URL: https://github.com/freeipa/freeipa/pull/6118 Author: stanislavlevin Title: #6118: ipatests: healthcheck: Sync the expected system RRs Action: opened
PR body: """ The support for the DNS URI RRs has been added in freeipa-healthcheck: https://github.com/freeipa/freeipa-healthcheck/issues/222 Fixes: https://pagure.io/freeipa/issue/9054 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6118/head:pr6118 git checkout pr6118
From e27dd81084adc5b128d1e1a0e43a6844c0ece352 Mon Sep 17 00:00:00 2001 From: Stanislav Levin <s...@altlinux.org> Date: Thu, 2 Dec 2021 21:02:43 +0300 Subject: [PATCH 1/2] ipatests: healthcheck: Sync the expected system RRs The support for the DNS URI RRs has been added in freeipa-healthcheck: https://github.com/freeipa/freeipa-healthcheck/issues/222 Fixes: https://pagure.io/freeipa/issue/9054 Signed-off-by: Stanislav Levin <s...@altlinux.org> --- .../test_integration/test_ipahealthcheck.py | 75 +++++++------------ 1 file changed, 29 insertions(+), 46 deletions(-) diff --git a/ipatests/test_integration/test_ipahealthcheck.py b/ipatests/test_integration/test_ipahealthcheck.py index cb51e8c6ee9..19642c3549d 100644 --- a/ipatests/test_integration/test_ipahealthcheck.py +++ b/ipatests/test_integration/test_ipahealthcheck.py @@ -654,45 +654,28 @@ def test_ipa_dns_systemrecords_check(self): displays the correct result when master and replica is setup with integrated DNS. """ - SRV_RECORDS = [ - "_ldap._tcp." + self.replicas[0].domain.name + ".:" + - self.replicas[0].hostname + ".", - "_ldap._tcp." + self.master.domain.name + ".:" + - self.master.hostname + ".", - "_kerberos._tcp." + self.replicas[0].domain.name + ".:" + - self.replicas[0].hostname + ".", - "_kerberos._tcp." + self.master.domain.name + ".:" + - self.master.hostname + ".", - "_kerberos._udp." + self.replicas[0].domain.name + ".:" + - self.replicas[0].hostname + ".", - "_kerberos._udp." + self.master.domain.name + ".:" + - self.master.hostname + ".", - "_kerberos-master._tcp." + self.replicas[0].domain.name + - ".:" + self.replicas[0].hostname + ".", - "_kerberos-master._tcp." + self.master.domain.name + ".:" + - self.master.hostname + ".", - "_kerberos-master._udp." + self.replicas[0].domain.name + - ".:" + self.replicas[0].hostname + ".", - "_kerberos-master._udp." + self.master.domain.name + ".:" + - self.master.hostname + ".", - "_kpasswd._tcp." + self.replicas[0].domain.name + ".:" + - self.replicas[0].hostname + ".", - "_kpasswd._tcp." + self.master.domain.name + ".:" + - self.master.hostname + ".", - "_kpasswd._udp." + self.replicas[0].domain.name + ".:" + - self.replicas[0].hostname + ".", - "_kpasswd._udp." + self.master.domain.name + ".:" + - self.master.hostname + ".", - "\"" + self.master.domain.realm.upper() + "\"", + SYSTEM_RECORDS = [ + rr + for h in [self.master, self.replicas[0]] + for rr in [ + # SRV rrs + f"_ldap._tcp.{h.domain.name}.:{h.hostname}.", + f"_kerberos._tcp.{h.domain.name}.:{h.hostname}.", + f"_kerberos._udp.{h.domain.name}.:{h.hostname}.", + f"_kerberos-master._tcp.{h.domain.name}.:{h.hostname}.", + f"_kerberos-master._udp.{h.domain.name}.:{h.hostname}.", + f"_kpasswd._tcp.{h.domain.name}.:{h.hostname}.", + f"_kpasswd._udp.{h.domain.name}.:{h.hostname}.", + # URI rrs + f"_kerberos.{h.domain.name}.:krb5srv:m:tcp:{h.hostname}.", + f"_kerberos.{h.domain.name}.:krb5srv:m:udp:{h.hostname}.", + f"_kpasswd.{h.domain.name}.:krb5srv:m:tcp:{h.hostname}.", + f"_kpasswd.{h.domain.name}.:krb5srv:m:udp:{h.hostname}.", + ] + + [str(ip) for ip in resolve_ip_addresses_nss(h.external_hostname)] ] + SYSTEM_RECORDS.append(f'"{self.master.domain.realm.upper()}"') - for hostname in [ - self.master.external_hostname, - self.replicas[0].external_hostname, - ]: - # resolve hostname on controller - ips = resolve_ip_addresses_nss(hostname) - SRV_RECORDS.extend([str(ip) for ip in ips]) returncode, data = run_healthcheck( self.master, @@ -702,7 +685,7 @@ def test_ipa_dns_systemrecords_check(self): assert returncode == 0 for check in data: assert check["result"] == "SUCCESS" - assert check["kw"]["key"] in SRV_RECORDS + assert check["kw"]["key"] in SYSTEM_RECORDS def test_ipa_healthcheck_ds_ruv_check(self): """ @@ -1444,9 +1427,13 @@ def test_ipa_dns_systemrecords_check(self): Test checks the result of IPADNSSystemRecordsCheck when ipa-server is configured without DNS. """ - msg1 = "Expected SRV record missing" - msg2 = "Got {count} ipa-ca A records, expected {expected}" - msg3 = "Got {count} ipa-ca AAAA records, expected {expected}" + expected_msgs = { + "Expected SRV record missing", + "Got {count} ipa-ca A records, expected {expected}", + "Got {count} ipa-ca AAAA records, expected {expected}", + "Expected URI record missing", + } + tasks.install_packages(self.master, HEALTHCHECK_PKG) returncode, data = run_healthcheck( self.master, @@ -1456,11 +1443,7 @@ def test_ipa_dns_systemrecords_check(self): assert returncode == 1 for check in data: assert check["result"] == "WARNING" - assert ( - check["kw"]["msg"] == msg1 - or check["kw"]["msg"] == msg2 - or check["kw"]["msg"] == msg3 - ) + assert check["kw"]["msg"] in expected_msgs def test_ipa_certs_check_ipacertnsstrust(self): """ From a09a6d65b2fce4c7256b138b75133dd7211f67fe Mon Sep 17 00:00:00 2001 From: Stanislav Levin <s...@altlinux.org> Date: Fri, 3 Dec 2021 13:04:42 +0300 Subject: [PATCH 2/2] temp commit: Trigger healthcheck tests There is no affected ipa-healthcheck in Fedora. Check that proposed changes break nothing. Signed-off-by: Stanislav Levin <s...@altlinux.org> --- .freeipa-pr-ci.yaml | 2 +- ipatests/prci_definitions/temp_commit.yaml | 18 +++++++++++++++--- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index abcf8c5b634..80656690080 120000 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -1 +1 @@ -ipatests/prci_definitions/gating.yaml \ No newline at end of file +ipatests/prci_definitions/temp_commit.yaml \ No newline at end of file diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml index 31935bf044a..f5328fe0843 100644 --- a/ipatests/prci_definitions/temp_commit.yaml +++ b/ipatests/prci_definitions/temp_commit.yaml @@ -61,14 +61,26 @@ jobs: timeout: 1800 topology: *build - fedora-latest/temp_commit: + fedora-latest/test_ipahealthcheck: requires: [fedora-latest/build] priority: 50 job: class: RunPytest args: build_url: '{fedora-latest/build_url}' - test_suite: test_integration/test_REPLACEME.py + test_suite: test_integration/test_ipahealthcheck.py::TestIpaHealthCheck template: *ci-master-latest - timeout: 3600 + timeout: 5400 topology: *master_1repl_1client + + fedora-latest/test_ipahealthcheck_nodns_extca_file: + requires: [fedora-latest/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-latest/build_url}' + test_suite: test_integration/test_ipahealthcheck.py::TestIpaHealthCheckWithoutDNS + template: *ci-master-latest + timeout: 5400 + topology: *master_1repl
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
