def test_dnsrecords_one_with_ad(self, mock_query, mock_query_srv):
mock_query.side_effect = fake_query_one
mock_query_srv.side_effect = query_srv([m_api.env.host], True)
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole':
['CA server', 'IPA master', 'AD trust controller'],
},
]
}]
framework = object()
registry.initialize(framework)
f = IPADNSSystemRecordsCheck(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 15
for result in self.results.results:
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.idns'
assert result.check == 'IPADNSSystemRecordsCheck'
def test_dnsrecords_bad_realm(self, mock_query, mock_query_srv):
"""Unexpected Kerberos TXT record"""
mock_query.side_effect = fake_query_one_txt
mock_query_srv.side_effect = query_srv([m_api.env.host])
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
]
}]
framework = object()
registry.initialize(framework)
f = IPADNSSystemRecordsCheck(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 9
ok = get_results_by_severity(self.results.results, constants.SUCCESS)
warn = get_results_by_severity(self.results.results, constants.WARNING)
assert len(ok) == 8
assert len(warn) == 1
result = warn[0]
assert result.kw.get('msg') == 'expected realm missing'
assert result.kw.get('key') == '\"FAKE_REALM\"'
def test_dnsrecords_two(self, mock_query, mock_query_srv):
"""Test two CA masters, all SRV records"""
mock_query_srv.side_effect = query_srv(
[m_api.env.host, 'replica.' + m_api.env.domain])
mock_query.side_effect = fake_query_two
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
{
'cn': ['replica.' + m_api.env.domain],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
]
}]
framework = object()
registry.initialize(framework)
f = IPADNSSystemRecordsCheck(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 17
for result in self.results.results:
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.idns'
assert result.check == 'IPADNSSystemRecordsCheck'
def test_dnsrecords_missing_ipa_ca(self, mock_query, mock_query_srv):
"""Drop one of the masters from query_srv
This will simulate missing SRV records and cause a number of
warnings to be thrown.
"""
mock_query_srv.side_effect = query_srv([
m_api.env.host, 'replica.' + m_api.env.domain,
'replica2.' + m_api.env.domain
])
mock_query.side_effect = fake_query_two
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
{
'cn': ['replica.' + m_api.env.domain],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
{
'cn': ['replica2.' + m_api.env.domain],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
]
}]
framework = object()
registry.initialize(framework)
f = IPADNSSystemRecordsCheck(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 25
ok = get_results_by_severity(self.results.results, constants.SUCCESS)
warn = get_results_by_severity(self.results.results, constants.WARNING)
assert len(ok) == 24
assert len(warn) == 1
for result in warn:
assert result.kw.get('msg') == \
'Got {count} ipa-ca A records, expected {expected}'
assert result.kw.get('count') == 2
assert result.kw.get('expected') == 3
def test_dnsrecords_extra_srv(self, mock_query, mock_query_srv):
"""An extra SRV record set exists, report it.
Add an extra master to the query_srv() which will generate
a full extra set of SRV records for the master.
"""
mock_query_srv.side_effect = query_srv([
m_api.env.host, 'replica.' + m_api.env.domain,
'replica2.' + m_api.env.domain, 'replica3.' + m_api.env.domain
])
mock_query.side_effect = fake_query_three
m_api.Command.server_find.side_effect = [{
'result': [
{
'cn': [m_api.env.host],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
{
'cn': ['replica.' + m_api.env.domain],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
{
'cn': ['replica2.' + m_api.env.domain],
'enabled_role_servrole': ['CA server', 'IPA master'],
},
]
}]
framework = object()
registry.initialize(framework)
f = IPADNSSystemRecordsCheck(registry)
f.config = config.Config()
self.results = capture_results(f)
assert len(self.results) == 32
ok = get_results_by_severity(self.results.results, constants.SUCCESS)
warn = get_results_by_severity(self.results.results, constants.WARNING)
assert len(ok) == 25
assert len(warn) == 7
for result in warn:
assert result.kw.get('msg') == \
'Unexpected SRV entry in DNS'