Bug 1851835 - [RFE] IdM short-term certificates ACME provider
Summary: [RFE] IdM short-term certificates ACME provider
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: ipa
Version: 8.3
Hardware: All
OS: Linux
unspecified
high
Target Milestone: rc
: 8.0
Assignee: Thomas Woerner
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On: 1902727
Blocks: 1894575
TreeView+ depends on / blocked
 
Reported: 2020-06-29 08:03 UTC by Petr Čech
Modified: 2021-05-18 15:48 UTC (History)
11 users (show)

Fixed In Version: ipa-4.9.0-0.1.rc1
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-05-18 15:48:21 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)

Comment 11 Florence Blanc-Renaud 2020-12-01 12:00:01 UTC
Additional commit bumping the Requires for pki-server:

Fixed upstream
master:
https://pagure.io/freeipa/c/6816de0892a11c203f1a2e6f7819d533c7658fa9

Comment 12 Rob Crittenden 2020-12-01 18:08:28 UTC
Additional commit bumping the Requires for pki-server:

Fixed upstream
ipa-4-9:

3e530e93c37ee71a560714e26285cd85e71557c9

Comment 19 Sumedh Sidhaye 2020-12-17 11:42:41 UTC
Builds used for verification:

ipa-client-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64
ipa-client-common-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch
ipa-common-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch
ipa-healthcheck-core-0.7-3.module+el8.4.0+9007+5084bdd8.noarch
ipa-selinux-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch
ipa-server-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64
ipa-server-common-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch
ipa-server-dns-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch
ipa-server-trust-ad-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64

test_integration/test_acme.py::TestACME::test_kinit_master PASSED        [  3%]
test_integration/test_acme.py::TestACME::test_acme_service_not_yet_enabled PASSED [  7%]
test_integration/test_acme.py::TestACME::test_enable_acme_service PASSED [ 11%]
test_integration/test_acme.py::TestACME::test_centralize_acme_enable PASSED [ 15%]
test_integration/test_acme.py::TestACME::test_certbot_register SKIPPED   [ 19%]
test_integration/test_acme.py::TestACME::test_certbot_certonly_standalone SKIPPED [ 23%]
test_integration/test_acme.py::TestACME::test_certbot_revoke SKIPPED     [ 26%]
test_integration/test_acme.py::TestACME::test_certbot_dns SKIPPED        [ 30%]
test_integration/test_acme.py::TestACME::test_mod_md SKIPPED             [ 34%]
test_integration/test_acme.py::TestACME::test_disable_acme_service PASSED [ 38%]
test_integration/test_acme.py::TestACME::test_centralize_acme_disable PASSED [ 42%]
test_integration/test_acme.py::TestACME::test_third_party_certs PASSED   [ 46%]
test_integration/test_acme.py::TestACMECALess::test_caless_to_cafull_replica PASSED [ 50%]
test_integration/test_acme.py::TestACMECALess::test_enable_caless_to_cafull_replica PASSED [ 53%]
test_integration/test_acme.py::TestACMEwithExternalCA::test_kinit_master PASSED [ 57%]
test_integration/test_acme.py::TestACMEwithExternalCA::test_acme_service_not_yet_enabled PASSED [ 61%]
test_integration/test_acme.py::TestACMEwithExternalCA::test_enable_acme_service PASSED [ 65%]
test_integration/test_acme.py::TestACMEwithExternalCA::test_centralize_acme_enable PASSED [ 69%]
test_integration/test_acme.py::TestACMEwithExternalCA::test_certbot_register SKIPPED [ 73%]
test_integration/test_acme.py::TestACMEwithExternalCA::test_certbot_certonly_standalone SKIPPED [ 76%]
test_integration/test_acme.py::TestACMEwithExternalCA::test_certbot_revoke SKIPPED [ 80%]
test_integration/test_acme.py::TestACMEwithExternalCA::test_certbot_dns SKIPPED [ 84%]
test_integration/test_acme.py::TestACMEwithExternalCA::test_mod_md SKIPPED [ 88%]
test_integration/test_acme.py::TestACMEwithExternalCA::test_disable_acme_service PASSED [ 92%]
test_integration/test_acme.py::TestACMEwithExternalCA::test_centralize_acme_disable PASSED [ 96%]
test_integration/test_acme.py::TestACMEwithExternalCA::test_third_party_certs PASSED [100%]

Comment 21 Josip Vilicic 2021-01-29 15:02:22 UTC
Hello Kaleem,

1) This bug has automatically generated the following Documentation JIRA ticket:

   "RHELPLAN-47725 - [RFE] IdM short-term certificates ACME provider"
   https://issues.redhat.com/browse/RHELPLAN-47725


2) The documentation team has previously created 2 tickets that I think correspond to the 2 items from this bug's description:

   a) Service automatically acquire a certificates

         RHELPLAN-43501 - [DOC][ACME] Service automatically acquires a certificate
         https://issues.redhat.com/browse/RHELPLAN-43501

      But we closed that general ticket because we created multiple tickets for specific ACME features/functionality:

         RHELPLAN-58595 - Deploy ACME service on upgrade -- https://issues.redhat.com/browse/RHELPLAN-58595
         RHELPLAN-58596 - Support ACME protocol -- https://issues.redhat.com/browse/RHELPLAN-58596
         RHELPLAN-58599 - Deploy ACME service on CA installation -- https://issues.redhat.com/browse/RHELPLAN-58599
         RHELPLAN-58601 - FreeIPA commands to enable/disable ACME service -- https://issues.redhat.com/browse/RHELPLAN-58601
         RHELPLAN-58613 - Add FreeIPA ACME certificate profile -- https://issues.redhat.com/browse/RHELPLAN-58613


   b) Deploy & manage the ACME service topology wide from a single system

         RHELPLAN-58598 - [DOC][ACME] Deploy & manage the ACME service topology wide from a single system
         https://issues.redhat.com/browse/RHELPLAN-58598


Could you please let us know if we've missed anything?

Comment 22 Kaleem 2021-02-02 12:04:36 UTC
Hi Jo,

I missed looking at doc jira ticket.
Should not we set the doc flag/field for this? Doc Text, require_doc_text?

Comment 24 Florence Blanc-Renaud 2021-04-30 09:05:21 UTC
Test added upstream: ipatests/test_integration/test_acme.py::TestACMECARenew
master:
https://pagure.io/freeipa/c/d2ca7915498cd1bdf5483af4b155296766f6e718

Comment 25 Rob Crittenden 2021-05-06 19:42:21 UTC
Test added upstream:
ipa-4-9:
https://pagure.io/freeipa/c/a7ff4089437ee20bbce7fc55d43a7702dd7540a7

Comment 27 errata-xmlrpc 2021-05-18 15:48:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1846


Note You need to log in before you can comment on or make changes to this bug.