subject:"\[Freeipa\-devel\] \[PATCHES 100\-106\] Initial implementation of AD integration tests"

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-10-25 Thread Petr Viktorin


On 10/24/2013 04:38 PM, Tomas Babej wrote:

On 10/24/2013 01:29 PM, Petr Viktorin wrote:

[...]


Patch 106:

In ADTrustBase, it looks like if test_install_adtrust or
test_configure_dns_and_time fail, it doesn't make much sense to run
the other tests.
If that's the case they can go in an install() classmethod. Same with
test_establish_trust* in the subclasses.


I made them part of the install() classmethod.

As for the test_estabilish_trust, I would have to still override that in
each class that uses it, since all of them use it in a slightly
different way.


I'd prefer an establish_trust classmethod called from install(), but 
it's not really important in this case.



Also, there's a typo in test_estabilish_trusts several times.
 -^



Typo fixed. Also attaching a patch that fixes the same type in the other
parts of the codebase.



ACK, ACK, pushed to
master: df5f5c9fab5dd66c50bf202e1ebd19f558e3e0c6
ipa-3-3: 5dbd11722e365f50b7496b4ab2559122cd927d53

Thanks for your patience!

--
Petr³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-10-24 Thread Petr Viktorin


On 10/22/2013 02:24 PM, Tomas Babej wrote:

On 10/22/2013 02:15 PM, Tomas Babej wrote:

On 10/22/2013 12:27 PM, Tomas Babej wrote:

On 10/22/2013 10:37 AM, Petr Viktorin wrote:

Replying to one part only:

On 10/21/2013 04:50 PM, Tomas Babej wrote:

On 10/16/2013 03:44 PM, Petr Viktorin wrote:


I still think it would be simpler if IPA and AD domains shared the
numbering namespace (users would need to define $AD_env2; if they had
$MASTER_env1 and $AD_env1 they would be in the same Domain).

But if we use _env1 for both the AD and the IPA domain, they need to
be separated in Domain.from_env. With patch 0101 both MASTER_env1 and
AD_env1 will be in both domains[0] and ad_domains[0].


I would rather not join IPA and AD domains as they even cannot be
in the
same domain, as the service records would clash. So these will
always be separate / sub / super domain relationship.


You're right that they should never share the same domain. But you
should never say never, especially in testing -- what if we'll want
to, in the future, test that the records *do* clash, or that IPA
refuses to install in an AD domain?



You could still set AD_env1 and MASTER_env1 to have the same domain.


Another problem is that they are now separate namespaces. In all
code that deals with domains you have to deal separately with the
list of AD domains and separately with IPA domains. This makes every
piece of code that doesn't care much about what type of domain it's
dealing with (configuration, listing, possible automation scripts
for turning on the VMs, etc.) more complicated.
Also, in this scheme, adding a new type of domain would be quite
hard, especially after more code is written with this split in mind.

Do keep the domain type, though. tl;dr I'd really prefer domain 1
(IPA); domain 2 (AD) rather than IPA domain 1; AD domain 1.


This will, however, require filtering the domains depending on the
fact whether they contain AD or not. If a testcase wants to access an
AD domain, it will still need to loop over the list of domains to see
which ones are of AD type.

Any code that does not care what domain type it's dealing with, can
easily access all the domains by chaining the respective iterables.
We could have a wrapper in the Config class for that, along the lines
of get_all_domains().

So what I see here is that we're trading one complexity over another.

I think we can agree on your approach since it hides the complexity
from the user, especially in the ipa-test-config, which I admit is
getting rather ugly, as we need to introduce new option there and
that causes splitting.



If needed we can have a special check that would reject IPA masters
in AD domains and vice versa, if that really turns out to be necessary.



With this check we should be fine.


As we already pass ad_domain flag to Domain.from_env, I did
incorporate
code that joins the machines to the domain depending on the their
role.
Is that a viable solution for you?


Sorry. I think this design is less sustainable than having a shared
namespace for the domains.



I'll send revised patchset soon.



Updated patchset attached.


Patch 105:
Typo: 'Sets DNS ib given host for trust with the given AD
^^
Should be in, right? I'll fix it before pushing.

Otherwise, these are good to go!


Patch 106:

In ADTrustBase, it looks like if test_install_adtrust or 
test_configure_dns_and_time fail, it doesn't make much sense to run the 
other tests.
If that's the case they can go in an install() classmethod. Same with 
test_establish_trust* in the subclasses.


Also, there's a typo in test_estabilish_trusts several times.
 -^

--
Petr³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-10-24 Thread Tomas Babej


On 10/24/2013 01:29 PM, Petr Viktorin wrote:

On 10/22/2013 02:24 PM, Tomas Babej wrote:

On 10/22/2013 02:15 PM, Tomas Babej wrote:

On 10/22/2013 12:27 PM, Tomas Babej wrote:

On 10/22/2013 10:37 AM, Petr Viktorin wrote:

Replying to one part only:

On 10/21/2013 04:50 PM, Tomas Babej wrote:

On 10/16/2013 03:44 PM, Petr Viktorin wrote:


I still think it would be simpler if IPA and AD domains shared the
numbering namespace (users would need to define $AD_env2; if 
they had

$MASTER_env1 and $AD_env1 they would be in the same Domain).

But if we use _env1 for both the AD and the IPA domain, they 
need to
be separated in Domain.from_env. With patch 0101 both 
MASTER_env1 and

AD_env1 will be in both domains[0] and ad_domains[0].


I would rather not join IPA and AD domains as they even cannot be
in the
same domain, as the service records would clash. So these will
always be separate / sub / super domain relationship.


You're right that they should never share the same domain. But you
should never say never, especially in testing -- what if we'll want
to, in the future, test that the records *do* clash, or that IPA
refuses to install in an AD domain?



You could still set AD_env1 and MASTER_env1 to have the same domain.


Another problem is that they are now separate namespaces. In all
code that deals with domains you have to deal separately with the
list of AD domains and separately with IPA domains. This makes every
piece of code that doesn't care much about what type of domain it's
dealing with (configuration, listing, possible automation scripts
for turning on the VMs, etc.) more complicated.
Also, in this scheme, adding a new type of domain would be quite
hard, especially after more code is written with this split in mind.

Do keep the domain type, though. tl;dr I'd really prefer domain 1
(IPA); domain 2 (AD) rather than IPA domain 1; AD domain 1.


This will, however, require filtering the domains depending on the
fact whether they contain AD or not. If a testcase wants to access an
AD domain, it will still need to loop over the list of domains to see
which ones are of AD type.

Any code that does not care what domain type it's dealing with, can
easily access all the domains by chaining the respective iterables.
We could have a wrapper in the Config class for that, along the lines
of get_all_domains().

So what I see here is that we're trading one complexity over another.

I think we can agree on your approach since it hides the complexity
from the user, especially in the ipa-test-config, which I admit is
getting rather ugly, as we need to introduce new option there and
that causes splitting.



If needed we can have a special check that would reject IPA masters
in AD domains and vice versa, if that really turns out to be 
necessary.




With this check we should be fine.


As we already pass ad_domain flag to Domain.from_env, I did
incorporate
code that joins the machines to the domain depending on the their
role.
Is that a viable solution for you?


Sorry. I think this design is less sustainable than having a shared
namespace for the domains.



I'll send revised patchset soon.



Updated patchset attached.


Patch 105:
Typo: 'Sets DNS ib given host for trust with the given AD
^^
Should be in, right? I'll fix it before pushing. c

Otherwise, these are good to go!


Patch 106:

In ADTrustBase, it looks like if test_install_adtrust or 
test_configure_dns_and_time fail, it doesn't make much sense to run 
the other tests.
If that's the case they can go in an install() classmethod. Same with 
test_establish_trust* in the subclasses.



I made them part of the install() classmethod.

As for the test_estabilish_trust, I would have to still override that in 
each class that uses it, since all of them use it in a slightly 
different way.




Also, there's a typo in test_estabilish_trusts several times.
 -^



Typo fixed. Also attaching a patch that fixes the same type in the other 
parts of the codebase.


--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org

From e7f777b229534a65eb7f6bc39e77c2a5b5c51983 Mon Sep 17 00:00:00 2001
From: Tomas Babej tomasba...@gmail.com
Date: Thu, 24 Oct 2013 14:24:33 +0200
Subject: [PATCH] trusts: Fix typo in error message for realm-domain mismatch

---
 ipalib/plugins/trust.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index 0d651f8861446cf8d31eb1ea303237bcd2b73201..32a93834394273c9f896ff5fd17bfcc753fe7b8e 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -424,14 +424,14 @@ sides.
 )
 
 # If domain name and realm does not match, IPA server is not be able
-# to estabilish trust with Active Directory.
+# to establish trust with Active Directory.
 
 realm_not_matching_domain = (api.env.domain.upper() !=

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-10-22 Thread Petr Viktorin


Replying to one part only:

On 10/21/2013 04:50 PM, Tomas Babej wrote:

On 10/16/2013 03:44 PM, Petr Viktorin wrote:


I still think it would be simpler if IPA and AD domains shared the
numbering namespace (users would need to define $AD_env2; if they had
$MASTER_env1 and $AD_env1 they would be in the same Domain).

But if we use _env1 for both the AD and the IPA domain, they need to
be separated in Domain.from_env. With patch 0101 both MASTER_env1 and
AD_env1 will be in both domains[0] and ad_domains[0].


I would rather not join IPA and AD domains as they even cannot be in the
same domain, as the service records would clash. So these will
always be separate / sub / super domain relationship.


You're right that they should never share the same domain. But you 
should never say never, especially in testing -- what if we'll want to, 
in the future, test that the records *do* clash, or that IPA refuses to 
install in an AD domain?


Another problem is that they are now separate namespaces. In all code 
that deals with domains you have to deal separately with the list of AD 
domains and separately with IPA domains. This makes every piece of code 
that doesn't care much about what type of domain it's dealing with 
(configuration, listing, possible automation scripts for turning on the 
VMs, etc.) more complicated.
Also, in this scheme, adding a new type of domain would be quite hard, 
especially after more code is written with this split in mind.


Do keep the domain type, though. tl;dr I'd really prefer domain 1 
(IPA); domain 2 (AD) rather than IPA domain 1; AD domain 1.


If needed we can have a special check that would reject IPA masters in 
AD domains and vice versa, if that really turns out to be necessary.



As we already pass ad_domain flag to Domain.from_env, I did incorporate
code that joins the machines to the domain depending on the their role.
Is that a viable solution for you?


Sorry. I think this design is less sustainable than having a shared 
namespace for the domains.



--
Petr³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-10-22 Thread Tomas Babej


On 10/22/2013 10:37 AM, Petr Viktorin wrote:

Replying to one part only:

On 10/21/2013 04:50 PM, Tomas Babej wrote:

On 10/16/2013 03:44 PM, Petr Viktorin wrote:


I still think it would be simpler if IPA and AD domains shared the
numbering namespace (users would need to define $AD_env2; if they had
$MASTER_env1 and $AD_env1 they would be in the same Domain).

But if we use _env1 for both the AD and the IPA domain, they need to
be separated in Domain.from_env. With patch 0101 both MASTER_env1 and
AD_env1 will be in both domains[0] and ad_domains[0].


I would rather not join IPA and AD domains as they even cannot be in the
same domain, as the service records would clash. So these will
always be separate / sub / super domain relationship.


You're right that they should never share the same domain. But you 
should never say never, especially in testing -- what if we'll want 
to, in the future, test that the records *do* clash, or that IPA 
refuses to install in an AD domain?




You could still set AD_env1 and MASTER_env1 to have the same domain.

Another problem is that they are now separate namespaces. In all code 
that deals with domains you have to deal separately with the list of 
AD domains and separately with IPA domains. This makes every piece of 
code that doesn't care much about what type of domain it's dealing 
with (configuration, listing, possible automation scripts for turning 
on the VMs, etc.) more complicated.
Also, in this scheme, adding a new type of domain would be quite hard, 
especially after more code is written with this split in mind.


Do keep the domain type, though. tl;dr I'd really prefer domain 1 
(IPA); domain 2 (AD) rather than IPA domain 1; AD domain 1.


This will, however, require filtering the domains depending on the fact 
whether they contain AD or not. If a testcase wants to access an AD 
domain, it will still need to loop over the list of domains to see which 
ones are of AD type.


Any code that does not care what domain type it's dealing with, can 
easily access all the domains by chaining the respective iterables. We 
could have a wrapper in the Config class for that, along the lines of 
get_all_domains().


So what I see here is that we're trading one complexity over another.

I think we can agree on your approach since it hides the complexity from 
the user, especially in the ipa-test-config, which I admit is getting 
rather ugly, as we need to introduce new option there and that causes 
splitting.




If needed we can have a special check that would reject IPA masters in 
AD domains and vice versa, if that really turns out to be necessary.




With this check we should be fine.


As we already pass ad_domain flag to Domain.from_env, I did incorporate
code that joins the machines to the domain depending on the their role.
Is that a viable solution for you?


Sorry. I think this design is less sustainable than having a shared 
namespace for the domains.




I'll send revised patchset soon.


--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-10-22 Thread Tomas Babej


On 10/22/2013 12:27 PM, Tomas Babej wrote:

On 10/22/2013 10:37 AM, Petr Viktorin wrote:

Replying to one part only:

On 10/21/2013 04:50 PM, Tomas Babej wrote:

On 10/16/2013 03:44 PM, Petr Viktorin wrote:


I still think it would be simpler if IPA and AD domains shared the
numbering namespace (users would need to define $AD_env2; if they had
$MASTER_env1 and $AD_env1 they would be in the same Domain).

But if we use _env1 for both the AD and the IPA domain, they need to
be separated in Domain.from_env. With patch 0101 both MASTER_env1 and
AD_env1 will be in both domains[0] and ad_domains[0].


I would rather not join IPA and AD domains as they even cannot be in 
the

same domain, as the service records would clash. So these will
always be separate / sub / super domain relationship.


You're right that they should never share the same domain. But you 
should never say never, especially in testing -- what if we'll want 
to, in the future, test that the records *do* clash, or that IPA 
refuses to install in an AD domain?




You could still set AD_env1 and MASTER_env1 to have the same domain.

Another problem is that they are now separate namespaces. In all code 
that deals with domains you have to deal separately with the list of 
AD domains and separately with IPA domains. This makes every piece of 
code that doesn't care much about what type of domain it's dealing 
with (configuration, listing, possible automation scripts for turning 
on the VMs, etc.) more complicated.
Also, in this scheme, adding a new type of domain would be quite 
hard, especially after more code is written with this split in mind.


Do keep the domain type, though. tl;dr I'd really prefer domain 1 
(IPA); domain 2 (AD) rather than IPA domain 1; AD domain 1.


This will, however, require filtering the domains depending on the 
fact whether they contain AD or not. If a testcase wants to access an 
AD domain, it will still need to loop over the list of domains to see 
which ones are of AD type.


Any code that does not care what domain type it's dealing with, can 
easily access all the domains by chaining the respective iterables. We 
could have a wrapper in the Config class for that, along the lines of 
get_all_domains().


So what I see here is that we're trading one complexity over another.

I think we can agree on your approach since it hides the complexity 
from the user, especially in the ipa-test-config, which I admit is 
getting rather ugly, as we need to introduce new option there and that 
causes splitting.




If needed we can have a special check that would reject IPA masters 
in AD domains and vice versa, if that really turns out to be necessary.




With this check we should be fine.


As we already pass ad_domain flag to Domain.from_env, I did incorporate
code that joins the machines to the domain depending on the their role.
Is that a viable solution for you?


Sorry. I think this design is less sustainable than having a shared 
namespace for the domains.




I'll send revised patchset soon.



Updated patchset attached.


--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org

From a23c379a865d5005539b7eb0ada76e36768b0f53 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Mon, 14 Oct 2013 16:37:55 +0200
Subject: [PATCH 106/107] ipatests: Add AD integration test case

Part of: https://fedorahosted.org/freeipa/ticket/3834
---
 ipatests/test_integration/test_trust.py | 182 
 1 file changed, 182 insertions(+)
 create mode 100644 ipatests/test_integration/test_trust.py

diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py
new file mode 100644
index ..343c9785b0bd74b891638443e9699268e1366254
--- /dev/null
+++ b/ipatests/test_integration/test_trust.py
@@ -0,0 +1,182 @@
+# Authors:
+#   Tomas Babej tba...@redhat.com
+#
+# Copyright (C) 2013  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see http://www.gnu.org/licenses/.
+
+import re
+
+from ipatests.test_integration.base import IntegrationTest
+from ipatests.test_integration import tasks
+from ipatests.test_integration import util
+
+
+class ADTrustBase(IntegrationTest):
+Provides common checks for the AD trust integration testing.
+
+topology = 'line'
+

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-10-22 Thread Tomas Babej


On 10/22/2013 02:15 PM, Tomas Babej wrote:

On 10/22/2013 12:27 PM, Tomas Babej wrote:

On 10/22/2013 10:37 AM, Petr Viktorin wrote:

Replying to one part only:

On 10/21/2013 04:50 PM, Tomas Babej wrote:

On 10/16/2013 03:44 PM, Petr Viktorin wrote:


I still think it would be simpler if IPA and AD domains shared the
numbering namespace (users would need to define $AD_env2; if they had
$MASTER_env1 and $AD_env1 they would be in the same Domain).

But if we use _env1 for both the AD and the IPA domain, they need to
be separated in Domain.from_env. With patch 0101 both MASTER_env1 and
AD_env1 will be in both domains[0] and ad_domains[0].


I would rather not join IPA and AD domains as they even cannot be 
in the

same domain, as the service records would clash. So these will
always be separate / sub / super domain relationship.


You're right that they should never share the same domain. But you 
should never say never, especially in testing -- what if we'll want 
to, in the future, test that the records *do* clash, or that IPA 
refuses to install in an AD domain?




You could still set AD_env1 and MASTER_env1 to have the same domain.

Another problem is that they are now separate namespaces. In all 
code that deals with domains you have to deal separately with the 
list of AD domains and separately with IPA domains. This makes every 
piece of code that doesn't care much about what type of domain it's 
dealing with (configuration, listing, possible automation scripts 
for turning on the VMs, etc.) more complicated.
Also, in this scheme, adding a new type of domain would be quite 
hard, especially after more code is written with this split in mind.


Do keep the domain type, though. tl;dr I'd really prefer domain 1 
(IPA); domain 2 (AD) rather than IPA domain 1; AD domain 1.


This will, however, require filtering the domains depending on the 
fact whether they contain AD or not. If a testcase wants to access an 
AD domain, it will still need to loop over the list of domains to see 
which ones are of AD type.


Any code that does not care what domain type it's dealing with, can 
easily access all the domains by chaining the respective iterables. 
We could have a wrapper in the Config class for that, along the lines 
of get_all_domains().


So what I see here is that we're trading one complexity over another.

I think we can agree on your approach since it hides the complexity 
from the user, especially in the ipa-test-config, which I admit is 
getting rather ugly, as we need to introduce new option there and 
that causes splitting.




If needed we can have a special check that would reject IPA masters 
in AD domains and vice versa, if that really turns out to be necessary.




With this check we should be fine.

As we already pass ad_domain flag to Domain.from_env, I did 
incorporate
code that joins the machines to the domain depending on the their 
role.

Is that a viable solution for you?


Sorry. I think this design is less sustainable than having a shared 
namespace for the domains.




I'll send revised patchset soon.



Updated patchset attached.




___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Attaching the patch 100 I missed.

--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org

From 6f2dc306542540f0db1c27f4efc301574bfdcf60 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 4 Sep 2013 14:12:28 +0200
Subject: [PATCH 100/107] ipatests: Add Active Directory support to
 configuration

Part of: https://fedorahosted.org/freeipa/ticket/3834
---
 ipatests/man/ipa-test-config.1  | 20 +++-
 ipatests/test_integration/config.py | 30 --
 2 files changed, 47 insertions(+), 3 deletions(-)

diff --git a/ipatests/man/ipa-test-config.1 b/ipatests/man/ipa-test-config.1
index 4b998adb4f65265f4b0cfc49cac2979740562db5..a2fa96b57129b5adad3c15cfe7e97b8a6c9724d0 100644
--- a/ipatests/man/ipa-test-config.1
+++ b/ipatests/man/ipa-test-config.1
@@ -69,6 +69,11 @@ These are normally included for backwards compatibility.
 .SH ENVIRONMENT VARIABLES
 
 .TP
+Domain configuration:
+Domain is implicitly defined by _envX suffix of the environment variables,
+if either AD_envX or MASTER_envX is defined.
+
+.TP
 Host configuration:
 
 .TP
@@ -81,9 +86,14 @@ Host configuration:
 \fB$CLIENT\fR
 FQDNs of IPA clients (space-separated)
 .TP
-\fB$MASTER_env2\fR, \fB$REPLICA_env2\fR, \fB$CLIENT_env2\fR, \fB$MASTER_env3\fR, ...
+\fB$MASTER_env2\fR, \fB$REPLICA_env2\fR, \fB$CLIENT_env2\fR, \fB$MASTER_env3\fR, \fB$AD_env4\fR,...
 can be used for additional domains when needed
 .TP
+\fB$AD_env1\fR, \fB$AD_env2\fR, \fB$AD_env3\fR, \fB$AD_env4\fR, ...
+can be used to define Active Directory domains. Please note that these
+domains are not separate from the IPA domains, so please

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-10-16 Thread Petr Viktorin


On 10/14/2013 05:47 PM, Tomas Babej wrote:

Hi,

Sending the updated version of the patchset. It includes many fixes,
plus incorporations of the comments by the QE. Tests are now broken down
into multiple test cases.

This requires my patch 119.

Tomas


Patches 0100  0101:

I still think it would be simpler if IPA and AD domains shared the 
numbering namespace (users would need to define $AD_env2; if they had 
$MASTER_env1 and $AD_env1 they would be in the same Domain).


But if we use _env1 for both the AD and the IPA domain, they need to be 
separated in Domain.from_env. With patch 0101 both MASTER_env1 and 
AD_env1 will be in both domains[0] and ad_domains[0].
Also ipa-test-config should have an --ad-domain option to get info about 
the AD domain.



Patch 0102: Looks good


Patch 0103:
Looks like run_repeatedly should always be called with an assert in 
front. We may want it to raise an exception directly if it times out, so 
forgetting the assert won't hide errors.



Patch 0104: Looks good


Patch 0105:
In /ipatests/man/ipa-test-task.1:
- Typo in  - s/generatee/generate/
- Subcommand names have unescaped hyphens (e.g. configure\-dns-for-trust 
should be configure\-dns\-for\-trust)

- The last subcommand should be sync-time

Wrappers for the tasks need to be added to ipatests/ipa-test-task.

Nitpicks:
- In configure_dns_for_trust:is_subdomain, lockstep iteration over two 
lists at once is better done with zip() than `for i in range(len(...))`.
- In estabilish_trust_with_ad, don't use mutable values for argument 
defaults; do `extra_args=()` and `+ list(extra_args)`
- I can't say I'm a fan of configure_auth_to_local_rule, but I guess 
it's OK for tests.



Patch 0106: Looks OK; unfortunately I don't have an AD machine to test 
functionality




--
Petr³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-10-14 Thread Tomas Babej


Hi,

Sending the updated version of the patchset. It includes many fixes, 
plus incorporations of the comments by the QE. Tests are now broken down 
into multiple test cases.


This requires my patch 119.

Tomas
From 0a8645eaa1d8826a9544df288b12bde71a83dcb4 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Mon, 14 Oct 2013 16:37:55 +0200
Subject: [PATCH 106/106] ipatests: Add AD integration test case

---
 ipatests/test_integration/test_trust.py | 182 
 1 file changed, 182 insertions(+)
 create mode 100644 ipatests/test_integration/test_trust.py

diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py
new file mode 100644
index ..202db2a2f6fb83a1e3cdf05b9c5c9c2617862736
--- /dev/null
+++ b/ipatests/test_integration/test_trust.py
@@ -0,0 +1,182 @@
+# Authors:
+#   Tomas Babej tba...@redhat.com
+#
+# Copyright (C) 2013  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see http://www.gnu.org/licenses/.
+
+import re
+
+from ipatests.test_integration.base import IntegrationTest
+from ipatests.test_integration import tasks
+from ipatests.test_integration import util
+
+
+class ADTrustBase(IntegrationTest):
+Provides common checks for the AD trust integration testing.
+
+topology = 'line'
+num_ad_domains = 1
+
+@classmethod
+def setup_class(cls):
+super(ADTrustBase, cls).setup_class()
+cls.ad = cls.ad_domains[0].ads[0]
+
+def test_install_adtrust(self):
+Test adtrust support installation
+
+tasks.install_adtrust(self.master)
+
+def test_check_sid_generation(self):
+Test SID generation
+
+command = ['ipa', 'user-show', 'admin', '--all', '--raw']
+
+# TODO: remove duplicate definition and import from common module
+_sid_identifier_authority = '(0x[0-9a-f]{1,12}|[0-9]{1,10})'
+sid_regex = 'S-1-5-21-%(idauth)s-%(idauth)s-%(idauth)s'\
+% dict(idauth=_sid_identifier_authority)
+stdout_re = re.escape('  ipaNTSecurityIdentifier: ') + sid_regex
+
+assert util.run_repeatedly(self.master, command,
+   test=lambda x: re.search(stdout_re, x))
+
+def test_configure_dns_and_time(self):
+tasks.configure_dns_for_trust(self.master, self.ad)
+tasks.sync_time(self.master, self.ad)
+
+
+class TestBasicADTrust(ADTrustBase):
+Basic Integration test for Active Directory
+
+def test_estabilish_trust(self):
+Tests estabilishing trust with Active Directory
+
+tasks.estabilish_trust_with_ad(self.master, self.ad,
+extra_args=['--range-type', 'ipa-ad-trust'])
+
+def test_range_properties_in_nonposix_trust(self):
+Check the properties of the created range
+
+range_name = self.ad.domain.name.upper() + '_id_range'
+result = self.master.run_command(['ipa', 'idrange-show', range_name,
+  '--all', '--raw'])
+assert   ipaRangeType: ipa-ad-trust in result.stdout_text
+assert   ipaIDRangeSize: 20 in result.stdout_text
+
+def test_user_gid_uid_resolution_in_nonposix_trust(self):
+Check that user has SID-generated UID
+
+testuser = 'testuser@%s' % self.ad.domain.realm
+result = self.master.run_command(['getent', 'passwd', testuser])
+
+# This regex checks that Test User does not have UID 10042 nor belongs
+# to the group with GID 10047
+testuser_regex = ^testuser@%s:\*:(?!10042)(\d+):(?!10047)(\d+):\
+ Test User:/home/testuser:/bin/sh$\
+ % re.escape(self.ad.domain.name)
+
+assert re.search(testuser_regex, result.stdout_text)
+
+def test_remove_nonposix_trust(self):
+tasks.remove_trust_with_ad(self.master, self.ad)
+tasks.clear_sssd_cache(self.master)
+
+
+class TestPosixADTrust(ADTrustBase):
+Integration test for Active Directory with POSIX support
+
+def test_estabilish_trust_with_posix_attributes(self):
+# Not specifying the --range-type directly, it should be detected
+tasks.estabilish_trust_with_ad(self.master, self.ad)
+
+def test_range_properties_in_posix_trust(self):
+# Check the properties of the created range
+
+range_name =

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-09-19 Thread Petr Viktorin


On 09/17/2013 04:35 PM, Tomas Babej wrote:

On 09/17/2013 10:43 AM, Petr Viktorin wrote:

On 09/16/2013 03:45 PM, Tomas Babej wrote:

Hi,

this set of patches extends ipatests module to support integration
testing with Active Directory,
as well as provides an basic (working without artificial sleeps!) trust
test case.


Thanks, this is great news!
I haven't testes the test yet. Here are my comments from reading them.


Patch 100:
Please document the new configuration options. There are two places:
- ipa-test-config man page
-
http://www.freeipa.org/page/V3/Integration_testing#Test_configuration
(or if you end up writing a separate design page for AD tests, link to
it)



I added the options to the the man page.


Looks good.


Patch 101:
The `if role == 'ad':` block should rather be in the `Host.from_env`
factory.



Moved.


Looks good.
With my patches for #3890, this should use BaseHost.from_env.


Patch 102:
Thanks for cleaning that up!
You could go one step further with
cls.replicas = get_resources(domain.replicas, 'replicas',
cls.num_replicas)
and `return container[:num_needed]` there


You're welcome, refactoring part expanded.


Looks good.


Patch 103:
This patch should come before 101 which uses it.



We can push this in the correct order if this is an issue, right?
Patches are independent (meaning they do not touch the same source code,
so they should apply cleanly).


Sure.


Ideally there would be a BaseHost with common functionality, and
concrete Host and WinHost subclassing it.


Yes, I agree, that's what we discussed.


I'll be making changes here for #3890; please concentrate on other
parts for now to avoid conflicts. I'll take Windows hosts into
consideration.


My patches are on the list. Conflicts should be minimal; withthem 
WinHost should end up empty.



Raise instances rather than the exception classes: raise
NotImplementedError()

Fixed.



Patch 104:

[...]

I'd prefer to keep the function in test_trust.py until we see there's
a wider scope for it.
And rename it to run_repeatedly or some other name that describes it
better.



I renamed the function.


Thanks


Why do you think there's not scope for it? I'd rather keep it in tasks,
since it addresses
a general use case of waiting in a loop until a command returns expected
output.

This can happen with any command that starts asynchronous actions and we
want to make
sure that the changes are propagated before continuing (such as DNS
updates via our CLI).

I wouldn't consider this being specific for AD trust testing.


I'd like to keep tasks to high-level operations, the kind that 
ipa-test-task would do.

(Putting wait_for_replication there was, in hindsight, a mistake.)

We can add an util module later. It's easy to move things to a shared 
module when needed, but if we do it too early and often the module will 
be hard to maintain. Predicting the future in this respect hasn't worked 
very well for me :)



Patch 105:
Please add these tasks to ipa-test-task (and its man page) as well.
The instructions in the docstring in configure_dns_for_trust should go
to a test design document. I think just starting a section in
Integration_testing would be fine if you mark it as not implemented
yet (and link to the ticket).


This still needs some work (unfortunately I haven't found a way to make 
it less tedious).



Use parentheses instead of \ for line continuation (see PEP8).


I don't really like wrapping arbitrary expressions in parentheses,
particularly when assigning the result to a variable:

result = (something or
   something_completely_else)

To me, the following looks better:

result = something or \
  something completely else

I checked with PEP8. I remember there was a section that backslash can
be used in cases it produces nicer results, but it's gone now.
Backslash is still recommended in some cases.

Still (but no strong opinions here), I would not consider this a
violation unless it happens between brackets (in which case it is
redundant).


Personal opinions aside, the PEP8 is pretty clear on this, sorry. It 
lists `with` and `assert` statements where you can't use parentheses 
around everything after the keyword, but that's not case here.



Patch 106:
The instructions in the TestADTrust docstring should go to a test
design document.

Please use the SID regex from a shared location. You'll need to assign
it to a variable and make the Fuzzy from that, so that variable can be
imported and used with the standard re module.



This is something that I tried to address with the Fuzzy refactoring.
This is a temporary solution, once we resolve that patchset, of course,
the test will use the shared location.
I added a comment there, I'd rather not create conflicts.


OK, let's worry about this later.

[...]

test_user_gid_uid_resolution_in_nonposix_trust:
- For a one-off regex, compile() is unnecessary:
assert re.search(testuser_regex, result.stdout_text)
- Whenever substituting a literal string into

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-09-17 Thread Petr Viktorin


On 09/16/2013 03:45 PM, Tomas Babej wrote:

Hi,

this set of patches extends ipatests module to support integration
testing with Active Directory,
as well as provides an basic (working without artificial sleeps!) trust
test case.


Thanks, this is great news!
I haven't testes the test yet. Here are my comments from reading them.


Patch 100:
Please document the new configuration options. There are two places:
- ipa-test-config man page
- http://www.freeipa.org/page/V3/Integration_testing#Test_configuration 
(or if you end up writing a separate design page for AD tests, link to it)



Patch 101:
The `if role == 'ad':` block should rather be in the `Host.from_env` 
factory.



Patch 102:
Thanks for cleaning that up!
You could go one step further with
cls.replicas = get_resources(domain.replicas, 'replicas', cls.num_replicas)
and `return container[:num_needed]` there


Patch 103:
This patch should come before 101 which uses it.

Ideally there would be a BaseHost with common functionality, and 
concrete Host and WinHost subclassing it.
I'll be making changes here for #3890; please concentrate on other parts 
for now to avoid conflicts. I'll take Windows hosts into consideration.


Raise instances rather than the exception classes: raise 
NotImplementedError()



Patch 104:
Instead of stdout_re, allow the user to pass in a checking function.
For example, `lambda result: re.search(sid_regex, result.stdout_text)`
This makes wait_assert complete, you won't need to add other cases to it 
when you need to check stderr or evaluate some condition a regex is too 
weak for.


Pass `raiseonerr` to run_command directly, not by setting it in kwargs. 
That way wait_assert will fail if it gets raiseonerr.
Also, run_command's arguments except `command` are supposed to be 
keyword-only. (This is only not enforced because that's awkward to do in 
Python 2.) Don't accept or pass along *args.


Use parentheses instead of \ for line continuation (see PEP8).

I'd prefer to keep the function in test_trust.py until we see there's a 
wider scope for it.

And rename it to run_repeatedly or some other name that describes it better.



Patch 105:
Please add these tasks to ipa-test-task (and its man page) as well.
The instructions in the docstring in configure_dns_for_trust should go 
to a test design document. I think just starting a section in 
Integration_testing would be fine if you mark it as not implemented yet 
(and link to the ticket).


Use parentheses instead of \ for line continuation (see PEP8).


Patch 106:
The instructions in the TestADTrust docstring should go to a test design 
document.


Please use the SID regex from a shared location. You'll need to assign 
it to a variable and make the Fuzzy from that, so that variable can be 
imported and used with the standard re module.


Avoid commented-out code in patches for review.
No need to import fuzzy.

test_user_gid_uid_resolution_in_nonposix_trust:
- For a one-off regex, compile() is unnecessary:
assert re.search(testuser_regex, result.stdout_text)
- Whenever substituting a literal string into a regex, please use 
re.escape().


Use parentheses instead of \ for line continuation (see PEP8).


--
Petr³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-09-17 Thread Tomas Babej


On 09/17/2013 10:43 AM, Petr Viktorin wrote:

On 09/16/2013 03:45 PM, Tomas Babej wrote:

Hi,

this set of patches extends ipatests module to support integration
testing with Active Directory,
as well as provides an basic (working without artificial sleeps!) trust
test case.


Thanks, this is great news!
I haven't testes the test yet. Here are my comments from reading them.


Patch 100:
Please document the new configuration options. There are two places:
- ipa-test-config man page
- 
http://www.freeipa.org/page/V3/Integration_testing#Test_configuration 
(or if you end up writing a separate design page for AD tests, link to 
it)




I added the options to the the man page.



Patch 101:
The `if role == 'ad':` block should rather be in the `Host.from_env` 
factory.




Moved.



Patch 102:
Thanks for cleaning that up!
You could go one step further with
cls.replicas = get_resources(domain.replicas, 'replicas', 
cls.num_replicas)

and `return container[:num_needed]` there


You're welcome, refactoring part expanded.




Patch 103:
This patch should come before 101 which uses it.



We can push this in the correct order if this is an issue, right? 
Patches are independent (meaning they do not touch the same source code, 
so they should apply cleanly).


Ideally there would be a BaseHost with common functionality, and 
concrete Host and WinHost subclassing it.


Yes, I agree, that's what we discussed.

I'll be making changes here for #3890; please concentrate on other 
parts for now to avoid conflicts. I'll take Windows hosts into 
consideration.


Raise instances rather than the exception classes: raise 
NotImplementedError()

Fixed.




Patch 104:
Instead of stdout_re, allow the user to pass in a checking function.
For example, `lambda result: re.search(sid_regex, result.stdout_text)`
This makes wait_assert complete, you won't need to add other cases to 
it when you need to check stderr or evaluate some condition a regex is 
too weak for.

+1, improved.



Pass `raiseonerr` to run_command directly, not by setting it in 
kwargs. That way wait_assert will fail if it gets raiseonerr.
Also, run_command's arguments except `command` are supposed to be 
keyword-only. (This is only not enforced because that's awkward to do 
in Python 2.) Don't accept or pass along *args.



Agreed, fixed.


Use parentheses instead of \ for line continuation (see PEP8).

I'd prefer to keep the function in test_trust.py until we see there's 
a wider scope for it.
And rename it to run_repeatedly or some other name that describes it 
better.




I renamed the function.

Why do you think there's not scope for it? I'd rather keep it in tasks, 
since it addresses
a general use case of waiting in a loop until a command returns expected 
output.


This can happen with any command that starts asynchronous actions and we 
want to make
sure that the changes are propagated before continuing (such as DNS 
updates via our CLI).


I wouldn't consider this being specific for AD trust testing.




Patch 105:
Please add these tasks to ipa-test-task (and its man page) as well.
The instructions in the docstring in configure_dns_for_trust should go 
to a test design document. I think just starting a section in 
Integration_testing would be fine if you mark it as not implemented 
yet (and link to the ticket).


Use parentheses instead of \ for line continuation (see PEP8).


I don't really like wrapping arbitrary expressions in parentheses, 
particularly when assigning the result to a variable:


result = (something or
  something_completely_else)

To me, the following looks better:

result = something or \
 something completely else

I checked with PEP8. I remember there was a section that backslash can 
be used in cases it produces nicer results, but it's gone now.

Backslash is still recommended in some cases.

Still (but no strong opinions here), I would not consider this a 
violation unless it happens between brackets (in which case it is 
redundant).




Patch 106:
The instructions in the TestADTrust docstring should go to a test 
design document.


Please use the SID regex from a shared location. You'll need to assign 
it to a variable and make the Fuzzy from that, so that variable can be 
imported and used with the standard re module.




This is something that I tried to address with the Fuzzy refactoring. 
This is a temporary solution, once we resolve that patchset, of course, 
the test will use the shared location.

I added a comment there, I'd rather not create conflicts.


Avoid commented-out code in patches for review.
No need to import fuzzy.


Fixed.



test_user_gid_uid_resolution_in_nonposix_trust:
- For a one-off regex, compile() is unnecessary:
assert re.search(testuser_regex, result.stdout_text)
- Whenever substituting a literal string into a regex, please use 
re.escape().



Fixed.


Use parentheses instead of \ for line continuation (see PEP8).




Design will follow soon.

--
Tomas Babej
Associate

[Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

2013-09-16 Thread Tomas Babej


Hi,

this set of patches extends ipatests module to support integration 
testing with Active Directory,
as well as provides an basic (working without artificial sleeps!) trust 
test case.


--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org

From 793dfd9dc33ef8387761e68058c9e8c9b07c3015 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 4 Sep 2013 14:12:28 +0200
Subject: [PATCH 100/106] ipatests: Add Active Directory support to
 configuration

---
 ipatests/test_integration/config.py | 21 +
 1 file changed, 21 insertions(+)

diff --git a/ipatests/test_integration/config.py b/ipatests/test_integration/config.py
index d43812c514bf1c9d23740e6f75cc3574235e86d3..ac0131e435d33b6730093cbc64a1b47910d3971e 100644
--- a/ipatests/test_integration/config.py
+++ b/ipatests/test_integration/config.py
@@ -1,5 +1,6 @@
 # Authors:
 #   Petr Viktorin pvikt...@redhat.com
+#   Tomas Babej tba...@redhat.com
 #
 # Copyright (C) 2013  Red Hat
 # see file 'COPYING' for use and warranty information
@@ -50,11 +51,14 @@ class Config(object):
 self.nis_domain = kwargs.get('nis_domain') or 'ipatest'
 self.ntp_server = kwargs.get('ntp_server') or (
 '%s.pool.ntp.org' % random.randint(0, 3))
+self.ad_admin_name = kwargs.get('ad_admin_name') or 'Administrator'
+self.ad_admin_password = kwargs.get('ad_admin_password') or 'Secret123'
 
 if not self.root_password and not self.root_ssh_key_filename:
 self.root_ssh_key_filename = '~/.ssh/id_rsa'
 
 self.domains = []
+self.ad_domains = []
 
 @classmethod
 def from_env(cls, env):
@@ -76,6 +80,8 @@ class Config(object):
 ADMINPW: Administrator password
 ROOTDN: Directory Manager DN
 ROOTDNPWD: Directory Manager password
+ADADMINID: Active Directory Administrator username
+ADADMINPW: Active Directory Administrator password
 DNSFORWARD: DNS forwarder
 NISDOMAIN
 NTPSERVER
@@ -83,6 +89,7 @@ class Config(object):
 MASTER_env1: FQDN of the master
 REPLICA_env1: space-separated FQDNs of the replicas
 CLIENT_env1: space-separated FQDNs of the clients
+AD_env1: space-separated FQDNs of the Active Directories
 OTHER_env1: space-separated FQDNs of other hosts
 (same for _env2, _env3, etc)
 BEAKERREPLICA1_IP_env1: IP address of replica 1 in env 1
@@ -104,13 +111,23 @@ class Config(object):
dns_forwarder=env.get('DNSFORWARD'),
nis_domain=env.get('NISDOMAIN'),
ntp_server=env.get('NTPSERVER'),
+   ad_admin_name=env.get('ADADMINID'),
+   ad_admin_password=env.get('ADADMINPW'),
)
 
+# Either IPA master or AD can define a domain
+
 domain_index = 1
 while env.get('MASTER_env%s' % domain_index):
 self.domains.append(Domain.from_env(env, self, domain_index))
 domain_index += 1
 
+domain_index = 1
+while env.get('AD_env%s' % domain_index):
+self.ad_domains.append(Domain.from_env(env, self, domain_index,
+   ad_domain=True))
+domain_index += 1
+
 return self
 
 def to_env(self, simple=True):
@@ -133,6 +150,9 @@ class Config(object):
 env['ROOTDN'] = str(self.dirman_dn)
 env['ROOTDNPWD'] = self.dirman_password
 
+env['ADADMINID'] = self.ad_admin_name
+env['ADADMINPW'] = self.ad_admin_password
+
 env['DNSFORWARD'] = self.dns_forwarder
 env['NISDOMAIN'] = self.nis_domain
 env['NTPSERVER'] = self.ntp_server
@@ -145,6 +165,7 @@ class Config(object):
 for role, hosts in [('MASTER', domain.masters),
 ('REPLICA', domain.replicas),
 ('CLIENT', domain.clients),
+('AD', domain.ads),
 ('OTHER', domain.other_hosts)]:
 hostnames = ' '.join(h.hostname for h in hosts)
 env['%s%s' % (role, domain._env)] = hostnames
-- 
1.8.3.1

From b9dcf30106d5d4913357cf0e70c5d6c4b2e7ba50 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 4 Sep 2013 14:24:41 +0200
Subject: [PATCH 101/106] ipatests: Extend domain object with 'ad' role support
 and WinHosts

---
 ipatests/test_integration/config.py | 39 +++--
 1 file changed, 20 insertions(+), 19 deletions(-)

diff --git a/ipatests/test_integration/config.py b/ipatests/test_integration/config.py
index ac0131e435d33b6730093cbc64a1b47910d3971e..284b511ac93061b44ca612bed006338fb001833c 100644
--- a/ipatests/test_integration/config.py
+++ b/ipatests/test_integration/config.py
@@ -27,7 +27,7 @@ import random
 from ipapython import ipautil
 from ipapython.dn

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

Re: [Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

[Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

13 matches

Site Navigation

Mail list logo

Footer information