Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC
Hi David, On 12/16/2015 03:35 PM, David Kupka wrote: > On 06/11/15 14:04, Oleg Fayans wrote: >> Hi Jan, >> >> On 11/06/2015 09:01 AM, Jan Cholasta wrote: >>> Actually it might be better to keep them, but fix them to expect >>> ipa-server-certinstall to success. >> >> Done. Updated patch attached. >> Also in the patch 0013 I removed a trailing whitespace which caused lint >> to complain >> >> Now with domain level 0 the test output looks like this: >> >> [11:40:51]ofayans@vm-076:~]$ ipa-run-tests >> test_integration/test_caless.py >> >> >> test session starts >> = >> >> >> platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 >> plugins: multihost, sourceorder >> collected 88 items >> >> test_integration/test_caless.py >> ..xx..ss...xxssxx..ss... >> >> >> >> = 76 >> passed, 6 skipped, 6 xfailed in 7871.10 seconds >> = >> >> >>> >>> On 6.11.2015 08:47, Jan Cholasta wrote: Hi Oleg, I think you can just remove TestCertinstall.test_{http,ds}_intermediate_ca, the certificates are imported correctly in this case and I didn't see anything break. Honza On 5.11.2015 20:20, Oleg Fayans wrote: > Patch 0014 updated and passes lint > > On 11/05/2015 03:41 PM, Oleg Fayans wrote: >> Wait a bit, the patch has problems with pylint: it does not build :) >> The updated version (without the setupmaster nonsense) is being >> tested >> now. >> >> On 11/05/2015 08:45 AM, Oleg Fayans wrote: >>> Hi Jan, >>> >>> Could you take a look at these, whenever you are free? >>> >>> On 10/30/2015 02:57 PM, Oleg Fayans wrote: Hi, The following patches contain updates to ca-less integration tests. It's still a proof of concept: 2 tests still fail seemingly due to the change in target system logic (marked as xfail with "ask jcholast comment") The test output looks like this: $ ipa-run-tests test_integration/test_caless.py --pdb test session starts = platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 plugins: multihost, sourceorder collected 88 items test_integration/test_caless.py ..xx..sssss.ss.xx..ssxx. 53 passed, 29 skipped, 6 xfailed in 5620.17 seconds = Numerous skips correspond to the tests related to ipa-replica-prepare (unsupported under domain level 1) >>> >> > > > >>> >>> >> >> >> >> This body part will be downloaded on demand. >> > Hello, thanks for updated patches. I'm really sorry it took so long > before I got to them. > There was change in ipapython.ipautil.run that happened after you sent > the patches. Feel free to squash attached patch that fixes it. Already noticed this and made the similar fix. > > Unfortunately I see a lot of test failing with domain-level 0: > http://fpaste.org/301657/50275682/ > > domain-level 1 (domain-level 1: http://fpaste.org/301658/02757191/) > seems better. There are 2 failing test that you're probably mentioning > in commit message plus one that I think is bug in code rather than bug > in tests. > Do you have any proposal for fixing the two failing tests? I am working on it right now. > > One nitpick: Please use mail for notes like "need further consulting > ..." rather that commit message. When the patch gets accepted it will > still need modification before push just because inappropriate commit > message. Good to know, thank you! > > Thank you! -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC
On 06/11/15 14:04, Oleg Fayans wrote: Hi Jan, On 11/06/2015 09:01 AM, Jan Cholasta wrote: Actually it might be better to keep them, but fix them to expect ipa-server-certinstall to success. Done. Updated patch attached. Also in the patch 0013 I removed a trailing whitespace which caused lint to complain Now with domain level 0 the test output looks like this: [11:40:51]ofayans@vm-076:~]$ ipa-run-tests test_integration/test_caless.py test session starts = platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 plugins: multihost, sourceorder collected 88 items test_integration/test_caless.py ..xx..ss...xxssxx..ss... = 76 passed, 6 skipped, 6 xfailed in 7871.10 seconds = On 6.11.2015 08:47, Jan Cholasta wrote: Hi Oleg, I think you can just remove TestCertinstall.test_{http,ds}_intermediate_ca, the certificates are imported correctly in this case and I didn't see anything break. Honza On 5.11.2015 20:20, Oleg Fayans wrote: Patch 0014 updated and passes lint On 11/05/2015 03:41 PM, Oleg Fayans wrote: Wait a bit, the patch has problems with pylint: it does not build :) The updated version (without the setupmaster nonsense) is being tested now. On 11/05/2015 08:45 AM, Oleg Fayans wrote: Hi Jan, Could you take a look at these, whenever you are free? On 10/30/2015 02:57 PM, Oleg Fayans wrote: Hi, The following patches contain updates to ca-less integration tests. It's still a proof of concept: 2 tests still fail seemingly due to the change in target system logic (marked as xfail with "ask jcholast comment") The test output looks like this: $ ipa-run-tests test_integration/test_caless.py --pdb test session starts = platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 plugins: multihost, sourceorder collected 88 items test_integration/test_caless.py ..xx..sssss.ss.xx..ssxx. 53 passed, 29 skipped, 6 xfailed in 5620.17 seconds = Numerous skips correspond to the tests related to ipa-replica-prepare (unsupported under domain level 1) This body part will be downloaded on demand. Hello, thanks for updated patches. I'm really sorry it took so long before I got to them. There was change in ipapython.ipautil.run that happened after you sent the patches. Feel free to squash attached patch that fixes it. Unfortunately I see a lot of test failing with domain-level 0: http://fpaste.org/301657/50275682/ domain-level 1 (domain-level 1: http://fpaste.org/301658/02757191/) seems better. There are 2 failing test that you're probably mentioning in commit message plus one that I think is bug in code rather than bug in tests. Do you have any proposal for fixing the two failing tests? One nitpick: Please use mail for notes like "need further consulting ..." rather that commit message. When the patch gets accepted it will still need modification before push just because inappropriate commit message. Thank you! -- David Kupka From 2a6e8f02ecd00da2b86d2f3f9847a86caa35e74d Mon Sep 17 00:00:00 2001 From: David Kupka Date: Wed, 16 Dec 2015 09:12:56 +0100 Subject: [PATCH] Addapt CA less test to new ipapython.ipautil.run --- ipatests/test_integration/test_caless.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py index 4b88ee9da1d5a476f13604f9a833e748a093..6cb55a708517062edb1bb950a72d6a66f717432e 100644 --- a/ipatests/test_integration/test_caless.py +++ b/ipatests/test_integration/test_caless.py @@ -300,10 +300,10 @@ class CALessBase(IntegrationTest): @classmethod def get_pem(cls, nickname): -pem_cert, _stderr, _returncode = ipautil.run( +result = ipautil.run( ['certutil', '-L', '-d', 'nssdb', '-n', nickname, '-a'], -cwd=cls.cert_dir) -return pem_cert +cwd=cls.cert_dir, capture_output=True) +return result.output def verify_installation(self): """Verify CA cert PEM file and LDAP entry created by install -- 2.5.0 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC
Anyone to review it guys? On 11/06/2015 02:04 PM, Oleg Fayans wrote: > Hi Jan, > > On 11/06/2015 09:01 AM, Jan Cholasta wrote: >> Actually it might be better to keep them, but fix them to expect >> ipa-server-certinstall to success. > > Done. Updated patch attached. > Also in the patch 0013 I removed a trailing whitespace which caused lint > to complain > > Now with domain level 0 the test output looks like this: > > [11:40:51]ofayans@vm-076:~]$ ipa-run-tests test_integration/test_caless.py > > test session starts > = > > platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 > plugins: multihost, sourceorder > collected 88 items > > test_integration/test_caless.py > ..xx..ss...xxssxx..ss... > > > = 76 > passed, 6 skipped, 6 xfailed in 7871.10 seconds > = > > >> >> On 6.11.2015 08:47, Jan Cholasta wrote: >>> Hi Oleg, >>> >>> I think you can just remove >>> TestCertinstall.test_{http,ds}_intermediate_ca, the certificates are >>> imported correctly in this case and I didn't see anything break. >>> >>> Honza >>> >>> On 5.11.2015 20:20, Oleg Fayans wrote: Patch 0014 updated and passes lint On 11/05/2015 03:41 PM, Oleg Fayans wrote: > Wait a bit, the patch has problems with pylint: it does not build :) > The updated version (without the setupmaster nonsense) is being tested > now. > > On 11/05/2015 08:45 AM, Oleg Fayans wrote: >> Hi Jan, >> >> Could you take a look at these, whenever you are free? >> >> On 10/30/2015 02:57 PM, Oleg Fayans wrote: >>> Hi, >>> >>> The following patches contain updates to ca-less integration tests. >>> It's still a proof of concept: 2 tests still fail seemingly due to >>> the >>> change in target system logic (marked as xfail with "ask jcholast >>> comment") >>> >>> The test output looks like this: >>> >>> $ ipa-run-tests test_integration/test_caless.py --pdb >>> >>> >>> >>> >>> >>> >>> >>> test session starts >>> = >>> >>> >>> >>> >>> >>> >>> >>> platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 >>> plugins: multihost, sourceorder >>> collected 88 items >>> >>> test_integration/test_caless.py >>> ..xx..sssss.ss.xx..ssxx. >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> 53 >>> >>> passed, 29 skipped, 6 xfailed in 5620.17 seconds >>> = >>> >>> >>> Numerous skips correspond to the tests related to >>> ipa-replica-prepare >>> (unsupported under domain level 1) >>> >>> >>> >> > >>> >>> >> >> > > > -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC
Hi guys, Is there a chance these patches might be reviewed again this week? On 11/06/2015 02:04 PM, Oleg Fayans wrote: Hi Jan, On 11/06/2015 09:01 AM, Jan Cholasta wrote: Actually it might be better to keep them, but fix them to expect ipa-server-certinstall to success. Done. Updated patch attached. Also in the patch 0013 I removed a trailing whitespace which caused lint to complain Now with domain level 0 the test output looks like this: [11:40:51]ofayans@vm-076:~]$ ipa-run-tests test_integration/test_caless.py test session starts = platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 plugins: multihost, sourceorder collected 88 items test_integration/test_caless.py ..xx..ss...xxssxx..ss... = 76 passed, 6 skipped, 6 xfailed in 7871.10 seconds = On 6.11.2015 08:47, Jan Cholasta wrote: Hi Oleg, I think you can just remove TestCertinstall.test_{http,ds}_intermediate_ca, the certificates are imported correctly in this case and I didn't see anything break. Honza On 5.11.2015 20:20, Oleg Fayans wrote: Patch 0014 updated and passes lint On 11/05/2015 03:41 PM, Oleg Fayans wrote: Wait a bit, the patch has problems with pylint: it does not build :) The updated version (without the setupmaster nonsense) is being tested now. On 11/05/2015 08:45 AM, Oleg Fayans wrote: Hi Jan, Could you take a look at these, whenever you are free? On 10/30/2015 02:57 PM, Oleg Fayans wrote: Hi, The following patches contain updates to ca-less integration tests. It's still a proof of concept: 2 tests still fail seemingly due to the change in target system logic (marked as xfail with "ask jcholast comment") The test output looks like this: $ ipa-run-tests test_integration/test_caless.py --pdb test session starts = platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 plugins: multihost, sourceorder collected 88 items test_integration/test_caless.py ..xx..sssss.ss.xx..ssxx. 53 passed, 29 skipped, 6 xfailed in 5620.17 seconds = Numerous skips correspond to the tests related to ipa-replica-prepare (unsupported under domain level 1) -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC
Hi Jan, On 11/06/2015 09:01 AM, Jan Cholasta wrote: Actually it might be better to keep them, but fix them to expect ipa-server-certinstall to success. Done. Updated patch attached. Also in the patch 0013 I removed a trailing whitespace which caused lint to complain Now with domain level 0 the test output looks like this: [11:40:51]ofayans@vm-076:~]$ ipa-run-tests test_integration/test_caless.py test session starts = platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 plugins: multihost, sourceorder collected 88 items test_integration/test_caless.py ..xx..ss...xxssxx..ss... = 76 passed, 6 skipped, 6 xfailed in 7871.10 seconds = On 6.11.2015 08:47, Jan Cholasta wrote: Hi Oleg, I think you can just remove TestCertinstall.test_{http,ds}_intermediate_ca, the certificates are imported correctly in this case and I didn't see anything break. Honza On 5.11.2015 20:20, Oleg Fayans wrote: Patch 0014 updated and passes lint On 11/05/2015 03:41 PM, Oleg Fayans wrote: Wait a bit, the patch has problems with pylint: it does not build :) The updated version (without the setupmaster nonsense) is being tested now. On 11/05/2015 08:45 AM, Oleg Fayans wrote: Hi Jan, Could you take a look at these, whenever you are free? On 10/30/2015 02:57 PM, Oleg Fayans wrote: Hi, The following patches contain updates to ca-less integration tests. It's still a proof of concept: 2 tests still fail seemingly due to the change in target system logic (marked as xfail with "ask jcholast comment") The test output looks like this: $ ipa-run-tests test_integration/test_caless.py --pdb test session starts = platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 plugins: multihost, sourceorder collected 88 items test_integration/test_caless.py ..xx..sssss.ss.xx..ssxx. 53 passed, 29 skipped, 6 xfailed in 5620.17 seconds = Numerous skips correspond to the tests related to ipa-replica-prepare (unsupported under domain level 1) -- Oleg Fayans Quality Engineer FreeIPA team RedHat. From 3142e9ab937b602a687639e7972422001e887211 Mon Sep 17 00:00:00 2001 From: Oleg Fayans Date: Thu, 5 Nov 2015 16:25:29 +0100 Subject: [PATCH] Updated the script creating test certificate chains https://fedorahosted.org/freeipa/ticket/4589 --- .../test_integration/scripts/caless-create-pki | 29 ++ 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/ipatests/test_integration/scripts/caless-create-pki b/ipatests/test_integration/scripts/caless-create-pki index f428ebae16e05644a875a35faf192f75eb149740..4c37077ffdecfb0c70663c7c4817f102154d3b26 100644 --- a/ipatests/test_integration/scripts/caless-create-pki +++ b/ipatests/test_integration/scripts/caless-create-pki @@ -3,7 +3,17 @@ profile_ca=(-t CT,C,C -v 120) profile_server=(-t ,, -v 12) -crl_path=${crl_path-$(readlink -f $dbdir)} +# crl_path=${crl_path-$(readlink -f $dbdir)} +profile_ca_request_options=(-1 -2 -4) +profile_ca_request_input="\$'0\n1\n5\n6\n9\ny\ny\n\ny\n1\n7\nfile://'\$(readlink -f \$dbdir)/\$ca.crl\$'\n-1\n-1\n-1\nn\nn\n'" +profile_ca_create_options=(-v 120) +profile_ca_add_options=(-t ,,) + +profile_server_request_options=(-4) +profile_server_request_input="\$'1\n7\nfile://'\$(readlink -f \$dbdir)/\$ca.crl\$'\n-1\n-1\n-1\nn\nn\n'" +profile_server_create_options=(-v 12) +profile_server_add_options=(-t ,,) + serial_number=0 @@ -18,7 +28,11 @@ gen_cert() { ca="$nick" fi +echo $profile eval "options=(\"\${profile_$profile[@]}\")" +eval "request_options=(\"\${profile_${profile}_request_options[@]}\")" +eval "eval request_input=(\"\${profile_${profile}_request_input[@]}\")" + if [ "$ca" = "$nick" ]; then options=("${options[@]}" -x -m 1) else @@ -38,16 +52,7 @@ gen_cert() { csr="$(mktemp)" crt="$(mktemp)" -certutil -R -d "$dbdir" -s "$subject" -f "$pwfile" -z "$noise" -o "$csr" -4 >/dev/null
Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC
Actually it might be better to keep them, but fix them to expect ipa-server-certinstall to success. On 6.11.2015 08:47, Jan Cholasta wrote: Hi Oleg, I think you can just remove TestCertinstall.test_{http,ds}_intermediate_ca, the certificates are imported correctly in this case and I didn't see anything break. Honza On 5.11.2015 20:20, Oleg Fayans wrote: Patch 0014 updated and passes lint On 11/05/2015 03:41 PM, Oleg Fayans wrote: Wait a bit, the patch has problems with pylint: it does not build :) The updated version (without the setupmaster nonsense) is being tested now. On 11/05/2015 08:45 AM, Oleg Fayans wrote: Hi Jan, Could you take a look at these, whenever you are free? On 10/30/2015 02:57 PM, Oleg Fayans wrote: Hi, The following patches contain updates to ca-less integration tests. It's still a proof of concept: 2 tests still fail seemingly due to the change in target system logic (marked as xfail with "ask jcholast comment") The test output looks like this: $ ipa-run-tests test_integration/test_caless.py --pdb test session starts = platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 plugins: multihost, sourceorder collected 88 items test_integration/test_caless.py ..xx..sssss.ss.xx..ssxx. 53 passed, 29 skipped, 6 xfailed in 5620.17 seconds = Numerous skips correspond to the tests related to ipa-replica-prepare (unsupported under domain level 1) -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC
Hi Oleg, I think you can just remove TestCertinstall.test_{http,ds}_intermediate_ca, the certificates are imported correctly in this case and I didn't see anything break. Honza On 5.11.2015 20:20, Oleg Fayans wrote: Patch 0014 updated and passes lint On 11/05/2015 03:41 PM, Oleg Fayans wrote: Wait a bit, the patch has problems with pylint: it does not build :) The updated version (without the setupmaster nonsense) is being tested now. On 11/05/2015 08:45 AM, Oleg Fayans wrote: Hi Jan, Could you take a look at these, whenever you are free? On 10/30/2015 02:57 PM, Oleg Fayans wrote: Hi, The following patches contain updates to ca-less integration tests. It's still a proof of concept: 2 tests still fail seemingly due to the change in target system logic (marked as xfail with "ask jcholast comment") The test output looks like this: $ ipa-run-tests test_integration/test_caless.py --pdb test session starts = platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 plugins: multihost, sourceorder collected 88 items test_integration/test_caless.py ..xx..sssss.ss.xx..ssxx. 53 passed, 29 skipped, 6 xfailed in 5620.17 seconds = Numerous skips correspond to the tests related to ipa-replica-prepare (unsupported under domain level 1) -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC
Patch 0014 updated and passes lint On 11/05/2015 03:41 PM, Oleg Fayans wrote: Wait a bit, the patch has problems with pylint: it does not build :) The updated version (without the setupmaster nonsense) is being tested now. On 11/05/2015 08:45 AM, Oleg Fayans wrote: Hi Jan, Could you take a look at these, whenever you are free? On 10/30/2015 02:57 PM, Oleg Fayans wrote: Hi, The following patches contain updates to ca-less integration tests. It's still a proof of concept: 2 tests still fail seemingly due to the change in target system logic (marked as xfail with "ask jcholast comment") The test output looks like this: $ ipa-run-tests test_integration/test_caless.py --pdb test session starts = platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 plugins: multihost, sourceorder collected 88 items test_integration/test_caless.py ..xx..sssss.ss.xx..ssxx. 53 passed, 29 skipped, 6 xfailed in 5620.17 seconds = Numerous skips correspond to the tests related to ipa-replica-prepare (unsupported under domain level 1) -- Oleg Fayans Quality Engineer FreeIPA team RedHat. From 4d9b4689ff08e3183fc0610f9dbc664f6e874290 Mon Sep 17 00:00:00 2001 From: Oleg Fayans Date: Thu, 5 Nov 2015 19:32:37 +0100 Subject: [PATCH] Updated ca-less tests. A preview. All tests except 2 pass. Those 2 failing ones need a consulting from jcholast (so far marked as xfail). https://fedorahosted.org/freeipa/ticket/4589 --- ipatests/test_integration/test_caless.py | 230 --- 1 file changed, 122 insertions(+), 108 deletions(-) diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py index 9cfba3ee29114badf5a703ccc1d47a1d3e0c41b7..4209f3942d22f7e2213ab52eeca45fb42b4405ef 100644 --- a/ipatests/test_integration/test_caless.py +++ b/ipatests/test_integration/test_caless.py @@ -32,13 +32,15 @@ from ipaplatform.paths import paths from ipapython.dn import DN from ipatests.test_integration.base import IntegrationTest from ipatests.test_integration import tasks +from env_config import get_global_config _DEFAULT = object() +config = get_global_config() +reasoning = "ipa-replica-prepare disabled for domain levels > 0" def get_install_stdin(cert_passwords=()): lines = [ -'yes', # Existing BIND configuration detected, overwrite? [no] '', # Server host name (has default) '', # Confirm domain name (has default) ] @@ -86,16 +88,16 @@ class CALessBase(IntegrationTest): client_hostname = cls.clients[0].hostname else: client_hostname = 'unused-client.test' -env = { +cls.env = { 'domain': cls.master.domain.name, 'server1': cls.master.hostname, 'server2': replica_hostname, 'client': client_hostname, 'dbdir': 'nssdb', -'dbpassword': cls.cert_password, 'crl_path': cls.crl_path, +'dirman_password': cls.master.config.dirman_password, } -ipautil.run(['bash', '-ex', scriptfile], cwd=cls.cert_dir, env=env) +ipautil.run(['bash', '-ex', scriptfile], cwd=cls.cert_dir, env=cls.env) for host in cls.get_all_hosts(): tasks.apply_common_fixes(host) @@ -118,7 +120,7 @@ class CALessBase(IntegrationTest): '-n', 'External CA cert'], raiseonerr=False) -super(CALessBase, cls).uninstall() +super(CALessBase, cls).uninstall(mh) @classmethod def install_server(cls, host=None, @@ -146,6 +148,11 @@ class CALessBase(IntegrationTest): for filename in set(files_to_copy): cls.copy_cert(host, filename) +# Remove existing ca certs from default database to avoid conflicts +args = ["certutil", "-D", "-d", "/etc/httpd/alias", "-n"] +host.run_command(args + ["ca1"], raiseonerr=False) +host.run_command(args + ["ca1/server"], raiseonerr=False) + host.collect_log(paths.IPASERVER_INSTALL_LOG) host.collect_log(paths.IPACLIENT_INSTALL_LOG) inst = host.domain.realm.replace('.', '-') @@ -163,6 +170,7 @@ class CALessBase(IntegrationTest): '-a', host.config.admin_password, '--setup-dns', '--forwarder', host.config.dns_forwarder, +'--domain-level', str(config.domain_level) ] if http_pin is not None: @@ -322,9 +330,7 @@ class CALessBase(IntegrationTest): # Verify certmonger was not started result = host.run_command(['ge
Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC
Wait a bit, the patch has problems with pylint: it does not build :) The updated version (without the setupmaster nonsense) is being tested now. On 11/05/2015 08:45 AM, Oleg Fayans wrote: Hi Jan, Could you take a look at these, whenever you are free? On 10/30/2015 02:57 PM, Oleg Fayans wrote: Hi, The following patches contain updates to ca-less integration tests. It's still a proof of concept: 2 tests still fail seemingly due to the change in target system logic (marked as xfail with "ask jcholast comment") The test output looks like this: $ ipa-run-tests test_integration/test_caless.py --pdb test session starts = platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 plugins: multihost, sourceorder collected 88 items test_integration/test_caless.py ..xx..sssss.ss.xx..ssxx. 53 passed, 29 skipped, 6 xfailed in 5620.17 seconds = Numerous skips correspond to the tests related to ipa-replica-prepare (unsupported under domain level 1) -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] ca-less tests updated - POC
Hi Jan, Could you take a look at these, whenever you are free? On 10/30/2015 02:57 PM, Oleg Fayans wrote: Hi, The following patches contain updates to ca-less integration tests. It's still a proof of concept: 2 tests still fail seemingly due to the change in target system logic (marked as xfail with "ask jcholast comment") The test output looks like this: $ ipa-run-tests test_integration/test_caless.py --pdb test session starts = platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 plugins: multihost, sourceorder collected 88 items test_integration/test_caless.py ..xx..sssss.ss.xx..ssxx. 53 passed, 29 skipped, 6 xfailed in 5620.17 seconds = Numerous skips correspond to the tests related to ipa-replica-prepare (unsupported under domain level 1) -- Oleg Fayans Quality Engineer FreeIPA team RedHat. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH] ca-less tests updated - POC
Hi, The following patches contain updates to ca-less integration tests. It's still a proof of concept: 2 tests still fail seemingly due to the change in target system logic (marked as xfail with "ask jcholast comment") The test output looks like this: $ ipa-run-tests test_integration/test_caless.py --pdb test session starts = platform linux2 -- Python 2.7.10 -- py-1.4.30 -- pytest-2.6.4 plugins: multihost, sourceorder collected 88 items test_integration/test_caless.py ..xx..sssss.ss.xx..ssxx. 53 passed, 29 skipped, 6 xfailed in 5620.17 seconds = Numerous skips correspond to the tests related to ipa-replica-prepare (unsupported under domain level 1) -- Oleg Fayans Quality Engineer FreeIPA team RedHat. From 6ec4a0a3ca087bd1bb8e21ff448472cb1a58f0b4 Mon Sep 17 00:00:00 2001 From: Oleg Fayans Date: Fri, 30 Oct 2015 13:19:39 +0100 Subject: [PATCH] Updated the script creating test certificate chains https://fedorahosted.org/freeipa/ticket/4589 --- .../test_integration/scripts/caless-create-pki | 31 +- 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/ipatests/test_integration/scripts/caless-create-pki b/ipatests/test_integration/scripts/caless-create-pki index f428ebae16e05644a875a35faf192f75eb149740..4058abae62f2e9bc9c6ed7caa664a139af91a508 100644 --- a/ipatests/test_integration/scripts/caless-create-pki +++ b/ipatests/test_integration/scripts/caless-create-pki @@ -3,7 +3,17 @@ profile_ca=(-t CT,C,C -v 120) profile_server=(-t ,, -v 12) -crl_path=${crl_path-$(readlink -f $dbdir)} +# crl_path=${crl_path-$(readlink -f $dbdir)} +profile_ca_request_options=(-1 -2 -4) +profile_ca_request_input="\$'0\n1\n5\n6\n9\ny\ny\n\ny\n1\n7\nfile://'\$(readlink -f \$dbdir)/\$ca.crl\$'\n-1\n-1\n-1\nn\nn\n'" +profile_ca_create_options=(-v 120) +profile_ca_add_options=(-t ,,) + +profile_server_request_options=(-4) +profile_server_request_input="\$'1\n7\nfile://'\$(readlink -f \$dbdir)/\$ca.crl\$'\n-1\n-1\n-1\nn\nn\n'" +profile_server_create_options=(-v 12) +profile_server_add_options=(-t ,,) + serial_number=0 @@ -17,8 +27,12 @@ gen_cert() { if [ "$ca" = "." ]; then ca="$nick" fi - + +echo $profile eval "options=(\"\${profile_$profile[@]}\")" +eval "request_options=(\"\${profile_${profile}_request_options[@]}\")" +eval "eval request_input=(\"\${profile_${profile}_request_input[@]}\")" + if [ "$ca" = "$nick" ]; then options=("${options[@]}" -x -m 1) else @@ -38,16 +52,7 @@ gen_cert() { csr="$(mktemp)" crt="$(mktemp)" -certutil -R -d "$dbdir" -s "$subject" -f "$pwfile" -z "$noise" -o "$csr" -4 >/dev/null 0" def get_install_stdin(cert_passwords=()): lines = [ -'yes', # Existing BIND configuration detected, overwrite? [no] '', # Server host name (has default) '', # Confirm domain name (has default) ] @@ -94,6 +96,7 @@ class