On 07.07.2016 08:09, Oleg Fayans wrote:
Updated version of the patch is attached with the failing tests marked as xfailed (let's make the jenkins green).

On 07/04/2016 10:50 PM, Oleg Fayans wrote:
2 out of 7 tests currently fail due to a known issue [1], others pass.

[1] https://fedorahosted.org/freeipa/ticket/6029

This is wrong:

you are not getting SSHFP records, just SSH public key (with your changes)

you are using host-find without any arguments, so it will returns SSH key for all hosts, the code before was getting SSHFP only for one host. Would be better to use host-show?

you actually found a bug, because host-find and host-show should print only SSH fingerprints not SSH keys

don't call it SSHFP records in code, because it is not DNS related, probably you want to get SSH fingerprints instead of SSH keys

It may contain multiple SSH keys, you always return only the first (the original code returns all values)

    def get_sshfp_record(self):
-        sshfp_record = ''
-        client_host = self.clients[0].hostname.split('.')[0]
         result = self.master.run_command(
-            ['ipa', 'dnsrecord-show', self.master.domain.name, client_host]
+            ['ipa', 'host-find']
-        lines = result.stdout_text.splitlines()
-        for line in lines:
-            if 'SSHFP record:' in line:
-                sshfp_record = line.replace('SSHFP record:', '').strip()
-        assert sshfp_record, 'SSHFP record not found'
-        sshfp_record = set(sshfp_record.split(', '))
- self.log.debug("SSHFP record for host %s: %s", client_host, str(sshfp_record))
-        return sshfp_record
+        records = result.stdout_text.split('\n\n')
+        sshkey_re = re.compile('.+SSH public key: ssh-\w+ (\S+?),.+')
+        for hostrecord in records:
+            if self.clients[0].hostname in hostrecord:
+                sshfps = sshkey_re.findall(hostrecord)
+                assert sshfps, 'SSHFP record not found'
+                sshfp = sshfps[0]
+        return sshfp
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to