From de2032487c73151e13812db78866ddd85d0f541c Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 28 Jun 2021 16:43:11 -0400 Subject: [PATCH] Allow for HIDDEN_SERVICE when checking ADTRUST service If the host is a trust controller then the ADTRUST service must be enabled. This is defined as both ENABLED_SERVICE and HIDDEN_SERVICE. https://github.com/freeipa/freeipa-healthcheck/issues/217 Signed-off-by: Rob Crittenden --- src/ipahealthcheck/ipa/trust.py | 6 ++-- tests/test_ipa_trust.py | 54 ++++++++++++++++++--------------- 2 files changed, 33 insertions(+), 27 deletions(-) diff --git a/src/ipahealthcheck/ipa/trust.py b/src/ipahealthcheck/ipa/trust.py index 162a64c..27a2c86 100644 --- a/src/ipahealthcheck/ipa/trust.py +++ b/src/ipahealthcheck/ipa/trust.py @@ -23,9 +23,9 @@ except ImportError: # be skipped pass try: - from ipaserver.masters import ENABLED_SERVICE + from ipaserver.masters import ENABLED_SERVICE, HIDDEN_SERVICE except ImportError: - from ipaserver.install.service import ENABLED_SERVICE + from ipaserver.install.service import ENABLED_SERVICE, HIDDEN_SERVICE try: from ipapython.ipaldap import realm_to_serverid except ImportError: @@ -476,7 +476,7 @@ class IPATrustControllerServiceCheck(IPAPlugin): configs = entry.get('ipaconfigstring', []) enabled = False for config in configs: - if config == ENABLED_SERVICE: + if config in [ENABLED_SERVICE, HIDDEN_SERVICE]: enabled = True break diff --git a/tests/test_ipa_trust.py b/tests/test_ipa_trust.py index 5eca9b5..c314b70 100644 --- a/tests/test_ipa_trust.py +++ b/tests/test_ipa_trust.py @@ -28,6 +28,11 @@ from ipahealthcheck.ipa.trust import (IPATrustAgentCheck, from ipalib import errors from ipapython.dn import DN from ipapython.ipaldap import LDAPClient, LDAPEntry +try: + from ipaserver.masters import ENABLED_SERVICE, HIDDEN_SERVICE +except ImportError: + from ipaserver.install.service import ENABLED_SERVICE, HIDDEN_SERVICE + try: from ipapython.ipaldap import realm_to_serverid @@ -795,31 +800,32 @@ class TestControllerService(BaseTest): # Zero because the call was skipped altogether assert len(self.results) == 0 - def test_principal_ok(self): + def test_service_enabled(self): service_dn = DN(('cn', 'ADTRUST')) - attrs = { - 'ipaconfigstring': ['enabledService'], - } - fake_conn = LDAPClient('ldap://localhost', no_schema=True) - ldapentry = LDAPEntry(fake_conn, service_dn) - for attr, values in attrs.items(): - ldapentry[attr] = values - - framework = object() - registry.initialize(framework, config.Config) - registry.trust_controller = True - f = IPATrustControllerServiceCheck(registry) - - f.conn = mock_ldap(ldapentry) - self.results = capture_results(f) - - assert len(self.results) == 1 - - result = self.results.results[0] - assert result.result == constants.SUCCESS - assert result.source == 'ipahealthcheck.ipa.trust' - assert result.check == 'IPATrustControllerServiceCheck' - assert result.kw.get('key') == 'ADTRUST' + for type in [ENABLED_SERVICE, HIDDEN_SERVICE]: + attrs = { + 'ipaconfigstring': [type], + } + fake_conn = LDAPClient('ldap://localhost', no_schema=True) + ldapentry = LDAPEntry(fake_conn, service_dn) + for attr, values in attrs.items(): + ldapentry[attr] = values + + framework = object() + registry.initialize(framework, config.Config) + registry.trust_controller = True + f = IPATrustControllerServiceCheck(registry) + + f.conn = mock_ldap(ldapentry) + self.results = capture_results(f) + + assert len(self.results) == 1 + + result = self.results.results[0] + assert result.result == constants.SUCCESS + assert result.source == 'ipahealthcheck.ipa.trust' + assert result.check == 'IPATrustControllerServiceCheck' + assert result.kw.get('key') == 'ADTRUST' def test_principal_fail(self): service_dn = DN(('cn', 'ADTRUST')) -- 2.31.1