def test_matching_secrets(self, mock_proxy, mock_ltree): """The passwords match""" mock_ltree.return_value = good_xml mock_proxy.return_value = good_ipa_proxy.split('\n') framework = object() registry.initialize(framework, config.Config()) f = IPAProxySecretCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.SUCCESS
def test_xml_both_secrets(self, mock_proxy, mock_ltree): """server.xml defines both secret types and they match""" mock_ltree.return_value = both_secrets_xml mock_proxy.return_value = good_ipa_proxy.split('\n') framework = object() registry.initialize(framework, config.Config()) f = IPAProxySecretCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.SUCCESS
def test_fips_no_fips_mode_setup(self, mock_exists): mock_exists.return_value = False framework = object() registry.initialize(framework, config.Config()) f = MetaCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.meta.core' assert result.check == 'MetaCheck' assert result.kw.get('fips') == 'missing %s' % paths.FIPS_MODE_SETUP
def test_acme_no_ipa_acme_status(self, mock_exists): mock_exists.return_value = False framework = object() registry.initialize(framework, config.Config()) f = MetaCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.meta.core' assert result.check == 'MetaCheck' assert result.kw.get('acme') == \ 'missing %s' % '/usr/sbin/ipa-acme-manage'
def test_no_proxypassmatch(self, mock_proxy, mock_ltree): """No connectors found in server.xml""" mock_ltree.return_value = good_xml mock_proxy.return_value = empty_ipa_proxy.split('\n') framework = object() registry.initialize(framework, config.Config()) f = IPAProxySecretCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.CRITICAL assert result.kw.get('msg') == 'No ProxyPassMatch secrets found ' \ 'in {proxy_conf}'
def test_xml_no_connectors(self, mock_proxy, mock_ltree): """No connectors found in server.xml""" mock_ltree.return_value = empty_xml mock_proxy.return_value = good_ipa_proxy.split('\n') framework = object() registry.initialize(framework, config.Config()) f = IPAProxySecretCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.CRITICAL assert result.kw.get('msg') == 'No AJP/1.3 Connectors defined in ' \ '{server_xml}'
def test_xml_secret_mismatch(self, mock_proxy, mock_ltree): """The Apache secret doesn't match the tomcat secret""" mock_ltree.return_value = mismatch1_xml mock_proxy.return_value = good_ipa_proxy.split('\n') framework = object() registry.initialize(framework, config.Config()) f = IPAProxySecretCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.CRITICAL assert result.kw.get('msg') == 'A ProxyPassMatch secret not found ' \ 'in {server_xml}'
def test_xml_both_secret_type_mismatch(self, mock_proxy, mock_ltree): """XML has both secret attributes and they do not match""" mock_ltree.return_value = both_secrets_mismatch_xml mock_proxy.return_value = good_ipa_proxy.split('\n') framework = object() registry.initialize(framework, config.Config()) f = IPAProxySecretCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.WARNING assert result.kw.get('msg') == 'The AJP secrets in {server_xml} do '\ 'not match'
def test_fips_enabled(self, mock_run, mock_exists): mock_exists.return_value = True mock_run.side_effect = [ gen_result(0), gen_result(0, output='ACME is disabled'), ] framework = object() registry.initialize(framework, config.Config()) f = MetaCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.meta.core' assert result.check == 'MetaCheck' assert result.kw.get('fips') == 'enabled'
def test_fips_inconsistent(self, mock_run, mock_exists): mock_exists.return_value = True run_result = namedtuple('run', ['returncode', 'raw_output']) run_result.returncode = 1 run_result.raw_output = b'' mock_run.return_value = run_result framework = object() registry.initialize(framework, config.Config()) f = MetaCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.meta.core' assert result.check == 'MetaCheck' assert result.kw.get('fips') == 'inconsistent'
def test_acme_unknown(self, mock_run, mock_exists): mock_exists.return_value = True mock_run.side_effect = [ gen_result(0), gen_result( 0, error="cannot connect to 'https://somewhere/acme/login"), ] framework = object() registry.initialize(framework, config.Config()) f = MetaCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.meta.core' assert result.check == 'MetaCheck' assert result.kw.get('acme') == 'unknown'
def test_fips_failed(self, mock_run, mock_exists): mock_exists.return_value = True run_result = namedtuple('run', ['returncode', 'raw_output']) run_result.returncode = 103 run_result.raw_output = b'' mock_run.side_effect = ipautil.CalledProcessError( 1, 'fips-mode-setup', output='execution failed') framework = object() registry.initialize(framework, config.Config()) f = MetaCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.ERROR assert result.source == 'ipahealthcheck.meta.core' assert result.check == 'MetaCheck' assert result.kw.get('fips') == 'failed to check'
def test_fips_failed(self, mock_run, mock_exists): mock_exists.return_value = True mock_run.side_effect = [ ipautil.CalledProcessError(1, 'fips-mode-setup', output='execution failed'), gen_result(0, output='ACME is disabled'), ] framework = object() registry.initialize(framework, config.Config()) f = MetaCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.ERROR assert result.source == 'ipahealthcheck.meta.core' assert result.check == 'MetaCheck' assert result.kw.get('fips') == 'failed to check'