diff --git a/docs/changelog.md b/docs/changelog.md index 92f0397f..66111714 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -2,6 +2,14 @@ ## Latest +## 2026.1.16.0 + +- fix: base/audit/configuration.py - improved idempotency (#288) +- feat: base/cluster/configuration.py - dsc TLS settings for v11.0.3 +- fix: base/remote_syslog/forwarder.py - bugfix +- fix: base/audit_configuration.py - improved idempotency (#288) +- test: update test for audit configuration + ## 2026.1.14.0 - fix: base/remote_syslog/forwarder.py - improved idempotency and bugfix diff --git a/ibmsecurity/isam/base/audit/configuration.py b/ibmsecurity/isam/base/audit/configuration.py index 95b73209..3b4b7277 100644 --- a/ibmsecurity/isam/base/audit/configuration.py +++ b/ibmsecurity/isam/base/audit/configuration.py @@ -1,5 +1,7 @@ import logging +from operator import itemgetter from ibmsecurity.utilities import tools +from ibmsecurity.utilities.tools import json_equals try: basestring @@ -28,7 +30,7 @@ def get(isamAppliance, id=None, check_mode=False, force=False): requires_version=requires_version) -def set(isamAppliance, id, config, enabled=True, type='Syslog', verbose=True, check_mode=False, force=False, use_json=False, components=None): +def set(isamAppliance, id, config, enabled=True, type='Syslog', verbose=True, check_mode=False, force=False, use_json=False, useJSONFormat=False, components=None): """ Update Audit Configuration @@ -156,12 +158,15 @@ def set(isamAppliance, id, config, enabled=True, type='Syslog', verbose=True, ch type: Syslog verbose: false """ + if useJSONFormat or use_json: + use_json = True + pol_id, update_required, json_data = _check(isamAppliance, id, config, enabled, type, verbose, use_json, components) if pol_id is None: from ibmsecurity.appliance.ibmappliance import IBMError raise IBMError("999", f"Cannot update data for unknown Audit Configuration ID: {id}") - if force is True or update_required is True: + if force or update_required: if check_mode is True: return isamAppliance.create_return_object(changed=True) else: @@ -179,6 +184,7 @@ def _check(isamAppliance, id, config, enabled, type, verbose, use_json=False, co """ update_required = False pol_id = None + aud_cfg = None # convert all values into string - any other type causes issues for cfg in config: if isinstance(cfg['value'], bool): @@ -203,7 +209,7 @@ def _check(isamAppliance, id, config, enabled, type, verbose, use_json=False, co use_json = False json_data = { "id": id, - "config": config, + "config": sorted(config, key=itemgetter('key')), "enabled": enabled, "type": type, "verbose": verbose, @@ -221,15 +227,20 @@ def _check(isamAppliance, id, config, enabled, type, verbose, use_json=False, co json_data["components"] = components update_required = True else: - import ibmsecurity.utilities.tools - sorted_json_data = ibmsecurity.utilities.tools.json_sort(json_data) - logger.debug(f"Sorted input: {sorted_json_data}") - sorted_ret_obj = ibmsecurity.utilities.tools.json_sort(aud_cfg) - logger.debug(f"Sorted existing data: {sorted_ret_obj}") - if sorted_ret_obj != sorted_json_data: - logger.info("Changes detected, update needed.") + #import ibmsecurity.utilities.tools + #sorted_json_data = ibmsecurity.utilities.tools.json_sort(json_data) + #logger.debug(f"Sorted input: {sorted_json_data}") + #sorted_ret_obj = ibmsecurity.utilities.tools.json_sort(aud_cfg) + #logger.debug(f"Sorted existing data: {sorted_ret_obj}") + #if sorted_ret_obj != sorted_json_data: + # logger.info("Changes detected, update needed.") + # update_required = True + aud_cfg["config"] = sorted(aud_cfg.get("config", []), key=itemgetter('key')) + if json_equals(aud_cfg, json_data): + # No updates needed + update_required = False + else: update_required = True - return pol_id, update_required, json_data diff --git a/ibmsecurity/isam/base/audit_configuration.py b/ibmsecurity/isam/base/audit_configuration.py index 6a23b3f8..b5925cbc 100644 --- a/ibmsecurity/isam/base/audit_configuration.py +++ b/ibmsecurity/isam/base/audit_configuration.py @@ -20,15 +20,26 @@ def get(isamAppliance, check_mode=False, force=False): """ Retrieve audit configuration """ - return isamAppliance.invoke_get("Retrieve audit configuration", uri, requires_modules=requires_modules, + return isamAppliance.invoke_get("Retrieve audit configuration", uri, + requires_modules=requires_modules, requires_version=requires_version, warnings=warnings) def getComponents(isamAppliance, check_mode=False, force=False): """ - Retrieve audit configuration components + Retrieve audit components configurations """ - return isamAppliance.invoke_get("Retrieve audit configuration components", comp_uri, requires_modules=requires_modules, + return isamAppliance.invoke_get("Retrieve audit components configurations", comp_uri, + requires_modules=requires_modules, + requires_version=requires_version) + +def getComponent(isamAppliance, id): + """ + Retrieve audit component configuration + """ + return isamAppliance.invoke_get("Retrieve audit component configuration", + "{0}/{1}".format(comp_uri, id), + requires_modules=requires_modules, requires_version=requires_version) @@ -177,6 +188,18 @@ def set(isamAppliance, id, config, enabled=True, type='Syslog', verbose=True, ch return isamAppliance.create_return_object() +def setComponent(isamAppliance, id, enabled): + """ + Update audit component configuration + """ + json_data = {'enabled': enabled} + return isamAppliance.invoke_put( + "Update Audit Configuration", + "{0}/{1}".format(comp_uri, id), + json_data, + requires_modules=requires_modules, requires_version=requires_version) + + def _check(isamAppliance, id, config, enabled, type, verbose, use_json=False, components=None): """ Check and return True if update needed @@ -225,10 +248,10 @@ def _check(isamAppliance, id, config, enabled, type, verbose, use_json=False, co json_data["components"] = components update_required = True else: - import ibmsecurity.utilities.tools - sorted_json_data = ibmsecurity.utilities.tools.json_sort(json_data) + aud_cfg["config"] = sorted(aud_cfg.get("config", []), key=itemgetter('key')) + sorted_json_data = tools.json_sort(json_data) logger.debug(f"Sorted input: {sorted_json_data}") - sorted_ret_obj = ibmsecurity.utilities.tools.json_sort(aud_cfg) + sorted_ret_obj = tools.json_sort(aud_cfg) logger.debug(f"Sorted existing data: {sorted_ret_obj}") if sorted_ret_obj != sorted_json_data: logger.info("Changes detected, update needed.") diff --git a/ibmsecurity/isam/base/cluster/configuration.py b/ibmsecurity/isam/base/cluster/configuration.py index ee847511..2b3777af 100644 --- a/ibmsecurity/isam/base/cluster/configuration.py +++ b/ibmsecurity/isam/base/cluster/configuration.py @@ -29,7 +29,8 @@ def get(isamAppliance, check_mode=False, force=False): def set(isamAppliance, primary_master='127.0.0.1', secondary_master=None, master_ere=None, tertiary_master=None, quaternary_master=None, dsc_external_clients=False, dsc_port=None, dsc_use_ssl=None, dsc_ssl_keyfile=None, - dsc_ssl_label=None, dsc_worker_threads=64, dsc_maximum_session_lifetime=3600, dsc_client_grace_period=600, + dsc_ssl_label=None, dsc_ssl_ciphers=None, dsc_tls12_cipher_specs=None, dsc_tls13_cipher_specs=None, + dsc_worker_threads=64, dsc_maximum_session_lifetime=3600, dsc_client_grace_period=600, hvdb_embedded=True, hvdb_max_size=None, hvdb_db_type=None, hvdb_address=None, hvdb_port=None, hvdb_user=None, hvdb_password=None, hvdb_db2_alt_address=None, hvdb_db2_alt_port=None, hvdb_db_name=None, hvdb_db_secure=None, hvdb_driver_type=None, hvdb_solid_tc=None, cfgdb_embedded=True, cfgdb_db_type=None, cfgdb_address=None, @@ -42,7 +43,6 @@ def set(isamAppliance, primary_master='127.0.0.1', secondary_master=None, master """ Set cluster configuration """ - warnings = [] # Create a simple json with just the main client attributes cluster_json = { @@ -162,13 +162,35 @@ def set(isamAppliance, primary_master='127.0.0.1', secondary_master=None, master else: # The default limit for a session query is 1024 cluster_json["dsc_maximum_session_list"] = dsc_maximum_session_list + # 11.0.3.0 Configurable DSC Ciphers + if dsc_ssl_ciphers is not None: + if ibmsecurity.utilities.tools.version_compare(isamAppliance.facts["version"], "11.0.3.0") < 0: + warnings.append( + "Appliance at version: {0}, dsc_ssl_ciphers: {1} is not supported. Needs 11.0.3.0 or higher. Ignoring dsc_ssl_ciphers for this call.".format( + isamAppliance.facts["version"], dsc_ssl_ciphers)) + else: + cluster_json["dsc_ssl_ciphers"] = dsc_ssl_ciphers + if dsc_tls12_cipher_specs is not None: + if ibmsecurity.utilities.tools.version_compare(isamAppliance.facts["version"], "11.0.3.0") < 0: + warnings.append( + "Appliance at version: {0}, dsc_tls12_cipher_specs: {1} is not supported. Needs 11.0.3.0 or higher. Ignoring dsc_tls12_cipher_specs for this call.".format( + isamAppliance.facts["version"], dsc_tls12_cipher_specs)) + else: + cluster_json["dsc_tls12_cipher_specs"] = dsc_tls12_cipher_specs + if dsc_tls13_cipher_specs is not None: + if ibmsecurity.utilities.tools.version_compare(isamAppliance.facts["version"], "11.0.3.0") < 0: + warnings.append( + "Appliance at version: {0}, dsc_tls13_cipher_specs: {1} is not supported. Needs 11.0.3.0 or higher. Ignoring dsc_tls13_cipher_specs for this call.".format( + isamAppliance.facts["version"], dsc_tls13_cipher_specs)) + else: + cluster_json["dsc_tls13_cipher_specs"] = dsc_tls13_cipher_specs check_obj = _check(isamAppliance, cluster_json, ignore_password_for_idempotency) if check_obj['warnings'] != []: warnings.append(check_obj['warnings'][0]) - if force is True or check_obj['value'] is False: - if check_mode is True: + if force or not check_obj['value']: + if check_mode: return isamAppliance.create_return_object(changed=True, warnings=warnings) else: return isamAppliance.invoke_post("Set cluster configuration", uri, cluster_json, diff --git a/ibmsecurity/isam/base/remote_syslog/forwarder.py b/ibmsecurity/isam/base/remote_syslog/forwarder.py index 281845ed..d829c7bb 100644 --- a/ibmsecurity/isam/base/remote_syslog/forwarder.py +++ b/ibmsecurity/isam/base/remote_syslog/forwarder.py @@ -47,12 +47,12 @@ def get(isamAppliance, server=None, port=None, protocol=None, id=None, check_mod needs server/port/protocol OR id id takes precedence (so server/port/protocol is ignored if id is passed) """ + if port and isinstance(port, basestring): + port = int(port) + if id is None: ret_obj = get_all(isamAppliance, check_mode, force) - if isinstance(port, basestring): - port = int(port) - return_obj = isamAppliance.create_return_object() return_obj['data'], i = _find_forwarder(ret_obj, server, port, protocol) warnings = [] @@ -76,12 +76,12 @@ def delete(isamAppliance, server=None, port=None, protocol=None, id=None, check_ """ Remove a specific remote syslog forwarder """ + if port and isinstance(port, basestring): + port = int(port) + if id is None: ret_obj = get_all(isamAppliance, check_mode, force) - if isinstance(port, basestring): - port = int(port) - existing_forwarder, i = _find_forwarder(ret_obj, server, port, protocol) json_to_post = ret_obj['data'] @@ -215,7 +215,7 @@ def set(isamAppliance, server=None, port=None, protocol='udp', id=None, debug=Fa else: return isamAppliance.invoke_put( "Update the current remote syslog forwarding policy", f"{uri}/{id}", - json_to_post, requires_modules=requires_modules, + json_data, requires_modules=requires_modules, requires_version='11.0.2.0', warnings=warnings) diff --git a/ibmsecurity/isam/base/ssl_certificates/certificate_databases.py b/ibmsecurity/isam/base/ssl_certificates/certificate_databases.py index a60641f4..740441a2 100644 --- a/ibmsecurity/isam/base/ssl_certificates/certificate_databases.py +++ b/ibmsecurity/isam/base/ssl_certificates/certificate_databases.py @@ -87,6 +87,7 @@ def create(isamAppliance, kdb_name, type='kdb', if check_mode: return isamAppliance.create_return_object(changed=True) else: + json_data = { "kdb_name": kdb_name, "type": type, diff --git a/ibmsecurity/isam/fed/federations.py b/ibmsecurity/isam/fed/federations.py index 9b505c34..03610faa 100644 --- a/ibmsecurity/isam/fed/federations.py +++ b/ibmsecurity/isam/fed/federations.py @@ -223,8 +223,6 @@ def _check(isamAppliance, name, role, protocol, configuration, templateName=None json_data['configuration'] = configuration # Check to see if configuration data contains mapping rule reference id # So special logic to see if mapping rule has changed - # TODO: WHY ???? - new_map_rule_id, new_map_rule = None, None exist_map_rule_id, exist_map_rule = None, None new_map_rule_id = configuration['identityMapping']['properties'].get('identityMappingRuleReference', None) @@ -335,7 +333,7 @@ def _check(isamAppliance, name, role, protocol, configuration, templateName=None logger.debug(f"\nSorted Desired:\n\n {sorted_json_data}\n") if sorted_ret_obj != sorted_json_data: # parameters that are necessary for compare, but not for update - json_data.pop('protocol') + json_data.pop('protocol', None) isamAppliance.logger.info("Changes detected, update needed.") update_required = True diff --git a/pyproject.toml b/pyproject.toml index 3cd931ac..82810440 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -7,7 +7,7 @@ build-backend = "setuptools.build_meta" [project] name = "ibmsecurity" -version = "2026.1.14.0" +version = "2026.1.16.0" authors = [ { name="IBM", email="secorch@wwpdl.vnet.ibm.com" }, ] diff --git a/setup.py b/setup.py index 60dcb0a4..ea942e18 100644 --- a/setup.py +++ b/setup.py @@ -5,7 +5,7 @@ packages=find_packages(exclude=["test.*","test"]), # Date of release used for version - please be sure to use YYYY.MM.DD.seq#, MM and DD should be two digits e.g. 2017.02.05.0 # seq# will be zero unless there are multiple release on a given day - then increment by one for additional release for that date - version="2026.1.14.0", + version="2026.1.16.0", description="Idempotent functions for IBM Verify Appliance REST APIs", author="IBM", author_email="secorch@wwpdl.vnet.ibm.com", diff --git a/test/test_0_base_X_audit.py b/test/test_0_base_X_audit.py index dafed65f..151b3428 100644 --- a/test/test_0_base_X_audit.py +++ b/test/test_0_base_X_audit.py @@ -5,6 +5,7 @@ import pytest + def getTestData(): testdata = [ { @@ -14,6 +15,103 @@ def getTestData(): return testdata +def getTestDataAudit(): + testdata = [ + { + "enabled": False, + "id": "1", + "type": "Syslog", + "useJSONFormat": False, + "verbose": False, + "config": [ + { + "datatype": "Integer", + "key": "ISAM.Audit.syslogclient.MAX_QUEUE_SIZE", + "sensitive": False, + "validValues": [], + "value": "1000" + }, + { + "datatype": "Integer", + "key": "ISAM.Audit.syslogclient.QUEUE_FULL_TIMEOUT", + "sensitive": False, + "validValues": [], + "value": "-1" + }, + { + "datatype": "String", + "key": "ISAM.Audit.syslogclient.TRANSPORT", + "sensitive": False, + "validValues": [], + "value": "TRANSPORT_UDP" + }, + { + "datatype": "Hostname", + "key": "ISAM.Audit.syslogclient.SERVER_HOST", + "sensitive": False, + "validValues": [], + "value": "127.0.0.1" + }, + { + "datatype": "Integer", + "key": "ISAM.Audit.syslogclient.SERVER_PORT", + "sensitive": False, + "validValues": [], + "value": "514" + }, + { + "datatype": "Boolean", + "key": "ISAM.Audit.syslogclient.CLIENT_CERT_AUTH_REQUIRED", + "sensitive": False, + "validValues": [], + "value": "false" + }, + { + "datatype": "Integer", + "key": "ISAM.Audit.syslogclient.NUM_SENDER_THREADS", + "sensitive": False, + "validValues": [], + "value": "1" + }, + { + "datatype": "Integer", + "key": "ISAM.Audit.syslogclient.NUM_RETRY", + "sensitive": False, + "validValues": [], + "value": "2" + }, + { + "datatype": "Boolean", + "key": "ISAM.Audit.syslogclient.FAILOVER_TO_DISK", + "sensitive": False, + "validValues": [], + "value": "false" + }, + { + "datatype": "String", + "key": "ISAM.Audit.syslogclient.CLIENT_AUTH_KEY", + "sensitive": False, + "validValues": [], + "value": "_" + }, + { + "datatype": "String", + "key": "ISAM.Audit.syslogclient.SSL_TRUST_STORE", + "sensitive": False, + "validValues": [], + "value": "" + }, + { + "datatype": "String", + "key": "ISAM.Audit.syslogclient.TAG", + "sensitive": False, + "validValues": [], + "value": "tag" + } + ], + }] + return testdata + def test_current_audit_configuration(iviaServer, caplog) -> None: """Get sms protection""" caplog.set_level(logging.DEBUG) @@ -49,3 +147,28 @@ def test_get_specific_audit_configuration(iviaServer, caplog, items) -> None: if returnValue is not None: assert not returnValue.failed() + + +@pytest.mark.parametrize("items", getTestDataAudit()) +def test_set_audit_configuration(iviaServer, caplog, items) -> None: + """Set admin ssh keys""" + caplog.set_level(logging.DEBUG) + # items is a key-value pair + logging.log(logging.INFO, items) + arg = {} + id, config = None, None + for k, v in items.items(): + if k == 'id': + id = v + continue + if k == 'config': + config = v + continue + arg[k] = v + + returnValue = ibmsecurity.isam.base.audit.configuration.set(iviaServer, id, config, **arg) + + logging.log(logging.INFO, returnValue) + + if returnValue is not None: + assert not returnValue.failed() diff --git a/test/test_base_audit.py b/test/test_base_audit.py new file mode 100644 index 00000000..dafed65f --- /dev/null +++ b/test/test_base_audit.py @@ -0,0 +1,51 @@ +import logging + +import ibmsecurity.isam.base.audit.configuration +import ibmsecurity.isam.appliance + +import pytest + +def getTestData(): + testdata = [ + { + "id": "1" + } + ] + return testdata + + +def test_current_audit_configuration(iviaServer, caplog) -> None: + """Get sms protection""" + caplog.set_level(logging.DEBUG) + arg = {} + + returnValue = ibmsecurity.isam.base.audit.configuration.get(iviaServer, + **arg + ) + logging.log(logging.INFO, returnValue) + + assert not returnValue.failed() + + +@pytest.mark.parametrize("items", getTestData()) +def test_get_specific_audit_configuration(iviaServer, caplog, items) -> None: + """Set admin ssh keys""" + caplog.set_level(logging.DEBUG) + # items is a key-value pair + logging.log(logging.INFO, items) + arg = {} + for k, v in items.items(): + #if k == 'name': + # name = v + # continue + #if k == 'key': + # key = v + # continue + arg[k] = v + + returnValue = ibmsecurity.isam.base.audit.configuration.get(iviaServer, **arg) + + logging.log(logging.INFO, returnValue) + + if returnValue is not None: + assert not returnValue.failed() diff --git a/test/test_base_certificate_databases.py b/test/test_base_certificate_databases.py new file mode 100644 index 00000000..9bbef7df --- /dev/null +++ b/test/test_base_certificate_databases.py @@ -0,0 +1,91 @@ +import logging + +import ibmsecurity.isam.base.ssl_certificates.certificate_databases +import ibmsecurity.isam.appliance + +import pytest + +def getTestData(): + testdata = [ + { + "kdb_name": "junctionkdb", + "type": "kdb" + }, + { + "kdb_name": "ncipherdb", + "type": "p11", + "token_label": "label", + "passcode": "passcode", + "hsm_type": "ncipher", + "ip": "10.150.25.207", + "rfs": "10.150.25.208" + } + ] + return testdata + + +def test_get_certificate_databases(iviaServer, caplog) -> None: + """Get sms protection""" + caplog.set_level(logging.DEBUG) + arg = {} + + returnValue = ibmsecurity.isam.base.ssl_certificates.certificate_databases.get_all(iviaServer, + **arg + ) + logging.log(logging.INFO, returnValue) + + assert not returnValue.failed() + + +@pytest.mark.parametrize("items", getTestData()) +def test_create_certificate_database(iviaServer, caplog, items) -> None: + """Set admin ssh keys""" + caplog.set_level(logging.DEBUG) + # items is a key-value pair + logging.log(logging.INFO, items) + arg = {} + kdb_name = None + for k, v in items.items(): + if k == 'kdb_name': + kdb_name = v + continue + #if k == 'key': + # key = v + # continue + arg[k] = v + + returnValue = ibmsecurity.isam.base.ssl_certificates.certificate_databases.create(iviaServer, kdb_name, + **arg) + + logging.log(logging.INFO, returnValue) + + if returnValue is not None: + assert not returnValue.failed() + + +@pytest.mark.parametrize("items", getTestData()) +def test_update_certificate_database(iviaServer, caplog, items) -> None: + """Set admin ssh keys""" + caplog.set_level(logging.DEBUG) + # items is a key-value pair + logging.log(logging.INFO, items) + arg = {} + cert_id = None + for k, v in items.items(): + if k == 'cert_id': + cert_id = v + continue + if k == 'kdb_name': + cert_id = v + continue + #if k == 'key': + # key = v + # continue + arg[k] = v + + returnValue = ibmsecurity.isam.base.ssl_certificates.certificate_databases.set(iviaServer, cert_id, **arg) + + logging.log(logging.INFO, returnValue) + + if returnValue is not None: + assert not returnValue.failed() diff --git a/test/test_base_runtime_tuning.py b/test/test_base_runtime_tuning.py new file mode 100644 index 00000000..1ddbd161 --- /dev/null +++ b/test/test_base_runtime_tuning.py @@ -0,0 +1,97 @@ +import logging + +import ibmsecurity.isam.base.runtime.tuning_parameters +import ibmsecurity.isam.appliance + +import pytest + +def getTestData(): + testdata = [ + { + "values": { + "trace_specification": "*=info", + "accept_client_certs": False, + "require_mtls": False, + "enabled_server_protocols": "TLSv1.2", + "enable_sso": False, + "auto_restart": False, + "auto_reload": False, + "console_log_level": "OFF", + "suppress_sensitive_trace": False, + "session_max_count": 1000, + "session_invalidation_timeout": 1800, + "session_reaper_poll_interval": 30, + "max_heap_size": 1024, + "min_heap_size": 512, + "max_threads": 20, + "min_threads": 10, + "max_files": 2, + "max_file_size": 40, + "enable_crldp": False, + "dns_resolution_cache_lifetime": 604800, + "keystore": "rt_profile_keys", + "keystore_label": "server", + "truststore": "rt_profile_keys", + "inbound_keystore":"rt_profile_keys", + "inbound_keystore_label": "server", + "inbound_truststore": "rt_profile_keys" + } + }, + { + "option": "enable_crldp", + "value": True + }, + { + "option": "max_files", + "value": 2 + }, + { + "values": { + "trace_specification": "*=info", + "accept_client_certs": False, + "require_mtls": False, + "enabled_server_protocols": "TLSv1.2", + "enable_sso": False, + "auto_restart": False, + "auto_reload": False, + "console_log_level": "OFF", + "suppress_sensitive_trace": False, + "session_max_count": 1000, + "session_invalidation_timeout": 1800, + "session_reaper_poll_interval": 30, + "enable_crldp": True, + "dns_resolution_cache_lifetime": 604800, + "keystore": "rt_profile_keys", + } + }, + ] + return testdata + + +@pytest.mark.parametrize("items", getTestData()) +def test_set_multiple_tuning_parameeters(iviaServer, caplog, items) -> None: + """Set api protection""" + caplog.set_level(logging.DEBUG) + # items is a key-value pair + logging.log(logging.INFO, items) + arg = {} + option = None + value = None + + for k, v in items.items(): + if k == 'option': + option = v + continue + if k == 'value': + value = v + continue + arg[k] = v + + returnValue = ibmsecurity.isam.base.runtime.tuning_parameters.set(iviaServer, + option, + value, + **arg + ) + logging.log(logging.INFO, returnValue) + + assert not returnValue.failed() diff --git a/test/test_web_kerberos.py b/test/test_web_kerberos.py new file mode 100644 index 00000000..09880bec --- /dev/null +++ b/test/test_web_kerberos.py @@ -0,0 +1,16 @@ +import logging + +import ibmsecurity.isam.web.kerberos_configuration.keyfiles +import ibmsecurity.isam.appliance + + +def test_export_keyfile(iviaServer, caplog) -> None: + """Get all admincfg options.""" + caplog.set_level(logging.DEBUG) + + returnValue = ibmsecurity.isam.web.kerberos_configuration.keyfiles.export_keytab(isamAppliance=iviaServer, + id="env.keytab", + file="/tmp/env.keytab") + logging.log(logging.INFO, returnValue) + + assert not returnValue.failed()