def test_files_group(mock_stat): """ Test the file group. Our mocked files want root, nobody, (root, nobody), (root, root). """ f = FileCheck() f.files = files mock_stat.return_value = make_stat() results = capture_results(f) my_results = get_results(results, 'group') assert my_results.results[0].result == constants.SUCCESS assert my_results.results[1].result == constants.WARNING assert my_results.results[2].result == constants.SUCCESS assert my_results.results[3].result == constants.SUCCESS mock_stat.return_value = make_stat(gid=nobody.pw_gid) results = capture_results(f) my_results = get_results(results, 'group') assert my_results.results[0].result == constants.WARNING assert my_results.results[0].kw.get('got') == 'nobody' assert my_results.results[0].kw.get('expected') == 'root' assert my_results.results[0].kw.get('type') == 'group' assert my_results.results[1].result == constants.SUCCESS assert my_results.results[2].result == constants.SUCCESS assert my_results.results[3].result == constants.WARNING assert my_results.results[3].kw.get('got') == 'nobody' assert my_results.results[3].kw.get('expected') == 'root,bin' assert my_results.results[3].kw.get('type') == 'group' assert my_results.results[3].kw.get('msg') == \ 'Group of fiz is nobody and should be one of root,bin'
def test_revocation_ok(self): m_api.Command.cert_show.side_effect = [ { u'result': { u"revoked": False, } }, { u'result': { u"revoked": False, } }, ] set_requests() framework = object() registry.initialize(framework) f = IPACertRevocation(registry) f.config = config.Config() self.results = capture_results(f) assert len(self.results) == 2 for result in self.results.results: assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.certs' assert result.check == 'IPACertRevocation'
def test_nss_agent_too_many(self): attrs = dict( description=['2;1;CN=ISSUER;CN=RA AGENT'], usercertificate=[self.cert], ) fake_conn = LDAPClient('ldap://localhost', no_schema=True) ldapentry = LDAPEntry(fake_conn, DN('uid=ipara,ou=people,o=ipaca')) for attr, values in attrs.items(): ldapentry[attr] = values ldapentry2 = LDAPEntry(fake_conn, DN('uid=ipara2,ou=people,o=ipaca')) for attr, values in attrs.items(): ldapentry[attr] = values framework = object() registry.initialize(framework, config.Config()) f = IPARAAgent(registry) f.conn = mock_ldap([ldapentry, ldapentry2]) self.results = capture_results(f) result = self.results.results[0] assert result.result == constants.ERROR assert result.kw.get('found') == 2
def test_ca_connection_not_found(self, mock_load_cert, mock_ca_subject): """CA connectivity check when cert_show returns a valid value""" m_api.Command.cert_show.side_effect = None m_api.Command.config_show.side_effect = subject_base m_api.Command.cert_show.return_value = { u'result': {u'revoked': False} } mock_load_cert.return_value = [ IPACertificate(1, 'CN=something'), ] mock_ca_subject.return_value = DN(('cn', 'Certificate Authority'), f'O={m_api.env.realm}') framework = object() registry.initialize(framework, config.Config) f = DogtagCertsConnectivityCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.ERROR assert result.source == 'ipahealthcheck.dogtag.ca' assert result.kw['msg'] == ( 'The CA certificate with subject {subject} was not found in {path}' )
def test_ca_connection_cert_not_in_file_list(self, mock_load_cert, mock_ca_subject): """CA connectivity check for a cert that isn't in IPA_CA_CRT""" m_api.Command.cert_show.reset_mock() m_api.Command.config_show.side_effect = bad_subject_base mock_load_cert.return_value = [IPACertificate()] mock_ca_subject.return_value = DN(('cn', 'Certificate Authority'), 'O=BAD') framework = object() registry.initialize(framework, config.Config) f = DogtagCertsConnectivityCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.ERROR assert result.source == 'ipahealthcheck.dogtag.ca' assert result.check == 'DogtagCertsConnectivityCheck' bad = bad_subject_base[0]['result']['ipacertificatesubjectbase'][0] bad_subject = DN(f'CN=Certificate Authority,{bad}') assert DN(result.kw['subject']) == bad_subject assert result.kw['path'] == paths.IPA_CA_CRT assert result.kw['msg'] == ( 'The CA certificate with subject {subject} was not found in {path}' )
def test_nss_validation_ok_no_ca(self, mock_run, mock_cainstance): """Test with the CA marked as not configured so there should only be a DS certificate to check. """ def run(args, raiseonerr=True): result = _RunResult('', '', 0) result.raw_output = b'certutil: certificate is valid\n' result.raw_error_output = b'' return result mock_run.side_effect = run mock_cainstance.return_value = CAInstance(False) framework = object() registry.initialize(framework) f = IPANSSChainValidation(registry) f.config = config.Config() self.results = capture_results(f) assert len(self.results) == 1 for result in self.results.results: assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.certs' assert result.check == 'IPANSSChainValidation' assert 'slapd-' in result.kw.get('key')
def test_principal_fail(self): admin_dn = DN(('uid', 'admin')) attrs = { 'ipantsecurityidentifier': ['S-1-5-21-1234-5678-1976041503-400'], } fake_conn = LDAPClient('ldap://localhost', no_schema=True) ldapentry = LDAPEntry(fake_conn, admin_dn) for attr, values in attrs.items(): ldapentry[attr] = values framework = object() registry.initialize(framework, config.Config) registry.trust_controller = True f = IPATrustControllerAdminSIDCheck(registry) f.conn = mock_ldap(ldapentry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.ERROR assert result.source == 'ipahealthcheck.ipa.trust' assert result.check == 'IPATrustControllerAdminSIDCheck' assert result.kw.get('key') == 'ipantsecurityidentifier' assert result.kw.get('rid') == 'S-1-5-21-1234-5678-1976041503-400'
def test_member_fail(self): agent_dn = DN(('fqdn', m_api.env.host), m_api.env.container_host, m_api.env.basedn) attrs = { 'memberof': [agent_dn], } fake_conn = LDAPClient('ldap://localhost', no_schema=True) ldapentry = LDAPEntry(fake_conn, agent_dn) for attr, values in attrs.items(): ldapentry[attr] = values framework = object() registry.initialize(framework, config.Config) registry.trust_controller = True f = IPATrustControllerPrincipalCheck(registry) f.conn = mock_ldap(ldapentry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.ERROR assert result.source == 'ipahealthcheck.ipa.trust' assert result.kw.get('key') == 'cifs/%s@%s' % \ (m_api.env.host, m_api.env.realm)
def test_trust_get_trust_domains_fail(self, mock_trust, mock_run): # sssctl domain-list run_result = namedtuple('run', ['returncode', 'error_log']) run_result.returncode = 0 run_result.error_log = '' run_result.output = 'implicit_files\nipa.example\nad.example\n' mock_run.return_value = run_result mock_trust.side_effect = errors.NotFound(reason='bad') framework = object() registry.initialize(framework) registry.trust_agent = True f = IPATrustDomainsCheck(registry) f.config = config.Config() self.results = capture_results(f) # There are more than one result I just care about this particular # value. The error is not fatal. result = self.results.results[0] assert result.result == constants.WARNING assert result.source == 'ipahealthcheck.ipa.trust' assert result.check == 'IPATrustDomainsCheck' assert result.kw.get('key') == 'trust-find'
def test_openssl_validation_bad(self, mock_run): def run(args, raiseonerr=True): result = _RunResult('', '', 2) result.raw_output = bytes( 'O = EXAMPLE.TEST, CN = ipa.example.test\n' 'error 20 at 0 depth lookup: unable to get local issuer ' 'certificate\nerror %s: verification failed'.format( args[-1]).encode('utf-8')) result.raw_error_output = b'' result.error_log = '' return result mock_run.side_effect = run framework = object() registry.initialize(framework, config.Config) f = IPAOpenSSLChainValidation(registry) self.results = capture_results(f) assert len(self.results) == 2 for result in self.results.results: assert result.result == constants.ERROR assert result.source == 'ipahealthcheck.ipa.certs' assert result.check == 'IPAOpenSSLChainValidation' assert 'failed' in result.kw.get('msg')
def test_topology_ok(self): m_api.Command.topologysuffix_verify.side_effect = [ { u'result': { u"in_order": True, } }, { u'result': { u"in_order": True, } }, ] m_api.Command.ca_is_enabled.return_value = {'result': True} framework = object() registry.initialize(framework, config.Config) f = IPATopologyDomainCheck(registry) self.results = capture_results(f) assert len(self.results) == 2 for result in self.results.results: assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.topology' assert result.check == 'IPATopologyDomainCheck'
def test_kra_agent_nonmatching_cert(self): cert2 = IPACertificate(2) attrs = dict( description=['2;1;CN=ISSUER;CN=RA AGENT'], usercertificate=[cert2], ) fake_conn = LDAPClient('ldap://localhost', no_schema=True) ldapentry = LDAPEntry(fake_conn, DN('uid=ipakra,ou=people,o=kra,o=ipaca')) for attr, values in attrs.items(): ldapentry[attr] = values framework = object() registry.initialize(framework, config.Config()) f = IPAKRAAgent(registry) f.conn = mock_ldap([ldapentry]) self.results = capture_results(f) result = self.results.results[0] assert result.result == constants.ERROR assert result.kw.get('certfile') == paths.RA_AGENT_PEM assert result.kw.get('dn') == 'uid=ipakra,ou=people,o=kra,o=ipaca'
def test_expiration_warning(self): warning = datetime.now(timezone.utc) + timedelta(days=20) replaceme = { 'nickname': '7777', 'cert-file': paths.RA_AGENT_PEM, 'key-file': paths.RA_AGENT_KEY, 'ca-name': 'dogtag-ipa-ca-renew-agent', 'not-valid-after': int(warning.timestamp()), } set_requests(remove=0, add=replaceme) framework = object() registry.initialize(framework, config.Config) f = IPACertmongerExpirationCheck(registry) f.config.cert_expiration_days = str(CERT_EXPIRATION_DAYS) self.results = capture_results(f) assert len(self.results) == 2 result = self.results.results[0] assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.certs' assert result.check == 'IPACertmongerExpirationCheck' assert result.kw.get('key') == '5678' result = self.results.results[1] assert result.result == constants.WARNING assert result.source == 'ipahealthcheck.ipa.certs' assert result.check == 'IPACertmongerExpirationCheck' assert result.kw.get('key') == '7777' assert result.kw.get('days') == 19
def test_one_expired(self, mock_load): mock_load.return_value = [ FakeIPACertificate(None, subject=self.sub_ca, not_after=datetime.now(timezone.utc) + timedelta(days=-3)), FakeIPACertificate(None, subject=self.root_ca, not_after=datetime.now(timezone.utc) + timedelta(days=20)) ] framework = object() registry.initialize(framework, config.Config) f = IPACAChainExpirationCheck(registry) f.config.cert_expiration_days = '7' self.results = capture_results(f) assert len(self.results) == 2 result = self.results.results[0] assert result.result == constants.CRITICAL assert result.source == 'ipahealthcheck.ipa.certs' assert result.check == 'IPACAChainExpirationCheck' assert result.kw.get('key') == self.sub_ca assert 'expired' in result.kw.get('msg') result = self.results.results[1] assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.certs' assert result.check == 'IPACAChainExpirationCheck' assert result.kw.get('key') == self.root_ca
def test_revocation_one_bad(self): m_api.Command.cert_show.side_effect = [ { u'result': { u"revoked": False, } }, { u'result': { u"revoked": True, u"revocation_reason": 4, } }, ] set_requests() framework = object() registry.initialize(framework) f = IPACertRevocation(registry) f.config = config.Config() self.results = capture_results(f) assert len(self.results) == 2 result = self.results.results[0] assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.certs' assert result.check == 'IPACertRevocation' result = self.results.results[1] assert result.result == constants.ERROR assert result.source == 'ipahealthcheck.ipa.certs' assert result.check == 'IPACertRevocation' assert result.kw.get('revocation_reason') == 'superseded'
def test_sidgen_fail(self): attrs = { 'nsslapd-pluginEnabled': ['off'], } fake_conn = LDAPClient('ldap://localhost', no_schema=True) ldapentry = LDAPEntry(fake_conn, DN('cn=plugin, cn=config')) for attr, values in attrs.items(): ldapentry[attr] = values framework = object() registry.initialize(framework, config.Config) registry.trust_agent = True f = IPAsidgenpluginCheck(registry) f.conn = mock_ldap(ldapentry) self.results = capture_results(f) assert len(self.results) == 2 result = self.results.results[0] assert result.result == constants.ERROR assert result.source == 'ipahealthcheck.ipa.trust' assert result.check == 'IPAsidgenpluginCheck' assert result.kw.get('key') == 'IPA SIDGEN' result = self.results.results[1] assert result.result == constants.ERROR assert result.source == 'ipahealthcheck.ipa.trust' assert result.check == 'IPAsidgenpluginCheck' assert result.kw.get('key') == 'ipa-sidgen-task'
def test_principal_ok(self): agent_dn = DN(('krbprincipalname', 'cifs/%s@%s' % (m_api.env.host, m_api.env.realm)), m_api.env.container_service, m_api.env.basedn) group_dn = DN(('cn', 'adtrust agents'), m_api.env.container_sysaccounts, m_api.env.basedn) attrs = { 'memberof': [group_dn], } fake_conn = LDAPClient('ldap://localhost', no_schema=True) ldapentry = LDAPEntry(fake_conn, agent_dn) for attr, values in attrs.items(): ldapentry[attr] = values framework = object() registry.initialize(framework, config.Config) registry.trust_controller = True f = IPATrustControllerPrincipalCheck(registry) f.conn = mock_ldap(ldapentry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.trust' assert result.check == 'IPATrustControllerPrincipalCheck' assert result.kw.get('key') == 'cifs/%s@%s' % \ (m_api.env.host, m_api.env.realm)
def test_member_ok(self): agent_dn = DN(('fqdn', m_api.env.host), m_api.env.container_host, m_api.env.basedn) group_dn = DN(('cn', 'adtrust agents'), m_api.env.container_sysaccounts, m_api.env.basedn) attrs = { 'memberof': [group_dn], } fake_conn = LDAPClient('ldap://localhost', no_schema=True) ldapentry = LDAPEntry(fake_conn, agent_dn) for attr, values in attrs.items(): ldapentry[attr] = values framework = object() registry.initialize(framework) registry.trust_agent = True f = IPATrustAgentMemberCheck(registry) f.conn = mock_ldap(ldapentry) f.config = config.Config() self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.trust' assert result.check == 'IPATrustAgentMemberCheck' assert result.kw.get('key') == m_api.env.host
def test_service_enabled(self): service_dn = DN(('cn', 'ADTRUST')) for type in [ENABLED_SERVICE, HIDDEN_SERVICE]: attrs = { 'ipaconfigstring': [type], } fake_conn = LDAPClient('ldap://localhost', no_schema=True) ldapentry = LDAPEntry(fake_conn, service_dn) for attr, values in attrs.items(): ldapentry[attr] = values framework = object() registry.initialize(framework, config.Config) registry.trust_controller = True f = IPATrustControllerServiceCheck(registry) f.conn = mock_ldap(ldapentry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.trust' assert result.check == 'IPATrustControllerServiceCheck' assert result.kw.get('key') == 'ADTRUST'
def test_principal_fail(self): service_dn = DN(('cn', 'ADTRUST')) attrs = { 'ipaconfigstring': ['disabledService'], } fake_conn = LDAPClient('ldap://localhost', no_schema=True) ldapentry = LDAPEntry(fake_conn, service_dn) for attr, values in attrs.items(): ldapentry[attr] = values framework = object() registry.initialize(framework) registry.trust_controller = True f = IPATrustControllerServiceCheck(registry) f.conn = mock_ldap(ldapentry) f.config = config.Config() self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.ERROR assert result.source == 'ipahealthcheck.ipa.trust' assert result.kw.get('key') == 'ADTRUST'
def test_nss_validation_bad(self, mock_run, mock_cainstance): def run(args, raiseonerr=True): result = _RunResult('', '', 255) result.raw_output = str.encode( 'certutil: certificate is invalid: Peer\'s certificate issuer ' 'has been marked as not trusted by the user.') result.raw_error_output = b'' result.error_log = '' return result mock_run.side_effect = run mock_cainstance.return_value = CAInstance() framework = object() registry.initialize(framework) f = IPANSSChainValidation(registry) f.config = config.Config() self.results = capture_results(f) assert len(self.results) == 2 for result in self.results.results: assert result.result == constants.ERROR assert result.source == 'ipahealthcheck.ipa.certs' assert result.check == 'IPANSSChainValidation'
def test_one_ruvs(self): fake_conn = LDAPClient('ldap://localhost', no_schema=True) entries = [] entries.append( self.create_entry(fake_conn, DN('dc=example,cn=mapping tree,cn=config'), {'nsds5ReplicaId': ['3']}) ) entries.append(None) framework = object() registry.initialize(framework, config.Config) f = RUVCheck(registry) f.conn = mock_ldap(entries) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ds.ruv' assert result.check == 'RUVCheck' assert result.kw.get('key') == str(m_api.env.basedn) assert result.kw.get('ruv') == '3'
def test_missing_cert_tracking(self): # remove one of the requests to force it to be missing set_requests(remove=0) framework = object() registry.initialize(framework, config.Config) f = IPACertTracking(registry) self.results = capture_results(f) assert len(self.results) == 2 result = self.results.results[0] assert result.result == constants.ERROR assert result.source == 'ipahealthcheck.ipa.certs' assert result.check == 'IPACertTracking' assert result.kw.get('msg') == "Missing tracking for " \ "cert-file=/var/lib/ipa/ra-agent.pem, " \ "key-file=/var/lib/ipa/ra-agent.key, " \ "ca-name=dogtag-ipa-ca-renew-agent, " \ "cert-storage=FILE, "\ "cert-presave-command=" \ "/usr/libexec/ipa/certmonger/renew_ra_cert_pre, " \ "cert-postsave-command=" \ "/usr/libexec/ipa/certmonger/renew_ra_cert"
def test_ca_certs_ok(self, mock_certdb, mock_directive): """Test what should be the standard case""" trust = { 'ocspSigningCert cert-pki-ca': 'u,u,u', 'subsystemCert cert-pki-ca': 'u,u,u', 'auditSigningCert cert-pki-ca': 'u,u,Pu', 'Server-Cert cert-pki-ca': 'u,u,u', 'caSigningCert cert-pki-ca': 'CT,C,C', 'transportCert cert-pki-kra': 'u,u,u', } mock_certdb.return_value = mock_CertDB(trust) mock_directive.side_effect = [name for name, nsstrust in trust.items()] framework = object() registry.initialize(framework) f = DogtagCertsConfigCheck(registry) f.config = config.Config() self.results = capture_results(f) assert len(self.results) == 6 for result in self.results.results: assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.dogtag.ca' assert result.check == 'DogtagCertsConfigCheck'
def test_ca_connection_down(self, mock_load_cert, mock_ca_subject): """CA connectivity check with the CA down""" m_api.Command.cert_show.side_effect = CertificateOperationError( message='Certificate operation cannot be completed: ' 'Unable to communicate with CMS (503)' ) m_api.Command.config_show.side_effect = subject_base mock_load_cert.return_value = [IPACertificate()] mock_ca_subject.return_value = DN(('cn', 'Certificate Authority'), f'O={m_api.env.realm}') framework = object() registry.initialize(framework, config.Config) f = DogtagCertsConnectivityCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.ERROR assert result.source == 'ipahealthcheck.dogtag.ca' assert result.check == 'DogtagCertsConnectivityCheck' assert result.kw.get('msg') == ( 'Request for certificate failed: {error}' )
def test_dnsrecords_two(self, mock_query, mock_query_srv): """Test two CA masters, all SRV records""" mock_query_srv.side_effect = query_srv( [m_api.env.host, 'replica.' + m_api.env.domain]) mock_query.side_effect = fake_query_two m_api.Command.server_find.side_effect = [{ 'result': [ { 'cn': [m_api.env.host], 'enabled_role_servrole': ['CA server', 'IPA master'], }, { 'cn': ['replica.' + m_api.env.domain], 'enabled_role_servrole': ['CA server', 'IPA master'], }, ] }] framework = object() registry.initialize(framework) f = IPADNSSystemRecordsCheck(registry) f.config = config.Config() self.results = capture_results(f) assert len(self.results) == 17 for result in self.results.results: assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.dns' assert result.check == 'IPADNSSystemRecordsCheck'
def test_ca_connection_cert_not_found(self, mock_load_cert, mock_ca_subject): """CA connectivity check for a cert that doesn't exist""" m_api.Command.cert_show.reset_mock() m_api.Command.config_show.side_effect = subject_base m_api.Command.cert_show.side_effect = CertificateOperationError( message='Certificate operation cannot be completed: ' 'EXCEPTION (Certificate serial number 0x0 not found)' ) mock_load_cert.return_value = [IPACertificate()] mock_ca_subject.return_value = DN(('cn', 'Certificate Authority'), f'O={m_api.env.realm}') framework = object() registry.initialize(framework, config.Config) f = DogtagCertsConnectivityCheck(registry) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.ERROR assert result.source == 'ipahealthcheck.dogtag.ca' assert result.check == 'DogtagCertsConnectivityCheck' assert result.kw.get('key') == 'cert_show_1' assert result.kw.get('serial') == '1' assert result.kw.get('msg') == 'Serial number not found: {error}'
def test_dnsrecords_bad_realm(self, mock_query, mock_query_srv): """Unexpected Kerberos TXT record""" mock_query.side_effect = fake_query_one_txt mock_query_srv.side_effect = query_srv([m_api.env.host]) m_api.Command.server_find.side_effect = [{ 'result': [ { 'cn': [m_api.env.host], 'enabled_role_servrole': ['CA server', 'IPA master'], }, ] }] framework = object() registry.initialize(framework) f = IPADNSSystemRecordsCheck(registry) f.config = config.Config() self.results = capture_results(f) assert len(self.results) == 9 ok = get_results_by_severity(self.results.results, constants.SUCCESS) warn = get_results_by_severity(self.results.results, constants.WARNING) assert len(ok) == 8 assert len(warn) == 1 result = warn[0] assert result.kw.get('msg') == 'expected realm missing' assert result.kw.get('key') == '\"FAKE_REALM\"'
def test_nss_agent_multiple_certs(self): cert2 = IPACertificate(2) attrs = dict( description=['2;1;CN=ISSUER;CN=RA AGENT'], usercertificate=[cert2, self.cert], ) fake_conn = LDAPClient('ldap://localhost', no_schema=True) ldapentry = LDAPEntry(fake_conn, DN('uid=ipara,ou=people,o=ipaca')) for attr, values in attrs.items(): ldapentry[attr] = values framework = object() registry.initialize(framework, config.Config) f = IPARAAgent(registry) f.conn = mock_ldap([ldapentry]) self.results = capture_results(f) assert len(self.results) == 1 result = self.results.results[0] assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.certs' assert result.check == 'IPARAAgent'
def test_dnsrecords_one_with_ad(self, mock_query, mock_query_srv): mock_query.side_effect = fake_query_one mock_query_srv.side_effect = query_srv([m_api.env.host], True) m_api.Command.server_find.side_effect = [{ 'result': [ { 'cn': [m_api.env.host], 'enabled_role_servrole': ['CA server', 'IPA master', 'AD trust controller'], }, ] }] framework = object() registry.initialize(framework) f = IPADNSSystemRecordsCheck(registry) f.config = config.Config() self.results = capture_results(f) assert len(self.results) == 15 for result in self.results.results: assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.dns' assert result.check == 'IPADNSSystemRecordsCheck'