Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-16 Thread Martin Basti



On 09/15/2015 11:18 AM, Milan Kubík wrote:

On 09/14/2015 05:47 PM, Martin Basti wrote:



On 09/14/2015 01:49 PM, Lenka Doudova wrote:

All good,
ACK

On 09/14/2015 11:54 AM, Milan Kubík wrote:

On 09/14/2015 10:10 AM, Lenka Doudova wrote:

NACK because:

$ pep8 ipatests/test_xmlrpc/test_certprofile_plugin.py
ipatests/test_xmlrpc/test_certprofile_plugin.py:213:8: E121 
continuation line under-indented for hanging indent


(just a missing space in the indent)

Lenka

On 09/11/2015 01:47 PM, Milan Kubík wrote:

On 09/11/2015 12:43 PM, Lenka Doudova wrote:





On 09/11/2015 11:45 AM, Milan Kubík wrote:


On 09/11/2015 10:27 AM, Martin Basti wrote:






On 09/11/2015 09:51 AM, Lenka Doudova wrote:






On 09/10/2015 02:11 PM, Milan Kubík wrote:


On 09/04/2015 03:57 PM, Martin Babinsky wrote:


On 09/04/2015 11:06 AM, Lenka Doudova wrote:




Hi,







there's no traceback in the file you mentioned, but I'm 
running it




through lite-server, so here's the traceback from there:



http://pastebin.test.redhat.com/310598







I can't really get to the problem. What I forgot to 
mention in the




previous email was that the tests fail when attempting to 
add a




certprofile, but if I try to do is manually using 'ipa



certprofile-import' command with the exact same data as 
used in the




test, it works fine.







Lenka








Do you get the traceback also when you run the tests using

'ipa-run-tests' with installed IPA master?












Hello,



I don't think it is possible to run these tests against the 
lite

server. Please do it on regular installation.



Anyway, sorry for the long delay. I send the updated patches.

I updated them to reflect the fix for rename option and 
extended
about test with importing a profile from XML file. The test 
case

may need to be updated, based on the resolution of [1].

This at the moment raises remote retrieve error (400 from 
dogtag),

I think there should be more clear message (detecting xml).



[1]: https://fedorahosted.org/freeipa/ticket/5294





Cheers,

Milan




Hi,



can't build rpms after applying the patches (namely patch 
0009.2):




Module ipatests.test_xmlrpc.utils

ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), 
prepare_config]

Module 'py' has no 'path' member)





Lenka




Do we need new util.py in test_xmlrpc? Why not just add it into
existing ipatests/util.py?






Updated patch attached.

Changes:

content of ipatests.test_xmlrpc.utils moved to ipatests.utils

make-lint updated to ignore py.path submodule




Again got an error:



Module ipatests.test_xmlrpc.test_certprofile_plugin



ipatests/test_xmlrpc/test_certprofile_plugin.py:16: 
[E0611(no-name-in-module), ] No name 'utils' in module 'ipatests')






Probably just extra 's' in:



from ipatests.utils import prepare_config



Lenka



Typo fixed. Removed the py module from the code after an offline 
discussion.

Patch attached.

Milan




Fixed. Patch attached.

Milan




I cannot apply this patch on master branch even with 3-way merge, 
thus I cannot push this, please send rebased patch.

Hi,

rebased patches attached.

Milan

Pushed to:
ipa-4-2: 223dc3d8d99e773336c94a3d968521e5cea8e35d
master: 1550b5ab50966387bac19f46b34a2107010d08d4

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-15 Thread Milan Kubík

On 09/14/2015 05:47 PM, Martin Basti wrote:



On 09/14/2015 01:49 PM, Lenka Doudova wrote:

All good,
ACK

On 09/14/2015 11:54 AM, Milan Kubík wrote:

On 09/14/2015 10:10 AM, Lenka Doudova wrote:

NACK because:

$ pep8 ipatests/test_xmlrpc/test_certprofile_plugin.py
ipatests/test_xmlrpc/test_certprofile_plugin.py:213:8: E121 
continuation line under-indented for hanging indent


(just a missing space in the indent)

Lenka

On 09/11/2015 01:47 PM, Milan Kubík wrote:

On 09/11/2015 12:43 PM, Lenka Doudova wrote:





On 09/11/2015 11:45 AM, Milan Kubík wrote:


On 09/11/2015 10:27 AM, Martin Basti wrote:






On 09/11/2015 09:51 AM, Lenka Doudova wrote:






On 09/10/2015 02:11 PM, Milan Kubík wrote:


On 09/04/2015 03:57 PM, Martin Babinsky wrote:


On 09/04/2015 11:06 AM, Lenka Doudova wrote:




Hi,







there's no traceback in the file you mentioned, but I'm 
running it




through lite-server, so here's the traceback from there:



http://pastebin.test.redhat.com/310598







I can't really get to the problem. What I forgot to mention 
in the




previous email was that the tests fail when attempting to 
add a




certprofile, but if I try to do is manually using 'ipa



certprofile-import' command with the exact same data as 
used in the




test, it works fine.







Lenka








Do you get the traceback also when you run the tests using

'ipa-run-tests' with installed IPA master?












Hello,



I don't think it is possible to run these tests against the lite
server. Please do it on regular installation.



Anyway, sorry for the long delay. I send the updated patches.

I updated them to reflect the fix for rename option and extended
about test with importing a profile from XML file. The test case
may need to be updated, based on the resolution of [1].

This at the moment raises remote retrieve error (400 from 
dogtag),

I think there should be more clear message (detecting xml).



[1]: https://fedorahosted.org/freeipa/ticket/5294





Cheers,

Milan




Hi,



can't build rpms after applying the patches (namely patch 
0009.2):




Module ipatests.test_xmlrpc.utils

ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), 
prepare_config]

Module 'py' has no 'path' member)





Lenka




Do we need new util.py in test_xmlrpc? Why not just add it into
existing ipatests/util.py?






Updated patch attached.

Changes:

content of ipatests.test_xmlrpc.utils moved to ipatests.utils

make-lint updated to ignore py.path submodule




Again got an error:



Module ipatests.test_xmlrpc.test_certprofile_plugin



ipatests/test_xmlrpc/test_certprofile_plugin.py:16: 
[E0611(no-name-in-module), ] No name 'utils' in module 'ipatests')






Probably just extra 's' in:



from ipatests.utils import prepare_config



Lenka



Typo fixed. Removed the py module from the code after an offline 
discussion.

Patch attached.

Milan




Fixed. Patch attached.

Milan




I cannot apply this patch on master branch even with 3-way merge, thus 
I cannot push this, please send rebased patch.

Hi,

rebased patches attached.

Milan
From bcb1d7fbf2f4f43532fac1c5f56dfbb484bf7221 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= 
Date: Wed, 10 Jun 2015 14:48:33 +0200
Subject: [PATCH 1/5] ipatests: Add Certprofile tracker class implementation

https://fedorahosted.org/freeipa/ticket/57
---
 ipatests/test_xmlrpc/objectclasses.py   |   5 +
 ipatests/test_xmlrpc/test_certprofile_plugin.py | 140 
 2 files changed, 145 insertions(+)
 create mode 100644 ipatests/test_xmlrpc/test_certprofile_plugin.py

diff --git a/ipatests/test_xmlrpc/objectclasses.py b/ipatests/test_xmlrpc/objectclasses.py
index a5c1b4c501cd28049b29cfc5e55ae745d91dc5bf..1cd77c7f885fe408d0d9d48fc6d8284900c91b7f 100644
--- a/ipatests/test_xmlrpc/objectclasses.py
+++ b/ipatests/test_xmlrpc/objectclasses.py
@@ -212,3 +212,8 @@ servicedelegationtarget = [
 u'top',
 u'groupofprincipals',
 ]
+
+certprofile = [
+u'top',
+u'ipacertprofile',
+]
diff --git a/ipatests/test_xmlrpc/test_certprofile_plugin.py b/ipatests/test_xmlrpc/test_certprofile_plugin.py
new file mode 100644
index ..8fd81bc3f0cc7896adb9fdb6904ace1e7ebc52b3
--- /dev/null
+++ b/ipatests/test_xmlrpc/test_certprofile_plugin.py
@@ -0,0 +1,140 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+"""
+Test the `ipalib.plugins.certprofile` module.
+"""
+
+import os
+
+import pytest
+
+from ipalib import errors
+from ipapython.dn import DN
+from ipatests.test_xmlrpc.ldaptracker import Tracker
+from ipatests.test_xmlrpc.xmlrpc_test import XMLRPC_test, raises_exact
+from ipatests.test_xmlrpc import objectclasses
+from ipatests.util import assert_deepequal
+
+
+class CertprofileTracker(Tracker):
+"""Tracker class for certprofile plugin.
+"""
+
+retrieve_keys = {
+'dn', 'cn', 'description', 'ipacertprofilestoreissued'
+  

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-14 Thread Lenka Doudova

All good,
ACK

On 09/14/2015 11:54 AM, Milan Kubík wrote:

On 09/14/2015 10:10 AM, Lenka Doudova wrote:

NACK because:

$ pep8 ipatests/test_xmlrpc/test_certprofile_plugin.py
ipatests/test_xmlrpc/test_certprofile_plugin.py:213:8: E121 
continuation line under-indented for hanging indent


(just a missing space in the indent)

Lenka

On 09/11/2015 01:47 PM, Milan Kubík wrote:

On 09/11/2015 12:43 PM, Lenka Doudova wrote:





On 09/11/2015 11:45 AM, Milan Kubík wrote:


On 09/11/2015 10:27 AM, Martin Basti wrote:






On 09/11/2015 09:51 AM, Lenka Doudova wrote:






On 09/10/2015 02:11 PM, Milan Kubík wrote:


On 09/04/2015 03:57 PM, Martin Babinsky wrote:


On 09/04/2015 11:06 AM, Lenka Doudova wrote:




Hi,







there's no traceback in the file you mentioned, but I'm 
running it




through lite-server, so here's the traceback from there:



http://pastebin.test.redhat.com/310598







I can't really get to the problem. What I forgot to mention 
in the




previous email was that the tests fail when attempting to add a



certprofile, but if I try to do is manually using 'ipa



certprofile-import' command with the exact same data as used 
in the




test, it works fine.







Lenka








Do you get the traceback also when you run the tests using

'ipa-run-tests' with installed IPA master?












Hello,



I don't think it is possible to run these tests against the lite
server. Please do it on regular installation.



Anyway, sorry for the long delay. I send the updated patches.

I updated them to reflect the fix for rename option and extended
about test with importing a profile from XML file. The test case
may need to be updated, based on the resolution of [1].

This at the moment raises remote retrieve error (400 from dogtag),
I think there should be more clear message (detecting xml).



[1]: https://fedorahosted.org/freeipa/ticket/5294





Cheers,

Milan




Hi,



can't build rpms after applying the patches (namely patch 0009.2):



Module ipatests.test_xmlrpc.utils

ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), 
prepare_config]

Module 'py' has no 'path' member)





Lenka




Do we need new util.py in test_xmlrpc? Why not just add it into
existing ipatests/util.py?






Updated patch attached.

Changes:

content of ipatests.test_xmlrpc.utils moved to ipatests.utils

make-lint updated to ignore py.path submodule




Again got an error:



Module ipatests.test_xmlrpc.test_certprofile_plugin



ipatests/test_xmlrpc/test_certprofile_plugin.py:16: 
[E0611(no-name-in-module), ] No name 'utils' in module 'ipatests')






Probably just extra 's' in:



from ipatests.utils import prepare_config



Lenka



Typo fixed. Removed the py module from the code after an offline 
discussion.

Patch attached.

Milan




Fixed. Patch attached.

Milan


--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-14 Thread Martin Basti



On 09/14/2015 01:49 PM, Lenka Doudova wrote:

All good,
ACK

On 09/14/2015 11:54 AM, Milan Kubík wrote:

On 09/14/2015 10:10 AM, Lenka Doudova wrote:

NACK because:

$ pep8 ipatests/test_xmlrpc/test_certprofile_plugin.py
ipatests/test_xmlrpc/test_certprofile_plugin.py:213:8: E121 
continuation line under-indented for hanging indent


(just a missing space in the indent)

Lenka

On 09/11/2015 01:47 PM, Milan Kubík wrote:

On 09/11/2015 12:43 PM, Lenka Doudova wrote:





On 09/11/2015 11:45 AM, Milan Kubík wrote:


On 09/11/2015 10:27 AM, Martin Basti wrote:






On 09/11/2015 09:51 AM, Lenka Doudova wrote:






On 09/10/2015 02:11 PM, Milan Kubík wrote:


On 09/04/2015 03:57 PM, Martin Babinsky wrote:


On 09/04/2015 11:06 AM, Lenka Doudova wrote:




Hi,







there's no traceback in the file you mentioned, but I'm 
running it




through lite-server, so here's the traceback from there:



http://pastebin.test.redhat.com/310598







I can't really get to the problem. What I forgot to mention 
in the




previous email was that the tests fail when attempting to add a



certprofile, but if I try to do is manually using 'ipa



certprofile-import' command with the exact same data as used 
in the




test, it works fine.







Lenka








Do you get the traceback also when you run the tests using

'ipa-run-tests' with installed IPA master?












Hello,



I don't think it is possible to run these tests against the lite
server. Please do it on regular installation.



Anyway, sorry for the long delay. I send the updated patches.

I updated them to reflect the fix for rename option and extended
about test with importing a profile from XML file. The test case
may need to be updated, based on the resolution of [1].

This at the moment raises remote retrieve error (400 from 
dogtag),

I think there should be more clear message (detecting xml).



[1]: https://fedorahosted.org/freeipa/ticket/5294





Cheers,

Milan




Hi,



can't build rpms after applying the patches (namely patch 0009.2):



Module ipatests.test_xmlrpc.utils

ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), 
prepare_config]

Module 'py' has no 'path' member)





Lenka




Do we need new util.py in test_xmlrpc? Why not just add it into
existing ipatests/util.py?






Updated patch attached.

Changes:

content of ipatests.test_xmlrpc.utils moved to ipatests.utils

make-lint updated to ignore py.path submodule




Again got an error:



Module ipatests.test_xmlrpc.test_certprofile_plugin



ipatests/test_xmlrpc/test_certprofile_plugin.py:16: 
[E0611(no-name-in-module), ] No name 'utils' in module 'ipatests')






Probably just extra 's' in:



from ipatests.utils import prepare_config



Lenka



Typo fixed. Removed the py module from the code after an offline 
discussion.

Patch attached.

Milan




Fixed. Patch attached.

Milan




I cannot apply this patch on master branch even with 3-way merge, thus I 
cannot push this, please send rebased patch.


--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-14 Thread Lenka Doudova

NACK because:

$ pep8 ipatests/test_xmlrpc/test_certprofile_plugin.py
ipatests/test_xmlrpc/test_certprofile_plugin.py:213:8: E121 continuation 
line under-indented for hanging indent


(just a missing space in the indent)

Lenka

On 09/11/2015 01:47 PM, Milan Kubík wrote:

On 09/11/2015 12:43 PM, Lenka Doudova wrote:





On 09/11/2015 11:45 AM, Milan Kubík wrote:


On 09/11/2015 10:27 AM, Martin Basti wrote:






On 09/11/2015 09:51 AM, Lenka Doudova wrote:






On 09/10/2015 02:11 PM, Milan Kubík wrote:


On 09/04/2015 03:57 PM, Martin Babinsky wrote:


On 09/04/2015 11:06 AM, Lenka Doudova wrote:




Hi,







there's no traceback in the file you mentioned, but I'm running it



through lite-server, so here's the traceback from there:



http://pastebin.test.redhat.com/310598







I can't really get to the problem. What I forgot to mention in the



previous email was that the tests fail when attempting to add a



certprofile, but if I try to do is manually using 'ipa



certprofile-import' command with the exact same data as used in 
the




test, it works fine.







Lenka








Do you get the traceback also when you run the tests using

'ipa-run-tests' with installed IPA master?












Hello,



I don't think it is possible to run these tests against the lite
server. Please do it on regular installation.



Anyway, sorry for the long delay. I send the updated patches.

I updated them to reflect the fix for rename option and extended
about test with importing a profile from XML file. The test case
may need to be updated, based on the resolution of [1].

This at the moment raises remote retrieve error (400 from dogtag),
I think there should be more clear message (detecting xml).



[1]: https://fedorahosted.org/freeipa/ticket/5294





Cheers,

Milan




Hi,



can't build rpms after applying the patches (namely patch 0009.2):



Module ipatests.test_xmlrpc.utils

ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config]
Module 'py' has no 'path' member)





Lenka




Do we need new util.py in test_xmlrpc? Why not just add it into
existing ipatests/util.py?






Updated patch attached.

Changes:

content of ipatests.test_xmlrpc.utils moved to ipatests.utils

make-lint updated to ignore py.path submodule




Again got an error:



Module ipatests.test_xmlrpc.test_certprofile_plugin



ipatests/test_xmlrpc/test_certprofile_plugin.py:16: 
[E0611(no-name-in-module), ] No name 'utils' in module 'ipatests')






Probably just extra 's' in:



from ipatests.utils import prepare_config



Lenka



Typo fixed. Removed the py module from the code after an offline 
discussion.

Patch attached.

Milan



--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-14 Thread Milan Kubík

On 09/14/2015 10:10 AM, Lenka Doudova wrote:

NACK because:

$ pep8 ipatests/test_xmlrpc/test_certprofile_plugin.py
ipatests/test_xmlrpc/test_certprofile_plugin.py:213:8: E121 
continuation line under-indented for hanging indent


(just a missing space in the indent)

Lenka

On 09/11/2015 01:47 PM, Milan Kubík wrote:

On 09/11/2015 12:43 PM, Lenka Doudova wrote:





On 09/11/2015 11:45 AM, Milan Kubík wrote:


On 09/11/2015 10:27 AM, Martin Basti wrote:






On 09/11/2015 09:51 AM, Lenka Doudova wrote:






On 09/10/2015 02:11 PM, Milan Kubík wrote:


On 09/04/2015 03:57 PM, Martin Babinsky wrote:


On 09/04/2015 11:06 AM, Lenka Doudova wrote:




Hi,







there's no traceback in the file you mentioned, but I'm 
running it




through lite-server, so here's the traceback from there:



http://pastebin.test.redhat.com/310598







I can't really get to the problem. What I forgot to mention in 
the




previous email was that the tests fail when attempting to add a



certprofile, but if I try to do is manually using 'ipa



certprofile-import' command with the exact same data as used 
in the




test, it works fine.







Lenka








Do you get the traceback also when you run the tests using

'ipa-run-tests' with installed IPA master?












Hello,



I don't think it is possible to run these tests against the lite
server. Please do it on regular installation.



Anyway, sorry for the long delay. I send the updated patches.

I updated them to reflect the fix for rename option and extended
about test with importing a profile from XML file. The test case
may need to be updated, based on the resolution of [1].

This at the moment raises remote retrieve error (400 from dogtag),
I think there should be more clear message (detecting xml).



[1]: https://fedorahosted.org/freeipa/ticket/5294





Cheers,

Milan




Hi,



can't build rpms after applying the patches (namely patch 0009.2):



Module ipatests.test_xmlrpc.utils

ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config]
Module 'py' has no 'path' member)





Lenka




Do we need new util.py in test_xmlrpc? Why not just add it into
existing ipatests/util.py?






Updated patch attached.

Changes:

content of ipatests.test_xmlrpc.utils moved to ipatests.utils

make-lint updated to ignore py.path submodule




Again got an error:



Module ipatests.test_xmlrpc.test_certprofile_plugin



ipatests/test_xmlrpc/test_certprofile_plugin.py:16: 
[E0611(no-name-in-module), ] No name 'utils' in module 'ipatests')






Probably just extra 's' in:



from ipatests.utils import prepare_config



Lenka



Typo fixed. Removed the py module from the code after an offline 
discussion.

Patch attached.

Milan




Fixed. Patch attached.

Milan
From fa67fd9f260e644e3b5087bfd71b461b2dbbd349 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= 
Date: Sun, 23 Aug 2015 16:19:59 +0200
Subject: [PATCH] ipatests: Add basic tests for certificate profile plugin

---
 .../test_xmlrpc/data/caIPAserviceCert.xml.tmpl | 619 +
 .../test_xmlrpc/data/caIPAserviceCert_mal.cfg.tmpl | 109 
 .../test_xmlrpc/data/caIPAserviceCert_mod.cfg.tmpl | 109 
 .../data/caIPAserviceCert_mod_mal.cfg.tmpl | 109 
 ipatests/test_xmlrpc/test_certprofile_plugin.py| 203 ++-
 ipatests/util.py   |  10 +
 6 files changed, 1158 insertions(+), 1 deletion(-)
 create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl
 create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mal.cfg.tmpl
 create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mod.cfg.tmpl
 create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mod_mal.cfg.tmpl

diff --git a/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl b/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl
new file mode 100644
index ..99548192346b6105ea4f1a015738bfec612e3acd
--- /dev/null
+++ b/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl
@@ -0,0 +1,619 @@
+
+http://www.w3.org/2005/Atom; id="caIPAserviceCert_xml">
+caEnrollImpl
+IPA-RA Agent-Authenticated Server Certificate Enrollment
+This certificate profile is for enrolling server certificates with IPA-RA agent authentication.
+true
+false
+ipara
+raCertAuth
+
+false
+false
+
+certReqInputImpl
+Certificate Request Input
+
+
+cert_request_type
+Certificate Request Type
+
+
+
+
+cert_request
+Certificate Request
+
+
+
+
+submitterInfoInputImpl
+Requestor Information
+
+
+string
+Requestor Name
+
+
+
+
+string
+Requestor Email
+
+
+
+   

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-11 Thread Lenka Doudova



On 09/10/2015 02:11 PM, Milan Kubík wrote:

On 09/04/2015 03:57 PM, Martin Babinsky wrote:

On 09/04/2015 11:06 AM, Lenka Doudova wrote:


Hi,



there's no traceback in the file you mentioned, but I'm running it

through lite-server, so here's the traceback from there:

http://pastebin.test.redhat.com/310598



I can't really get to the problem. What I forgot to mention in the

previous email was that the tests fail when attempting to add a

certprofile, but if I try to do is manually using 'ipa

certprofile-import' command with the exact same data as used in the

test, it works fine.



Lenka




Do you get the traceback also when you run the tests using
'ipa-run-tests' with installed IPA master?






Hello,

I don't think it is possible to run these tests against the lite 
server. Please do it on regular installation.


Anyway, sorry for the long delay. I send the updated patches.
I updated them to reflect the fix for rename option and extended about 
test with importing a profile from XML file. The test case may need to 
be updated, based on the resolution of [1].
This at the moment raises remote retrieve error (400 from dogtag), I 
think there should be more clear message (detecting xml).


[1]: https://fedorahosted.org/freeipa/ticket/5294


Cheers,
Milan


Hi,

can't build rpms after applying the patches (namely patch 0009.2):

Module ipatests.test_xmlrpc.utils
ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] 
Module 'py' has no 'path' member)



Lenka

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-11 Thread Martin Basti



On 09/11/2015 09:51 AM, Lenka Doudova wrote:



On 09/10/2015 02:11 PM, Milan Kubík wrote:

On 09/04/2015 03:57 PM, Martin Babinsky wrote:

On 09/04/2015 11:06 AM, Lenka Doudova wrote:


Hi,



there's no traceback in the file you mentioned, but I'm running it

through lite-server, so here's the traceback from there:

http://pastebin.test.redhat.com/310598



I can't really get to the problem. What I forgot to mention in the

previous email was that the tests fail when attempting to add a

certprofile, but if I try to do is manually using 'ipa

certprofile-import' command with the exact same data as used in the

test, it works fine.



Lenka




Do you get the traceback also when you run the tests using
'ipa-run-tests' with installed IPA master?






Hello,

I don't think it is possible to run these tests against the lite 
server. Please do it on regular installation.


Anyway, sorry for the long delay. I send the updated patches.
I updated them to reflect the fix for rename option and extended 
about test with importing a profile from XML file. The test case may 
need to be updated, based on the resolution of [1].
This at the moment raises remote retrieve error (400 from dogtag), I 
think there should be more clear message (detecting xml).


[1]: https://fedorahosted.org/freeipa/ticket/5294


Cheers,
Milan


Hi,

can't build rpms after applying the patches (namely patch 0009.2):

Module ipatests.test_xmlrpc.utils
ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] 
Module 'py' has no 'path' member)



Lenka

Do we need new util.py in test_xmlrpc? Why not just add it into existing 
ipatests/util.py?



--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-11 Thread Milan Kubík

On 09/11/2015 10:27 AM, Martin Basti wrote:



On 09/11/2015 09:51 AM, Lenka Doudova wrote:



On 09/10/2015 02:11 PM, Milan Kubík wrote:

On 09/04/2015 03:57 PM, Martin Babinsky wrote:

On 09/04/2015 11:06 AM, Lenka Doudova wrote:


Hi,



there's no traceback in the file you mentioned, but I'm running it

through lite-server, so here's the traceback from there:

http://pastebin.test.redhat.com/310598



I can't really get to the problem. What I forgot to mention in the

previous email was that the tests fail when attempting to add a

certprofile, but if I try to do is manually using 'ipa

certprofile-import' command with the exact same data as used in the

test, it works fine.



Lenka




Do you get the traceback also when you run the tests using
'ipa-run-tests' with installed IPA master?






Hello,

I don't think it is possible to run these tests against the lite 
server. Please do it on regular installation.


Anyway, sorry for the long delay. I send the updated patches.
I updated them to reflect the fix for rename option and extended 
about test with importing a profile from XML file. The test case may 
need to be updated, based on the resolution of [1].
This at the moment raises remote retrieve error (400 from dogtag), I 
think there should be more clear message (detecting xml).


[1]: https://fedorahosted.org/freeipa/ticket/5294


Cheers,
Milan


Hi,

can't build rpms after applying the patches (namely patch 0009.2):

Module ipatests.test_xmlrpc.utils
ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] 
Module 'py' has no 'path' member)



Lenka

Do we need new util.py in test_xmlrpc? Why not just add it into 
existing ipatests/util.py?




I will move it there.

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-11 Thread Milan Kubík

On 09/11/2015 10:27 AM, Martin Basti wrote:



On 09/11/2015 09:51 AM, Lenka Doudova wrote:



On 09/10/2015 02:11 PM, Milan Kubík wrote:

On 09/04/2015 03:57 PM, Martin Babinsky wrote:

On 09/04/2015 11:06 AM, Lenka Doudova wrote:


Hi,



there's no traceback in the file you mentioned, but I'm running it

through lite-server, so here's the traceback from there:

http://pastebin.test.redhat.com/310598



I can't really get to the problem. What I forgot to mention in the

previous email was that the tests fail when attempting to add a

certprofile, but if I try to do is manually using 'ipa

certprofile-import' command with the exact same data as used in the

test, it works fine.



Lenka




Do you get the traceback also when you run the tests using
'ipa-run-tests' with installed IPA master?






Hello,

I don't think it is possible to run these tests against the lite 
server. Please do it on regular installation.


Anyway, sorry for the long delay. I send the updated patches.
I updated them to reflect the fix for rename option and extended 
about test with importing a profile from XML file. The test case may 
need to be updated, based on the resolution of [1].
This at the moment raises remote retrieve error (400 from dogtag), I 
think there should be more clear message (detecting xml).


[1]: https://fedorahosted.org/freeipa/ticket/5294


Cheers,
Milan


Hi,

can't build rpms after applying the patches (namely patch 0009.2):

Module ipatests.test_xmlrpc.utils
ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] 
Module 'py' has no 'path' member)



Lenka

Do we need new util.py in test_xmlrpc? Why not just add it into 
existing ipatests/util.py?




Updated patch attached.
Changes:
content of ipatests.test_xmlrpc.utils moved to ipatests.utils
make-lint updated to ignore py.path submodule
From a01d9bb444f9ecbb6a8d0b99b5ea4eff905bb908 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= 
Date: Sun, 23 Aug 2015 16:19:59 +0200
Subject: [PATCH] ipatests: Add basic tests for certificate profile plugin

---
 .../test_xmlrpc/data/caIPAserviceCert.xml.tmpl | 619 +
 .../test_xmlrpc/data/caIPAserviceCert_mal.cfg.tmpl | 109 
 .../test_xmlrpc/data/caIPAserviceCert_mod.cfg.tmpl | 109 
 .../data/caIPAserviceCert_mod_mal.cfg.tmpl | 109 
 ipatests/test_xmlrpc/test_certprofile_plugin.py| 203 ++-
 ipatests/util.py   |  13 +
 make-lint  |   1 +
 7 files changed, 1162 insertions(+), 1 deletion(-)
 create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl
 create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mal.cfg.tmpl
 create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mod.cfg.tmpl
 create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mod_mal.cfg.tmpl

diff --git a/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl b/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl
new file mode 100644
index ..99548192346b6105ea4f1a015738bfec612e3acd
--- /dev/null
+++ b/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl
@@ -0,0 +1,619 @@
+
+http://www.w3.org/2005/Atom; id="caIPAserviceCert_xml">
+caEnrollImpl
+IPA-RA Agent-Authenticated Server Certificate Enrollment
+This certificate profile is for enrolling server certificates with IPA-RA agent authentication.
+true
+false
+ipara
+raCertAuth
+
+false
+false
+
+certReqInputImpl
+Certificate Request Input
+
+
+cert_request_type
+Certificate Request Type
+
+
+
+
+cert_request
+Certificate Request
+
+
+
+
+submitterInfoInputImpl
+Requestor Information
+
+
+string
+Requestor Name
+
+
+
+
+string
+Requestor Email
+
+
+
+
+string
+Requestor Phone
+
+
+
+
+Certificate Output
+certOutputImpl
+
+
+pretty_print
+Certificate Pretty Print
+
+
+
+
+pretty_print
+Certificate Base-64 Encoded
+
+
+
+
+
+serverCertSet
+
+
+This default populates a Certificate Subject Name to the request. The default values are Subject Name=CN=$request.req_subject_name.cn$, O=ABC.IDM.LAB.ENG.BRQ.REDHAT.COM
+
+
+string
+Subject Name
+
+
+

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-11 Thread Milan Kubík

On 09/11/2015 12:43 PM, Lenka Doudova wrote:





On 09/11/2015 11:45 AM, Milan Kubík wrote:


On 09/11/2015 10:27 AM, Martin Basti wrote:






On 09/11/2015 09:51 AM, Lenka Doudova wrote:






On 09/10/2015 02:11 PM, Milan Kubík wrote:


On 09/04/2015 03:57 PM, Martin Babinsky wrote:


On 09/04/2015 11:06 AM, Lenka Doudova wrote:




Hi,







there's no traceback in the file you mentioned, but I'm running it



through lite-server, so here's the traceback from there:



http://pastebin.test.redhat.com/310598







I can't really get to the problem. What I forgot to mention in the



previous email was that the tests fail when attempting to add a



certprofile, but if I try to do is manually using 'ipa



certprofile-import' command with the exact same data as used in the



test, it works fine.







Lenka








Do you get the traceback also when you run the tests using

'ipa-run-tests' with installed IPA master?












Hello,



I don't think it is possible to run these tests against the lite
server. Please do it on regular installation.



Anyway, sorry for the long delay. I send the updated patches.

I updated them to reflect the fix for rename option and extended
about test with importing a profile from XML file. The test case
may need to be updated, based on the resolution of [1].

This at the moment raises remote retrieve error (400 from dogtag),
I think there should be more clear message (detecting xml).



[1]: https://fedorahosted.org/freeipa/ticket/5294





Cheers,

Milan




Hi,



can't build rpms after applying the patches (namely patch 0009.2):



Module ipatests.test_xmlrpc.utils

ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config]
Module 'py' has no 'path' member)





Lenka




Do we need new util.py in test_xmlrpc? Why not just add it into
existing ipatests/util.py?






Updated patch attached.

Changes:

content of ipatests.test_xmlrpc.utils moved to ipatests.utils

make-lint updated to ignore py.path submodule




Again got an error:



Module ipatests.test_xmlrpc.test_certprofile_plugin



ipatests/test_xmlrpc/test_certprofile_plugin.py:16: 
[E0611(no-name-in-module), ] No name 'utils' in module 'ipatests')






Probably just extra 's' in:



from ipatests.utils import prepare_config



Lenka




Typo fixed. Removed the py module from the code after an offline discussion.
Patch attached.

Milan

From b21dbf8e4ce6215f1bd06b250c48d826372e354b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= 
Date: Sun, 23 Aug 2015 16:19:59 +0200
Subject: [PATCH] ipatests: Add basic tests for certificate profile plugin

---
 .../test_xmlrpc/data/caIPAserviceCert.xml.tmpl | 619 +
 .../test_xmlrpc/data/caIPAserviceCert_mal.cfg.tmpl | 109 
 .../test_xmlrpc/data/caIPAserviceCert_mod.cfg.tmpl | 109 
 .../data/caIPAserviceCert_mod_mal.cfg.tmpl | 109 
 ipatests/test_xmlrpc/test_certprofile_plugin.py| 203 ++-
 ipatests/util.py   |  10 +
 6 files changed, 1158 insertions(+), 1 deletion(-)
 create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl
 create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mal.cfg.tmpl
 create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mod.cfg.tmpl
 create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mod_mal.cfg.tmpl

diff --git a/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl b/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl
new file mode 100644
index ..99548192346b6105ea4f1a015738bfec612e3acd
--- /dev/null
+++ b/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl
@@ -0,0 +1,619 @@
+
+http://www.w3.org/2005/Atom; id="caIPAserviceCert_xml">
+caEnrollImpl
+IPA-RA Agent-Authenticated Server Certificate Enrollment
+This certificate profile is for enrolling server certificates with IPA-RA agent authentication.
+true
+false
+ipara
+raCertAuth
+
+false
+false
+
+certReqInputImpl
+Certificate Request Input
+
+
+cert_request_type
+Certificate Request Type
+
+
+
+
+cert_request
+Certificate Request
+
+
+
+
+submitterInfoInputImpl
+Requestor Information
+
+
+string
+Requestor Name
+
+
+
+
+string
+Requestor Email
+
+
+
+
+string
+Requestor Phone
+
+
+
+
+Certificate Output
+certOutputImpl
+
+
+pretty_print
+Certificate Pretty Print
+
+
+
+
+pretty_print
+Certificate 

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-11 Thread Lenka Doudova



On 09/11/2015 11:45 AM, Milan Kubík wrote:

On 09/11/2015 10:27 AM, Martin Basti wrote:



On 09/11/2015 09:51 AM, Lenka Doudova wrote:



On 09/10/2015 02:11 PM, Milan Kubík wrote:

On 09/04/2015 03:57 PM, Martin Babinsky wrote:

On 09/04/2015 11:06 AM, Lenka Doudova wrote:


Hi,



there's no traceback in the file you mentioned, but I'm running it

through lite-server, so here's the traceback from there:

http://pastebin.test.redhat.com/310598



I can't really get to the problem. What I forgot to mention in the

previous email was that the tests fail when attempting to add a

certprofile, but if I try to do is manually using 'ipa

certprofile-import' command with the exact same data as used in the

test, it works fine.



Lenka




Do you get the traceback also when you run the tests using
'ipa-run-tests' with installed IPA master?






Hello,

I don't think it is possible to run these tests against the lite 
server. Please do it on regular installation.


Anyway, sorry for the long delay. I send the updated patches.
I updated them to reflect the fix for rename option and extended 
about test with importing a profile from XML file. The test case 
may need to be updated, based on the resolution of [1].
This at the moment raises remote retrieve error (400 from dogtag), 
I think there should be more clear message (detecting xml).


[1]: https://fedorahosted.org/freeipa/ticket/5294


Cheers,
Milan


Hi,

can't build rpms after applying the patches (namely patch 0009.2):

Module ipatests.test_xmlrpc.utils
ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] 
Module 'py' has no 'path' member)



Lenka

Do we need new util.py in test_xmlrpc? Why not just add it into 
existing ipatests/util.py?




Updated patch attached.
Changes:
content of ipatests.test_xmlrpc.utils moved to ipatests.utils
make-lint updated to ignore py.path submodule


Again got an error:

Module ipatests.test_xmlrpc.test_certprofile_plugin

ipatests/test_xmlrpc/test_certprofile_plugin.py:16: [E0611(no-name-in-module), 
] No name 'utils' in module 'ipatests')


Probably just extra 's' in:

from ipatests.utils import prepare_config

Lenka

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-10 Thread Milan Kubík

On 09/04/2015 03:57 PM, Martin Babinsky wrote:

On 09/04/2015 11:06 AM, Lenka Doudova wrote:


Hi,



there's no traceback in the file you mentioned, but I'm running it

through lite-server, so here's the traceback from there:

http://pastebin.test.redhat.com/310598



I can't really get to the problem. What I forgot to mention in the

previous email was that the tests fail when attempting to add a

certprofile, but if I try to do is manually using 'ipa

certprofile-import' command with the exact same data as used in the

test, it works fine.



Lenka




Do you get the traceback also when you run the tests using
'ipa-run-tests' with installed IPA master?






Hello,

I don't think it is possible to run these tests against the lite server. 
Please do it on regular installation.


Anyway, sorry for the long delay. I send the updated patches.
I updated them to reflect the fix for rename option and extended about 
test with importing a profile from XML file. The test case may need to 
be updated, based on the resolution of [1].
This at the moment raises remote retrieve error (400 from dogtag), I 
think there should be more clear message (detecting xml).


[1]: https://fedorahosted.org/freeipa/ticket/5294


Cheers,
Milan
From 9525be865f96b6dff2b6d4e229b88a04bf6f9ff0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= 
Date: Wed, 10 Jun 2015 14:48:33 +0200
Subject: [PATCH 1/5] ipatests: Add Certprofile tracker class implementation

https://fedorahosted.org/freeipa/ticket/57
---
 ipatests/test_xmlrpc/objectclasses.py   |   5 +
 ipatests/test_xmlrpc/test_certprofile_plugin.py | 140 
 2 files changed, 145 insertions(+)
 create mode 100644 ipatests/test_xmlrpc/test_certprofile_plugin.py

diff --git a/ipatests/test_xmlrpc/objectclasses.py b/ipatests/test_xmlrpc/objectclasses.py
index a5c1b4c501cd28049b29cfc5e55ae745d91dc5bf..1cd77c7f885fe408d0d9d48fc6d8284900c91b7f 100644
--- a/ipatests/test_xmlrpc/objectclasses.py
+++ b/ipatests/test_xmlrpc/objectclasses.py
@@ -212,3 +212,8 @@ servicedelegationtarget = [
 u'top',
 u'groupofprincipals',
 ]
+
+certprofile = [
+u'top',
+u'ipacertprofile',
+]
diff --git a/ipatests/test_xmlrpc/test_certprofile_plugin.py b/ipatests/test_xmlrpc/test_certprofile_plugin.py
new file mode 100644
index ..8fd81bc3f0cc7896adb9fdb6904ace1e7ebc52b3
--- /dev/null
+++ b/ipatests/test_xmlrpc/test_certprofile_plugin.py
@@ -0,0 +1,140 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+"""
+Test the `ipalib.plugins.certprofile` module.
+"""
+
+import os
+
+import pytest
+
+from ipalib import errors
+from ipapython.dn import DN
+from ipatests.test_xmlrpc.ldaptracker import Tracker
+from ipatests.test_xmlrpc.xmlrpc_test import XMLRPC_test, raises_exact
+from ipatests.test_xmlrpc import objectclasses
+from ipatests.util import assert_deepequal
+
+
+class CertprofileTracker(Tracker):
+"""Tracker class for certprofile plugin.
+"""
+
+retrieve_keys = {
+'dn', 'cn', 'description', 'ipacertprofilestoreissued'
+}
+retrieve_all_keys = retrieve_keys | {'objectclass'}
+create_keys = retrieve_keys | {'objectclass'}
+update_keys = retrieve_keys - {'dn'}
+managedby_keys = retrieve_keys
+allowedto_keys = retrieve_keys
+
+def __init__(self, name, store=False, desc='dummy description',
+ profile=None, default_version=None):
+super(CertprofileTracker, self).__init__(
+default_version=default_version
+)
+
+self.store = store
+self.description = desc
+self._profile_path = profile
+
+self.dn = DN(('cn', name), 'cn=certprofiles', 'cn=ca',
+ self.api.env.basedn)
+
+@property
+def profile(self):
+if not self._profile_path:
+return None
+
+if os.path.isabs(self._profile_path):
+path = self._profile_path
+else:
+path = os.path.join(os.path.dirname(__file__),
+self._profile_path)
+
+with open(path, 'r') as f:
+content = f.read()
+return unicode(content)
+
+def make_create_command(self, force=True):
+if not self.profile:
+raise RuntimeError('Tracker object without path to profile '
+   'cannot be used to create profile entry.')
+
+return self.make_command('certprofile_import', self.name,
+ description=self.description,
+ ipacertprofilestoreissued=self.store,
+ file=self.profile)
+
+def check_create(self, result):
+assert_deepequal(dict(
+value=self.name,
+summary=u'Imported profile "{}"'.format(self.name),
+result=dict(self.filter_attrs(self.create_keys))
+), result)
+
+def 

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-04 Thread Lenka Doudova

Hi,

there's no traceback in the file you mentioned, but I'm running it 
through lite-server, so here's the traceback from there:

http://pastebin.test.redhat.com/310598

I can't really get to the problem. What I forgot to mention in the 
previous email was that the tests fail when attempting to add a 
certprofile, but if I try to do is manually using 'ipa 
certprofile-import' command with the exact same data as used in the 
test, it works fine.


Lenka

On 09/03/2015 02:35 PM, Tomas Babej wrote:


On 09/03/2015 01:40 PM, Lenka Doudova wrote:

Hi,

I took a look at it at Milan's request.

patch 0008 - tracker looks ok, ACK
patch 0009 - test cases look ok as well, but can't get it to run, 10 out
of 14 tests fail, starting with internal error, which I haven't been
able to track down, nor fix it.

You can investigate the internal error by inspecting the
/var/log/httpd/error_log on the IPA server that executed the command.

There should be a traceback.


Lenka

=== FAILURES
===
 TestProfileCRUD.test_create_duplicate
_

self = 
user_profile =


 def test_create_duplicate(self, user_profile):
 msg = u'Certificate Profile with name "{}" already exists'

   user_profile.ensure_exists()

ipatests/test_xmlrpc/test_certprofile_plugin.py:178:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _
ipatests/test_xmlrpc/ldaptracker.py:169: in ensure_exists
 self.create(force=True)
ipatests/test_xmlrpc/ldaptracker.py:206: in create
 result = command()
ipatests/test_xmlrpc/ldaptracker.py:127: in run_command
 result = cmd(*args, **options)
ipalib/frontend.py:443: in __call__
 ret = self.run(*args, **options)
ipalib/frontend.py:761: in run
 return self.forward(*args, **options)
ipalib/frontend.py:782: in forward
 return self.Backend.rpcclient.forward(self.name, *args, **kw)
ipalib/rpc.py:947: in forward
 return self._call_command(command, params)
ipalib/rpc.py:924: in _call_command
 return command(*params)
ipalib/rpc.py:1075: in _call
 return self.__request(name, args)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _

self = 
name = 'certprofile_import'
args = (('caIPAserviceCert_mod',), {'all': False, 'description':
'Storing copy of a profile', 'file': 'profileId=caIPAservice...sion Default
policyset.serverCertSet.11.default.params.userExtOID=2.5.29.17
', 'ipacertprofilestoreissued': True, ...})

 def __request(self, name, args):
 payload = {'method': unicode(name), 'params': args, 'id': 0}
 version = args[1].get('version', VERSION_WITHOUT_CAPABILITIES)
 payload = json_encode_binary(payload, version)

 if self.__verbose >= 2:

 root_logger.info('Request: %s',
  json.dumps(payload, sort_keys=True, indent=4))

 response = self.__transport.request(

 self.__host,
 self.__handler,
 json.dumps(payload),
 verbose=self.__verbose >= 3,
 )

 try:

 response = json_decode_binary(json.loads(response))
 except ValueError as e:
 raise JSONError(str(e))

 if self.__verbose >= 2:

 root_logger.info(
 'Response: %s',
 json.dumps(json_encode_binary(response, version),
sort_keys=True, indent=4)
 )
 error = response.get('error')
 if error:
 try:
 error_class = errors_by_code[error['code']]
 except KeyError:
 raise UnknownError(
 code=error.get('code'),
 error=error.get('message'),
 server=self.__host,
 )
 else:

   raise error_class(message=error['message'])

E   InternalError: an internal error has occurred




On 08/31/2015 03:25 PM, Fraser Tweedale wrote:

On Mon, Aug 31, 2015 at 12:24:13PM +0200, Martin Basti wrote:

On 08/18/2015 04:06 PM, Milan Kubík wrote:

On 08/11/2015 03:17 AM, Fraser Tweedale wrote:

On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote:

On 08/05/2015 02:57 PM, Milan Kubík wrote:

Hi list,

I'm sending the test plan [1] for certificate profiles and preliminary
patches for it.
The plan covers basic CRUD test and some corner cases. I'm open to
more
suggestions.

More complicated tests involving certificate profiles will require the
code (and tests)
for CA ACLs merged, so it's not there at the moment.

There are some unfinished test cases in places I wasn't sure what the
result should be.
We need to iterate through these to fix it.


[1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan

Cheers,
Milan

Hi all,

have you had some time to look at the code and proposal?
Today I want to write a basic CRUD test for the ACLs as 

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-04 Thread Martin Babinsky

On 09/04/2015 11:06 AM, Lenka Doudova wrote:

Hi,

there's no traceback in the file you mentioned, but I'm running it
through lite-server, so here's the traceback from there:
http://pastebin.test.redhat.com/310598

I can't really get to the problem. What I forgot to mention in the
previous email was that the tests fail when attempting to add a
certprofile, but if I try to do is manually using 'ipa
certprofile-import' command with the exact same data as used in the
test, it works fine.

Lenka

Do you get the traceback also when you run the tests using 
'ipa-run-tests' with installed IPA master?


--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-03 Thread Lenka Doudova

Hi,

I took a look at it at Milan's request.

patch 0008 - tracker looks ok, ACK
patch 0009 - test cases look ok as well, but can't get it to run, 10 out 
of 14 tests fail, starting with internal error, which I haven't been 
able to track down, nor fix it.


Lenka

=== FAILURES 
===
 TestProfileCRUD.test_create_duplicate 
_


self = object at 0x7f36459e7110>
user_profile = 
at 0x7f36459e73d0>


def test_create_duplicate(self, user_profile):
msg = u'Certificate Profile with name "{}" already exists'
>   user_profile.ensure_exists()

ipatests/test_xmlrpc/test_certprofile_plugin.py:178:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _

ipatests/test_xmlrpc/ldaptracker.py:169: in ensure_exists
self.create(force=True)
ipatests/test_xmlrpc/ldaptracker.py:206: in create
result = command()
ipatests/test_xmlrpc/ldaptracker.py:127: in run_command
result = cmd(*args, **options)
ipalib/frontend.py:443: in __call__
ret = self.run(*args, **options)
ipalib/frontend.py:761: in run
return self.forward(*args, **options)
ipalib/frontend.py:782: in forward
return self.Backend.rpcclient.forward(self.name, *args, **kw)
ipalib/rpc.py:947: in forward
return self._call_command(command, params)
ipalib/rpc.py:924: in _call_command
return command(*params)
ipalib/rpc.py:1075: in _call
return self.__request(name, args)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _


self = 
name = 'certprofile_import'
args = (('caIPAserviceCert_mod',), {'all': False, 'description': 
'Storing copy of a profile', 'file': 'profileId=caIPAservice...sion Default

policyset.serverCertSet.11.default.params.userExtOID=2.5.29.17
', 'ipacertprofilestoreissued': True, ...})

def __request(self, name, args):
payload = {'method': unicode(name), 'params': args, 'id': 0}
version = args[1].get('version', VERSION_WITHOUT_CAPABILITIES)
payload = json_encode_binary(payload, version)

if self.__verbose >= 2:
root_logger.info('Request: %s',
 json.dumps(payload, sort_keys=True, indent=4))

response = self.__transport.request(
self.__host,
self.__handler,
json.dumps(payload),
verbose=self.__verbose >= 3,
)

try:
response = json_decode_binary(json.loads(response))
except ValueError as e:
raise JSONError(str(e))

if self.__verbose >= 2:
root_logger.info(
'Response: %s',
json.dumps(json_encode_binary(response, version),
   sort_keys=True, indent=4)
)
error = response.get('error')
if error:
try:
error_class = errors_by_code[error['code']]
except KeyError:
raise UnknownError(
code=error.get('code'),
error=error.get('message'),
server=self.__host,
)
else:
>   raise error_class(message=error['message'])
E   InternalError: an internal error has occurred




On 08/31/2015 03:25 PM, Fraser Tweedale wrote:

On Mon, Aug 31, 2015 at 12:24:13PM +0200, Martin Basti wrote:


On 08/18/2015 04:06 PM, Milan Kubík wrote:

On 08/11/2015 03:17 AM, Fraser Tweedale wrote:

On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote:

On 08/05/2015 02:57 PM, Milan Kubík wrote:

Hi list,

I'm sending the test plan [1] for certificate profiles and preliminary
patches for it.
The plan covers basic CRUD test and some corner cases. I'm open to
more
suggestions.

More complicated tests involving certificate profiles will require the
code (and tests)
for CA ACLs merged, so it's not there at the moment.

There are some unfinished test cases in places I wasn't sure what the
result should be.
We need to iterate through these to fix it.


[1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan

Cheers,
Milan

Hi all,

have you had some time to look at the code and proposal?
Today I want to write a basic CRUD test for the ACLs as well as a few
test
cases to check if the ACL is being enforced. It should make it into
wiki
today or by tomorrow. I'll send an update then.

Cheers,
Milan


Hi Milan,

I have reviewed the V4/Certificate_Profiles/Test_Plan.  Couple of
comments:

- Test case: Import profile with incorrect values
   - Expected result: refused with error.
   - A simple way to provoke this condition is to add a number to
 ``policyset.serverCertSet.list``.
   - A similar test case should exist for certprofile-mod.

- Test case: Delete default profile
   - As discussed elsewhere, expected result should be failure.
 I filed ticket #5198 to make it so :)

I will review the patch soon.

Cheers,
Fraser

Hello,

how is the review 

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-03 Thread Tomas Babej


On 09/03/2015 01:40 PM, Lenka Doudova wrote:
> Hi,
> 
> I took a look at it at Milan's request.
> 
> patch 0008 - tracker looks ok, ACK
> patch 0009 - test cases look ok as well, but can't get it to run, 10 out
> of 14 tests fail, starting with internal error, which I haven't been
> able to track down, nor fix it.

You can investigate the internal error by inspecting the
/var/log/httpd/error_log on the IPA server that executed the command.

There should be a traceback.

> 
> Lenka
> 
> === FAILURES
> ===
>  TestProfileCRUD.test_create_duplicate
> _
> 
> self =  object at 0x7f36459e7110>
> user_profile =
>  at 0x7f36459e73d0>
> 
> def test_create_duplicate(self, user_profile):
> msg = u'Certificate Profile with name "{}" already exists'
>>   user_profile.ensure_exists()
> 
> ipatests/test_xmlrpc/test_certprofile_plugin.py:178:
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> _ _ _ _
> ipatests/test_xmlrpc/ldaptracker.py:169: in ensure_exists
> self.create(force=True)
> ipatests/test_xmlrpc/ldaptracker.py:206: in create
> result = command()
> ipatests/test_xmlrpc/ldaptracker.py:127: in run_command
> result = cmd(*args, **options)
> ipalib/frontend.py:443: in __call__
> ret = self.run(*args, **options)
> ipalib/frontend.py:761: in run
> return self.forward(*args, **options)
> ipalib/frontend.py:782: in forward
> return self.Backend.rpcclient.forward(self.name, *args, **kw)
> ipalib/rpc.py:947: in forward
> return self._call_command(command, params)
> ipalib/rpc.py:924: in _call_command
> return command(*params)
> ipalib/rpc.py:1075: in _call
> return self.__request(name, args)
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> _ _ _ _
> 
> self = 
> name = 'certprofile_import'
> args = (('caIPAserviceCert_mod',), {'all': False, 'description':
> 'Storing copy of a profile', 'file': 'profileId=caIPAservice...sion Default
> policyset.serverCertSet.11.default.params.userExtOID=2.5.29.17
> ', 'ipacertprofilestoreissued': True, ...})
> 
> def __request(self, name, args):
> payload = {'method': unicode(name), 'params': args, 'id': 0}
> version = args[1].get('version', VERSION_WITHOUT_CAPABILITIES)
> payload = json_encode_binary(payload, version)
>
> if self.__verbose >= 2:
> root_logger.info('Request: %s',
>  json.dumps(payload, sort_keys=True, indent=4))
>
> response = self.__transport.request(
> self.__host,
> self.__handler,
> json.dumps(payload),
> verbose=self.__verbose >= 3,
> )
>
> try:
> response = json_decode_binary(json.loads(response))
> except ValueError as e:
> raise JSONError(str(e))
>
> if self.__verbose >= 2:
> root_logger.info(
> 'Response: %s',
> json.dumps(json_encode_binary(response, version),
>sort_keys=True, indent=4)
> )
> error = response.get('error')
> if error:
> try:
> error_class = errors_by_code[error['code']]
> except KeyError:
> raise UnknownError(
> code=error.get('code'),
> error=error.get('message'),
> server=self.__host,
> )
> else:
>>   raise error_class(message=error['message'])
> E   InternalError: an internal error has occurred
> 
> 
> 
> 
> On 08/31/2015 03:25 PM, Fraser Tweedale wrote:
>> On Mon, Aug 31, 2015 at 12:24:13PM +0200, Martin Basti wrote:
>>>
>>> On 08/18/2015 04:06 PM, Milan Kubík wrote:
 On 08/11/2015 03:17 AM, Fraser Tweedale wrote:
> On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote:
>> On 08/05/2015 02:57 PM, Milan Kubík wrote:
>>> Hi list,
>>>
>>> I'm sending the test plan [1] for certificate profiles and preliminary
>>> patches for it.
>>> The plan covers basic CRUD test and some corner cases. I'm open to
>>> more
>>> suggestions.
>>>
>>> More complicated tests involving certificate profiles will require the
>>> code (and tests)
>>> for CA ACLs merged, so it's not there at the moment.
>>>
>>> There are some unfinished test cases in places I wasn't sure what the
>>> result should be.
>>> We need to iterate through these to fix it.
>>>
>>>
>>> [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan
>>>
>>> Cheers,
>>> Milan
>> Hi all,
>>
>> have you had some time to look at the code and proposal?
>> Today I want to write a basic CRUD test for the ACLs as well as a few
>> test
>> cases to check if the ACL is being enforced. It should make it into
>> 

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-09-03 Thread Martin Basti



On 09/03/2015 01:40 PM, Lenka Doudova wrote:

Hi,

I took a look at it at Milan's request.

patch 0008 - tracker looks ok, ACK
patch 0009 - test cases look ok as well, but can't get it to run, 10 
out of 14 tests fail, starting with internal error, which I haven't 
been able to track down, nor fix it.


Can you check /var/log/httpr/errors_log what the internal error is?

Martin^2


Lenka

=== FAILURES 
===
 TestProfileCRUD.test_create_duplicate 
_


self = object at 0x7f36459e7110>
user_profile = 
object at 0x7f36459e73d0>


def test_create_duplicate(self, user_profile):
msg = u'Certificate Profile with name "{}" already exists'
>   user_profile.ensure_exists()

ipatests/test_xmlrpc/test_certprofile_plugin.py:178:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _

ipatests/test_xmlrpc/ldaptracker.py:169: in ensure_exists
self.create(force=True)
ipatests/test_xmlrpc/ldaptracker.py:206: in create
result = command()
ipatests/test_xmlrpc/ldaptracker.py:127: in run_command
result = cmd(*args, **options)
ipalib/frontend.py:443: in __call__
ret = self.run(*args, **options)
ipalib/frontend.py:761: in run
return self.forward(*args, **options)
ipalib/frontend.py:782: in forward
return self.Backend.rpcclient.forward(self.name, *args, **kw)
ipalib/rpc.py:947: in forward
return self._call_command(command, params)
ipalib/rpc.py:924: in _call_command
return command(*params)
ipalib/rpc.py:1075: in _call
return self.__request(name, args)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _


self = 
name = 'certprofile_import'
args = (('caIPAserviceCert_mod',), {'all': False, 'description': 
'Storing copy of a profile', 'file': 'profileId=caIPAservice...sion 
Default

policyset.serverCertSet.11.default.params.userExtOID=2.5.29.17
', 'ipacertprofilestoreissued': True, ...})

def __request(self, name, args):
payload = {'method': unicode(name), 'params': args, 'id': 0}
version = args[1].get('version', VERSION_WITHOUT_CAPABILITIES)
payload = json_encode_binary(payload, version)

if self.__verbose >= 2:
root_logger.info('Request: %s',
 json.dumps(payload, sort_keys=True, 
indent=4))


response = self.__transport.request(
self.__host,
self.__handler,
json.dumps(payload),
verbose=self.__verbose >= 3,
)

try:
response = json_decode_binary(json.loads(response))
except ValueError as e:
raise JSONError(str(e))

if self.__verbose >= 2:
root_logger.info(
'Response: %s',
json.dumps(json_encode_binary(response, version),
   sort_keys=True, indent=4)
)
error = response.get('error')
if error:
try:
error_class = errors_by_code[error['code']]
except KeyError:
raise UnknownError(
code=error.get('code'),
error=error.get('message'),
server=self.__host,
)
else:
>   raise error_class(message=error['message'])
E   InternalError: an internal error has occurred




On 08/31/2015 03:25 PM, Fraser Tweedale wrote:

On Mon, Aug 31, 2015 at 12:24:13PM +0200, Martin Basti wrote:

On 08/18/2015 04:06 PM, Milan Kubík wrote:

On 08/11/2015 03:17 AM, Fraser Tweedale wrote:

On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote:

On 08/05/2015 02:57 PM, Milan Kubík wrote:

Hi list,

I'm sending the test plan [1] for certificate profiles and preliminary
patches for it.
The plan covers basic CRUD test and some corner cases. I'm open to
more
suggestions.

More complicated tests involving certificate profiles will require the
code (and tests)
for CA ACLs merged, so it's not there at the moment.

There are some unfinished test cases in places I wasn't sure what the
result should be.
We need to iterate through these to fix it.


[1]:http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan

Cheers,
Milan

Hi all,

have you had some time to look at the code and proposal?
Today I want to write a basic CRUD test for the ACLs as well as a few
test
cases to check if the ACL is being enforced. It should make it into
wiki
today or by tomorrow. I'll send an update then.

Cheers,
Milan


Hi Milan,

I have reviewed the V4/Certificate_Profiles/Test_Plan.  Couple of
comments:

- Test case: Import profile with incorrect values
   - Expected result: refused with error.
   - A simple way to provoke this condition is to add a number to
 ``policyset.serverCertSet.list``.
   - A similar test case should exist for certprofile-mod.

- Test case: Delete default profile
   - As discussed elsewhere, expected result 

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-08-31 Thread Martin Basti



On 08/18/2015 04:06 PM, Milan Kubík wrote:

On 08/11/2015 03:17 AM, Fraser Tweedale wrote:

On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote:

On 08/05/2015 02:57 PM, Milan Kubík wrote:

Hi list,

I'm sending the test plan [1] for certificate profiles and preliminary
patches for it.
The plan covers basic CRUD test and some corner cases. I'm open to 
more

suggestions.

More complicated tests involving certificate profiles will require the
code (and tests)
for CA ACLs merged, so it's not there at the moment.

There are some unfinished test cases in places I wasn't sure what the
result should be.
We need to iterate through these to fix it.


[1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan

Cheers,
Milan

Hi all,

have you had some time to look at the code and proposal?
Today I want to write a basic CRUD test for the ACLs as well as a 
few test
cases to check if the ACL is being enforced. It should make it into 
wiki

today or by tomorrow. I'll send an update then.

Cheers,
Milan


Hi Milan,

I have reviewed the V4/Certificate_Profiles/Test_Plan.  Couple of
comments:

- Test case: Import profile with incorrect values
   - Expected result: refused with error.
   - A simple way to provoke this condition is to add a number to
 ``policyset.serverCertSet.list``.
   - A similar test case should exist for certprofile-mod.

- Test case: Delete default profile
   - As discussed elsewhere, expected result should be failure.
 I filed ticket #5198 to make it so :)

I will review the patch soon.

Cheers,
Fraser

Hello,

how is the review going? I'd like to have at least the tracker (patch 
0008)

 reviewed (and merged :) if possible. It will be needed in CA ACL tests.

Cheers,
Milan



Fraser, do you review this patchset?

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


Re: [Freeipa-devel] cert profiles - test plan + patches

2015-08-31 Thread Fraser Tweedale
On Mon, Aug 31, 2015 at 12:24:13PM +0200, Martin Basti wrote:
> 
> 
> On 08/18/2015 04:06 PM, Milan Kubík wrote:
> >On 08/11/2015 03:17 AM, Fraser Tweedale wrote:
> >>On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote:
> >>>On 08/05/2015 02:57 PM, Milan Kubík wrote:
> Hi list,
> 
> I'm sending the test plan [1] for certificate profiles and preliminary
> patches for it.
> The plan covers basic CRUD test and some corner cases. I'm open to
> more
> suggestions.
> 
> More complicated tests involving certificate profiles will require the
> code (and tests)
> for CA ACLs merged, so it's not there at the moment.
> 
> There are some unfinished test cases in places I wasn't sure what the
> result should be.
> We need to iterate through these to fix it.
> 
> 
> [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan
> 
> Cheers,
> Milan
> >>>Hi all,
> >>>
> >>>have you had some time to look at the code and proposal?
> >>>Today I want to write a basic CRUD test for the ACLs as well as a few
> >>>test
> >>>cases to check if the ACL is being enforced. It should make it into
> >>>wiki
> >>>today or by tomorrow. I'll send an update then.
> >>>
> >>>Cheers,
> >>>Milan
> >>>
> >>Hi Milan,
> >>
> >>I have reviewed the V4/Certificate_Profiles/Test_Plan.  Couple of
> >>comments:
> >>
> >>- Test case: Import profile with incorrect values
> >>   - Expected result: refused with error.
> >>   - A simple way to provoke this condition is to add a number to
> >> ``policyset.serverCertSet.list``.
> >>   - A similar test case should exist for certprofile-mod.
> >>
> >>- Test case: Delete default profile
> >>   - As discussed elsewhere, expected result should be failure.
> >> I filed ticket #5198 to make it so :)
> >>
> >>I will review the patch soon.
> >>
> >>Cheers,
> >>Fraser
> >Hello,
> >
> >how is the review going? I'd like to have at least the tracker (patch
> >0008)
> > reviewed (and merged :) if possible. It will be needed in CA ACL tests.
> >
> >Cheers,
> >Milan
> >
> 
> Fraser, do you review this patchset?

This fell off my radar, sorry!  I eyeballed it a while back and
everything seemed fine; I have not (successfully) run the tests yet
though.  I will complete the review tomorrow.

Thanks,
Fraser

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


Re: [Freeipa-devel] cert profiles - test plan + patches

2015-08-18 Thread Milan Kubík

On 08/11/2015 03:17 AM, Fraser Tweedale wrote:

On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote:

On 08/05/2015 02:57 PM, Milan Kubík wrote:

Hi list,

I'm sending the test plan [1] for certificate profiles and preliminary
patches for it.
The plan covers basic CRUD test and some corner cases. I'm open to more
suggestions.

More complicated tests involving certificate profiles will require the
code (and tests)
for CA ACLs merged, so it's not there at the moment.

There are some unfinished test cases in places I wasn't sure what the
result should be.
We need to iterate through these to fix it.


[1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan

Cheers,
Milan

Hi all,

have you had some time to look at the code and proposal?
Today I want to write a basic CRUD test for the ACLs as well as a few test
cases to check if the ACL is being enforced. It should make it into wiki
today or by tomorrow. I'll send an update then.

Cheers,
Milan


Hi Milan,

I have reviewed the V4/Certificate_Profiles/Test_Plan.  Couple of
comments:

- Test case: Import profile with incorrect values
   - Expected result: refused with error.
   - A simple way to provoke this condition is to add a number to
 ``policyset.serverCertSet.list``.
   - A similar test case should exist for certprofile-mod.

- Test case: Delete default profile
   - As discussed elsewhere, expected result should be failure.
 I filed ticket #5198 to make it so :)

I will review the patch soon.

Cheers,
Fraser

Hello,

how is the review going? I'd like to have at least the tracker (patch 0008)
 reviewed (and merged :) if possible. It will be needed in CA ACL tests.

Cheers,
Milan

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


Re: [Freeipa-devel] cert profiles - test plan + patches

2015-08-10 Thread Milan Kubík

Hi,

On 08/10/2015 05:24 PM, Scott Poore wrote:


- Original Message -

From: Milan Kubík mku...@redhat.com
To: freeipa-devel freeipa-devel@redhat.com, Scott Poore spo...@redhat.com, 
Fraser Tweedale
ftwee...@redhat.com
Cc: Namita Soman nso...@redhat.com, Ales Marecek amare...@redhat.com
Sent: Monday, August 10, 2015 4:36:31 AM
Subject: Re: cert profiles - test plan + patches

On 08/05/2015 02:57 PM, Milan Kubík wrote:

Hi list,

I'm sending the test plan [1] for certificate profiles and preliminary
patches for it.
The plan covers basic CRUD test and some corner cases. I'm open to more
suggestions.

More complicated tests involving certificate profiles will require the
code (and tests)
for CA ACLs merged, so it's not there at the moment.

There are some unfinished test cases in places I wasn't sure what the
result should be.
We need to iterate through these to fix it.


[1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan

Cheers,
Milan

Hi all,

have you had some time to look at the code and proposal?
Today I want to write a basic CRUD test for the ACLs as well as a few
test cases to check if the ACL is being enforced. It should make it into
wiki today or by tomorrow. I'll send an update then.

I haven't looked at the actual code yet.  Is it checked into git for freeipa 
yet?

This looks good to me for the basic CRUD tests.   I do have some questions and 
requests.

Existing tests:

* Delete default profile
- Did you find out what the expected result should be?

I reported this when Fraser was implementing the feature. He decided to 
allow this (earlier it has failed).
At the time I didn't suggest otherwise. The design/documentation could 
be more clear on this
as for, is it allowed to delete all profiles? Doing this will break an 
awful lot of things. The same applies to
ACLs as well, Sub CAs later ditto. Deleting the default profile will 
break things even if other profiles

remain as it is a default, when not specified in cert-request.

Fraser, what do you think?

* Try to rename the profile entry
- Can this be renamed to be more specific to trying to rename ldap attr?
- Can we get a new test case to test renaming with certprofile-mod --rename?

ACK

Possible new tests:

* Import a profile in xml
- This should fail and I think is at least in the beginning a common mistake.

I will add this.

* Change profile config from file
- This one may be too large in scope but, could be limited to changing 
something simple to make sure the file is read and used.

ACK. Though this will be a part of the more complicated scenario.

Where are you planning to put the CA ACL tests?  In the same page?

I originally planned to put it under sub CAs, but since the specification
for CA ACLs moved into the certificate profiles design, I can add it there.
Counting will be done separately from test cases for profiles and it will be
implemented (at least the CRUD test cases) in a module where the ACL Tracker
will be implemented.

When you have that will you be adding a cert-request test?
Yes. I will need to use cert-request to test if the ACL/profile is 
enforced, if enabled/disabled
is in effect. I will not implement this in a module for cert-request, 
though.
I think it will be better to implement these in a separate module to 
signify it is a test
of a conjunction of several parts of the feature (profiles, ACLs and Sub 
CAs,

once this is implemented.
If you think otherwise, I'm open to suggestions.

Thanks,
Scott

Cheers,
Milan






Cheers,
Milan

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-08-10 Thread Kaleemullah Siddiqui



On 08/10/2015 08:54 PM, Scott Poore wrote:


- Original Message -

From: Milan Kubík mku...@redhat.com
To: freeipa-devel freeipa-devel@redhat.com, Scott Poore spo...@redhat.com, 
Fraser Tweedale
ftwee...@redhat.com
Cc: Namita Soman nso...@redhat.com, Ales Marecek amare...@redhat.com
Sent: Monday, August 10, 2015 4:36:31 AM
Subject: Re: cert profiles - test plan + patches

On 08/05/2015 02:57 PM, Milan Kubík wrote:

Hi list,

I'm sending the test plan [1] for certificate profiles and preliminary
patches for it.
The plan covers basic CRUD test and some corner cases. I'm open to more
suggestions.

More complicated tests involving certificate profiles will require the
code (and tests)
for CA ACLs merged, so it's not there at the moment.

There are some unfinished test cases in places I wasn't sure what the
result should be.
We need to iterate through these to fix it.


[1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan

Cheers,
Milan

Hi all,

have you had some time to look at the code and proposal?
Today I want to write a basic CRUD test for the ACLs as well as a few
test cases to check if the ACL is being enforced. It should make it into
wiki today or by tomorrow. I'll send an update then.

I haven't looked at the actual code yet.  Is it checked into git for freeipa 
yet?

This looks good to me for the basic CRUD tests.   I do have some questions and 
requests.

Existing tests:

* Delete default profile
- Did you find out what the expected result should be?

* Try to rename the profile entry
- Can this be renamed to be more specific to trying to rename ldap attr?
- Can we get a new test case to test renaming with certprofile-mod --rename?

Possible new tests:

* Import a profile in xml
- This should fail and I think is at least in the beginning a common mistake.

* Change profile config from file
- This one may be too large in scope but, could be limited to changing 
something simple to make sure the file is read and used.

Where are you planning to put the CA ACL tests?  In the same page?

When you have that will you be adding a cert-request test?

Some additional test cases
(1) Non-existent profile with certprofile-show
(2) certprofile-import with --store both true/false options
(3) certprofile-find with store option


Thanks,
Scott

Cheers,
Milan




--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-08-10 Thread Scott Poore


- Original Message -
 From: Milan Kubík mku...@redhat.com
 To: freeipa-devel freeipa-devel@redhat.com, Scott Poore 
 spo...@redhat.com, Fraser Tweedale
 ftwee...@redhat.com
 Cc: Namita Soman nso...@redhat.com, Ales Marecek amare...@redhat.com
 Sent: Monday, August 10, 2015 4:36:31 AM
 Subject: Re: cert profiles - test plan + patches
 
 On 08/05/2015 02:57 PM, Milan Kubík wrote:
  Hi list,
 
  I'm sending the test plan [1] for certificate profiles and preliminary
  patches for it.
  The plan covers basic CRUD test and some corner cases. I'm open to more
  suggestions.
 
  More complicated tests involving certificate profiles will require the
  code (and tests)
  for CA ACLs merged, so it's not there at the moment.
 
  There are some unfinished test cases in places I wasn't sure what the
  result should be.
  We need to iterate through these to fix it.
 
 
  [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan
 
  Cheers,
  Milan
 Hi all,
 
 have you had some time to look at the code and proposal?
 Today I want to write a basic CRUD test for the ACLs as well as a few
 test cases to check if the ACL is being enforced. It should make it into
 wiki today or by tomorrow. I'll send an update then.

I haven't looked at the actual code yet.  Is it checked into git for freeipa 
yet?

This looks good to me for the basic CRUD tests.   I do have some questions and 
requests.

Existing tests:

* Delete default profile
- Did you find out what the expected result should be?

* Try to rename the profile entry
- Can this be renamed to be more specific to trying to rename ldap attr?
- Can we get a new test case to test renaming with certprofile-mod --rename?

Possible new tests:

* Import a profile in xml
- This should fail and I think is at least in the beginning a common mistake.

* Change profile config from file
- This one may be too large in scope but, could be limited to changing 
something simple to make sure the file is read and used.

Where are you planning to put the CA ACL tests?  In the same page?  

When you have that will you be adding a cert-request test?

Thanks,
Scott
 
 Cheers,
 Milan
 
 

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] cert profiles - test plan + patches

2015-08-10 Thread Fraser Tweedale
On Mon, Aug 10, 2015 at 06:50:57PM +0200, Milan Kubík wrote:
 Hi,
 
 On 08/10/2015 05:24 PM, Scott Poore wrote:
 
 - Original Message -
 From: Milan Kubík mku...@redhat.com
 To: freeipa-devel freeipa-devel@redhat.com, Scott Poore 
 spo...@redhat.com, Fraser Tweedale
 ftwee...@redhat.com
 Cc: Namita Soman nso...@redhat.com, Ales Marecek amare...@redhat.com
 Sent: Monday, August 10, 2015 4:36:31 AM
 Subject: Re: cert profiles - test plan + patches
 
 On 08/05/2015 02:57 PM, Milan Kubík wrote:
 Hi list,
 
 I'm sending the test plan [1] for certificate profiles and preliminary
 patches for it.
 The plan covers basic CRUD test and some corner cases. I'm open to more
 suggestions.
 
 More complicated tests involving certificate profiles will require the
 code (and tests)
 for CA ACLs merged, so it's not there at the moment.
 
 There are some unfinished test cases in places I wasn't sure what the
 result should be.
 We need to iterate through these to fix it.
 
 
 [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan
 
 Cheers,
 Milan
 Hi all,
 
 have you had some time to look at the code and proposal?
 Today I want to write a basic CRUD test for the ACLs as well as a few
 test cases to check if the ACL is being enforced. It should make it into
 wiki today or by tomorrow. I'll send an update then.
 I haven't looked at the actual code yet.  Is it checked into git for freeipa 
 yet?
 
 This looks good to me for the basic CRUD tests.   I do have some questions 
 and requests.
 
 Existing tests:
 
 * Delete default profile
 - Did you find out what the expected result should be?
 
 I reported this when Fraser was implementing the feature. He decided to
 allow this (earlier it has failed).
 At the time I didn't suggest otherwise. The design/documentation could be
 more clear on this
 as for, is it allowed to delete all profiles? Doing this will break an awful
 lot of things. The same applies to
 ACLs as well, Sub CAs later ditto. Deleting the default profile will break
 things even if other profiles
 remain as it is a default, when not specified in cert-request.
 
 Fraser, what do you think?

Yes, I think we should prevent deletion of default profile.  I will
file ticket and produce patch.

I'm undecided about whether to prohibit deletion of other included
profiles (of which there are currently zero, but it won't stay that
way for long).

 * Try to rename the profile entry
 - Can this be renamed to be more specific to trying to rename ldap attr?
 - Can we get a new test case to test renaming with certprofile-mod --rename?
 ACK
 Possible new tests:
 
 * Import a profile in xml
 - This should fail and I think is at least in the beginning a common mistake.
 I will add this.

+1; agree on failure being expected result.

 * Change profile config from file
 - This one may be too large in scope but, could be limited to changing 
 something simple to make sure the file is read and used.
 ACK. Though this will be a part of the more complicated scenario.
 Where are you planning to put the CA ACL tests?  In the same page?
 I originally planned to put it under sub CAs, but since the specification
 for CA ACLs moved into the certificate profiles design, I can add it there.
 Counting will be done separately from test cases for profiles and it will be
 implemented (at least the CRUD test cases) in a module where the ACL Tracker
 will be implemented.
 When you have that will you be adding a cert-request test?
 Yes. I will need to use cert-request to test if the ACL/profile is enforced,
 if enabled/disabled
 is in effect. I will not implement this in a module for cert-request,
 though.
 I think it will be better to implement these in a separate module to signify
 it is a test
 of a conjunction of several parts of the feature (profiles, ACLs and Sub
 CAs,
 once this is implemented.
 If you think otherwise, I'm open to suggestions.

Separate module makes sense.

Cheers,
Fraser

 Thanks,
 Scott
 Cheers,
 Milan
 
 
 
 
 
 Cheers,
 Milan

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


Re: [Freeipa-devel] cert profiles - test plan + patches

2015-08-10 Thread Fraser Tweedale
On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote:
 On 08/05/2015 02:57 PM, Milan Kubík wrote:
 Hi list,
 
 I'm sending the test plan [1] for certificate profiles and preliminary
 patches for it.
 The plan covers basic CRUD test and some corner cases. I'm open to more
 suggestions.
 
 More complicated tests involving certificate profiles will require the
 code (and tests)
 for CA ACLs merged, so it's not there at the moment.
 
 There are some unfinished test cases in places I wasn't sure what the
 result should be.
 We need to iterate through these to fix it.
 
 
 [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan
 
 Cheers,
 Milan
 Hi all,
 
 have you had some time to look at the code and proposal?
 Today I want to write a basic CRUD test for the ACLs as well as a few test
 cases to check if the ACL is being enforced. It should make it into wiki
 today or by tomorrow. I'll send an update then.
 
 Cheers,
 Milan
 
Hi Milan,

I have reviewed the V4/Certificate_Profiles/Test_Plan.  Couple of
comments:

- Test case: Import profile with incorrect values
  - Expected result: refused with error.
  - A simple way to provoke this condition is to add a number to
``policyset.serverCertSet.list``.
  - A similar test case should exist for certprofile-mod.

- Test case: Delete default profile
  - As discussed elsewhere, expected result should be failure.
I filed ticket #5198 to make it so :)

I will review the patch soon.

Cheers,
Fraser

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


Re: [Freeipa-devel] cert profiles - test plan + patches

2015-08-10 Thread Milan Kubík

On 08/05/2015 02:57 PM, Milan Kubík wrote:

Hi list,

I'm sending the test plan [1] for certificate profiles and preliminary 
patches for it.

The plan covers basic CRUD test and some corner cases. I'm open to more
suggestions.

More complicated tests involving certificate profiles will require the 
code (and tests)

for CA ACLs merged, so it's not there at the moment.

There are some unfinished test cases in places I wasn't sure what the 
result should be.

We need to iterate through these to fix it.


[1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan

Cheers,
Milan

Hi all,

have you had some time to look at the code and proposal?
Today I want to write a basic CRUD test for the ACLs as well as a few 
test cases to check if the ACL is being enforced. It should make it into 
wiki today or by tomorrow. I'll send an update then.


Cheers,
Milan

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code