def test_files_group(mock_stat):
"""
Test the file group.
Our mocked files want root, nobody, (root, nobody), (root, root).
"""
f = FileCheck()
f.files = files
mock_stat.return_value = make_stat()
results = capture_results(f)
my_results = get_results(results, 'group')
assert my_results.results[0].result == constants.SUCCESS
assert my_results.results[1].result == constants.WARNING
assert my_results.results[2].result == constants.SUCCESS
assert my_results.results[3].result == constants.SUCCESS
mock_stat.return_value = make_stat(gid=nobody.pw_gid)
results = capture_results(f)
my_results = get_results(results, 'group')
assert my_results.results[0].result == constants.WARNING
assert my_results.results[0].kw.get('got') == 'nobody'
assert my_results.results[0].kw.get('expected') == 'root'
assert my_results.results[0].kw.get('type') == 'group'
assert my_results.results[1].result == constants.SUCCESS
assert my_results.results[2].result == constants.SUCCESS
assert my_results.results[3].result == constants.WARNING
assert my_results.results[3].kw.get('got') == 'nobody'
assert my_results.results[3].kw.get('expected') == 'root,bin'
assert my_results.results[3].kw.get('type') == 'group'
assert my_results.results[3].kw.get('msg') == \
'Group of fiz is nobody and should be one of root,bin'
def test_revocation_ok(self):
m_api.Command.cert_show.side_effect = [
{
u'result': {
u"revoked": False,
}
},
{
u'result': {
u"revoked": False,
}
},
]
set_requests()
framework = object()
registry.initialize(framework)
f = IPACertRevocation(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 2
for result in self.results.results:
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.certs'
assert result.check == 'IPACertRevocation'
def test_nss_agent_too_many(self):
attrs = dict(
description=['2;1;CN=ISSUER;CN=RA AGENT'],
usercertificate=[self.cert],
)
fake_conn = LDAPClient('ldap://localhost', no_schema=True)
ldapentry = LDAPEntry(fake_conn, DN('uid=ipara,ou=people,o=ipaca'))
for attr, values in attrs.items():
ldapentry[attr] = values
ldapentry2 = LDAPEntry(fake_conn, DN('uid=ipara2,ou=people,o=ipaca'))
for attr, values in attrs.items():
ldapentry[attr] = values
framework = object()
registry.initialize(framework, config.Config())
f = IPARAAgent(registry)
f.conn = mock_ldap([ldapentry, ldapentry2])
self.results = capture_results(f)
result = self.results.results[0]
assert result.result == constants.ERROR
assert result.kw.get('found') == 2
def test_ca_connection_not_found(self, mock_load_cert, mock_ca_subject):
"""CA connectivity check when cert_show returns a valid value"""
m_api.Command.cert_show.side_effect = None
m_api.Command.config_show.side_effect = subject_base
m_api.Command.cert_show.return_value = {
u'result': {u'revoked': False}
}
mock_load_cert.return_value = [
IPACertificate(1, 'CN=something'),
]
mock_ca_subject.return_value = DN(('cn', 'Certificate Authority'),
f'O={m_api.env.realm}')
framework = object()
registry.initialize(framework, config.Config)
f = DogtagCertsConnectivityCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.ERROR
assert result.source == 'ipahealthcheck.dogtag.ca'
assert result.kw['msg'] == (
'The CA certificate with subject {subject} was not found in {path}'
)
def test_ca_connection_cert_not_in_file_list(self, mock_load_cert,
mock_ca_subject):
"""CA connectivity check for a cert that isn't in IPA_CA_CRT"""
m_api.Command.cert_show.reset_mock()
m_api.Command.config_show.side_effect = bad_subject_base
mock_load_cert.return_value = [IPACertificate()]
mock_ca_subject.return_value = DN(('cn', 'Certificate Authority'),
'O=BAD')
framework = object()
registry.initialize(framework, config.Config)
f = DogtagCertsConnectivityCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.ERROR
assert result.source == 'ipahealthcheck.dogtag.ca'
assert result.check == 'DogtagCertsConnectivityCheck'
bad = bad_subject_base[0]['result']['ipacertificatesubjectbase'][0]
bad_subject = DN(f'CN=Certificate Authority,{bad}')
assert DN(result.kw['subject']) == bad_subject
assert result.kw['path'] == paths.IPA_CA_CRT
assert result.kw['msg'] == (
'The CA certificate with subject {subject} was not found in {path}'
)
def test_nss_validation_ok_no_ca(self, mock_run, mock_cainstance):
"""Test with the CA marked as not configured so there should only
be a DS certificate to check.
"""
def run(args, raiseonerr=True):
result = _RunResult('', '', 0)
result.raw_output = b'certutil: certificate is valid\n'
result.raw_error_output = b''
return result
mock_run.side_effect = run
mock_cainstance.return_value = CAInstance(False)
framework = object()
registry.initialize(framework)
f = IPANSSChainValidation(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 1
for result in self.results.results:
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.certs'
assert result.check == 'IPANSSChainValidation'
assert 'slapd-' in result.kw.get('key')
def test_principal_fail(self):
admin_dn = DN(('uid', 'admin'))
attrs = {
'ipantsecurityidentifier': ['S-1-5-21-1234-5678-1976041503-400'],
}
fake_conn = LDAPClient('ldap://localhost', no_schema=True)
ldapentry = LDAPEntry(fake_conn, admin_dn)
for attr, values in attrs.items():
ldapentry[attr] = values
framework = object()
registry.initialize(framework, config.Config)
registry.trust_controller = True
f = IPATrustControllerAdminSIDCheck(registry)
f.conn = mock_ldap(ldapentry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.ERROR
assert result.source == 'ipahealthcheck.ipa.trust'
assert result.check == 'IPATrustControllerAdminSIDCheck'
assert result.kw.get('key') == 'ipantsecurityidentifier'
assert result.kw.get('rid') == 'S-1-5-21-1234-5678-1976041503-400'
def test_member_fail(self):
agent_dn = DN(('fqdn', m_api.env.host), m_api.env.container_host,
m_api.env.basedn)
attrs = {
'memberof': [agent_dn],
}
fake_conn = LDAPClient('ldap://localhost', no_schema=True)
ldapentry = LDAPEntry(fake_conn, agent_dn)
for attr, values in attrs.items():
ldapentry[attr] = values
framework = object()
registry.initialize(framework, config.Config)
registry.trust_controller = True
f = IPATrustControllerPrincipalCheck(registry)
f.conn = mock_ldap(ldapentry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.ERROR
assert result.source == 'ipahealthcheck.ipa.trust'
assert result.kw.get('key') == 'cifs/%s@%s' % \
(m_api.env.host, m_api.env.realm)
def test_trust_get_trust_domains_fail(self, mock_trust, mock_run):
# sssctl domain-list
run_result = namedtuple('run', ['returncode', 'error_log'])
run_result.returncode = 0
run_result.error_log = ''
run_result.output = 'implicit_files\nipa.example\nad.example\n'
mock_run.return_value = run_result
mock_trust.side_effect = errors.NotFound(reason='bad')
framework = object()
registry.initialize(framework)
registry.trust_agent = True
f = IPATrustDomainsCheck(registry)
f.config = config.Config()
self.results = capture_results(f)
# There are more than one result I just care about this particular
# value. The error is not fatal.
result = self.results.results[0]
assert result.result == constants.WARNING
assert result.source == 'ipahealthcheck.ipa.trust'
assert result.check == 'IPATrustDomainsCheck'
assert result.kw.get('key') == 'trust-find'
def test_openssl_validation_bad(self, mock_run):
def run(args, raiseonerr=True):
result = _RunResult('', '', 2)
result.raw_output = bytes(
'O = EXAMPLE.TEST, CN = ipa.example.test\n'
'error 20 at 0 depth lookup: unable to get local issuer '
'certificate\nerror %s: verification failed'.format(
args[-1]).encode('utf-8'))
result.raw_error_output = b''
result.error_log = ''
return result
mock_run.side_effect = run
framework = object()
registry.initialize(framework, config.Config)
f = IPAOpenSSLChainValidation(registry)
self.results = capture_results(f)
assert len(self.results) == 2
for result in self.results.results:
assert result.result == constants.ERROR
assert result.source == 'ipahealthcheck.ipa.certs'
assert result.check == 'IPAOpenSSLChainValidation'
assert 'failed' in result.kw.get('msg')
def test_topology_ok(self):
m_api.Command.topologysuffix_verify.side_effect = [
{
u'result': {
u"in_order": True,
}
},
{
u'result': {
u"in_order": True,
}
},
]
m_api.Command.ca_is_enabled.return_value = {'result': True}
framework = object()
registry.initialize(framework, config.Config)
f = IPATopologyDomainCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 2
for result in self.results.results:
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.topology'
assert result.check == 'IPATopologyDomainCheck'
def test_kra_agent_nonmatching_cert(self):
cert2 = IPACertificate(2)
attrs = dict(
description=['2;1;CN=ISSUER;CN=RA AGENT'],
usercertificate=[cert2],
)
fake_conn = LDAPClient('ldap://localhost', no_schema=True)
ldapentry = LDAPEntry(fake_conn,
DN('uid=ipakra,ou=people,o=kra,o=ipaca'))
for attr, values in attrs.items():
ldapentry[attr] = values
framework = object()
registry.initialize(framework, config.Config())
f = IPAKRAAgent(registry)
f.conn = mock_ldap([ldapentry])
self.results = capture_results(f)
result = self.results.results[0]
assert result.result == constants.ERROR
assert result.kw.get('certfile') == paths.RA_AGENT_PEM
assert result.kw.get('dn') == 'uid=ipakra,ou=people,o=kra,o=ipaca'
def test_expiration_warning(self):
warning = datetime.now(timezone.utc) + timedelta(days=20)
replaceme = {
'nickname': '7777',
'cert-file': paths.RA_AGENT_PEM,
'key-file': paths.RA_AGENT_KEY,
'ca-name': 'dogtag-ipa-ca-renew-agent',
'not-valid-after': int(warning.timestamp()),
}
set_requests(remove=0, add=replaceme)
framework = object()
registry.initialize(framework, config.Config)
f = IPACertmongerExpirationCheck(registry)
f.config.cert_expiration_days = str(CERT_EXPIRATION_DAYS)
self.results = capture_results(f)
assert len(self.results) == 2
result = self.results.results[0]
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.certs'
assert result.check == 'IPACertmongerExpirationCheck'
assert result.kw.get('key') == '5678'
result = self.results.results[1]
assert result.result == constants.WARNING
assert result.source == 'ipahealthcheck.ipa.certs'
assert result.check == 'IPACertmongerExpirationCheck'
assert result.kw.get('key') == '7777'
assert result.kw.get('days') == 19
def test_one_expired(self, mock_load):
mock_load.return_value = [
FakeIPACertificate(None,
subject=self.sub_ca,
not_after=datetime.now(timezone.utc) +
timedelta(days=-3)),
FakeIPACertificate(None,
subject=self.root_ca,
not_after=datetime.now(timezone.utc) +
timedelta(days=20))
]
framework = object()
registry.initialize(framework, config.Config)
f = IPACAChainExpirationCheck(registry)
f.config.cert_expiration_days = '7'
self.results = capture_results(f)
assert len(self.results) == 2
result = self.results.results[0]
assert result.result == constants.CRITICAL
assert result.source == 'ipahealthcheck.ipa.certs'
assert result.check == 'IPACAChainExpirationCheck'
assert result.kw.get('key') == self.sub_ca
assert 'expired' in result.kw.get('msg')
result = self.results.results[1]
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.certs'
assert result.check == 'IPACAChainExpirationCheck'
assert result.kw.get('key') == self.root_ca
def test_revocation_one_bad(self):
m_api.Command.cert_show.side_effect = [
{
u'result': {
u"revoked": False,
}
},
{
u'result': {
u"revoked": True,
u"revocation_reason": 4,
}
},
]
set_requests()
framework = object()
registry.initialize(framework)
f = IPACertRevocation(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 2
result = self.results.results[0]
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.certs'
assert result.check == 'IPACertRevocation'
result = self.results.results[1]
assert result.result == constants.ERROR
assert result.source == 'ipahealthcheck.ipa.certs'
assert result.check == 'IPACertRevocation'
assert result.kw.get('revocation_reason') == 'superseded'
def test_sidgen_fail(self):
attrs = {
'nsslapd-pluginEnabled': ['off'],
}
fake_conn = LDAPClient('ldap://localhost', no_schema=True)
ldapentry = LDAPEntry(fake_conn, DN('cn=plugin, cn=config'))
for attr, values in attrs.items():
ldapentry[attr] = values
framework = object()
registry.initialize(framework, config.Config)
registry.trust_agent = True
f = IPAsidgenpluginCheck(registry)
f.conn = mock_ldap(ldapentry)
self.results = capture_results(f)
assert len(self.results) == 2
result = self.results.results[0]
assert result.result == constants.ERROR
assert result.source == 'ipahealthcheck.ipa.trust'
assert result.check == 'IPAsidgenpluginCheck'
assert result.kw.get('key') == 'IPA SIDGEN'
result = self.results.results[1]
assert result.result == constants.ERROR
assert result.source == 'ipahealthcheck.ipa.trust'
assert result.check == 'IPAsidgenpluginCheck'
assert result.kw.get('key') == 'ipa-sidgen-task'
def test_principal_ok(self):
agent_dn = DN(('krbprincipalname', 'cifs/%s@%s' %
(m_api.env.host, m_api.env.realm)),
m_api.env.container_service, m_api.env.basedn)
group_dn = DN(('cn', 'adtrust agents'),
m_api.env.container_sysaccounts, m_api.env.basedn)
attrs = {
'memberof': [group_dn],
}
fake_conn = LDAPClient('ldap://localhost', no_schema=True)
ldapentry = LDAPEntry(fake_conn, agent_dn)
for attr, values in attrs.items():
ldapentry[attr] = values
framework = object()
registry.initialize(framework, config.Config)
registry.trust_controller = True
f = IPATrustControllerPrincipalCheck(registry)
f.conn = mock_ldap(ldapentry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.trust'
assert result.check == 'IPATrustControllerPrincipalCheck'
assert result.kw.get('key') == 'cifs/%s@%s' % \
(m_api.env.host, m_api.env.realm)
def test_member_ok(self):
agent_dn = DN(('fqdn', m_api.env.host), m_api.env.container_host,
m_api.env.basedn)
group_dn = DN(('cn', 'adtrust agents'),
m_api.env.container_sysaccounts, m_api.env.basedn)
attrs = {
'memberof': [group_dn],
}
fake_conn = LDAPClient('ldap://localhost', no_schema=True)
ldapentry = LDAPEntry(fake_conn, agent_dn)
for attr, values in attrs.items():
ldapentry[attr] = values
framework = object()
registry.initialize(framework)
registry.trust_agent = True
f = IPATrustAgentMemberCheck(registry)
f.conn = mock_ldap(ldapentry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.trust'
assert result.check == 'IPATrustAgentMemberCheck'
assert result.kw.get('key') == m_api.env.host
def test_service_enabled(self):
service_dn = DN(('cn', 'ADTRUST'))
for type in [ENABLED_SERVICE, HIDDEN_SERVICE]:
attrs = {
'ipaconfigstring': [type],
}
fake_conn = LDAPClient('ldap://localhost', no_schema=True)
ldapentry = LDAPEntry(fake_conn, service_dn)
for attr, values in attrs.items():
ldapentry[attr] = values
framework = object()
registry.initialize(framework, config.Config)
registry.trust_controller = True
f = IPATrustControllerServiceCheck(registry)
f.conn = mock_ldap(ldapentry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.trust'
assert result.check == 'IPATrustControllerServiceCheck'
assert result.kw.get('key') == 'ADTRUST'
def test_principal_fail(self):
service_dn = DN(('cn', 'ADTRUST'))
attrs = {
'ipaconfigstring': ['disabledService'],
}
fake_conn = LDAPClient('ldap://localhost', no_schema=True)
ldapentry = LDAPEntry(fake_conn, service_dn)
for attr, values in attrs.items():
ldapentry[attr] = values
framework = object()
registry.initialize(framework)
registry.trust_controller = True
f = IPATrustControllerServiceCheck(registry)
f.conn = mock_ldap(ldapentry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.ERROR
assert result.source == 'ipahealthcheck.ipa.trust'
assert result.kw.get('key') == 'ADTRUST'
def test_nss_validation_bad(self, mock_run, mock_cainstance):
def run(args, raiseonerr=True):
result = _RunResult('', '', 255)
result.raw_output = str.encode(
'certutil: certificate is invalid: Peer\'s certificate issuer '
'has been marked as not trusted by the user.')
result.raw_error_output = b''
result.error_log = ''
return result
mock_run.side_effect = run
mock_cainstance.return_value = CAInstance()
framework = object()
registry.initialize(framework)
f = IPANSSChainValidation(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 2
for result in self.results.results:
assert result.result == constants.ERROR
assert result.source == 'ipahealthcheck.ipa.certs'
assert result.check == 'IPANSSChainValidation'
def test_one_ruvs(self):
fake_conn = LDAPClient('ldap://localhost', no_schema=True)
entries = []
entries.append(
self.create_entry(fake_conn,
DN('dc=example,cn=mapping tree,cn=config'),
{'nsds5ReplicaId': ['3']})
)
entries.append(None)
framework = object()
registry.initialize(framework, config.Config)
f = RUVCheck(registry)
f.conn = mock_ldap(entries)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ds.ruv'
assert result.check == 'RUVCheck'
assert result.kw.get('key') == str(m_api.env.basedn)
assert result.kw.get('ruv') == '3'
def test_missing_cert_tracking(self):
# remove one of the requests to force it to be missing
set_requests(remove=0)
framework = object()
registry.initialize(framework, config.Config)
f = IPACertTracking(registry)
self.results = capture_results(f)
assert len(self.results) == 2
result = self.results.results[0]
assert result.result == constants.ERROR
assert result.source == 'ipahealthcheck.ipa.certs'
assert result.check == 'IPACertTracking'
assert result.kw.get('msg') == "Missing tracking for " \
"cert-file=/var/lib/ipa/ra-agent.pem, " \
"key-file=/var/lib/ipa/ra-agent.key, " \
"ca-name=dogtag-ipa-ca-renew-agent, " \
"cert-storage=FILE, "\
"cert-presave-command=" \
"/usr/libexec/ipa/certmonger/renew_ra_cert_pre, " \
"cert-postsave-command=" \
"/usr/libexec/ipa/certmonger/renew_ra_cert"
def test_ca_certs_ok(self, mock_certdb, mock_directive):
"""Test what should be the standard case"""
trust = {
'ocspSigningCert cert-pki-ca': 'u,u,u',
'subsystemCert cert-pki-ca': 'u,u,u',
'auditSigningCert cert-pki-ca': 'u,u,Pu',
'Server-Cert cert-pki-ca': 'u,u,u',
'caSigningCert cert-pki-ca': 'CT,C,C',
'transportCert cert-pki-kra': 'u,u,u',
}
mock_certdb.return_value = mock_CertDB(trust)
mock_directive.side_effect = [name for name, nsstrust in trust.items()]
framework = object()
registry.initialize(framework)
f = DogtagCertsConfigCheck(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 6
for result in self.results.results:
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.dogtag.ca'
assert result.check == 'DogtagCertsConfigCheck'
def test_ca_connection_down(self, mock_load_cert, mock_ca_subject):
"""CA connectivity check with the CA down"""
m_api.Command.cert_show.side_effect = CertificateOperationError(
message='Certificate operation cannot be completed: '
'Unable to communicate with CMS (503)'
)
m_api.Command.config_show.side_effect = subject_base
mock_load_cert.return_value = [IPACertificate()]
mock_ca_subject.return_value = DN(('cn', 'Certificate Authority'),
f'O={m_api.env.realm}')
framework = object()
registry.initialize(framework, config.Config)
f = DogtagCertsConnectivityCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.ERROR
assert result.source == 'ipahealthcheck.dogtag.ca'
assert result.check == 'DogtagCertsConnectivityCheck'
assert result.kw.get('msg') == (
'Request for certificate failed: {error}'
)
def test_dnsrecords_two(self, mock_query, mock_query_srv):
"""Test two CA masters, all SRV records"""
mock_query_srv.side_effect = query_srv(
[m_api.env.host, 'replica.' + m_api.env.domain])
mock_query.side_effect = fake_query_two
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
{
'cn': ['replica.' + m_api.env.domain],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
]
}]
framework = object()
registry.initialize(framework)
f = IPADNSSystemRecordsCheck(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 17
for result in self.results.results:
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.dns'
assert result.check == 'IPADNSSystemRecordsCheck'
def test_ca_connection_cert_not_found(self, mock_load_cert,
mock_ca_subject):
"""CA connectivity check for a cert that doesn't exist"""
m_api.Command.cert_show.reset_mock()
m_api.Command.config_show.side_effect = subject_base
m_api.Command.cert_show.side_effect = CertificateOperationError(
message='Certificate operation cannot be completed: '
'EXCEPTION (Certificate serial number 0x0 not found)'
)
mock_load_cert.return_value = [IPACertificate()]
mock_ca_subject.return_value = DN(('cn', 'Certificate Authority'),
f'O={m_api.env.realm}')
framework = object()
registry.initialize(framework, config.Config)
f = DogtagCertsConnectivityCheck(registry)
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.ERROR
assert result.source == 'ipahealthcheck.dogtag.ca'
assert result.check == 'DogtagCertsConnectivityCheck'
assert result.kw.get('key') == 'cert_show_1'
assert result.kw.get('serial') == '1'
assert result.kw.get('msg') == 'Serial number not found: {error}'
def test_dnsrecords_bad_realm(self, mock_query, mock_query_srv):
"""Unexpected Kerberos TXT record"""
mock_query.side_effect = fake_query_one_txt
mock_query_srv.side_effect = query_srv([m_api.env.host])
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
]
}]
framework = object()
registry.initialize(framework)
f = IPADNSSystemRecordsCheck(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 9
ok = get_results_by_severity(self.results.results, constants.SUCCESS)
warn = get_results_by_severity(self.results.results, constants.WARNING)
assert len(ok) == 8
assert len(warn) == 1
result = warn[0]
assert result.kw.get('msg') == 'expected realm missing'
assert result.kw.get('key') == '\"FAKE_REALM\"'
def test_nss_agent_multiple_certs(self):
cert2 = IPACertificate(2)
attrs = dict(
description=['2;1;CN=ISSUER;CN=RA AGENT'],
usercertificate=[cert2, self.cert],
)
fake_conn = LDAPClient('ldap://localhost', no_schema=True)
ldapentry = LDAPEntry(fake_conn, DN('uid=ipara,ou=people,o=ipaca'))
for attr, values in attrs.items():
ldapentry[attr] = values
framework = object()
registry.initialize(framework, config.Config)
f = IPARAAgent(registry)
f.conn = mock_ldap([ldapentry])
self.results = capture_results(f)
assert len(self.results) == 1
result = self.results.results[0]
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.certs'
assert result.check == 'IPARAAgent'
def test_dnsrecords_one_with_ad(self, mock_query, mock_query_srv):
mock_query.side_effect = fake_query_one
mock_query_srv.side_effect = query_srv([m_api.env.host], True)
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole':
['CA server', 'IPA master', 'AD trust controller'],
},
]
}]
framework = object()
registry.initialize(framework)
f = IPADNSSystemRecordsCheck(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 15
for result in self.results.results:
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.dns'
assert result.check == 'IPADNSSystemRecordsCheck'
