ipatests: healthcheck: test if system is FIPS enabled

Test if FIPS is enabled and the check exists. Related: https://pagure.io/freeipa/issue/8951 Signed-off-by: Erik Belko <ebelko@redhat.com> Reviewed-By: Michal Polovka <mpolovka@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2022-07-18 11:59:24 +02:00 · 2022-07-18 11:59:24 +02:00 · fc5de8216d
commit fc5de8216d
parent e9b232fcf4
1 changed files with 25 additions and 0 deletions
--- a/ipatests/test_integration/test_ipahealthcheck.py
+++ b/ipatests/test_integration/test_ipahealthcheck.py
@ -340,6 +340,31 @@ class TestIpaHealthCheck(IntegrationTest):
        assert returncode == 0
        assert output == "No issues found."

+    def test_ipa_healthcheck_fips_enabled(self):
+        """
+        Test if FIPS is enabled and the check exists.
+
+        https://pagure.io/freeipa/issue/8951
+        """
+        returncode, check = run_healthcheck(self.master,
+                                            source="ipahealthcheck.meta.core",
+                                            check="MetaCheck",
+                                            output_type="json",
+                                            failures_only=False)
+        assert returncode == 0
+
+        cmd = self.master.run_command(['fips-mode-setup', '--is-enabled'],
+                                      raiseonerr=False)
+        returncode = cmd.returncode
+
+        # If this produces IndexError, the check does not exist
+        if check[0]["kw"]["fips"] == "disabled":
+            assert returncode == 2
+        elif check[0]["kw"]["fips"] == "enabled":
+            assert returncode == 0
+        else:
+            assert returncode == 1
+
    def test_ipa_healthcheck_after_certupdate(self):
        """
        Verify that ipa-certupdate hasn't messed up tracking