ipatests: Tests for ipahealthcheck.ds.nss_ssl

test_nsscheck_cert_expiring is moved under test_ipa_healthcheck_expiring This patch checks that the 'ipahealthcheck.ds.nss_ssl' check in healthcheck tool reports the correct status for the "Server-Cert" about to expire and already expired respectively. Signed-off-by: Sudhir Menon <sumenon@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-11-11 17:56:10 +05:30 · 2020-11-11 17:56:10 +05:30 · cd9b4efa91
commit cd9b4efa91
parent d30939ebfd
1 changed files with 49 additions and 0 deletions
--- a/ipatests/test_integration/test_ipahealthcheck.py
+++ b/ipatests/test_integration/test_ipahealthcheck.py
@ -1138,11 +1138,58 @@ class TestIpaHealthCheck(IntegrationTest):
                assert "cn=config" in check["kw"]["items"]
                assert error_msg in check["kw"]["msg"]

+    @pytest.fixture
+    def expire_cert_critical(self):
+        """
+        Fixture to expire the cert by moving the system date using
+        date -s command and revert it back
+        """
+        self.master.run_command(['date','-s', '+3Years'])
+        yield
+        self.master.run_command(['date','-s', '-3Years'])
+        self.master.run_command(['ipactl', 'restart'])
+
+    def test_nsscheck_cert_expired(self, expire_cert_critical):
+        """
+        This test checks that critical message is displayed
+        for NssCheck when Server-Cert has expired
+        """
+        msg = "The certificate (Server-Cert) has expired"
+        returncode, data = run_healthcheck(
+            self.master, "ipahealthcheck.ds.nss_ssl", "NssCheck",
+        )
+        assert returncode == 1
+        for check in data:
+            assert check["result"] == "CRITICAL"
+            assert check["kw"]["key"] == "DSCERTLE0002"
+            assert "Expired Certificate" in check["kw"]["items"]
+            assert check["kw"]["msg"] == msg
+
+
    def test_ipa_healthcheck_expiring(self, restart_service):
        """
        There are two overlapping tests for expiring certs, check both.
        """

+        def execute_nsscheck_cert_expiring(check):
+            """
+            This test checks that error message is displayed
+            for NssCheck when 'Server-Cert' is about to expire
+            """
+            msg = (
+                "The certificate (Server-Cert) will "
+                "expire in less than 30 days"
+            )
+            returncode, data = run_healthcheck(
+                self.master, "ipahealthcheck.ds.nss_ssl", "NssCheck",
+            )
+            assert returncode == 1
+            for check in data:
+                assert check["result"] == "ERROR"
+                assert check["kw"]["key"] == "DSCERTLE0001"
+                assert "Expiring Certificate" in check["kw"]["items"]
+                assert check["kw"]["msg"] == msg
+
        def execute_expiring_check(check):
            """
            Test that certmonger will report warnings if expiration is near
@ -1200,6 +1247,8 @@ class TestIpaHealthCheck(IntegrationTest):
                          "IPACertfileExpirationCheck",):
                execute_expiring_check(check)

+            execute_nsscheck_cert_expiring(check)
+
        finally:
            # After restarting chronyd, the date may need some time to get
            # synced. Help chrony by resetting the date