def health_check_run(inst, log, args):
"""Connect to the local server using LDAPI, and perform various health checks
"""
if args.list_errors:
_list_errors(log)
return
# update the args for connect_instance()
args.basedn = None
args.binddn = None
args.bindpw = None
args.starttls = None
args.pwdfile = None
args.prompt = False
dsrc_inst = dsrc_to_ldap(DSRC_HOME, args.instance, log.getChild('dsrc'))
dsrc_inst = dsrc_arg_concat(args, dsrc_inst)
try:
inst = connect_instance(dsrc_inst=dsrc_inst,
verbose=args.verbose,
args=args)
except Exception as e:
raise ValueError('Failed to connect to Directory Server instance: ' +
str(e))
checks = args.check or dict(_list_targets(inst)).keys()
if args.list_checks or args.dry_run:
_print_checks(inst, log, checks)
return
_run(inst, log, args, _list_checks(inst, checks))
disconnect_instance(inst)
def doCheck(self, DSObj, many=False):
"""Perform a healthcheck on a specific DS/lib389 class. First
we need to set up the proper args and dicts to properly connect
to the LDAP server via lib389. Then run the classes' lint
functions.
:param DSObj: a class from lib389 that has built-in lint functions
like: Backends, Replica, Encryption, NssSsl, Config, etc
:returns: a list of Result objects
"""
args = DSArgs(self.serverid)
dsrc_inst = {
'uri': args.instance,
'basedn': None,
'binddn': None,
'bindpw': None,
'saslmech': None,
'tls_cacertdir': None,
'tls_cert': None,
'tls_key': None,
'tls_reqcert': 1,
'starttls': False,
'prompt': False,
'pwdfile': None,
'args': {}
}
dsrc_inst['args'][SER_LDAP_URL] = dsrc_inst['uri']
dsrc_inst['args'][SER_ROOT_DN] = dsrc_inst['binddn']
inst = connect_instance(dsrc_inst=dsrc_inst, verbose=False, args=args)
ds_obj = DSObj(inst)
results = []
if many:
# DS class that has many instances of itself (e.g. Backends)
for clo in ds_obj.list():
result = clo.lint()
if result is not None:
# DS result could be a single or multiple results
if isinstance(result, list):
for single_result in result:
results += single_result
else:
results += result
else:
# Single object always returns a list of results
results = ds_obj.lint()
hc_results = []
if results is not None:
for result in results:
hc_results.append(
Result(self,
self.convertSev(result['severity']),
key=result['dsle'],
items=result['items'],
msg=result['detail']))
disconnect_instance(inst)
return hc_results
def test_retrocl_exclude_attr_add(topology_st):
""" Test exclude attribute feature of the retrocl plugin for add operation
:id: 3481650f-2070-45ef-9600-2500cfc51559
:setup: Standalone instance
:steps:
1. Enable dynamic plugins
2. Confige retro changelog plugin
3. Add an entry
4. Ensure entry attrs are in the changelog
5. Exclude an attr
6. Add another entry
7. Ensure excluded attr is not in the changelog
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
"""
st = topology_st.standalone
log.info('Configure retrocl plugin')
rcl = RetroChangelogPlugin(st)
rcl.disable()
rcl.enable()
rcl.replace('nsslapd-attribute', 'nsuniqueid:targetUniqueId')
log.info('Restarting instance')
try:
st.restart()
except ldap.LDAPError as e:
ldap.error('Failed to restart instance ' + e.args[0]['desc'])
assert False
users = UserAccounts(st, DEFAULT_SUFFIX)
log.info('Adding user1')
try:
users.create(
properties={
'sn': '1',
'cn': 'user 1',
'uid': 'user1',
'uidNumber': '11',
'gidNumber': '111',
'givenname': 'user1',
'homePhone': '0861234567',
'carLicense': '131D16674',
'mail': '*****@*****.**',
'homeDirectory': '/home/user1',
'userpassword': USER_PW
})
except ldap.ALREADY_EXISTS:
pass
except ldap.LDAPError as e:
log.error("Failed to add user1: " + str(e))
log.info(
'Verify homePhone and carLicense attrs are in the changelog changestring'
)
try:
retro_changelog_suffix = DSLdapObjects(st, basedn=RETROCL_SUFFIX)
cllist = retro_changelog_suffix.filter(f'(targetDn={USER1_DN})')
except ldap.LDAPError as e:
log.fatal("Changelog search failed, error: " + str(e))
assert False
assert len(cllist) > 0
if cllist[0].present('changes'):
clstr = str(cllist[0].get_attr_vals_utf8('changes'))
assert ATTR_HOMEPHONE in clstr
assert ATTR_CARLICENSE in clstr
log.info('Excluding attribute ' + ATTR_HOMEPHONE)
args = FakeArgs()
args.connections = [
st.host + ':' + str(st.port) + ':' + DN_DM + ':' + PW_DM
]
args.instance = 'standalone1'
args.basedn = None
args.binddn = None
args.starttls = False
args.pwdfile = None
args.bindpw = None
args.prompt = False
args.exclude_attrs = ATTR_HOMEPHONE
args.func = retrochangelog_add
dsrc_inst = dsrc_arg_concat(args, None)
inst = connect_instance(dsrc_inst, False, args)
result = args.func(inst, None, log, args)
disconnect_instance(inst)
assert result is None
log.info('Restarting instance')
try:
st.restart()
except ldap.LDAPError as e:
ldap.error('Failed to restart instance ' + e.args[0]['desc'])
assert False
log.info('Adding user2')
try:
users.create(
properties={
'sn': '2',
'cn': 'user 2',
'uid': 'user2',
'uidNumber': '22',
'gidNumber': '222',
'givenname': 'user2',
'homePhone': '0879088363',
'carLicense': '04WX11038',
'mail': '*****@*****.**',
'homeDirectory': '/home/user2',
'userpassword': USER_PW
})
except ldap.ALREADY_EXISTS:
pass
except ldap.LDAPError as e:
log.error("Failed to add user2: " + str(e))
log.info('Verify homePhone attr is not in the changelog changestring')
try:
cllist = retro_changelog_suffix.filter(f'(targetDn={USER2_DN})')
assert len(cllist) > 0
if cllist[0].present('changes'):
clstr = str(cllist[0].get_attr_vals_utf8('changes'))
assert ATTR_HOMEPHONE not in clstr
assert ATTR_CARLICENSE in clstr
except ldap.LDAPError as e:
log.fatal("Changelog search failed, error: " + str(e))
assert False
def test_retrocl_exclude_attr_mod(topology_st):
""" Test exclude attribute feature of the retrocl plugin for mod operation
:id: f6bef689-685b-4f86-a98d-f7e6b1fcada3
:setup: Standalone instance
:steps:
1. Enable dynamic plugins
2. Confige retro changelog plugin
3. Add user1 entry
4. Ensure entry attrs are in the changelog
5. Exclude an attr
6. Modify user1 entry
7. Ensure excluded attr is not in the changelog
:expectedresults:
1. Success
2. Success
3. Success
4. Success
5. Success
6. Success
7. Success
"""
st = topology_st.standalone
log.info('Configure retrocl plugin')
rcl = RetroChangelogPlugin(st)
rcl.disable()
rcl.enable()
rcl.replace('nsslapd-attribute', 'nsuniqueid:targetUniqueId')
log.info('Restarting instance')
try:
st.restart()
except ldap.LDAPError as e:
ldap.error('Failed to restart instance ' + e.args[0]['desc'])
assert False
users = UserAccounts(st, DEFAULT_SUFFIX)
log.info('Adding user1')
try:
user1 = users.create(
properties={
'sn': '1',
'cn': 'user 1',
'uid': 'user1',
'uidNumber': '11',
'gidNumber': '111',
'givenname': 'user1',
'homePhone': '0861234567',
'carLicense': '131D16674',
'mail': '*****@*****.**',
'homeDirectory': '/home/user1',
'userpassword': USER_PW
})
except ldap.ALREADY_EXISTS:
user1 = UserAccount(st, dn=USER1_DN)
except ldap.LDAPError as e:
log.error("Failed to add user1: " + str(e))
log.info(
'Verify homePhone and carLicense attrs are in the changelog changestring'
)
try:
retro_changelog_suffix = DSLdapObjects(st, basedn=RETROCL_SUFFIX)
cllist = retro_changelog_suffix.filter(f'(targetDn={USER1_DN})')
except ldap.LDAPError as e:
log.fatal("Changelog search failed, error: " + str(e))
assert False
assert len(cllist) > 0
if cllist[0].present('changes'):
clstr = str(cllist[0].get_attr_vals_utf8('changes'))
assert ATTR_HOMEPHONE in clstr
assert ATTR_CARLICENSE in clstr
log.info('Excluding attribute ' + ATTR_CARLICENSE)
args = FakeArgs()
args.connections = [
st.host + ':' + str(st.port) + ':' + DN_DM + ':' + PW_DM
]
args.instance = 'standalone1'
args.basedn = None
args.binddn = None
args.starttls = False
args.pwdfile = None
args.bindpw = None
args.prompt = False
args.exclude_attrs = ATTR_CARLICENSE
args.func = retrochangelog_add
dsrc_inst = dsrc_arg_concat(args, None)
inst = connect_instance(dsrc_inst, False, args)
result = args.func(inst, None, log, args)
disconnect_instance(inst)
assert result is None
log.info('Restarting instance')
try:
st.restart()
except ldap.LDAPError as e:
ldap.error('Failed to restart instance ' + e.args[0]['desc'])
assert False
log.info('Modify user1 carLicense attribute')
try:
user1.replace(ATTR_CARLICENSE, "123WX321")
except ldap.LDAPError as e:
log.fatal(
'test_retrocl_exclude_attr_mod: Failed to update user1 attribute: error '
+ e.message['desc'])
assert False
log.info('Verify carLicense attr is not in the changelog changestring')
try:
cllist = retro_changelog_suffix.filter(f'(targetDn={USER1_DN})')
assert len(cllist) > 0
# There will be 2 entries in the changelog for this user, we are only
#interested in the second one, the modify operation.
if cllist[1].present('changes'):
clstr = str(cllist[1].get_attr_vals_utf8('changes'))
assert ATTR_CARLICENSE not in clstr
except ldap.LDAPError as e:
log.fatal("Changelog search failed, error: " + str(e))
assert False