From a6504bd7d32fe3553b9f6f807f3d84a1b87bb77c Mon Sep 17 00:00:00 2001
From: Antonio Torres <antorres@redhat.com>
Date: Wed, 24 Feb 2021 17:26:08 +0100
Subject: [PATCH] Add tests for KRA Agent validation
Add unit tests for KRA Agent validation.
Signed-off-by: Antonio Torres <antorres@redhat.com>
---
tests/test_ipa_agent.py | 174 +++++++++++++++++++++++++++++++++++++++-
1 file changed, 172 insertions(+), 2 deletions(-)
diff --git a/tests/test_ipa_agent.py b/tests/test_ipa_agent.py
index 6605745..9b691f7 100644
--- a/tests/test_ipa_agent.py
+++ b/tests/test_ipa_agent.py
@@ -4,11 +4,11 @@
from base import BaseTest
from unittest.mock import Mock, patch
-from util import capture_results, CAInstance
+from util import capture_results, CAInstance, KRAInstance
from ipahealthcheck.core import config, constants
from ipahealthcheck.ipa.plugin import registry
-from ipahealthcheck.ipa.certs import IPARAAgent
+from ipahealthcheck.ipa.certs import IPARAAgent, IPAKRAAgent
from ipalib import errors
from ipapython.dn import DN
@@ -218,3 +218,173 @@ class TestNSSAgent(BaseTest):
assert result.result == constants.SUCCESS
assert result.source == 'ipahealthcheck.ipa.certs'
assert result.check == 'IPARAAgent'
+
+
+class TestKRAAgent(BaseTest):
+ cert = IPACertificate()
+ patches = {
+ 'ldap.initialize':
+ Mock(return_value=mock_ldap_conn()),
+ 'ipaserver.install.krainstance.KRAInstance':
+ Mock(return_value=KRAInstance()),
+ 'ipalib.x509.load_certificate_from_file':
+ Mock(return_value=cert),
+ }
+
+ def test_kra_agent_ok(self):
+
+ attrs = dict(
+ description=['2;1;CN=ISSUER;CN=RA AGENT'],
+ usercertificate=[self.cert],
+ )
+ fake_conn = LDAPClient('ldap://localhost', no_schema=True)
+ ldapentry = LDAPEntry(fake_conn,
+ DN('uid=ipakra,ou=people,o=kra,o=ipaca'))
+ for attr, values in attrs.items():
+ ldapentry[attr] = values
+
+ framework = object()
+ registry.initialize(framework, config.Config())
+ f = IPAKRAAgent(registry)
+
+ f.conn = mock_ldap([ldapentry])
+ self.results = capture_results(f)
+
+ assert len(self.results) == 1
+
+ result = self.results.results[0]
+ assert result.result == constants.SUCCESS
+ assert result.source == 'ipahealthcheck.ipa.certs'
+ assert result.check == 'IPAKRAAgent'
+
+ def test_kra_agent_no_description(self):
+
+ attrs = dict(
+ usercertificate=[self.cert],
+ )
+ fake_conn = LDAPClient('ldap://localhost', no_schema=True)
+ ldapentry = LDAPEntry(fake_conn,
+ DN('uid=ipakra,ou=people,o=kra,o=ipaca'))
+ for attr, values in attrs.items():
+ ldapentry[attr] = values
+
+ framework = object()
+ registry.initialize(framework, config.Config())
+ f = IPAKRAAgent(registry)
+
+ f.conn = mock_ldap([ldapentry])
+ self.results = capture_results(f)
+ result = self.results.results[0]
+
+ assert result.result == constants.ERROR
+ assert 'description' in result.kw.get('msg')
+
+ @patch('ipalib.x509.load_certificate_from_file')
+ def test_kra_agent_load_failure(self, mock_load_cert):
+
+ mock_load_cert.side_effect = IOError('test')
+
+ framework = object()
+ registry.initialize(framework, config.Config())
+ f = IPAKRAAgent(registry)
+
+ self.results = capture_results(f)
+ result = self.results.results[0]
+
+ assert result.result == constants.ERROR
+ assert result.kw.get('error') == 'test'
+
+ def test_kra_agent_no_entry_found(self):
+
+ framework = object()
+ registry.initialize(framework, config.Config())
+ f = IPAKRAAgent(registry)
+
+ f.conn = mock_ldap(None) # None == NotFound
+ self.results = capture_results(f)
+ result = self.results.results[0]
+
+ assert result.result == constants.ERROR
+ assert result.kw.get('msg') == 'KRA agent not found in LDAP'
+
+ def test_kra_agent_too_many(self):
+
+ attrs = dict(
+ description=['2;1;CN=ISSUER;CN=RA AGENT'],
+ usercertificate=[self.cert],
+ )
+ fake_conn = LDAPClient('ldap://localhost', no_schema=True)
+ ldapentry = LDAPEntry(fake_conn,
+ DN('uid=ipakra,ou=people,o=kra,o=ipaca'))
+ for attr, values in attrs.items():
+ ldapentry[attr] = values
+
+ ldapentry2 = LDAPEntry(fake_conn,
+ DN('uid=ipakra,ou=people,o=kra,o=ipaca'))
+ for attr, values in attrs.items():
+ ldapentry[attr] = values
+
+ framework = object()
+ registry.initialize(framework, config.Config())
+ f = IPAKRAAgent(registry)
+
+ f.conn = mock_ldap([ldapentry, ldapentry2])
+ self.results = capture_results(f)
+ result = self.results.results[0]
+
+ assert result.result == constants.ERROR
+ assert result.kw.get('found') == 2
+
+ def test_kra_agent_nonmatching_cert(self):
+
+ cert2 = IPACertificate(2)
+
+ attrs = dict(
+ description=['2;1;CN=ISSUER;CN=RA AGENT'],
+ usercertificate=[cert2],
+ )
+ fake_conn = LDAPClient('ldap://localhost', no_schema=True)
+ ldapentry = LDAPEntry(fake_conn,
+ DN('uid=ipakra,ou=people,o=kra,o=ipaca'))
+ for attr, values in attrs.items():
+ ldapentry[attr] = values
+
+ framework = object()
+ registry.initialize(framework, config.Config())
+ f = IPAKRAAgent(registry)
+
+ f.conn = mock_ldap([ldapentry])
+ self.results = capture_results(f)
+ result = self.results.results[0]
+
+ assert result.result == constants.ERROR
+ assert result.kw.get('certfile') == paths.RA_AGENT_PEM
+ assert result.kw.get('dn') == 'uid=ipakra,ou=people,o=kra,o=ipaca'
+
+ def test_kra_agent_multiple_certs(self):
+
+ cert2 = IPACertificate(2)
+
+ attrs = dict(
+ description=['2;1;CN=ISSUER;CN=RA AGENT'],
+ usercertificate=[cert2, self.cert],
+ )
+ fake_conn = LDAPClient('ldap://localhost', no_schema=True)
+ ldapentry = LDAPEntry(fake_conn,
+ DN('uid=ipakra,ou=people,o=kra,o=ipaca'))
+ for attr, values in attrs.items():
+ ldapentry[attr] = values
+
+ framework = object()
+ registry.initialize(framework, config.Config)
+ f = IPAKRAAgent(registry)
+
+ f.conn = mock_ldap([ldapentry])
+ self.results = capture_results(f)
+
+ assert len(self.results) == 1
+
+ result = self.results.results[0]
+ assert result.result == constants.SUCCESS
+ assert result.source == 'ipahealthcheck.ipa.certs'
+ assert result.check == 'IPAKRAAgent'
--
2.26.2