Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipatests: re-add test_dnssec.py::TestInstallDNSSECFirst in gating #5632

Closed
wants to merge 2 commits into from
Closed

ipatests: re-add test_dnssec.py::TestInstallDNSSECFirst in gating #5632

wants to merge 2 commits into from

Conversation

flo-renaud
Copy link
Contributor

The test was temporarily removed because of a known issue
but the issue is now fixed.

Related: https://pagure.io/freeipa/issue/8496
Signed-off-by: Florence Blanc-Renaud flo@redhat.com

@flo-renaud
ipatests: re-add test_dnssec.py::TestInstallDNSSECFirst in gating
f44d80f 
The test was temporarily removed because of a known issue
but the issue is now fixed.

Related: https://pagure.io/freeipa/issue/8496
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
@flo-renaud
Copy link
Contributor Author

Also added a fix for https://pagure.io/freeipa/issue/8695. Since it's related to resolvers, @wladich could you have a look?

@rcritten
Copy link
Contributor

LGTM. Can you confirm what branches this needs backports for? I see the change in ipa-4-8 and ipa-4-9.

wladich
wladich reviewed Mar 15, 2021
View reviewed changes
Copy link

@wladich wladich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@flo-renaud
Do you think the new method Resolver.uses_localhost_as_dns is expected to be of any use outside of the test_resolvconf test case, especially in such strict form - checking for localhost only, not any ip address? I prefer not to place code which is not expected to be reused to common libraries like this one.

The type of resolver can be detected in the test with isinstance() or we could add a string property "resolver_type" to all Resolver subclasses.

What do you think about changing the test from checking config files contents (which is not perfect in current state, see inline comment) to checking if ipa server is actually using localhost as a resolver? For that we could create a unique DNS record and query it with dig or host commands (or even both as they use different algorithms for obtaining system resolver).

Another thing - the name of test does not reflect the actual check as we are not checking the resolv.conf in case of Fedora 33. Maybe it is better to call it according to test goal - something like "test_localhost_resolver_used".

ipatests/pytest_ipa/integration/resolver.py Outdated Show resolved Hide resolved
@flo-renaud
Copy link
Contributor Author

@flo-renaud
Do you think the new method Resolver.uses_localhost_as_dns is expected to be of any use outside of the test_resolvconf test case, especially in such strict form - checking for localhost only, not any ip address? I prefer not to place code which is not expected to be reused to common libraries like this one.

I don't agree with this comment. Resolver is also a clean way for a test to call methods without the hastle of checking which resolver is in place. If I move the logic into the test, it means that the test would need to be updated whenever a new Resolver implementation is available.

What do you think about changing the test from checking config files contents (which is not perfect in current state, see inline comment) to checking if ipa server is actually using localhost as a resolver? For that we could create a unique DNS record and query it with dig or host commands (or even both as they use different algorithms for obtaining system resolver).

I updated the current code with a pattern and regexp search. It will probably be way faster than adding a DNS record.

Another thing - the name of test does not reflect the actual check as we are not checking the resolv.conf in case of Fedora 33. Maybe it is better to call it according to test goal - something like "test_localhost_resolver_used".

Updated.

@flo-renaud
Copy link
Contributor Author

Link to successful run with fedora33: Details
Link to successful run woth fedora32: Details
Removing temp commit.

wladich
wladich reviewed Mar 17, 2021
View reviewed changes
Copy link

@wladich wladich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see your point. You also mentioned that checking resolver with dig can produce a false positive in case system uses some other nameserver which has a delegation to IPA server. So the changes mostly LGTM, please see the inline comment.

ipatests/pytest_ipa/integration/resolver.py Outdated Show resolved Hide resolved
@flo-renaud
ipatests: fix TestInstalDNSSECFirst::test_resolvconf logic
e53c322 
The test test_dnssec.py::TestInstallDNSSECFirst::test_resolvconf
checks that /etc/resolv.conf points to the localhost and
fails on fedora33 because systemd-resolved is in place
(and /etc/resolv.conf contains 127.0.0.53).
The test logic needs to be adapted. When systemd-resolved is
used, the test can check the output of "resolvectl dns".

Fixes: https://pagure.io/freeipa/issue/8695
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
@flo-renaud flo-renaud added ipa-4-8 Mark for backport to ipa 4.8 ipa-4-9 Mark for backport to ipa 4.9 labels Mar 17, 2021
@flo-renaud
Copy link
Contributor Author

flo-renaud commented Mar 17, 2021
edited
Loading

The first commit (re-enable test in gating) could be backported up to ipa-4-8, but the second one can go to ipa-4-9 only (it needs the DNS Resolver commit that was backported to ipa-4-9).

@flo-renaud flo-renaud removed the ipa-4-8 Mark for backport to ipa 4.8 label Mar 17, 2021
@wladich wladich added the ack Pull Request approved, can be merged label Mar 17, 2021
@wladich
Copy link

wladich commented Mar 17, 2021

Thank you, ACK

@flo-renaud flo-renaud added the pushed Pull Request has already been pushed label Mar 17, 2021
@flo-renaud
Copy link
Contributor Author

master:

  • a9b4ed4 ipatests: re-add test_dnssec.py::TestInstallDNSSECFirst in gating
  • fb107b9 ipatests: fix TestInstalDNSSECFirst::test_resolvconf logic

@flo-renaud flo-renaud closed this Mar 17, 2021
@flo-renaud flo-renaud deleted the t8496 branch March 17, 2021 15:30
@flo-renaud flo-renaud mentioned this pull request Mar 17, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wladich wladich wladich left review comments

Assignees
No one assigned
Labels
ack Pull Request approved, can be merged ipa-4-9 Mark for backport to ipa 4.9 pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@flo-renaud @rcritten @wladich