mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 16:31:08 -06:00
b5bdd07bc5
Add absolute_import from __future__ so that pylint does not fail and to achieve python3 behavior in python2. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
97 lines
2.4 KiB
Python
97 lines
2.4 KiB
Python
#
|
|
# Copyright (C) 2018 FreeIPA Contributors. See COPYING for license
|
|
#
|
|
|
|
from __future__ import absolute_import
|
|
|
|
import tempfile
|
|
|
|
import pytest
|
|
|
|
from ipaplatform.paths import paths
|
|
from ipaserver.install.server.upgrade import named_add_crypto_policy
|
|
|
|
try:
|
|
from unittest.mock import patch # pylint: disable=import-error
|
|
except ImportError:
|
|
from mock import patch # pylint: disable=import-error
|
|
|
|
|
|
TEST_CONFIG = """
|
|
options {
|
|
\tdnssec-enable yes;
|
|
\tdnssec-validation yes;
|
|
};
|
|
|
|
include "random/file";
|
|
"""
|
|
|
|
EXPECTED_CONFIG = """
|
|
options {
|
|
\tdnssec-enable yes;
|
|
\tdnssec-validation yes;
|
|
\tinclude "/etc/crypto-policies/back-ends/bind.config";
|
|
};
|
|
|
|
include "random/file";
|
|
"""
|
|
|
|
# bindinstance.named_conf_exists() looks for a section like this
|
|
IPA_DYNDB_CONFIG = """
|
|
dyndb "ipa" "/usr/lib/bind/ldap.so" {
|
|
};
|
|
"""
|
|
|
|
POLICY_FILE = "/etc/crypto-policies/back-ends/bind.config"
|
|
|
|
|
|
@pytest.fixture
|
|
def namedconf():
|
|
with tempfile.NamedTemporaryFile('w+') as f:
|
|
with patch.multiple(paths,
|
|
NAMED_CONF=f.name,
|
|
NAMED_CRYPTO_POLICY_FILE=POLICY_FILE):
|
|
yield f.name
|
|
|
|
|
|
@patch('ipaserver.install.sysupgrade.get_upgrade_state')
|
|
@patch('ipaserver.install.sysupgrade.set_upgrade_state')
|
|
def test_add_crypto_policy(m_set, m_get, namedconf):
|
|
m_get.return_value = False
|
|
with open(namedconf, 'w') as f:
|
|
f.write(TEST_CONFIG)
|
|
f.write(IPA_DYNDB_CONFIG)
|
|
|
|
result = named_add_crypto_policy()
|
|
assert result
|
|
m_get.assert_called_with('named.conf', 'add_crypto_policy')
|
|
m_set.assert_called_with('named.conf', 'add_crypto_policy', True)
|
|
|
|
with open(namedconf) as f:
|
|
content = f.read()
|
|
assert content == ''.join([EXPECTED_CONFIG, IPA_DYNDB_CONFIG])
|
|
|
|
m_get.reset_mock()
|
|
m_set.reset_mock()
|
|
|
|
m_get.return_value = True
|
|
named_add_crypto_policy()
|
|
m_get.assert_called_with('named.conf', 'add_crypto_policy')
|
|
m_set.assert_not_called()
|
|
|
|
|
|
@patch('ipaserver.install.sysupgrade.get_upgrade_state')
|
|
@patch('ipaserver.install.sysupgrade.set_upgrade_state')
|
|
def test_add_crypto_policy_no_ipa(m_set, m_get, namedconf):
|
|
# Test if the update step is skipped when named.conf doesn't contain
|
|
# IPA related settings.
|
|
m_get.return_value = False
|
|
with open(namedconf, 'w') as f:
|
|
f.write(TEST_CONFIG)
|
|
|
|
result = named_add_crypto_policy()
|
|
assert not result
|
|
|
|
m_get.assert_not_called()
|
|
m_set.assert_not_called()
|