rpms / ipa-healthcheck

Clone
Source Code
GIT

Blame SOURCES/0003-Allow-for-HIDDEN_SERVICE-when-checking-ADTRUST-servi.patch

c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   d27d4182ed050dd8922b546de121456058236512
  2.   SOURCES
  3.   0003-Allow-for-HIDDEN_SERVICE-when-checking-ADTRUST-servi.patch
Blob History Raw
0b39ee 
From de2032487c73151e13812db78866ddd85d0f541c Mon Sep 17 00:00:00 2001
0b39ee 
From: Rob Crittenden <rcritten@redhat.com>
0b39ee 
Date: Mon, 28 Jun 2021 16:43:11 -0400
0b39ee 
Subject: [PATCH] Allow for HIDDEN_SERVICE when checking ADTRUST service
0b39ee
0b39ee 
If the host is a trust controller then the ADTRUST service
0b39ee 
must be enabled. This is defined as both ENABLED_SERVICE and
0b39ee 
HIDDEN_SERVICE.
0b39ee
0b39ee 
https://github.com/freeipa/freeipa-healthcheck/issues/217
0b39ee
0b39ee 
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
0b39ee 
---
0b39ee 
 src/ipahealthcheck/ipa/trust.py |  6 ++--
0b39ee 
 tests/test_ipa_trust.py         | 54 ++++++++++++++++++---------------
0b39ee 
 2 files changed, 33 insertions(+), 27 deletions(-)
0b39ee
0b39ee 
diff --git a/src/ipahealthcheck/ipa/trust.py b/src/ipahealthcheck/ipa/trust.py
0b39ee 
index 162a64c..27a2c86 100644
0b39ee 
--- a/src/ipahealthcheck/ipa/trust.py
0b39ee 
+++ b/src/ipahealthcheck/ipa/trust.py
0b39ee 
@@ -23,9 +23,9 @@ except ImportError:
0b39ee 
     # be skipped
0b39ee 
     pass
0b39ee 
 try:
0b39ee 
-    from ipaserver.masters import ENABLED_SERVICE
0b39ee 
+    from ipaserver.masters import ENABLED_SERVICE, HIDDEN_SERVICE
0b39ee 
 except ImportError:
0b39ee 
-    from ipaserver.install.service import ENABLED_SERVICE
0b39ee 
+    from ipaserver.install.service import ENABLED_SERVICE, HIDDEN_SERVICE
0b39ee 
 try:
0b39ee 
     from ipapython.ipaldap import realm_to_serverid
0b39ee 
 except ImportError:
0b39ee 
@@ -476,7 +476,7 @@ class IPATrustControllerServiceCheck(IPAPlugin):
0b39ee 
             configs = entry.get('ipaconfigstring', [])
0b39ee 
             enabled = False
0b39ee 
             for config in configs:
0b39ee 
-                if config == ENABLED_SERVICE:
0b39ee 
+                if config in [ENABLED_SERVICE, HIDDEN_SERVICE]:
0b39ee 
                     enabled = True
0b39ee 
                     break
0b39ee
0b39ee 
diff --git a/tests/test_ipa_trust.py b/tests/test_ipa_trust.py
0b39ee 
index 5eca9b5..c314b70 100644
0b39ee 
--- a/tests/test_ipa_trust.py
0b39ee 
+++ b/tests/test_ipa_trust.py
0b39ee 
@@ -28,6 +28,11 @@ from ipahealthcheck.ipa.trust import (IPATrustAgentCheck,
0b39ee 
 from ipalib import errors
0b39ee 
 from ipapython.dn import DN
0b39ee 
 from ipapython.ipaldap import LDAPClient, LDAPEntry
0b39ee 
+try:
0b39ee 
+    from ipaserver.masters import ENABLED_SERVICE, HIDDEN_SERVICE
0b39ee 
+except ImportError:
0b39ee 
+    from ipaserver.install.service import ENABLED_SERVICE, HIDDEN_SERVICE
0b39ee 
+
0b39ee
0b39ee 
 try:
0b39ee 
     from ipapython.ipaldap import realm_to_serverid
0b39ee 
@@ -795,31 +800,32 @@ class TestControllerService(BaseTest):
0b39ee 
         # Zero because the call was skipped altogether
0b39ee 
         assert len(self.results) == 0
0b39ee
0b39ee 
-    def test_principal_ok(self):
0b39ee 
+    def test_service_enabled(self):
0b39ee 
         service_dn = DN(('cn', 'ADTRUST'))
0b39ee 
-        attrs = {
0b39ee 
-            'ipaconfigstring': ['enabledService'],
0b39ee 
-        }
0b39ee 
-        fake_conn = LDAPClient('ldap://localhost', no_schema=True)
0b39ee 
-        ldapentry = LDAPEntry(fake_conn, service_dn)
0b39ee 
-        for attr, values in attrs.items():
0b39ee 
-            ldapentry[attr] = values
0b39ee 
-
0b39ee 
-        framework = object()
0b39ee 
-        registry.initialize(framework, config.Config)
0b39ee 
-        registry.trust_controller = True
0b39ee 
-        f = IPATrustControllerServiceCheck(registry)
0b39ee 
-
0b39ee 
-        f.conn = mock_ldap(ldapentry)
0b39ee 
-        self.results = capture_results(f)
0b39ee 
-
0b39ee 
-        assert len(self.results) == 1
0b39ee 
-
0b39ee 
-        result = self.results.results[0]
0b39ee 
-        assert result.result == constants.SUCCESS
0b39ee 
-        assert result.source == 'ipahealthcheck.ipa.trust'
0b39ee 
-        assert result.check == 'IPATrustControllerServiceCheck'
0b39ee 
-        assert result.kw.get('key') == 'ADTRUST'
0b39ee 
+        for type in [ENABLED_SERVICE, HIDDEN_SERVICE]:
0b39ee 
+            attrs = {
0b39ee 
+                'ipaconfigstring': [type],
0b39ee 
+            }
0b39ee 
+            fake_conn = LDAPClient('ldap://localhost', no_schema=True)
0b39ee 
+            ldapentry = LDAPEntry(fake_conn, service_dn)
0b39ee 
+            for attr, values in attrs.items():
0b39ee 
+                ldapentry[attr] = values
0b39ee 
+
0b39ee 
+            framework = object()
0b39ee 
+            registry.initialize(framework, config.Config)
0b39ee 
+            registry.trust_controller = True
0b39ee 
+            f = IPATrustControllerServiceCheck(registry)
0b39ee 
+
0b39ee 
+            f.conn = mock_ldap(ldapentry)
0b39ee 
+            self.results = capture_results(f)
0b39ee 
+
0b39ee 
+            assert len(self.results) == 1
0b39ee 
+
0b39ee 
+            result = self.results.results[0]
0b39ee 
+            assert result.result == constants.SUCCESS
0b39ee 
+            assert result.source == 'ipahealthcheck.ipa.trust'
0b39ee 
+            assert result.check == 'IPATrustControllerServiceCheck'
0b39ee 
+            assert result.kw.get('key') == 'ADTRUST'
0b39ee
0b39ee 
     def test_principal_fail(self):
0b39ee 
         service_dn = DN(('cn', 'ADTRUST'))
0b39ee 
--
0b39ee 
2.31.1
0b39ee

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation