You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
122 lines
5.0 KiB
122 lines
5.0 KiB
From f496fca98ba5c9d04423b0c8ee5e69277bcc5a08 Mon Sep 17 00:00:00 2001
|
|
From: Barbora Simonova <bsmejkal@redhat.com>
|
|
Date: Mon, 31 Jul 2023 12:58:14 +0200
|
|
Subject: [PATCH 09/11] Issue 2375 - CLI - Healthcheck - revise and add new
|
|
checks
|
|
|
|
Description:
|
|
Updated the healthcheck tests with nsslapd-accesslog-logbuffering
|
|
settings so it does not report a warning.
|
|
Also adjusted certificate tests so it covers days in leap year.
|
|
|
|
Relates: https://github.com/389ds/389-ds-base/issues/2375
|
|
|
|
Reviewed by: @vashirov (Thanks!)
|
|
---
|
|
.../suites/healthcheck/health_repl_test.py | 7 ++++++
|
|
.../healthcheck/health_security_test.py | 22 +++++++++++++++++--
|
|
2 files changed, 27 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/dirsrvtests/tests/suites/healthcheck/health_repl_test.py b/dirsrvtests/tests/suites/healthcheck/health_repl_test.py
|
|
index e67c5d0ef..8905db68f 100644
|
|
--- a/dirsrvtests/tests/suites/healthcheck/health_repl_test.py
|
|
+++ b/dirsrvtests/tests/suites/healthcheck/health_repl_test.py
|
|
@@ -107,6 +107,10 @@ def test_healthcheck_replication_replica_not_reachable(topology_m2):
|
|
M1 = topology_m2.ms['supplier1']
|
|
M2 = topology_m2.ms['supplier2']
|
|
|
|
+ log.info('Set nsslapd-accesslog-logbuffering so it does not raise a warning')
|
|
+ M1.config.set('nsslapd-accesslog-logbuffering', 'on')
|
|
+ M2.config.set('nsslapd-accesslog-logbuffering', 'on')
|
|
+
|
|
set_changelog_trimming(M1)
|
|
|
|
log.info('Set nsds5replicaport for the replication agreement to an unreachable port')
|
|
@@ -156,6 +160,9 @@ def test_healthcheck_changelog_trimming_not_configured(topology_m2):
|
|
|
|
M1 = topology_m2.ms['supplier1']
|
|
|
|
+ log.info('Set nsslapd-accesslog-logbuffering so it does not raise a warning')
|
|
+ M1.config.set('nsslapd-accesslog-logbuffering', 'on')
|
|
+
|
|
RET_CODE = 'DSCLLE0001'
|
|
|
|
log.info('Get the changelog entries for M1')
|
|
diff --git a/dirsrvtests/tests/suites/healthcheck/health_security_test.py b/dirsrvtests/tests/suites/healthcheck/health_security_test.py
|
|
index d14b52c7a..ebd330d95 100644
|
|
--- a/dirsrvtests/tests/suites/healthcheck/health_security_test.py
|
|
+++ b/dirsrvtests/tests/suites/healthcheck/health_security_test.py
|
|
@@ -102,6 +102,9 @@ def test_healthcheck_insecure_pwd_hash_configured(topology_st):
|
|
|
|
standalone = topology_st.standalone
|
|
|
|
+ log.info('Set nsslapd-accesslog-logbuffering so it does not raise a warning')
|
|
+ standalone.config.set('nsslapd-accesslog-logbuffering', 'on')
|
|
+
|
|
log.info('Configure an insecure passwordStorageScheme (SHA)')
|
|
standalone.config.set('passwordStorageScheme', 'SHA')
|
|
|
|
@@ -154,6 +157,9 @@ def test_healthcheck_min_allowed_tls_version_too_low(topology_st):
|
|
|
|
standalone = topology_st.standalone
|
|
|
|
+ log.info('Set nsslapd-accesslog-logbuffering so it does not raise a warning')
|
|
+ standalone.config.set('nsslapd-accesslog-logbuffering', 'on')
|
|
+
|
|
standalone.enable_tls()
|
|
|
|
# We have to update-crypto-policies to LEGACY, otherwise we can't set TLS1.0
|
|
@@ -210,6 +216,9 @@ def test_healthcheck_resolvconf_bad_file_perm(topology_st):
|
|
|
|
standalone = topology_st.standalone
|
|
|
|
+ log.info('Set nsslapd-accesslog-logbuffering so it does not raise a warning')
|
|
+ standalone.config.set('nsslapd-accesslog-logbuffering', 'on')
|
|
+
|
|
log.info('Change the /etc/resolv.conf file permissions to 444')
|
|
os.chmod('/etc/resolv.conf', 0o444)
|
|
|
|
@@ -254,6 +263,9 @@ def test_healthcheck_pwdfile_bad_file_perm(topology_st):
|
|
standalone = topology_st.standalone
|
|
cert_dir = standalone.ds_paths.cert_dir
|
|
|
|
+ log.info('Set nsslapd-accesslog-logbuffering so it does not raise a warning')
|
|
+ standalone.config.set('nsslapd-accesslog-logbuffering', 'on')
|
|
+
|
|
log.info('Change the /etc/dirsrv/slapd-{}/pwdfile.txt permissions to 000'.format(standalone.serverid))
|
|
os.chmod('{}/pwdfile.txt'.format(cert_dir), 0o000)
|
|
|
|
@@ -291,10 +303,13 @@ def test_healthcheck_certif_expiring_within_30d(topology_st):
|
|
|
|
standalone = topology_st.standalone
|
|
|
|
+ log.info('Set nsslapd-accesslog-logbuffering so it does not raise a warning')
|
|
+ standalone.config.set('nsslapd-accesslog-logbuffering', 'on')
|
|
+
|
|
standalone.enable_tls()
|
|
|
|
# Cert is valid two years from today, so we count the date that is within 30 days before certificate expiration
|
|
- date_future = datetime.now() + timedelta(days=701)
|
|
+ date_future = datetime.now() + timedelta(days=702)
|
|
|
|
with libfaketime.fake_time(date_future):
|
|
run_healthcheck_and_flush_log(topology_st, standalone, RET_CODE, json=False)
|
|
@@ -329,10 +344,13 @@ def test_healthcheck_certif_expired(topology_st):
|
|
|
|
standalone = topology_st.standalone
|
|
|
|
+ log.info('Set nsslapd-accesslog-logbuffering so it does not raise a warning')
|
|
+ standalone.config.set('nsslapd-accesslog-logbuffering', 'on')
|
|
+
|
|
standalone.enable_tls()
|
|
|
|
# Cert is valid two years from today, so we count the date that is after expiration
|
|
- date_future = datetime.now() + timedelta(days=731)
|
|
+ date_future = datetime.now() + timedelta(days=732)
|
|
|
|
with libfaketime.fake_time(date_future):
|
|
run_healthcheck_and_flush_log(topology_st, standalone, RET_CODE, json=False)
|
|
--
|
|
2.41.0
|
|
|