Re: [Freeipa-devel] V4/RFC 2818 review
Greetings! I've received the information from Milan who was UQE reviewer for this design document - ACK on the current version. Have a nice day, - alich - - Original Message - > From: "Fraser Tweedale" > To: "Alexander Bokovoy" > Cc: "freeipa-devel" > Sent: Thursday, April 21, 2016 9:34:51 AM > Subject: Re: [Freeipa-devel] V4/RFC 2818 review > > On Thu, Apr 21, 2016 at 10:22:33AM +0300, Alexander Bokovoy wrote: > > On Thu, 21 Apr 2016, Fraser Tweedale wrote: > > >On Tue, Apr 19, 2016 at 11:06:15AM -0400, Rob Crittenden wrote: > > >>Christian Heimes wrote: > > >>>Hi Fraser, > > >>> > > >>>and now to the review of your design doc for RFC 2818-compliant subject > > >>>alternative names in certs, > > >>>http://www.freeipa.org/page/V4/RFC_2818_certificate_compliance > > >>> > > >>> > > >>>1) RFC 2818 vs. RFC 6125 > > >>> > > >>>First I like to address a more general topic. Your design mentions RFC > > >>>6125 shortly. IMHO RFC 6125 supersedes 2818 for CN/SAN hostname > > >>>verification and we should follow the rules in RFC 6125, whenever 2818 > > >>>lacks specification or there is a conflict between both RFCs. I can tell > > >>>you some horror stories from Python's ssl module related to both RFCs. > > >>> > > >>>https://tools.ietf.org/html/rfc2818, HTTP Over TLS > > >>> > > >>>https://tools.ietf.org/html/rfc6125, Representation and Verification of > > >>>Domain-Based Application Service Identity within Internet Public Key > > >>>Infrastructure Using X.509 (PKIX) Certificates in the Context of > > >>>Transport Layer Security (TLS) > > >>> > > >>>As far as I'm familiar with RFC 6125, your proposal doesn't conflict > > >>>with the more modern RFC. It also makes sense to name the design after > > >>>the RFC, which has deprecated CN. I still like to check your design > > >>>against RFC 6125. > > >>> > > >>>Fraser, do you agree? > > >>> > > >>> > > >>>2) SAN validation in ipa cert-request > > >>> > > >>>In the paragraph "ipa cert-request changes" you write that the plugin > > >>>"[...] ensure that one element of the DNS names list matches the > > >>>principal name". Shouldn't the plugin validate *all* DNS names and > > >>>verify that the principal is allowed to request a cert for all fields in > > >>>SAN? > > >> > > >>Are there plans for any other SAN types? IP address or other oddball > > >>types > > >>like MS UPN? > > >> > > >We support almost all of them in Dogtag, and only support a few > > >types in FreeIPA (dnsName, rfc822Name, KRB5PrincipalName, UPN). > > > > > >We should work out what we can do with IP address; I recall it is > > >needed (or wanted) for some cloud/IaaS use cases. > > Yes, some of Openstack code expects IP address in the certificates. > > > > >DirectoryName would be simple to support (just check that it matches > > >DN of target principal). I wonder if there is a use case for it, or > > >for any other SAN types... > > dNSName and id-pkinit-san are used by Kerberos PKINIT support in MIT > > Kerberos for host-based principals. id-pkinit-san is also in use for > > mapping of the principal in general. > > > > In fact, Kerberos PKINIT retrieves all SANs and UPNs from the certificate > > and > > allows to match them by the matching rules -- id-pkinit-san goes to list > > of principals, id-ms-san-upn goes to the list of UPNs which are then > > merged together and can be addressed with keyword in the matching > > rule. > > > > This allows very flexible matching: > >pkinit_cert_match = ||.*DoE.*.*@EXAMPLE.COM > >pkinit_cert_match = > >&&msScLogin,clientAuth.*DoE.* > >pkinit_cert_match = > >msScLogin,clientAuthdigitalSignature > > > Thank you for the information! > > > > > > > >>> > > >>>3) Should FreeIPA deprecate cert request without SAN or at least warn > > >>>the user? > > >>> > > >>>IMHO it makes sense to deprecate CN only cert requests. > > >> > > >>I'd mark it as deprecated over at least a major release in order to > > >>handle > > >>older versions that may still make requests without a SAN. > > >> > > >We have to be careful here. CN is depreated for DNS name checking > > >in HTTP (or other network protocols using TLS). Fine - but there > > >could be other certificate use cases that require CN, e.g. user > > >certs where Subject DN corresponds to a directory name. > > Yes. pkinit_cert_match's rule is using Subject DN for checks. > > > > > > >We can deprecate it and eventually reject requests that include CN - > > >but only for service cert profile(s). (This would require a new > > >profile component designed for this purpose). > > Please do not do it. There are known uses for it at least with Kerberos. > > Of course, most of them are rather for user certificates but in reality > > Kerberos does not require you to have service principals always as DNS > > names. > > > There is the option of implementing the component that prohibits CN. > I was by no means suggesting it should be used for
Re: [Freeipa-devel] Locations design v2: LDAP schema & user interface
Design doc reviewed. Some minor specifications discussed with Petr and Martin,
added to the doc. UQE_ACK.
Thanks,
- alich -
- Original Message -
> From: "Martin Basti"
> To: "Simo Sorce" , "Petr Spacek"
> Cc: freeipa-devel@redhat.com
> Sent: Thursday, April 21, 2016 7:39:02 PM
> Subject: Re: [Freeipa-devel] Locations design v2: LDAP schema & user
> interface
>
>
>
> On 21.04.2016 18:58, Simo Sorce wrote:
> > On Thu, 2016-04-21 at 17:39 +0200, Petr Spacek wrote:
> >> On 19.4.2016 19:17, Simo Sorce wrote:
> >>> On Tue, 2016-04-19 at 11:11 +0200, Petr Spacek wrote:
> On 18.4.2016 21:33, Simo Sorce wrote:
> > On Mon, 2016-04-18 at 17:44 +0200, Petr Spacek wrote:
> >> * Find, filter and copy hand-made records from main tree into the
> >> _locations sub-trees. This means that every hand-made record
> >> needs to be copied and synchronized N-times where N = number of IPA
> >> locations.
> > This ^^ seem the one that provides the best semantics for admins and
> > the
> > least unexpected results.
> >
> >> My favorite option for the first version is 'document that enabling
> >> DNS location will hide hand-made records in IPA domain.'
> > I do not think this is acceptable, sorry.
> >
> >> The feature is disabled by default and needs additional configuration
> >> anyway so simply upgrading should not break anything.
> > It is also useless this way.
> >
> >> I'm eager to hear opinions and answers to questions above.
> > HTH,
> Well it does not help because you did not answer the questions listed in
> the
> design page.
>
> Anyway, here is third version of the design. It avoids copying user-made
> records (basically 2 DNAMEs were replaced with bunch of CNAMEs):
>
> http://www.freeipa.org/page/V4/DNS_Location_Mechanism#Design_.28Version_3:_CNAME_per_service_name.29
>
> It seems like a good middle ground:
> http://www.freeipa.org/page/V4/DNS_Location_Mechanism#Comparison_of_proposals
> >>> It does seem like a decent middle ground.
> >>> And I guess an admin would be able to add custom templates if he wants
> >>> to have specific services forwarded to the location specific subtree ?
> >> Yes, the bind-dyndb-ldap's RecordGenerator and PerServerConfigInLDAP are
> >> generic enough. At the moment we do not plan to expose these mechanisms in
> >> user interface, we might do that later on.
> >>
> >>
> This required changes in RecordGenerator design, too:
> https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/RecordGenerator
> >>> I do not see where you specify the specific record names you forward to
> >>> the location trees here?
> >> I do not understand the question. Let's have a look at the example:
> >>
> >> # DN specifies DNS node name which will hold the generated record:
> >> dn: idnsName=_udp,idnsname=example.com.,cn=dns,dc=example,dc=com
> >> # this is equivalent to _udp.example.com.
> >>
> >> objectClass: idnsTemplateObject
> >> objectClass: top
> >> objectClass: idnsRecord
> >> idnsName: _udp
> >>
> >> # sub-type determines type of the generated record = DNAME
> >> idnsTemplateAttribute;dnamerecord:
> >> _udp.\{substitutionvariable_ipalocation\}._locations
> >> # generated value will be _udp.your-location._locations
> >> # it is a relative name so zone name (example.com) will be automatically
> >> appended
> >>
> >> The template is just string, so you can specify an absolute name if you
> >> want:
> >> idnsTemplateAttribute;dnamerecord:
> >> _udp.\{substitutionvariable_ipalocation\}._locations.another.zone.example.
> >>
> >> Of course 'ipalocation' is just a variable name so user can define his own
> >> in
> >> PerServerConfigInLDAP.
> >>
> >> Is it clearer now?
> > Sorry I thought you said in option 3 that you would only create records
> > for specific services using CNAMEs
> > I was looking for how you configure which services you are going to pick
> > in that case and couldn't see it.
> > This example is a DNAME one and looks to me it is about option 2 ?
> >
> I put there image for version 3 there, and put/fix some implementation
> details there. I will add more implementation details tomorrow.
>
> Basically, IPA knows what services are on which server (except NTP, will
> be fixed), so based on this we are able to generate proper SRV records
> in all locations, and mark the original one by attribute
> 'idnsTemplateAttribute;cnamerecord' Please see example here, I will
> refer on it later
> http://www.freeipa.org/page/V4/DNS_Location_Mechanism#CNAME_data_generation
>
>
> In case that server is not configured to provide Location specific data,
> or the server is old, the original SRV record (marked with
> 'idnsTemplateAttribute') will be used. In case that server is configured
> to provide location specific data, bind-dyndb-ldap will replace the
> original SRV record by CNAME according to location.
>
> Other SRV records (those not marked by 'idnsTem
Re: [Freeipa-devel] [PATCH 0009] Refactor test_automember_plugin
Hello, it looks good, thanks! ACK. Target: master - Original Message - > From: "Filip Skola" > To: freeipa-devel@redhat.com > Cc: "Milan Kubík" , "Aleš Mareček" > Sent: Monday, April 11, 2016 5:06:26 PM > Subject: [PATCH 0009] Refactor test_automember_plugin > > Hi, > > sending the refactored automember plugin test for review. > > Filip > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0008 Refactor test_sudocmdgroup_plugin, create SudoCmdGroupTracker
ACK. Thank you! Master push: Make sure it will go *after or together with* the previous patch from Filip, #0007, thanks! - alich - - Original Message - > From: "Filip Skola" > To: "Aleš Mareček" > Cc: freeipa-devel@redhat.com, "Milan Kubík" > Sent: Wednesday, February 24, 2016 8:13:03 PM > Subject: Re: [Freeipa-devel] [PATCH] 0008 Refactor test_sudocmdgroup_plugin, > create SudoCmdGroupTracker > > Hi, > > fixed. To be honest, I left that +1char longer lines there on purpose. IMHO > it brings better readability and pep8 *.py | wc -l in test_xmlrpc dir > returns an overwhelming number anyway. But yeah, some of these weren't > really necessary...so I changed them all :) > > This patch is dependent on 0007-3 patch. > > Filip > > - Original Message - > > NACK. > > > > > > [root@master2 test_xmlrpc]# pep8 test_sudocmdgroup_plugin.py > > test_sudocmdgroup_plugin.py:26:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:70:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:76:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:84:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:90:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:98:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:104:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:166:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:180:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:186:80: E501 line too long (84 > 79 characters) > > [root@master2 test_xmlrpc]# pep8 tracker/sudocmdgroup_plugin.py > > tracker/sudocmdgroup_plugin.py:36:80: E501 line too long (82 > 79 > > characters) > > tracker/sudocmdgroup_plugin.py:42:80: E501 line too long (82 > 79 > > characters) > > tracker/sudocmdgroup_plugin.py:46:80: E501 line too long (85 > 79 > > characters) > > tracker/sudocmdgroup_plugin.py:55:80: E501 line too long (82 > 79 > > characters) > > tracker/sudocmdgroup_plugin.py:64:80: E501 line too long (82 > 79 > > characters) > > > > > > > > - Original Message - > > > From: "Filip Skola" > > > To: "Aleš Mareček" > > > Cc: freeipa-devel@redhat.com, "Milan Kubík" > > > Sent: Monday, February 22, 2016 3:41:36 PM > > > Subject: Re: [Freeipa-devel] [PATCH] 0008 Refactor > > > test_sudocmdgroup_plugin, create SudoCmdGroupTracker > > > > > > Hi, > > > > > > the test has been updated so it now uses the SudoCmdTracker (from the > > > previous patch). > > > > > > Filip > > > > > > - Original Message - > > > > NACK. > > > > > > > > "create_sudocmd" and "delete_sudocmd" should be imported from Tracker, > > > > not > > > > from the previous test (sudocmd_plugin). > > > > > > > > - alich - > > > > > > > > - Original Message - > > > > > From: "Filip Skola" > > > > > To: freeipa-devel@redhat.com > > > > > Sent: Thursday, January 28, 2016 12:49:17 PM > > > > > Subject: [Freeipa-devel] [PATCH] 0008 Refactor > > > > > test_sudocmdgroup_plugin, > > > > > create SudoCmdGroupTracker > > > > > > > > > > Hi, > > > > > > > > > > sending the next sudo patch. This one depends on the previous one > > > > > (sudocmd_plugin). > > > > > > > > > > Filip > > > > > > > > > > -- > > > > > Manage your subscription for the Freeipa-devel mailing list: > > > > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > > > > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code > > > > > > > > > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin
ACK. Thank you! - alich - - Original Message - > From: "Filip Skola" > To: "Aleš Mareček" > Cc: freeipa-devel@redhat.com, "Milan Kubík" > Sent: Wednesday, February 24, 2016 8:07:55 PM > Subject: Re: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin > > Hi, > > these problems have been fixed. > > F. > > - Original Message - > > NACK. > > Some little changes still required: > > * fixing the pep8 errors > > * fixing the wrong comment > > > > [root@master2 freeipa]# pep8 ipatests/test_xmlrpc/test_sudocmd_plugin.py > > ipatests/test_xmlrpc/test_sudocmd_plugin.py:94:80: E501 line too long (87 > > > 79 characters) > > ipatests/test_xmlrpc/test_sudocmd_plugin.py:97:80: E501 line too long (87 > > > 79 characters) > > ipatests/test_xmlrpc/test_sudocmd_plugin.py:134:80: E501 line too long (80 > > > > > 79 characters) > > > > [root@master2 freeipa]# pep8 ipatests/test_xmlrpc/tracker/sudocmd_plugin.py > > ipatests/test_xmlrpc/tracker/sudocmd_plugin.py:14:80: E501 line too long > > (81 > > > 79 characters) > > > > [root@master2 freeipa]# grep 'Class for' > > ipatests/test_xmlrpc/tracker/sudocmd_plugin.py > > """ Class for host plugin like tests """ > > > > > > - Original Message - > > > From: "Filip Skola" > > > To: "Aleš Mareček" > > > Cc: freeipa-devel@redhat.com, "Milan Kubík" > > > Sent: Monday, February 22, 2016 1:59:43 PM > > > Subject: Re: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin > > > > > > Hi, > > > > > > sudocmd tracker has been created. > > > > > > Filip > > > > > > - Original Message - > > > > NACK. > > > > > > > > "create_sudocmd" and "delete_sudocmd" should be placed in Tracker. So > > > > this > > > > patch should create the tracker as well. > > > > > > > > - Original Message - > > > > > From: "Filip Skola" > > > > > To: freeipa-devel@redhat.com > > > > > Sent: Monday, January 25, 2016 3:57:25 PM > > > > > Subject: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin > > > > > > > > > > Hello, > > > > > > > > > > attaching refactored sudocmd_plugin. > > > > > > > > > > Filip > > > > > -- > > > > > Manage your subscription for the Freeipa-devel mailing list: > > > > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > > > > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code > > > > > > > > > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0008 Refactor test_sudocmdgroup_plugin, create SudoCmdGroupTracker
NACK. [root@master2 test_xmlrpc]# pep8 test_sudocmdgroup_plugin.py test_sudocmdgroup_plugin.py:26:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:70:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:76:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:84:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:90:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:98:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:104:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:166:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:180:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:186:80: E501 line too long (84 > 79 characters) [root@master2 test_xmlrpc]# pep8 tracker/sudocmdgroup_plugin.py tracker/sudocmdgroup_plugin.py:36:80: E501 line too long (82 > 79 characters) tracker/sudocmdgroup_plugin.py:42:80: E501 line too long (82 > 79 characters) tracker/sudocmdgroup_plugin.py:46:80: E501 line too long (85 > 79 characters) tracker/sudocmdgroup_plugin.py:55:80: E501 line too long (82 > 79 characters) tracker/sudocmdgroup_plugin.py:64:80: E501 line too long (82 > 79 characters) - Original Message ----- > From: "Filip Skola" > To: "Aleš Mareček" > Cc: freeipa-devel@redhat.com, "Milan Kubík" > Sent: Monday, February 22, 2016 3:41:36 PM > Subject: Re: [Freeipa-devel] [PATCH] 0008 Refactor test_sudocmdgroup_plugin, > create SudoCmdGroupTracker > > Hi, > > the test has been updated so it now uses the SudoCmdTracker (from the > previous patch). > > Filip > > - Original Message - > > NACK. > > > > "create_sudocmd" and "delete_sudocmd" should be imported from Tracker, not > > from the previous test (sudocmd_plugin). > > > > - alich - > > > > - Original Message - > > > From: "Filip Skola" > > > To: freeipa-devel@redhat.com > > > Sent: Thursday, January 28, 2016 12:49:17 PM > > > Subject: [Freeipa-devel] [PATCH] 0008 Refactor test_sudocmdgroup_plugin, > > > create SudoCmdGroupTracker > > > > > > Hi, > > > > > > sending the next sudo patch. This one depends on the previous one > > > (sudocmd_plugin). > > > > > > Filip > > > > > > -- > > > Manage your subscription for the Freeipa-devel mailing list: > > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code > > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin
NACK. Some little changes still required: * fixing the pep8 errors * fixing the wrong comment [root@master2 freeipa]# pep8 ipatests/test_xmlrpc/test_sudocmd_plugin.py ipatests/test_xmlrpc/test_sudocmd_plugin.py:94:80: E501 line too long (87 > 79 characters) ipatests/test_xmlrpc/test_sudocmd_plugin.py:97:80: E501 line too long (87 > 79 characters) ipatests/test_xmlrpc/test_sudocmd_plugin.py:134:80: E501 line too long (80 > 79 characters) [root@master2 freeipa]# pep8 ipatests/test_xmlrpc/tracker/sudocmd_plugin.py ipatests/test_xmlrpc/tracker/sudocmd_plugin.py:14:80: E501 line too long (81 > 79 characters) [root@master2 freeipa]# grep 'Class for' ipatests/test_xmlrpc/tracker/sudocmd_plugin.py """ Class for host plugin like tests """ - Original Message - > From: "Filip Skola" > To: "Aleš Mareček" > Cc: freeipa-devel@redhat.com, "Milan Kubík" > Sent: Monday, February 22, 2016 1:59:43 PM > Subject: Re: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin > > Hi, > > sudocmd tracker has been created. > > Filip > > - Original Message - > > NACK. > > > > "create_sudocmd" and "delete_sudocmd" should be placed in Tracker. So this > > patch should create the tracker as well. > > > > - Original Message - > > > From: "Filip Skola" > > > To: freeipa-devel@redhat.com > > > Sent: Monday, January 25, 2016 3:57:25 PM > > > Subject: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin > > > > > > Hello, > > > > > > attaching refactored sudocmd_plugin. > > > > > > Filip > > > -- > > > Manage your subscription for the Freeipa-devel mailing list: > > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code > > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0008 Refactor test_sudocmdgroup_plugin, create SudoCmdGroupTracker
NACK. "create_sudocmd" and "delete_sudocmd" should be imported from Tracker, not from the previous test (sudocmd_plugin). - alich - - Original Message - > From: "Filip Skola" > To: freeipa-devel@redhat.com > Sent: Thursday, January 28, 2016 12:49:17 PM > Subject: [Freeipa-devel] [PATCH] 0008 Refactor test_sudocmdgroup_plugin, > create SudoCmdGroupTracker > > Hi, > > sending the next sudo patch. This one depends on the previous one > (sudocmd_plugin). > > Filip > > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin
NACK. "create_sudocmd" and "delete_sudocmd" should be placed in Tracker. So this patch should create the tracker as well. - Original Message - > From: "Filip Skola" > To: freeipa-devel@redhat.com > Sent: Monday, January 25, 2016 3:57:25 PM > Subject: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin > > Hello, > > attaching refactored sudocmd_plugin. > > Filip > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
Tested + several other dependent tests executed as well - PASS. The patch looks good, ACK. - Original Message - > From: "Filip Skola" > To: "Milan Kubík" > Cc: freeipa-devel@redhat.com, "Aleš Mareček" > Sent: Monday, January 25, 2016 11:55:35 AM > Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin > > > > - Original Message - > > On 01/15/2016 03:41 PM, Filip Skola wrote: > > > Hi, > > > > > > sending rebased patch on top of 58c42ddac0964a8cce7c1e1faa7516da53f028ad. > > > > > > Includes a "fix" for the rename-to-invalid-username issue for the new > > > version. > > > > > > F. > > > > > > - Original Message - > > >> Hi, > > >> > > >> I don't know what is causing the \r\n issue. I use vim and than send > > >> each > > >> email with claws-mail. Didn't spot this issue when trying emailing the > > >> patch > > >> to my other address. I'm trying to send it from zimbra now, let me know > > >> if > > >> that helped pls. > > >> > > >> Fix for the stageuser plugin issues caused by this patch should have > > >> been > > >> included in the last update; I think the remaining issue is not caused > > >> by > > >> UserTracker changes. Please correct me, if I'm wrong. > > >> > > >>> There is some issue with "test_rename_to_too_long_login" test. It fails > > >>> but > > >>> actually this is false positive because it is possible to create login > > >>> upto > > >>> 255 characters. I don't know why test mentions 32 characters without > > >>> any > > >>> other modified setup. > > >>> NACK for now. > > >>> - alich - > > >> This has been changed. This test still fails, though. > > >> > > >> Filip > > >> > > >>> > > >>> - Original Message - > > >>>> From: "Aleš Mareček" > > >>>> To: "Filip Škola" > > >>>> Cc: freeipa-devel@redhat.com, "Milan Kubík" > > >>>> Sent: Thursday, December 10, 2015 4:11:47 PM > > >>>> Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin > > >>>> > > >>>> Ah, sorry, haven't realized there had been devel list attached. > > >>>> Ok, there is some problem with \r\n in the patch. > > >>>> Filip, please take a look at it... > > >>>> Thanks... > > >>>> - alich - > > >>>> > > >>>> - Original Message - > > >>>>> From: "Filip Škola" > > >>>>> To: "Aleš Mareček" > > >>>>> Cc: freeipa-devel@redhat.com, "Milan Kubík" > > >>>>> Sent: Thursday, December 10, 2015 11:29:52 AM > > >>>>> Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin > > >>>>> > > >>>>> Hi, > > >>>>> > > >>>>> this if fixed. Also issues with test_stageuser_plugin caused by > > >>>>> UserTracker changes should be fixed here. > > >>>>> > > >>>>> Filip > > >>>>> > > >>>>> > > >>>>> On Mon, 7 Dec 2015 09:29:31 -0500 (EST) > > >>>>> Aleš Mareček wrote: > > >>>>> > > >>>>>> NACK. > > >>>>>> > > >>>>>> $ ./make-lint > > >>>>>> * Module ipatests.test_xmlrpc.test_user_plugin > > >>>>>> ipatests/test_xmlrpc/test_user_plugin.py:42: > > >>>>>> [E0611(no-name-in-module), ] No name 'ldaptracker' in module > > >>>>>> 'ipatests.test_xmlrpc') > > >>>>>> > > >>>>>> $ grep ldaptracker ipatests/test_xmlrpc/test_user_plugin.py > > >>>>>> from ipatests.test_xmlrpc.ldaptracker import Tracker > > >>>>>> $ ls ipatests/test_xmlrpc/ldaptracker* > > >>>>>> ls: cannot access ipatests/test_xmlrpc/ldaptracker*: No such file or > > >>>>>> directory > > >>>>>> > > >>&
Re: [Freeipa-devel] Testing FreeIPA 4.3 for GA
- Original Message - > From: "Milan Kubík" > To: "Petr Vobornik" > Cc: "freeipa-devel" , "Ales Marecek" > > Sent: Tuesday, December 15, 2015 4:53:18 PM > Subject: Re: [Freeipa-devel] Testing FreeIPA 4.3 for GA > > On 12/15/2015 04:35 PM, Petr Vobornik wrote: > > On 12/15/2015 01:05 AM, Petr Vobornik wrote: > >> Blocking patches for FreeIPA 4.3 were pushed, ipa-4-3 branch was > >> created. Master branch is ready for 4.4 development. > >> > >> A build is available for testing in my pvoborni/freeipa-4-3 COPR repo > >> [1] until the official 4.3 repo is created. The repo contains only this > >> build. The build is not pure upstream ipa-4-3 branch but rather a build > >> which will go to Fedora rawhide and official 4.3 copr repo - Fedora > >> downstream spec with the SELinux workaround applied [2][3]. > >> > >> Known issues: > >> * https://fedorahosted.org/freeipa/ticket/5469 - requires fix in PKI > >> * https://bugzilla.redhat.com/show_bug.cgi?id=1289930 - SELinux Policy > >> update needed for connection check > >> > >> I have started drafting release page [4]. > >> > >> [1] https://copr.fedoraproject.org/coprs/pvoborni/freeipa-4-3/ > >> [2] https://fedorahosted.org/freeipa/ticket/5533 > >> [3] > >> http://www.redhat.com/archives/freeipa-devel/2015-December/msg00234.html > >> [4] http://www.freeipa.org/page/Releases/4.3.0 > > > > Copr contains a rebuild with a patch for ticket: > > https://fedorahosted.org/freeipa/ticket/5551 > > > > https://copr.fedoraproject.org/coprs/pvoborni/freeipa-4-3/build/147975/ > > > > The build has exactly the same version as the one before. Ales, Milan, > > do we want to differentiate that somehow? > > > The job uses fresh install of the rpms. The same version and build > shouldn't be a problem. +1, I don't see any issue to use the "same" (not-yet-released) version. > > -- > Milan Kubik > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
Ah, sorry, haven't realized there had been devel list attached.
Ok, there is some problem with \r\n in the patch.
Filip, please take a look at it...
Thanks...
- alich -
- Original Message -
> From: "Filip Škola"
> To: "Aleš Mareček"
> Cc: freeipa-devel@redhat.com, "Milan Kubík"
> Sent: Thursday, December 10, 2015 11:29:52 AM
> Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
>
> Hi,
>
> this if fixed. Also issues with test_stageuser_plugin caused by
> UserTracker changes should be fixed here.
>
> Filip
>
>
> On Mon, 7 Dec 2015 09:29:31 -0500 (EST)
> Aleš Mareček wrote:
>
> > NACK.
> >
> > $ ./make-lint
> > * Module ipatests.test_xmlrpc.test_user_plugin
> > ipatests/test_xmlrpc/test_user_plugin.py:42:
> > [E0611(no-name-in-module), ] No name 'ldaptracker' in module
> > 'ipatests.test_xmlrpc')
> >
> > $ grep ldaptracker ipatests/test_xmlrpc/test_user_plugin.py
> > from ipatests.test_xmlrpc.ldaptracker import Tracker
> > $ ls ipatests/test_xmlrpc/ldaptracker*
> > ls: cannot access ipatests/test_xmlrpc/ldaptracker*: No such file or
> > directory
> >
> >
> > - Original Message -
> > > From: "Filip Škola"
> > > To: "Milan Kubík"
> > > Cc: freeipa-devel@redhat.com
> > > Sent: Thursday, December 3, 2015 5:38:43 PM
> > > Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
> > >
> > > Hi,
> > >
> > > sending corrected version.
> > >
> > > F.
> > >
> > > On Thu, 12 Nov 2015 14:03:19 +0100
> > > Milan Kubík wrote:
> > >
> > > > On 11/10/2015 12:13 PM, Filip Škola wrote:
> > > > > Hi,
> > > > >
> > > > > fixed.
> > > > >
> > > > > F.
> > > > >
> > > > > On Tue, 10 Nov 2015 10:52:45 +0100
> > > > > Milan Kubík wrote:
> > > > >
> > > > >> On 11/09/2015 04:35 PM, Filip Škola wrote:
> > > > >>> Another patch was applied in the meantime.
> > > > >>>
> > > > >>> Attaching an updated version.
> > > > >>>
> > > > >>> F.
> > > > >>>
> > > > >>> On Mon, 9 Nov 2015 13:35:02 +0100
> > > > >>> Milan Kubík wrote:
> > > > >>>
> > > > >>>> On 11/06/2015 11:32 AM, Filip Škola wrote:
> > > > >>>> Hi,
> > > > >>>> the patch doesn't apply.
> > > > >>>>
> > > > >> Please fix this.
> > > > >>
> > > > >> ipatests/test_xmlrpc/test_user_plugin.py:1419:
> > > > >> [E0602(undefined-variable),
> > > > >> TestDeniedBindWithExpiredPrincipal.teardown_class] Undefined
> > > > >> variable 'user1')
> > > > >>
> > > > >> Also, use the version numbers for your changed patches.
> > > > >>
> > > > >
> > > > >
> > > > Thanks for the patch. Several issues:
> > > >
> > > > 1. Use dict.items instead of dict.iteritems, for python3
> > > > compatibility
> > > >
> > > > 2. What is the purpose of TestPrepare class? The 'purge' methods
> > > > do not call any ipa commands.
> > > > Tracker.make_fixture should be used to make the Tracked resources
> > > > clean themselves up when they're out of scope.
> > > >
> > > > 3. Why reference the resources by hardcoded name if they have a
> > > > fixture representation?
> > > >
> > > > 4. Rewrite {create,delete}_test_group to a fixture. You may want
> > > > to use different scope (or not).
> > > >
> > > > 5. In `def atest_rename_to_invalid_login(self, user):` - use
> > > > pytest.skipif decorator and provide a reason if you must,
> > > > do not obfuscate method name in order not to run it.
> > > >
> > > >
> > >
> > >
> > > --
> > > Manage your subscription for the Freeipa-devel mailing list:
> > > https://www.redhat.com/mailman/listinfo/freeipa-devel
> > > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
>
>
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
There is some issue with "test_rename_to_too_long_login" test. It fails but
actually this is false positive because it is possible to create login upto 255
characters. I don't know why test mentions 32 characters without any other
modified setup.
NACK for now.
- alich -
- Original Message -
> From: "Aleš Mareček"
> To: "Filip Škola"
> Cc: freeipa-devel@redhat.com, "Milan Kubík"
> Sent: Thursday, December 10, 2015 4:11:47 PM
> Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
>
> Ah, sorry, haven't realized there had been devel list attached.
> Ok, there is some problem with \r\n in the patch.
> Filip, please take a look at it...
> Thanks...
> - alich -
>
> - Original Message -
> > From: "Filip Škola"
> > To: "Aleš Mareček"
> > Cc: freeipa-devel@redhat.com, "Milan Kubík"
> > Sent: Thursday, December 10, 2015 11:29:52 AM
> > Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
> >
> > Hi,
> >
> > this if fixed. Also issues with test_stageuser_plugin caused by
> > UserTracker changes should be fixed here.
> >
> > Filip
> >
> >
> > On Mon, 7 Dec 2015 09:29:31 -0500 (EST)
> > Aleš Mareček wrote:
> >
> > > NACK.
> > >
> > > $ ./make-lint
> > > * Module ipatests.test_xmlrpc.test_user_plugin
> > > ipatests/test_xmlrpc/test_user_plugin.py:42:
> > > [E0611(no-name-in-module), ] No name 'ldaptracker' in module
> > > 'ipatests.test_xmlrpc')
> > >
> > > $ grep ldaptracker ipatests/test_xmlrpc/test_user_plugin.py
> > > from ipatests.test_xmlrpc.ldaptracker import Tracker
> > > $ ls ipatests/test_xmlrpc/ldaptracker*
> > > ls: cannot access ipatests/test_xmlrpc/ldaptracker*: No such file or
> > > directory
> > >
> > >
> > > - Original Message -
> > > > From: "Filip Škola"
> > > > To: "Milan Kubík"
> > > > Cc: freeipa-devel@redhat.com
> > > > Sent: Thursday, December 3, 2015 5:38:43 PM
> > > > Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
> > > >
> > > > Hi,
> > > >
> > > > sending corrected version.
> > > >
> > > > F.
> > > >
> > > > On Thu, 12 Nov 2015 14:03:19 +0100
> > > > Milan Kubík wrote:
> > > >
> > > > > On 11/10/2015 12:13 PM, Filip Škola wrote:
> > > > > > Hi,
> > > > > >
> > > > > > fixed.
> > > > > >
> > > > > > F.
> > > > > >
> > > > > > On Tue, 10 Nov 2015 10:52:45 +0100
> > > > > > Milan Kubík wrote:
> > > > > >
> > > > > >> On 11/09/2015 04:35 PM, Filip Škola wrote:
> > > > > >>> Another patch was applied in the meantime.
> > > > > >>>
> > > > > >>> Attaching an updated version.
> > > > > >>>
> > > > > >>> F.
> > > > > >>>
> > > > > >>> On Mon, 9 Nov 2015 13:35:02 +0100
> > > > > >>> Milan Kubík wrote:
> > > > > >>>
> > > > > >>>> On 11/06/2015 11:32 AM, Filip Škola wrote:
> > > > > >>>> Hi,
> > > > > >>>> the patch doesn't apply.
> > > > > >>>>
> > > > > >> Please fix this.
> > > > > >>
> > > > > >> ipatests/test_xmlrpc/test_user_plugin.py:1419:
> > > > > >> [E0602(undefined-variable),
> > > > > >> TestDeniedBindWithExpiredPrincipal.teardown_class] Undefined
> > > > > >> variable 'user1')
> > > > > >>
> > > > > >> Also, use the version numbers for your changed patches.
> > > > > >>
> > > > > >
> > > > > >
> > > > > Thanks for the patch. Several issues:
> > > > >
> > > > > 1. Use dict.items instead of dict.iteritems, for python3
> > > > > compatibility
> > > > >
> > > > > 2. What is the purpose of TestPrepare class? The 'purge' methods
> > > > > do not call any ipa commands.
> > > > > Tracker.make_fixture should be used to make the Tracked resources
> > > > > clean themselves up when they're out of scope.
> > > > >
> > > > > 3. Why reference the resources by hardcoded name if they have a
> > > > > fixture representation?
> > > > >
> > > > > 4. Rewrite {create,delete}_test_group to a fixture. You may want
> > > > > to use different scope (or not).
> > > > >
> > > > > 5. In `def atest_rename_to_invalid_login(self, user):` - use
> > > > > pytest.skipif decorator and provide a reason if you must,
> > > > > do not obfuscate method name in order not to run it.
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Manage your subscription for the Freeipa-devel mailing list:
> > > > https://www.redhat.com/mailman/listinfo/freeipa-devel
> > > > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
> >
> >
>
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
Ahoj Filipe,
zase tam vidim to '\r\n'... Prisel jsi na to, co to zpusobuje?
Jinak patche jdu otestovat...
- alich -
- Original Message -
> From: "Filip Škola"
> To: "Aleš Mareček"
> Cc: freeipa-devel@redhat.com, "Milan Kubík"
> Sent: Thursday, December 10, 2015 11:29:52 AM
> Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
>
> Hi,
>
> this if fixed. Also issues with test_stageuser_plugin caused by
> UserTracker changes should be fixed here.
>
> Filip
>
>
> On Mon, 7 Dec 2015 09:29:31 -0500 (EST)
> Aleš Mareček wrote:
>
> > NACK.
> >
> > $ ./make-lint
> > * Module ipatests.test_xmlrpc.test_user_plugin
> > ipatests/test_xmlrpc/test_user_plugin.py:42:
> > [E0611(no-name-in-module), ] No name 'ldaptracker' in module
> > 'ipatests.test_xmlrpc')
> >
> > $ grep ldaptracker ipatests/test_xmlrpc/test_user_plugin.py
> > from ipatests.test_xmlrpc.ldaptracker import Tracker
> > $ ls ipatests/test_xmlrpc/ldaptracker*
> > ls: cannot access ipatests/test_xmlrpc/ldaptracker*: No such file or
> > directory
> >
> >
> > - Original Message -
> > > From: "Filip Škola"
> > > To: "Milan Kubík"
> > > Cc: freeipa-devel@redhat.com
> > > Sent: Thursday, December 3, 2015 5:38:43 PM
> > > Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
> > >
> > > Hi,
> > >
> > > sending corrected version.
> > >
> > > F.
> > >
> > > On Thu, 12 Nov 2015 14:03:19 +0100
> > > Milan Kubík wrote:
> > >
> > > > On 11/10/2015 12:13 PM, Filip Škola wrote:
> > > > > Hi,
> > > > >
> > > > > fixed.
> > > > >
> > > > > F.
> > > > >
> > > > > On Tue, 10 Nov 2015 10:52:45 +0100
> > > > > Milan Kubík wrote:
> > > > >
> > > > >> On 11/09/2015 04:35 PM, Filip Škola wrote:
> > > > >>> Another patch was applied in the meantime.
> > > > >>>
> > > > >>> Attaching an updated version.
> > > > >>>
> > > > >>> F.
> > > > >>>
> > > > >>> On Mon, 9 Nov 2015 13:35:02 +0100
> > > > >>> Milan Kubík wrote:
> > > > >>>
> > > > >>>> On 11/06/2015 11:32 AM, Filip Škola wrote:
> > > > >>>> Hi,
> > > > >>>> the patch doesn't apply.
> > > > >>>>
> > > > >> Please fix this.
> > > > >>
> > > > >> ipatests/test_xmlrpc/test_user_plugin.py:1419:
> > > > >> [E0602(undefined-variable),
> > > > >> TestDeniedBindWithExpiredPrincipal.teardown_class] Undefined
> > > > >> variable 'user1')
> > > > >>
> > > > >> Also, use the version numbers for your changed patches.
> > > > >>
> > > > >
> > > > >
> > > > Thanks for the patch. Several issues:
> > > >
> > > > 1. Use dict.items instead of dict.iteritems, for python3
> > > > compatibility
> > > >
> > > > 2. What is the purpose of TestPrepare class? The 'purge' methods
> > > > do not call any ipa commands.
> > > > Tracker.make_fixture should be used to make the Tracked resources
> > > > clean themselves up when they're out of scope.
> > > >
> > > > 3. Why reference the resources by hardcoded name if they have a
> > > > fixture representation?
> > > >
> > > > 4. Rewrite {create,delete}_test_group to a fixture. You may want
> > > > to use different scope (or not).
> > > >
> > > > 5. In `def atest_rename_to_invalid_login(self, user):` - use
> > > > pytest.skipif decorator and provide a reason if you must,
> > > > do not obfuscate method name in order not to run it.
> > > >
> > > >
> > >
> > >
> > > --
> > > Manage your subscription for the Freeipa-devel mailing list:
> > > https://www.redhat.com/mailman/listinfo/freeipa-devel
> > > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
>
>
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
NACK.
$ ./make-lint
* Module ipatests.test_xmlrpc.test_user_plugin
ipatests/test_xmlrpc/test_user_plugin.py:42: [E0611(no-name-in-module), ] No
name 'ldaptracker' in module 'ipatests.test_xmlrpc')
$ grep ldaptracker ipatests/test_xmlrpc/test_user_plugin.py
from ipatests.test_xmlrpc.ldaptracker import Tracker
$ ls ipatests/test_xmlrpc/ldaptracker*
ls: cannot access ipatests/test_xmlrpc/ldaptracker*: No such file or directory
- Original Message -
> From: "Filip Škola"
> To: "Milan Kubík"
> Cc: freeipa-devel@redhat.com
> Sent: Thursday, December 3, 2015 5:38:43 PM
> Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
>
> Hi,
>
> sending corrected version.
>
> F.
>
> On Thu, 12 Nov 2015 14:03:19 +0100
> Milan Kubík wrote:
>
> > On 11/10/2015 12:13 PM, Filip Škola wrote:
> > > Hi,
> > >
> > > fixed.
> > >
> > > F.
> > >
> > > On Tue, 10 Nov 2015 10:52:45 +0100
> > > Milan Kubík wrote:
> > >
> > >> On 11/09/2015 04:35 PM, Filip Škola wrote:
> > >>> Another patch was applied in the meantime.
> > >>>
> > >>> Attaching an updated version.
> > >>>
> > >>> F.
> > >>>
> > >>> On Mon, 9 Nov 2015 13:35:02 +0100
> > >>> Milan Kubík wrote:
> > >>>
> > On 11/06/2015 11:32 AM, Filip Škola wrote:
> > Hi,
> > the patch doesn't apply.
> >
> > >> Please fix this.
> > >>
> > >> ipatests/test_xmlrpc/test_user_plugin.py:1419:
> > >> [E0602(undefined-variable),
> > >> TestDeniedBindWithExpiredPrincipal.teardown_class] Undefined
> > >> variable 'user1')
> > >>
> > >> Also, use the version numbers for your changed patches.
> > >>
> > >
> > >
> > Thanks for the patch. Several issues:
> >
> > 1. Use dict.items instead of dict.iteritems, for python3 compatibility
> >
> > 2. What is the purpose of TestPrepare class? The 'purge' methods do
> > not call any ipa commands.
> > Tracker.make_fixture should be used to make the Tracked resources
> > clean themselves up when they're out of scope.
> >
> > 3. Why reference the resources by hardcoded name if they have a
> > fixture representation?
> >
> > 4. Rewrite {create,delete}_test_group to a fixture. You may want to
> > use different scope (or not).
> >
> > 5. In `def atest_rename_to_invalid_login(self, user):` - use
> > pytest.skipif decorator and provide a reason if you must,
> > do not obfuscate method name in order not to run it.
> >
> >
>
>
> --
> Manage your subscription for the Freeipa-devel mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating
Hello,
ACK for code
NACK for the placing "get_client_ip_with_hostmask" function to test_sudo.py
(this function should be in some more general file)
- Original Message -
> From: "Oleg Fayans"
> To: freeipa-devel@redhat.com
> Sent: Thursday, December 3, 2015 3:32:46 PM
> Subject: Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for
> sudo rules validating
>
> Hi Tomas,
>
> I would prefer get_client_ip_with_hostmask function to go to
> ipatests/test_integration/tasks.py, and to be more generic: we probably
> will need to run it against an arbitrary host.
tasks.py is not the proper place as well
> The rest looks fine
>
> On 12/03/2015 11:35 AM, Tomas Babej wrote:
> >
> >
> > On 12/02/2015 05:25 PM, Lukas Slebodnik wrote:
> >> On (02/12/15 15:41), Tomas Babej wrote:
> >>>
> >>>
> >>> On 12/02/2015 09:24 AM, Tomas Babej wrote:
>
>
> On 12/01/2015 06:27 PM, Tomas Babej wrote:
> >
> >
> > On 11/30/2015 05:32 PM, Lukas Slebodnik wrote:
> >> On (30/11/15 13:09), Tomas Babej wrote:
> >>> Hi,
> >>>
> >>> IPA sudo tests worked under the assumption that the clients that
> >>> are executing the sudo commands have their IPs assigned within
> >>> 255.255.255.0 hostmask.
> >>>
> >>> Removes this (invalid) assumption and adds a dynamic detection of
> >>> the hostmask of the IPA client.
> >>>
> >>> https://fedorahosted.org/freeipa/ticket/5501
> >>
> >> >From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00
> >> >2001
> >>> From: Tomas Babej
> >>> Date: Mon, 30 Nov 2015 12:53:39 +0100
> >>> Subject: [PATCH] tests: Add hostmask detection for sudo rules
> >>> validating on
> >>> hostmask
> >>>
> >>> IPA sudo tests worked under the assumption that the clients that
> >>> are executing the sudo commands have their IPs assigned within
> >>> 255.255.255.0 hostmask.
> >>>
> >>> Removes this (invalid) assumption and adds a dynamic detection of
> >>> the hostmask of the IPA client.
> >>>
> >
> > Thanks, updated patch attached.
> >
> > Tomas
> >
>
> Actually, a small improvement is necessary.
>
> Updated patch attached.
>
> Tomas
>
>
>
> >>>
> >>> Thanks to Lukas, we found another problem with the test.
> >>>
> >>> Updated patch attached.
> >>>
> >> Thank you for 4th revision of patch
> >> but there is still one issue.
> >>
> >> === FAILURES
> >> ===
> >> _ TestSudo.test_sudo_rule_restricted_to_one_hostmask_negative
> >> __
> >>
> >> self = >> 0x7ff695f56890>
> >>
> >> def test_sudo_rule_restricted_to_one_hostmask_negative(self):
> >> result1 = self.list_sudo_commands("testuser1")
> >>>assert result1.returncode != 0
> >> E assert 0 != 0
> >> E+ where 0 = >> 0x7ff695f56bd0>.returncode
> >>
> >> test_integration/test_sudo.py:323: AssertionError
> >> 1 failed, 74 passed in 807.35 seconds
> >> =
> >>
> >> LS
> >>
> >
> > Here the test affected the negative test setup, which is fixed in the
> > latest revision.
> >
> > Thanks,
> > Tomas
> >
> >
> >
>
> --
> Oleg Fayans
> Quality Engineer
> FreeIPA team
> RedHat.
>
> --
> Manage your subscription for the Freeipa-devel mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
>
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [patch 0025] Separated Tracker implementations into standalone package
- Original Message -
> From: "Milan Kubík"
> To: "Martin Basti"
> Cc: freeipa-devel@redhat.com, "Aleš Mareček"
> Sent: Tuesday, December 1, 2015 10:31:14 AM
> Subject: Re: [Freeipa-devel] [patch 0025] Separated Tracker implementations
> into standalone package
>
> On 11/30/2015 07:13 PM, Martin Basti wrote:
> > NACK
> >
> > 1)
> > With this patch I received this error in test_user_plugin.py
> >
> > E AssertionError: assert_deepequal: expected != got.
> > E 0106: user_status: Query status of "tuser1"
> > E expected = 1
> > E got = 2
> > E path = ('count',)
> >
> > I have just admin user on my system
> >
> > 2)
> > __
> > ERROR collecting test_xmlrpc/test_stageuser_plugin.py
> > __
> > test_xmlrpc/test_stageuser_plugin.py:28: in
> > from ipatests.test_xmlrpc.tracker.user_plugin import UserTracker
> > E ImportError: No module named tracker.user_plugin
> > __
> > ERROR collecting test_xmlrpc/test_stageuser_plugin.py
> > __
> > test_xmlrpc/test_stageuser_plugin.py:28: in
> > from ipatests.test_xmlrpc.tracker.user_plugin import UserTracker
> > E ImportError: No module named tracker.user_plugin
> >
> > 3)
> >
> > ERROR collecting test_xmlrpc/test_group_plugin.py
> >
> > test_xmlrpc/test_group_plugin.py:34: in
> > from ipatests.test_xmlrpc.tracker.user_plugin import UserTracker
> > E ImportError: No module named tracker.user_plugin
> >
> > ERROR collecting test_xmlrpc/test_group_plugin.py
> >
> > test_xmlrpc/test_group_plugin.py:34: in
> > from ipatests.test_xmlrpc.tracker.user_plugin import UserTracker
> > E ImportError: No module named tracker.user_plugin
> >
> > 4)
> >
> > ERROR collecting test_xmlrpc/test_host_plugin.py
> > _
> > test_xmlrpc/test_host_plugin.py:42: in
> > from ipatests.test_xmlrpc.tracker.host_plugin import HostTracker
> > E ImportError: No module named tracker.host_plugin
> >
> > ERROR collecting test_xmlrpc/test_host_plugin.py
> > _
> > test_xmlrpc/test_host_plugin.py:42: in
> > from ipatests.test_xmlrpc.tracker.host_plugin import HostTracker
> > E ImportError: No module named tracker.host_plugin
> >
> > 5)
> >
> > ERROR collecting test_xmlrpc/test_caacl_plugin.py
> >
> > test_xmlrpc/test_caacl_plugin.py:15: in
> > from ipatests.test_xmlrpc.test_certprofile_plugin import
> > default_profile
> > ../_pytest/assertion/rewrite.py:171: in load_module
> > py.builtin.exec_(co, mod.__dict__)
> > test_xmlrpc/test_certprofile_plugin.py:17: in
> > from ipatests.test_xmlrpc.tracker.certprofile_plugin import
> > CertprofileTracker
> > E ImportError: No module named tracker.certprofile_plugin
> >
> > ERROR collecting test_xmlrpc/test_caacl_plugin.py
> >
> > test_xmlrpc/test_caacl_plugin.py:15: in
> > from ipatests.test_xmlrpc.test_certprofile_plugin import
> > default_profile
> > ../_pytest/assertion/rewrite.py:171: in load_module
> > py.builtin.exec_(co, mod.__dict__)
> > test_xmlrpc/test_certprofile_plugin.py:17: in
> > from ipatests.test_xmlrpc.tracker.certprofile_plugin import
> > CertprofileTracker
> > E ImportError: No module named tracker.certprofile_plugin
&g
Re: [Freeipa-devel] Testing replication topologies
Greetings! - Original Message - > From: "Martin Basti" > To: "freeipa-devel" , "Petr Vobornik" > , "Aleš Mareček" > > Sent: Wednesday, December 2, 2015 12:20:56 PM > Subject: Testing replication topologies > > Hello all, > > due to recent bug I found https://fedorahosted.org/freeipa/ticket/5506 I > realized we do not have testing of complex topologies. > > On the other hand, test framework is ready and allows to testing 5 > different topologies, can we create test which will test those 5 > topologies with for example 4-5 replicas? We were talking about it in the morning with Petr. So the answer is: yes, we can. Adding Oleg... > > (read test_topologies.py there are examples of topologies) > > Martin > Have a nice day! - alich - -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [patch 0025] Separated Tracker implementations into standalone package
Tested with today's master, ACK.
- alich -
- Original Message -
> From: "Milan Kubík"
> To: freeipa-devel@redhat.com
> Sent: Friday, November 27, 2015 3:40:29 PM
> Subject: Re: [Freeipa-devel] [patch 0025] Separated Tracker implementations
> into standalone package
>
> On 11/27/2015 03:36 PM, Milan Kubík wrote:
>
>
>
> On 11/27/2015 03:31 PM, Milan Kubík wrote:
>
>
> On 11/23/2015 10:43 AM, Lenka Doudova wrote:
>
>
> NACK - there's a "typo" in /tracker/user_plugin.py, line 17-18:
>
> def get_user_dn(cn):
>
> return DN(('cn', cn), api.env.container_user, api.env.basedn)
>
>
> should be
>
> def get_user_dn(uid):
>
> return DN(('uid', uid), api.env.container_user, api.env.basedn)
>
>
> Some tests may fail because of that.
> Lenka
>
>
> On 11/20/2015 08:54 PM, Aleš Mareček wrote:
>
>
> Looks good. ACK.
>
> - Original Message -
>
>
> From: "Milan Kubík"
> To: "freeipa-devel"
> Cc: "Filip Skola" , "Ales Marecek"
> Sent: Friday, November 20, 2015 3:44:30 PM
> Subject: [patch 0025] Separated Tracker implementations into standalone
> package
>
> Fixes https://fedorahosted.org/freeipa/ticket/5467
> Patches attached.
>
> --
> Milan Kubik
>
>
>
> Fixed the function and moved it into different module.
> Updated patches attached.
>
>
>
> Self nack, some imports missing
>
> --
> Milan Kubik
>
>
> Patches updated.
>
> --
> Milan Kubik
>
> --
> Manage your subscription for the Freeipa-devel mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [patch 0025] Separated Tracker implementations into standalone package
Looks good. ACK. - Original Message - > From: "Milan Kubík" > To: "freeipa-devel" > Cc: "Filip Skola" , "Ales Marecek" > Sent: Friday, November 20, 2015 3:44:30 PM > Subject: [patch 0025] Separated Tracker implementations into standalone > package > > Fixes https://fedorahosted.org/freeipa/ticket/5467 > Patches attached. > > -- > Milan Kubik > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0347] Fix CI tests domain_level ENV config
ACK. - Original Message - > From: "Martin Basti" > To: "freeipa-devel" > Sent: Friday, November 13, 2015 7:39:00 PM > Subject: [Freeipa-devel] [PATCH 0347] Fix CI tests domain_level ENV config > > Patch attached. > > Following test should pass: > ipa-run-tests test_integration/test_testconfig.py --verbose > > > > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0348] CI: fix KRA installation with domain level>0
ACK. - Original Message - > From: "Martin Basti" > To: "freeipa-devel" > Sent: Monday, November 16, 2015 4:06:51 PM > Subject: [Freeipa-devel] [PATCH 0348] CI: fix KRA installation with domain > level>0 > > Patch attached. > Part of https://fedorahosted.org/freeipa/ticket/5379 > > Martin^2 > > > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [patch 0023] Applied tier0 and tier1 marks on unit tests and xmlrpc tests
Looks good, ACK. - Original Message - > From: "Milan Kubík" > To: freeipa-devel@redhat.com > Sent: Thursday, November 5, 2015 12:20:29 PM > Subject: Re: [Freeipa-devel] [patch 0023] Applied tier0 and tier1 marks on > unit tests and xmlrpc tests > > On 11/05/2015 11:20 AM, Milan Kubík wrote: > > > Hi list, > > these patches introduce the tier categorization into the tests using > pytest's mark mechanism. It is a step towards a change in our CI > with which we hope to get more usefull/readable results as well as > allow us to structure our CI in more logical way. > > Because of technical reasons, all tests that are subclasses of `Declarative` > class are marked as tier1 tests. In these tests, if one suite is marked, all > of > the Declarative tests will be run as a big blob. > > The marks are not set in stone, please provide some feedback if you think > some of the tests shoult go elsewhere. > > > > Self NACK after irc nitpick. Fixed pep8 complaints. > > -- > Milan Kubik > > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 503] upgrade: make sure ldap2 is connected in export_kra_agent_pem
ok, it's not fault of patch itself, ACK - Original Message - > From: "Aleš Mareček" > To: "Jan Cholasta" > Cc: "freeipa-devel" > Sent: Monday, October 12, 2015 3:45:51 PM > Subject: Re: [Freeipa-devel] [PATCH 503] upgrade: make sure ldap2 is > connected in export_kra_agent_pem > > Hello, > the patch looks good but pep8 cries: > > # pep8 ipaserver/install/server/upgrade.py > ipaserver/install/server/upgrade.py:53:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:68:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:83:25: E261 at least two spaces before > inline comment > ipaserver/install/server/upgrade.py:88:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:94:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:96:13: E225 missing whitespace around > operator > ipaserver/install/server/upgrade.py:109:80: E501 line too long (93 > 79 > characters) > ipaserver/install/server/upgrade.py:111:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:131:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:151:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:172:13: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:179:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:192:80: E501 line too long (108 > 79 > characters) > ipaserver/install/server/upgrade.py:196:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:217:49: E231 missing whitespace after ',' > ipaserver/install/server/upgrade.py:222:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:228:80: E501 line too long (83 > 79 > characters) > ipaserver/install/server/upgrade.py:264:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:277:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:333:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:366:80: E501 line too long (82 > 79 > characters) > ipaserver/install/server/upgrade.py:414:49: E251 unexpected spaces around > keyword / parameter equals > ipaserver/install/server/upgrade.py:414:51: E251 unexpected spaces around > keyword / parameter equals > ipaserver/install/server/upgrade.py:441:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:455:56: E127 continuation line > over-indented for visual indent > ipaserver/install/server/upgrade.py:459:25: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:487:37: E126 continuation line > over-indented for hanging indent > ipaserver/install/server/upgrade.py:494:17: E126 continuation line > over-indented for hanging indent > ipaserver/install/server/upgrade.py:503:80: E501 line too long (81 > 79 > characters) > ipaserver/install/server/upgrade.py:504:25: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:511:80: E501 line too long (81 > 79 > characters) > ipaserver/install/server/upgrade.py:517:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:538:80: E501 line too long (83 > 79 > characters) > ipaserver/install/server/upgrade.py:539:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:541:80: E501 line too long (82 > 79 > characters) > ipaserver/install/server/upgrade.py:542:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:551:80: E501 line too long (89 > 79 > characters) > ipaserver/install/server/upgrade.py:552:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:554:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:556:80: E501 line too long (86 > 79 > characters) > ipaserver/install/server/upgrade.py:557:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:561:80: E501 line too long (91 > 79 > characters) > ipaserver/install/server/upgrade.py:562:13: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:577:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:603:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/up
Re: [Freeipa-devel] [PATCH 503] upgrade: make sure ldap2 is connected in export_kra_agent_pem
Hello, the patch looks good but pep8 cries: # pep8 ipaserver/install/server/upgrade.py ipaserver/install/server/upgrade.py:53:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:68:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:83:25: E261 at least two spaces before inline comment ipaserver/install/server/upgrade.py:88:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:94:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:96:13: E225 missing whitespace around operator ipaserver/install/server/upgrade.py:109:80: E501 line too long (93 > 79 characters) ipaserver/install/server/upgrade.py:111:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:131:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:151:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:172:13: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:179:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:192:80: E501 line too long (108 > 79 characters) ipaserver/install/server/upgrade.py:196:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:217:49: E231 missing whitespace after ',' ipaserver/install/server/upgrade.py:222:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:228:80: E501 line too long (83 > 79 characters) ipaserver/install/server/upgrade.py:264:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:277:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:333:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:366:80: E501 line too long (82 > 79 characters) ipaserver/install/server/upgrade.py:414:49: E251 unexpected spaces around keyword / parameter equals ipaserver/install/server/upgrade.py:414:51: E251 unexpected spaces around keyword / parameter equals ipaserver/install/server/upgrade.py:441:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:455:56: E127 continuation line over-indented for visual indent ipaserver/install/server/upgrade.py:459:25: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:487:37: E126 continuation line over-indented for hanging indent ipaserver/install/server/upgrade.py:494:17: E126 continuation line over-indented for hanging indent ipaserver/install/server/upgrade.py:503:80: E501 line too long (81 > 79 characters) ipaserver/install/server/upgrade.py:504:25: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:511:80: E501 line too long (81 > 79 characters) ipaserver/install/server/upgrade.py:517:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:538:80: E501 line too long (83 > 79 characters) ipaserver/install/server/upgrade.py:539:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:541:80: E501 line too long (82 > 79 characters) ipaserver/install/server/upgrade.py:542:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:551:80: E501 line too long (89 > 79 characters) ipaserver/install/server/upgrade.py:552:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:554:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:556:80: E501 line too long (86 > 79 characters) ipaserver/install/server/upgrade.py:557:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:561:80: E501 line too long (91 > 79 characters) ipaserver/install/server/upgrade.py:562:13: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:577:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:603:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:606:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:611:80: E501 line too long (80 > 79 characters) ipaserver/install/server/upgrade.py:616:80: E501 line too long (81 > 79 characters) ipaserver/install/server/upgrade.py:619:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:627:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:640:80: E501 line too long (85 > 79 characters) ipaserver/install/server/upgrade.py:643:80: E501 line too long (84 > 79 characters) ipaserver/install/server/upgrade.py:644:21: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:652:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:664:80: E501 line too long
Re: [Freeipa-devel] [PATCH] 0001-2 ipatests: SOA record Maintenance tests
Greetings!
Martin, thanks for your review and comments!
I changed the name of the patch and setup my git variables properly. I also
re-tested it and got all passed. I'm sending a new patch that is attached.
- Original Message -
> From: "Martin Basti"
> To: "Aleš Mareček" , freeipa-devel@redhat.com
> Sent: Tuesday, March 24, 2015 4:39:21 PM
> Subject: Re: [Freeipa-devel] [PATCH] 0001 ipatests: SOA record Maintenance
> tests
>
> On 24/03/15 15:06, Aleš Mareček wrote:
> > Greetings!
> > This is my very first patch, ticket#4746.
> >
> > Have a nice day!
> > - alich -
> >
> >
> Thank you for the patch. Just nitpicks:
>
> 1)
> +cleanup_commands = [
> +('dnszone_del', [zone6], {'continue': True}),
> +('dnszone_del', [zone6b], {'continue': True}),
> +]
>
> would be better do it in this way, continue option will to try remove
> all zones:
> +cleanup_commands = [
> +('dnszone_del', [zone6, zone6b], {'continue': True}),
> +]
>
Done.
> 2)
> I'm fine with zone6b, but was there any reason to create zone6b, instead
> of reusing zone 1 or 2 or 3?
Because of some updates needs, I didn't want to break anything existing thus I
created new.
>
> 3)
> Please fix whitespace errors.
> $ git am
> freeipa-alich-0001-ipatests-added-tests-for-SOA-record-Maintenance.patch
> Applying: ipatests - added tests for SOA record Maintenance
> /home/mbasti/work/freeipa-devel/.git/rebase-apply/patch:482: trailing
> whitespace.
>
> /home/mbasti/work/freeipa-devel/.git/rebase-apply/patch:758: new blank
> line at EOF.
> +
> warning: 2 lines add whitespace errors.
>
Done.
$ git am freeipa-alich-0001-2-Ipatests-DNS-SOA-Record-Maintenance.patch
Applying: Ipatests DNS SOA Record Maintenance
$
> 4)
> I know the dns plugin tests are so far from PEP8, but try to keep PEP8
> in new code
Done, only 1 line persisted that I didn't want to break:
zone6_unresolvable_ns_relative_dnsname = DNSName(zone6_unresolvable_ns_relative)
>
> Otherwise test works as expected.
>
> Martin^2
>
> --
> Martin Basti
>
>
Thanks!
- alich -
From fcd2078d138f768383df78896d44e51b606ada3b Mon Sep 17 00:00:00 2001
From: Ales 'alich' Marecek
Date: Fri, 27 Mar 2015 16:17:10 +0100
Subject: [PATCH] Ipatests DNS SOA Record Maintenance
https://fedorahosted.org/freeipa/ticket/4746
---
ipatests/test_xmlrpc/test_dns_plugin.py | 757
1 file changed, 757 insertions(+)
diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py
index 47251ff68e829a0e0944633bd6243e2c2f79935c..a226c80486e4d44a44714a2f7d03e1049d4d37a8 100644
--- a/ipatests/test_xmlrpc/test_dns_plugin.py
+++ b/ipatests/test_xmlrpc/test_dns_plugin.py
@@ -120,6 +120,51 @@ zone5_ns_dnsname = DNSName(zone5_ns)
zone5_rname = u'root.%s' % zone5
zone5_rname_dnsname = DNSName(zone5_rname)
+zone6b = u'zone6b.test'
+zone6b_absolute = u'%s.' % zone6b
+zone6b_dnsname = DNSName(zone6b)
+zone6b_absolute_dnsname = DNSName(zone6b_absolute)
+zone6b_dn = DN(('idnsname', zone6b), api.env.container_dns, api.env.basedn)
+zone6b_absolute_dn = DN(('idnsname', zone6b_absolute),
+api.env.container_dns, api.env.basedn)
+zone6b_rname = u'hostmaster'
+zone6b_rname_dnsname = DNSName(zone6b_rname)
+zone6b_ip = u'172.16.70.1'
+zone6b_ns_arec = u'ns'
+zone6b_ns = u'%s.%s' % (zone6b_ns_arec, zone6b_absolute)
+zone6b_ns_arec_dnsname = DNSName(zone6b_ns_arec)
+zone6b_ns_arec_dn = DN(('idnsname', zone6b_ns_arec), zone6b_dn)
+zone6b_ns_dnsname = DNSName(zone6b_ns)
+zone6b_absolute_arec_dn = DN(('idnsname', zone6b_ns_arec), zone6b_absolute_dn)
+
+zone6 = u'zone6.test'
+zone6_invalid = u'invalid-zone.zone6..test'
+zone6_absolute = u'%s.' % zone6
+zone6_dnsname = DNSName(zone6)
+zone6_absolute_dnsname = DNSName(zone6_absolute)
+zone6_dn = DN(('idnsname', zone6), api.env.container_dns, api.env.basedn)
+zone6_absolute_dn = DN(('idnsname', zone6_absolute),
+ api.env.container_dns, api.env.basedn)
+zone6_ns_relative = u'ns1'
+zone6_absolute_arec_dn = DN(('idnsname', zone6_ns_relative), zone6_absolute_dn)
+zone6_ns = u'%s.%s' % (zone6_ns_relative, zone6_absolute)
+zone6_ns_relative_dnsname = DNSName(zone6_ns_relative)
+zone6_ns_dnsname = DNSName(zone6_ns)
+zone6_ns_arec_dnsname = DNSName(zone6_ns_relative)
+zone6_ns_invalid_dnsname = u'invalid name server! ..%s' % zone6_absolute
+zone6_rname = u'root.%s' % zone6_absolute
+zone6_rname_dnsname = DNSName(zone6_rname)
+zone6_rname_d
[Freeipa-devel] [PATCH] 0001 ipatests: SOA record Maintenance tests
Greetings!
This is my very first patch, ticket#4746.
Have a nice day!
- alich -From 0f7eb27d1470e785e3799bc78c367d8118917f99 Mon Sep 17 00:00:00 2001
From: root
Date: Tue, 24 Mar 2015 14:40:49 +0100
Subject: [PATCH] ipatests - added tests for SOA record Maintenance
---
ipatests/test_xmlrpc/test_dns_plugin.py | 739
1 file changed, 739 insertions(+)
diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py
index 47251ff68e829a0e0944633bd6243e2c2f79935c..dff2fd177c0d4f663540d41c5708894440c7d9d0 100644
--- a/ipatests/test_xmlrpc/test_dns_plugin.py
+++ b/ipatests/test_xmlrpc/test_dns_plugin.py
@@ -120,6 +120,48 @@ zone5_ns_dnsname = DNSName(zone5_ns)
zone5_rname = u'root.%s' % zone5
zone5_rname_dnsname = DNSName(zone5_rname)
+zone6b = u'zone6b.test'
+zone6b_absolute = u'%s.' % zone6b
+zone6b_dnsname = DNSName(zone6b)
+zone6b_absolute_dnsname = DNSName(zone6b_absolute)
+zone6b_dn = DN(('idnsname', zone6b), api.env.container_dns, api.env.basedn)
+zone6b_absolute_dn = DN(('idnsname', zone6b_absolute), api.env.container_dns, api.env.basedn)
+zone6b_rname = u'hostmaster'
+zone6b_rname_dnsname = DNSName(zone6b_rname)
+zone6b_ip = u'172.16.70.1'
+zone6b_ns_arec = u'ns'
+zone6b_ns = u'%s.%s' % (zone6b_ns_arec, zone6b_absolute)
+zone6b_ns_arec_dnsname = DNSName(zone6b_ns_arec)
+zone6b_ns_arec_dn = DN(('idnsname',zone6b_ns_arec), zone6b_dn)
+zone6b_ns_dnsname = DNSName(zone6b_ns)
+zone6b_absolute_arec_dn = DN(('idnsname',zone6b_ns_arec), zone6b_absolute_dn)
+
+zone6 = u'zone6.test'
+zone6_invalid = u'invalid-zone.zone6..test'
+zone6_absolute = u'%s.' % zone6
+zone6_dnsname = DNSName(zone6)
+zone6_absolute_dnsname = DNSName(zone6_absolute)
+zone6_dn = DN(('idnsname', zone6), api.env.container_dns, api.env.basedn)
+zone6_absolute_dn = DN(('idnsname', zone6_absolute), api.env.container_dns, api.env.basedn)
+zone6_ns_relative = u'ns1'
+zone6_absolute_arec_dn = DN(('idnsname',zone6_ns_relative), zone6_absolute_dn)
+zone6_ns = u'%s.%s' % (zone6_ns_relative, zone6_absolute)
+zone6_ns_relative_dnsname = DNSName(zone6_ns_relative)
+zone6_ns_dnsname = DNSName(zone6_ns)
+zone6_ns_arec_dnsname = DNSName(zone6_ns_relative)
+zone6_ns_invalid_dnsname = u'invalid name server! ..%s' % zone6_absolute
+zone6_rname = u'root.%s' % zone6_absolute
+zone6_rname_dnsname = DNSName(zone6_rname)
+zone6_rname_default = u'hostmaster'
+zone6_rname_default_dnsname = DNSName(zone6_rname_default)
+zone6_rname_relative_dnsname = DNSName(u'root')
+zone6_rname_absolute_dnsname = DNSName(u'root.%s' % zone6_absolute)
+zone6_rname_invalid_dnsname = u'invalid ! @ ! .. root..%s' % zone6_absolute
+zone6_unresolvable_ns_relative = u'unresolvable'
+zone6_unresolvable_ns = u'%s.%s' % (zone6_unresolvable_ns_relative, zone6_absolute)
+zone6_unresolvable_ns_dnsname = DNSName(zone6_unresolvable_ns)
+zone6_unresolvable_ns_relative_dnsname = DNSName(zone6_unresolvable_ns_relative)
+
revzone1 = u'31.16.172.in-addr.arpa.'
revzone1_dnsname = DNSName(revzone1)
revzone1_ip = u'172.16.31.0'
@@ -5130,3 +5172,700 @@ class test_forwardzone_delegation_warnings(Declarative):
),
]
+
+
+# https://fedorahosted.org/freeipa/ticket/4746
+# http://www.freeipa.org/page/V4/DNS:_Automatic_Zone_NS/SOA_Record_Maintenance
+class test_dns_soa(Declarative):
+
+@classmethod
+def setup_class(cls):
+super(test_dns_soa, cls).setup_class()
+
+if not api.Backend.rpcclient.isconnected():
+api.Backend.rpcclient.connect(fallback=False)
+
+if not have_ldap2:
+raise nose.SkipTest('server plugin not available')
+
+if get_nameservers_error is not None:
+raise nose.SkipTest('unable to get list of nameservers (%s)' % get_nameservers_error)
+try:
+ api.Command['dnszone_add'](zone1,
+ idnssoarname = zone1_rname,
+ )
+ api.Command['dnszone_del'](zone1)
+except errors.NotFound:
+raise nose.SkipTest('DNS is not configured')
+except errors.DuplicateEntry:
+pass
+
+cleanup_commands = [
+('dnszone_del', [zone6], {'continue': True}),
+('dnszone_del', [zone6b], {'continue': True}),
+]
+
+tests = [
+
+dict(
+desc='Try to retrieve non-existent zone %r' % zone6,
+command=('dnszone_show', [zone6], {}),
+expected=errors.NotFound(
+reason=u'%s: DNS zone not found' % zone6_absolute),
+),
+
+dict(
+desc='Create zone %r' % zone6b,
+command=(
+'dnszone_add', [zone6b], {
+'idnssoarname': zone6b_rname,
+}
+),
+expected={
+'value': zone6b_absolute_dnsname,
+'summary': None,
+'result': {
+'dn': zone6b_absolute_dn,
+'idnsname': [zone6b_absolute_dnsname],
+'idnszon
