[Freeipa-devel] [PATCH 0025][Tests] RFE: External trust
Lenka Doudova
ldoudova at redhat.com
Fri Jul 1 14:15:58 UTC 2016
On 07/01/2016 02:38 PM, Martin Babinsky wrote:
> On 07/01/2016 06:36 AM, Lenka Doudova wrote:
>>
>>
>> On 06/30/2016 05:01 PM, Martin Babinsky wrote:
>>> On 06/30/2016 03:47 PM, Lenka Doudova wrote:
>>>> Hi,
>>>>
>>>> attaching patch with some basic coverage for external trust
>>>> feature. Bit
>>>> more detailed info in commit message.
>>>>
>>>> Since the feature requires me to run commands previously used only for
>>>> forest root domains even for subdomains, I made some changes in
>>>> ipatests/test_integration/tasks.py file, so that it would enable me to
>>>> reuse existing function without copy-pasting them for one variable
>>>> change.
>>>>
>>>>
>>>> Lenka
>>>>
>>>>
>>>>
>>>
>>> Hi Lenka,
>>>
>>> I have a few comments:
>>>
>>> 1.)
>>>
>>> -def establish_trust_with_ad(master, ad, extra_args=()):
>>> +def establish_trust_with_ad(master, ad, extra_args=(),
>>> subdomain=False):
>>>
>>> This modification seems extremely kludgy to me.
>>>
>>> I would rather change the function signature to:
>>>
>>> -def establish_trust_with_ad(master, ad, extra_args=()):
>>> +def establish_trust_with_ad(master, ad_domain, extra_args=()):
>>>
>>> and pass the domain name itself to the function instead of doing magic
>>> inside. The same goes with `remove trust_with_ad`. You may want to fix
>>> the calls to them in existing code so that the domain is passed
>>> instead of the whole trust object.
>>>
>>> 2.)
>>>
>>> +def sync_time_hostname(host, srv_hostname):
>>> + """
>>> + Syncs time with the remote server given by its hostname.
>>> + Please note that this function leaves ntpd stopped.
>>> + """
>>> + host.run_command(['systemctl', 'stop', 'ntpd'])
>>> + host.run_command(['ntpdate', srv_hostname])
>>> +
>>> +
>>>
>>> this looks like a duplicate of the function above it, why is it even
>>> needed?
>>>
>>> 3.)
>>> +class TestExternalTrustWithSubdomain(ADTrustBase):
>>> + """
>>> + Test establishing external trust with subdomain
>>> + """
>>> +
>>> + @classmethod
>>> + def install(cls, mh):
>>> + super(ADTrustBase, cls).install(mh)
>>> + cls.ad = cls.ad_domains[0].ads[0]
>>> + cls.install_adtrust()
>>> + cls.check_sid_generation()
>>> +
>>> + # Determine whether the subdomain AD is available
>>> + try:
>>> + child_ad = cls.host_by_role(cls.optional_extra_roles[0])
>>> + cls.ad_subdomain =
>>> '.'.join(child_ad.hostname.split('.')[1:])
>>> + cls.ad_subdomain_hostname = child_ad.hostname
>>> + except LookupError:
>>> + cls.ad_subdomain = None
>>> +
>>> + cls.configure_dns_and_time()
>>>
>>> Please use proper OOP practices when overriding the behavior of the
>>> base test class.
>>>
>>> For starters you could rewrite the install method like this:
>>>
>>> + @classmethod
>>> + def install(cls, mh):
>>> + # Determine whether the subdomain AD is available
>>> + try:
>>> + cls.child_ad =
>>> cls.host_by_role(cls.optional_extra_roles[0])
>>> + cls.ad_subdomain =
>>> '.'.join(child_ad.hostname.split('.')[1:])
>>> + cls.ad_subdomain_hostname = child_ad.hostname
>>> + except LookupError:
>>> + raise nose.SkipTest("AFAIK this will skip the whole test
>>> class")
>>> + super(ADTrustBase, cls).install(mh)
>>>
>>> with child_ad stored as class attribute, you can override
>>> `configure_dns_and_time`:
>>> + def configure_dns_and_time(cls):
>>> + tasks.configure_dns_for_trust(cls.master, cls.ad_subdomain)
>>> # no need to re-implement the function just to get to the child
>>> AD DC hostname now
>>> + tasks.sync_time(cls.master, cls.child_ad.hostname)
>>>
>>> You can then use this class as an intermediary in the hierarchy and
>>> inherit the other external/non-external trust test classes from it,
>>> since most setup method in them are just copy-pasted from this one.
>>>
>> Hi,
>> thanks for review, fixed patch attached.
>>
>> Lenka
>
> Hi Lenka,
>
> I am still not happy about the patch underutilizing the potential for
> a proper inheritance hierarchy and instead relying on a staggering
> amounts of copy-pasting for implementation.
>
> I am attaching a quick untested patch illustrating how the
> implementation should look like.
>
> Also you have some leftovers from previous revision, please fix them:
>
> Pylint is running, please wait ...
> ************* Module ipatests.test_integration.test_trust
> ipatests/test_integration/test_trust.py:236: [E1101(no-member),
> TestExternalTrustWithSubdomain.configure_dns_and_time] Module
> 'ipatests.test_integration.tasks' has no 'sync_time_hostname' member)
> ipatests/test_integration/test_trust.py:243:
> [E1123(unexpected-keyword-arg),
> TestExternalTrustWithSubdomain.test_establish_trust] Unexpected
> keyword argument 'subdomain' in function call)
> ipatests/test_integration/test_trust.py:279:
> [E1123(unexpected-keyword-arg),
> TestExternalTrustWithSubdomain.test_remove_nonposix_trust] Unexpected
> keyword argument 'subdomain' in function call)
> ipatests/test_integration/test_trust.py:330: [E1101(no-member),
> TestNonexternalTrustWithSubdomain.configure_dns_and_time] Module
> 'ipatests.test_integration.tasks' has no 'sync_time_hostname' member)
> Makefile:137: recipe for target 'lint' failed
> make: *** [lint] Error 1
> sending incremental file list
>
> (this is before I started meddling with it)
>
>
Thank you very much for the example, fixed patch attached.
Lenka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-ldoudova-0025.3-Tests-External-trust.patch
Type: text/x-patch
Size: 15476 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160701/5fc7a001/attachment.bin>
More information about the Freeipa-devel
mailing list