def test_dnsrecords_one_with_ad(self, mock_query, mock_query_srv): mock_query.side_effect = fake_query_one mock_query_srv.side_effect = query_srv([m_api.env.host], True) m_api.Command.server_find.side_effect = [{ 'result': [ { 'cn': [m_api.env.host], 'enabled_role_servrole': ['CA server', 'IPA master', 'AD trust controller'], }, ] }] framework = object() registry.initialize(framework) f = IPADNSSystemRecordsCheck(registry) f.config = config.Config() self.results = capture_results(f) assert len(self.results) == 15 for result in self.results.results: assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.idns' assert result.check == 'IPADNSSystemRecordsCheck'
def test_dnsrecords_two(self, mock_query, mock_query_srv): """Test two CA masters, all SRV records""" mock_query_srv.side_effect = query_srv( [m_api.env.host, 'replica.' + m_api.env.domain]) mock_query.side_effect = fake_query_two m_api.Command.server_find.side_effect = [{ 'result': [ { 'cn': [m_api.env.host], 'enabled_role_servrole': ['CA server', 'IPA master'], }, { 'cn': ['replica.' + m_api.env.domain], 'enabled_role_servrole': ['CA server', 'IPA master'], }, ] }] framework = object() registry.initialize(framework) f = IPADNSSystemRecordsCheck(registry) f.config = config.Config() self.results = capture_results(f) assert len(self.results) == 17 for result in self.results.results: assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.idns' assert result.check == 'IPADNSSystemRecordsCheck'
def test_dnsrecords_bad_realm(self, mock_query, mock_query_srv): """Unexpected Kerberos TXT record""" mock_query.side_effect = fake_query_one_txt mock_query_srv.side_effect = query_srv([m_api.env.host]) m_api.Command.server_find.side_effect = [{ 'result': [ { 'cn': [m_api.env.host], 'enabled_role_servrole': ['CA server', 'IPA master'], }, ] }] framework = object() registry.initialize(framework) f = IPADNSSystemRecordsCheck(registry) f.config = config.Config() self.results = capture_results(f) assert len(self.results) == 9 ok = get_results_by_severity(self.results.results, constants.SUCCESS) warn = get_results_by_severity(self.results.results, constants.WARNING) assert len(ok) == 8 assert len(warn) == 1 result = warn[0] assert result.kw.get('msg') == 'expected realm missing' assert result.kw.get('key') == '\"FAKE_REALM\"'
def test_dnsrecords_missing_ipa_ca(self, mock_query, mock_query_srv): """Drop one of the masters from query_srv This will simulate missing SRV records and cause a number of warnings to be thrown. """ mock_query_srv.side_effect = query_srv([ m_api.env.host, 'replica.' + m_api.env.domain, 'replica2.' + m_api.env.domain ]) mock_query.side_effect = fake_query_two m_api.Command.server_find.side_effect = [{ 'result': [ { 'cn': [m_api.env.host], 'enabled_role_servrole': ['CA server', 'IPA master'], }, { 'cn': ['replica.' + m_api.env.domain], 'enabled_role_servrole': ['CA server', 'IPA master'], }, { 'cn': ['replica2.' + m_api.env.domain], 'enabled_role_servrole': ['CA server', 'IPA master'], }, ] }] framework = object() registry.initialize(framework) f = IPADNSSystemRecordsCheck(registry) f.config = config.Config() self.results = capture_results(f) assert len(self.results) == 25 ok = get_results_by_severity(self.results.results, constants.SUCCESS) warn = get_results_by_severity(self.results.results, constants.WARNING) assert len(ok) == 24 assert len(warn) == 1 for result in warn: assert result.kw.get('msg') == \ 'Got {count} ipa-ca A records, expected {expected}' assert result.kw.get('count') == 2 assert result.kw.get('expected') == 3
def test_dnsrecords_one_with_ad(self, mock_query, mock_query_uri, mock_query_srv, mock_rrset): mock_query.side_effect = fake_query_one mock_query_srv.side_effect = query_srv([m_api.env.host], True) mock_query_uri.side_effect = query_uri([m_api.env.host]) mock_rrset.side_effect = [ resolve_rrsets(m_api.env.host, (rdatatype.A, rdatatype.AAAA)) ] m_api.Command.server_find.side_effect = [{ 'result': [ { 'cn': [m_api.env.host], 'enabled_role_servrole': ['CA server', 'IPA master', 'AD trust controller'], }, ] }] framework = object() registry.initialize(framework, config.Config) f = IPADNSSystemRecordsCheck(registry) self.results = capture_results(f) if has_uri_support: expected = 20 else: expected = 16 assert len(self.results) == expected for result in self.results.results: assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.idns' assert result.check == 'IPADNSSystemRecordsCheck'
def test_dnsrecords_extra_srv(self, mock_query, mock_query_srv): """An extra SRV record set exists, report it. Add an extra master to the query_srv() which will generate a full extra set of SRV records for the master. """ mock_query_srv.side_effect = query_srv([ m_api.env.host, 'replica.' + m_api.env.domain, 'replica2.' + m_api.env.domain, 'replica3.' + m_api.env.domain ]) mock_query.side_effect = fake_query_three m_api.Command.server_find.side_effect = [{ 'result': [ { 'cn': [m_api.env.host], 'enabled_role_servrole': ['CA server', 'IPA master'], }, { 'cn': ['replica.' + m_api.env.domain], 'enabled_role_servrole': ['CA server', 'IPA master'], }, { 'cn': ['replica2.' + m_api.env.domain], 'enabled_role_servrole': ['CA server', 'IPA master'], }, ] }] framework = object() registry.initialize(framework) f = IPADNSSystemRecordsCheck(registry) f.config = config.Config() self.results = capture_results(f) assert len(self.results) == 32 ok = get_results_by_severity(self.results.results, constants.SUCCESS) warn = get_results_by_severity(self.results.results, constants.WARNING) assert len(ok) == 25 assert len(warn) == 7 for result in warn: assert result.kw.get('msg') == \ 'Unexpected SRV entry in DNS'
def test_dnsrecords_two(self, mock_query, mock_query_uri, mock_query_srv, mock_rrset): """Test two CA masters, all SRV records""" mock_query_srv.side_effect = query_srv([ m_api.env.host, 'replica.' + m_api.env.domain ]) mock_query_uri.side_effect = query_uri([ m_api.env.host, 'replica.' + m_api.env.domain ]) mock_query.side_effect = fake_query_two mock_rrset.side_effect = [ resolve_rrsets(m_api.env.host, (rdatatype.A, rdatatype.AAAA)), resolve_rrsets('replica.' + m_api.env.domain, (rdatatype.A, rdatatype.AAAA)), ] m_api.Command.server_find.side_effect = [{ 'result': [ { 'cn': [m_api.env.host], 'enabled_role_servrole': [ 'CA server', 'IPA master' ], }, { 'cn': ['replica.' + m_api.env.domain], 'enabled_role_servrole': [ 'CA server', 'IPA master' ], }, ] }] framework = object() registry.initialize(framework, config.Config) f = IPADNSSystemRecordsCheck(registry) self.results = capture_results(f) if has_uri_support: expected = 27 else: expected = 19 assert len(self.results) == expected for result in self.results.results: assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.idns' assert result.check == 'IPADNSSystemRecordsCheck'
def test_dnsrecords_bad_realm(self, mock_query, mock_query_uri, mock_query_srv, mock_rrset): """Unexpected Kerberos TXT record""" mock_query.side_effect = fake_query_one_txt mock_query_srv.side_effect = query_srv([m_api.env.host]) mock_query_uri.side_effect = query_uri([m_api.env.host]) mock_rrset.side_effect = [ resolve_rrsets(m_api.env.host, (rdatatype.A, rdatatype.AAAA)) ] m_api.Command.server_find.side_effect = [{ 'result': [ { 'cn': [m_api.env.host], 'enabled_role_servrole': [ 'CA server', 'IPA master' ], }, ] }] framework = object() registry.initialize(framework, config.Config) f = IPADNSSystemRecordsCheck(registry) self.results = capture_results(f) if has_uri_support: expected = 14 else: expected = 10 assert len(self.results) == expected ok = get_results_by_severity(self.results.results, constants.SUCCESS) warn = get_results_by_severity(self.results.results, constants.WARNING) if has_uri_support: assert len(ok) == 13 assert len(warn) == 1 else: assert len(ok) == 9 assert len(warn) == 1 result = warn[0] assert result.kw.get('msg') == 'expected realm missing' assert result.kw.get('key') == '\"FAKE_REALM\"'
def test_dnsrecords_extra_srv(self, mock_query, mock_query_uri, mock_query_srv, mock_rrset): """An extra SRV record set exists, report it. Add an extra master to the query_srv() which will generate a full extra set of SRV records for the master. """ mock_query_srv.side_effect = query_srv([ m_api.env.host, 'replica.' + m_api.env.domain, 'replica2.' + m_api.env.domain, 'replica3.' + m_api.env.domain ]) mock_query_uri.side_effect = query_uri([ m_api.env.host, 'replica.' + m_api.env.domain, 'replica2.' + m_api.env.domain, ]) mock_query.side_effect = fake_query_three mock_rrset.side_effect = [ resolve_rrsets(m_api.env.host, (rdatatype.A, rdatatype.AAAA)), resolve_rrsets('replica.' + m_api.env.domain, (rdatatype.A, rdatatype.AAAA)), resolve_rrsets('replica2.' + m_api.env.domain, (rdatatype.A, rdatatype.AAAA)), resolve_rrsets('replica3.' + m_api.env.domain, (rdatatype.A, rdatatype.AAAA)), ] m_api.Command.server_find.side_effect = [{ 'result': [ { 'cn': [m_api.env.host], 'enabled_role_servrole': [ 'CA server', 'IPA master' ], }, { 'cn': ['replica.' + m_api.env.domain], 'enabled_role_servrole': [ 'CA server', 'IPA master' ], }, { 'cn': ['replica2.' + m_api.env.domain], 'enabled_role_servrole': [ 'CA server', 'IPA master' ], }, ] }] framework = object() registry.initialize(framework, config.Config) f = IPADNSSystemRecordsCheck(registry) self.results = capture_results(f) if has_uri_support: expected = 47 else: expected = 35 assert len(self.results) == expected ok = get_results_by_severity(self.results.results, constants.SUCCESS) warn = get_results_by_severity(self.results.results, constants.WARNING) if has_uri_support: assert len(ok) == 40 assert len(warn) == 7 else: assert len(ok) == 28 assert len(warn) == 7 for result in warn: assert result.kw.get('msg') == \ 'Unexpected SRV entry in DNS'
def test_dnsrecords_missing_ipa_ca(self, mock_query, mock_query_uri, mock_query_srv, mock_rrset): """Drop one of the masters from query_srv This will simulate missing SRV records and cause a number of warnings to be thrown. """ mock_query_srv.side_effect = query_srv([ m_api.env.host, 'replica.' + m_api.env.domain, 'replica2.' + m_api.env.domain ]) mock_query_uri.side_effect = query_uri([ m_api.env.host, 'replica.' + m_api.env.domain, 'replica2.' + m_api.env.domain ]) mock_query.side_effect = fake_query_two mock_rrset.side_effect = [ resolve_rrsets(m_api.env.host, (rdatatype.A, rdatatype.AAAA)), resolve_rrsets('replica.' + m_api.env.domain, (rdatatype.A, rdatatype.AAAA)), resolve_rrsets('replica2.' + m_api.env.domain, (rdatatype.A, rdatatype.AAAA)) ] m_api.Command.server_find.side_effect = [{ 'result': [ { 'cn': [m_api.env.host], 'enabled_role_servrole': [ 'CA server', 'IPA master' ], }, { 'cn': ['replica.' + m_api.env.domain], 'enabled_role_servrole': [ 'CA server', 'IPA master' ], }, { 'cn': ['replica2.' + m_api.env.domain], 'enabled_role_servrole': [ 'CA server', 'IPA master' ], }, ] }] framework = object() registry.initialize(framework, config.Config) f = IPADNSSystemRecordsCheck(registry) self.results = capture_results(f) if has_uri_support: expected = 40 else: expected = 28 assert len(self.results) == expected ok = get_results_by_severity(self.results.results, constants.SUCCESS) warn = get_results_by_severity(self.results.results, constants.WARNING) if has_uri_support: assert len(ok) == 38 assert len(warn) == 2 else: assert len(ok) == 26 assert len(warn) == 2 for result in warn: assert re.match( r'^Got {count} ipa-ca (A|AAAA) records, expected {expected}$', result.kw.get('msg') ) assert result.kw.get('count') == 2 assert result.kw.get('expected') == 3