On 06/27/2016 10:04 AM, Petr Vobornik wrote:
On 06/27/2016 09:42 AM, Lenka Doudova wrote:

With newly created AD machines in Brno lab, existing trust tests fail on
'ipa dnsforwardzone-add' command claiming the zone is already present,
as new AD domain is dom-221.idm.lab.eng.brq.redhat.com.

To prevent these failures I prepared attached patch, that will still
attempt to add the forward zone, but in case of non-zero return code
will check the message if it says that the forward zone is already
configured, and lets the tests continue, if it is so.


Current approach expects that every error of ipa dnsforward-add here
will mean that the zone exists. So it might hide other issues - not very
If I understand your comment correctly, you think that the patch would pass ANY dnsforwardzone-add error and being OK and continue, right? That's not intended behaviour - I have an assertion there that checks that it's really the 'correct' error:

        assert "already exists in DNS" in result.stderr_text

So any other error should still prevent continuing in tests.

On the other hand it is not very robust to parse error message.

Question for general audience: What do you think if IPA client's exit
status would be the IPA error code instead of "1" for every error. E.g.
in DuplicateEntry case it's 4002.
Personally I think it would be nice to have DuplicateEntry error rather the just "1" in this case. Even for testing purposes I believe it would be better than bunch of asserts.

Btw, this is not a NACK.

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to