|
|
0b39ee |
From de2032487c73151e13812db78866ddd85d0f541c Mon Sep 17 00:00:00 2001
|
|
|
0b39ee |
From: Rob Crittenden <rcritten@redhat.com>
|
|
|
0b39ee |
Date: Mon, 28 Jun 2021 16:43:11 -0400
|
|
|
0b39ee |
Subject: [PATCH] Allow for HIDDEN_SERVICE when checking ADTRUST service
|
|
|
0b39ee |
|
|
|
0b39ee |
If the host is a trust controller then the ADTRUST service
|
|
|
0b39ee |
must be enabled. This is defined as both ENABLED_SERVICE and
|
|
|
0b39ee |
HIDDEN_SERVICE.
|
|
|
0b39ee |
|
|
|
0b39ee |
https://github.com/freeipa/freeipa-healthcheck/issues/217
|
|
|
0b39ee |
|
|
|
0b39ee |
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
|
|
0b39ee |
---
|
|
|
0b39ee |
src/ipahealthcheck/ipa/trust.py | 6 ++--
|
|
|
0b39ee |
tests/test_ipa_trust.py | 54 ++++++++++++++++++---------------
|
|
|
0b39ee |
2 files changed, 33 insertions(+), 27 deletions(-)
|
|
|
0b39ee |
|
|
|
0b39ee |
diff --git a/src/ipahealthcheck/ipa/trust.py b/src/ipahealthcheck/ipa/trust.py
|
|
|
0b39ee |
index 162a64c..27a2c86 100644
|
|
|
0b39ee |
--- a/src/ipahealthcheck/ipa/trust.py
|
|
|
0b39ee |
+++ b/src/ipahealthcheck/ipa/trust.py
|
|
|
0b39ee |
@@ -23,9 +23,9 @@ except ImportError:
|
|
|
0b39ee |
# be skipped
|
|
|
0b39ee |
pass
|
|
|
0b39ee |
try:
|
|
|
0b39ee |
- from ipaserver.masters import ENABLED_SERVICE
|
|
|
0b39ee |
+ from ipaserver.masters import ENABLED_SERVICE, HIDDEN_SERVICE
|
|
|
0b39ee |
except ImportError:
|
|
|
0b39ee |
- from ipaserver.install.service import ENABLED_SERVICE
|
|
|
0b39ee |
+ from ipaserver.install.service import ENABLED_SERVICE, HIDDEN_SERVICE
|
|
|
0b39ee |
try:
|
|
|
0b39ee |
from ipapython.ipaldap import realm_to_serverid
|
|
|
0b39ee |
except ImportError:
|
|
|
0b39ee |
@@ -476,7 +476,7 @@ class IPATrustControllerServiceCheck(IPAPlugin):
|
|
|
0b39ee |
configs = entry.get('ipaconfigstring', [])
|
|
|
0b39ee |
enabled = False
|
|
|
0b39ee |
for config in configs:
|
|
|
0b39ee |
- if config == ENABLED_SERVICE:
|
|
|
0b39ee |
+ if config in [ENABLED_SERVICE, HIDDEN_SERVICE]:
|
|
|
0b39ee |
enabled = True
|
|
|
0b39ee |
break
|
|
|
0b39ee |
|
|
|
0b39ee |
diff --git a/tests/test_ipa_trust.py b/tests/test_ipa_trust.py
|
|
|
0b39ee |
index 5eca9b5..c314b70 100644
|
|
|
0b39ee |
--- a/tests/test_ipa_trust.py
|
|
|
0b39ee |
+++ b/tests/test_ipa_trust.py
|
|
|
0b39ee |
@@ -28,6 +28,11 @@ from ipahealthcheck.ipa.trust import (IPATrustAgentCheck,
|
|
|
0b39ee |
from ipalib import errors
|
|
|
0b39ee |
from ipapython.dn import DN
|
|
|
0b39ee |
from ipapython.ipaldap import LDAPClient, LDAPEntry
|
|
|
0b39ee |
+try:
|
|
|
0b39ee |
+ from ipaserver.masters import ENABLED_SERVICE, HIDDEN_SERVICE
|
|
|
0b39ee |
+except ImportError:
|
|
|
0b39ee |
+ from ipaserver.install.service import ENABLED_SERVICE, HIDDEN_SERVICE
|
|
|
0b39ee |
+
|
|
|
0b39ee |
|
|
|
0b39ee |
try:
|
|
|
0b39ee |
from ipapython.ipaldap import realm_to_serverid
|
|
|
0b39ee |
@@ -795,31 +800,32 @@ class TestControllerService(BaseTest):
|
|
|
0b39ee |
# Zero because the call was skipped altogether
|
|
|
0b39ee |
assert len(self.results) == 0
|
|
|
0b39ee |
|
|
|
0b39ee |
- def test_principal_ok(self):
|
|
|
0b39ee |
+ def test_service_enabled(self):
|
|
|
0b39ee |
service_dn = DN(('cn', 'ADTRUST'))
|
|
|
0b39ee |
- attrs = {
|
|
|
0b39ee |
- 'ipaconfigstring': ['enabledService'],
|
|
|
0b39ee |
- }
|
|
|
0b39ee |
- fake_conn = LDAPClient('ldap://localhost', no_schema=True)
|
|
|
0b39ee |
- ldapentry = LDAPEntry(fake_conn, service_dn)
|
|
|
0b39ee |
- for attr, values in attrs.items():
|
|
|
0b39ee |
- ldapentry[attr] = values
|
|
|
0b39ee |
-
|
|
|
0b39ee |
- framework = object()
|
|
|
0b39ee |
- registry.initialize(framework, config.Config)
|
|
|
0b39ee |
- registry.trust_controller = True
|
|
|
0b39ee |
- f = IPATrustControllerServiceCheck(registry)
|
|
|
0b39ee |
-
|
|
|
0b39ee |
- f.conn = mock_ldap(ldapentry)
|
|
|
0b39ee |
- self.results = capture_results(f)
|
|
|
0b39ee |
-
|
|
|
0b39ee |
- assert len(self.results) == 1
|
|
|
0b39ee |
-
|
|
|
0b39ee |
- result = self.results.results[0]
|
|
|
0b39ee |
- assert result.result == constants.SUCCESS
|
|
|
0b39ee |
- assert result.source == 'ipahealthcheck.ipa.trust'
|
|
|
0b39ee |
- assert result.check == 'IPATrustControllerServiceCheck'
|
|
|
0b39ee |
- assert result.kw.get('key') == 'ADTRUST'
|
|
|
0b39ee |
+ for type in [ENABLED_SERVICE, HIDDEN_SERVICE]:
|
|
|
0b39ee |
+ attrs = {
|
|
|
0b39ee |
+ 'ipaconfigstring': [type],
|
|
|
0b39ee |
+ }
|
|
|
0b39ee |
+ fake_conn = LDAPClient('ldap://localhost', no_schema=True)
|
|
|
0b39ee |
+ ldapentry = LDAPEntry(fake_conn, service_dn)
|
|
|
0b39ee |
+ for attr, values in attrs.items():
|
|
|
0b39ee |
+ ldapentry[attr] = values
|
|
|
0b39ee |
+
|
|
|
0b39ee |
+ framework = object()
|
|
|
0b39ee |
+ registry.initialize(framework, config.Config)
|
|
|
0b39ee |
+ registry.trust_controller = True
|
|
|
0b39ee |
+ f = IPATrustControllerServiceCheck(registry)
|
|
|
0b39ee |
+
|
|
|
0b39ee |
+ f.conn = mock_ldap(ldapentry)
|
|
|
0b39ee |
+ self.results = capture_results(f)
|
|
|
0b39ee |
+
|
|
|
0b39ee |
+ assert len(self.results) == 1
|
|
|
0b39ee |
+
|
|
|
0b39ee |
+ result = self.results.results[0]
|
|
|
0b39ee |
+ assert result.result == constants.SUCCESS
|
|
|
0b39ee |
+ assert result.source == 'ipahealthcheck.ipa.trust'
|
|
|
0b39ee |
+ assert result.check == 'IPATrustControllerServiceCheck'
|
|
|
0b39ee |
+ assert result.kw.get('key') == 'ADTRUST'
|
|
|
0b39ee |
|
|
|
0b39ee |
def test_principal_fail(self):
|
|
|
0b39ee |
service_dn = DN(('cn', 'ADTRUST'))
|
|
|
0b39ee |
--
|
|
|
0b39ee |
2.31.1
|
|
|
0b39ee |
|