Re: [Freeipa-devel] cert profiles - test plan + patches
On 09/15/2015 11:18 AM, Milan Kubík wrote: On 09/14/2015 05:47 PM, Martin Basti wrote: On 09/14/2015 01:49 PM, Lenka Doudova wrote: All good, ACK On 09/14/2015 11:54 AM, Milan Kubík wrote: On 09/14/2015 10:10 AM, Lenka Doudova wrote: NACK because: $ pep8 ipatests/test_xmlrpc/test_certprofile_plugin.py ipatests/test_xmlrpc/test_certprofile_plugin.py:213:8: E121 continuation line under-indented for hanging indent (just a missing space in the indent) Lenka On 09/11/2015 01:47 PM, Milan Kubík wrote: On 09/11/2015 12:43 PM, Lenka Doudova wrote: On 09/11/2015 11:45 AM, Milan Kubík wrote: On 09/11/2015 10:27 AM, Martin Basti wrote: On 09/11/2015 09:51 AM, Lenka Doudova wrote: On 09/10/2015 02:11 PM, Milan Kubík wrote: On 09/04/2015 03:57 PM, Martin Babinsky wrote: On 09/04/2015 11:06 AM, Lenka Doudova wrote: Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the problem. What I forgot to mention in the previous email was that the tests fail when attempting to add a certprofile, but if I try to do is manually using 'ipa certprofile-import' command with the exact same data as used in the test, it works fine. Lenka Do you get the traceback also when you run the tests using 'ipa-run-tests' with installed IPA master? Hello, I don't think it is possible to run these tests against the lite server. Please do it on regular installation. Anyway, sorry for the long delay. I send the updated patches. I updated them to reflect the fix for rename option and extended about test with importing a profile from XML file. The test case may need to be updated, based on the resolution of [1]. This at the moment raises remote retrieve error (400 from dogtag), I think there should be more clear message (detecting xml). [1]: https://fedorahosted.org/freeipa/ticket/5294 Cheers, Milan Hi, can't build rpms after applying the patches (namely patch 0009.2): Module ipatests.test_xmlrpc.utils ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] Module 'py' has no 'path' member) Lenka Do we need new util.py in test_xmlrpc? Why not just add it into existing ipatests/util.py? Updated patch attached. Changes: content of ipatests.test_xmlrpc.utils moved to ipatests.utils make-lint updated to ignore py.path submodule Again got an error: Module ipatests.test_xmlrpc.test_certprofile_plugin ipatests/test_xmlrpc/test_certprofile_plugin.py:16: [E0611(no-name-in-module), ] No name 'utils' in module 'ipatests') Probably just extra 's' in: from ipatests.utils import prepare_config Lenka Typo fixed. Removed the py module from the code after an offline discussion. Patch attached. Milan Fixed. Patch attached. Milan I cannot apply this patch on master branch even with 3-way merge, thus I cannot push this, please send rebased patch. Hi, rebased patches attached. Milan Pushed to: ipa-4-2: 223dc3d8d99e773336c94a3d968521e5cea8e35d master: 1550b5ab50966387bac19f46b34a2107010d08d4 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
On 09/14/2015 05:47 PM, Martin Basti wrote: On 09/14/2015 01:49 PM, Lenka Doudova wrote: All good, ACK On 09/14/2015 11:54 AM, Milan Kubík wrote: On 09/14/2015 10:10 AM, Lenka Doudova wrote: NACK because: $ pep8 ipatests/test_xmlrpc/test_certprofile_plugin.py ipatests/test_xmlrpc/test_certprofile_plugin.py:213:8: E121 continuation line under-indented for hanging indent (just a missing space in the indent) Lenka On 09/11/2015 01:47 PM, Milan Kubík wrote: On 09/11/2015 12:43 PM, Lenka Doudova wrote: On 09/11/2015 11:45 AM, Milan Kubík wrote: On 09/11/2015 10:27 AM, Martin Basti wrote: On 09/11/2015 09:51 AM, Lenka Doudova wrote: On 09/10/2015 02:11 PM, Milan Kubík wrote: On 09/04/2015 03:57 PM, Martin Babinsky wrote: On 09/04/2015 11:06 AM, Lenka Doudova wrote: Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the problem. What I forgot to mention in the previous email was that the tests fail when attempting to add a certprofile, but if I try to do is manually using 'ipa certprofile-import' command with the exact same data as used in the test, it works fine. Lenka Do you get the traceback also when you run the tests using 'ipa-run-tests' with installed IPA master? Hello, I don't think it is possible to run these tests against the lite server. Please do it on regular installation. Anyway, sorry for the long delay. I send the updated patches. I updated them to reflect the fix for rename option and extended about test with importing a profile from XML file. The test case may need to be updated, based on the resolution of [1]. This at the moment raises remote retrieve error (400 from dogtag), I think there should be more clear message (detecting xml). [1]: https://fedorahosted.org/freeipa/ticket/5294 Cheers, Milan Hi, can't build rpms after applying the patches (namely patch 0009.2): Module ipatests.test_xmlrpc.utils ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] Module 'py' has no 'path' member) Lenka Do we need new util.py in test_xmlrpc? Why not just add it into existing ipatests/util.py? Updated patch attached. Changes: content of ipatests.test_xmlrpc.utils moved to ipatests.utils make-lint updated to ignore py.path submodule Again got an error: Module ipatests.test_xmlrpc.test_certprofile_plugin ipatests/test_xmlrpc/test_certprofile_plugin.py:16: [E0611(no-name-in-module), ] No name 'utils' in module 'ipatests') Probably just extra 's' in: from ipatests.utils import prepare_config Lenka Typo fixed. Removed the py module from the code after an offline discussion. Patch attached. Milan Fixed. Patch attached. Milan I cannot apply this patch on master branch even with 3-way merge, thus I cannot push this, please send rebased patch. Hi, rebased patches attached. Milan From bcb1d7fbf2f4f43532fac1c5f56dfbb484bf7221 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Milan=20Kub=C3=ADk?=Date: Wed, 10 Jun 2015 14:48:33 +0200 Subject: [PATCH 1/5] ipatests: Add Certprofile tracker class implementation https://fedorahosted.org/freeipa/ticket/57 --- ipatests/test_xmlrpc/objectclasses.py | 5 + ipatests/test_xmlrpc/test_certprofile_plugin.py | 140 2 files changed, 145 insertions(+) create mode 100644 ipatests/test_xmlrpc/test_certprofile_plugin.py diff --git a/ipatests/test_xmlrpc/objectclasses.py b/ipatests/test_xmlrpc/objectclasses.py index a5c1b4c501cd28049b29cfc5e55ae745d91dc5bf..1cd77c7f885fe408d0d9d48fc6d8284900c91b7f 100644 --- a/ipatests/test_xmlrpc/objectclasses.py +++ b/ipatests/test_xmlrpc/objectclasses.py @@ -212,3 +212,8 @@ servicedelegationtarget = [ u'top', u'groupofprincipals', ] + +certprofile = [ +u'top', +u'ipacertprofile', +] diff --git a/ipatests/test_xmlrpc/test_certprofile_plugin.py b/ipatests/test_xmlrpc/test_certprofile_plugin.py new file mode 100644 index ..8fd81bc3f0cc7896adb9fdb6904ace1e7ebc52b3 --- /dev/null +++ b/ipatests/test_xmlrpc/test_certprofile_plugin.py @@ -0,0 +1,140 @@ +# -*- coding: utf-8 -*- +# +# Copyright (C) 2015 FreeIPA Contributors see COPYING for license +# + +""" +Test the `ipalib.plugins.certprofile` module. +""" + +import os + +import pytest + +from ipalib import errors +from ipapython.dn import DN +from ipatests.test_xmlrpc.ldaptracker import Tracker +from ipatests.test_xmlrpc.xmlrpc_test import XMLRPC_test, raises_exact +from ipatests.test_xmlrpc import objectclasses +from ipatests.util import assert_deepequal + + +class CertprofileTracker(Tracker): +"""Tracker class for certprofile plugin. +""" + +retrieve_keys = { +'dn', 'cn', 'description', 'ipacertprofilestoreissued' +
Re: [Freeipa-devel] cert profiles - test plan + patches
All good, ACK On 09/14/2015 11:54 AM, Milan Kubík wrote: On 09/14/2015 10:10 AM, Lenka Doudova wrote: NACK because: $ pep8 ipatests/test_xmlrpc/test_certprofile_plugin.py ipatests/test_xmlrpc/test_certprofile_plugin.py:213:8: E121 continuation line under-indented for hanging indent (just a missing space in the indent) Lenka On 09/11/2015 01:47 PM, Milan Kubík wrote: On 09/11/2015 12:43 PM, Lenka Doudova wrote: On 09/11/2015 11:45 AM, Milan Kubík wrote: On 09/11/2015 10:27 AM, Martin Basti wrote: On 09/11/2015 09:51 AM, Lenka Doudova wrote: On 09/10/2015 02:11 PM, Milan Kubík wrote: On 09/04/2015 03:57 PM, Martin Babinsky wrote: On 09/04/2015 11:06 AM, Lenka Doudova wrote: Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the problem. What I forgot to mention in the previous email was that the tests fail when attempting to add a certprofile, but if I try to do is manually using 'ipa certprofile-import' command with the exact same data as used in the test, it works fine. Lenka Do you get the traceback also when you run the tests using 'ipa-run-tests' with installed IPA master? Hello, I don't think it is possible to run these tests against the lite server. Please do it on regular installation. Anyway, sorry for the long delay. I send the updated patches. I updated them to reflect the fix for rename option and extended about test with importing a profile from XML file. The test case may need to be updated, based on the resolution of [1]. This at the moment raises remote retrieve error (400 from dogtag), I think there should be more clear message (detecting xml). [1]: https://fedorahosted.org/freeipa/ticket/5294 Cheers, Milan Hi, can't build rpms after applying the patches (namely patch 0009.2): Module ipatests.test_xmlrpc.utils ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] Module 'py' has no 'path' member) Lenka Do we need new util.py in test_xmlrpc? Why not just add it into existing ipatests/util.py? Updated patch attached. Changes: content of ipatests.test_xmlrpc.utils moved to ipatests.utils make-lint updated to ignore py.path submodule Again got an error: Module ipatests.test_xmlrpc.test_certprofile_plugin ipatests/test_xmlrpc/test_certprofile_plugin.py:16: [E0611(no-name-in-module), ] No name 'utils' in module 'ipatests') Probably just extra 's' in: from ipatests.utils import prepare_config Lenka Typo fixed. Removed the py module from the code after an offline discussion. Patch attached. Milan Fixed. Patch attached. Milan -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
On 09/14/2015 01:49 PM, Lenka Doudova wrote: All good, ACK On 09/14/2015 11:54 AM, Milan Kubík wrote: On 09/14/2015 10:10 AM, Lenka Doudova wrote: NACK because: $ pep8 ipatests/test_xmlrpc/test_certprofile_plugin.py ipatests/test_xmlrpc/test_certprofile_plugin.py:213:8: E121 continuation line under-indented for hanging indent (just a missing space in the indent) Lenka On 09/11/2015 01:47 PM, Milan Kubík wrote: On 09/11/2015 12:43 PM, Lenka Doudova wrote: On 09/11/2015 11:45 AM, Milan Kubík wrote: On 09/11/2015 10:27 AM, Martin Basti wrote: On 09/11/2015 09:51 AM, Lenka Doudova wrote: On 09/10/2015 02:11 PM, Milan Kubík wrote: On 09/04/2015 03:57 PM, Martin Babinsky wrote: On 09/04/2015 11:06 AM, Lenka Doudova wrote: Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the problem. What I forgot to mention in the previous email was that the tests fail when attempting to add a certprofile, but if I try to do is manually using 'ipa certprofile-import' command with the exact same data as used in the test, it works fine. Lenka Do you get the traceback also when you run the tests using 'ipa-run-tests' with installed IPA master? Hello, I don't think it is possible to run these tests against the lite server. Please do it on regular installation. Anyway, sorry for the long delay. I send the updated patches. I updated them to reflect the fix for rename option and extended about test with importing a profile from XML file. The test case may need to be updated, based on the resolution of [1]. This at the moment raises remote retrieve error (400 from dogtag), I think there should be more clear message (detecting xml). [1]: https://fedorahosted.org/freeipa/ticket/5294 Cheers, Milan Hi, can't build rpms after applying the patches (namely patch 0009.2): Module ipatests.test_xmlrpc.utils ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] Module 'py' has no 'path' member) Lenka Do we need new util.py in test_xmlrpc? Why not just add it into existing ipatests/util.py? Updated patch attached. Changes: content of ipatests.test_xmlrpc.utils moved to ipatests.utils make-lint updated to ignore py.path submodule Again got an error: Module ipatests.test_xmlrpc.test_certprofile_plugin ipatests/test_xmlrpc/test_certprofile_plugin.py:16: [E0611(no-name-in-module), ] No name 'utils' in module 'ipatests') Probably just extra 's' in: from ipatests.utils import prepare_config Lenka Typo fixed. Removed the py module from the code after an offline discussion. Patch attached. Milan Fixed. Patch attached. Milan I cannot apply this patch on master branch even with 3-way merge, thus I cannot push this, please send rebased patch. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
NACK because: $ pep8 ipatests/test_xmlrpc/test_certprofile_plugin.py ipatests/test_xmlrpc/test_certprofile_plugin.py:213:8: E121 continuation line under-indented for hanging indent (just a missing space in the indent) Lenka On 09/11/2015 01:47 PM, Milan Kubík wrote: On 09/11/2015 12:43 PM, Lenka Doudova wrote: On 09/11/2015 11:45 AM, Milan Kubík wrote: On 09/11/2015 10:27 AM, Martin Basti wrote: On 09/11/2015 09:51 AM, Lenka Doudova wrote: On 09/10/2015 02:11 PM, Milan Kubík wrote: On 09/04/2015 03:57 PM, Martin Babinsky wrote: On 09/04/2015 11:06 AM, Lenka Doudova wrote: Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the problem. What I forgot to mention in the previous email was that the tests fail when attempting to add a certprofile, but if I try to do is manually using 'ipa certprofile-import' command with the exact same data as used in the test, it works fine. Lenka Do you get the traceback also when you run the tests using 'ipa-run-tests' with installed IPA master? Hello, I don't think it is possible to run these tests against the lite server. Please do it on regular installation. Anyway, sorry for the long delay. I send the updated patches. I updated them to reflect the fix for rename option and extended about test with importing a profile from XML file. The test case may need to be updated, based on the resolution of [1]. This at the moment raises remote retrieve error (400 from dogtag), I think there should be more clear message (detecting xml). [1]: https://fedorahosted.org/freeipa/ticket/5294 Cheers, Milan Hi, can't build rpms after applying the patches (namely patch 0009.2): Module ipatests.test_xmlrpc.utils ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] Module 'py' has no 'path' member) Lenka Do we need new util.py in test_xmlrpc? Why not just add it into existing ipatests/util.py? Updated patch attached. Changes: content of ipatests.test_xmlrpc.utils moved to ipatests.utils make-lint updated to ignore py.path submodule Again got an error: Module ipatests.test_xmlrpc.test_certprofile_plugin ipatests/test_xmlrpc/test_certprofile_plugin.py:16: [E0611(no-name-in-module), ] No name 'utils' in module 'ipatests') Probably just extra 's' in: from ipatests.utils import prepare_config Lenka Typo fixed. Removed the py module from the code after an offline discussion. Patch attached. Milan -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
On 09/14/2015 10:10 AM, Lenka Doudova wrote: NACK because: $ pep8 ipatests/test_xmlrpc/test_certprofile_plugin.py ipatests/test_xmlrpc/test_certprofile_plugin.py:213:8: E121 continuation line under-indented for hanging indent (just a missing space in the indent) Lenka On 09/11/2015 01:47 PM, Milan Kubík wrote: On 09/11/2015 12:43 PM, Lenka Doudova wrote: On 09/11/2015 11:45 AM, Milan Kubík wrote: On 09/11/2015 10:27 AM, Martin Basti wrote: On 09/11/2015 09:51 AM, Lenka Doudova wrote: On 09/10/2015 02:11 PM, Milan Kubík wrote: On 09/04/2015 03:57 PM, Martin Babinsky wrote: On 09/04/2015 11:06 AM, Lenka Doudova wrote: Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the problem. What I forgot to mention in the previous email was that the tests fail when attempting to add a certprofile, but if I try to do is manually using 'ipa certprofile-import' command with the exact same data as used in the test, it works fine. Lenka Do you get the traceback also when you run the tests using 'ipa-run-tests' with installed IPA master? Hello, I don't think it is possible to run these tests against the lite server. Please do it on regular installation. Anyway, sorry for the long delay. I send the updated patches. I updated them to reflect the fix for rename option and extended about test with importing a profile from XML file. The test case may need to be updated, based on the resolution of [1]. This at the moment raises remote retrieve error (400 from dogtag), I think there should be more clear message (detecting xml). [1]: https://fedorahosted.org/freeipa/ticket/5294 Cheers, Milan Hi, can't build rpms after applying the patches (namely patch 0009.2): Module ipatests.test_xmlrpc.utils ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] Module 'py' has no 'path' member) Lenka Do we need new util.py in test_xmlrpc? Why not just add it into existing ipatests/util.py? Updated patch attached. Changes: content of ipatests.test_xmlrpc.utils moved to ipatests.utils make-lint updated to ignore py.path submodule Again got an error: Module ipatests.test_xmlrpc.test_certprofile_plugin ipatests/test_xmlrpc/test_certprofile_plugin.py:16: [E0611(no-name-in-module), ] No name 'utils' in module 'ipatests') Probably just extra 's' in: from ipatests.utils import prepare_config Lenka Typo fixed. Removed the py module from the code after an offline discussion. Patch attached. Milan Fixed. Patch attached. Milan From fa67fd9f260e644e3b5087bfd71b461b2dbbd349 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Milan=20Kub=C3=ADk?=Date: Sun, 23 Aug 2015 16:19:59 +0200 Subject: [PATCH] ipatests: Add basic tests for certificate profile plugin --- .../test_xmlrpc/data/caIPAserviceCert.xml.tmpl | 619 + .../test_xmlrpc/data/caIPAserviceCert_mal.cfg.tmpl | 109 .../test_xmlrpc/data/caIPAserviceCert_mod.cfg.tmpl | 109 .../data/caIPAserviceCert_mod_mal.cfg.tmpl | 109 ipatests/test_xmlrpc/test_certprofile_plugin.py| 203 ++- ipatests/util.py | 10 + 6 files changed, 1158 insertions(+), 1 deletion(-) create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mal.cfg.tmpl create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mod.cfg.tmpl create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mod_mal.cfg.tmpl diff --git a/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl b/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl new file mode 100644 index ..99548192346b6105ea4f1a015738bfec612e3acd --- /dev/null +++ b/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl @@ -0,0 +1,619 @@ + +http://www.w3.org/2005/Atom; id="caIPAserviceCert_xml"> +caEnrollImpl +IPA-RA Agent-Authenticated Server Certificate Enrollment +This certificate profile is for enrolling server certificates with IPA-RA agent authentication. +true +false +ipara +raCertAuth + +false +false + +certReqInputImpl +Certificate Request Input + + +cert_request_type +Certificate Request Type + + + + +cert_request +Certificate Request + + + + +submitterInfoInputImpl +Requestor Information + + +string +Requestor Name + + + + +string +Requestor Email + + + +
Re: [Freeipa-devel] cert profiles - test plan + patches
On 09/10/2015 02:11 PM, Milan Kubík wrote: On 09/04/2015 03:57 PM, Martin Babinsky wrote: On 09/04/2015 11:06 AM, Lenka Doudova wrote: Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the problem. What I forgot to mention in the previous email was that the tests fail when attempting to add a certprofile, but if I try to do is manually using 'ipa certprofile-import' command with the exact same data as used in the test, it works fine. Lenka Do you get the traceback also when you run the tests using 'ipa-run-tests' with installed IPA master? Hello, I don't think it is possible to run these tests against the lite server. Please do it on regular installation. Anyway, sorry for the long delay. I send the updated patches. I updated them to reflect the fix for rename option and extended about test with importing a profile from XML file. The test case may need to be updated, based on the resolution of [1]. This at the moment raises remote retrieve error (400 from dogtag), I think there should be more clear message (detecting xml). [1]: https://fedorahosted.org/freeipa/ticket/5294 Cheers, Milan Hi, can't build rpms after applying the patches (namely patch 0009.2): Module ipatests.test_xmlrpc.utils ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] Module 'py' has no 'path' member) Lenka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
On 09/11/2015 09:51 AM, Lenka Doudova wrote: On 09/10/2015 02:11 PM, Milan Kubík wrote: On 09/04/2015 03:57 PM, Martin Babinsky wrote: On 09/04/2015 11:06 AM, Lenka Doudova wrote: Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the problem. What I forgot to mention in the previous email was that the tests fail when attempting to add a certprofile, but if I try to do is manually using 'ipa certprofile-import' command with the exact same data as used in the test, it works fine. Lenka Do you get the traceback also when you run the tests using 'ipa-run-tests' with installed IPA master? Hello, I don't think it is possible to run these tests against the lite server. Please do it on regular installation. Anyway, sorry for the long delay. I send the updated patches. I updated them to reflect the fix for rename option and extended about test with importing a profile from XML file. The test case may need to be updated, based on the resolution of [1]. This at the moment raises remote retrieve error (400 from dogtag), I think there should be more clear message (detecting xml). [1]: https://fedorahosted.org/freeipa/ticket/5294 Cheers, Milan Hi, can't build rpms after applying the patches (namely patch 0009.2): Module ipatests.test_xmlrpc.utils ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] Module 'py' has no 'path' member) Lenka Do we need new util.py in test_xmlrpc? Why not just add it into existing ipatests/util.py? -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
On 09/11/2015 10:27 AM, Martin Basti wrote: On 09/11/2015 09:51 AM, Lenka Doudova wrote: On 09/10/2015 02:11 PM, Milan Kubík wrote: On 09/04/2015 03:57 PM, Martin Babinsky wrote: On 09/04/2015 11:06 AM, Lenka Doudova wrote: Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the problem. What I forgot to mention in the previous email was that the tests fail when attempting to add a certprofile, but if I try to do is manually using 'ipa certprofile-import' command with the exact same data as used in the test, it works fine. Lenka Do you get the traceback also when you run the tests using 'ipa-run-tests' with installed IPA master? Hello, I don't think it is possible to run these tests against the lite server. Please do it on regular installation. Anyway, sorry for the long delay. I send the updated patches. I updated them to reflect the fix for rename option and extended about test with importing a profile from XML file. The test case may need to be updated, based on the resolution of [1]. This at the moment raises remote retrieve error (400 from dogtag), I think there should be more clear message (detecting xml). [1]: https://fedorahosted.org/freeipa/ticket/5294 Cheers, Milan Hi, can't build rpms after applying the patches (namely patch 0009.2): Module ipatests.test_xmlrpc.utils ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] Module 'py' has no 'path' member) Lenka Do we need new util.py in test_xmlrpc? Why not just add it into existing ipatests/util.py? I will move it there. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
On 09/11/2015 10:27 AM, Martin Basti wrote: On 09/11/2015 09:51 AM, Lenka Doudova wrote: On 09/10/2015 02:11 PM, Milan Kubík wrote: On 09/04/2015 03:57 PM, Martin Babinsky wrote: On 09/04/2015 11:06 AM, Lenka Doudova wrote: Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the problem. What I forgot to mention in the previous email was that the tests fail when attempting to add a certprofile, but if I try to do is manually using 'ipa certprofile-import' command with the exact same data as used in the test, it works fine. Lenka Do you get the traceback also when you run the tests using 'ipa-run-tests' with installed IPA master? Hello, I don't think it is possible to run these tests against the lite server. Please do it on regular installation. Anyway, sorry for the long delay. I send the updated patches. I updated them to reflect the fix for rename option and extended about test with importing a profile from XML file. The test case may need to be updated, based on the resolution of [1]. This at the moment raises remote retrieve error (400 from dogtag), I think there should be more clear message (detecting xml). [1]: https://fedorahosted.org/freeipa/ticket/5294 Cheers, Milan Hi, can't build rpms after applying the patches (namely patch 0009.2): Module ipatests.test_xmlrpc.utils ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] Module 'py' has no 'path' member) Lenka Do we need new util.py in test_xmlrpc? Why not just add it into existing ipatests/util.py? Updated patch attached. Changes: content of ipatests.test_xmlrpc.utils moved to ipatests.utils make-lint updated to ignore py.path submodule From a01d9bb444f9ecbb6a8d0b99b5ea4eff905bb908 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Milan=20Kub=C3=ADk?=Date: Sun, 23 Aug 2015 16:19:59 +0200 Subject: [PATCH] ipatests: Add basic tests for certificate profile plugin --- .../test_xmlrpc/data/caIPAserviceCert.xml.tmpl | 619 + .../test_xmlrpc/data/caIPAserviceCert_mal.cfg.tmpl | 109 .../test_xmlrpc/data/caIPAserviceCert_mod.cfg.tmpl | 109 .../data/caIPAserviceCert_mod_mal.cfg.tmpl | 109 ipatests/test_xmlrpc/test_certprofile_plugin.py| 203 ++- ipatests/util.py | 13 + make-lint | 1 + 7 files changed, 1162 insertions(+), 1 deletion(-) create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mal.cfg.tmpl create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mod.cfg.tmpl create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mod_mal.cfg.tmpl diff --git a/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl b/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl new file mode 100644 index ..99548192346b6105ea4f1a015738bfec612e3acd --- /dev/null +++ b/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl @@ -0,0 +1,619 @@ + +http://www.w3.org/2005/Atom; id="caIPAserviceCert_xml"> +caEnrollImpl +IPA-RA Agent-Authenticated Server Certificate Enrollment +This certificate profile is for enrolling server certificates with IPA-RA agent authentication. +true +false +ipara +raCertAuth + +false +false + +certReqInputImpl +Certificate Request Input + + +cert_request_type +Certificate Request Type + + + + +cert_request +Certificate Request + + + + +submitterInfoInputImpl +Requestor Information + + +string +Requestor Name + + + + +string +Requestor Email + + + + +string +Requestor Phone + + + + +Certificate Output +certOutputImpl + + +pretty_print +Certificate Pretty Print + + + + +pretty_print +Certificate Base-64 Encoded + + + + + +serverCertSet + + +This default populates a Certificate Subject Name to the request. The default values are Subject Name=CN=$request.req_subject_name.cn$, O=ABC.IDM.LAB.ENG.BRQ.REDHAT.COM + + +string +Subject Name + + +
Re: [Freeipa-devel] cert profiles - test plan + patches
On 09/11/2015 12:43 PM, Lenka Doudova wrote: On 09/11/2015 11:45 AM, Milan Kubík wrote: On 09/11/2015 10:27 AM, Martin Basti wrote: On 09/11/2015 09:51 AM, Lenka Doudova wrote: On 09/10/2015 02:11 PM, Milan Kubík wrote: On 09/04/2015 03:57 PM, Martin Babinsky wrote: On 09/04/2015 11:06 AM, Lenka Doudova wrote: Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the problem. What I forgot to mention in the previous email was that the tests fail when attempting to add a certprofile, but if I try to do is manually using 'ipa certprofile-import' command with the exact same data as used in the test, it works fine. Lenka Do you get the traceback also when you run the tests using 'ipa-run-tests' with installed IPA master? Hello, I don't think it is possible to run these tests against the lite server. Please do it on regular installation. Anyway, sorry for the long delay. I send the updated patches. I updated them to reflect the fix for rename option and extended about test with importing a profile from XML file. The test case may need to be updated, based on the resolution of [1]. This at the moment raises remote retrieve error (400 from dogtag), I think there should be more clear message (detecting xml). [1]: https://fedorahosted.org/freeipa/ticket/5294 Cheers, Milan Hi, can't build rpms after applying the patches (namely patch 0009.2): Module ipatests.test_xmlrpc.utils ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] Module 'py' has no 'path' member) Lenka Do we need new util.py in test_xmlrpc? Why not just add it into existing ipatests/util.py? Updated patch attached. Changes: content of ipatests.test_xmlrpc.utils moved to ipatests.utils make-lint updated to ignore py.path submodule Again got an error: Module ipatests.test_xmlrpc.test_certprofile_plugin ipatests/test_xmlrpc/test_certprofile_plugin.py:16: [E0611(no-name-in-module), ] No name 'utils' in module 'ipatests') Probably just extra 's' in: from ipatests.utils import prepare_config Lenka Typo fixed. Removed the py module from the code after an offline discussion. Patch attached. Milan From b21dbf8e4ce6215f1bd06b250c48d826372e354b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Milan=20Kub=C3=ADk?=Date: Sun, 23 Aug 2015 16:19:59 +0200 Subject: [PATCH] ipatests: Add basic tests for certificate profile plugin --- .../test_xmlrpc/data/caIPAserviceCert.xml.tmpl | 619 + .../test_xmlrpc/data/caIPAserviceCert_mal.cfg.tmpl | 109 .../test_xmlrpc/data/caIPAserviceCert_mod.cfg.tmpl | 109 .../data/caIPAserviceCert_mod_mal.cfg.tmpl | 109 ipatests/test_xmlrpc/test_certprofile_plugin.py| 203 ++- ipatests/util.py | 10 + 6 files changed, 1158 insertions(+), 1 deletion(-) create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mal.cfg.tmpl create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mod.cfg.tmpl create mode 100644 ipatests/test_xmlrpc/data/caIPAserviceCert_mod_mal.cfg.tmpl diff --git a/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl b/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl new file mode 100644 index ..99548192346b6105ea4f1a015738bfec612e3acd --- /dev/null +++ b/ipatests/test_xmlrpc/data/caIPAserviceCert.xml.tmpl @@ -0,0 +1,619 @@ + +http://www.w3.org/2005/Atom; id="caIPAserviceCert_xml"> +caEnrollImpl +IPA-RA Agent-Authenticated Server Certificate Enrollment +This certificate profile is for enrolling server certificates with IPA-RA agent authentication. +true +false +ipara +raCertAuth + +false +false + +certReqInputImpl +Certificate Request Input + + +cert_request_type +Certificate Request Type + + + + +cert_request +Certificate Request + + + + +submitterInfoInputImpl +Requestor Information + + +string +Requestor Name + + + + +string +Requestor Email + + + + +string +Requestor Phone + + + + +Certificate Output +certOutputImpl + + +pretty_print +Certificate Pretty Print + + + + +pretty_print +Certificate
Re: [Freeipa-devel] cert profiles - test plan + patches
On 09/11/2015 11:45 AM, Milan Kubík wrote: On 09/11/2015 10:27 AM, Martin Basti wrote: On 09/11/2015 09:51 AM, Lenka Doudova wrote: On 09/10/2015 02:11 PM, Milan Kubík wrote: On 09/04/2015 03:57 PM, Martin Babinsky wrote: On 09/04/2015 11:06 AM, Lenka Doudova wrote: Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the problem. What I forgot to mention in the previous email was that the tests fail when attempting to add a certprofile, but if I try to do is manually using 'ipa certprofile-import' command with the exact same data as used in the test, it works fine. Lenka Do you get the traceback also when you run the tests using 'ipa-run-tests' with installed IPA master? Hello, I don't think it is possible to run these tests against the lite server. Please do it on regular installation. Anyway, sorry for the long delay. I send the updated patches. I updated them to reflect the fix for rename option and extended about test with importing a profile from XML file. The test case may need to be updated, based on the resolution of [1]. This at the moment raises remote retrieve error (400 from dogtag), I think there should be more clear message (detecting xml). [1]: https://fedorahosted.org/freeipa/ticket/5294 Cheers, Milan Hi, can't build rpms after applying the patches (namely patch 0009.2): Module ipatests.test_xmlrpc.utils ipatests/test_xmlrpc/utils.py:10: [E1101(no-member), prepare_config] Module 'py' has no 'path' member) Lenka Do we need new util.py in test_xmlrpc? Why not just add it into existing ipatests/util.py? Updated patch attached. Changes: content of ipatests.test_xmlrpc.utils moved to ipatests.utils make-lint updated to ignore py.path submodule Again got an error: Module ipatests.test_xmlrpc.test_certprofile_plugin ipatests/test_xmlrpc/test_certprofile_plugin.py:16: [E0611(no-name-in-module), ] No name 'utils' in module 'ipatests') Probably just extra 's' in: from ipatests.utils import prepare_config Lenka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
On 09/04/2015 03:57 PM, Martin Babinsky wrote: On 09/04/2015 11:06 AM, Lenka Doudova wrote: Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the problem. What I forgot to mention in the previous email was that the tests fail when attempting to add a certprofile, but if I try to do is manually using 'ipa certprofile-import' command with the exact same data as used in the test, it works fine. Lenka Do you get the traceback also when you run the tests using 'ipa-run-tests' with installed IPA master? Hello, I don't think it is possible to run these tests against the lite server. Please do it on regular installation. Anyway, sorry for the long delay. I send the updated patches. I updated them to reflect the fix for rename option and extended about test with importing a profile from XML file. The test case may need to be updated, based on the resolution of [1]. This at the moment raises remote retrieve error (400 from dogtag), I think there should be more clear message (detecting xml). [1]: https://fedorahosted.org/freeipa/ticket/5294 Cheers, Milan From 9525be865f96b6dff2b6d4e229b88a04bf6f9ff0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Milan=20Kub=C3=ADk?=Date: Wed, 10 Jun 2015 14:48:33 +0200 Subject: [PATCH 1/5] ipatests: Add Certprofile tracker class implementation https://fedorahosted.org/freeipa/ticket/57 --- ipatests/test_xmlrpc/objectclasses.py | 5 + ipatests/test_xmlrpc/test_certprofile_plugin.py | 140 2 files changed, 145 insertions(+) create mode 100644 ipatests/test_xmlrpc/test_certprofile_plugin.py diff --git a/ipatests/test_xmlrpc/objectclasses.py b/ipatests/test_xmlrpc/objectclasses.py index a5c1b4c501cd28049b29cfc5e55ae745d91dc5bf..1cd77c7f885fe408d0d9d48fc6d8284900c91b7f 100644 --- a/ipatests/test_xmlrpc/objectclasses.py +++ b/ipatests/test_xmlrpc/objectclasses.py @@ -212,3 +212,8 @@ servicedelegationtarget = [ u'top', u'groupofprincipals', ] + +certprofile = [ +u'top', +u'ipacertprofile', +] diff --git a/ipatests/test_xmlrpc/test_certprofile_plugin.py b/ipatests/test_xmlrpc/test_certprofile_plugin.py new file mode 100644 index ..8fd81bc3f0cc7896adb9fdb6904ace1e7ebc52b3 --- /dev/null +++ b/ipatests/test_xmlrpc/test_certprofile_plugin.py @@ -0,0 +1,140 @@ +# -*- coding: utf-8 -*- +# +# Copyright (C) 2015 FreeIPA Contributors see COPYING for license +# + +""" +Test the `ipalib.plugins.certprofile` module. +""" + +import os + +import pytest + +from ipalib import errors +from ipapython.dn import DN +from ipatests.test_xmlrpc.ldaptracker import Tracker +from ipatests.test_xmlrpc.xmlrpc_test import XMLRPC_test, raises_exact +from ipatests.test_xmlrpc import objectclasses +from ipatests.util import assert_deepequal + + +class CertprofileTracker(Tracker): +"""Tracker class for certprofile plugin. +""" + +retrieve_keys = { +'dn', 'cn', 'description', 'ipacertprofilestoreissued' +} +retrieve_all_keys = retrieve_keys | {'objectclass'} +create_keys = retrieve_keys | {'objectclass'} +update_keys = retrieve_keys - {'dn'} +managedby_keys = retrieve_keys +allowedto_keys = retrieve_keys + +def __init__(self, name, store=False, desc='dummy description', + profile=None, default_version=None): +super(CertprofileTracker, self).__init__( +default_version=default_version +) + +self.store = store +self.description = desc +self._profile_path = profile + +self.dn = DN(('cn', name), 'cn=certprofiles', 'cn=ca', + self.api.env.basedn) + +@property +def profile(self): +if not self._profile_path: +return None + +if os.path.isabs(self._profile_path): +path = self._profile_path +else: +path = os.path.join(os.path.dirname(__file__), +self._profile_path) + +with open(path, 'r') as f: +content = f.read() +return unicode(content) + +def make_create_command(self, force=True): +if not self.profile: +raise RuntimeError('Tracker object without path to profile ' + 'cannot be used to create profile entry.') + +return self.make_command('certprofile_import', self.name, + description=self.description, + ipacertprofilestoreissued=self.store, + file=self.profile) + +def check_create(self, result): +assert_deepequal(dict( +value=self.name, +summary=u'Imported profile "{}"'.format(self.name), +result=dict(self.filter_attrs(self.create_keys)) +), result) + +def
Re: [Freeipa-devel] cert profiles - test plan + patches
Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the problem. What I forgot to mention in the previous email was that the tests fail when attempting to add a certprofile, but if I try to do is manually using 'ipa certprofile-import' command with the exact same data as used in the test, it works fine. Lenka On 09/03/2015 02:35 PM, Tomas Babej wrote: On 09/03/2015 01:40 PM, Lenka Doudova wrote: Hi, I took a look at it at Milan's request. patch 0008 - tracker looks ok, ACK patch 0009 - test cases look ok as well, but can't get it to run, 10 out of 14 tests fail, starting with internal error, which I haven't been able to track down, nor fix it. You can investigate the internal error by inspecting the /var/log/httpd/error_log on the IPA server that executed the command. There should be a traceback. Lenka === FAILURES === TestProfileCRUD.test_create_duplicate _ self = user_profile = def test_create_duplicate(self, user_profile): msg = u'Certificate Profile with name "{}" already exists' user_profile.ensure_exists() ipatests/test_xmlrpc/test_certprofile_plugin.py:178: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ipatests/test_xmlrpc/ldaptracker.py:169: in ensure_exists self.create(force=True) ipatests/test_xmlrpc/ldaptracker.py:206: in create result = command() ipatests/test_xmlrpc/ldaptracker.py:127: in run_command result = cmd(*args, **options) ipalib/frontend.py:443: in __call__ ret = self.run(*args, **options) ipalib/frontend.py:761: in run return self.forward(*args, **options) ipalib/frontend.py:782: in forward return self.Backend.rpcclient.forward(self.name, *args, **kw) ipalib/rpc.py:947: in forward return self._call_command(command, params) ipalib/rpc.py:924: in _call_command return command(*params) ipalib/rpc.py:1075: in _call return self.__request(name, args) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = name = 'certprofile_import' args = (('caIPAserviceCert_mod',), {'all': False, 'description': 'Storing copy of a profile', 'file': 'profileId=caIPAservice...sion Default policyset.serverCertSet.11.default.params.userExtOID=2.5.29.17 ', 'ipacertprofilestoreissued': True, ...}) def __request(self, name, args): payload = {'method': unicode(name), 'params': args, 'id': 0} version = args[1].get('version', VERSION_WITHOUT_CAPABILITIES) payload = json_encode_binary(payload, version) if self.__verbose >= 2: root_logger.info('Request: %s', json.dumps(payload, sort_keys=True, indent=4)) response = self.__transport.request( self.__host, self.__handler, json.dumps(payload), verbose=self.__verbose >= 3, ) try: response = json_decode_binary(json.loads(response)) except ValueError as e: raise JSONError(str(e)) if self.__verbose >= 2: root_logger.info( 'Response: %s', json.dumps(json_encode_binary(response, version), sort_keys=True, indent=4) ) error = response.get('error') if error: try: error_class = errors_by_code[error['code']] except KeyError: raise UnknownError( code=error.get('code'), error=error.get('message'), server=self.__host, ) else: raise error_class(message=error['message']) E InternalError: an internal error has occurred On 08/31/2015 03:25 PM, Fraser Tweedale wrote: On Mon, Aug 31, 2015 at 12:24:13PM +0200, Martin Basti wrote: On 08/18/2015 04:06 PM, Milan Kubík wrote: On 08/11/2015 03:17 AM, Fraser Tweedale wrote: On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote: On 08/05/2015 02:57 PM, Milan Kubík wrote: Hi list, I'm sending the test plan [1] for certificate profiles and preliminary patches for it. The plan covers basic CRUD test and some corner cases. I'm open to more suggestions. More complicated tests involving certificate profiles will require the code (and tests) for CA ACLs merged, so it's not there at the moment. There are some unfinished test cases in places I wasn't sure what the result should be. We need to iterate through these to fix it. [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan Cheers, Milan Hi all, have you had some time to look at the code and proposal? Today I want to write a basic CRUD test for the ACLs as
Re: [Freeipa-devel] cert profiles - test plan + patches
On 09/04/2015 11:06 AM, Lenka Doudova wrote: Hi, there's no traceback in the file you mentioned, but I'm running it through lite-server, so here's the traceback from there: http://pastebin.test.redhat.com/310598 I can't really get to the problem. What I forgot to mention in the previous email was that the tests fail when attempting to add a certprofile, but if I try to do is manually using 'ipa certprofile-import' command with the exact same data as used in the test, it works fine. Lenka Do you get the traceback also when you run the tests using 'ipa-run-tests' with installed IPA master? -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
Hi, I took a look at it at Milan's request. patch 0008 - tracker looks ok, ACK patch 0009 - test cases look ok as well, but can't get it to run, 10 out of 14 tests fail, starting with internal error, which I haven't been able to track down, nor fix it. Lenka === FAILURES === TestProfileCRUD.test_create_duplicate _ self = object at 0x7f36459e7110> user_profile = at 0x7f36459e73d0> def test_create_duplicate(self, user_profile): msg = u'Certificate Profile with name "{}" already exists' > user_profile.ensure_exists() ipatests/test_xmlrpc/test_certprofile_plugin.py:178: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ipatests/test_xmlrpc/ldaptracker.py:169: in ensure_exists self.create(force=True) ipatests/test_xmlrpc/ldaptracker.py:206: in create result = command() ipatests/test_xmlrpc/ldaptracker.py:127: in run_command result = cmd(*args, **options) ipalib/frontend.py:443: in __call__ ret = self.run(*args, **options) ipalib/frontend.py:761: in run return self.forward(*args, **options) ipalib/frontend.py:782: in forward return self.Backend.rpcclient.forward(self.name, *args, **kw) ipalib/rpc.py:947: in forward return self._call_command(command, params) ipalib/rpc.py:924: in _call_command return command(*params) ipalib/rpc.py:1075: in _call return self.__request(name, args) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = name = 'certprofile_import' args = (('caIPAserviceCert_mod',), {'all': False, 'description': 'Storing copy of a profile', 'file': 'profileId=caIPAservice...sion Default policyset.serverCertSet.11.default.params.userExtOID=2.5.29.17 ', 'ipacertprofilestoreissued': True, ...}) def __request(self, name, args): payload = {'method': unicode(name), 'params': args, 'id': 0} version = args[1].get('version', VERSION_WITHOUT_CAPABILITIES) payload = json_encode_binary(payload, version) if self.__verbose >= 2: root_logger.info('Request: %s', json.dumps(payload, sort_keys=True, indent=4)) response = self.__transport.request( self.__host, self.__handler, json.dumps(payload), verbose=self.__verbose >= 3, ) try: response = json_decode_binary(json.loads(response)) except ValueError as e: raise JSONError(str(e)) if self.__verbose >= 2: root_logger.info( 'Response: %s', json.dumps(json_encode_binary(response, version), sort_keys=True, indent=4) ) error = response.get('error') if error: try: error_class = errors_by_code[error['code']] except KeyError: raise UnknownError( code=error.get('code'), error=error.get('message'), server=self.__host, ) else: > raise error_class(message=error['message']) E InternalError: an internal error has occurred On 08/31/2015 03:25 PM, Fraser Tweedale wrote: On Mon, Aug 31, 2015 at 12:24:13PM +0200, Martin Basti wrote: On 08/18/2015 04:06 PM, Milan Kubík wrote: On 08/11/2015 03:17 AM, Fraser Tweedale wrote: On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote: On 08/05/2015 02:57 PM, Milan Kubík wrote: Hi list, I'm sending the test plan [1] for certificate profiles and preliminary patches for it. The plan covers basic CRUD test and some corner cases. I'm open to more suggestions. More complicated tests involving certificate profiles will require the code (and tests) for CA ACLs merged, so it's not there at the moment. There are some unfinished test cases in places I wasn't sure what the result should be. We need to iterate through these to fix it. [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan Cheers, Milan Hi all, have you had some time to look at the code and proposal? Today I want to write a basic CRUD test for the ACLs as well as a few test cases to check if the ACL is being enforced. It should make it into wiki today or by tomorrow. I'll send an update then. Cheers, Milan Hi Milan, I have reviewed the V4/Certificate_Profiles/Test_Plan. Couple of comments: - Test case: Import profile with incorrect values - Expected result: refused with error. - A simple way to provoke this condition is to add a number to ``policyset.serverCertSet.list``. - A similar test case should exist for certprofile-mod. - Test case: Delete default profile - As discussed elsewhere, expected result should be failure. I filed ticket #5198 to make it so :) I will review the patch soon. Cheers, Fraser Hello, how is the review
Re: [Freeipa-devel] cert profiles - test plan + patches
On 09/03/2015 01:40 PM, Lenka Doudova wrote: > Hi, > > I took a look at it at Milan's request. > > patch 0008 - tracker looks ok, ACK > patch 0009 - test cases look ok as well, but can't get it to run, 10 out > of 14 tests fail, starting with internal error, which I haven't been > able to track down, nor fix it. You can investigate the internal error by inspecting the /var/log/httpd/error_log on the IPA server that executed the command. There should be a traceback. > > Lenka > > === FAILURES > === > TestProfileCRUD.test_create_duplicate > _ > > self = object at 0x7f36459e7110> > user_profile = > at 0x7f36459e73d0> > > def test_create_duplicate(self, user_profile): > msg = u'Certificate Profile with name "{}" already exists' >> user_profile.ensure_exists() > > ipatests/test_xmlrpc/test_certprofile_plugin.py:178: > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > _ _ _ _ > ipatests/test_xmlrpc/ldaptracker.py:169: in ensure_exists > self.create(force=True) > ipatests/test_xmlrpc/ldaptracker.py:206: in create > result = command() > ipatests/test_xmlrpc/ldaptracker.py:127: in run_command > result = cmd(*args, **options) > ipalib/frontend.py:443: in __call__ > ret = self.run(*args, **options) > ipalib/frontend.py:761: in run > return self.forward(*args, **options) > ipalib/frontend.py:782: in forward > return self.Backend.rpcclient.forward(self.name, *args, **kw) > ipalib/rpc.py:947: in forward > return self._call_command(command, params) > ipalib/rpc.py:924: in _call_command > return command(*params) > ipalib/rpc.py:1075: in _call > return self.__request(name, args) > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > _ _ _ _ > > self = > name = 'certprofile_import' > args = (('caIPAserviceCert_mod',), {'all': False, 'description': > 'Storing copy of a profile', 'file': 'profileId=caIPAservice...sion Default > policyset.serverCertSet.11.default.params.userExtOID=2.5.29.17 > ', 'ipacertprofilestoreissued': True, ...}) > > def __request(self, name, args): > payload = {'method': unicode(name), 'params': args, 'id': 0} > version = args[1].get('version', VERSION_WITHOUT_CAPABILITIES) > payload = json_encode_binary(payload, version) > > if self.__verbose >= 2: > root_logger.info('Request: %s', > json.dumps(payload, sort_keys=True, indent=4)) > > response = self.__transport.request( > self.__host, > self.__handler, > json.dumps(payload), > verbose=self.__verbose >= 3, > ) > > try: > response = json_decode_binary(json.loads(response)) > except ValueError as e: > raise JSONError(str(e)) > > if self.__verbose >= 2: > root_logger.info( > 'Response: %s', > json.dumps(json_encode_binary(response, version), >sort_keys=True, indent=4) > ) > error = response.get('error') > if error: > try: > error_class = errors_by_code[error['code']] > except KeyError: > raise UnknownError( > code=error.get('code'), > error=error.get('message'), > server=self.__host, > ) > else: >> raise error_class(message=error['message']) > E InternalError: an internal error has occurred > > > > > On 08/31/2015 03:25 PM, Fraser Tweedale wrote: >> On Mon, Aug 31, 2015 at 12:24:13PM +0200, Martin Basti wrote: >>> >>> On 08/18/2015 04:06 PM, Milan Kubík wrote: On 08/11/2015 03:17 AM, Fraser Tweedale wrote: > On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote: >> On 08/05/2015 02:57 PM, Milan Kubík wrote: >>> Hi list, >>> >>> I'm sending the test plan [1] for certificate profiles and preliminary >>> patches for it. >>> The plan covers basic CRUD test and some corner cases. I'm open to >>> more >>> suggestions. >>> >>> More complicated tests involving certificate profiles will require the >>> code (and tests) >>> for CA ACLs merged, so it's not there at the moment. >>> >>> There are some unfinished test cases in places I wasn't sure what the >>> result should be. >>> We need to iterate through these to fix it. >>> >>> >>> [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan >>> >>> Cheers, >>> Milan >> Hi all, >> >> have you had some time to look at the code and proposal? >> Today I want to write a basic CRUD test for the ACLs as well as a few >> test >> cases to check if the ACL is being enforced. It should make it into >>
Re: [Freeipa-devel] cert profiles - test plan + patches
On 09/03/2015 01:40 PM, Lenka Doudova wrote: Hi, I took a look at it at Milan's request. patch 0008 - tracker looks ok, ACK patch 0009 - test cases look ok as well, but can't get it to run, 10 out of 14 tests fail, starting with internal error, which I haven't been able to track down, nor fix it. Can you check /var/log/httpr/errors_log what the internal error is? Martin^2 Lenka === FAILURES === TestProfileCRUD.test_create_duplicate _ self = object at 0x7f36459e7110> user_profile = object at 0x7f36459e73d0> def test_create_duplicate(self, user_profile): msg = u'Certificate Profile with name "{}" already exists' > user_profile.ensure_exists() ipatests/test_xmlrpc/test_certprofile_plugin.py:178: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ipatests/test_xmlrpc/ldaptracker.py:169: in ensure_exists self.create(force=True) ipatests/test_xmlrpc/ldaptracker.py:206: in create result = command() ipatests/test_xmlrpc/ldaptracker.py:127: in run_command result = cmd(*args, **options) ipalib/frontend.py:443: in __call__ ret = self.run(*args, **options) ipalib/frontend.py:761: in run return self.forward(*args, **options) ipalib/frontend.py:782: in forward return self.Backend.rpcclient.forward(self.name, *args, **kw) ipalib/rpc.py:947: in forward return self._call_command(command, params) ipalib/rpc.py:924: in _call_command return command(*params) ipalib/rpc.py:1075: in _call return self.__request(name, args) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = name = 'certprofile_import' args = (('caIPAserviceCert_mod',), {'all': False, 'description': 'Storing copy of a profile', 'file': 'profileId=caIPAservice...sion Default policyset.serverCertSet.11.default.params.userExtOID=2.5.29.17 ', 'ipacertprofilestoreissued': True, ...}) def __request(self, name, args): payload = {'method': unicode(name), 'params': args, 'id': 0} version = args[1].get('version', VERSION_WITHOUT_CAPABILITIES) payload = json_encode_binary(payload, version) if self.__verbose >= 2: root_logger.info('Request: %s', json.dumps(payload, sort_keys=True, indent=4)) response = self.__transport.request( self.__host, self.__handler, json.dumps(payload), verbose=self.__verbose >= 3, ) try: response = json_decode_binary(json.loads(response)) except ValueError as e: raise JSONError(str(e)) if self.__verbose >= 2: root_logger.info( 'Response: %s', json.dumps(json_encode_binary(response, version), sort_keys=True, indent=4) ) error = response.get('error') if error: try: error_class = errors_by_code[error['code']] except KeyError: raise UnknownError( code=error.get('code'), error=error.get('message'), server=self.__host, ) else: > raise error_class(message=error['message']) E InternalError: an internal error has occurred On 08/31/2015 03:25 PM, Fraser Tweedale wrote: On Mon, Aug 31, 2015 at 12:24:13PM +0200, Martin Basti wrote: On 08/18/2015 04:06 PM, Milan Kubík wrote: On 08/11/2015 03:17 AM, Fraser Tweedale wrote: On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote: On 08/05/2015 02:57 PM, Milan Kubík wrote: Hi list, I'm sending the test plan [1] for certificate profiles and preliminary patches for it. The plan covers basic CRUD test and some corner cases. I'm open to more suggestions. More complicated tests involving certificate profiles will require the code (and tests) for CA ACLs merged, so it's not there at the moment. There are some unfinished test cases in places I wasn't sure what the result should be. We need to iterate through these to fix it. [1]:http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan Cheers, Milan Hi all, have you had some time to look at the code and proposal? Today I want to write a basic CRUD test for the ACLs as well as a few test cases to check if the ACL is being enforced. It should make it into wiki today or by tomorrow. I'll send an update then. Cheers, Milan Hi Milan, I have reviewed the V4/Certificate_Profiles/Test_Plan. Couple of comments: - Test case: Import profile with incorrect values - Expected result: refused with error. - A simple way to provoke this condition is to add a number to ``policyset.serverCertSet.list``. - A similar test case should exist for certprofile-mod. - Test case: Delete default profile - As discussed elsewhere, expected result
Re: [Freeipa-devel] cert profiles - test plan + patches
On 08/18/2015 04:06 PM, Milan Kubík wrote: On 08/11/2015 03:17 AM, Fraser Tweedale wrote: On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote: On 08/05/2015 02:57 PM, Milan Kubík wrote: Hi list, I'm sending the test plan [1] for certificate profiles and preliminary patches for it. The plan covers basic CRUD test and some corner cases. I'm open to more suggestions. More complicated tests involving certificate profiles will require the code (and tests) for CA ACLs merged, so it's not there at the moment. There are some unfinished test cases in places I wasn't sure what the result should be. We need to iterate through these to fix it. [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan Cheers, Milan Hi all, have you had some time to look at the code and proposal? Today I want to write a basic CRUD test for the ACLs as well as a few test cases to check if the ACL is being enforced. It should make it into wiki today or by tomorrow. I'll send an update then. Cheers, Milan Hi Milan, I have reviewed the V4/Certificate_Profiles/Test_Plan. Couple of comments: - Test case: Import profile with incorrect values - Expected result: refused with error. - A simple way to provoke this condition is to add a number to ``policyset.serverCertSet.list``. - A similar test case should exist for certprofile-mod. - Test case: Delete default profile - As discussed elsewhere, expected result should be failure. I filed ticket #5198 to make it so :) I will review the patch soon. Cheers, Fraser Hello, how is the review going? I'd like to have at least the tracker (patch 0008) reviewed (and merged :) if possible. It will be needed in CA ACL tests. Cheers, Milan Fraser, do you review this patchset? -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
On Mon, Aug 31, 2015 at 12:24:13PM +0200, Martin Basti wrote: > > > On 08/18/2015 04:06 PM, Milan Kubík wrote: > >On 08/11/2015 03:17 AM, Fraser Tweedale wrote: > >>On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote: > >>>On 08/05/2015 02:57 PM, Milan Kubík wrote: > Hi list, > > I'm sending the test plan [1] for certificate profiles and preliminary > patches for it. > The plan covers basic CRUD test and some corner cases. I'm open to > more > suggestions. > > More complicated tests involving certificate profiles will require the > code (and tests) > for CA ACLs merged, so it's not there at the moment. > > There are some unfinished test cases in places I wasn't sure what the > result should be. > We need to iterate through these to fix it. > > > [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan > > Cheers, > Milan > >>>Hi all, > >>> > >>>have you had some time to look at the code and proposal? > >>>Today I want to write a basic CRUD test for the ACLs as well as a few > >>>test > >>>cases to check if the ACL is being enforced. It should make it into > >>>wiki > >>>today or by tomorrow. I'll send an update then. > >>> > >>>Cheers, > >>>Milan > >>> > >>Hi Milan, > >> > >>I have reviewed the V4/Certificate_Profiles/Test_Plan. Couple of > >>comments: > >> > >>- Test case: Import profile with incorrect values > >> - Expected result: refused with error. > >> - A simple way to provoke this condition is to add a number to > >> ``policyset.serverCertSet.list``. > >> - A similar test case should exist for certprofile-mod. > >> > >>- Test case: Delete default profile > >> - As discussed elsewhere, expected result should be failure. > >> I filed ticket #5198 to make it so :) > >> > >>I will review the patch soon. > >> > >>Cheers, > >>Fraser > >Hello, > > > >how is the review going? I'd like to have at least the tracker (patch > >0008) > > reviewed (and merged :) if possible. It will be needed in CA ACL tests. > > > >Cheers, > >Milan > > > > Fraser, do you review this patchset? This fell off my radar, sorry! I eyeballed it a while back and everything seemed fine; I have not (successfully) run the tests yet though. I will complete the review tomorrow. Thanks, Fraser -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
On 08/11/2015 03:17 AM, Fraser Tweedale wrote: On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote: On 08/05/2015 02:57 PM, Milan Kubík wrote: Hi list, I'm sending the test plan [1] for certificate profiles and preliminary patches for it. The plan covers basic CRUD test and some corner cases. I'm open to more suggestions. More complicated tests involving certificate profiles will require the code (and tests) for CA ACLs merged, so it's not there at the moment. There are some unfinished test cases in places I wasn't sure what the result should be. We need to iterate through these to fix it. [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan Cheers, Milan Hi all, have you had some time to look at the code and proposal? Today I want to write a basic CRUD test for the ACLs as well as a few test cases to check if the ACL is being enforced. It should make it into wiki today or by tomorrow. I'll send an update then. Cheers, Milan Hi Milan, I have reviewed the V4/Certificate_Profiles/Test_Plan. Couple of comments: - Test case: Import profile with incorrect values - Expected result: refused with error. - A simple way to provoke this condition is to add a number to ``policyset.serverCertSet.list``. - A similar test case should exist for certprofile-mod. - Test case: Delete default profile - As discussed elsewhere, expected result should be failure. I filed ticket #5198 to make it so :) I will review the patch soon. Cheers, Fraser Hello, how is the review going? I'd like to have at least the tracker (patch 0008) reviewed (and merged :) if possible. It will be needed in CA ACL tests. Cheers, Milan -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
Hi, On 08/10/2015 05:24 PM, Scott Poore wrote: - Original Message - From: Milan Kubík mku...@redhat.com To: freeipa-devel freeipa-devel@redhat.com, Scott Poore spo...@redhat.com, Fraser Tweedale ftwee...@redhat.com Cc: Namita Soman nso...@redhat.com, Ales Marecek amare...@redhat.com Sent: Monday, August 10, 2015 4:36:31 AM Subject: Re: cert profiles - test plan + patches On 08/05/2015 02:57 PM, Milan Kubík wrote: Hi list, I'm sending the test plan [1] for certificate profiles and preliminary patches for it. The plan covers basic CRUD test and some corner cases. I'm open to more suggestions. More complicated tests involving certificate profiles will require the code (and tests) for CA ACLs merged, so it's not there at the moment. There are some unfinished test cases in places I wasn't sure what the result should be. We need to iterate through these to fix it. [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan Cheers, Milan Hi all, have you had some time to look at the code and proposal? Today I want to write a basic CRUD test for the ACLs as well as a few test cases to check if the ACL is being enforced. It should make it into wiki today or by tomorrow. I'll send an update then. I haven't looked at the actual code yet. Is it checked into git for freeipa yet? This looks good to me for the basic CRUD tests. I do have some questions and requests. Existing tests: * Delete default profile - Did you find out what the expected result should be? I reported this when Fraser was implementing the feature. He decided to allow this (earlier it has failed). At the time I didn't suggest otherwise. The design/documentation could be more clear on this as for, is it allowed to delete all profiles? Doing this will break an awful lot of things. The same applies to ACLs as well, Sub CAs later ditto. Deleting the default profile will break things even if other profiles remain as it is a default, when not specified in cert-request. Fraser, what do you think? * Try to rename the profile entry - Can this be renamed to be more specific to trying to rename ldap attr? - Can we get a new test case to test renaming with certprofile-mod --rename? ACK Possible new tests: * Import a profile in xml - This should fail and I think is at least in the beginning a common mistake. I will add this. * Change profile config from file - This one may be too large in scope but, could be limited to changing something simple to make sure the file is read and used. ACK. Though this will be a part of the more complicated scenario. Where are you planning to put the CA ACL tests? In the same page? I originally planned to put it under sub CAs, but since the specification for CA ACLs moved into the certificate profiles design, I can add it there. Counting will be done separately from test cases for profiles and it will be implemented (at least the CRUD test cases) in a module where the ACL Tracker will be implemented. When you have that will you be adding a cert-request test? Yes. I will need to use cert-request to test if the ACL/profile is enforced, if enabled/disabled is in effect. I will not implement this in a module for cert-request, though. I think it will be better to implement these in a separate module to signify it is a test of a conjunction of several parts of the feature (profiles, ACLs and Sub CAs, once this is implemented. If you think otherwise, I'm open to suggestions. Thanks, Scott Cheers, Milan Cheers, Milan -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
On 08/10/2015 08:54 PM, Scott Poore wrote: - Original Message - From: Milan Kubík mku...@redhat.com To: freeipa-devel freeipa-devel@redhat.com, Scott Poore spo...@redhat.com, Fraser Tweedale ftwee...@redhat.com Cc: Namita Soman nso...@redhat.com, Ales Marecek amare...@redhat.com Sent: Monday, August 10, 2015 4:36:31 AM Subject: Re: cert profiles - test plan + patches On 08/05/2015 02:57 PM, Milan Kubík wrote: Hi list, I'm sending the test plan [1] for certificate profiles and preliminary patches for it. The plan covers basic CRUD test and some corner cases. I'm open to more suggestions. More complicated tests involving certificate profiles will require the code (and tests) for CA ACLs merged, so it's not there at the moment. There are some unfinished test cases in places I wasn't sure what the result should be. We need to iterate through these to fix it. [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan Cheers, Milan Hi all, have you had some time to look at the code and proposal? Today I want to write a basic CRUD test for the ACLs as well as a few test cases to check if the ACL is being enforced. It should make it into wiki today or by tomorrow. I'll send an update then. I haven't looked at the actual code yet. Is it checked into git for freeipa yet? This looks good to me for the basic CRUD tests. I do have some questions and requests. Existing tests: * Delete default profile - Did you find out what the expected result should be? * Try to rename the profile entry - Can this be renamed to be more specific to trying to rename ldap attr? - Can we get a new test case to test renaming with certprofile-mod --rename? Possible new tests: * Import a profile in xml - This should fail and I think is at least in the beginning a common mistake. * Change profile config from file - This one may be too large in scope but, could be limited to changing something simple to make sure the file is read and used. Where are you planning to put the CA ACL tests? In the same page? When you have that will you be adding a cert-request test? Some additional test cases (1) Non-existent profile with certprofile-show (2) certprofile-import with --store both true/false options (3) certprofile-find with store option Thanks, Scott Cheers, Milan -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
- Original Message - From: Milan Kubík mku...@redhat.com To: freeipa-devel freeipa-devel@redhat.com, Scott Poore spo...@redhat.com, Fraser Tweedale ftwee...@redhat.com Cc: Namita Soman nso...@redhat.com, Ales Marecek amare...@redhat.com Sent: Monday, August 10, 2015 4:36:31 AM Subject: Re: cert profiles - test plan + patches On 08/05/2015 02:57 PM, Milan Kubík wrote: Hi list, I'm sending the test plan [1] for certificate profiles and preliminary patches for it. The plan covers basic CRUD test and some corner cases. I'm open to more suggestions. More complicated tests involving certificate profiles will require the code (and tests) for CA ACLs merged, so it's not there at the moment. There are some unfinished test cases in places I wasn't sure what the result should be. We need to iterate through these to fix it. [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan Cheers, Milan Hi all, have you had some time to look at the code and proposal? Today I want to write a basic CRUD test for the ACLs as well as a few test cases to check if the ACL is being enforced. It should make it into wiki today or by tomorrow. I'll send an update then. I haven't looked at the actual code yet. Is it checked into git for freeipa yet? This looks good to me for the basic CRUD tests. I do have some questions and requests. Existing tests: * Delete default profile - Did you find out what the expected result should be? * Try to rename the profile entry - Can this be renamed to be more specific to trying to rename ldap attr? - Can we get a new test case to test renaming with certprofile-mod --rename? Possible new tests: * Import a profile in xml - This should fail and I think is at least in the beginning a common mistake. * Change profile config from file - This one may be too large in scope but, could be limited to changing something simple to make sure the file is read and used. Where are you planning to put the CA ACL tests? In the same page? When you have that will you be adding a cert-request test? Thanks, Scott Cheers, Milan -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
On Mon, Aug 10, 2015 at 06:50:57PM +0200, Milan Kubík wrote: Hi, On 08/10/2015 05:24 PM, Scott Poore wrote: - Original Message - From: Milan Kubík mku...@redhat.com To: freeipa-devel freeipa-devel@redhat.com, Scott Poore spo...@redhat.com, Fraser Tweedale ftwee...@redhat.com Cc: Namita Soman nso...@redhat.com, Ales Marecek amare...@redhat.com Sent: Monday, August 10, 2015 4:36:31 AM Subject: Re: cert profiles - test plan + patches On 08/05/2015 02:57 PM, Milan Kubík wrote: Hi list, I'm sending the test plan [1] for certificate profiles and preliminary patches for it. The plan covers basic CRUD test and some corner cases. I'm open to more suggestions. More complicated tests involving certificate profiles will require the code (and tests) for CA ACLs merged, so it's not there at the moment. There are some unfinished test cases in places I wasn't sure what the result should be. We need to iterate through these to fix it. [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan Cheers, Milan Hi all, have you had some time to look at the code and proposal? Today I want to write a basic CRUD test for the ACLs as well as a few test cases to check if the ACL is being enforced. It should make it into wiki today or by tomorrow. I'll send an update then. I haven't looked at the actual code yet. Is it checked into git for freeipa yet? This looks good to me for the basic CRUD tests. I do have some questions and requests. Existing tests: * Delete default profile - Did you find out what the expected result should be? I reported this when Fraser was implementing the feature. He decided to allow this (earlier it has failed). At the time I didn't suggest otherwise. The design/documentation could be more clear on this as for, is it allowed to delete all profiles? Doing this will break an awful lot of things. The same applies to ACLs as well, Sub CAs later ditto. Deleting the default profile will break things even if other profiles remain as it is a default, when not specified in cert-request. Fraser, what do you think? Yes, I think we should prevent deletion of default profile. I will file ticket and produce patch. I'm undecided about whether to prohibit deletion of other included profiles (of which there are currently zero, but it won't stay that way for long). * Try to rename the profile entry - Can this be renamed to be more specific to trying to rename ldap attr? - Can we get a new test case to test renaming with certprofile-mod --rename? ACK Possible new tests: * Import a profile in xml - This should fail and I think is at least in the beginning a common mistake. I will add this. +1; agree on failure being expected result. * Change profile config from file - This one may be too large in scope but, could be limited to changing something simple to make sure the file is read and used. ACK. Though this will be a part of the more complicated scenario. Where are you planning to put the CA ACL tests? In the same page? I originally planned to put it under sub CAs, but since the specification for CA ACLs moved into the certificate profiles design, I can add it there. Counting will be done separately from test cases for profiles and it will be implemented (at least the CRUD test cases) in a module where the ACL Tracker will be implemented. When you have that will you be adding a cert-request test? Yes. I will need to use cert-request to test if the ACL/profile is enforced, if enabled/disabled is in effect. I will not implement this in a module for cert-request, though. I think it will be better to implement these in a separate module to signify it is a test of a conjunction of several parts of the feature (profiles, ACLs and Sub CAs, once this is implemented. If you think otherwise, I'm open to suggestions. Separate module makes sense. Cheers, Fraser Thanks, Scott Cheers, Milan Cheers, Milan -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote: On 08/05/2015 02:57 PM, Milan Kubík wrote: Hi list, I'm sending the test plan [1] for certificate profiles and preliminary patches for it. The plan covers basic CRUD test and some corner cases. I'm open to more suggestions. More complicated tests involving certificate profiles will require the code (and tests) for CA ACLs merged, so it's not there at the moment. There are some unfinished test cases in places I wasn't sure what the result should be. We need to iterate through these to fix it. [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan Cheers, Milan Hi all, have you had some time to look at the code and proposal? Today I want to write a basic CRUD test for the ACLs as well as a few test cases to check if the ACL is being enforced. It should make it into wiki today or by tomorrow. I'll send an update then. Cheers, Milan Hi Milan, I have reviewed the V4/Certificate_Profiles/Test_Plan. Couple of comments: - Test case: Import profile with incorrect values - Expected result: refused with error. - A simple way to provoke this condition is to add a number to ``policyset.serverCertSet.list``. - A similar test case should exist for certprofile-mod. - Test case: Delete default profile - As discussed elsewhere, expected result should be failure. I filed ticket #5198 to make it so :) I will review the patch soon. Cheers, Fraser -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] cert profiles - test plan + patches
On 08/05/2015 02:57 PM, Milan Kubík wrote: Hi list, I'm sending the test plan [1] for certificate profiles and preliminary patches for it. The plan covers basic CRUD test and some corner cases. I'm open to more suggestions. More complicated tests involving certificate profiles will require the code (and tests) for CA ACLs merged, so it's not there at the moment. There are some unfinished test cases in places I wasn't sure what the result should be. We need to iterate through these to fix it. [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan Cheers, Milan Hi all, have you had some time to look at the code and proposal? Today I want to write a basic CRUD test for the ACLs as well as a few test cases to check if the ACL is being enforced. It should make it into wiki today or by tomorrow. I'll send an update then. Cheers, Milan -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code