Adcli: adding class and methods for adcli #145

shridhargadekar · 2025-01-09T09:22:39Z

Adding adcli class, and methods including info, discovery, join

jakub-vavra-cz · 2025-01-10T11:26:37Z

sssd_test_framework/utils/adcli.py

+    def _join(
+        self,
+        *,
+        domain: str| None = None,


There should be probably either domain or domain_controller.
The manual page states that it expects domain so I would go with that.
Getting both None or both populated is a recipe for a disaster.

pbrezina

I'd like to bring in Sumit as well.

I don't really know if we have use for this in SSSD, I don't really think so. I'm fine with including the patch though. However, in this case, operation that changes something must be also able to revert that change. In this case join, so this should be MultihostReentrantUtility.

pbrezina · 2025-01-15T12:18:10Z

sssd_test_framework/utils/adcli.py

+        self.fs: LinuxFileSystem = fs
+        """Filesystem utils."""
+
+    def _info(


Why do you use underscores on the methods name? Those should be all public methods, right?

pbrezina · 2025-01-15T12:23:08Z

sssd_test_framework/utils/adcli.py

+        self,
+        *,
+        domain: str | None = None,
+        domain_controller: str | None,


default to None as well?

pbrezina · 2025-01-15T12:24:22Z

sssd_test_framework/utils/adcli.py

+    def _join(
+        self,
+        *,
+        domain: str| None = None,
+        domain_controller: str| None = None,
+        domain_realm: str| None = None,
+        host_fqdn: str| None = None,
+        host_keytab: str| None = None,
+        computer_name: str| None = None,
+        login_ccache: str| None = None,
+        login_user: str| None = None,
+        login_type: str| None = None,
+        domain_ou: str| None = None,
+        service_name: str| None = None,
+        os_name: str| None = None,
+        os_version: str| None = None,
+        os_service_pack: str| None = None,
+        user_principal: str| None = None,
+        trusted_for_delegation: str| None = None,
+        dont_expire_password: str| None = None,
+        add_service_principal: str| None = None,
+        description: str| None = None,
+        setattrs: str| None = None,
+        no_password: str| None = None,
+        promp_password: str| None = None,
+        stdin_password: str| None = None,
+        one_time_password: str| None = None,
+        show_password: str| None = None,
+        show_details: str| None = None,
+        add_samba_data: str| None = None,
+        samba_data_tool: str| None = None,
+        ldap_passwd: str| None = None,


Use **kwargs or *args to handle additional argument and keep only required arguments here. Otherwise it would be difficult to maintain.

sumit-bose · 2025-01-15T12:57:30Z

I'd like to bring in Sumit as well.

I don't really know if we have use for this in SSSD, I don't really think so. I'm fine with including the patch though. However, in this case, operation that changes something must be also able to revert that change. In this case join, so this should be MultihostReentrantUtility.

Hi,

on which level the revert should work. E.g. before calling adcli join we can save the current keytab and restore it afterwards. But since the state on AD/Samba DC will be changed as well they keys from the old keytab won't work anymore. So it might be better to keep the new keytab or do a leave/join cycle with fixed options to get back into a defined state?

bye,
Sumit

Adding adcli class, and methods including info, discovery, join

pbrezina · 2025-01-17T08:20:39Z

I'd like to bring in Sumit as well.
I don't really know if we have use for this in SSSD, I don't really think so. I'm fine with including the patch though. However, in this case, operation that changes something must be also able to revert that change. In this case join, so this should be MultihostReentrantUtility.

Hi,

on which level the revert should work. E.g. before calling adcli join we can save the current keytab and restore it afterwards. But since the state on AD/Samba DC will be changed as well they keys from the old keytab won't work anymore. So it might be better to keep the new keytab or do a leave/join cycle with fixed options to get back into a defined state?

bye, Sumit

It's a question of how is it going to be used.

Right now, in sssd-test-framework, we have this: https://github.com/SSSD/sssd-test-framework/blob/master/sssd_test_framework/topology_controllers.py#L74

pytest_setup -> each host performs a backup (only once at start)
topology_setup -> run realmd join (only once when entering topology)
topology teardown -> restore from the host backup (only once when leaving topology)

In adcli, I assume that Shridar is going to call adcli.join() insinde a test. So the logic should be:

MultihostUtility (cannot be used in MultihostHost objects, only in MultihostRole objects inside tests):

utility.setup: do nothing or backup what is needed
inside test: adcli.join
utility.teardown: adcli.leave and clean up possible leftovers

MultihostReentrantUtility (cannot be used in MultihostHost objects and in MultihostRole objects):

utility.__enter__: enter new setup level, do nothing or backup what is needed
inside test or topology setup: adcli.join
utility.__exit__: adcli.leave and clean up possible leftovers

Docs: https://pytest-mh.readthedocs.io/en/latest/articles/extending/multihost-utilities.html

Other way would be to rely on the backup/restore mechanisms to make sure everything is reverted after each test. But in this case, it needs to be thoroughly documented so the expectation is clear. That might be enough.

So it really depends on how is it going to be used.

jakub-vavra-cz · 2025-01-17T09:21:42Z

@pbrezina, @shridhargadekar : We will probably need a way to either skip topology setup/teardown (no enrolling) so we can join ourselves or create topologies like KnownTopology.UnjoinedAD that will have the machines but not enrolled client. We can use these for example for tests like ldap sasl authid that needs a specific setup (--user-principal=host/name@REALM) to work correctly.

shridhargadekar force-pushed the adcli_0 branch from d6f3db9 to 1052062 Compare January 9, 2025 12:31

andreboscatto requested a review from pbrezina January 9, 2025 13:47

andreboscatto assigned pbrezina Jan 9, 2025

andreboscatto requested a review from spoore1 January 9, 2025 13:51

andreboscatto assigned spoore1 Jan 9, 2025

jakub-vavra-cz reviewed Jan 10, 2025

View reviewed changes

pbrezina requested changes Jan 15, 2025

View reviewed changes

pbrezina requested a review from sumit-bose January 15, 2025 12:27

Adcli: adding class and methods for adcli

dfdf2a7

Adding adcli class, and methods including info, discovery, join

shridhargadekar force-pushed the adcli_0 branch from 1052062 to dfdf2a7 Compare January 16, 2025 14:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Adcli: adding class and methods for adcli #145

Adcli: adding class and methods for adcli #145

shridhargadekar commented Jan 9, 2025

jakub-vavra-cz Jan 10, 2025

pbrezina left a comment

pbrezina Jan 15, 2025

pbrezina Jan 15, 2025

shridhargadekar Jan 16, 2025

pbrezina Jan 15, 2025

shridhargadekar Jan 16, 2025

sumit-bose commented Jan 15, 2025

pbrezina commented Jan 17, 2025

jakub-vavra-cz commented Jan 17, 2025

Adcli: adding class and methods for adcli #145

Are you sure you want to change the base?

Adcli: adding class and methods for adcli #145

Conversation

shridhargadekar commented Jan 9, 2025

jakub-vavra-cz Jan 10, 2025

Choose a reason for hiding this comment

pbrezina left a comment

Choose a reason for hiding this comment

pbrezina Jan 15, 2025

Choose a reason for hiding this comment

pbrezina Jan 15, 2025

Choose a reason for hiding this comment

shridhargadekar Jan 16, 2025

Choose a reason for hiding this comment

pbrezina Jan 15, 2025

Choose a reason for hiding this comment

shridhargadekar Jan 16, 2025

Choose a reason for hiding this comment

sumit-bose commented Jan 15, 2025

pbrezina commented Jan 17, 2025

jakub-vavra-cz commented Jan 17, 2025