subject:"\[Freeipa\-devel\] \[PATCH\] ca\-less tests updated \- POC"

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

2015-12-16 Thread David Kupka


On 06/11/15 14:04, Oleg Fayans wrote:

Hi Jan,

On 11/06/2015 09:01 AM, Jan Cholasta wrote:

Actually it might be better to keep them, but fix them to expect
ipa-server-certinstall to success.


Done. Updated patch attached.
Also in the patch 0013 I removed a trailing whitespace which caused lint
to complain

Now with domain level 0 the test output looks like this:

[11:40:51]ofayans@vm-076:~]$ ipa-run-tests test_integration/test_caless.py

test session starts
=

platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
plugins: multihost, sourceorder
collected 88 items

test_integration/test_caless.py
..xx..ss...xxssxx..ss...


= 76
passed, 6 skipped, 6 xfailed in 7871.10 seconds
=




On 6.11.2015 08:47, Jan Cholasta wrote:

Hi Oleg,

I think you can just remove
TestCertinstall.test_{http,ds}_intermediate_ca, the certificates are
imported correctly in this case and I didn't see anything break.

Honza

On 5.11.2015 20:20, Oleg Fayans wrote:

Patch 0014 updated and passes lint

On 11/05/2015 03:41 PM, Oleg Fayans wrote:

Wait a bit, the patch has problems with pylint: it does not build :)
The updated version (without the setupmaster nonsense) is being tested
now.

On 11/05/2015 08:45 AM, Oleg Fayans wrote:

Hi Jan,

Could you take a look at these, whenever you are free?

On 10/30/2015 02:57 PM, Oleg Fayans wrote:

Hi,

The following patches contain updates to ca-less integration tests.
It's still a proof of concept: 2 tests still fail seemingly due to
the
change in target system logic (marked as xfail with "ask jcholast
comment")

The test output looks like this:

$ ipa-run-tests test_integration/test_caless.py --pdb







test session starts
=







platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
plugins: multihost, sourceorder
collected 88 items

test_integration/test_caless.py
..xx..sssss.ss.xx..ssxx.









53

passed, 29 skipped, 6 xfailed in 5620.17 seconds
=


Numerous skips correspond to the tests related to
ipa-replica-prepare
(unsupported under domain level 1)





















This body part will be downloaded on demand.

Hello, thanks for updated patches. I'm really sorry it took so long 
before I got to them.
There was change in ipapython.ipautil.run that happened after you sent 
the patches. Feel free to squash attached patch that fixes it.


Unfortunately I see a lot of test failing with domain-level 0: 
http://fpaste.org/301657/50275682/


domain-level 1 (domain-level 1: http://fpaste.org/301658/02757191/) 
seems better. There are 2 failing test that you're probably mentioning 
in commit message plus one that I think is bug in code rather than bug 
in tests.

Do you have any proposal for fixing the two failing tests?

One nitpick: Please use mail for notes like "need further consulting 
..." rather that commit message. When the patch gets accepted it will 
still need modification before push just because inappropriate commit 
message.


Thank you!
--
David Kupka
From 2a6e8f02ecd00da2b86d2f3f9847a86caa35e74d Mon Sep 17 00:00:00 2001
From: David Kupka 
Date: Wed, 16 Dec 2015 09:12:56 +0100
Subject: [PATCH] Addapt CA less test to new ipapython.ipautil.run

---
 ipatests/test_integration/test_caless.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index 4b88ee9da1d5a476f13604f9a833e748a093..6cb55a708517062edb1bb950a72d6a66f717432e 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -300,10 +300,10 @@ class CALessBase(IntegrationTest):
 
 @classmethod
 def get_pem(cls, nickname):
-pem_cert, _stderr, _returncode = ipautil.run(
+result = ipautil.run(
 ['certutil', '-L', '-d', 'nssdb', '-n', nickname, '-a'],
-cwd=cls.cert_dir)
-return pem_cert
+cwd=cls.cert_dir, capture_output=True)
+return result.output
 
 def verify_installation(self):
 """Verify CA cert PEM file and LDAP entry created by install
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

2015-12-16 Thread Oleg Fayans

Hi David,

On 12/16/2015 03:35 PM, David Kupka wrote:
> On 06/11/15 14:04, Oleg Fayans wrote:
>> Hi Jan,
>>
>> On 11/06/2015 09:01 AM, Jan Cholasta wrote:
>>> Actually it might be better to keep them, but fix them to expect
>>> ipa-server-certinstall to success.
>>
>> Done. Updated patch attached.
>> Also in the patch 0013 I removed a trailing whitespace which caused lint
>> to complain
>>
>> Now with domain level 0 the test output looks like this:
>>
>> [11:40:51]ofayans@vm-076:~]$ ipa-run-tests
>> test_integration/test_caless.py
>> 
>>
>> test session starts
>> =
>>
>>
>> platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
>> plugins: multihost, sourceorder
>> collected 88 items
>>
>> test_integration/test_caless.py
>> ..xx..ss...xxssxx..ss...
>>
>>
>>
>> = 76
>> passed, 6 skipped, 6 xfailed in 7871.10 seconds
>> =
>>
>>
>>>
>>> On 6.11.2015 08:47, Jan Cholasta wrote:
 Hi Oleg,

 I think you can just remove
 TestCertinstall.test_{http,ds}_intermediate_ca, the certificates are
 imported correctly in this case and I didn't see anything break.

 Honza

 On 5.11.2015 20:20, Oleg Fayans wrote:
> Patch 0014 updated and passes lint
>
> On 11/05/2015 03:41 PM, Oleg Fayans wrote:
>> Wait a bit, the patch has problems with pylint: it does not build :)
>> The updated version (without the setupmaster nonsense) is being
>> tested
>> now.
>>
>> On 11/05/2015 08:45 AM, Oleg Fayans wrote:
>>> Hi Jan,
>>>
>>> Could you take a look at these, whenever you are free?
>>>
>>> On 10/30/2015 02:57 PM, Oleg Fayans wrote:
 Hi,

 The following patches contain updates to ca-less integration tests.
 It's still a proof of concept: 2 tests still fail seemingly due to
 the
 change in target system logic (marked as xfail with "ask jcholast
 comment")

 The test output looks like this:

 $ ipa-run-tests test_integration/test_caless.py --pdb
 







 test session starts
 =








 platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
 plugins: multihost, sourceorder
 collected 88 items

 test_integration/test_caless.py
 ..xx..sssss.ss.xx..ssxx.









 

 53

 passed, 29 skipped, 6 xfailed in 5620.17 seconds
 =



 Numerous skips correspond to the tests related to
 ipa-replica-prepare
 (unsupported under domain level 1)



>>>
>>
>
>
>


>>>
>>>
>>
>>
>>
>> This body part will be downloaded on demand.
>>
> Hello, thanks for updated patches. I'm really sorry it took so long
> before I got to them.
> There was change in ipapython.ipautil.run that happened after you sent
> the patches. Feel free to squash attached patch that fixes it.

Already noticed this and made the similar fix.

> 
> Unfortunately I see a lot of test failing with domain-level 0:
> http://fpaste.org/301657/50275682/
> 
> domain-level 1 (domain-level 1: http://fpaste.org/301658/02757191/)
> seems better. There are 2 failing test that you're probably mentioning
> in commit message plus one that I think is bug in code rather than bug
> in tests.
> Do you have any proposal for fixing the two failing tests?

I am working on it right now.

> 
> One nitpick: Please use mail for notes like "need further consulting
> ..." rather that commit message. When the patch gets accepted it will
> still need modification before push just because inappropriate commit
> message.

Good to know, thank you!

> 
> Thank you!

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

2015-12-07 Thread Oleg Fayans

Anyone to review it guys?

On 11/06/2015 02:04 PM, Oleg Fayans wrote:
> Hi Jan,
> 
> On 11/06/2015 09:01 AM, Jan Cholasta wrote:
>> Actually it might be better to keep them, but fix them to expect
>> ipa-server-certinstall to success.
> 
> Done. Updated patch attached.
> Also in the patch 0013 I removed a trailing whitespace which caused lint
> to complain
> 
> Now with domain level 0 the test output looks like this:
> 
> [11:40:51]ofayans@vm-076:~]$ ipa-run-tests test_integration/test_caless.py
> 
> test session starts
> =
> 
> platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
> plugins: multihost, sourceorder
> collected 88 items
> 
> test_integration/test_caless.py
> ..xx..ss...xxssxx..ss...
> 
> 
> = 76
> passed, 6 skipped, 6 xfailed in 7871.10 seconds
> =
> 
> 
>>
>> On 6.11.2015 08:47, Jan Cholasta wrote:
>>> Hi Oleg,
>>>
>>> I think you can just remove
>>> TestCertinstall.test_{http,ds}_intermediate_ca, the certificates are
>>> imported correctly in this case and I didn't see anything break.
>>>
>>> Honza
>>>
>>> On 5.11.2015 20:20, Oleg Fayans wrote:
 Patch 0014 updated and passes lint

 On 11/05/2015 03:41 PM, Oleg Fayans wrote:
> Wait a bit, the patch has problems with pylint: it does not build :)
> The updated version (without the setupmaster nonsense) is being tested
> now.
>
> On 11/05/2015 08:45 AM, Oleg Fayans wrote:
>> Hi Jan,
>>
>> Could you take a look at these, whenever you are free?
>>
>> On 10/30/2015 02:57 PM, Oleg Fayans wrote:
>>> Hi,
>>>
>>> The following patches contain updates to ca-less integration tests.
>>> It's still a proof of concept: 2 tests still fail seemingly due to
>>> the
>>> change in target system logic (marked as xfail with "ask jcholast
>>> comment")
>>>
>>> The test output looks like this:
>>>
>>> $ ipa-run-tests test_integration/test_caless.py --pdb
>>> 
>>>
>>>
>>>
>>>
>>>
>>>
>>> test session starts
>>> =
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
>>> plugins: multihost, sourceorder
>>> collected 88 items
>>>
>>> test_integration/test_caless.py
>>> ..xx..sssss.ss.xx..ssxx.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> 
>>> 53
>>>
>>> passed, 29 skipped, 6 xfailed in 5620.17 seconds
>>> =
>>>
>>>
>>> Numerous skips correspond to the tests related to
>>> ipa-replica-prepare
>>> (unsupported under domain level 1)
>>>
>>>
>>>
>>
>



>>>
>>>
>>
>>
> 
> 
> 

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

2015-11-11 Thread Oleg Fayans


Hi guys,

Is there a chance these patches might be reviewed again this week?

On 11/06/2015 02:04 PM, Oleg Fayans wrote:

Hi Jan,

On 11/06/2015 09:01 AM, Jan Cholasta wrote:

Actually it might be better to keep them, but fix them to expect
ipa-server-certinstall to success.


Done. Updated patch attached.
Also in the patch 0013 I removed a trailing whitespace which caused lint
to complain

Now with domain level 0 the test output looks like this:

[11:40:51]ofayans@vm-076:~]$ ipa-run-tests test_integration/test_caless.py

test session starts
=

platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
plugins: multihost, sourceorder
collected 88 items

test_integration/test_caless.py
..xx..ss...xxssxx..ss...


= 76
passed, 6 skipped, 6 xfailed in 7871.10 seconds
=




On 6.11.2015 08:47, Jan Cholasta wrote:

Hi Oleg,

I think you can just remove
TestCertinstall.test_{http,ds}_intermediate_ca, the certificates are
imported correctly in this case and I didn't see anything break.

Honza

On 5.11.2015 20:20, Oleg Fayans wrote:

Patch 0014 updated and passes lint

On 11/05/2015 03:41 PM, Oleg Fayans wrote:

Wait a bit, the patch has problems with pylint: it does not build :)
The updated version (without the setupmaster nonsense) is being tested
now.

On 11/05/2015 08:45 AM, Oleg Fayans wrote:

Hi Jan,

Could you take a look at these, whenever you are free?

On 10/30/2015 02:57 PM, Oleg Fayans wrote:

Hi,

The following patches contain updates to ca-less integration tests.
It's still a proof of concept: 2 tests still fail seemingly due to
the
change in target system logic (marked as xfail with "ask jcholast
comment")

The test output looks like this:

$ ipa-run-tests test_integration/test_caless.py --pdb







test session starts
=







platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
plugins: multihost, sourceorder
collected 88 items

test_integration/test_caless.py
..xx..sssss.ss.xx..ssxx.









53

passed, 29 skipped, 6 xfailed in 5620.17 seconds
=


Numerous skips correspond to the tests related to
ipa-replica-prepare
(unsupported under domain level 1)























--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

2015-11-06 Thread Jan Cholasta

Actually it might be better to keep them, but fix them to expect 
ipa-server-certinstall to success.


On 6.11.2015 08:47, Jan Cholasta wrote:

Hi Oleg,

I think you can just remove
TestCertinstall.test_{http,ds}_intermediate_ca, the certificates are
imported correctly in this case and I didn't see anything break.

Honza

On 5.11.2015 20:20, Oleg Fayans wrote:

Patch 0014 updated and passes lint

On 11/05/2015 03:41 PM, Oleg Fayans wrote:

Wait a bit, the patch has problems with pylint: it does not build :)
The updated version (without the setupmaster nonsense) is being tested
now.

On 11/05/2015 08:45 AM, Oleg Fayans wrote:

Hi Jan,

Could you take a look at these, whenever you are free?

On 10/30/2015 02:57 PM, Oleg Fayans wrote:

Hi,

The following patches contain updates to ca-less integration tests.
It's still a proof of concept: 2 tests still fail seemingly due to the
change in target system logic (marked as xfail with "ask jcholast
comment")

The test output looks like this:

$ ipa-run-tests test_integration/test_caless.py --pdb





test session starts
=





platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
plugins: multihost, sourceorder
collected 88 items

test_integration/test_caless.py
..xx..sssss.ss.xx..ssxx.






 53

passed, 29 skipped, 6 xfailed in 5620.17 seconds
=

Numerous skips correspond to the tests related to ipa-replica-prepare
(unsupported under domain level 1)

















--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

2015-11-06 Thread Oleg Fayans


Hi Jan,

On 11/06/2015 09:01 AM, Jan Cholasta wrote:

Actually it might be better to keep them, but fix them to expect
ipa-server-certinstall to success.


Done. Updated patch attached.
Also in the patch 0013 I removed a trailing whitespace which caused lint 
to complain


Now with domain level 0 the test output looks like this:

[11:40:51]ofayans@vm-076:~]$ ipa-run-tests test_integration/test_caless.py
 
test session starts 
=

platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
plugins: multihost, sourceorder
collected 88 items

test_integration/test_caless.py 
..xx..ss...xxssxx..ss...


= 76 
passed, 6 skipped, 6 xfailed in 7871.10 seconds 
=





On 6.11.2015 08:47, Jan Cholasta wrote:

Hi Oleg,

I think you can just remove
TestCertinstall.test_{http,ds}_intermediate_ca, the certificates are
imported correctly in this case and I didn't see anything break.

Honza

On 5.11.2015 20:20, Oleg Fayans wrote:

Patch 0014 updated and passes lint

On 11/05/2015 03:41 PM, Oleg Fayans wrote:

Wait a bit, the patch has problems with pylint: it does not build :)
The updated version (without the setupmaster nonsense) is being tested
now.

On 11/05/2015 08:45 AM, Oleg Fayans wrote:

Hi Jan,

Could you take a look at these, whenever you are free?

On 10/30/2015 02:57 PM, Oleg Fayans wrote:

Hi,

The following patches contain updates to ca-less integration tests.
It's still a proof of concept: 2 tests still fail seemingly due to
the
change in target system logic (marked as xfail with "ask jcholast
comment")

The test output looks like this:

$ ipa-run-tests test_integration/test_caless.py --pdb






test session starts
=






platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
plugins: multihost, sourceorder
collected 88 items

test_integration/test_caless.py
..xx..sssss.ss.xx..ssxx.








53

passed, 29 skipped, 6 xfailed in 5620.17 seconds
=

Numerous skips correspond to the tests related to ipa-replica-prepare
(unsupported under domain level 1)



















--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
From 3142e9ab937b602a687639e7972422001e887211 Mon Sep 17 00:00:00 2001
From: Oleg Fayans 
Date: Thu, 5 Nov 2015 16:25:29 +0100
Subject: [PATCH] Updated the script creating test certificate chains

https://fedorahosted.org/freeipa/ticket/4589
---
 .../test_integration/scripts/caless-create-pki | 29 ++
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/ipatests/test_integration/scripts/caless-create-pki b/ipatests/test_integration/scripts/caless-create-pki
index f428ebae16e05644a875a35faf192f75eb149740..4c37077ffdecfb0c70663c7c4817f102154d3b26 100644
--- a/ipatests/test_integration/scripts/caless-create-pki
+++ b/ipatests/test_integration/scripts/caless-create-pki
@@ -3,7 +3,17 @@
 profile_ca=(-t CT,C,C -v 120)
 profile_server=(-t ,, -v 12)
 
-crl_path=${crl_path-$(readlink -f $dbdir)}
+# crl_path=${crl_path-$(readlink -f $dbdir)}
+profile_ca_request_options=(-1 -2 -4)
+profile_ca_request_input="\$'0\n1\n5\n6\n9\ny\ny\n\ny\n1\n7\nfile://'\$(readlink -f \$dbdir)/\$ca.crl\$'\n-1\n-1\n-1\nn\nn\n'"
+profile_ca_create_options=(-v 120)
+profile_ca_add_options=(-t ,,)
+
+profile_server_request_options=(-4)
+profile_server_request_input="\$'1\n7\nfile://'\$(readlink -f \$dbdir)/\$ca.crl\$'\n-1\n-1\n-1\nn\nn\n'"
+profile_server_create_options=(-v 12)
+profile_server_add_options=(-t ,,)
+
 
 serial_number=0
 
@@ -18,7 +28,11 @@ gen_cert() {
 ca="$nick"
 fi
 
+echo $profile
 eval "options=(\"\${profile_$profile[@]}\")"
+eval "request_options=(\"\${profile_${profile}_request_options[@]}\")"
+eval "eval request_input=(\"\${profile_${profile}_request_input[@]}\")"
+
 if [ "$ca" = "$nick" ]; then
 options=("${options[@]}" -x -m 1)
 else
@@ -38,16 +52,7 @@ gen_cert() {
 
 csr="$(mktemp)"
 crt="$(mktemp)"
-certutil -R -d "$dbdir" -s "$subject" -f "$pwfile" -z "$noise" -o "$csr" -4 >/dev/null

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

2015-11-05 Thread Oleg Fayans


Patch 0014 updated and passes lint

On 11/05/2015 03:41 PM, Oleg Fayans wrote:

Wait a bit, the patch has problems with pylint: it does not build :)
The updated version (without the setupmaster nonsense) is being tested now.

On 11/05/2015 08:45 AM, Oleg Fayans wrote:

Hi Jan,

Could you take a look at these, whenever you are free?

On 10/30/2015 02:57 PM, Oleg Fayans wrote:

Hi,

The following patches contain updates to ca-less integration tests.
It's still a proof of concept: 2 tests still fail seemingly due to the
change in target system logic (marked as xfail with "ask jcholast
comment")

The test output looks like this:

$ ipa-run-tests test_integration/test_caless.py --pdb



test session starts
=



platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
plugins: multihost, sourceorder
collected 88 items

test_integration/test_caless.py
..xx..sssss.ss.xx..ssxx.




 53
passed, 29 skipped, 6 xfailed in 5620.17 seconds
=

Numerous skips correspond to the tests related to ipa-replica-prepare
(unsupported under domain level 1)









--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
From 4d9b4689ff08e3183fc0610f9dbc664f6e874290 Mon Sep 17 00:00:00 2001
From: Oleg Fayans 
Date: Thu, 5 Nov 2015 19:32:37 +0100
Subject: [PATCH] Updated ca-less tests.

A preview. All tests except 2 pass. Those 2 failing ones need a consulting from
jcholast (so far marked as xfail).

https://fedorahosted.org/freeipa/ticket/4589
---
 ipatests/test_integration/test_caless.py | 230 ---
 1 file changed, 122 insertions(+), 108 deletions(-)

diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index 9cfba3ee29114badf5a703ccc1d47a1d3e0c41b7..4209f3942d22f7e2213ab52eeca45fb42b4405ef 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -32,13 +32,15 @@ from ipaplatform.paths import paths
 from ipapython.dn import DN
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.test_integration import tasks
+from env_config import get_global_config
 
 _DEFAULT = object()
+config = get_global_config()
+reasoning = "ipa-replica-prepare disabled for domain levels > 0"
 
 
 def get_install_stdin(cert_passwords=()):
 lines = [
-'yes',  # Existing BIND configuration detected, overwrite? [no]
 '',  # Server host name (has default)
 '',  # Confirm domain name (has default)
 ]
@@ -86,16 +88,16 @@ class CALessBase(IntegrationTest):
 client_hostname = cls.clients[0].hostname
 else:
 client_hostname = 'unused-client.test'
-env = {
+cls.env = {
 'domain': cls.master.domain.name,
 'server1': cls.master.hostname,
 'server2': replica_hostname,
 'client': client_hostname,
 'dbdir': 'nssdb',
-'dbpassword': cls.cert_password,
 'crl_path': cls.crl_path,
+'dirman_password': cls.master.config.dirman_password,
 }
-ipautil.run(['bash', '-ex', scriptfile], cwd=cls.cert_dir, env=env)
+ipautil.run(['bash', '-ex', scriptfile], cwd=cls.cert_dir, env=cls.env)
 
 for host in cls.get_all_hosts():
 tasks.apply_common_fixes(host)
@@ -118,7 +120,7 @@ class CALessBase(IntegrationTest):
 '-n', 'External CA cert'],
raiseonerr=False)
 
-super(CALessBase, cls).uninstall()
+super(CALessBase, cls).uninstall(mh)
 
 @classmethod
 def install_server(cls, host=None,
@@ -146,6 +148,11 @@ class CALessBase(IntegrationTest):
 for filename in set(files_to_copy):
 cls.copy_cert(host, filename)
 
+# Remove existing ca certs from default database to avoid conflicts
+args = ["certutil", "-D", "-d", "/etc/httpd/alias", "-n"]
+host.run_command(args + ["ca1"], raiseonerr=False)
+host.run_command(args + ["ca1/server"], raiseonerr=False)
+
 host.collect_log(paths.IPASERVER_INSTALL_LOG)
 host.collect_log(paths.IPACLIENT_INSTALL_LOG)
 inst = host.domain.realm.replace('.', '-')
@@ -163,6 +170,7 @@ class CALessBase(IntegrationTest):
 '-a', host.config.admin_password,
 '--setup-dns',
 '--forwarder', host.config.dns_forwarder,
+'--domain-level', str(config.domain_level)
 ]
 
 if http_pin is not None:
@@ -322,9 +330,7 @@ class CALessBase(IntegrationTest):
 
 # Verify certmonger was not started
 result =

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

2015-11-05 Thread Jan Cholasta


Hi Oleg,

I think you can just remove 
TestCertinstall.test_{http,ds}_intermediate_ca, the certificates are 
imported correctly in this case and I didn't see anything break.


Honza

On 5.11.2015 20:20, Oleg Fayans wrote:

Patch 0014 updated and passes lint

On 11/05/2015 03:41 PM, Oleg Fayans wrote:

Wait a bit, the patch has problems with pylint: it does not build :)
The updated version (without the setupmaster nonsense) is being tested
now.

On 11/05/2015 08:45 AM, Oleg Fayans wrote:

Hi Jan,

Could you take a look at these, whenever you are free?

On 10/30/2015 02:57 PM, Oleg Fayans wrote:

Hi,

The following patches contain updates to ca-less integration tests.
It's still a proof of concept: 2 tests still fail seemingly due to the
change in target system logic (marked as xfail with "ask jcholast
comment")

The test output looks like this:

$ ipa-run-tests test_integration/test_caless.py --pdb




test session starts
=




platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
plugins: multihost, sourceorder
collected 88 items

test_integration/test_caless.py
..xx..sssss.ss.xx..ssxx.





 53
passed, 29 skipped, 6 xfailed in 5620.17 seconds
=

Numerous skips correspond to the tests related to ipa-replica-prepare
(unsupported under domain level 1)














--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

2015-11-05 Thread Oleg Fayans


Wait a bit, the patch has problems with pylint: it does not build :)
The updated version (without the setupmaster nonsense) is being tested now.

On 11/05/2015 08:45 AM, Oleg Fayans wrote:

Hi Jan,

Could you take a look at these, whenever you are free?

On 10/30/2015 02:57 PM, Oleg Fayans wrote:

Hi,

The following patches contain updates to ca-less integration tests.
It's still a proof of concept: 2 tests still fail seemingly due to the
change in target system logic (marked as xfail with "ask jcholast
comment")

The test output looks like this:

$ ipa-run-tests test_integration/test_caless.py --pdb


test session starts
=


platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
plugins: multihost, sourceorder
collected 88 items

test_integration/test_caless.py
..xx..sssss.ss.xx..ssxx.



 53
passed, 29 skipped, 6 xfailed in 5620.17 seconds
=

Numerous skips correspond to the tests related to ipa-replica-prepare
(unsupported under domain level 1)







--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

2015-11-04 Thread Oleg Fayans


Hi Jan,

Could you take a look at these, whenever you are free?

On 10/30/2015 02:57 PM, Oleg Fayans wrote:

Hi,

The following patches contain updates to ca-less integration tests.
It's still a proof of concept: 2 tests still fail seemingly due to the
change in target system logic (marked as xfail with "ask jcholast comment")

The test output looks like this:

$ ipa-run-tests test_integration/test_caless.py --pdb

test session starts
=

platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
plugins: multihost, sourceorder
collected 88 items

test_integration/test_caless.py
..xx..sssss.ss.xx..ssxx.


 53
passed, 29 skipped, 6 xfailed in 5620.17 seconds
=

Numerous skips correspond to the tests related to ipa-replica-prepare
(unsupported under domain level 1)





--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH] ca-less tests updated - POC

2015-10-30 Thread Oleg Fayans


Hi,

The following patches contain updates to ca-less integration tests.
It's still a proof of concept: 2 tests still fail seemingly due to the 
change in target system logic (marked as xfail with "ask jcholast comment")


The test output looks like this:

$ ipa-run-tests test_integration/test_caless.py --pdb
 
test session starts 
=

platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4
plugins: multihost, sourceorder
collected 88 items

test_integration/test_caless.py 
..xx..sssss.ss.xx..ssxx.


 53 
passed, 29 skipped, 6 xfailed in 5620.17 seconds 
=


Numerous skips correspond to the tests related to ipa-replica-prepare 
(unsupported under domain level 1)


--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.
From 6ec4a0a3ca087bd1bb8e21ff448472cb1a58f0b4 Mon Sep 17 00:00:00 2001
From: Oleg Fayans 
Date: Fri, 30 Oct 2015 13:19:39 +0100
Subject: [PATCH] Updated the script creating test certificate chains

https://fedorahosted.org/freeipa/ticket/4589
---
 .../test_integration/scripts/caless-create-pki | 31 +-
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/ipatests/test_integration/scripts/caless-create-pki b/ipatests/test_integration/scripts/caless-create-pki
index f428ebae16e05644a875a35faf192f75eb149740..4058abae62f2e9bc9c6ed7caa664a139af91a508 100644
--- a/ipatests/test_integration/scripts/caless-create-pki
+++ b/ipatests/test_integration/scripts/caless-create-pki
@@ -3,7 +3,17 @@
 profile_ca=(-t CT,C,C -v 120)
 profile_server=(-t ,, -v 12)
 
-crl_path=${crl_path-$(readlink -f $dbdir)}
+# crl_path=${crl_path-$(readlink -f $dbdir)}
+profile_ca_request_options=(-1 -2 -4)
+profile_ca_request_input="\$'0\n1\n5\n6\n9\ny\ny\n\ny\n1\n7\nfile://'\$(readlink -f \$dbdir)/\$ca.crl\$'\n-1\n-1\n-1\nn\nn\n'"
+profile_ca_create_options=(-v 120)
+profile_ca_add_options=(-t ,,)
+
+profile_server_request_options=(-4)
+profile_server_request_input="\$'1\n7\nfile://'\$(readlink -f \$dbdir)/\$ca.crl\$'\n-1\n-1\n-1\nn\nn\n'"
+profile_server_create_options=(-v 12)
+profile_server_add_options=(-t ,,)
+
 
 serial_number=0
 
@@ -17,8 +27,12 @@ gen_cert() {
 if [ "$ca" = "." ]; then
 ca="$nick"
 fi
-
+   
+echo $profile
 eval "options=(\"\${profile_$profile[@]}\")"
+eval "request_options=(\"\${profile_${profile}_request_options[@]}\")"
+eval "eval request_input=(\"\${profile_${profile}_request_input[@]}\")"
+
 if [ "$ca" = "$nick" ]; then
 options=("${options[@]}" -x -m 1)
 else
@@ -38,16 +52,7 @@ gen_cert() {
 
 csr="$(mktemp)"
 crt="$(mktemp)"
-certutil -R -d "$dbdir" -s "$subject" -f "$pwfile" -z "$noise" -o "$csr" -4 >/dev/null 
Date: Fri, 30 Oct 2015 14:07:28 +0100
Subject: [PATCH] Updated ca-less tests.

The patch depends on my patch 0011
A preview. All tests except 2 pass. Those 2 failing ones need a consulting from
jcholast (so far marked as xfail).

https://fedorahosted.org/freeipa/ticket/4589
---
 ipatests/test_integration/test_caless.py | 248 ++-
 1 file changed, 146 insertions(+), 102 deletions(-)

diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index 9cfba3ee29114badf5a703ccc1d47a1d3e0c41b7..7507ca69ef49e472f507f26693818e4acd64bbd5 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -32,13 +32,15 @@ from ipaplatform.paths import paths
 from ipapython.dn import DN
 from ipatests.test_integration.base import IntegrationTest
 from ipatests.test_integration import tasks
+from env_config import get_global_config
 
 _DEFAULT = object()
+config = get_global_config()
+reasoning = "ipa-replica-prepare disabled for domain levels > 0"
 
 
 def get_install_stdin(cert_passwords=()):
 lines = [
-'yes',  # Existing BIND configuration detected, overwrite? [no]
 '',  # Server host name (has default)
 '',  # Confirm domain name (has

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC

[Freeipa-devel] [PATCH] ca-less tests updated - POC

11 matches

Site Navigation

Mail list logo

Footer information