On 08/09/2013 04:03 PM, Ana Krivokapic wrote:
On 08/09/2013 09:39 AM, Tomas Babej wrote:
On 08/08/2013 04:09 PM, Ana Krivokapic wrote:
Hello,
This patch should fix the failing unit tests.
https://fedorahosted.org/freeipa/ticket/3852
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
There are two tests failing on my machine when running the tests
after ipa-adtrust-install with your patch applied:
You say there are two tests failing but I only see one below.
That was just debris from trying to break your patch too much, one of my
comments rendered invalid in the end :)
======================================================================
FAIL: test_group[24]: group_find: Search for POSIX groups
----------------------------------------------------------------------
Traceback (most recent call last):
[...]
AssertionError: assert_deepequal: dict keys mismatch.
test_group[24]: group_find: Search for POSIX groups
missing keys = []
extra keys = ['ipantsecurityidentifier']
expected = {'dn':
ipapython.dn.DN('cn=editors,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com'),
'cn': [u'editors'], 'objectclass': Fuzzy(None, None, <function
<lambda> at 0x3768c08>), 'gidnumber': [Fuzzy('^\\d+$', <type
'basestring'>, None)], 'ipauniqueid':
[Fuzzy('^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$',
<type 'unicode'>, None)], 'description': [u'Limited admins who can
edit other users']}
got = {'dn':
u'cn=editors,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com',
'cn': (u'editors',), 'objectclass': (u'top', u'groupofnames',
u'posixgroup', u'ipausergroup', u'ipaobject', u'nestedGroup',
u'ipantgroupattrs'), 'ipantsecurityidentifier':
(u'S-1-5-21-1457515837-642396627-3509099663-1002',), 'gidnumber':
(u'1804600002',), 'ipauniqueid':
(u'7c6e1672-0039-11e3-9567-001a4a2221fb',), 'description': (u'Limited
admins who can edit other users',)}
path = ('result', 1)
I think you need the wrap the dictionary discribing the editor's
group entry with the add_sid wrapper, and its objectclasses using the
add_oc wrapper.
[tbabej@vm-139 freeipa]$ git diff
diff --git a/ipatests/test_xmlrpc/test_group_plugin.py
b/ipatests/test_xmlrpc/test_group_plugin.py
index d380fe5..14c70cd 100644
--- a/ipatests/test_xmlrpc/test_group_plugin.py
+++ b/ipatests/test_xmlrpc/test_group_plugin.py
@@ -447,14 +447,15 @@ class test_group(Declarative):
objectclasses.posixgroup,
u'ipantgroupattrs')),
'ipauniqueid': [fuzzy_uuid],
}),
- {
+ add_sid({
'dn': get_group_dn('editors'),
'gidnumber': [fuzzy_digits],
'cn': [u'editors'],
'description': [u'Limited admins who can
edit other users'],
- 'objectclass':
fuzzy_set_ci(objectclasses.posixgroup),
+ 'objectclass': fuzzy_set_ci(add_oc(
+ objectclasses.posixgroup,
u'ipantgroupattrs')),
'ipauniqueid': [fuzzy_uuid],
- },
+ }),
dict(
dn=get_group_dn(group1),
cn=[group1],
These changes were sufficient for me to have the unit test suite run
without errors.
--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
I retested the patch and the tests are passing in my setup. The
editors group definitely does not have the ipantsecurityidentifier
attribute nor the ipantgroupattrs objectclass:
[akrivoka@vm-181 freeipa]$ ipa group-show editors --all
dn:
cn=editors,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
Group name: editors
Description: Limited admins who can edit other users
GID: 1977000002
ipauniqueid: 91b3597e-00f3-11e3-92ae-001a4a22217b
objectclass: top, groupofnames, posixgroup, ipausergroup, ipaobject,
nestedGroup
What I noticed though, is that if I delete and re-create the editors
group (after ipa-adtrust-install has been run), it then gets the above
mentioned attribute and objectclass. Maybe you did some similar
manipulation in your setup, resulting in the test failing?
I think it does depend on whether you have ran the ipa-sidgen task when
running the ipa-adtrust-install.
Do you think we can cover both cases here?
--
Regards,
Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.
--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel