Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Relocate SSNv2 range objects for new CA instances #4885

Merged
merged 2 commits into from
Oct 31, 2024
Merged

Relocate SSNv2 range objects for new CA instances #4885

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b602685
Relocate SSNv2 range objects for new CA instances
edewata Oct 22, 2024
94fcf40
Update test scripts for SSNv2
edewata Oct 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions .github/workflows/ca-clone-ssnv1-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1003,8 +1003,8 @@ jobs:

- name: Switch primary to legacy2
run: |
docker exec primary pki-server ca-id-generator-update --type legacy2 request
docker exec primary pki-server ca-id-generator-update --type legacy2 cert
docker exec primary pki-server ca-id-generator-update -v --type legacy2 request
docker exec primary pki-server ca-id-generator-update -v --type legacy2 cert

- name: Check old request range objects
run: |
Expand All @@ -1028,7 +1028,7 @@ jobs:

- name: Check new request range objects
run: |
tests/ca/bin/ca-request-range-objects.sh primaryds ou=requests,ou=ranges_v2 | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 primaryds | tee output

# request ranges should remain the same
cat > expected << EOF
Expand Down Expand Up @@ -1075,7 +1075,7 @@ jobs:

- name: Check new cert range objects
run: |
tests/ca/bin/ca-cert-range-objects.sh primaryds ou=certificateRepository,ou=ranges_v2 | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 primaryds | tee output

# cert ranges should remain the same but converted from hex to decimal
# the range value for the primary move from 13-30 (hex) to 19-48 (dec)
Expand All @@ -1102,8 +1102,8 @@ jobs:

- name: Switch secondary to legacy2
run: |
docker exec secondary pki-server ca-id-generator-update --type legacy2 request
docker exec secondary pki-server ca-id-generator-update --type legacy2 cert
docker exec secondary pki-server ca-id-generator-update -v --type legacy2 request
docker exec secondary pki-server ca-id-generator-update -v --type legacy2 cert

- name: Start the CAs
run: |
Expand Down Expand Up @@ -1223,7 +1223,7 @@ jobs:

- name: Check new request range objects
run: |
tests/ca/bin/ca-request-range-objects.sh primaryds ou=requests,ou=ranges_v2 | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 primaryds | tee output

cat > expected << EOF
SecurePort: 8443
Expand Down Expand Up @@ -1272,7 +1272,7 @@ jobs:

- name: Check new cert range objects
run: |
tests/ca/bin/ca-cert-range-objects.sh primaryds ou=certificateRepository,ou=ranges_v2 | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 primaryds | tee output

# cert ranges should remain the same but in dec.
# the range value for the primary move from 13-30 (hex) to 19-48 (dec)
Expand Down Expand Up @@ -1502,7 +1502,7 @@ jobs:

- name: Check new request range objects
run: |
tests/ca/bin/ca-request-range-objects.sh primaryds ou=requests,ou=ranges_v2 | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 primaryds | tee output

cat > expected << EOF
SecurePort: 8443
Expand Down Expand Up @@ -1576,7 +1576,7 @@ jobs:

- name: Check new cert range objects
run: |
tests/ca/bin/ca-cert-range-objects.sh primaryds ou=certificateRepository,ou=ranges_v2 | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 primaryds | tee output

cat > expected << EOF
SecurePort: 8443
Expand Down
20 changes: 10 additions & 10 deletions .github/workflows/ca-clone-ssnv2-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ jobs:
- name: Check request range objects
if: always()
run: |
tests/ca/bin/ca-request-range-objects.sh primaryds | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 primaryds | tee output

# new range should be 11 - 20 (size: 10)
cat > expected << EOF
Expand All @@ -188,7 +188,7 @@ jobs:
- name: Check cert range objects
if: always()
run: |
tests/ca/bin/ca-cert-range-objects.sh primaryds | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 primaryds | tee output

# there should be no new range
diff /dev/null output
Expand Down Expand Up @@ -386,7 +386,7 @@ jobs:
- name: Check request range objects
if: always()
run: |
tests/ca/bin/ca-request-range-objects.sh secondaryds | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 secondaryds | tee output

# there should be no new range
# NOTE: there's no indication that part of is has
Expand All @@ -404,7 +404,7 @@ jobs:
- name: Check cert range objects
if: always()
run: |
tests/ca/bin/ca-cert-range-objects.sh secondaryds | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 secondaryds | tee output

# there should be no new range
diff /dev/null output
Expand Down Expand Up @@ -555,7 +555,7 @@ jobs:
- name: Check request range objects
if: always()
run: |
tests/ca/bin/ca-request-range-objects.sh primaryds | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 primaryds | tee output

# there should be no new range
cat > expected << EOF
Expand All @@ -571,7 +571,7 @@ jobs:
- name: Check cert range objects
if: always()
run: |
tests/ca/bin/ca-cert-range-objects.sh primaryds | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 primaryds | tee output

# there should be no new range
diff /dev/null output
Expand Down Expand Up @@ -843,7 +843,7 @@ jobs:
- name: Check request range objects
if: always()
run: |
tests/ca/bin/ca-request-range-objects.sh primaryds | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 primaryds | tee output

# new range should be 21 - 30 (size: 10)
cat > expected << EOF
Expand All @@ -864,7 +864,7 @@ jobs:
- name: Check cert range objects
if: always()
run: |
tests/ca/bin/ca-cert-range-objects.sh primaryds | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 primaryds | tee output

# new range should be 0x2b - 0x3c or 43 - 60 (size: 0x12)
cat > expected << EOF
Expand Down Expand Up @@ -1039,7 +1039,7 @@ jobs:
- name: Check request range objects
if: always()
run: |
tests/ca/bin/ca-request-range-objects.sh primaryds | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 primaryds | tee output

# there should be no new range
cat > expected << EOF
Expand All @@ -1060,7 +1060,7 @@ jobs:
- name: Check cert range objects
if: always()
run: |
tests/ca/bin/ca-cert-range-objects.sh primaryds | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 primaryds | tee output

# there should be no new range
cat > expected << EOF
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/ca-ssnv1-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1161,8 +1161,8 @@ jobs:
- name: Switch to legacy2
run: |
docker exec pki pki-server stop
docker exec pki pki-server ca-id-generator-update --type legacy2 request
docker exec pki pki-server ca-id-generator-update --type legacy2 cert
docker exec pki pki-server ca-id-generator-update -v --type legacy2 request
docker exec pki pki-server ca-id-generator-update -v --type legacy2 cert
docker exec pki pki-server start --wait


Expand Down Expand Up @@ -1268,7 +1268,7 @@ jobs:

- name: Check new request range objects
run: |
tests/ca/bin/ca-request-range-objects.sh ds ou=requests,ou=ranges_v2 | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output

# new request range should be 31 - 40 decimal (total: 10)
cat > expected << EOF
Expand Down Expand Up @@ -1320,7 +1320,7 @@ jobs:

- name: Check new cert range objects
run: |
tests/ca/bin/ca-cert-range-objects.sh ds ou=certificateRepository,ou=ranges_v2 | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output

# new cert range should be the same but converted to decimal
# first range move from 19-36 (hex) to 25-54 (dec)
Expand Down Expand Up @@ -1484,7 +1484,7 @@ jobs:

- name: Check new request range objects
run: |
tests/ca/bin/ca-request-range-objects.sh ds ou=requests,ou=ranges_v2 | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output

cat > expected << EOF
SecurePort: 8443
Expand Down Expand Up @@ -1560,7 +1560,7 @@ jobs:

- name: Check new cert range objects
run: |
tests/ca/bin/ca-cert-range-objects.sh ds ou=certificateRepository,ou=ranges_v2 | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output

cat > expected << EOF
SecurePort: 8443
Expand Down
36 changes: 18 additions & 18 deletions .github/workflows/ca-ssnv2-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,15 +156,15 @@ jobs:
- name: Check request range objects
if: always()
run: |
tests/ca/bin/ca-request-range-objects.sh ds | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output

# there should be no new range
diff /dev/null output

- name: Check cert range objects
if: always()
run: |
tests/ca/bin/ca-cert-range-objects.sh ds | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output

# there should be no new range
diff /dev/null output
Expand Down Expand Up @@ -256,7 +256,7 @@ jobs:
- name: Check request range objects
if: always()
run: |
tests/ca/bin/ca-request-range-objects.sh ds | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output

# new range should be 11 - 20 (size: 10)
cat > expected << EOF
Expand All @@ -272,7 +272,7 @@ jobs:
- name: Check cert range objects
if: always()
run: |
tests/ca/bin/ca-cert-range-objects.sh ds | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output

# there should be no new range
diff /dev/null output
Expand Down Expand Up @@ -391,7 +391,7 @@ jobs:
- name: Check request range objects
if: always()
run: |
tests/ca/bin/ca-request-range-objects.sh ds | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output

# there should be no new range
cat > expected << EOF
Expand All @@ -407,7 +407,7 @@ jobs:
- name: Check cert range objects
if: always()
run: |
tests/ca/bin/ca-cert-range-objects.sh ds | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output

# there should be no new range
diff /dev/null output
Expand Down Expand Up @@ -519,7 +519,7 @@ jobs:
- name: Check request range objects
if: always()
run: |
tests/ca/bin/ca-request-range-objects.sh ds | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output

# there should be no new range
cat > expected << EOF
Expand All @@ -535,7 +535,7 @@ jobs:
- name: Check cert range objects
if: always()
run: |
tests/ca/bin/ca-cert-range-objects.sh ds | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output

# there should be no new range
diff /dev/null output
Expand Down Expand Up @@ -616,7 +616,7 @@ jobs:
- name: Check request range objects
if: always()
run: |
tests/ca/bin/ca-request-range-objects.sh ds | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output

# new request range should be 21 - 30 (size: 10)
cat > expected << EOF
Expand All @@ -637,7 +637,7 @@ jobs:
- name: Check cert range objects
if: always()
run: |
tests/ca/bin/ca-cert-range-objects.sh ds | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output

# new cert range should be 0x19 - 0x2a or 25 - 42 (size: 0x12)
cat > expected << EOF
Expand Down Expand Up @@ -753,7 +753,7 @@ jobs:
- name: Check request range objects
if: always()
run: |
tests/ca/bin/ca-request-range-objects.sh ds | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output

# request range objects should be the same
cat > expected << EOF
Expand All @@ -774,7 +774,7 @@ jobs:
- name: Check cert range objects
if: always()
run: |
tests/ca/bin/ca-cert-range-objects.sh ds | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output

# cert range objects should be the same
cat > expected << EOF
Expand Down Expand Up @@ -892,7 +892,7 @@ jobs:
- name: Check request range objects
if: always()
run: |
tests/ca/bin/ca-request-range-objects.sh ds | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output

# request range objects should be the same
cat > expected << EOF
Expand All @@ -913,7 +913,7 @@ jobs:
- name: Check cert range objects
if: always()
run: |
tests/ca/bin/ca-cert-range-objects.sh ds | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output

# cert range objects should be the same
cat > expected << EOF
Expand Down Expand Up @@ -1002,7 +1002,7 @@ jobs:
- name: Check request range objects
if: always()
run: |
tests/ca/bin/ca-request-range-objects.sh ds | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output

# new range should be 31 - 40 (size: 10)
cat > expected << EOF
Expand All @@ -1028,7 +1028,7 @@ jobs:
- name: Check cert range objects
if: always()
run: |
tests/ca/bin/ca-cert-range-objects.sh ds | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output

# new range should be 0x2b - 0x3c or 43 - 60 (size: 0x12)
cat > expected << EOF
Expand Down Expand Up @@ -1149,7 +1149,7 @@ jobs:
- name: Check request range objects
if: always()
run: |
tests/ca/bin/ca-request-range-objects.sh ds | tee output
tests/ca/bin/ca-request-range-objects.sh -t legacy2 ds | tee output

# request range objects should be the same
cat > expected << EOF
Expand All @@ -1175,7 +1175,7 @@ jobs:
- name: Check cert range objects
if: always()
run: |
tests/ca/bin/ca-cert-range-objects.sh ds | tee output
tests/ca/bin/ca-cert-range-objects.sh -t legacy2 ds | tee output

# cert range objects should be the same
cat > expected << EOF
Expand Down
10 changes: 0 additions & 10 deletions base/ca/database/ds/create.ldif
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,16 +150,6 @@ objectClass: top
objectClass: organizationalUnit
ou: replica

dn: ou=requests, ou=ranges,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: requests

dn: ou=certificateRepository, ou=ranges,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: certificateRepository

dn: ou=certificateProfiles,ou=ca,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
Expand Down
Loading
Loading