From de2032487c73151e13812db78866ddd85d0f541c Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 28 Jun 2021 16:43:11 -0400
Subject: [PATCH] Allow for HIDDEN_SERVICE when checking ADTRUST service
If the host is a trust controller then the ADTRUST service
must be enabled. This is defined as both ENABLED_SERVICE and
HIDDEN_SERVICE.
https://github.com/freeipa/freeipa-healthcheck/issues/217
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
src/ipahealthcheck/ipa/trust.py | 6 ++--
tests/test_ipa_trust.py | 54 ++++++++++++++++++---------------
2 files changed, 33 insertions(+), 27 deletions(-)
diff --git a/src/ipahealthcheck/ipa/trust.py b/src/ipahealthcheck/ipa/trust.py
index 162a64c..27a2c86 100644
--- a/src/ipahealthcheck/ipa/trust.py
+++ b/src/ipahealthcheck/ipa/trust.py
@@ -23,9 +23,9 @@ except ImportError:
# be skipped
pass
try:
- from ipaserver.masters import ENABLED_SERVICE
+ from ipaserver.masters import ENABLED_SERVICE, HIDDEN_SERVICE
except ImportError:
- from ipaserver.install.service import ENABLED_SERVICE
+ from ipaserver.install.service import ENABLED_SERVICE, HIDDEN_SERVICE
try:
from ipapython.ipaldap import realm_to_serverid
except ImportError:
@@ -476,7 +476,7 @@ class IPATrustControllerServiceCheck(IPAPlugin):
configs = entry.get('ipaconfigstring', [])
enabled = False
for config in configs:
- if config == ENABLED_SERVICE:
+ if config in [ENABLED_SERVICE, HIDDEN_SERVICE]:
enabled = True
break
diff --git a/tests/test_ipa_trust.py b/tests/test_ipa_trust.py
index 5eca9b5..c314b70 100644
--- a/tests/test_ipa_trust.py
+++ b/tests/test_ipa_trust.py
@@ -28,6 +28,11 @@ from ipahealthcheck.ipa.trust import (IPATrustAgentCheck,
from ipalib import errors
from ipapython.dn import DN
from ipapython.ipaldap import LDAPClient, LDAPEntry
+try:
+ from ipaserver.masters import ENABLED_SERVICE, HIDDEN_SERVICE
+except ImportError:
+ from ipaserver.install.service import ENABLED_SERVICE, HIDDEN_SERVICE
+
try:
from ipapython.ipaldap import realm_to_serverid
@@ -795,31 +800,32 @@ class TestControllerService(BaseTest):
# Zero because the call was skipped altogether
assert len(self.results) == 0
- def test_principal_ok(self):
+ def test_service_enabled(self):
service_dn = DN(('cn', 'ADTRUST'))
- attrs = {
- 'ipaconfigstring': ['enabledService'],
- }
- fake_conn = LDAPClient('ldap://localhost', no_schema=True)
- ldapentry = LDAPEntry(fake_conn, service_dn)
- for attr, values in attrs.items():
- ldapentry[attr] = values
-
- framework = object()
- registry.initialize(framework, config.Config)
- registry.trust_controller = True
- f = IPATrustControllerServiceCheck(registry)
-
- f.conn = mock_ldap(ldapentry)
- self.results = capture_results(f)
-
- assert len(self.results) == 1
-
- result = self.results.results[0]
- assert result.result == constants.SUCCESS
- assert result.source == 'ipahealthcheck.ipa.trust'
- assert result.check == 'IPATrustControllerServiceCheck'
- assert result.kw.get('key') == 'ADTRUST'
+ for type in [ENABLED_SERVICE, HIDDEN_SERVICE]:
+ attrs = {
+ 'ipaconfigstring': [type],
+ }
+ fake_conn = LDAPClient('ldap://localhost', no_schema=True)
+ ldapentry = LDAPEntry(fake_conn, service_dn)
+ for attr, values in attrs.items():
+ ldapentry[attr] = values
+
+ framework = object()
+ registry.initialize(framework, config.Config)
+ registry.trust_controller = True
+ f = IPATrustControllerServiceCheck(registry)
+
+ f.conn = mock_ldap(ldapentry)
+ self.results = capture_results(f)
+
+ assert len(self.results) == 1
+
+ result = self.results.results[0]
+ assert result.result == constants.SUCCESS
+ assert result.source == 'ipahealthcheck.ipa.trust'
+ assert result.check == 'IPATrustControllerServiceCheck'
+ assert result.kw.get('key') == 'ADTRUST'
def test_principal_fail(self):
service_dn = DN(('cn', 'ADTRUST'))
--
2.31.1