ipa-healthcheck/SOURCES/0003-Allow-for-HIDDEN_SERVI...

From de2032487c73151e13812db78866ddd85d0f541c Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 28 Jun 2021 16:43:11 -0400
Subject: [PATCH] Allow for HIDDEN_SERVICE when checking ADTRUST service

If the host is a trust controller then the ADTRUST service
must be enabled. This is defined as both ENABLED_SERVICE and
HIDDEN_SERVICE.

https://github.com/freeipa/freeipa-healthcheck/issues/217

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
 src/ipahealthcheck/ipa/trust.py |  6 ++--
 tests/test_ipa_trust.py         | 54 ++++++++++++++++++---------------
 2 files changed, 33 insertions(+), 27 deletions(-)

diff --git a/src/ipahealthcheck/ipa/trust.py b/src/ipahealthcheck/ipa/trust.py
index 162a64c..27a2c86 100644
--- a/src/ipahealthcheck/ipa/trust.py
+++ b/src/ipahealthcheck/ipa/trust.py
@@ -23,9 +23,9 @@ except ImportError:
     # be skipped
     pass
 try:
-    from ipaserver.masters import ENABLED_SERVICE
+    from ipaserver.masters import ENABLED_SERVICE, HIDDEN_SERVICE
 except ImportError:
-    from ipaserver.install.service import ENABLED_SERVICE
+    from ipaserver.install.service import ENABLED_SERVICE, HIDDEN_SERVICE
 try:
     from ipapython.ipaldap import realm_to_serverid
 except ImportError:
@@ -476,7 +476,7 @@ class IPATrustControllerServiceCheck(IPAPlugin):
             configs = entry.get('ipaconfigstring', [])
             enabled = False
             for config in configs:
-                if config == ENABLED_SERVICE:
+                if config in [ENABLED_SERVICE, HIDDEN_SERVICE]:
                     enabled = True
                     break
 
diff --git a/tests/test_ipa_trust.py b/tests/test_ipa_trust.py
index 5eca9b5..c314b70 100644
--- a/tests/test_ipa_trust.py
+++ b/tests/test_ipa_trust.py
@@ -28,6 +28,11 @@ from ipahealthcheck.ipa.trust import (IPATrustAgentCheck,
 from ipalib import errors
 from ipapython.dn import DN
 from ipapython.ipaldap import LDAPClient, LDAPEntry
+try:
+    from ipaserver.masters import ENABLED_SERVICE, HIDDEN_SERVICE
+except ImportError:
+    from ipaserver.install.service import ENABLED_SERVICE, HIDDEN_SERVICE
+
 
 try:
     from ipapython.ipaldap import realm_to_serverid
@@ -795,31 +800,32 @@ class TestControllerService(BaseTest):
         # Zero because the call was skipped altogether
         assert len(self.results) == 0
 
-    def test_principal_ok(self):
+    def test_service_enabled(self):
         service_dn = DN(('cn', 'ADTRUST'))
-        attrs = {
-            'ipaconfigstring': ['enabledService'],
-        }
-        fake_conn = LDAPClient('ldap://localhost', no_schema=True)
-        ldapentry = LDAPEntry(fake_conn, service_dn)
-        for attr, values in attrs.items():
-            ldapentry[attr] = values
-
-        framework = object()
-        registry.initialize(framework, config.Config)
-        registry.trust_controller = True
-        f = IPATrustControllerServiceCheck(registry)
-
-        f.conn = mock_ldap(ldapentry)
-        self.results = capture_results(f)
-
-        assert len(self.results) == 1
-
-        result = self.results.results[0]
-        assert result.result == constants.SUCCESS
-        assert result.source == 'ipahealthcheck.ipa.trust'
-        assert result.check == 'IPATrustControllerServiceCheck'
-        assert result.kw.get('key') == 'ADTRUST'
+        for type in [ENABLED_SERVICE, HIDDEN_SERVICE]:
+            attrs = {
+                'ipaconfigstring': [type],
+            }
+            fake_conn = LDAPClient('ldap://localhost', no_schema=True)
+            ldapentry = LDAPEntry(fake_conn, service_dn)
+            for attr, values in attrs.items():
+                ldapentry[attr] = values
+
+            framework = object()
+            registry.initialize(framework, config.Config)
+            registry.trust_controller = True
+            f = IPATrustControllerServiceCheck(registry)
+
+            f.conn = mock_ldap(ldapentry)
+            self.results = capture_results(f)
+
+            assert len(self.results) == 1
+
+            result = self.results.results[0]
+            assert result.result == constants.SUCCESS
+            assert result.source == 'ipahealthcheck.ipa.trust'
+            assert result.check == 'IPATrustControllerServiceCheck'
+            assert result.kw.get('key') == 'ADTRUST'
 
     def test_principal_fail(self):
         service_dn = DN(('cn', 'ADTRUST'))
-- 
2.31.1
import ipa-healthcheck-0.9-9.el9 2 years ago			`From de2032487c73151e13812db78866ddd85d0f541c Mon Sep 17 00:00:00 2001`
			`From: Rob Crittenden <rcritten@redhat.com>`
			`Date: Mon, 28 Jun 2021 16:43:11 -0400`
			`Subject: [PATCH] Allow for HIDDEN_SERVICE when checking ADTRUST service`

			`If the host is a trust controller then the ADTRUST service`
			`must be enabled. This is defined as both ENABLED_SERVICE and`
			`HIDDEN_SERVICE.`

			`https://github.com/freeipa/freeipa-healthcheck/issues/217`

			`Signed-off-by: Rob Crittenden <rcritten@redhat.com>`
			`---`
			`src/ipahealthcheck/ipa/trust.py \| 6 ++--`
			`tests/test_ipa_trust.py \| 54 ++++++++++++++++++---------------`
			`2 files changed, 33 insertions(+), 27 deletions(-)`

			`diff --git a/src/ipahealthcheck/ipa/trust.py b/src/ipahealthcheck/ipa/trust.py`
			`index 162a64c..27a2c86 100644`
			`--- a/src/ipahealthcheck/ipa/trust.py`
			`+++ b/src/ipahealthcheck/ipa/trust.py`
			`@@ -23,9 +23,9 @@ except ImportError:`
			`# be skipped`
			`pass`
			`try:`
			`- from ipaserver.masters import ENABLED_SERVICE`
			`+ from ipaserver.masters import ENABLED_SERVICE, HIDDEN_SERVICE`
			`except ImportError:`
			`- from ipaserver.install.service import ENABLED_SERVICE`
			`+ from ipaserver.install.service import ENABLED_SERVICE, HIDDEN_SERVICE`
			`try:`
			`from ipapython.ipaldap import realm_to_serverid`
			`except ImportError:`
			`@@ -476,7 +476,7 @@ class IPATrustControllerServiceCheck(IPAPlugin):`
			`configs = entry.get('ipaconfigstring', [])`
			`enabled = False`
			`for config in configs:`
			`- if config == ENABLED_SERVICE:`
			`+ if config in [ENABLED_SERVICE, HIDDEN_SERVICE]:`
			`enabled = True`
			`break`

			`diff --git a/tests/test_ipa_trust.py b/tests/test_ipa_trust.py`
			`index 5eca9b5..c314b70 100644`
			`--- a/tests/test_ipa_trust.py`
			`+++ b/tests/test_ipa_trust.py`
			`@@ -28,6 +28,11 @@ from ipahealthcheck.ipa.trust import (IPATrustAgentCheck,`
			`from ipalib import errors`
			`from ipapython.dn import DN`
			`from ipapython.ipaldap import LDAPClient, LDAPEntry`
			`+try:`
			`+ from ipaserver.masters import ENABLED_SERVICE, HIDDEN_SERVICE`
			`+except ImportError:`
			`+ from ipaserver.install.service import ENABLED_SERVICE, HIDDEN_SERVICE`
			`+`

			`try:`
			`from ipapython.ipaldap import realm_to_serverid`
			`@@ -795,31 +800,32 @@ class TestControllerService(BaseTest):`
			`# Zero because the call was skipped altogether`
			`assert len(self.results) == 0`

			`- def test_principal_ok(self):`
			`+ def test_service_enabled(self):`
			`service_dn = DN(('cn', 'ADTRUST'))`
			`- attrs = {`
			`- 'ipaconfigstring': ['enabledService'],`
			`- }`
			`- fake_conn = LDAPClient('ldap://localhost', no_schema=True)`
			`- ldapentry = LDAPEntry(fake_conn, service_dn)`
			`- for attr, values in attrs.items():`
			`- ldapentry[attr] = values`
			`-`
			`- framework = object()`
			`- registry.initialize(framework, config.Config)`
			`- registry.trust_controller = True`
			`- f = IPATrustControllerServiceCheck(registry)`
			`-`
			`- f.conn = mock_ldap(ldapentry)`
			`- self.results = capture_results(f)`
			`-`
			`- assert len(self.results) == 1`
			`-`
			`- result = self.results.results[0]`
			`- assert result.result == constants.SUCCESS`
			`- assert result.source == 'ipahealthcheck.ipa.trust'`
			`- assert result.check == 'IPATrustControllerServiceCheck'`
			`- assert result.kw.get('key') == 'ADTRUST'`
			`+ for type in [ENABLED_SERVICE, HIDDEN_SERVICE]:`
			`+ attrs = {`
			`+ 'ipaconfigstring': [type],`
			`+ }`
			`+ fake_conn = LDAPClient('ldap://localhost', no_schema=True)`
			`+ ldapentry = LDAPEntry(fake_conn, service_dn)`
			`+ for attr, values in attrs.items():`
			`+ ldapentry[attr] = values`
			`+`
			`+ framework = object()`
			`+ registry.initialize(framework, config.Config)`
			`+ registry.trust_controller = True`
			`+ f = IPATrustControllerServiceCheck(registry)`
			`+`
			`+ f.conn = mock_ldap(ldapentry)`
			`+ self.results = capture_results(f)`
			`+`
			`+ assert len(self.results) == 1`
			`+`
			`+ result = self.results.results[0]`
			`+ assert result.result == constants.SUCCESS`
			`+ assert result.source == 'ipahealthcheck.ipa.trust'`
			`+ assert result.check == 'IPATrustControllerServiceCheck'`
			`+ assert result.kw.get('key') == 'ADTRUST'`

			`def test_principal_fail(self):`
			`service_dn = DN(('cn', 'ADTRUST'))`
			`--`
			`2.31.1`