[Freeipa-devel] cert profiles - test plan + patches

Lenka Doudova ldoudova at redhat.com
Fri Sep 4 09:06:09 UTC 2015 

Hi,

there's no traceback in the file you mentioned, but I'm running it 
through lite-server, so here's the traceback from there:
http://pastebin.test.redhat.com/310598

I can't really get to the problem. What I forgot to mention in the 
previous email was that the tests fail when attempting to add a 
certprofile, but if I try to do is manually using 'ipa 
certprofile-import' command with the exact same data as used in the 
test, it works fine.

Lenka

On 09/03/2015 02:35 PM, Tomas Babej wrote:
>
> On 09/03/2015 01:40 PM, Lenka Doudova wrote:
>> Hi,
>>
>> I took a look at it at Milan's request.
>>
>> patch 0008 - tracker looks ok, ACK
>> patch 0009 - test cases look ok as well, but can't get it to run, 10 out
>> of 14 tests fail, starting with internal error, which I haven't been
>> able to track down, nor fix it.
> You can investigate the internal error by inspecting the
> /var/log/httpd/error_log on the IPA server that executed the command.
>
> There should be a traceback.
>
>> Lenka
>>
>> =================================== FAILURES
>> ===================================
>> ____________________ TestProfileCRUD.test_create_duplicate
>> _____________________
>>
>> self = <ipatests.test_xmlrpc.test_certprofile_plugin.TestProfileCRUD
>> object at 0x7f36459e7110>
>> user_profile =
>> <ipatests.test_xmlrpc.test_certprofile_plugin.CertprofileTracker object
>> at 0x7f36459e73d0>
>>
>>      def test_create_duplicate(self, user_profile):
>>          msg = u'Certificate Profile with name "{}" already exists'
>>>        user_profile.ensure_exists()
>> ipatests/test_xmlrpc/test_certprofile_plugin.py:178:
>> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
>> _ _ _ _
>> ipatests/test_xmlrpc/ldaptracker.py:169: in ensure_exists
>>      self.create(force=True)
>> ipatests/test_xmlrpc/ldaptracker.py:206: in create
>>      result = command()
>> ipatests/test_xmlrpc/ldaptracker.py:127: in run_command
>>      result = cmd(*args, **options)
>> ipalib/frontend.py:443: in __call__
>>      ret = self.run(*args, **options)
>> ipalib/frontend.py:761: in run
>>      return self.forward(*args, **options)
>> ipalib/frontend.py:782: in forward
>>      return self.Backend.rpcclient.forward(self.name, *args, **kw)
>> ipalib/rpc.py:947: in forward
>>      return self._call_command(command, params)
>> ipalib/rpc.py:924: in _call_command
>>      return command(*params)
>> ipalib/rpc.py:1075: in _call
>>      return self.__request(name, args)
>> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
>> _ _ _ _
>>
>> self = <ipalib.rpc.JSONServerProxy object at 0x7f36459e71d0>
>> name = 'certprofile_import'
>> args = (('caIPAserviceCert_mod',), {'all': False, 'description':
>> 'Storing copy of a profile', 'file': 'profileId=caIPAservice...sion Default
>> policyset.serverCertSet.11.default.params.userExtOID=2.5.29.17
>> ', 'ipacertprofilestoreissued': True, ...})
>>
>>      def __request(self, name, args):
>>          payload = {'method': unicode(name), 'params': args, 'id': 0}
>>          version = args[1].get('version', VERSION_WITHOUT_CAPABILITIES)
>>          payload = json_encode_binary(payload, version)
>>     
>>          if self.__verbose >= 2:
>>              root_logger.info('Request: %s',
>>                               json.dumps(payload, sort_keys=True, indent=4))
>>     
>>          response = self.__transport.request(
>>              self.__host,
>>              self.__handler,
>>              json.dumps(payload),
>>              verbose=self.__verbose >= 3,
>>          )
>>     
>>          try:
>>              response = json_decode_binary(json.loads(response))
>>          except ValueError as e:
>>              raise JSONError(str(e))
>>     
>>          if self.__verbose >= 2:
>>              root_logger.info(
>>                  'Response: %s',
>>                  json.dumps(json_encode_binary(response, version),
>>                             sort_keys=True, indent=4)
>>              )
>>          error = response.get('error')
>>          if error:
>>              try:
>>                  error_class = errors_by_code[error['code']]
>>              except KeyError:
>>                  raise UnknownError(
>>                      code=error.get('code'),
>>                      error=error.get('message'),
>>                      server=self.__host,
>>                  )
>>              else:
>>>                raise error_class(message=error['message'])
>> E               InternalError: an internal error has occurred
>>
>>
>>
>>
>> On 08/31/2015 03:25 PM, Fraser Tweedale wrote:
>>> On Mon, Aug 31, 2015 at 12:24:13PM +0200, Martin Basti wrote:
>>>> On 08/18/2015 04:06 PM, Milan Kubík wrote:
>>>>> On 08/11/2015 03:17 AM, Fraser Tweedale wrote:
>>>>>> On Mon, Aug 10, 2015 at 11:36:31AM +0200, Milan Kubík wrote:
>>>>>>> On 08/05/2015 02:57 PM, Milan Kubík wrote:
>>>>>>>> Hi list,
>>>>>>>>
>>>>>>>> I'm sending the test plan [1] for certificate profiles and preliminary
>>>>>>>> patches for it.
>>>>>>>> The plan covers basic CRUD test and some corner cases. I'm open to
>>>>>>>> more
>>>>>>>> suggestions.
>>>>>>>>
>>>>>>>> More complicated tests involving certificate profiles will require the
>>>>>>>> code (and tests)
>>>>>>>> for CA ACLs merged, so it's not there at the moment.
>>>>>>>>
>>>>>>>> There are some unfinished test cases in places I wasn't sure what the
>>>>>>>> result should be.
>>>>>>>> We need to iterate through these to fix it.
>>>>>>>>
>>>>>>>>
>>>>>>>> [1]: http://www.freeipa.org/page/V4/Certificate_Profiles/Test_Plan
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>> Milan
>>>>>>> Hi all,
>>>>>>>
>>>>>>> have you had some time to look at the code and proposal?
>>>>>>> Today I want to write a basic CRUD test for the ACLs as well as a few
>>>>>>> test
>>>>>>> cases to check if the ACL is being enforced. It should make it into
>>>>>>> wiki
>>>>>>> today or by tomorrow. I'll send an update then.
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Milan
>>>>>>>
>>>>>> Hi Milan,
>>>>>>
>>>>>> I have reviewed the V4/Certificate_Profiles/Test_Plan.  Couple of
>>>>>> comments:
>>>>>>
>>>>>> - Test case: Import profile with incorrect values
>>>>>>    - Expected result: refused with error.
>>>>>>    - A simple way to provoke this condition is to add a number to
>>>>>>      ``policyset.serverCertSet.list``.
>>>>>>    - A similar test case should exist for certprofile-mod.
>>>>>>
>>>>>> - Test case: Delete default profile
>>>>>>    - As discussed elsewhere, expected result should be failure.
>>>>>>      I filed ticket #5198 to make it so :)
>>>>>>
>>>>>> I will review the patch soon.
>>>>>>
>>>>>> Cheers,
>>>>>> Fraser
>>>>> Hello,
>>>>>
>>>>> how is the review going? I'd like to have at least the tracker (patch
>>>>> 0008)
>>>>> reviewed (and merged :) if possible. It will be needed in CA ACL tests.
>>>>>
>>>>> Cheers,
>>>>> Milan
>>>>>
>>>> Fraser, do you review this patchset?
>>> This fell off my radar, sorry!  I eyeballed it a while back and
>>> everything seemed fine; I have not (successfully) run the tests yet
>>> though.  I will complete the review tomorrow.
>>>
>>> Thanks,
>>> Fraser
>>>
>>
>>

More information about the Freeipa-devel mailing list