Re: [Freeipa-devel] V4/RFC 2818 review
Greetings! I've received the information from Milan who was UQE reviewer for this design document - ACK on the current version. Have a nice day, - alich - - Original Message - > From: "Fraser Tweedale" > To: "Alexander Bokovoy" > Cc: "freeipa-devel" > Sent: Thursday, April 21, 2016 9:34:51 AM > Subject: Re: [Freeipa-devel] V4/RFC 2818 review > > On Thu, Apr 21, 2016 at 10:22:33AM +0300, Alexander Bokovoy wrote: > > On Thu, 21 Apr 2016, Fraser Tweedale wrote: > > >On Tue, Apr 19, 2016 at 11:06:15AM -0400, Rob Crittenden wrote: > > >>Christian Heimes wrote: > > >>>Hi Fraser, > > >>> > > >>>and now to the review of your design doc for RFC 2818-compliant subject > > >>>alternative names in certs, > > >>>http://www.freeipa.org/page/V4/RFC_2818_certificate_compliance > > >>> > > >>> > > >>>1) RFC 2818 vs. RFC 6125 > > >>> > > >>>First I like to address a more general topic. Your design mentions RFC > > >>>6125 shortly. IMHO RFC 6125 supersedes 2818 for CN/SAN hostname > > >>>verification and we should follow the rules in RFC 6125, whenever 2818 > > >>>lacks specification or there is a conflict between both RFCs. I can tell > > >>>you some horror stories from Python's ssl module related to both RFCs. > > >>> > > >>>https://tools.ietf.org/html/rfc2818, HTTP Over TLS > > >>> > > >>>https://tools.ietf.org/html/rfc6125, Representation and Verification of > > >>>Domain-Based Application Service Identity within Internet Public Key > > >>>Infrastructure Using X.509 (PKIX) Certificates in the Context of > > >>>Transport Layer Security (TLS) > > >>> > > >>>As far as I'm familiar with RFC 6125, your proposal doesn't conflict > > >>>with the more modern RFC. It also makes sense to name the design after > > >>>the RFC, which has deprecated CN. I still like to check your design > > >>>against RFC 6125. > > >>> > > >>>Fraser, do you agree? > > >>> > > >>> > > >>>2) SAN validation in ipa cert-request > > >>> > > >>>In the paragraph "ipa cert-request changes" you write that the plugin > > >>>"[...] ensure that one element of the DNS names list matches the > > >>>principal name". Shouldn't the plugin validate *all* DNS names and > > >>>verify that the principal is allowed to request a cert for all fields in > > >>>SAN? > > >> > > >>Are there plans for any other SAN types? IP address or other oddball > > >>types > > >>like MS UPN? > > >> > > >We support almost all of them in Dogtag, and only support a few > > >types in FreeIPA (dnsName, rfc822Name, KRB5PrincipalName, UPN). > > > > > >We should work out what we can do with IP address; I recall it is > > >needed (or wanted) for some cloud/IaaS use cases. > > Yes, some of Openstack code expects IP address in the certificates. > > > > >DirectoryName would be simple to support (just check that it matches > > >DN of target principal). I wonder if there is a use case for it, or > > >for any other SAN types... > > dNSName and id-pkinit-san are used by Kerberos PKINIT support in MIT > > Kerberos for host-based principals. id-pkinit-san is also in use for > > mapping of the principal in general. > > > > In fact, Kerberos PKINIT retrieves all SANs and UPNs from the certificate > > and > > allows to match them by the matching rules -- id-pkinit-san goes to list > > of principals, id-ms-san-upn goes to the list of UPNs which are then > > merged together and can be addressed with keyword in the matching > > rule. > > > > This allows very flexible matching: > >pkinit_cert_match = ||.*DoE.*.*@EXAMPLE.COM > >pkinit_cert_match = > >&&msScLogin,clientAuth.*DoE.* > >pkinit_cert_match = > >msScLogin,clientAuthdigitalSignature > > > Thank you for the information! > > > > > > > >>> > > >>>3) Should FreeIPA deprecate cert request without SAN or at least warn > > >>>the user? > > >>> > > >>>IMHO it makes sense to deprecate CN only cert requests. > > >> > > >>I'd mark it as deprecated over at least a major release in order to > > >>handle > > >>older versions that may still make requests without a SAN. > > >> > > >We have to be careful here. CN is depreated for DNS name checking > > >in HTTP (or other network protocols using TLS). Fine - but there > > >could be other certificate use cases that require CN, e.g. user > > >certs where Subject DN corresponds to a directory name. > > Yes. pkinit_cert_match's rule is using Subject DN for checks. > > > > > > >We can deprecate it and eventually reject requests that include CN - > > >but only for service cert profile(s). (This would require a new > > >profile component designed for this purpose). > > Please do not do it. There are known uses for it at least with Kerberos. > > Of course, most of them are rather for user certificates but in reality > > Kerberos does not require you to have service principals always as DNS > > names. > > > There is the option of implementing the component that prohibits CN. > I was by no means suggesting it should be used for
Re: [Freeipa-devel] Locations design v2: LDAP schema & user interface
Design doc reviewed. Some minor specifications discussed with Petr and Martin, added to the doc. UQE_ACK. Thanks, - alich - - Original Message - > From: "Martin Basti" > To: "Simo Sorce" , "Petr Spacek" > Cc: freeipa-devel@redhat.com > Sent: Thursday, April 21, 2016 7:39:02 PM > Subject: Re: [Freeipa-devel] Locations design v2: LDAP schema & user > interface > > > > On 21.04.2016 18:58, Simo Sorce wrote: > > On Thu, 2016-04-21 at 17:39 +0200, Petr Spacek wrote: > >> On 19.4.2016 19:17, Simo Sorce wrote: > >>> On Tue, 2016-04-19 at 11:11 +0200, Petr Spacek wrote: > On 18.4.2016 21:33, Simo Sorce wrote: > > On Mon, 2016-04-18 at 17:44 +0200, Petr Spacek wrote: > >> * Find, filter and copy hand-made records from main tree into the > >> _locations sub-trees. This means that every hand-made record > >> needs to be copied and synchronized N-times where N = number of IPA > >> locations. > > This ^^ seem the one that provides the best semantics for admins and > > the > > least unexpected results. > > > >> My favorite option for the first version is 'document that enabling > >> DNS location will hide hand-made records in IPA domain.' > > I do not think this is acceptable, sorry. > > > >> The feature is disabled by default and needs additional configuration > >> anyway so simply upgrading should not break anything. > > It is also useless this way. > > > >> I'm eager to hear opinions and answers to questions above. > > HTH, > Well it does not help because you did not answer the questions listed in > the > design page. > > Anyway, here is third version of the design. It avoids copying user-made > records (basically 2 DNAMEs were replaced with bunch of CNAMEs): > > http://www.freeipa.org/page/V4/DNS_Location_Mechanism#Design_.28Version_3:_CNAME_per_service_name.29 > > It seems like a good middle ground: > http://www.freeipa.org/page/V4/DNS_Location_Mechanism#Comparison_of_proposals > >>> It does seem like a decent middle ground. > >>> And I guess an admin would be able to add custom templates if he wants > >>> to have specific services forwarded to the location specific subtree ? > >> Yes, the bind-dyndb-ldap's RecordGenerator and PerServerConfigInLDAP are > >> generic enough. At the moment we do not plan to expose these mechanisms in > >> user interface, we might do that later on. > >> > >> > This required changes in RecordGenerator design, too: > https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/RecordGenerator > >>> I do not see where you specify the specific record names you forward to > >>> the location trees here? > >> I do not understand the question. Let's have a look at the example: > >> > >> # DN specifies DNS node name which will hold the generated record: > >> dn: idnsName=_udp,idnsname=example.com.,cn=dns,dc=example,dc=com > >> # this is equivalent to _udp.example.com. > >> > >> objectClass: idnsTemplateObject > >> objectClass: top > >> objectClass: idnsRecord > >> idnsName: _udp > >> > >> # sub-type determines type of the generated record = DNAME > >> idnsTemplateAttribute;dnamerecord: > >> _udp.\{substitutionvariable_ipalocation\}._locations > >> # generated value will be _udp.your-location._locations > >> # it is a relative name so zone name (example.com) will be automatically > >> appended > >> > >> The template is just string, so you can specify an absolute name if you > >> want: > >> idnsTemplateAttribute;dnamerecord: > >> _udp.\{substitutionvariable_ipalocation\}._locations.another.zone.example. > >> > >> Of course 'ipalocation' is just a variable name so user can define his own > >> in > >> PerServerConfigInLDAP. > >> > >> Is it clearer now? > > Sorry I thought you said in option 3 that you would only create records > > for specific services using CNAMEs > > I was looking for how you configure which services you are going to pick > > in that case and couldn't see it. > > This example is a DNAME one and looks to me it is about option 2 ? > > > I put there image for version 3 there, and put/fix some implementation > details there. I will add more implementation details tomorrow. > > Basically, IPA knows what services are on which server (except NTP, will > be fixed), so based on this we are able to generate proper SRV records > in all locations, and mark the original one by attribute > 'idnsTemplateAttribute;cnamerecord' Please see example here, I will > refer on it later > http://www.freeipa.org/page/V4/DNS_Location_Mechanism#CNAME_data_generation > > > In case that server is not configured to provide Location specific data, > or the server is old, the original SRV record (marked with > 'idnsTemplateAttribute') will be used. In case that server is configured > to provide location specific data, bind-dyndb-ldap will replace the > original SRV record by CNAME according to location. > > Other SRV records (those not marked by 'idnsTem
Re: [Freeipa-devel] [PATCH 0009] Refactor test_automember_plugin
Hello, it looks good, thanks! ACK. Target: master - Original Message - > From: "Filip Skola" > To: freeipa-devel@redhat.com > Cc: "Milan Kubík" , "Aleš Mareček" > Sent: Monday, April 11, 2016 5:06:26 PM > Subject: [PATCH 0009] Refactor test_automember_plugin > > Hi, > > sending the refactored automember plugin test for review. > > Filip > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0008 Refactor test_sudocmdgroup_plugin, create SudoCmdGroupTracker
ACK. Thank you! Master push: Make sure it will go *after or together with* the previous patch from Filip, #0007, thanks! - alich - - Original Message - > From: "Filip Skola" > To: "Aleš Mareček" > Cc: freeipa-devel@redhat.com, "Milan Kubík" > Sent: Wednesday, February 24, 2016 8:13:03 PM > Subject: Re: [Freeipa-devel] [PATCH] 0008 Refactor test_sudocmdgroup_plugin, > create SudoCmdGroupTracker > > Hi, > > fixed. To be honest, I left that +1char longer lines there on purpose. IMHO > it brings better readability and pep8 *.py | wc -l in test_xmlrpc dir > returns an overwhelming number anyway. But yeah, some of these weren't > really necessary...so I changed them all :) > > This patch is dependent on 0007-3 patch. > > Filip > > - Original Message - > > NACK. > > > > > > [root@master2 test_xmlrpc]# pep8 test_sudocmdgroup_plugin.py > > test_sudocmdgroup_plugin.py:26:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:70:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:76:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:84:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:90:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:98:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:104:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:166:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:180:80: E501 line too long (80 > 79 characters) > > test_sudocmdgroup_plugin.py:186:80: E501 line too long (84 > 79 characters) > > [root@master2 test_xmlrpc]# pep8 tracker/sudocmdgroup_plugin.py > > tracker/sudocmdgroup_plugin.py:36:80: E501 line too long (82 > 79 > > characters) > > tracker/sudocmdgroup_plugin.py:42:80: E501 line too long (82 > 79 > > characters) > > tracker/sudocmdgroup_plugin.py:46:80: E501 line too long (85 > 79 > > characters) > > tracker/sudocmdgroup_plugin.py:55:80: E501 line too long (82 > 79 > > characters) > > tracker/sudocmdgroup_plugin.py:64:80: E501 line too long (82 > 79 > > characters) > > > > > > > > - Original Message - > > > From: "Filip Skola" > > > To: "Aleš Mareček" > > > Cc: freeipa-devel@redhat.com, "Milan Kubík" > > > Sent: Monday, February 22, 2016 3:41:36 PM > > > Subject: Re: [Freeipa-devel] [PATCH] 0008 Refactor > > > test_sudocmdgroup_plugin, create SudoCmdGroupTracker > > > > > > Hi, > > > > > > the test has been updated so it now uses the SudoCmdTracker (from the > > > previous patch). > > > > > > Filip > > > > > > - Original Message - > > > > NACK. > > > > > > > > "create_sudocmd" and "delete_sudocmd" should be imported from Tracker, > > > > not > > > > from the previous test (sudocmd_plugin). > > > > > > > > - alich - > > > > > > > > - Original Message - > > > > > From: "Filip Skola" > > > > > To: freeipa-devel@redhat.com > > > > > Sent: Thursday, January 28, 2016 12:49:17 PM > > > > > Subject: [Freeipa-devel] [PATCH] 0008 Refactor > > > > > test_sudocmdgroup_plugin, > > > > > create SudoCmdGroupTracker > > > > > > > > > > Hi, > > > > > > > > > > sending the next sudo patch. This one depends on the previous one > > > > > (sudocmd_plugin). > > > > > > > > > > Filip > > > > > > > > > > -- > > > > > Manage your subscription for the Freeipa-devel mailing list: > > > > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > > > > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code > > > > > > > > > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin
ACK. Thank you! - alich - - Original Message - > From: "Filip Skola" > To: "Aleš Mareček" > Cc: freeipa-devel@redhat.com, "Milan Kubík" > Sent: Wednesday, February 24, 2016 8:07:55 PM > Subject: Re: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin > > Hi, > > these problems have been fixed. > > F. > > - Original Message - > > NACK. > > Some little changes still required: > > * fixing the pep8 errors > > * fixing the wrong comment > > > > [root@master2 freeipa]# pep8 ipatests/test_xmlrpc/test_sudocmd_plugin.py > > ipatests/test_xmlrpc/test_sudocmd_plugin.py:94:80: E501 line too long (87 > > > 79 characters) > > ipatests/test_xmlrpc/test_sudocmd_plugin.py:97:80: E501 line too long (87 > > > 79 characters) > > ipatests/test_xmlrpc/test_sudocmd_plugin.py:134:80: E501 line too long (80 > > > > > 79 characters) > > > > [root@master2 freeipa]# pep8 ipatests/test_xmlrpc/tracker/sudocmd_plugin.py > > ipatests/test_xmlrpc/tracker/sudocmd_plugin.py:14:80: E501 line too long > > (81 > > > 79 characters) > > > > [root@master2 freeipa]# grep 'Class for' > > ipatests/test_xmlrpc/tracker/sudocmd_plugin.py > > """ Class for host plugin like tests """ > > > > > > - Original Message - > > > From: "Filip Skola" > > > To: "Aleš Mareček" > > > Cc: freeipa-devel@redhat.com, "Milan Kubík" > > > Sent: Monday, February 22, 2016 1:59:43 PM > > > Subject: Re: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin > > > > > > Hi, > > > > > > sudocmd tracker has been created. > > > > > > Filip > > > > > > - Original Message - > > > > NACK. > > > > > > > > "create_sudocmd" and "delete_sudocmd" should be placed in Tracker. So > > > > this > > > > patch should create the tracker as well. > > > > > > > > - Original Message - > > > > > From: "Filip Skola" > > > > > To: freeipa-devel@redhat.com > > > > > Sent: Monday, January 25, 2016 3:57:25 PM > > > > > Subject: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin > > > > > > > > > > Hello, > > > > > > > > > > attaching refactored sudocmd_plugin. > > > > > > > > > > Filip > > > > > -- > > > > > Manage your subscription for the Freeipa-devel mailing list: > > > > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > > > > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code > > > > > > > > > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0008 Refactor test_sudocmdgroup_plugin, create SudoCmdGroupTracker
NACK. [root@master2 test_xmlrpc]# pep8 test_sudocmdgroup_plugin.py test_sudocmdgroup_plugin.py:26:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:70:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:76:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:84:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:90:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:98:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:104:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:166:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:180:80: E501 line too long (80 > 79 characters) test_sudocmdgroup_plugin.py:186:80: E501 line too long (84 > 79 characters) [root@master2 test_xmlrpc]# pep8 tracker/sudocmdgroup_plugin.py tracker/sudocmdgroup_plugin.py:36:80: E501 line too long (82 > 79 characters) tracker/sudocmdgroup_plugin.py:42:80: E501 line too long (82 > 79 characters) tracker/sudocmdgroup_plugin.py:46:80: E501 line too long (85 > 79 characters) tracker/sudocmdgroup_plugin.py:55:80: E501 line too long (82 > 79 characters) tracker/sudocmdgroup_plugin.py:64:80: E501 line too long (82 > 79 characters) - Original Message ----- > From: "Filip Skola" > To: "Aleš Mareček" > Cc: freeipa-devel@redhat.com, "Milan Kubík" > Sent: Monday, February 22, 2016 3:41:36 PM > Subject: Re: [Freeipa-devel] [PATCH] 0008 Refactor test_sudocmdgroup_plugin, > create SudoCmdGroupTracker > > Hi, > > the test has been updated so it now uses the SudoCmdTracker (from the > previous patch). > > Filip > > - Original Message - > > NACK. > > > > "create_sudocmd" and "delete_sudocmd" should be imported from Tracker, not > > from the previous test (sudocmd_plugin). > > > > - alich - > > > > - Original Message - > > > From: "Filip Skola" > > > To: freeipa-devel@redhat.com > > > Sent: Thursday, January 28, 2016 12:49:17 PM > > > Subject: [Freeipa-devel] [PATCH] 0008 Refactor test_sudocmdgroup_plugin, > > > create SudoCmdGroupTracker > > > > > > Hi, > > > > > > sending the next sudo patch. This one depends on the previous one > > > (sudocmd_plugin). > > > > > > Filip > > > > > > -- > > > Manage your subscription for the Freeipa-devel mailing list: > > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code > > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin
NACK. Some little changes still required: * fixing the pep8 errors * fixing the wrong comment [root@master2 freeipa]# pep8 ipatests/test_xmlrpc/test_sudocmd_plugin.py ipatests/test_xmlrpc/test_sudocmd_plugin.py:94:80: E501 line too long (87 > 79 characters) ipatests/test_xmlrpc/test_sudocmd_plugin.py:97:80: E501 line too long (87 > 79 characters) ipatests/test_xmlrpc/test_sudocmd_plugin.py:134:80: E501 line too long (80 > 79 characters) [root@master2 freeipa]# pep8 ipatests/test_xmlrpc/tracker/sudocmd_plugin.py ipatests/test_xmlrpc/tracker/sudocmd_plugin.py:14:80: E501 line too long (81 > 79 characters) [root@master2 freeipa]# grep 'Class for' ipatests/test_xmlrpc/tracker/sudocmd_plugin.py """ Class for host plugin like tests """ - Original Message - > From: "Filip Skola" > To: "Aleš Mareček" > Cc: freeipa-devel@redhat.com, "Milan Kubík" > Sent: Monday, February 22, 2016 1:59:43 PM > Subject: Re: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin > > Hi, > > sudocmd tracker has been created. > > Filip > > - Original Message - > > NACK. > > > > "create_sudocmd" and "delete_sudocmd" should be placed in Tracker. So this > > patch should create the tracker as well. > > > > - Original Message - > > > From: "Filip Skola" > > > To: freeipa-devel@redhat.com > > > Sent: Monday, January 25, 2016 3:57:25 PM > > > Subject: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin > > > > > > Hello, > > > > > > attaching refactored sudocmd_plugin. > > > > > > Filip > > > -- > > > Manage your subscription for the Freeipa-devel mailing list: > > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code > > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0008 Refactor test_sudocmdgroup_plugin, create SudoCmdGroupTracker
NACK. "create_sudocmd" and "delete_sudocmd" should be imported from Tracker, not from the previous test (sudocmd_plugin). - alich - - Original Message - > From: "Filip Skola" > To: freeipa-devel@redhat.com > Sent: Thursday, January 28, 2016 12:49:17 PM > Subject: [Freeipa-devel] [PATCH] 0008 Refactor test_sudocmdgroup_plugin, > create SudoCmdGroupTracker > > Hi, > > sending the next sudo patch. This one depends on the previous one > (sudocmd_plugin). > > Filip > > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin
NACK. "create_sudocmd" and "delete_sudocmd" should be placed in Tracker. So this patch should create the tracker as well. - Original Message - > From: "Filip Skola" > To: freeipa-devel@redhat.com > Sent: Monday, January 25, 2016 3:57:25 PM > Subject: [Freeipa-devel] [PATCH] 0007 Refactor test_sudocmd_plugin > > Hello, > > attaching refactored sudocmd_plugin. > > Filip > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
Tested + several other dependent tests executed as well - PASS. The patch looks good, ACK. - Original Message - > From: "Filip Skola" > To: "Milan Kubík" > Cc: freeipa-devel@redhat.com, "Aleš Mareček" > Sent: Monday, January 25, 2016 11:55:35 AM > Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin > > > > - Original Message - > > On 01/15/2016 03:41 PM, Filip Skola wrote: > > > Hi, > > > > > > sending rebased patch on top of 58c42ddac0964a8cce7c1e1faa7516da53f028ad. > > > > > > Includes a "fix" for the rename-to-invalid-username issue for the new > > > version. > > > > > > F. > > > > > > - Original Message - > > >> Hi, > > >> > > >> I don't know what is causing the \r\n issue. I use vim and than send > > >> each > > >> email with claws-mail. Didn't spot this issue when trying emailing the > > >> patch > > >> to my other address. I'm trying to send it from zimbra now, let me know > > >> if > > >> that helped pls. > > >> > > >> Fix for the stageuser plugin issues caused by this patch should have > > >> been > > >> included in the last update; I think the remaining issue is not caused > > >> by > > >> UserTracker changes. Please correct me, if I'm wrong. > > >> > > >>> There is some issue with "test_rename_to_too_long_login" test. It fails > > >>> but > > >>> actually this is false positive because it is possible to create login > > >>> upto > > >>> 255 characters. I don't know why test mentions 32 characters without > > >>> any > > >>> other modified setup. > > >>> NACK for now. > > >>> - alich - > > >> This has been changed. This test still fails, though. > > >> > > >> Filip > > >> > > >>> > > >>> - Original Message - > > >>>> From: "Aleš Mareček" > > >>>> To: "Filip Škola" > > >>>> Cc: freeipa-devel@redhat.com, "Milan Kubík" > > >>>> Sent: Thursday, December 10, 2015 4:11:47 PM > > >>>> Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin > > >>>> > > >>>> Ah, sorry, haven't realized there had been devel list attached. > > >>>> Ok, there is some problem with \r\n in the patch. > > >>>> Filip, please take a look at it... > > >>>> Thanks... > > >>>> - alich - > > >>>> > > >>>> - Original Message - > > >>>>> From: "Filip Škola" > > >>>>> To: "Aleš Mareček" > > >>>>> Cc: freeipa-devel@redhat.com, "Milan Kubík" > > >>>>> Sent: Thursday, December 10, 2015 11:29:52 AM > > >>>>> Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin > > >>>>> > > >>>>> Hi, > > >>>>> > > >>>>> this if fixed. Also issues with test_stageuser_plugin caused by > > >>>>> UserTracker changes should be fixed here. > > >>>>> > > >>>>> Filip > > >>>>> > > >>>>> > > >>>>> On Mon, 7 Dec 2015 09:29:31 -0500 (EST) > > >>>>> Aleš Mareček wrote: > > >>>>> > > >>>>>> NACK. > > >>>>>> > > >>>>>> $ ./make-lint > > >>>>>> * Module ipatests.test_xmlrpc.test_user_plugin > > >>>>>> ipatests/test_xmlrpc/test_user_plugin.py:42: > > >>>>>> [E0611(no-name-in-module), ] No name 'ldaptracker' in module > > >>>>>> 'ipatests.test_xmlrpc') > > >>>>>> > > >>>>>> $ grep ldaptracker ipatests/test_xmlrpc/test_user_plugin.py > > >>>>>> from ipatests.test_xmlrpc.ldaptracker import Tracker > > >>>>>> $ ls ipatests/test_xmlrpc/ldaptracker* > > >>>>>> ls: cannot access ipatests/test_xmlrpc/ldaptracker*: No such file or > > >>>>>> directory > > >>>>>> > > >>&
Re: [Freeipa-devel] Testing FreeIPA 4.3 for GA
- Original Message - > From: "Milan Kubík" > To: "Petr Vobornik" > Cc: "freeipa-devel" , "Ales Marecek" > > Sent: Tuesday, December 15, 2015 4:53:18 PM > Subject: Re: [Freeipa-devel] Testing FreeIPA 4.3 for GA > > On 12/15/2015 04:35 PM, Petr Vobornik wrote: > > On 12/15/2015 01:05 AM, Petr Vobornik wrote: > >> Blocking patches for FreeIPA 4.3 were pushed, ipa-4-3 branch was > >> created. Master branch is ready for 4.4 development. > >> > >> A build is available for testing in my pvoborni/freeipa-4-3 COPR repo > >> [1] until the official 4.3 repo is created. The repo contains only this > >> build. The build is not pure upstream ipa-4-3 branch but rather a build > >> which will go to Fedora rawhide and official 4.3 copr repo - Fedora > >> downstream spec with the SELinux workaround applied [2][3]. > >> > >> Known issues: > >> * https://fedorahosted.org/freeipa/ticket/5469 - requires fix in PKI > >> * https://bugzilla.redhat.com/show_bug.cgi?id=1289930 - SELinux Policy > >> update needed for connection check > >> > >> I have started drafting release page [4]. > >> > >> [1] https://copr.fedoraproject.org/coprs/pvoborni/freeipa-4-3/ > >> [2] https://fedorahosted.org/freeipa/ticket/5533 > >> [3] > >> http://www.redhat.com/archives/freeipa-devel/2015-December/msg00234.html > >> [4] http://www.freeipa.org/page/Releases/4.3.0 > > > > Copr contains a rebuild with a patch for ticket: > > https://fedorahosted.org/freeipa/ticket/5551 > > > > https://copr.fedoraproject.org/coprs/pvoborni/freeipa-4-3/build/147975/ > > > > The build has exactly the same version as the one before. Ales, Milan, > > do we want to differentiate that somehow? > > > The job uses fresh install of the rpms. The same version and build > shouldn't be a problem. +1, I don't see any issue to use the "same" (not-yet-released) version. > > -- > Milan Kubik > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
Ah, sorry, haven't realized there had been devel list attached. Ok, there is some problem with \r\n in the patch. Filip, please take a look at it... Thanks... - alich - - Original Message - > From: "Filip Škola" > To: "Aleš Mareček" > Cc: freeipa-devel@redhat.com, "Milan Kubík" > Sent: Thursday, December 10, 2015 11:29:52 AM > Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin > > Hi, > > this if fixed. Also issues with test_stageuser_plugin caused by > UserTracker changes should be fixed here. > > Filip > > > On Mon, 7 Dec 2015 09:29:31 -0500 (EST) > Aleš Mareček wrote: > > > NACK. > > > > $ ./make-lint > > * Module ipatests.test_xmlrpc.test_user_plugin > > ipatests/test_xmlrpc/test_user_plugin.py:42: > > [E0611(no-name-in-module), ] No name 'ldaptracker' in module > > 'ipatests.test_xmlrpc') > > > > $ grep ldaptracker ipatests/test_xmlrpc/test_user_plugin.py > > from ipatests.test_xmlrpc.ldaptracker import Tracker > > $ ls ipatests/test_xmlrpc/ldaptracker* > > ls: cannot access ipatests/test_xmlrpc/ldaptracker*: No such file or > > directory > > > > > > - Original Message - > > > From: "Filip Škola" > > > To: "Milan Kubík" > > > Cc: freeipa-devel@redhat.com > > > Sent: Thursday, December 3, 2015 5:38:43 PM > > > Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin > > > > > > Hi, > > > > > > sending corrected version. > > > > > > F. > > > > > > On Thu, 12 Nov 2015 14:03:19 +0100 > > > Milan Kubík wrote: > > > > > > > On 11/10/2015 12:13 PM, Filip Škola wrote: > > > > > Hi, > > > > > > > > > > fixed. > > > > > > > > > > F. > > > > > > > > > > On Tue, 10 Nov 2015 10:52:45 +0100 > > > > > Milan Kubík wrote: > > > > > > > > > >> On 11/09/2015 04:35 PM, Filip Škola wrote: > > > > >>> Another patch was applied in the meantime. > > > > >>> > > > > >>> Attaching an updated version. > > > > >>> > > > > >>> F. > > > > >>> > > > > >>> On Mon, 9 Nov 2015 13:35:02 +0100 > > > > >>> Milan Kubík wrote: > > > > >>> > > > > >>>> On 11/06/2015 11:32 AM, Filip Škola wrote: > > > > >>>> Hi, > > > > >>>> the patch doesn't apply. > > > > >>>> > > > > >> Please fix this. > > > > >> > > > > >> ipatests/test_xmlrpc/test_user_plugin.py:1419: > > > > >> [E0602(undefined-variable), > > > > >> TestDeniedBindWithExpiredPrincipal.teardown_class] Undefined > > > > >> variable 'user1') > > > > >> > > > > >> Also, use the version numbers for your changed patches. > > > > >> > > > > > > > > > > > > > > Thanks for the patch. Several issues: > > > > > > > > 1. Use dict.items instead of dict.iteritems, for python3 > > > > compatibility > > > > > > > > 2. What is the purpose of TestPrepare class? The 'purge' methods > > > > do not call any ipa commands. > > > > Tracker.make_fixture should be used to make the Tracked resources > > > > clean themselves up when they're out of scope. > > > > > > > > 3. Why reference the resources by hardcoded name if they have a > > > > fixture representation? > > > > > > > > 4. Rewrite {create,delete}_test_group to a fixture. You may want > > > > to use different scope (or not). > > > > > > > > 5. In `def atest_rename_to_invalid_login(self, user):` - use > > > > pytest.skipif decorator and provide a reason if you must, > > > > do not obfuscate method name in order not to run it. > > > > > > > > > > > > > > > > > -- > > > Manage your subscription for the Freeipa-devel mailing list: > > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
There is some issue with "test_rename_to_too_long_login" test. It fails but actually this is false positive because it is possible to create login upto 255 characters. I don't know why test mentions 32 characters without any other modified setup. NACK for now. - alich - - Original Message - > From: "Aleš Mareček" > To: "Filip Škola" > Cc: freeipa-devel@redhat.com, "Milan Kubík" > Sent: Thursday, December 10, 2015 4:11:47 PM > Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin > > Ah, sorry, haven't realized there had been devel list attached. > Ok, there is some problem with \r\n in the patch. > Filip, please take a look at it... > Thanks... > - alich - > > - Original Message - > > From: "Filip Škola" > > To: "Aleš Mareček" > > Cc: freeipa-devel@redhat.com, "Milan Kubík" > > Sent: Thursday, December 10, 2015 11:29:52 AM > > Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin > > > > Hi, > > > > this if fixed. Also issues with test_stageuser_plugin caused by > > UserTracker changes should be fixed here. > > > > Filip > > > > > > On Mon, 7 Dec 2015 09:29:31 -0500 (EST) > > Aleš Mareček wrote: > > > > > NACK. > > > > > > $ ./make-lint > > > * Module ipatests.test_xmlrpc.test_user_plugin > > > ipatests/test_xmlrpc/test_user_plugin.py:42: > > > [E0611(no-name-in-module), ] No name 'ldaptracker' in module > > > 'ipatests.test_xmlrpc') > > > > > > $ grep ldaptracker ipatests/test_xmlrpc/test_user_plugin.py > > > from ipatests.test_xmlrpc.ldaptracker import Tracker > > > $ ls ipatests/test_xmlrpc/ldaptracker* > > > ls: cannot access ipatests/test_xmlrpc/ldaptracker*: No such file or > > > directory > > > > > > > > > - Original Message - > > > > From: "Filip Škola" > > > > To: "Milan Kubík" > > > > Cc: freeipa-devel@redhat.com > > > > Sent: Thursday, December 3, 2015 5:38:43 PM > > > > Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin > > > > > > > > Hi, > > > > > > > > sending corrected version. > > > > > > > > F. > > > > > > > > On Thu, 12 Nov 2015 14:03:19 +0100 > > > > Milan Kubík wrote: > > > > > > > > > On 11/10/2015 12:13 PM, Filip Škola wrote: > > > > > > Hi, > > > > > > > > > > > > fixed. > > > > > > > > > > > > F. > > > > > > > > > > > > On Tue, 10 Nov 2015 10:52:45 +0100 > > > > > > Milan Kubík wrote: > > > > > > > > > > > >> On 11/09/2015 04:35 PM, Filip Škola wrote: > > > > > >>> Another patch was applied in the meantime. > > > > > >>> > > > > > >>> Attaching an updated version. > > > > > >>> > > > > > >>> F. > > > > > >>> > > > > > >>> On Mon, 9 Nov 2015 13:35:02 +0100 > > > > > >>> Milan Kubík wrote: > > > > > >>> > > > > > >>>> On 11/06/2015 11:32 AM, Filip Škola wrote: > > > > > >>>> Hi, > > > > > >>>> the patch doesn't apply. > > > > > >>>> > > > > > >> Please fix this. > > > > > >> > > > > > >> ipatests/test_xmlrpc/test_user_plugin.py:1419: > > > > > >> [E0602(undefined-variable), > > > > > >> TestDeniedBindWithExpiredPrincipal.teardown_class] Undefined > > > > > >> variable 'user1') > > > > > >> > > > > > >> Also, use the version numbers for your changed patches. > > > > > >> > > > > > > > > > > > > > > > > > Thanks for the patch. Several issues: > > > > > > > > > > 1. Use dict.items instead of dict.iteritems, for python3 > > > > > compatibility > > > > > > > > > > 2. What is the purpose of TestPrepare class? The 'purge' methods > > > > > do not call any ipa commands. > > > > > Tracker.make_fixture should be used to make the Tracked resources > > > > > clean themselves up when they're out of scope. > > > > > > > > > > 3. Why reference the resources by hardcoded name if they have a > > > > > fixture representation? > > > > > > > > > > 4. Rewrite {create,delete}_test_group to a fixture. You may want > > > > > to use different scope (or not). > > > > > > > > > > 5. In `def atest_rename_to_invalid_login(self, user):` - use > > > > > pytest.skipif decorator and provide a reason if you must, > > > > > do not obfuscate method name in order not to run it. > > > > > > > > > > > > > > > > > > > > > > -- > > > > Manage your subscription for the Freeipa-devel mailing list: > > > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > > > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code > > > > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
Ahoj Filipe, zase tam vidim to '\r\n'... Prisel jsi na to, co to zpusobuje? Jinak patche jdu otestovat... - alich - - Original Message - > From: "Filip Škola" > To: "Aleš Mareček" > Cc: freeipa-devel@redhat.com, "Milan Kubík" > Sent: Thursday, December 10, 2015 11:29:52 AM > Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin > > Hi, > > this if fixed. Also issues with test_stageuser_plugin caused by > UserTracker changes should be fixed here. > > Filip > > > On Mon, 7 Dec 2015 09:29:31 -0500 (EST) > Aleš Mareček wrote: > > > NACK. > > > > $ ./make-lint > > * Module ipatests.test_xmlrpc.test_user_plugin > > ipatests/test_xmlrpc/test_user_plugin.py:42: > > [E0611(no-name-in-module), ] No name 'ldaptracker' in module > > 'ipatests.test_xmlrpc') > > > > $ grep ldaptracker ipatests/test_xmlrpc/test_user_plugin.py > > from ipatests.test_xmlrpc.ldaptracker import Tracker > > $ ls ipatests/test_xmlrpc/ldaptracker* > > ls: cannot access ipatests/test_xmlrpc/ldaptracker*: No such file or > > directory > > > > > > - Original Message - > > > From: "Filip Škola" > > > To: "Milan Kubík" > > > Cc: freeipa-devel@redhat.com > > > Sent: Thursday, December 3, 2015 5:38:43 PM > > > Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin > > > > > > Hi, > > > > > > sending corrected version. > > > > > > F. > > > > > > On Thu, 12 Nov 2015 14:03:19 +0100 > > > Milan Kubík wrote: > > > > > > > On 11/10/2015 12:13 PM, Filip Škola wrote: > > > > > Hi, > > > > > > > > > > fixed. > > > > > > > > > > F. > > > > > > > > > > On Tue, 10 Nov 2015 10:52:45 +0100 > > > > > Milan Kubík wrote: > > > > > > > > > >> On 11/09/2015 04:35 PM, Filip Škola wrote: > > > > >>> Another patch was applied in the meantime. > > > > >>> > > > > >>> Attaching an updated version. > > > > >>> > > > > >>> F. > > > > >>> > > > > >>> On Mon, 9 Nov 2015 13:35:02 +0100 > > > > >>> Milan Kubík wrote: > > > > >>> > > > > >>>> On 11/06/2015 11:32 AM, Filip Škola wrote: > > > > >>>> Hi, > > > > >>>> the patch doesn't apply. > > > > >>>> > > > > >> Please fix this. > > > > >> > > > > >> ipatests/test_xmlrpc/test_user_plugin.py:1419: > > > > >> [E0602(undefined-variable), > > > > >> TestDeniedBindWithExpiredPrincipal.teardown_class] Undefined > > > > >> variable 'user1') > > > > >> > > > > >> Also, use the version numbers for your changed patches. > > > > >> > > > > > > > > > > > > > > Thanks for the patch. Several issues: > > > > > > > > 1. Use dict.items instead of dict.iteritems, for python3 > > > > compatibility > > > > > > > > 2. What is the purpose of TestPrepare class? The 'purge' methods > > > > do not call any ipa commands. > > > > Tracker.make_fixture should be used to make the Tracked resources > > > > clean themselves up when they're out of scope. > > > > > > > > 3. Why reference the resources by hardcoded name if they have a > > > > fixture representation? > > > > > > > > 4. Rewrite {create,delete}_test_group to a fixture. You may want > > > > to use different scope (or not). > > > > > > > > 5. In `def atest_rename_to_invalid_login(self, user):` - use > > > > pytest.skipif decorator and provide a reason if you must, > > > > do not obfuscate method name in order not to run it. > > > > > > > > > > > > > > > > > -- > > > Manage your subscription for the Freeipa-devel mailing list: > > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin
NACK. $ ./make-lint * Module ipatests.test_xmlrpc.test_user_plugin ipatests/test_xmlrpc/test_user_plugin.py:42: [E0611(no-name-in-module), ] No name 'ldaptracker' in module 'ipatests.test_xmlrpc') $ grep ldaptracker ipatests/test_xmlrpc/test_user_plugin.py from ipatests.test_xmlrpc.ldaptracker import Tracker $ ls ipatests/test_xmlrpc/ldaptracker* ls: cannot access ipatests/test_xmlrpc/ldaptracker*: No such file or directory - Original Message - > From: "Filip Škola" > To: "Milan Kubík" > Cc: freeipa-devel@redhat.com > Sent: Thursday, December 3, 2015 5:38:43 PM > Subject: Re: [Freeipa-devel] [PATCH] 0001 Refactor test_user_plugin > > Hi, > > sending corrected version. > > F. > > On Thu, 12 Nov 2015 14:03:19 +0100 > Milan Kubík wrote: > > > On 11/10/2015 12:13 PM, Filip Škola wrote: > > > Hi, > > > > > > fixed. > > > > > > F. > > > > > > On Tue, 10 Nov 2015 10:52:45 +0100 > > > Milan Kubík wrote: > > > > > >> On 11/09/2015 04:35 PM, Filip Škola wrote: > > >>> Another patch was applied in the meantime. > > >>> > > >>> Attaching an updated version. > > >>> > > >>> F. > > >>> > > >>> On Mon, 9 Nov 2015 13:35:02 +0100 > > >>> Milan Kubík wrote: > > >>> > > On 11/06/2015 11:32 AM, Filip Škola wrote: > > Hi, > > the patch doesn't apply. > > > > >> Please fix this. > > >> > > >> ipatests/test_xmlrpc/test_user_plugin.py:1419: > > >> [E0602(undefined-variable), > > >> TestDeniedBindWithExpiredPrincipal.teardown_class] Undefined > > >> variable 'user1') > > >> > > >> Also, use the version numbers for your changed patches. > > >> > > > > > > > > Thanks for the patch. Several issues: > > > > 1. Use dict.items instead of dict.iteritems, for python3 compatibility > > > > 2. What is the purpose of TestPrepare class? The 'purge' methods do > > not call any ipa commands. > > Tracker.make_fixture should be used to make the Tracked resources > > clean themselves up when they're out of scope. > > > > 3. Why reference the resources by hardcoded name if they have a > > fixture representation? > > > > 4. Rewrite {create,delete}_test_group to a fixture. You may want to > > use different scope (or not). > > > > 5. In `def atest_rename_to_invalid_login(self, user):` - use > > pytest.skipif decorator and provide a reason if you must, > > do not obfuscate method name in order not to run it. > > > > > > > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for sudo rules validating
Hello, ACK for code NACK for the placing "get_client_ip_with_hostmask" function to test_sudo.py (this function should be in some more general file) - Original Message - > From: "Oleg Fayans" > To: freeipa-devel@redhat.com > Sent: Thursday, December 3, 2015 3:32:46 PM > Subject: Re: [Freeipa-devel] [PATCH 0388] tests: Add hostmask detection for > sudo rules validating > > Hi Tomas, > > I would prefer get_client_ip_with_hostmask function to go to > ipatests/test_integration/tasks.py, and to be more generic: we probably > will need to run it against an arbitrary host. tasks.py is not the proper place as well > The rest looks fine > > On 12/03/2015 11:35 AM, Tomas Babej wrote: > > > > > > On 12/02/2015 05:25 PM, Lukas Slebodnik wrote: > >> On (02/12/15 15:41), Tomas Babej wrote: > >>> > >>> > >>> On 12/02/2015 09:24 AM, Tomas Babej wrote: > > > On 12/01/2015 06:27 PM, Tomas Babej wrote: > > > > > > On 11/30/2015 05:32 PM, Lukas Slebodnik wrote: > >> On (30/11/15 13:09), Tomas Babej wrote: > >>> Hi, > >>> > >>> IPA sudo tests worked under the assumption that the clients that > >>> are executing the sudo commands have their IPs assigned within > >>> 255.255.255.0 hostmask. > >>> > >>> Removes this (invalid) assumption and adds a dynamic detection of > >>> the hostmask of the IPA client. > >>> > >>> https://fedorahosted.org/freeipa/ticket/5501 > >> > >> >From e6f1846f0d7d17303e5b30b1643651ba739b2b6c Mon Sep 17 00:00:00 > >> >2001 > >>> From: Tomas Babej > >>> Date: Mon, 30 Nov 2015 12:53:39 +0100 > >>> Subject: [PATCH] tests: Add hostmask detection for sudo rules > >>> validating on > >>> hostmask > >>> > >>> IPA sudo tests worked under the assumption that the clients that > >>> are executing the sudo commands have their IPs assigned within > >>> 255.255.255.0 hostmask. > >>> > >>> Removes this (invalid) assumption and adds a dynamic detection of > >>> the hostmask of the IPA client. > >>> > > > > Thanks, updated patch attached. > > > > Tomas > > > > Actually, a small improvement is necessary. > > Updated patch attached. > > Tomas > > > > >>> > >>> Thanks to Lukas, we found another problem with the test. > >>> > >>> Updated patch attached. > >>> > >> Thank you for 4th revision of patch > >> but there is still one issue. > >> > >> === FAILURES > >> === > >> _ TestSudo.test_sudo_rule_restricted_to_one_hostmask_negative > >> __ > >> > >> self = >> 0x7ff695f56890> > >> > >> def test_sudo_rule_restricted_to_one_hostmask_negative(self): > >> result1 = self.list_sudo_commands("testuser1") > >>>assert result1.returncode != 0 > >> E assert 0 != 0 > >> E+ where 0 = >> 0x7ff695f56bd0>.returncode > >> > >> test_integration/test_sudo.py:323: AssertionError > >> 1 failed, 74 passed in 807.35 seconds > >> = > >> > >> LS > >> > > > > Here the test affected the negative test setup, which is fixed in the > > latest revision. > > > > Thanks, > > Tomas > > > > > > > > -- > Oleg Fayans > Quality Engineer > FreeIPA team > RedHat. > > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [patch 0025] Separated Tracker implementations into standalone package
- Original Message - > From: "Milan Kubík" > To: "Martin Basti" > Cc: freeipa-devel@redhat.com, "Aleš Mareček" > Sent: Tuesday, December 1, 2015 10:31:14 AM > Subject: Re: [Freeipa-devel] [patch 0025] Separated Tracker implementations > into standalone package > > On 11/30/2015 07:13 PM, Martin Basti wrote: > > NACK > > > > 1) > > With this patch I received this error in test_user_plugin.py > > > > E AssertionError: assert_deepequal: expected != got. > > E 0106: user_status: Query status of "tuser1" > > E expected = 1 > > E got = 2 > > E path = ('count',) > > > > I have just admin user on my system > > > > 2) > > __ > > ERROR collecting test_xmlrpc/test_stageuser_plugin.py > > __ > > test_xmlrpc/test_stageuser_plugin.py:28: in > > from ipatests.test_xmlrpc.tracker.user_plugin import UserTracker > > E ImportError: No module named tracker.user_plugin > > __ > > ERROR collecting test_xmlrpc/test_stageuser_plugin.py > > __ > > test_xmlrpc/test_stageuser_plugin.py:28: in > > from ipatests.test_xmlrpc.tracker.user_plugin import UserTracker > > E ImportError: No module named tracker.user_plugin > > > > 3) > > > > ERROR collecting test_xmlrpc/test_group_plugin.py > > > > test_xmlrpc/test_group_plugin.py:34: in > > from ipatests.test_xmlrpc.tracker.user_plugin import UserTracker > > E ImportError: No module named tracker.user_plugin > > > > ERROR collecting test_xmlrpc/test_group_plugin.py > > > > test_xmlrpc/test_group_plugin.py:34: in > > from ipatests.test_xmlrpc.tracker.user_plugin import UserTracker > > E ImportError: No module named tracker.user_plugin > > > > 4) > > > > ERROR collecting test_xmlrpc/test_host_plugin.py > > _ > > test_xmlrpc/test_host_plugin.py:42: in > > from ipatests.test_xmlrpc.tracker.host_plugin import HostTracker > > E ImportError: No module named tracker.host_plugin > > > > ERROR collecting test_xmlrpc/test_host_plugin.py > > _ > > test_xmlrpc/test_host_plugin.py:42: in > > from ipatests.test_xmlrpc.tracker.host_plugin import HostTracker > > E ImportError: No module named tracker.host_plugin > > > > 5) > > > > ERROR collecting test_xmlrpc/test_caacl_plugin.py > > > > test_xmlrpc/test_caacl_plugin.py:15: in > > from ipatests.test_xmlrpc.test_certprofile_plugin import > > default_profile > > ../_pytest/assertion/rewrite.py:171: in load_module > > py.builtin.exec_(co, mod.__dict__) > > test_xmlrpc/test_certprofile_plugin.py:17: in > > from ipatests.test_xmlrpc.tracker.certprofile_plugin import > > CertprofileTracker > > E ImportError: No module named tracker.certprofile_plugin > > > > ERROR collecting test_xmlrpc/test_caacl_plugin.py > > > > test_xmlrpc/test_caacl_plugin.py:15: in > > from ipatests.test_xmlrpc.test_certprofile_plugin import > > default_profile > > ../_pytest/assertion/rewrite.py:171: in load_module > > py.builtin.exec_(co, mod.__dict__) > > test_xmlrpc/test_certprofile_plugin.py:17: in > > from ipatests.test_xmlrpc.tracker.certprofile_plugin import > > CertprofileTracker > > E ImportError: No module named tracker.certprofile_plugin &g
Re: [Freeipa-devel] Testing replication topologies
Greetings! - Original Message - > From: "Martin Basti" > To: "freeipa-devel" , "Petr Vobornik" > , "Aleš Mareček" > > Sent: Wednesday, December 2, 2015 12:20:56 PM > Subject: Testing replication topologies > > Hello all, > > due to recent bug I found https://fedorahosted.org/freeipa/ticket/5506 I > realized we do not have testing of complex topologies. > > On the other hand, test framework is ready and allows to testing 5 > different topologies, can we create test which will test those 5 > topologies with for example 4-5 replicas? We were talking about it in the morning with Petr. So the answer is: yes, we can. Adding Oleg... > > (read test_topologies.py there are examples of topologies) > > Martin > Have a nice day! - alich - -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [patch 0025] Separated Tracker implementations into standalone package
Tested with today's master, ACK. - alich - - Original Message - > From: "Milan Kubík" > To: freeipa-devel@redhat.com > Sent: Friday, November 27, 2015 3:40:29 PM > Subject: Re: [Freeipa-devel] [patch 0025] Separated Tracker implementations > into standalone package > > On 11/27/2015 03:36 PM, Milan Kubík wrote: > > > > On 11/27/2015 03:31 PM, Milan Kubík wrote: > > > On 11/23/2015 10:43 AM, Lenka Doudova wrote: > > > NACK - there's a "typo" in /tracker/user_plugin.py, line 17-18: > > def get_user_dn(cn): > > return DN(('cn', cn), api.env.container_user, api.env.basedn) > > > should be > > def get_user_dn(uid): > > return DN(('uid', uid), api.env.container_user, api.env.basedn) > > > Some tests may fail because of that. > Lenka > > > On 11/20/2015 08:54 PM, Aleš Mareček wrote: > > > Looks good. ACK. > > - Original Message - > > > From: "Milan Kubík" > To: "freeipa-devel" > Cc: "Filip Skola" , "Ales Marecek" > Sent: Friday, November 20, 2015 3:44:30 PM > Subject: [patch 0025] Separated Tracker implementations into standalone > package > > Fixes https://fedorahosted.org/freeipa/ticket/5467 > Patches attached. > > -- > Milan Kubik > > > > Fixed the function and moved it into different module. > Updated patches attached. > > > > Self nack, some imports missing > > -- > Milan Kubik > > > Patches updated. > > -- > Milan Kubik > > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [patch 0025] Separated Tracker implementations into standalone package
Looks good. ACK. - Original Message - > From: "Milan Kubík" > To: "freeipa-devel" > Cc: "Filip Skola" , "Ales Marecek" > Sent: Friday, November 20, 2015 3:44:30 PM > Subject: [patch 0025] Separated Tracker implementations into standalone > package > > Fixes https://fedorahosted.org/freeipa/ticket/5467 > Patches attached. > > -- > Milan Kubik > > -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0347] Fix CI tests domain_level ENV config
ACK. - Original Message - > From: "Martin Basti" > To: "freeipa-devel" > Sent: Friday, November 13, 2015 7:39:00 PM > Subject: [Freeipa-devel] [PATCH 0347] Fix CI tests domain_level ENV config > > Patch attached. > > Following test should pass: > ipa-run-tests test_integration/test_testconfig.py --verbose > > > > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0348] CI: fix KRA installation with domain level>0
ACK. - Original Message - > From: "Martin Basti" > To: "freeipa-devel" > Sent: Monday, November 16, 2015 4:06:51 PM > Subject: [Freeipa-devel] [PATCH 0348] CI: fix KRA installation with domain > level>0 > > Patch attached. > Part of https://fedorahosted.org/freeipa/ticket/5379 > > Martin^2 > > > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [patch 0023] Applied tier0 and tier1 marks on unit tests and xmlrpc tests
Looks good, ACK. - Original Message - > From: "Milan Kubík" > To: freeipa-devel@redhat.com > Sent: Thursday, November 5, 2015 12:20:29 PM > Subject: Re: [Freeipa-devel] [patch 0023] Applied tier0 and tier1 marks on > unit tests and xmlrpc tests > > On 11/05/2015 11:20 AM, Milan Kubík wrote: > > > Hi list, > > these patches introduce the tier categorization into the tests using > pytest's mark mechanism. It is a step towards a change in our CI > with which we hope to get more usefull/readable results as well as > allow us to structure our CI in more logical way. > > Because of technical reasons, all tests that are subclasses of `Declarative` > class are marked as tier1 tests. In these tests, if one suite is marked, all > of > the Declarative tests will be run as a big blob. > > The marks are not set in stone, please provide some feedback if you think > some of the tests shoult go elsewhere. > > > > Self NACK after irc nitpick. Fixed pep8 complaints. > > -- > Milan Kubik > > -- > Manage your subscription for the Freeipa-devel mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-devel > Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 503] upgrade: make sure ldap2 is connected in export_kra_agent_pem
ok, it's not fault of patch itself, ACK - Original Message - > From: "Aleš Mareček" > To: "Jan Cholasta" > Cc: "freeipa-devel" > Sent: Monday, October 12, 2015 3:45:51 PM > Subject: Re: [Freeipa-devel] [PATCH 503] upgrade: make sure ldap2 is > connected in export_kra_agent_pem > > Hello, > the patch looks good but pep8 cries: > > # pep8 ipaserver/install/server/upgrade.py > ipaserver/install/server/upgrade.py:53:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:68:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:83:25: E261 at least two spaces before > inline comment > ipaserver/install/server/upgrade.py:88:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:94:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:96:13: E225 missing whitespace around > operator > ipaserver/install/server/upgrade.py:109:80: E501 line too long (93 > 79 > characters) > ipaserver/install/server/upgrade.py:111:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:131:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:151:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:172:13: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:179:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:192:80: E501 line too long (108 > 79 > characters) > ipaserver/install/server/upgrade.py:196:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:217:49: E231 missing whitespace after ',' > ipaserver/install/server/upgrade.py:222:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:228:80: E501 line too long (83 > 79 > characters) > ipaserver/install/server/upgrade.py:264:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:277:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:333:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:366:80: E501 line too long (82 > 79 > characters) > ipaserver/install/server/upgrade.py:414:49: E251 unexpected spaces around > keyword / parameter equals > ipaserver/install/server/upgrade.py:414:51: E251 unexpected spaces around > keyword / parameter equals > ipaserver/install/server/upgrade.py:441:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:455:56: E127 continuation line > over-indented for visual indent > ipaserver/install/server/upgrade.py:459:25: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:487:37: E126 continuation line > over-indented for hanging indent > ipaserver/install/server/upgrade.py:494:17: E126 continuation line > over-indented for hanging indent > ipaserver/install/server/upgrade.py:503:80: E501 line too long (81 > 79 > characters) > ipaserver/install/server/upgrade.py:504:25: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:511:80: E501 line too long (81 > 79 > characters) > ipaserver/install/server/upgrade.py:517:1: E302 expected 2 blank lines, found > 1 > ipaserver/install/server/upgrade.py:538:80: E501 line too long (83 > 79 > characters) > ipaserver/install/server/upgrade.py:539:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:541:80: E501 line too long (82 > 79 > characters) > ipaserver/install/server/upgrade.py:542:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:551:80: E501 line too long (89 > 79 > characters) > ipaserver/install/server/upgrade.py:552:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:554:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:556:80: E501 line too long (86 > 79 > characters) > ipaserver/install/server/upgrade.py:557:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:561:80: E501 line too long (91 > 79 > characters) > ipaserver/install/server/upgrade.py:562:13: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:577:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/upgrade.py:603:17: E128 continuation line > under-indented for visual indent > ipaserver/install/server/up
Re: [Freeipa-devel] [PATCH 503] upgrade: make sure ldap2 is connected in export_kra_agent_pem
Hello, the patch looks good but pep8 cries: # pep8 ipaserver/install/server/upgrade.py ipaserver/install/server/upgrade.py:53:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:68:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:83:25: E261 at least two spaces before inline comment ipaserver/install/server/upgrade.py:88:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:94:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:96:13: E225 missing whitespace around operator ipaserver/install/server/upgrade.py:109:80: E501 line too long (93 > 79 characters) ipaserver/install/server/upgrade.py:111:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:131:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:151:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:172:13: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:179:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:192:80: E501 line too long (108 > 79 characters) ipaserver/install/server/upgrade.py:196:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:217:49: E231 missing whitespace after ',' ipaserver/install/server/upgrade.py:222:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:228:80: E501 line too long (83 > 79 characters) ipaserver/install/server/upgrade.py:264:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:277:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:333:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:366:80: E501 line too long (82 > 79 characters) ipaserver/install/server/upgrade.py:414:49: E251 unexpected spaces around keyword / parameter equals ipaserver/install/server/upgrade.py:414:51: E251 unexpected spaces around keyword / parameter equals ipaserver/install/server/upgrade.py:441:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:455:56: E127 continuation line over-indented for visual indent ipaserver/install/server/upgrade.py:459:25: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:487:37: E126 continuation line over-indented for hanging indent ipaserver/install/server/upgrade.py:494:17: E126 continuation line over-indented for hanging indent ipaserver/install/server/upgrade.py:503:80: E501 line too long (81 > 79 characters) ipaserver/install/server/upgrade.py:504:25: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:511:80: E501 line too long (81 > 79 characters) ipaserver/install/server/upgrade.py:517:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:538:80: E501 line too long (83 > 79 characters) ipaserver/install/server/upgrade.py:539:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:541:80: E501 line too long (82 > 79 characters) ipaserver/install/server/upgrade.py:542:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:551:80: E501 line too long (89 > 79 characters) ipaserver/install/server/upgrade.py:552:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:554:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:556:80: E501 line too long (86 > 79 characters) ipaserver/install/server/upgrade.py:557:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:561:80: E501 line too long (91 > 79 characters) ipaserver/install/server/upgrade.py:562:13: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:577:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:603:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:606:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:611:80: E501 line too long (80 > 79 characters) ipaserver/install/server/upgrade.py:616:80: E501 line too long (81 > 79 characters) ipaserver/install/server/upgrade.py:619:17: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:627:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:640:80: E501 line too long (85 > 79 characters) ipaserver/install/server/upgrade.py:643:80: E501 line too long (84 > 79 characters) ipaserver/install/server/upgrade.py:644:21: E128 continuation line under-indented for visual indent ipaserver/install/server/upgrade.py:652:1: E302 expected 2 blank lines, found 1 ipaserver/install/server/upgrade.py:664:80: E501 line too long
Re: [Freeipa-devel] [PATCH] 0001-2 ipatests: SOA record Maintenance tests
Greetings! Martin, thanks for your review and comments! I changed the name of the patch and setup my git variables properly. I also re-tested it and got all passed. I'm sending a new patch that is attached. - Original Message - > From: "Martin Basti" > To: "Aleš Mareček" , freeipa-devel@redhat.com > Sent: Tuesday, March 24, 2015 4:39:21 PM > Subject: Re: [Freeipa-devel] [PATCH] 0001 ipatests: SOA record Maintenance > tests > > On 24/03/15 15:06, Aleš Mareček wrote: > > Greetings! > > This is my very first patch, ticket#4746. > > > > Have a nice day! > > - alich - > > > > > Thank you for the patch. Just nitpicks: > > 1) > +cleanup_commands = [ > +('dnszone_del', [zone6], {'continue': True}), > +('dnszone_del', [zone6b], {'continue': True}), > +] > > would be better do it in this way, continue option will to try remove > all zones: > +cleanup_commands = [ > +('dnszone_del', [zone6, zone6b], {'continue': True}), > +] > Done. > 2) > I'm fine with zone6b, but was there any reason to create zone6b, instead > of reusing zone 1 or 2 or 3? Because of some updates needs, I didn't want to break anything existing thus I created new. > > 3) > Please fix whitespace errors. > $ git am > freeipa-alich-0001-ipatests-added-tests-for-SOA-record-Maintenance.patch > Applying: ipatests - added tests for SOA record Maintenance > /home/mbasti/work/freeipa-devel/.git/rebase-apply/patch:482: trailing > whitespace. > > /home/mbasti/work/freeipa-devel/.git/rebase-apply/patch:758: new blank > line at EOF. > + > warning: 2 lines add whitespace errors. > Done. $ git am freeipa-alich-0001-2-Ipatests-DNS-SOA-Record-Maintenance.patch Applying: Ipatests DNS SOA Record Maintenance $ > 4) > I know the dns plugin tests are so far from PEP8, but try to keep PEP8 > in new code Done, only 1 line persisted that I didn't want to break: zone6_unresolvable_ns_relative_dnsname = DNSName(zone6_unresolvable_ns_relative) > > Otherwise test works as expected. > > Martin^2 > > -- > Martin Basti > > Thanks! - alich - From fcd2078d138f768383df78896d44e51b606ada3b Mon Sep 17 00:00:00 2001 From: Ales 'alich' Marecek Date: Fri, 27 Mar 2015 16:17:10 +0100 Subject: [PATCH] Ipatests DNS SOA Record Maintenance https://fedorahosted.org/freeipa/ticket/4746 --- ipatests/test_xmlrpc/test_dns_plugin.py | 757 1 file changed, 757 insertions(+) diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py index 47251ff68e829a0e0944633bd6243e2c2f79935c..a226c80486e4d44a44714a2f7d03e1049d4d37a8 100644 --- a/ipatests/test_xmlrpc/test_dns_plugin.py +++ b/ipatests/test_xmlrpc/test_dns_plugin.py @@ -120,6 +120,51 @@ zone5_ns_dnsname = DNSName(zone5_ns) zone5_rname = u'root.%s' % zone5 zone5_rname_dnsname = DNSName(zone5_rname) +zone6b = u'zone6b.test' +zone6b_absolute = u'%s.' % zone6b +zone6b_dnsname = DNSName(zone6b) +zone6b_absolute_dnsname = DNSName(zone6b_absolute) +zone6b_dn = DN(('idnsname', zone6b), api.env.container_dns, api.env.basedn) +zone6b_absolute_dn = DN(('idnsname', zone6b_absolute), +api.env.container_dns, api.env.basedn) +zone6b_rname = u'hostmaster' +zone6b_rname_dnsname = DNSName(zone6b_rname) +zone6b_ip = u'172.16.70.1' +zone6b_ns_arec = u'ns' +zone6b_ns = u'%s.%s' % (zone6b_ns_arec, zone6b_absolute) +zone6b_ns_arec_dnsname = DNSName(zone6b_ns_arec) +zone6b_ns_arec_dn = DN(('idnsname', zone6b_ns_arec), zone6b_dn) +zone6b_ns_dnsname = DNSName(zone6b_ns) +zone6b_absolute_arec_dn = DN(('idnsname', zone6b_ns_arec), zone6b_absolute_dn) + +zone6 = u'zone6.test' +zone6_invalid = u'invalid-zone.zone6..test' +zone6_absolute = u'%s.' % zone6 +zone6_dnsname = DNSName(zone6) +zone6_absolute_dnsname = DNSName(zone6_absolute) +zone6_dn = DN(('idnsname', zone6), api.env.container_dns, api.env.basedn) +zone6_absolute_dn = DN(('idnsname', zone6_absolute), + api.env.container_dns, api.env.basedn) +zone6_ns_relative = u'ns1' +zone6_absolute_arec_dn = DN(('idnsname', zone6_ns_relative), zone6_absolute_dn) +zone6_ns = u'%s.%s' % (zone6_ns_relative, zone6_absolute) +zone6_ns_relative_dnsname = DNSName(zone6_ns_relative) +zone6_ns_dnsname = DNSName(zone6_ns) +zone6_ns_arec_dnsname = DNSName(zone6_ns_relative) +zone6_ns_invalid_dnsname = u'invalid name server! ..%s' % zone6_absolute +zone6_rname = u'root.%s' % zone6_absolute +zone6_rname_dnsname = DNSName(zone6_rname) +zone6_rname_d
[Freeipa-devel] [PATCH] 0001 ipatests: SOA record Maintenance tests
Greetings! This is my very first patch, ticket#4746. Have a nice day! - alich -From 0f7eb27d1470e785e3799bc78c367d8118917f99 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 24 Mar 2015 14:40:49 +0100 Subject: [PATCH] ipatests - added tests for SOA record Maintenance --- ipatests/test_xmlrpc/test_dns_plugin.py | 739 1 file changed, 739 insertions(+) diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py index 47251ff68e829a0e0944633bd6243e2c2f79935c..dff2fd177c0d4f663540d41c5708894440c7d9d0 100644 --- a/ipatests/test_xmlrpc/test_dns_plugin.py +++ b/ipatests/test_xmlrpc/test_dns_plugin.py @@ -120,6 +120,48 @@ zone5_ns_dnsname = DNSName(zone5_ns) zone5_rname = u'root.%s' % zone5 zone5_rname_dnsname = DNSName(zone5_rname) +zone6b = u'zone6b.test' +zone6b_absolute = u'%s.' % zone6b +zone6b_dnsname = DNSName(zone6b) +zone6b_absolute_dnsname = DNSName(zone6b_absolute) +zone6b_dn = DN(('idnsname', zone6b), api.env.container_dns, api.env.basedn) +zone6b_absolute_dn = DN(('idnsname', zone6b_absolute), api.env.container_dns, api.env.basedn) +zone6b_rname = u'hostmaster' +zone6b_rname_dnsname = DNSName(zone6b_rname) +zone6b_ip = u'172.16.70.1' +zone6b_ns_arec = u'ns' +zone6b_ns = u'%s.%s' % (zone6b_ns_arec, zone6b_absolute) +zone6b_ns_arec_dnsname = DNSName(zone6b_ns_arec) +zone6b_ns_arec_dn = DN(('idnsname',zone6b_ns_arec), zone6b_dn) +zone6b_ns_dnsname = DNSName(zone6b_ns) +zone6b_absolute_arec_dn = DN(('idnsname',zone6b_ns_arec), zone6b_absolute_dn) + +zone6 = u'zone6.test' +zone6_invalid = u'invalid-zone.zone6..test' +zone6_absolute = u'%s.' % zone6 +zone6_dnsname = DNSName(zone6) +zone6_absolute_dnsname = DNSName(zone6_absolute) +zone6_dn = DN(('idnsname', zone6), api.env.container_dns, api.env.basedn) +zone6_absolute_dn = DN(('idnsname', zone6_absolute), api.env.container_dns, api.env.basedn) +zone6_ns_relative = u'ns1' +zone6_absolute_arec_dn = DN(('idnsname',zone6_ns_relative), zone6_absolute_dn) +zone6_ns = u'%s.%s' % (zone6_ns_relative, zone6_absolute) +zone6_ns_relative_dnsname = DNSName(zone6_ns_relative) +zone6_ns_dnsname = DNSName(zone6_ns) +zone6_ns_arec_dnsname = DNSName(zone6_ns_relative) +zone6_ns_invalid_dnsname = u'invalid name server! ..%s' % zone6_absolute +zone6_rname = u'root.%s' % zone6_absolute +zone6_rname_dnsname = DNSName(zone6_rname) +zone6_rname_default = u'hostmaster' +zone6_rname_default_dnsname = DNSName(zone6_rname_default) +zone6_rname_relative_dnsname = DNSName(u'root') +zone6_rname_absolute_dnsname = DNSName(u'root.%s' % zone6_absolute) +zone6_rname_invalid_dnsname = u'invalid ! @ ! .. root..%s' % zone6_absolute +zone6_unresolvable_ns_relative = u'unresolvable' +zone6_unresolvable_ns = u'%s.%s' % (zone6_unresolvable_ns_relative, zone6_absolute) +zone6_unresolvable_ns_dnsname = DNSName(zone6_unresolvable_ns) +zone6_unresolvable_ns_relative_dnsname = DNSName(zone6_unresolvable_ns_relative) + revzone1 = u'31.16.172.in-addr.arpa.' revzone1_dnsname = DNSName(revzone1) revzone1_ip = u'172.16.31.0' @@ -5130,3 +5172,700 @@ class test_forwardzone_delegation_warnings(Declarative): ), ] + + +# https://fedorahosted.org/freeipa/ticket/4746 +# http://www.freeipa.org/page/V4/DNS:_Automatic_Zone_NS/SOA_Record_Maintenance +class test_dns_soa(Declarative): + +@classmethod +def setup_class(cls): +super(test_dns_soa, cls).setup_class() + +if not api.Backend.rpcclient.isconnected(): +api.Backend.rpcclient.connect(fallback=False) + +if not have_ldap2: +raise nose.SkipTest('server plugin not available') + +if get_nameservers_error is not None: +raise nose.SkipTest('unable to get list of nameservers (%s)' % get_nameservers_error) +try: + api.Command['dnszone_add'](zone1, + idnssoarname = zone1_rname, + ) + api.Command['dnszone_del'](zone1) +except errors.NotFound: +raise nose.SkipTest('DNS is not configured') +except errors.DuplicateEntry: +pass + +cleanup_commands = [ +('dnszone_del', [zone6], {'continue': True}), +('dnszone_del', [zone6b], {'continue': True}), +] + +tests = [ + +dict( +desc='Try to retrieve non-existent zone %r' % zone6, +command=('dnszone_show', [zone6], {}), +expected=errors.NotFound( +reason=u'%s: DNS zone not found' % zone6_absolute), +), + +dict( +desc='Create zone %r' % zone6b, +command=( +'dnszone_add', [zone6b], { +'idnssoarname': zone6b_rname, +} +), +expected={ +'value': zone6b_absolute_dnsname, +'summary': None, +'result': { +'dn': zone6b_absolute_dn, +'idnsname': [zone6b_absolute_dnsname], +'idnszon