[Freeipa-devel] [PATCH] ca-less tests updated

David Kupka dkupka at redhat.com
Wed Apr 20 08:35:34 UTC 2016 

On 19/04/16 11:13, Oleg Fayans wrote:
> OK, that one, though passing lint, did not actually work. I gave up my
> attempts to define method decorators inside the class. Now it passes
> lint AND works:)
>

Hi Oleg!

1) Current commit message is useless. Please use it to describe what is 
the point of the patch.

2) $ git show -U0 | pep8 --diff
./ipatests/test_integration/test_caless.py:66:1: E302 expected 2 blank 
lines, found 1
./ipatests/test_integration/test_caless.py:74:1: E302 expected 2 blank 
lines, found 1
./ipatests/test_integration/test_caless.py:820:5: E303 too many blank 
lines (2)
./ipatests/test_integration/test_caless.py:825:80: E501 line too long 
(80 > 79 characters)
./ipatests/test_integration/test_caless.py:1035:44: E225 missing 
whitespace around operator


3) Isn't there a way to do this with pytest's fixtures?

> +def server_install_teardown(func):
> +    def wrapped(*args):
> +        try:
> +            func(*args)
> +        finally:
> +            args[0].uninstall_server()
> +    return wrapped
> +
> +def replica_install_teardown(func):
> +    def wrapped(*args):
> +        try:
> +            func(*args)
> +        finally:
> +            # Uninstall replica
> +            replica = args[0].replicas[0]
> +            tasks.kinit_admin(args[0].master)
> +            args[0].uninstall_server(replica)
> +            args[0].master.run_command(['ipa-replica-manage', 'del',
> +                                        replica.hostname, '--force'],
> +                                       raiseonerr=False)
> +            args[0].master.run_command(['ipa', 'host-del',
> +                                        replica.hostname],
> +                                       raiseonerr=False)
> +    return wrapped
> +

4) Is it necessary to create the $TEST_DIR in the test? Isn't it created 
by the framework?

> +            host.transport.mkdir_recursive(host.config.test_dir)


5) I don't think the comment match the code.

>
> +        # Remove CA cert in /etc/pki/nssdb, in case of failed (un)install
> +        for host in cls.get_all_hosts():
> +            cls.uninstall_server(host)
> +
>           super(CALessBase, cls).uninstall(mh)


6) No! Create list with one element, iterate that list and append every 
item to the other list. Maybe there's better way (Hint: append).
I've seen this on multiple places.

>           if unattended:
>               args.extend(['-U'])

7) Why don't you (extend and) use 
ipatests.test_integaration.tasks.(un)install_{master,replica}?
This could be done pretty much all over the code.

>           host.run_command(['ipa-server-install', '--uninstall', '-U'])

8) Use ipaplatform.paths for certutil and other binaries. If the binary 
is not there feel free to add it.
I've seen this on multiple places.

> +        host.run_command(['certutil', '-d', paths.NSS_DB_DIR, '-D',
> +                          '-n', 'External CA cert'],
> +                         raiseonerr=False)
> +        # A workaround forhttps://fedorahosted.org/freeipa/ticket/4639
> +        result = host.run_command(['certutil', '-L', '-d',
> +                                   paths.HTTPD_ALIAS_DIR])
> +        for rawcert in result.stdout_text.split('\n')[4: -1]:
> +            cert = rawcert.split('    ')[0]
> +            host.run_command(['certutil', '-D', '-d', paths.HTTPD_ALIAS_DIR,
> +                              '-n', cert])
>

9) certmonger is system service. You can check if is is .enabled() and 
.running(). And IIUC the comment is negation of what the code does.

>
>               # Verify certmonger was not started
>               result = host.run_command(['getcert', 'list'], raiseonerr=False)
> -            assert result > 0
> -            assert ('Please verify that the certmonger service has been '
> -                    'started.' in result.stdout_text), result.stdout_text
> +            assert result.returncode == 0

10) What is the point of calling uninstall_server() when it will be 
called in the finally block of server_install_teardown anyway?

> +    @server_install_teardown
>       def test_revoked_http(self):
>           "IPA server install with revoked HTTP certificate"
>
>           if result.returncode == 0:
> +            self.uninstall_server()
>               raise nose.SkipTest(
>                   "Known CA-less installation defect, see "
>                   +"https://fedorahosted.org/freeipa/ticket/4270")
>
>           assert result.returncode > 0
>

Nitpick) Do not mix fixing typos/grammar/spelling/style with functional 
changes.

> -    def test_incorect_http_pin(self):
> +    @pytest.mark.xfail(reason='freeipa ticket 5378')
> +    def test_incorrect_http_pin(self):
>          "Install new HTTP certificate with incorrect PKCS#12 password"


-- 
David Kupka

More information about the Freeipa-devel mailing list