[Freeipa-devel] [PATCH] 0055 Fix tests which fail after ipa-adtrust-install

Ana Krivokapic akrivoka at redhat.com
Fri Aug 9 14:03:56 UTC 2013 

On 08/09/2013 09:39 AM, Tomas Babej wrote:
> On 08/08/2013 04:09 PM, Ana Krivokapic wrote:
>> Hello,
>>
>> This patch should fix the failing unit tests.
>>
>> https://fedorahosted.org/freeipa/ticket/3852
>>
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> There are two tests failing on my machine when running the tests after
> ipa-adtrust-install with your patch applied:

You say there are two tests failing but I only see one below.

>
> ======================================================================
> FAIL: test_group[24]: group_find: Search for POSIX groups
> ----------------------------------------------------------------------
> Traceback (most recent call last):
> [...]
> AssertionError: assert_deepequal: dict keys mismatch.
>   test_group[24]: group_find: Search for POSIX groups
>   missing keys = []
>   extra keys = ['ipantsecurityidentifier']
>   expected = {'dn':
> ipapython.dn.DN('cn=editors,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com'),
> 'cn': [u'editors'], 'objectclass': Fuzzy(None, None, <function <lambda> at
> 0x3768c08>), 'gidnumber': [Fuzzy('^\\d+$', <type 'basestring'>, None)],
> 'ipauniqueid':
> [Fuzzy('^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$', <type
> 'unicode'>, None)], 'description': [u'Limited admins who can edit other users']}
>   got = {'dn':
> u'cn=editors,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com',
> 'cn': (u'editors',), 'objectclass': (u'top', u'groupofnames', u'posixgroup',
> u'ipausergroup', u'ipaobject', u'nestedGroup', u'ipantgroupattrs'),
> 'ipantsecurityidentifier':
> (u'S-1-5-21-1457515837-642396627-3509099663-1002',), 'gidnumber':
> (u'1804600002',), 'ipauniqueid': (u'7c6e1672-0039-11e3-9567-001a4a2221fb',),
> 'description': (u'Limited admins who can edit other users',)}
>   path = ('result', 1)
>
> I think you need the wrap the dictionary discribing the editor's group entry
> with the add_sid wrapper, and its objectclasses using the add_oc wrapper.
>
> [tbabej at vm-139 freeipa]$ git diff
> diff --git a/ipatests/test_xmlrpc/test_group_plugin.py
> b/ipatests/test_xmlrpc/test_group_plugin.py
> index d380fe5..14c70cd 100644
> --- a/ipatests/test_xmlrpc/test_group_plugin.py
> +++ b/ipatests/test_xmlrpc/test_group_plugin.py
> @@ -447,14 +447,15 @@ class test_group(Declarative):
>                              objectclasses.posixgroup, u'ipantgroupattrs')),
>                          'ipauniqueid': [fuzzy_uuid],
>                      }),
> -                    {
> +                    add_sid({
>                          'dn': get_group_dn('editors'),
>                          'gidnumber': [fuzzy_digits],
>                          'cn': [u'editors'],
>                          'description': [u'Limited admins who can edit other
> users'],
> -                        'objectclass': fuzzy_set_ci(objectclasses.posixgroup),
> +                        'objectclass': fuzzy_set_ci(add_oc(
> +                            objectclasses.posixgroup, u'ipantgroupattrs')),
>                          'ipauniqueid': [fuzzy_uuid],
> -                    },
> +                    }),
>                      dict(
>                          dn=get_group_dn(group1),
>                          cn=[group1],
>
>
> These changes were sufficient for me to have the unit test suite run without
> errors.
> -- 
> Tomas Babej
> Associate Software Engeneer | Red Hat | Identity Management
> RHCE | Brno Site | IRC: tbabej | freeipa.org

I retested the patch and the tests are passing in my setup. The editors group
definitely does not have the ipantsecurityidentifier attribute nor the
ipantgroupattrs objectclass:

[akrivoka at vm-181 freeipa]$ ipa group-show editors --all
  dn: cn=editors,cn=groups,cn=accounts,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
  Group name: editors
  Description: Limited admins who can edit other users
  GID: 1977000002
  ipauniqueid: 91b3597e-00f3-11e3-92ae-001a4a22217b
  objectclass: top, groupofnames, posixgroup, ipausergroup, ipaobject, nestedGroup

What I noticed though, is that if I delete and re-create the editors group
(after ipa-adtrust-install has been run), it then gets the above mentioned
attribute and objectclass. Maybe you did some similar manipulation in your
setup, resulting in the test failing?


-- 
Regards,

Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130809/167eef99/attachment.htm>

More information about the Freeipa-devel mailing list