[Freeipa-devel] [PATCH 0022][Tests] Prevent trust test failures cause by adding duplicate DNS forward zone
Lenka Doudova
ldoudova at redhat.com
Mon Jun 27 08:10:55 UTC 2016
On 06/27/2016 10:04 AM, Petr Vobornik wrote:
> On 06/27/2016 09:42 AM, Lenka Doudova wrote:
>> Hi!
>>
>> With newly created AD machines in Brno lab, existing trust tests fail on
>> 'ipa dnsforwardzone-add' command claiming the zone is already present,
>> as new AD domain is dom-221.idm.lab.eng.brq.redhat.com.
>>
>> To prevent these failures I prepared attached patch, that will still
>> attempt to add the forward zone, but in case of non-zero return code
>> will check the message if it says that the forward zone is already
>> configured, and lets the tests continue, if it is so.
>>
>>
>> Lenka
>>
>
> Current approach expects that every error of ipa dnsforward-add here
> will mean that the zone exists. So it might hide other issues - not very
> good.
If I understand your comment correctly, you think that the patch would
pass ANY dnsforwardzone-add error and being OK and continue, right?
That's not intended behaviour - I have an assertion there that checks
that it's really the 'correct' error:
assert "already exists in DNS" in result.stderr_text
So any other error should still prevent continuing in tests.
>
> On the other hand it is not very robust to parse error message.
>
> Question for general audience: What do you think if IPA client's exit
> status would be the IPA error code instead of "1" for every error. E.g.
> in DuplicateEntry case it's 4002.
Personally I think it would be nice to have DuplicateEntry error rather
the just "1" in this case. Even for testing purposes I believe it would
be better than bunch of asserts.
>
> Btw, this is not a NACK.
More information about the Freeipa-devel
mailing list