From 03888e99df04d0b5781b1321a1676ced4e31f4bc Mon Sep 17 00:00:00 2001
From: Marco Fargetta <mfargett@redhat.com>
Date: Thu, 29 Aug 2024 12:46:06 +0200
Subject: [PATCH] Fix clone CA issue on upstream CI

Ldif file for reindex task have been update to be compatible with latest
DS version.
---
 .github/workflows/ca-clone-secure-ds-test.yml | 25 +++++--
 base/acme/database/ds/indextask.ldif          | 14 ++--
 base/ca/database/ds/indextasks.ldif           | 66 +++++++++----------
 base/kra/database/ds/indextasks.ldif          | 50 +++++++-------
 base/ocsp/database/ds/indextasks.ldif         | 50 +++++++-------
 base/tks/database/ds/indextasks.ldif          | 50 +++++++-------
 base/tps/database/ds/indextasks.ldif          | 16 ++---
 7 files changed, 142 insertions(+), 129 deletions(-)

diff --git a/.github/workflows/ca-clone-secure-ds-test.yml b/.github/workflows/ca-clone-secure-ds-test.yml
index 32109b05753..b1998134161 100644
--- a/.github/workflows/ca-clone-secure-ds-test.yml
+++ b/.github/workflows/ca-clone-secure-ds-test.yml
@@ -227,12 +227,10 @@ jobs:
 
           docker exec secondary pki-server cert-find
 
-      - name: Run PKI healthcheck in primary PKI container
-        run: docker exec primary pki-healthcheck --failures-only
-
-      - name: Run PKI healthcheck in secondary PKI container
-        run: docker exec secondary pki-healthcheck --failures-only
-
+      - name: Rebuild indexes for CA in secondary PKI container 
+        run: |
+          docker exec secondary pki-server ca-db-index-rebuild
+      
       - name: Verify DS connection in secondary PKI container
         run: |
           docker exec secondary pki-server ca-db-config-show > output
@@ -267,10 +265,21 @@ jobs:
         run: |
           docker exec secondary pki -n caadmin ca-cert-request-find
 
+      - name: Run PKI healthcheck in primary PKI container
+        run: docker exec primary pki-healthcheck --failures-only
+
+      - name: Run PKI healthcheck in secondary PKI container
+        run: docker exec secondary pki-healthcheck --failures-only
+
       - name: Remove CA from secondary PKI container
         run: |
           docker exec secondary pkidestroy -i pki-tomcat -s CA -v
 
+      - name: Restart secondary DS container
+        run: |
+          tests/bin/ds-stop.sh --image=pki-runner secondaryds
+          tests/bin/ds-start.sh --image=pki-runner secondaryds
+
       - name: Re-install CA in secondary PKI container
         run: |
           # create cert bundle containing CA and DS signing certs
@@ -289,6 +298,10 @@ jobs:
               -D pki_ds_url=ldaps://secondaryds.example.com:3636 \
               -v
 
+      - name: Rebuild indexes for CA in secondary PKI container 
+        run: |
+          docker exec secondary pki-server ca-db-index-rebuild
+      
       - name: Remove CA from secondary PKI container
         run: |
           docker exec secondary pki -n caadmin ca-user-find
diff --git a/base/acme/database/ds/indextask.ldif b/base/acme/database/ds/indextask.ldif
index fa7db956a56..a33e878fcaa 100644
--- a/base/acme/database/ds/indextask.ldif
+++ b/base/acme/database/ds/indextask.ldif
@@ -4,10 +4,10 @@ objectclass: extensibleObject
 cn: acme
 ttl: 10
 nsinstance: userroot
-nsIndexAttribute: acmeExpires:eq
-nsIndexAttribute: acmeAccountId:eq
-nsIndexAttribute: acmeStatus:eq
-nsIndexAttribute: acmeAuthorizationId:eq
-nsIndexAttribute: acmeIdentifier:eq
-nsIndexAttribute: acmeCertificateId:eq
-nsIndexAttribute: acmeAuthorizationWildcard:eq,pres
+nsIndexAttribute: acmeExpires
+nsIndexAttribute: acmeAccountId
+nsIndexAttribute: acmeStatus
+nsIndexAttribute: acmeAuthorizationId
+nsIndexAttribute: acmeIdentifier
+nsIndexAttribute: acmeCertificateId
+nsIndexAttribute: acmeAuthorizationWildcard
diff --git a/base/ca/database/ds/indextasks.ldif b/base/ca/database/ds/indextasks.ldif
index 9ce3321ce9e..eb3fd78b1d2 100644
--- a/base/ca/database/ds/indextasks.ldif
+++ b/base/ca/database/ds/indextasks.ldif
@@ -4,36 +4,36 @@ objectclass: extensibleObject
 cn: index1160589770
 ttl: 10
 nsinstance: {database}
-nsIndexAttribute: revokedby:eq
-nsIndexAttribute: issuedby:eq
-nsIndexAttribute: publicKeyData:eq
-nsIndexAttribute: clientId:eq
-nsIndexAttribute: dataType:eq
-nsIndexAttribute: status:eq
-nsIndexAttribute: description:eq,pres
-nsIndexAttribute: serialno:eq,pres
-nsIndexAttribute: metaInfo:eq,pres
-nsIndexAttribute: certstatus:eq,pres
-nsIndexAttribute: requestid:eq,pres
-nsIndexAttribute: requesttype:eq,pres
-nsIndexAttribute: requeststate:eq,pres
-nsIndexAttribute: requestowner:eq,pres
-nsIndexAttribute: notbefore:eq,pres
-nsIndexAttribute: notafter:eq,pres
-nsIndexAttribute: duration:eq,pres
-nsIndexAttribute: dateOfCreate:eq,pres
-nsIndexAttribute: revokedOn:eq,pres
-nsIndexAttribute: archivedBy:eq,pres
-nsIndexAttribute: ownername:eq,pres,sub
-nsIndexAttribute: subjectname:eq,pres,sub
-nsIndexAttribute: issuername:eq,pres,sub
-nsIndexAttribute: requestsourceid:eq,pres,sub
-nsIndexAttribute: revInfo:eq,pres,sub
-nsIndexAttribute: extension:eq,pres,sub
-nsIndexAttribute: acmeExpires:eq
-nsIndexAttribute: acmeAccountId:eq
-nsIndexAttribute: acmeStatus:eq
-nsIndexAttribute: acmeAuthorizationId:eq
-nsIndexAttribute: acmeIdentifier:eq
-nsIndexAttribute: acmeCertificateId:eq
-nsIndexAttribute: acmeAuthorizationWildcard:eq,pres
+nsIndexAttribute: revokedby
+nsIndexAttribute: issuedby
+nsIndexAttribute: publicKeyData
+nsIndexAttribute: clientId
+nsIndexAttribute: dataType
+nsIndexAttribute: status
+nsIndexAttribute: description
+nsIndexAttribute: serialno
+nsIndexAttribute: metaInfo
+nsIndexAttribute: certstatus
+nsIndexAttribute: requestid
+nsIndexAttribute: requesttype
+nsIndexAttribute: requeststate
+nsIndexAttribute: requestowner
+nsIndexAttribute: notbefore
+nsIndexAttribute: notafter
+nsIndexAttribute: duration
+nsIndexAttribute: dateOfCreate
+nsIndexAttribute: revokedOn
+nsIndexAttribute: archivedBy
+nsIndexAttribute: ownername
+nsIndexAttribute: subjectname
+nsIndexAttribute: issuername
+nsIndexAttribute: requestsourceid
+nsIndexAttribute: revInfo
+nsIndexAttribute: extension
+nsIndexAttribute: acmeExpires
+nsIndexAttribute: acmeAccountId
+nsIndexAttribute: acmeStatus
+nsIndexAttribute: acmeAuthorizationId
+nsIndexAttribute: acmeIdentifier
+nsIndexAttribute: acmeCertificateId
+nsIndexAttribute: acmeAuthorizationWildcard
diff --git a/base/kra/database/ds/indextasks.ldif b/base/kra/database/ds/indextasks.ldif
index 41703a4ba3e..5b6ef998980 100644
--- a/base/kra/database/ds/indextasks.ldif
+++ b/base/kra/database/ds/indextasks.ldif
@@ -4,28 +4,28 @@ objectclass: extensibleObject
 cn: index1160589771
 ttl: 10
 nsinstance: {database}
-nsIndexAttribute: revokedby:eq
-nsIndexAttribute: issuedby:eq
-nsIndexAttribute: publicKeyData:eq
-nsIndexAttribute: clientId:eq
-nsIndexAttribute: dataType:eq
-nsIndexAttribute: status:eq
-nsIndexAttribute: description:eq,pres
-nsIndexAttribute: serialno:eq,pres
-nsIndexAttribute: metaInfo:eq,pres
-nsIndexAttribute: certstatus:eq,pres
-nsIndexAttribute: requestid:eq,pres
-nsIndexAttribute: requesttype:eq,pres
-nsIndexAttribute: requeststate:eq,pres
-nsIndexAttribute: requestowner:eq,pres
-nsIndexAttribute: notbefore:eq,pres
-nsIndexAttribute: notafter:eq,pres
-nsIndexAttribute: duration:eq,pres
-nsIndexAttribute: dateOfCreate:eq,pres
-nsIndexAttribute: revokedOn:eq,pres
-nsIndexAttribute: archivedBy:eq,pres
-nsIndexAttribute: ownername:eq,pres,sub
-nsIndexAttribute: subjectname:eq,pres,sub
-nsIndexAttribute: requestsourceid:eq,pres,sub
-nsIndexAttribute: revInfo:eq,pres,sub
-nsIndexAttribute: extension:eq,pres,sub
+nsIndexAttribute: revokedby
+nsIndexAttribute: issuedby
+nsIndexAttribute: publicKeyData
+nsIndexAttribute: clientId
+nsIndexAttribute: dataType
+nsIndexAttribute: status
+nsIndexAttribute: description
+nsIndexAttribute: serialno
+nsIndexAttribute: metaInfo
+nsIndexAttribute: certstatus
+nsIndexAttribute: requestid
+nsIndexAttribute: requesttype
+nsIndexAttribute: requeststate
+nsIndexAttribute: requestowner
+nsIndexAttribute: notbefore
+nsIndexAttribute: notafter
+nsIndexAttribute: duration
+nsIndexAttribute: dateOfCreate
+nsIndexAttribute: revokedOn
+nsIndexAttribute: archivedBy
+nsIndexAttribute: ownername
+nsIndexAttribute: subjectname
+nsIndexAttribute: requestsourceid
+nsIndexAttribute: revInfo
+nsIndexAttribute: extension
diff --git a/base/ocsp/database/ds/indextasks.ldif b/base/ocsp/database/ds/indextasks.ldif
index 1169d607763..1fa9240ac91 100644
--- a/base/ocsp/database/ds/indextasks.ldif
+++ b/base/ocsp/database/ds/indextasks.ldif
@@ -4,28 +4,28 @@ objectclass: extensibleObject
 cn: index1160589772
 ttl: 10
 nsinstance: {database}
-nsIndexAttribute: revokedby:eq
-nsIndexAttribute: issuedby:eq
-nsIndexAttribute: publicKeyData:eq
-nsIndexAttribute: clientId:eq
-nsIndexAttribute: dataType:eq
-nsIndexAttribute: status:eq
-nsIndexAttribute: description:eq,pres
-nsIndexAttribute: serialno:eq,pres
-nsIndexAttribute: metaInfo:eq,pres
-nsIndexAttribute: certstatus:eq,pres
-nsIndexAttribute: requestid:eq,pres
-nsIndexAttribute: requesttype:eq,pres
-nsIndexAttribute: requeststate:eq,pres
-nsIndexAttribute: requestowner:eq,pres
-nsIndexAttribute: notbefore:eq,pres
-nsIndexAttribute: notafter:eq,pres
-nsIndexAttribute: duration:eq,pres
-nsIndexAttribute: dateOfCreate:eq,pres
-nsIndexAttribute: revokedOn:eq,pres
-nsIndexAttribute: archivedBy:eq,pres
-nsIndexAttribute: ownername:eq,pres,sub
-nsIndexAttribute: subjectname:eq,pres,sub
-nsIndexAttribute: requestsourceid:eq,pres,sub
-nsIndexAttribute: revInfo:eq,pres,sub
-nsIndexAttribute: extension:eq,pres,sub
+nsIndexAttribute: revokedby
+nsIndexAttribute: issuedby
+nsIndexAttribute: publicKeyData
+nsIndexAttribute: clientId
+nsIndexAttribute: dataType
+nsIndexAttribute: status
+nsIndexAttribute: description
+nsIndexAttribute: serialno
+nsIndexAttribute: metaInfo
+nsIndexAttribute: certstatus
+nsIndexAttribute: requestid
+nsIndexAttribute: requesttype
+nsIndexAttribute: requeststate
+nsIndexAttribute: requestowner
+nsIndexAttribute: notbefore
+nsIndexAttribute: notafter
+nsIndexAttribute: duration
+nsIndexAttribute: dateOfCreate
+nsIndexAttribute: revokedOn
+nsIndexAttribute: archivedBy
+nsIndexAttribute: ownername
+nsIndexAttribute: subjectname
+nsIndexAttribute: requestsourceid
+nsIndexAttribute: revInfo
+nsIndexAttribute: extension
diff --git a/base/tks/database/ds/indextasks.ldif b/base/tks/database/ds/indextasks.ldif
index 749ac0a0551..7493c26c21f 100644
--- a/base/tks/database/ds/indextasks.ldif
+++ b/base/tks/database/ds/indextasks.ldif
@@ -4,28 +4,28 @@ objectclass: extensibleObject
 cn: index1160589773
 ttl: 10
 nsinstance: {database}
-nsIndexAttribute: revokedby:eq
-nsIndexAttribute: issuedby:eq
-nsIndexAttribute: publicKeyData:eq
-nsIndexAttribute: clientId:eq
-nsIndexAttribute: dataType:eq
-nsIndexAttribute: status:eq
-nsIndexAttribute: description:eq,pres
-nsIndexAttribute: serialno:eq,pres
-nsIndexAttribute: metaInfo:eq,pres
-nsIndexAttribute: certstatus:eq,pres
-nsIndexAttribute: requestid:eq,pres
-nsIndexAttribute: requesttype:eq,pres
-nsIndexAttribute: requeststate:eq,pres
-nsIndexAttribute: requestowner:eq,pres
-nsIndexAttribute: notbefore:eq,pres
-nsIndexAttribute: notafter:eq,pres
-nsIndexAttribute: duration:eq,pres
-nsIndexAttribute: dateOfCreate:eq,pres
-nsIndexAttribute: revokedOn:eq,pres
-nsIndexAttribute: archivedBy:eq,pres
-nsIndexAttribute: ownername:eq,pres,sub
-nsIndexAttribute: subjectname:eq,pres,sub
-nsIndexAttribute: requestsourceid:eq,pres,sub
-nsIndexAttribute: revInfo:eq,pres,sub
-nsIndexAttribute: extension:eq,pres,sub
+nsIndexAttribute: revokedby
+nsIndexAttribute: issuedby
+nsIndexAttribute: publicKeyData
+nsIndexAttribute: clientId
+nsIndexAttribute: dataType
+nsIndexAttribute: status
+nsIndexAttribute: description
+nsIndexAttribute: serialno
+nsIndexAttribute: metaInfo
+nsIndexAttribute: certstatus
+nsIndexAttribute: requestid
+nsIndexAttribute: requesttype
+nsIndexAttribute: requeststate
+nsIndexAttribute: requestowner
+nsIndexAttribute: notbefore
+nsIndexAttribute: notafter
+nsIndexAttribute: duration
+nsIndexAttribute: dateOfCreate
+nsIndexAttribute: revokedOn
+nsIndexAttribute: archivedBy
+nsIndexAttribute: ownername
+nsIndexAttribute: subjectname
+nsIndexAttribute: requestsourceid
+nsIndexAttribute: revInfo
+nsIndexAttribute: extension
diff --git a/base/tps/database/ds/indextasks.ldif b/base/tps/database/ds/indextasks.ldif
index b5106bba443..7426dd7e678 100644
--- a/base/tps/database/ds/indextasks.ldif
+++ b/base/tps/database/ds/indextasks.ldif
@@ -4,11 +4,11 @@ objectclass: extensibleObject
 cn: index1160589774
 ttl: 10
 nsinstance: {database}
-nsIndexAttribute: tokenUserID:eq,pres,sub
-nsIndexAttribute: tokenID:eq,pres,sub
-nsIndexAttribute: dateOfCreate:eq,pres,sub
-nsIndexAttribute: dateOfModify:eq,pres,sub
-nsIndexAttribute: userCertificate:eq
-nsIndexAttribute: tokenSerial:eq
-nsIndexAttribute: tokenKeyType:eq
-nsIndexAttribute: description:eq,pres
+nsIndexAttribute: tokenUserID
+nsIndexAttribute: tokenID
+nsIndexAttribute: dateOfCreate
+nsIndexAttribute: dateOfModify
+nsIndexAttribute: userCertificate
+nsIndexAttribute: tokenSerial
+nsIndexAttribute: tokenKeyType
+nsIndexAttribute: description