From c55185d3dc3c6cd2ffebab77fbf8caa40a32bcd1 Mon Sep 17 00:00:00 2001 From: Erik Date: Mon, 18 Jul 2022 11:59:24 +0200 Subject: [PATCH] ipatests: healthcheck: test if system is FIPS enabled Test if FIPS is enabled and the check exists. Related: https://pagure.io/freeipa/issue/8951 Signed-off-by: Erik Belko Reviewed-By: Michal Polovka Reviewed-By: Rob Crittenden --- .../test_integration/test_ipahealthcheck.py | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/ipatests/test_integration/test_ipahealthcheck.py b/ipatests/test_integration/test_ipahealthcheck.py index 23af09f3a7eaa8012e7a898ce6a534d1fad45323..a0c85f79e6e84f9e63072c6d70276480e4af97ad 100644 --- a/ipatests/test_integration/test_ipahealthcheck.py +++ b/ipatests/test_integration/test_ipahealthcheck.py @@ -340,6 +340,31 @@ class TestIpaHealthCheck(IntegrationTest): assert returncode == 0 assert output == "No issues found." + def test_ipa_healthcheck_fips_enabled(self): + """ + Test if FIPS is enabled and the check exists. + + https://pagure.io/freeipa/issue/8951 + """ + returncode, check = run_healthcheck(self.master, + source="ipahealthcheck.meta.core", + check="MetaCheck", + output_type="json", + failures_only=False) + assert returncode == 0 + + cmd = self.master.run_command(['fips-mode-setup', '--is-enabled'], + raiseonerr=False) + returncode = cmd.returncode + + # If this produces IndexError, the check does not exist + if check[0]["kw"]["fips"] == "disabled": + assert returncode == 2 + elif check[0]["kw"]["fips"] == "enabled": + assert returncode == 0 + else: + assert returncode == 1 + def test_ipa_healthcheck_after_certupdate(self): """ Verify that ipa-certupdate hasn't messed up tracking -- 2.37.2