-
Notifications
You must be signed in to change notification settings - Fork 341
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ipatests: re-add test_dnssec.py::TestInstallDNSSECFirst in gating #5632
Conversation
The test was temporarily removed because of a known issue but the issue is now fixed. Related: https://pagure.io/freeipa/issue/8496 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Also added a fix for https://pagure.io/freeipa/issue/8695. Since it's related to resolvers, @wladich could you have a look? |
LGTM. Can you confirm what branches this needs backports for? I see the change in ipa-4-8 and ipa-4-9. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@flo-renaud
Do you think the new method Resolver.uses_localhost_as_dns
is expected to be of any use outside of the test_resolvconf
test case, especially in such strict form - checking for localhost only, not any ip address? I prefer not to place code which is not expected to be reused to common libraries like this one.
The type of resolver can be detected in the test with isinstance()
or we could add a string property "resolver_type" to all Resolver subclasses.
What do you think about changing the test from checking config files contents (which is not perfect in current state, see inline comment) to checking if ipa server is actually using localhost as a resolver? For that we could create a unique DNS record and query it with dig
or host
commands (or even both as they use different algorithms for obtaining system resolver).
Another thing - the name of test does not reflect the actual check as we are not checking the resolv.conf in case of Fedora 33. Maybe it is better to call it according to test goal - something like "test_localhost_resolver_used".
I don't agree with this comment. Resolver is also a clean way for a test to call methods without the hastle of checking which resolver is in place. If I move the logic into the test, it means that the test would need to be updated whenever a new Resolver implementation is available.
I updated the current code with a pattern and regexp search. It will probably be way faster than adding a DNS record.
Updated. |
e6f0361
to
217bfdd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see your point. You also mentioned that checking resolver with dig
can produce a false positive in case system uses some other nameserver which has a delegation to IPA server. So the changes mostly LGTM, please see the inline comment.
The test test_dnssec.py::TestInstallDNSSECFirst::test_resolvconf checks that /etc/resolv.conf points to the localhost and fails on fedora33 because systemd-resolved is in place (and /etc/resolv.conf contains 127.0.0.53). The test logic needs to be adapted. When systemd-resolved is used, the test can check the output of "resolvectl dns". Fixes: https://pagure.io/freeipa/issue/8695 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
The first commit (re-enable test in gating) could be backported up to ipa-4-8, but the second one can go to ipa-4-9 only (it needs the DNS Resolver commit that was backported to ipa-4-9). |
Thank you, ACK |
The test was temporarily removed because of a known issue
but the issue is now fixed.
Related: https://pagure.io/freeipa/issue/8496
Signed-off-by: Florence Blanc-Renaud flo@redhat.com