[Freeipa-devel] [PATCHES 100-106] Initial implementation of AD integration tests

Tomas Babej tbabej at redhat.com
Tue Oct 22 12:15:07 UTC 2013 

On 10/22/2013 12:27 PM, Tomas Babej wrote:
> On 10/22/2013 10:37 AM, Petr Viktorin wrote:
>> Replying to one part only:
>>
>> On 10/21/2013 04:50 PM, Tomas Babej wrote:
>>> On 10/16/2013 03:44 PM, Petr Viktorin wrote:
>>>>
>>>> I still think it would be simpler if IPA and AD domains shared the
>>>> numbering namespace (users would need to define $AD_env2; if they had
>>>> $MASTER_env1 and $AD_env1 they would be in the same Domain).
>>>>
>>>> But if we use _env1 for both the AD and the IPA domain, they need to
>>>> be separated in Domain.from_env. With patch 0101 both MASTER_env1 and
>>>> AD_env1 will be in both domains[0] and ad_domains[0].
>>>
>>> I would rather not join IPA and AD domains as they even cannot be in 
>>> the
>>> same domain, as the service records would clash. So these will
>>> always be separate / sub / super domain relationship.
>>
>> You're right that they should never share the same domain. But you 
>> should never say never, especially in testing -- what if we'll want 
>> to, in the future, test that the records *do* clash, or that IPA 
>> refuses to install in an AD domain?
>>
>
> You could still set AD_env1 and MASTER_env1 to have the same domain.
>
>> Another problem is that they are now separate namespaces. In all code 
>> that deals with domains you have to deal separately with the list of 
>> AD domains and separately with IPA domains. This makes every piece of 
>> code that doesn't care much about what type of domain it's dealing 
>> with (configuration, listing, possible automation scripts for turning 
>> on the VMs, etc.) more complicated.
>> Also, in this scheme, adding a new type of domain would be quite 
>> hard, especially after more code is written with this split in mind.
>>
>> Do keep the domain type, though. tl;dr I'd really prefer "domain 1 
>> (IPA); domain 2 (AD)" rather than "IPA domain 1; AD domain 1".
>
> This will, however, require filtering the domains depending on the 
> fact whether they contain AD or not. If a testcase wants to access an 
> AD domain, it will still need to loop over the list of domains to see 
> which ones are of AD type.
>
> Any code that does not care what domain type it's dealing with, can 
> easily access all the domains by chaining the respective iterables. We 
> could have a wrapper in the Config class for that, along the lines of 
> get_all_domains().
>
> So what I see here is that we're trading one complexity over another.
>
> I think we can agree on your approach since it hides the complexity 
> from the user, especially in the ipa-test-config, which I admit is 
> getting rather ugly, as we need to introduce new option there and that 
> causes splitting.
>
>>
>> If needed we can have a special check that would reject IPA masters 
>> in AD domains and vice versa, if that really turns out to be necessary.
>>
>
> With this check we should be fine.
>
>>> As we already pass ad_domain flag to Domain.from_env, I did incorporate
>>> code that joins the machines to the domain depending on the their role.
>>> Is that a viable solution for you?
>>
>> Sorry. I think this design is less sustainable than having a shared 
>> namespace for the domains.
>>
>>
> I'll send revised patchset soon.
>
>
Updated patchset attached.


-- 
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0106-9-ipatests-Add-AD-integration-test-case.patch
Type: text/x-patch
Size: 7765 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20131022/febf0788/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0105-9-ipatests-Add-AD-integration-related-tasks.patch
Type: text/x-patch
Size: 17330 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20131022/febf0788/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0104-9-ipatests-Add-WinHost-class.patch
Type: text/x-patch
Size: 1733 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20131022/febf0788/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0103-9-ipatests-Create-util-module-for-ipatests.patch
Type: text/x-patch
Size: 2896 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20131022/febf0788/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0102-9-ipatests-Extend-IntegrationTest-with-multiple-AD-dom.patch
Type: text/x-patch
Size: 2840 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20131022/febf0788/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0101-9-ipatests-Extend-domain-object-with-ad-role-support-a.patch
Type: text/x-patch
Size: 3661 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20131022/febf0788/attachment-0005.bin>

More information about the Freeipa-devel mailing list