Ejemplo n.º 1
0
    def test_expiration_warning(self):
        warning = datetime.now(timezone.utc) + timedelta(days=20)
        replaceme = {
            'nickname': '7777',
            'cert-file': paths.RA_AGENT_PEM,
            'key-file': paths.RA_AGENT_KEY,
            'ca-name': 'dogtag-ipa-ca-renew-agent',
            'not-valid-after': int(warning.timestamp()),
        }

        set_requests(remove=0, add=replaceme)

        framework = object()
        registry.initialize(framework)
        f = IPACertmongerExpirationCheck(registry)

        f.config = config.Config()
        f.config.cert_expiration_days = 30
        self.results = capture_results(f)

        assert len(self.results) == 2

        result = self.results.results[0]
        assert result.result == constants.SUCCESS
        assert result.source == 'ipahealthcheck.ipa.certs'
        assert result.check == 'IPACertmongerExpirationCheck'
        assert result.kw.get('key') == '5678'

        result = self.results.results[1]
        assert result.result == constants.WARNING
        assert result.source == 'ipahealthcheck.ipa.certs'
        assert result.check == 'IPACertmongerExpirationCheck'
        assert result.kw.get('key') == '7777'
        assert 'expires in 19 days' in result.kw.get('msg')
    def test_principal_ok(self):
        agent_dn = DN(('krbprincipalname', 'cifs/%s@%s' %
                       (m_api.env.host, m_api.env.realm)),
                      m_api.env.container_service, m_api.env.basedn)
        group_dn = DN(('cn', 'adtrust agents'),
                      m_api.env.container_sysaccounts, m_api.env.basedn)
        attrs = {
            'memberof': [group_dn],
        }
        fake_conn = LDAPClient('ldap://localhost', no_schema=True)
        ldapentry = LDAPEntry(fake_conn, agent_dn)
        for attr, values in attrs.items():
            ldapentry[attr] = values

        framework = object()
        registry.initialize(framework)
        registry.trust_controller = True
        f = IPATrustControllerPrincipalCheck(registry)

        f.conn = mock_ldap(ldapentry)
        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 1

        result = self.results.results[0]
        assert result.result == constants.SUCCESS
        assert result.source == 'ipahealthcheck.ipa.trust'
        assert result.check == 'IPATrustControllerPrincipalCheck'
        assert result.kw.get('key') == 'cifs/%s@%s' % \
                                       (m_api.env.host, m_api.env.realm)
    def test_nss_agent_too_many(self):

        attrs = dict(
            description=['2;1;CN=ISSUER;CN=RA AGENT'],
            usercertificate=[self.cert],
        )
        fake_conn = LDAPClient('ldap://localhost', no_schema=True)
        ldapentry = LDAPEntry(fake_conn, DN('uid=ipara,ou=people,o=ipaca'))
        for attr, values in attrs.items():
            ldapentry[attr] = values

        ldapentry2 = LDAPEntry(fake_conn, DN('uid=ipara2,ou=people,o=ipaca'))
        for attr, values in attrs.items():
            ldapentry[attr] = values

        framework = object()
        registry.initialize(framework, config.Config())
        f = IPARAAgent(registry)

        f.conn = mock_ldap([ldapentry, ldapentry2])
        self.results = capture_results(f)
        result = self.results.results[0]

        assert result.result == constants.ERROR
        assert result.kw.get('found') == 2
Ejemplo n.º 4
0
    def test_one_ruvs(self):
        fake_conn = LDAPClient('ldap://localhost', no_schema=True)
        entries = []

        entries.append(
            self.create_entry(fake_conn,
                              DN('dc=example,cn=mapping tree,cn=config'),
                              {'nsds5ReplicaId': ['3']}))
        entries.append(None)

        framework = object()
        registry.initialize(framework)
        f = RUVCheck(registry)

        f.conn = mock_ldap(entries)
        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 1

        result = self.results.results[0]
        assert result.result == constants.SUCCESS
        assert result.source == 'ipahealthcheck.ds.ruv'
        assert result.check == 'RUVCheck'
        assert result.kw.get('key') == str(m_api.env.basedn)
        assert result.kw.get('ruv') == '3'
Ejemplo n.º 5
0
    def test_revocation_one_bad(self):
        m_api.Command.cert_show.side_effect = [
            {
                u'result': {
                    u"revoked": False,
                }
            },
            {
                u'result': {
                    u"revoked": True,
                    u"revocation_reason": 4,
                }
            },
        ]
        set_requests()

        framework = object()
        registry.initialize(framework)
        f = IPACertRevocation(registry)

        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 2

        result = self.results.results[0]
        assert result.result == constants.SUCCESS
        assert result.source == 'ipahealthcheck.ipa.certs'
        assert result.check == 'IPACertRevocation'

        result = self.results.results[1]
        assert result.result == constants.ERROR
        assert result.source == 'ipahealthcheck.ipa.certs'
        assert result.check == 'IPACertRevocation'
        assert result.kw.get('revocation_reason') == 'superseded'
    def test_member_fail(self):
        agent_dn = DN(('fqdn', m_api.env.host), m_api.env.container_host,
                      m_api.env.basedn)
        attrs = {
            'memberof': [agent_dn],
        }
        fake_conn = LDAPClient('ldap://localhost', no_schema=True)
        ldapentry = LDAPEntry(fake_conn, agent_dn)
        for attr, values in attrs.items():
            ldapentry[attr] = values

        framework = object()
        registry.initialize(framework)
        registry.trust_controller = True
        f = IPATrustControllerPrincipalCheck(registry)

        f.conn = mock_ldap(ldapentry)
        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 1

        result = self.results.results[0]
        assert result.result == constants.ERROR
        assert result.source == 'ipahealthcheck.ipa.trust'
        assert result.kw.get('key') == 'cifs/%s@%s' % \
                                       (m_api.env.host, m_api.env.realm)
Ejemplo n.º 7
0
    def test_one_expired(self, mock_load):
        mock_load.return_value = [
            FakeIPACertificate(
                None,
                subject=self.sub_ca,
                not_after=datetime.now(timezone.utc) + timedelta(days=-3)
            ),
            FakeIPACertificate(
                None,
                subject=self.root_ca,
                not_after=datetime.now(timezone.utc) + timedelta(days=20)
            )
        ]
        framework = object()
        registry.initialize(framework)
        f = IPACAChainExpirationCheck(registry)

        f.config = config.Config()
        f.config.cert_expiration_days = 7
        self.results = capture_results(f)

        assert len(self.results) == 2

        result = self.results.results[0]
        assert result.result == constants.CRITICAL
        assert result.source == 'ipahealthcheck.ipa.certs'
        assert result.check == 'IPACAChainExpirationCheck'
        assert result.kw.get('key') == self.sub_ca
        assert 'expired' in result.kw.get('msg')

        result = self.results.results[1]
        assert result.result == constants.SUCCESS
        assert result.source == 'ipahealthcheck.ipa.certs'
        assert result.check == 'IPACAChainExpirationCheck'
        assert result.kw.get('key') == self.root_ca
Ejemplo n.º 8
0
    def test_dnsrecords_bad_realm(self, mock_query, mock_query_srv):
        """Unexpected Kerberos TXT record"""
        mock_query.side_effect = fake_query_one_txt
        mock_query_srv.side_effect = query_srv([m_api.env.host])

        m_api.Command.server_find.side_effect = [{
            'result': [
                {
                    'cn': [m_api.env.host],
                    'enabled_role_servrole': ['CA server', 'IPA master'],
                },
            ]
        }]
        framework = object()
        registry.initialize(framework)
        f = IPADNSSystemRecordsCheck(registry)

        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 9

        ok = get_results_by_severity(self.results.results, constants.SUCCESS)
        warn = get_results_by_severity(self.results.results, constants.WARNING)
        assert len(ok) == 8
        assert len(warn) == 1

        result = warn[0]
        assert result.kw.get('msg') == 'expected realm missing'
        assert result.kw.get('key') == '\"FAKE_REALM\"'
    def test_ca_certs_ok(self, mock_certdb, mock_directive):
        """Test what should be the standard case"""
        trust = {
            'ocspSigningCert cert-pki-ca': 'u,u,u',
            'subsystemCert cert-pki-ca': 'u,u,u',
            'auditSigningCert cert-pki-ca': 'u,u,Pu',
            'Server-Cert cert-pki-ca': 'u,u,u',
            'caSigningCert cert-pki-ca': 'CT,C,C',
            'transportCert cert-pki-kra': 'u,u,u',
        }
        mock_certdb.return_value = mock_CertDB(trust)
        mock_directive.side_effect = [name for name, nsstrust in trust.items()]

        framework = object()
        registry.initialize(framework)
        f = DogtagCertsConfigCheck(registry)

        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 6

        for result in self.results.results:
            assert result.result == constants.SUCCESS
            assert result.source == 'ipahealthcheck.dogtag.ca'
            assert result.check == 'DogtagCertsConfigCheck'
    def test_openssl_validation_bad(self, mock_run):
        def run(args, raiseonerr=True):
            result = _RunResult('', '', 2)
            result.raw_output = bytes(
                'O = EXAMPLE.TEST, CN = ipa.example.test\n'
                'error 20 at 0 depth lookup: unable to get local issuer '
                'certificate\nerror %s: verification failed'.format(
                    args[-1]).encode('utf-8'))
            result.raw_error_output = b''
            result.error_log = ''
            return result

        mock_run.side_effect = run

        framework = object()
        registry.initialize(framework)
        f = IPAOpenSSLChainValidation(registry)

        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 2

        for result in self.results.results:
            assert result.result == constants.ERROR
            assert result.source == 'ipahealthcheck.ipa.certs'
            assert result.check == 'IPAOpenSSLChainValidation'
            assert 'failed' in result.kw.get('msg')
Ejemplo n.º 11
0
    def test_dnsrecords_one_with_ad(self, mock_query, mock_query_srv):
        mock_query.side_effect = fake_query_one
        mock_query_srv.side_effect = query_srv([m_api.env.host], True)

        m_api.Command.server_find.side_effect = [{
            'result': [
                {
                    'cn': [m_api.env.host],
                    'enabled_role_servrole':
                    ['CA server', 'IPA master', 'AD trust controller'],
                },
            ]
        }]
        framework = object()
        registry.initialize(framework)
        f = IPADNSSystemRecordsCheck(registry)

        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 15

        for result in self.results.results:
            assert result.result == constants.SUCCESS
            assert result.source == 'ipahealthcheck.ipa.dns'
            assert result.check == 'IPADNSSystemRecordsCheck'
Ejemplo n.º 12
0
    def test_revocation_ok(self):
        m_api.Command.cert_show.side_effect = [
            {
                u'result': {
                    u"revoked": False,
                }
            },
            {
                u'result': {
                    u"revoked": False,
                }
            },
        ]

        set_requests()

        framework = object()
        registry.initialize(framework)
        f = IPACertRevocation(registry)

        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 2

        for result in self.results.results:
            assert result.result == constants.SUCCESS
            assert result.source == 'ipahealthcheck.ipa.certs'
            assert result.check == 'IPACertRevocation'
Ejemplo n.º 13
0
    def test_principal_fail(self):
        service_dn = DN(('cn', 'ADTRUST'))
        attrs = {
            'ipaconfigstring': ['disabledService'],
        }
        fake_conn = LDAPClient('ldap://localhost', no_schema=True)
        ldapentry = LDAPEntry(fake_conn, service_dn)
        for attr, values in attrs.items():
            ldapentry[attr] = values

        framework = object()
        registry.initialize(framework)
        registry.trust_controller = True
        f = IPATrustControllerServiceCheck(registry)

        f.conn = mock_ldap(ldapentry)
        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 1

        result = self.results.results[0]
        assert result.result == constants.ERROR
        assert result.source == 'ipahealthcheck.ipa.trust'
        assert result.kw.get('key') == 'ADTRUST'
Ejemplo n.º 14
0
    def test_sidgen_fail(self):
        attrs = {
            'nsslapd-pluginEnabled': ['off'],
        }
        fake_conn = LDAPClient('ldap://localhost', no_schema=True)
        ldapentry = LDAPEntry(fake_conn, DN('cn=plugin, cn=config'))
        for attr, values in attrs.items():
            ldapentry[attr] = values

        framework = object()
        registry.initialize(framework)
        registry.trust_agent = True
        f = IPAsidgenpluginCheck(registry)

        f.conn = mock_ldap(ldapentry)
        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 2

        result = self.results.results[0]
        assert result.result == constants.ERROR
        assert result.source == 'ipahealthcheck.ipa.trust'
        assert result.check == 'IPAsidgenpluginCheck'
        assert result.kw.get('key') == 'IPA SIDGEN'

        result = self.results.results[1]
        assert result.result == constants.ERROR
        assert result.source == 'ipahealthcheck.ipa.trust'
        assert result.check == 'IPAsidgenpluginCheck'
        assert result.kw.get('key') == 'ipa-sidgen-task'
Ejemplo n.º 15
0
    def test_expiration(self):
        set_requests()

        framework = object()
        registry.initialize(framework)
        f = IPACertmongerExpirationCheck(registry)

        f.config = config.Config()
        f.config.cert_expiration_days = 7
        self.results = capture_results(f)

        assert len(self.results) == 2

        result = self.results.results[0]
        assert result.result == constants.ERROR
        assert result.source == 'ipahealthcheck.ipa.certs'
        assert result.check == 'IPACertmongerExpirationCheck'
        assert result.kw.get('key') == '1234'
        assert result.kw.get('msg') == 'Request id 1234 expired on ' \
                                       '19700101001704Z'

        result = self.results.results[1]
        assert result.result == constants.SUCCESS
        assert result.source == 'ipahealthcheck.ipa.certs'
        assert result.check == 'IPACertmongerExpirationCheck'
        assert result.kw.get('key') == '5678'
Ejemplo n.º 16
0
    def test_nss_validation_ok_no_ca(self, mock_run, mock_cainstance):
        """Test with the CA marked as not configured so there should only
           be a DS certificate to check.
        """
        def run(args, raiseonerr=True):
            result = _RunResult('', '', 0)
            result.raw_output = b'certutil: certificate is valid\n'
            result.raw_error_output = b''
            return result

        mock_run.side_effect = run
        mock_cainstance.return_value = CAInstance(False)

        framework = object()
        registry.initialize(framework)
        f = IPANSSChainValidation(registry)

        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 1

        for result in self.results.results:
            assert result.result == constants.SUCCESS
            assert result.source == 'ipahealthcheck.ipa.certs'
            assert result.check == 'IPANSSChainValidation'
            assert 'slapd-' in result.kw.get('key')
Ejemplo n.º 17
0
    def test_nss_validation_bad(self, mock_run, mock_cainstance):
        def run(args, raiseonerr=True):
            result = _RunResult('', '', 255)
            result.raw_output = str.encode(
                'certutil: certificate is invalid: Peer\'s certificate issuer '
                'has been marked as not trusted by the user.')
            result.raw_error_output = b''
            result.error_log = ''
            return result

        mock_run.side_effect = run
        mock_cainstance.return_value = CAInstance()

        framework = object()
        registry.initialize(framework)
        f = IPANSSChainValidation(registry)

        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 2

        for result in self.results.results:
            assert result.result == constants.ERROR
            assert result.source == 'ipahealthcheck.ipa.certs'
            assert result.check == 'IPANSSChainValidation'
Ejemplo n.º 18
0
    def test_trust_get_trust_domains_fail(self, mock_trust, mock_run):
        # sssctl domain-list
        run_result = namedtuple('run', ['returncode', 'error_log'])
        run_result.returncode = 0
        run_result.error_log = ''
        run_result.output = 'implicit_files\nipa.example\nad.example\n'
        mock_run.return_value = run_result

        mock_trust.side_effect = errors.NotFound(reason='bad')

        framework = object()
        registry.initialize(framework)
        registry.trust_agent = True
        f = IPATrustDomainsCheck(registry)

        f.config = config.Config()
        self.results = capture_results(f)

        # There are more than one result I just care about this particular
        # value. The error is not fatal.
        result = self.results.results[0]
        assert result.result == constants.WARNING
        assert result.source == 'ipahealthcheck.ipa.trust'
        assert result.check == 'IPATrustDomainsCheck'
        assert result.kw.get('key') == 'trust-find'
Ejemplo n.º 19
0
    def test_kra_agent_nonmatching_cert(self):

        cert2 = IPACertificate(2)

        attrs = dict(
            description=['2;1;CN=ISSUER;CN=RA AGENT'],
            usercertificate=[cert2],
        )
        fake_conn = LDAPClient('ldap://localhost', no_schema=True)
        ldapentry = LDAPEntry(fake_conn,
                              DN('uid=ipakra,ou=people,o=kra,o=ipaca'))
        for attr, values in attrs.items():
            ldapentry[attr] = values

        framework = object()
        registry.initialize(framework, config.Config())
        f = IPAKRAAgent(registry)

        f.conn = mock_ldap([ldapentry])
        self.results = capture_results(f)
        result = self.results.results[0]

        assert result.result == constants.ERROR
        assert result.kw.get('certfile') == paths.RA_AGENT_PEM
        assert result.kw.get('dn') == 'uid=ipakra,ou=people,o=kra,o=ipaca'
Ejemplo n.º 20
0
    def test_kra_agent_ok(self):

        attrs = dict(
            description=['2;1;CN=ISSUER;CN=RA AGENT'],
            usercertificate=[self.cert],
        )
        fake_conn = LDAPClient('ldap://localhost', no_schema=True)
        ldapentry = LDAPEntry(fake_conn,
                              DN('uid=ipakra,ou=people,o=kra,o=ipaca'))
        for attr, values in attrs.items():
            ldapentry[attr] = values

        framework = object()
        registry.initialize(framework, config.Config())
        f = IPAKRAAgent(registry)

        f.conn = mock_ldap([ldapentry])
        self.results = capture_results(f)

        assert len(self.results) == 1

        result = self.results.results[0]
        assert result.result == constants.SUCCESS
        assert result.source == 'ipahealthcheck.ipa.certs'
        assert result.check == 'IPAKRAAgent'
Ejemplo n.º 21
0
    def test_dnsrecords_two(self, mock_query, mock_query_srv):
        """Test two CA masters, all SRV records"""
        mock_query_srv.side_effect = query_srv(
            [m_api.env.host, 'replica.' + m_api.env.domain])
        mock_query.side_effect = fake_query_two

        m_api.Command.server_find.side_effect = [{
            'result': [
                {
                    'cn': [m_api.env.host],
                    'enabled_role_servrole': ['CA server', 'IPA master'],
                },
                {
                    'cn': ['replica.' + m_api.env.domain],
                    'enabled_role_servrole': ['CA server', 'IPA master'],
                },
            ]
        }]

        framework = object()
        registry.initialize(framework)
        f = IPADNSSystemRecordsCheck(registry)

        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 17

        for result in self.results.results:
            assert result.result == constants.SUCCESS
            assert result.source == 'ipahealthcheck.ipa.dns'
            assert result.check == 'IPADNSSystemRecordsCheck'
Ejemplo n.º 22
0
    def test_principal_fail(self):
        admins_dn = DN(('cn', 'admins'))
        attrs = {
            'ipantsecurityidentifier': ['S-1-5-21-1234-5678-1976041503-500'],
        }
        fake_conn = LDAPClient('ldap://localhost', no_schema=True)
        ldapentry = LDAPEntry(fake_conn, admins_dn)
        for attr, values in attrs.items():
            ldapentry[attr] = values

        framework = object()
        registry.initialize(framework)
        registry.trust_controller = True
        f = IPATrustControllerGroupSIDCheck(registry)

        f.conn = mock_ldap(ldapentry)
        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 1

        result = self.results.results[0]
        assert result.result == constants.ERROR
        assert result.source == 'ipahealthcheck.ipa.trust'
        assert result.check == 'IPATrustControllerGroupSIDCheck'
        assert result.kw.get('key') == 'ipantsecurityidentifier'
        assert result.kw.get('rid') == 'S-1-5-21-1234-5678-1976041503-500'
Ejemplo n.º 23
0
    def test_certs_mismatch(self, mock_certdb):
        """ Ensure mismatches are detected"""
        fake_conn = LDAPClient('ldap://localhost', no_schema=True)
        pkidbentry = LDAPEntry(
            fake_conn,
            DN('uid=pkidbuser,ou=people,o=ipaca'),
            userCertificate=[IPACertificate(serial_number=2)],
            subjectName=['test'])
        casignentry = LDAPEntry(fake_conn,
                                DN('cn=%s IPA CA' % m_api.env.realm,
                                   'cn=certificates,cn=ipa,cn=etc',
                                   m_api.env.basedn),
                                CACertificate=[IPACertificate()],
                                userCertificate=[IPACertificate()],
                                subjectName=['test'])
        ldap_entries = [pkidbentry, casignentry]
        trust = {
            'ocspSigningCert cert-pki-ca': 'u,u,u',
            'caSigningCert cert-pki-ca': 'u,u,u',
            'subsystemCert cert-pki-ca': 'u,u,u',
            'auditSigningCert cert-pki-ca': 'u,u,Pu',
            'Server-Cert cert-pki-ca': 'u,u,u',
            'transportCert cert-pki-kra': 'u,u,u',
            'storageCert cert-pki-kra': 'u,u,u',
            'auditSigningCert cert-pki-kra': 'u,u,Pu',
        }

        dogtag_entries_subjects = (
            'CN=OCSP Subsystem,O=%s' % m_api.env.realm,
            'CN=CA Subsystem,O=%s' % m_api.env.realm,
            'CN=CA Audit,O=%s' % m_api.env.realm,
            'CN=%s,O=%s' % (m_api.env.host, m_api.env.realm),
            'CN=KRA Transport Certificate,O=%s' % m_api.env.realm,
            'CN=KRA Storage Certificate,O=%s' % m_api.env.realm,
            'CN=KRA Audit,O=%s' % m_api.env.realm,
        )

        for i, subject in enumerate(dogtag_entries_subjects):
            entry = LDAPEntry(fake_conn,
                              DN('cn=%i,ou=certificateRepository' % i,
                                 'ou=ca,o=ipaca'),
                              userCertificate=[IPACertificate()],
                              subjectName=[subject])
            ldap_entries.append(entry)

        mock_certdb.return_value = mock_CertDB(trust)

        framework = object()
        registry.initialize(framework, config.Config())
        f = IPADogtagCertsMatchCheck(registry)
        f.conn = mock_ldap(ldap_entries)
        self.results = capture_results(f)

        assert len(self.results) == 3
        result = self.results.results[0]
        assert result.result == constants.ERROR
        assert result.source == 'ipahealthcheck.ipa.certs'
        assert result.check == 'IPADogtagCertsMatchCheck'
Ejemplo n.º 24
0
    def test_trust_get_trust_domains_mismatch(self, mock_run):
        # sssctl domain-list
        dlresult = namedtuple('run', ['returncode', 'error_log'])
        dlresult.returncode = 0
        dlresult.error_log = ''
        dlresult.output = 'implicit_files\nipa.example\n' \
            'child.example\n'
        olresult = namedtuple('run', ['returncode', 'error_log'])
        olresult.returncode = 0
        olresult.error_log = ''
        olresult.output = 'Online status: Online\n\n'

        mock_run.side_effect = [dlresult, olresult, olresult]

        # get_trust_domains()
        m_api.Command.trust_find.side_effect = [{
            'result': [
                {
                    'cn': ['ad.example'],
                    'ipantflatname': ['ADROOT'],
                    'ipanttrusteddomainsid': ['S-1-5-21-abc'],
                    'trusttype': ['Active Directory domain'],
                },
                {
                    'cn': ['child.example'],
                    'ipantflatname': ['ADROOT'],
                    'ipanttrusteddomainsid': ['S-1-5-21-def'],
                    'trusttype': ['Active Directory domain'],
                },
            ]
        }]

        framework = object()
        registry.initialize(framework)
        registry.trust_agent = True
        f = IPATrustDomainsCheck(registry)

        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 2

        result = self.results.results[0]
        assert result.result == constants.ERROR
        assert result.source == 'ipahealthcheck.ipa.trust'
        assert result.check == 'IPATrustDomainsCheck'
        assert result.kw.get('key') == 'domain-list'
        assert result.kw.get('trust_domains') == 'ad.example, child.example'
        assert result.kw.get('sssd_domains') == 'child.example'

        result = self.results.results[1]
        assert result.result == constants.SUCCESS
        assert result.source == 'ipahealthcheck.ipa.trust'
        assert result.check == 'IPATrustDomainsCheck'
        assert result.kw.get('key') == 'domain-status'
        assert result.kw.get('domain') == 'child.example'
Ejemplo n.º 25
0
    def test_no_ruvs(self):
        framework = object()
        registry.initialize(framework)
        f = RUVCheck(registry)

        f.conn = mock_ldap(None)
        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 0
Ejemplo n.º 26
0
    def test_no_trust_agent(self):
        framework = object()
        registry.initialize(framework)
        registry.trust_agent = False
        f = IPAsidgenpluginCheck(registry)

        f.config = config.Config()
        self.results = capture_results(f)

        # Zero because the call was skipped altogether
        assert len(self.results) == 0
Ejemplo n.º 27
0
    def test_not_trust_controller(self):
        framework = object()
        registry.initialize(framework)
        registry.trust_controller = False
        f = IPATrustControllerConfCheck(registry)

        f.config = config.Config()
        self.results = capture_results(f)

        # Zero because the call was skipped altogether
        assert len(self.results) == 0
    def test_nss_agent_no_entry_found(self):

        framework = object()
        registry.initialize(framework, config.Config())
        f = IPARAAgent(registry)

        f.conn = mock_ldap(None)  # None == NotFound
        self.results = capture_results(f)
        result = self.results.results[0]

        assert result.result == constants.ERROR
        assert result.kw.get('msg') == 'RA agent not found in LDAP'
    def test_nss_agent_load_failure(self, mock_load_cert):

        mock_load_cert.side_effect = IOError('test')

        framework = object()
        registry.initialize(framework, config.Config())
        f = IPARAAgent(registry)

        self.results = capture_results(f)
        result = self.results.results[0]

        assert result.result == constants.ERROR
        assert result.kw.get('error') == 'test'
Ejemplo n.º 30
0
    def test_cacert_caless(self, mock_cainstance):
        """Nothing to check if the master is CALess"""

        mock_cainstance.return_value = CAInstance(False)

        framework = object()
        registry.initialize(framework)
        f = DogtagCertsConfigCheck(registry)

        f.config = config.Config()
        self.results = capture_results(f)

        assert len(self.results) == 0