def test_matching_secrets(self, mock_proxy, mock_ltree):
"""The passwords match"""
mock_ltree.return_value = good_xml
mock_proxy.return_value = good_ipa_proxy.split('\n')
framework = object()
registry.initialize(framework, config.Config())
f = IPAProxySecretCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.SUCCESS
def test_xml_both_secrets(self, mock_proxy, mock_ltree):
"""server.xml defines both secret types and they match"""
mock_ltree.return_value = both_secrets_xml
mock_proxy.return_value = good_ipa_proxy.split('\n')
framework = object()
registry.initialize(framework, config.Config())
f = IPAProxySecretCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.SUCCESS
def test_fips_no_fips_mode_setup(self, mock_exists):
mock_exists.return_value = False
framework = object()
registry.initialize(framework, config.Config())
f = MetaCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.meta.core'
assert result.check == 'MetaCheck'
assert result.kw.get('fips') == 'missing %s' % paths.FIPS_MODE_SETUP
def test_acme_no_ipa_acme_status(self, mock_exists):
mock_exists.return_value = False
framework = object()
registry.initialize(framework, config.Config())
f = MetaCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.meta.core'
assert result.check == 'MetaCheck'
assert result.kw.get('acme') == \
'missing %s' % '/usr/sbin/ipa-acme-manage'
def test_no_proxypassmatch(self, mock_proxy, mock_ltree):
"""No connectors found in server.xml"""
mock_ltree.return_value = good_xml
mock_proxy.return_value = empty_ipa_proxy.split('\n')
framework = object()
registry.initialize(framework, config.Config())
f = IPAProxySecretCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.CRITICAL
assert result.kw.get('msg') == 'No ProxyPassMatch secrets found ' \
'in {proxy_conf}'
def test_xml_no_connectors(self, mock_proxy, mock_ltree):
"""No connectors found in server.xml"""
mock_ltree.return_value = empty_xml
mock_proxy.return_value = good_ipa_proxy.split('\n')
framework = object()
registry.initialize(framework, config.Config())
f = IPAProxySecretCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.CRITICAL
assert result.kw.get('msg') == 'No AJP/1.3 Connectors defined in ' \
'{server_xml}'
def test_xml_secret_mismatch(self, mock_proxy, mock_ltree):
"""The Apache secret doesn't match the tomcat secret"""
mock_ltree.return_value = mismatch1_xml
mock_proxy.return_value = good_ipa_proxy.split('\n')
framework = object()
registry.initialize(framework, config.Config())
f = IPAProxySecretCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.CRITICAL
assert result.kw.get('msg') == 'A ProxyPassMatch secret not found ' \
'in {server_xml}'
def test_xml_both_secret_type_mismatch(self, mock_proxy, mock_ltree):
"""XML has both secret attributes and they do not match"""
mock_ltree.return_value = both_secrets_mismatch_xml
mock_proxy.return_value = good_ipa_proxy.split('\n')
framework = object()
registry.initialize(framework, config.Config())
f = IPAProxySecretCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.WARNING
assert result.kw.get('msg') == 'The AJP secrets in {server_xml} do '\
'not match'
def test_fips_enabled(self, mock_run, mock_exists):
mock_exists.return_value = True
mock_run.side_effect = [
gen_result(0),
gen_result(0, output='ACME is disabled'),
]
framework = object()
registry.initialize(framework, config.Config())
f = MetaCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.meta.core'
assert result.check == 'MetaCheck'
assert result.kw.get('fips') == 'enabled'
def test_fips_inconsistent(self, mock_run, mock_exists):
mock_exists.return_value = True
run_result = namedtuple('run', ['returncode', 'raw_output'])
run_result.returncode = 1
run_result.raw_output = b''
mock_run.return_value = run_result
framework = object()
registry.initialize(framework, config.Config())
f = MetaCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.meta.core'
assert result.check == 'MetaCheck'
assert result.kw.get('fips') == 'inconsistent'
def test_acme_unknown(self, mock_run, mock_exists):
mock_exists.return_value = True
mock_run.side_effect = [
gen_result(0),
gen_result(
0, error="cannot connect to 'https://somewhere/acme/login"),
]
framework = object()
registry.initialize(framework, config.Config())
f = MetaCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.meta.core'
assert result.check == 'MetaCheck'
assert result.kw.get('acme') == 'unknown'
def test_fips_failed(self, mock_run, mock_exists):
mock_exists.return_value = True
run_result = namedtuple('run', ['returncode', 'raw_output'])
run_result.returncode = 103
run_result.raw_output = b''
mock_run.side_effect = ipautil.CalledProcessError(
1, 'fips-mode-setup', output='execution failed')
framework = object()
registry.initialize(framework, config.Config())
f = MetaCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.ERROR
assert result.source == 'ipahealthcheck.meta.core'
assert result.check == 'MetaCheck'
assert result.kw.get('fips') == 'failed to check'
def test_fips_failed(self, mock_run, mock_exists):
mock_exists.return_value = True
mock_run.side_effect = [
ipautil.CalledProcessError(1,
'fips-mode-setup',
output='execution failed'),
gen_result(0, output='ACME is disabled'),
]
framework = object()
registry.initialize(framework, config.Config())
f = MetaCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.ERROR
assert result.source == 'ipahealthcheck.meta.core'
assert result.check == 'MetaCheck'
assert result.kw.get('fips') == 'failed to check'
