From a6504bd7d32fe3553b9f6f807f3d84a1b87bb77c Mon Sep 17 00:00:00 2001 From: Antonio Torres Date: Wed, 24 Feb 2021 17:26:08 +0100 Subject: [PATCH] Add tests for KRA Agent validation Add unit tests for KRA Agent validation. Signed-off-by: Antonio Torres --- tests/test_ipa_agent.py | 174 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 172 insertions(+), 2 deletions(-) diff --git a/tests/test_ipa_agent.py b/tests/test_ipa_agent.py index 6605745..9b691f7 100644 --- a/tests/test_ipa_agent.py +++ b/tests/test_ipa_agent.py @@ -4,11 +4,11 @@ from base import BaseTest from unittest.mock import Mock, patch -from util import capture_results, CAInstance +from util import capture_results, CAInstance, KRAInstance from ipahealthcheck.core import config, constants from ipahealthcheck.ipa.plugin import registry -from ipahealthcheck.ipa.certs import IPARAAgent +from ipahealthcheck.ipa.certs import IPARAAgent, IPAKRAAgent from ipalib import errors from ipapython.dn import DN @@ -218,3 +218,173 @@ class TestNSSAgent(BaseTest): assert result.result == constants.SUCCESS assert result.source == 'ipahealthcheck.ipa.certs' assert result.check == 'IPARAAgent' + + +class TestKRAAgent(BaseTest): + cert = IPACertificate() + patches = { + 'ldap.initialize': + Mock(return_value=mock_ldap_conn()), + 'ipaserver.install.krainstance.KRAInstance': + Mock(return_value=KRAInstance()), + 'ipalib.x509.load_certificate_from_file': + Mock(return_value=cert), + } + + def test_kra_agent_ok(self): + + attrs = dict( + description=['2;1;CN=ISSUER;CN=RA AGENT'], + usercertificate=[self.cert], + ) + fake_conn = LDAPClient('ldap://localhost', no_schema=True) + ldapentry = LDAPEntry(fake_conn, + DN('uid=ipakra,ou=people,o=kra,o=ipaca')) + for attr, values in attrs.items(): + ldapentry[attr] = values + + framework = object() + registry.initialize(framework, config.Config()) + f = IPAKRAAgent(registry) + + f.conn = mock_ldap([ldapentry]) + self.results = capture_results(f) + + assert len(self.results) == 1 + + result = self.results.results[0] + assert result.result == constants.SUCCESS + assert result.source == 'ipahealthcheck.ipa.certs' + assert result.check == 'IPAKRAAgent' + + def test_kra_agent_no_description(self): + + attrs = dict( + usercertificate=[self.cert], + ) + fake_conn = LDAPClient('ldap://localhost', no_schema=True) + ldapentry = LDAPEntry(fake_conn, + DN('uid=ipakra,ou=people,o=kra,o=ipaca')) + for attr, values in attrs.items(): + ldapentry[attr] = values + + framework = object() + registry.initialize(framework, config.Config()) + f = IPAKRAAgent(registry) + + f.conn = mock_ldap([ldapentry]) + self.results = capture_results(f) + result = self.results.results[0] + + assert result.result == constants.ERROR + assert 'description' in result.kw.get('msg') + + @patch('ipalib.x509.load_certificate_from_file') + def test_kra_agent_load_failure(self, mock_load_cert): + + mock_load_cert.side_effect = IOError('test') + + framework = object() + registry.initialize(framework, config.Config()) + f = IPAKRAAgent(registry) + + self.results = capture_results(f) + result = self.results.results[0] + + assert result.result == constants.ERROR + assert result.kw.get('error') == 'test' + + def test_kra_agent_no_entry_found(self): + + framework = object() + registry.initialize(framework, config.Config()) + f = IPAKRAAgent(registry) + + f.conn = mock_ldap(None) # None == NotFound + self.results = capture_results(f) + result = self.results.results[0] + + assert result.result == constants.ERROR + assert result.kw.get('msg') == 'KRA agent not found in LDAP' + + def test_kra_agent_too_many(self): + + attrs = dict( + description=['2;1;CN=ISSUER;CN=RA AGENT'], + usercertificate=[self.cert], + ) + fake_conn = LDAPClient('ldap://localhost', no_schema=True) + ldapentry = LDAPEntry(fake_conn, + DN('uid=ipakra,ou=people,o=kra,o=ipaca')) + for attr, values in attrs.items(): + ldapentry[attr] = values + + ldapentry2 = LDAPEntry(fake_conn, + DN('uid=ipakra,ou=people,o=kra,o=ipaca')) + for attr, values in attrs.items(): + ldapentry[attr] = values + + framework = object() + registry.initialize(framework, config.Config()) + f = IPAKRAAgent(registry) + + f.conn = mock_ldap([ldapentry, ldapentry2]) + self.results = capture_results(f) + result = self.results.results[0] + + assert result.result == constants.ERROR + assert result.kw.get('found') == 2 + + def test_kra_agent_nonmatching_cert(self): + + cert2 = IPACertificate(2) + + attrs = dict( + description=['2;1;CN=ISSUER;CN=RA AGENT'], + usercertificate=[cert2], + ) + fake_conn = LDAPClient('ldap://localhost', no_schema=True) + ldapentry = LDAPEntry(fake_conn, + DN('uid=ipakra,ou=people,o=kra,o=ipaca')) + for attr, values in attrs.items(): + ldapentry[attr] = values + + framework = object() + registry.initialize(framework, config.Config()) + f = IPAKRAAgent(registry) + + f.conn = mock_ldap([ldapentry]) + self.results = capture_results(f) + result = self.results.results[0] + + assert result.result == constants.ERROR + assert result.kw.get('certfile') == paths.RA_AGENT_PEM + assert result.kw.get('dn') == 'uid=ipakra,ou=people,o=kra,o=ipaca' + + def test_kra_agent_multiple_certs(self): + + cert2 = IPACertificate(2) + + attrs = dict( + description=['2;1;CN=ISSUER;CN=RA AGENT'], + usercertificate=[cert2, self.cert], + ) + fake_conn = LDAPClient('ldap://localhost', no_schema=True) + ldapentry = LDAPEntry(fake_conn, + DN('uid=ipakra,ou=people,o=kra,o=ipaca')) + for attr, values in attrs.items(): + ldapentry[attr] = values + + framework = object() + registry.initialize(framework, config.Config) + f = IPAKRAAgent(registry) + + f.conn = mock_ldap([ldapentry]) + self.results = capture_results(f) + + assert len(self.results) == 1 + + result = self.results.results[0] + assert result.result == constants.SUCCESS + assert result.source == 'ipahealthcheck.ipa.certs' + assert result.check == 'IPAKRAAgent' -- 2.26.2