespaceOnHost.label + "' on the host should NOT be enabled in the running docker container because either the docker container arch '" + archOnRunningDockerImage + "' is not among the supported content set arches " + contentNamespaceArches + " or the docker container providedTags " + providedTagsOnRunningDockerImage + " does not provide all the content set required tags " + contentNamespaceRequiredTags + ".");
}
}
}
// let's test installing a simple package (zsh)
boolean installedPackage = false;
if (enabledYumReposOnRunningDockerImage.contains("rhel-6-server-rpms") || enabledYumReposOnRunningDockerImage.contains("rhel-7-server-rpms")) {
RemoteFileTasks.runCommandAndAssert(client, "docker run --rm " + dockerImage + " yum -y install zsh", 0, "Complete!", null);
// [root@jsefler-7 ~]# docker run --rm docker-registry.usersys.redhat.com/brew/rhel7:latest yum -y install zsh
// Loaded plugins: product-id, subscription-manager
// Resolving Dependencies
// --> Running transaction check
// ---> Package zsh.x86_64 0:5.0.2-7.el7 will be installed
// --> Finished Dependency Resolution
//
// Dependencies Resolved
//
// ================================================================================
// Package Arch Version Repository Size
// ================================================================================
// Installing:
// zsh x86_64 5.0.2-7.el7 rhel-7-server-rpms 2.4 M
//
// Transaction Summary
// ================================================================================
// Install 1 Package
//
// Total download size: 2.4 M
// Installed size: 5.6 M
// Downloading packages:
// warning: /var/cache/yum/x86_64/7Server/rhel-7-server-rpms/packages/zsh-5.0.2-7.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
// Public key for zsh-5.0.2-7.el7.x86_64.rpm is not installed
// Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
// Importing GPG key 0xFD431D51:
// Userid : "Red Hat, Inc. (release key 2) <security@redhat.com>"
// Fingerprint: 567e 347a d004 4ade 55ba 8a5f 199e 2f91 fd43 1d51
// Package : redhat-release-server-7.0-1.el7.x86_64 (@koji-override-0/7.0)
// From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
// Importing GPG key 0x2FA658E0:
// Userid : "Red Hat, Inc. (auxiliary key) <security@redhat.com>"
// Fingerprint: 43a6 e49c 4a38 f4be 9abf 2a53 4568 9c88 2fa6 58e0
// Package : redhat-release-server-7.0-1.el7.x86_64 (@koji-override-0/7.0)
// From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
// Running transaction check
// Running transaction test
// Transaction test succeeded
// Running transaction
// Installing : zsh-5.0.2-7.el7.x86_64 1/1
// Verifying : zsh-5.0.2-7.el7.x86_64 1/1
//
// Installed:
// zsh.x86_64 0:5.0.2-7.el7
//
// Complete!
installedPackage = true;
}
if (!installedPackage)
log.warning("Skipped attempts to install a package since the rhel-(6|7)-server-rpms repo was not entitled.");
}
Aggregations