New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PR - Issue: 50112 - Port ACI test suit from TET to python3(keyaci) #3239
Comments
Comment from aborah (@aborah-sudo) at 2019-02-04 13:20:45 rebased onto 17579d7f79130dea5f580e4042c2df7b6b7d0d85 |
Comment from aborah (@aborah-sudo) at 2019-02-05 09:47:06 rebased onto 3ef9d5ae844be2ae034edacdd2a0edf8bad40dc9 |
Comment from aborah (@aborah-sudo) at 2019-02-14 10:28:50 rebased onto 5389a8a887f2b8e800b53b965495b3acad77d960 |
Comment from aborah (@aborah-sudo) at 2019-02-15 09:40:01 rebased onto 2785fd0936e07e02a217b9479b859f127cdbbdda |
Comment from aborah (@aborah-sudo) at 2019-02-20 08:39:16 rebased onto 7f273a0a7f2edacde77c3c77f760058491070d6c |
Comment from mreynolds (@mreynolds389) at 2019-02-20 14:58:05 Seems okay to me, but should probably get @droideck or @Firstyear to look it over as well. |
Comment from spichugi (@droideck) at 2019-02-20 16:30:14 A lot of issues that you have here, already mentioned by @Firstyear in previous PRs. But. Let's first fix small issues regarding the code. It will increase the readability and it covers 80% of the issues we usually mention in the review. Please, run this and fix the issues it points out:
Also, reach to me or any of us if you have any doubts about the report. |
Comment from aborah (@aborah-sudo) at 2019-02-20 17:28:39 rebased onto cda118046e82f0ef88e32c2c01781568bf77496f |
Comment from firstyear (@Firstyear) at 2019-02-21 00:51:04 This may not work the way you want. Imagine I have my hosts file setup as:
So socket.gethostname will give me my hostname, then it will give me the 172.24.x.x address BUT we are connected to the the test instance via localhost. So I think this will have issues in containers and other host configurations. Possibly the best thing to do here is actually just make ip '127.0.0.1', because in tests we generally connect to localhost only, and we should only be using that. Check topologies.py maybe. |
Comment from firstyear (@Firstyear) at 2019-02-21 00:52:07 '(target = "ldap:///{}")(targetattr=*)(version 3.0; aci "IP aci"; allow(all) userdn = "ldap:///{}" and ip != "{}" ;)' This could be turned into an ACI_TEMPLATE constant that you populate into, and use named formats, not positional, for clarity. |
Comment from firstyear (@Firstyear) at 2019-02-21 00:54:04 You have this mod_seealso, but it only replaces one line? You also by doing the _mod_seealso are sneaky violating a rule I told you: ONLY test the exceptions Your modsee also is initing the object with the conn and doing the read, when you actually, should have the object create outside of the "with pytest.raises". Remember, all your code must follow this pattern. "correct, simple, fast". you have targetted "simple, correct, fast". As a result, you have broken a correctness rule by prematurely trying to over simplify. |
Comment from firstyear (@Firstyear) at 2019-02-21 01:00:24 This is not a good test because you are relying on external state of the system to then check the TIME, and determine results. Consider the CI server. It only runs at about 12:00 my time AEST, so that's probably about 02:00AM UTC at a guess. So then this test in CI will ONLY ever A better solution is to take the current time, +- 2 hours either side as your allow window, then check you are allowed. Then have a denied test where you have +12 (+- 2 hours) from now, and assert it's denied. No timezone issues, now flow issues, no risks. A better solution is LD_PRELOAD a time shim into the server but that's wayyyyy out of scope. ALso, this is probably a really ineffective way to get a datetime. You actually want:
I don't really know why you chose to code this like this, but it seems like instead of taking the time to research the right way to do it, you chose to rush and bruteforce a solution. |
Comment from firstyear (@Firstyear) at 2019-02-21 01:01:24 This is not a clear explanation, and your test code isn't clear what the ACI is testing due to your use of constants. I think you need a much better comment here about what this is attempting to do. |
Comment from firstyear (@Firstyear) at 2019-02-21 01:02:21 Similar: this is not a good comment. WHY can they not access the data? How is the ACI constructed to not allow the access? |
Comment from firstyear (@Firstyear) at 2019-02-21 01:02:41 Why? |
Comment from firstyear (@Firstyear) at 2019-03-05 00:42:47 Email says @aborah-sudo has commented, but they are not appearing.
I'm sorry, but this is incorrect in this context. gethostname get's you the primary interface of the machine, and only if your hosts file is filled correctly. Imagine my machine hostname was "candice" but /etc/hosts didn't have that entry? Then socket.gethostbyname will fail because there is no host candice. When you are writing tests like this, the only ip you can guarantee will exist is 127.0.0.1. That's it. As well, you are always connecting by localhost (because that's what DirSrv does in tests!). Which means if you want to test an ACI by ip, you have to test by the ip we are connecting on which is always localhost. There is no way for you to avoid that. Perhaps to make this more clear, here the output of ip from my docker env:
So here, socket gethostname will give me 'ldapkdc.example.com' for the container, that then resolves to '172.17.0.4', but dirsrv will connect via localhost, so will bypass the aci anyway. For a different example, my laptop:
So the test would FAIL on my machine here, because my hosts is:
Please, just use localhost. I'm offering a simpler, more robust way for you to conduct the test case here (just use localhost), but instead you seem to be arguing for a more complex, less portable, more fragile solution? I'm won't accept it I'm sorry. |
Comment from aborah (@aborah-sudo) at 2019-03-27 05:03:06 rebased onto 550bb86943571086cd30aaabab507f2717f0c6d3 |
Comment from aborah (@aborah-sudo) at 2019-03-27 05:05:50 Changes are done , Please check |
Comment from aborah (@aborah-sudo) at 2019-03-27 05:55:53 rebased onto 31500960a5a566f39c7e4b32bd43ade5ed2ea1d3 |
Comment from aborah (@aborah-sudo) at 2019-04-01 06:48:30 @droideck , @Firstyear , please review. @mreynolds389 already has already ack for this one |
Comment from spichugi (@droideck) at 2019-04-01 12:56:33 The comments like this look weird. Also I don't see any sense in them if we already have the test function name and docstrings. They just repeat. |
Comment from spichugi (@droideck) at 2019-04-01 12:57:41 The docstring doesn't make much sense... |
Comment from spichugi (@droideck) at 2019-04-01 13:05:05
These tests have failed for me on OpenStack machine (1minutetip). |
Comment from firstyear (@Firstyear) at 2019-04-02 01:32:06
I've asked him to write comments explaining what the tests do, but I think these comments need work as you point out ... They should explain more about the intent, and why we test it the way we do, and why things are structured as they are for example. |
Comment from vashirov (@vashirov) at 2019-04-02 12:38:54
This worked for me, what do you have in the logs? |
Comment from aborah (@aborah-sudo) at 2019-04-03 08:24:40 rebased onto c0acc23cebea1f719f5cce63239627aeb59733b1 |
Comment from aborah (@aborah-sudo) at 2019-04-03 08:27:50 @droideck , @Firstyear , @vashirov All changes are done , please check |
Comment from aborah (@aborah-sudo) at 2019-04-30 18:22:52 @droideck all changes are done as per your suggestion |
Comment from aborah (@aborah-sudo) at 2019-04-30 18:22:53 rebased onto 5b244257999c76e28823c9cdabf2566bfcf8a0a3 |
Comment from aborah (@aborah-sudo) at 2019-05-01 05:29:14 rebased onto 53f94845fb6f8086a050ba0fefe555e4cb516ec6 |
Comment from aborah (@aborah-sudo) at 2019-05-01 05:31:51 rebased onto 61d1e12b73ea87b19de2aae6f99f094c8ec4be4e |
Comment from spichugi (@droideck) at 2019-05-01 11:11:16
The return order of the ldapsearch (and search_s) is not defined. OrganizationalUnit doesn't have sort but you still can sort. |
Comment from aborah (@aborah-sudo) at 2019-05-01 12:04:17 rebased onto 8aeeae3b54f47afd867ef09cdb75c3419fd02151 |
Comment from aborah (@aborah-sudo) at 2019-05-01 12:05:30 @droideck all changes are done as per your suggestion |
Comment from aborah (@aborah-sudo) at 2019-05-02 08:13:05 rebased onto 5bae063a0b771d12a977c2a868640d7a4a3a5ca5 |
Comment from spichugi (@droideck) at 2019-05-02 10:52:27 You can sort directly the ous_next.list(). For that, you should set the |
Comment from aborah (@aborah-sudo) at 2019-05-02 11:07:45 rebased onto 9b04ab2e041b5a8d78bed8929115cc959935e143 |
Comment from aborah (@aborah-sudo) at 2019-05-02 11:13:42 @droideck all changes are done as per your suggestion |
Comment from spichugi (@droideck) at 2019-05-02 19:55:49 Looks good. Small nitpick though - could you please change the |
Comment from spichugi (@droideck) at 2019-05-02 19:59:20 The test case still fails on 1minutetip machine. |
Comment from aborah (@aborah-sudo) at 2019-05-03 03:25:39 @droideck , till i figure out why that specific test case is failing (on fast machines), can you please start reviewing this PR : #3251 |
Comment from aborah (@aborah-sudo) at 2019-05-06 12:02:24 rebased onto 046f9e2b724145a56a328f0763efcc26f1784fdc |
Comment from aborah (@aborah-sudo) at 2019-05-06 12:04:00 @droideck all changes are done as per your suggestion , i have done some changes in failed test cases , hopefully these test cases will not fail now |
Comment from spichugi (@droideck) at 2019-05-06 15:55:17 Just realised, Could you please fix it here and in other places? |
Comment from spichugi (@droideck) at 2019-05-06 15:56:31 Please, check the documentation about |
Comment from spichugi (@droideck) at 2019-05-06 15:58:48
Also
|
Comment from aborah (@aborah-sudo) at 2019-05-06 16:16:48 rebased onto 91361fa3db77c4930222b524b5cbae9528053457 |
Comment from aborah (@aborah-sudo) at 2019-05-06 16:20:30 rebased onto 77aa76b178e7a0e33c915d75f2f82e2f3b21512b |
Comment from aborah (@aborah-sudo) at 2019-05-06 16:21:36 @droideck all changes are done as per your suggestion, Can you please rerun the tests |
Comment from aborah (@aborah-sudo) at 2019-05-06 16:23:16 rebased onto cfe033a6713316a40c970f4cde3f884fc4053990 |
Comment from spichugi (@droideck) at 2019-05-06 17:06:54
And about |
Comment from aborah (@aborah-sudo) at 2019-05-06 17:36:15 rebased onto 468b8a8 |
Comment from aborah (@aborah-sudo) at 2019-05-06 17:37:11 @droideck all changes are done as per your suggestion, Can you please rerun the tests |
Comment from spichugi (@droideck) at 2019-05-06 18:32:24 LGTM! Thanks! |
Comment from vashirov (@vashirov) at 2019-05-07 12:06:07 Pull-Request has been merged by vashirov |
Patch |
Cloned from Pagure Pull-Request: https://pagure.io/389-ds-base/pull-request/50180
Port ACI test suit from TET to python3(keyaci)
Resolves: #3171
Reviewed by: ???
The text was updated successfully, but these errors were encountered: