Re: [Freeipa-devel] [PATCH] 0055 Fix tests which fail after ipa-adtrust-install

[Tomas Babej]

On 08/09/2013 04:03 PM, Ana Krivokapic wrote:
On 08/09/2013 09:39 AM, Tomas Babej wrote:
On 08/08/2013 04:09 PM, Ana Krivokapic wrote:
Hello,
This patch should fix the failing unit tests.

https://fedorahosted.org/freeipa/ticket/3852



_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

There are two tests failing on my machine when running the tests 
after ipa-adtrust-install with your patch applied:

You say there are two tests failing but I only see one below.


That was just debris from trying to break your patch too much, one of my 
comments rendered invalid in the end :)


======================================================================
FAIL: test_group[24]: group_find: Search for POSIX groups
----------------------------------------------------------------------
Traceback (most recent call last):
[...]
AssertionError: assert_deepequal: dict keys mismatch.
  test_group[24]: group_find: Search for POSIX groups
  missing keys = []
  extra keys = ['ipantsecurityidentifier']
  expected = {'dn': 
ipapython.dn.DN('cn=editors,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com'), 
'cn': [u'editors'], 'objectclass': Fuzzy(None, None, <function 
<lambda> at 0x3768c08>), 'gidnumber': [Fuzzy('^\\d+$', <type 
'basestring'>, None)], 'ipauniqueid': 
[Fuzzy('^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$', 
<type 'unicode'>, None)], 'description': [u'Limited admins who can 
edit other users']}
  got = {'dn': 
u'cn=editors,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com', 
'cn': (u'editors',), 'objectclass': (u'top', u'groupofnames', 
u'posixgroup', u'ipausergroup', u'ipaobject', u'nestedGroup', 
u'ipantgroupattrs'), 'ipantsecurityidentifier': 
(u'S-1-5-21-1457515837-642396627-3509099663-1002',), 'gidnumber': 
(u'1804600002',), 'ipauniqueid': 
(u'7c6e1672-0039-11e3-9567-001a4a2221fb',), 'description': (u'Limited 
admins who can edit other users',)}
  path = ('result', 1)

I think you need the wrap the dictionary discribing the editor's 
group entry with the add_sid wrapper, and its objectclasses using the 
add_oc wrapper.

[tbabej@vm-139 freeipa]$ git diff
diff --git a/ipatests/test_xmlrpc/test_group_plugin.py 
b/ipatests/test_xmlrpc/test_group_plugin.py
index d380fe5..14c70cd 100644
--- a/ipatests/test_xmlrpc/test_group_plugin.py
+++ b/ipatests/test_xmlrpc/test_group_plugin.py
@@ -447,14 +447,15 @@ class test_group(Declarative):
                             objectclasses.posixgroup, 
u'ipantgroupattrs')),
                         'ipauniqueid': [fuzzy_uuid],
                     }),
-                    {
+                    add_sid({
                         'dn': get_group_dn('editors'),
                         'gidnumber': [fuzzy_digits],
                         'cn': [u'editors'],
                         'description': [u'Limited admins who can 
edit other users'],
-                        'objectclass': 
fuzzy_set_ci(objectclasses.posixgroup),
+                        'objectclass': fuzzy_set_ci(add_oc(
+                            objectclasses.posixgroup, 
u'ipantgroupattrs')),
                         'ipauniqueid': [fuzzy_uuid],
-                    },
+                    }),
                     dict(
                         dn=get_group_dn(group1),
                         cn=[group1],


These changes were sufficient for me to have the unit test suite run 
without errors.
--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org

I retested the patch and the tests are passing in my setup. The 
editors group definitely does not have the ipantsecurityidentifier 
attribute nor the ipantgroupattrs objectclass:

[akrivoka@vm-181 freeipa]$ ipa group-show editors --all
  dn: 
cn=editors,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
  Group name: editors
  Description: Limited admins who can edit other users
  GID: 1977000002
  ipauniqueid: 91b3597e-00f3-11e3-92ae-001a4a22217b
  objectclass: top, groupofnames, posixgroup, ipausergroup, ipaobject, 
nestedGroup

What I noticed though, is that if I delete and re-create the editors 
group (after ipa-adtrust-install has been run), it then gets the above 
mentioned attribute and objectclass. Maybe you did some similar 
manipulation in your setup, resulting in the test failing?

I think it does depend on whether you have ran the ipa-sidgen task when 
running the ipa-adtrust-install.

Do you think we can cover both cases here?


--
Regards,

Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.


--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel