[Freeipa-devel] [freeipa PR#4940][opened] [Backport][ipa-4-8] ipatests: Test to check IPACAChainExpirationCheck when IPA cacrt is renamed

[rcritten via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/4940
Author: rcritten
 Title: #4940: [Backport][ipa-4-8] ipatests: Test to check 
IPACAChainExpirationCheck when IPA cacrt is renamed
Action: opened

PR body:
"""
This PR was opened automatically because PR #4928 was pushed to master and 
backport to ipa-4-8 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4940/head:pr4940
git checkout pr4940

From f727db675b739073c87568080c89b85098cd866b Mon Sep 17 00:00:00 2001
From: sumenon <sume...@redhat.com>
Date: Fri, 17 Jul 2020 19:47:16 +0530
Subject: [PATCH] ipatests: Test to check IPACAChainExpirationCheck when IPA
 cacrt is renamed

This testcase checks that ERROR message is displayed
by IPACAChainExpirationCheck when ipa ca crt file is renamed.
---
 .../test_integration/test_ipahealthcheck.py   | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/ipatests/test_integration/test_ipahealthcheck.py b/ipatests/test_integration/test_ipahealthcheck.py
index ac13dbdfb3..729a685284 100644
--- a/ipatests/test_integration/test_ipahealthcheck.py
+++ b/ipatests/test_integration/test_ipahealthcheck.py
@@ -723,6 +723,43 @@ def test_run_with_stopped_master(self, ipactl):
         errors = re.findall("ERROR: .*: not running", output)
         assert len(errors) == len(output.split('\n'))
 
+    @pytest.fixture()
+    def move_ipa_ca_crt(self):
+        """
+        Fixture to move ipa_ca_crt and revert
+        """
+        self.master.run_command(
+            ["mv", paths.IPA_CA_CRT, "%s.old" % paths.CA_CRT]
+        )
+        yield
+        self.master.run_command(
+            ["mv", "%s.old" % paths.CA_CRT, paths.IPA_CA_CRT]
+        )
+
+    def test_chainexpiration_check_without_cert(self, move_ipa_ca_crt):
+        """
+        Testcase checks that ERROR message is displayed
+        when ipa ca crt file is not renamed
+        """
+        error_text = (
+            "[Errno 2] No such file or directory: '{}'"
+            .format(paths.IPA_CA_CRT)
+        )
+        msg_text = (
+            "Error opening IPA CA chain at {key}: {error}"
+        )
+        returncode, data = run_healthcheck(
+            self.master,
+            "ipahealthcheck.ipa.certs",
+            "IPACAChainExpirationCheck",
+        )
+        assert returncode == 1
+        for check in data:
+            assert check["result"] == "ERROR"
+            assert check["kw"]["key"] == paths.IPA_CA_CRT
+            assert check["kw"]["error"] == error_text
+            assert check["kw"]["msg"] == msg_text
+
     def test_ipa_healthcheck_remove(self):
         """
         This testcase checks the removal of of healthcheck tool

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org