On 06/27/2016 10:04 AM, Petr Vobornik wrote:
If I understand your comment correctly, you think that the patch would
pass ANY dnsforwardzone-add error and being OK and continue, right?
That's not intended behaviour - I have an assertion there that checks
that it's really the 'correct' error:
On 06/27/2016 09:42 AM, Lenka Doudova wrote:
With newly created AD machines in Brno lab, existing trust tests fail on
'ipa dnsforwardzone-add' command claiming the zone is already present,
as new AD domain is dom-221.idm.lab.eng.brq.redhat.com.
To prevent these failures I prepared attached patch, that will still
attempt to add the forward zone, but in case of non-zero return code
will check the message if it says that the forward zone is already
configured, and lets the tests continue, if it is so.
Current approach expects that every error of ipa dnsforward-add here
will mean that the zone exists. So it might hide other issues - not very
assert "already exists in DNS" in result.stderr_text
So any other error should still prevent continuing in tests.
Personally I think it would be nice to have DuplicateEntry error rather
the just "1" in this case. Even for testing purposes I believe it would
be better than bunch of asserts.
On the other hand it is not very robust to parse error message.
Question for general audience: What do you think if IPA client's exit
status would be the IPA error code instead of "1" for every error. E.g.
in DuplicateEntry case it's 4002.
Btw, this is not a NACK.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code