def test_dnsrecords_one_with_ad(self, mock_query, mock_query_srv):
mock_query.side_effect = fake_query_one
mock_query_srv.side_effect = query_srv([m_api.env.host], True)
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole':
['CA server', 'IPA master', 'AD trust controller'],
},
]
}]
framework = object()
registry.initialize(framework)
f = IPADNSSystemRecordsCheck(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 15
for result in self.results.results:
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.idns'
assert result.check == 'IPADNSSystemRecordsCheck'
def test_dnsrecords_two(self, mock_query, mock_query_srv):
"""Test two CA masters, all SRV records"""
mock_query_srv.side_effect = query_srv(
[m_api.env.host, 'replica.' + m_api.env.domain])
mock_query.side_effect = fake_query_two
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
{
'cn': ['replica.' + m_api.env.domain],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
]
}]
framework = object()
registry.initialize(framework)
f = IPADNSSystemRecordsCheck(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 17
for result in self.results.results:
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.idns'
assert result.check == 'IPADNSSystemRecordsCheck'
def test_dnsrecords_bad_realm(self, mock_query, mock_query_srv):
"""Unexpected Kerberos TXT record"""
mock_query.side_effect = fake_query_one_txt
mock_query_srv.side_effect = query_srv([m_api.env.host])
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
]
}]
framework = object()
registry.initialize(framework)
f = IPADNSSystemRecordsCheck(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 9
ok = get_results_by_severity(self.results.results, constants.SUCCESS)
warn = get_results_by_severity(self.results.results, constants.WARNING)
assert len(ok) == 8
assert len(warn) == 1
result = warn[0]
assert result.kw.get('msg') == 'expected realm missing'
assert result.kw.get('key') == '\"FAKE_REALM\"'
def test_dnsrecords_missing_ipa_ca(self, mock_query, mock_query_srv):
"""Drop one of the masters from query_srv
This will simulate missing SRV records and cause a number of
warnings to be thrown.
"""
mock_query_srv.side_effect = query_srv([
m_api.env.host, 'replica.' + m_api.env.domain,
'replica2.' + m_api.env.domain
])
mock_query.side_effect = fake_query_two
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
{
'cn': ['replica.' + m_api.env.domain],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
{
'cn': ['replica2.' + m_api.env.domain],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
]
}]
framework = object()
registry.initialize(framework)
f = IPADNSSystemRecordsCheck(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 25
ok = get_results_by_severity(self.results.results, constants.SUCCESS)
warn = get_results_by_severity(self.results.results, constants.WARNING)
assert len(ok) == 24
assert len(warn) == 1
for result in warn:
assert result.kw.get('msg') == \
'Got {count} ipa-ca A records, expected {expected}'
assert result.kw.get('count') == 2
assert result.kw.get('expected') == 3
def test_dnsrecords_one_with_ad(self, mock_query, mock_query_uri,
mock_query_srv, mock_rrset):
mock_query.side_effect = fake_query_one
mock_query_srv.side_effect = query_srv([m_api.env.host], True)
mock_query_uri.side_effect = query_uri([m_api.env.host])
mock_rrset.side_effect = [
resolve_rrsets(m_api.env.host, (rdatatype.A, rdatatype.AAAA))
]
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole':
['CA server', 'IPA master', 'AD trust controller'],
},
]
}]
framework = object()
registry.initialize(framework, config.Config)
f = IPADNSSystemRecordsCheck(registry)
self.results = capture_results(f)
if has_uri_support:
expected = 20
else:
expected = 16
assert len(self.results) == expected
for result in self.results.results:
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.idns'
assert result.check == 'IPADNSSystemRecordsCheck'
def test_dnsrecords_extra_srv(self, mock_query, mock_query_srv):
"""An extra SRV record set exists, report it.
Add an extra master to the query_srv() which will generate
a full extra set of SRV records for the master.
"""
mock_query_srv.side_effect = query_srv([
m_api.env.host, 'replica.' + m_api.env.domain,
'replica2.' + m_api.env.domain, 'replica3.' + m_api.env.domain
])
mock_query.side_effect = fake_query_three
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
{
'cn': ['replica.' + m_api.env.domain],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
{
'cn': ['replica2.' + m_api.env.domain],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
]
}]
framework = object()
registry.initialize(framework)
f = IPADNSSystemRecordsCheck(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 32
ok = get_results_by_severity(self.results.results, constants.SUCCESS)
warn = get_results_by_severity(self.results.results, constants.WARNING)
assert len(ok) == 25
assert len(warn) == 7
for result in warn:
assert result.kw.get('msg') == \
'Unexpected SRV entry in DNS'
def test_dnsrecords_two(self, mock_query, mock_query_uri,
mock_query_srv, mock_rrset):
"""Test two CA masters, all SRV records"""
mock_query_srv.side_effect = query_srv([
m_api.env.host,
'replica.' + m_api.env.domain
])
mock_query_uri.side_effect = query_uri([
m_api.env.host,
'replica.' + m_api.env.domain
])
mock_query.side_effect = fake_query_two
mock_rrset.side_effect = [
resolve_rrsets(m_api.env.host, (rdatatype.A, rdatatype.AAAA)),
resolve_rrsets('replica.' + m_api.env.domain,
(rdatatype.A, rdatatype.AAAA)),
]
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole': [
'CA server',
'IPA master'
],
},
{
'cn': ['replica.' + m_api.env.domain],
'enabled_role_servrole': [
'CA server',
'IPA master'
],
},
]
}]
framework = object()
registry.initialize(framework, config.Config)
f = IPADNSSystemRecordsCheck(registry)
self.results = capture_results(f)
if has_uri_support:
expected = 27
else:
expected = 19
assert len(self.results) == expected
for result in self.results.results:
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.idns'
assert result.check == 'IPADNSSystemRecordsCheck'
def test_dnsrecords_bad_realm(self, mock_query, mock_query_uri,
mock_query_srv, mock_rrset):
"""Unexpected Kerberos TXT record"""
mock_query.side_effect = fake_query_one_txt
mock_query_srv.side_effect = query_srv([m_api.env.host])
mock_query_uri.side_effect = query_uri([m_api.env.host])
mock_rrset.side_effect = [
resolve_rrsets(m_api.env.host, (rdatatype.A, rdatatype.AAAA))
]
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole': [
'CA server',
'IPA master'
],
},
]
}]
framework = object()
registry.initialize(framework, config.Config)
f = IPADNSSystemRecordsCheck(registry)
self.results = capture_results(f)
if has_uri_support:
expected = 14
else:
expected = 10
assert len(self.results) == expected
ok = get_results_by_severity(self.results.results, constants.SUCCESS)
warn = get_results_by_severity(self.results.results, constants.WARNING)
if has_uri_support:
assert len(ok) == 13
assert len(warn) == 1
else:
assert len(ok) == 9
assert len(warn) == 1
result = warn[0]
assert result.kw.get('msg') == 'expected realm missing'
assert result.kw.get('key') == '\"FAKE_REALM\"'
def test_dnsrecords_extra_srv(self, mock_query, mock_query_uri,
mock_query_srv, mock_rrset):
"""An extra SRV record set exists, report it.
Add an extra master to the query_srv() which will generate
a full extra set of SRV records for the master.
"""
mock_query_srv.side_effect = query_srv([
m_api.env.host,
'replica.' + m_api.env.domain,
'replica2.' + m_api.env.domain,
'replica3.' + m_api.env.domain
])
mock_query_uri.side_effect = query_uri([
m_api.env.host,
'replica.' + m_api.env.domain,
'replica2.' + m_api.env.domain,
])
mock_query.side_effect = fake_query_three
mock_rrset.side_effect = [
resolve_rrsets(m_api.env.host, (rdatatype.A, rdatatype.AAAA)),
resolve_rrsets('replica.' + m_api.env.domain,
(rdatatype.A, rdatatype.AAAA)),
resolve_rrsets('replica2.' + m_api.env.domain,
(rdatatype.A, rdatatype.AAAA)),
resolve_rrsets('replica3.' + m_api.env.domain,
(rdatatype.A, rdatatype.AAAA)),
]
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole': [
'CA server',
'IPA master'
],
},
{
'cn': ['replica.' + m_api.env.domain],
'enabled_role_servrole': [
'CA server',
'IPA master'
],
},
{
'cn': ['replica2.' + m_api.env.domain],
'enabled_role_servrole': [
'CA server',
'IPA master'
],
},
]
}]
framework = object()
registry.initialize(framework, config.Config)
f = IPADNSSystemRecordsCheck(registry)
self.results = capture_results(f)
if has_uri_support:
expected = 47
else:
expected = 35
assert len(self.results) == expected
ok = get_results_by_severity(self.results.results, constants.SUCCESS)
warn = get_results_by_severity(self.results.results, constants.WARNING)
if has_uri_support:
assert len(ok) == 40
assert len(warn) == 7
else:
assert len(ok) == 28
assert len(warn) == 7
for result in warn:
assert result.kw.get('msg') == \
'Unexpected SRV entry in DNS'
def test_dnsrecords_missing_ipa_ca(self, mock_query, mock_query_uri,
mock_query_srv, mock_rrset):
"""Drop one of the masters from query_srv
This will simulate missing SRV records and cause a number of
warnings to be thrown.
"""
mock_query_srv.side_effect = query_srv([
m_api.env.host,
'replica.' + m_api.env.domain,
'replica2.' + m_api.env.domain
])
mock_query_uri.side_effect = query_uri([
m_api.env.host,
'replica.' + m_api.env.domain,
'replica2.' + m_api.env.domain
])
mock_query.side_effect = fake_query_two
mock_rrset.side_effect = [
resolve_rrsets(m_api.env.host, (rdatatype.A, rdatatype.AAAA)),
resolve_rrsets('replica.' + m_api.env.domain,
(rdatatype.A, rdatatype.AAAA)),
resolve_rrsets('replica2.' + m_api.env.domain,
(rdatatype.A, rdatatype.AAAA))
]
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole': [
'CA server',
'IPA master'
],
},
{
'cn': ['replica.' + m_api.env.domain],
'enabled_role_servrole': [
'CA server',
'IPA master'
],
},
{
'cn': ['replica2.' + m_api.env.domain],
'enabled_role_servrole': [
'CA server',
'IPA master'
],
},
]
}]
framework = object()
registry.initialize(framework, config.Config)
f = IPADNSSystemRecordsCheck(registry)
self.results = capture_results(f)
if has_uri_support:
expected = 40
else:
expected = 28
assert len(self.results) == expected
ok = get_results_by_severity(self.results.results, constants.SUCCESS)
warn = get_results_by_severity(self.results.results, constants.WARNING)
if has_uri_support:
assert len(ok) == 38
assert len(warn) == 2
else:
assert len(ok) == 26
assert len(warn) == 2
for result in warn:
assert re.match(
r'^Got {count} ipa-ca (A|AAAA) records, expected {expected}$',
result.kw.get('msg')
)
assert result.kw.get('count') == 2
assert result.kw.get('expected') == 3