[Freeipa-devel] [freeipa PR#1431][opened] Fixing test_testconfig with proper asserts
URL: https://github.com/freeipa/freeipa/pull/1431 Author: felipevolpone Title: #1431: Fixing test_testconfig with proper asserts Action: opened PR body: """ When the `cls` in env_config.py is a WinHost, the `__init__` receives different parameters. Now, it's adapted to all different kinds of hosts. Also, it's necessary to add the host_type field to most of the domains created in the test classes, because the field is returned by `pytest_multihost.Config` in `pytest_plugins/integration/config.py::Config::to_dict` Fixes: [#7346](https://pagure.io/freeipa/issue/7346) """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1431/head:pr1431 git checkout pr1431 From 2638c8f960539b2c759f629a625b05a9ce4ce54f Mon Sep 17 00:00:00 2001 From: Felipe BarretoDate: Wed, 3 Jan 2018 16:09:32 -0200 Subject: [PATCH] Fixing test_testconfig with proper asserts When the cls in env_config.py is a WinHost, the __init__ receives different parameters. Now, it's adapted to all different kinds of hosts. Also, it's necessary to add the host_type field to most of domains created in the test classes, because the field is returned by pytest_multihost.Config in pytest_plugins/integration/config.py::Config::to_dict https://pagure.io/freeipa/issue/7346 --- ipatests/pytest_plugins/integration/env_config.py | 3 +- ipatests/test_integration/test_testconfig.py | 39 --- 2 files changed, 30 insertions(+), 12 deletions(-) diff --git a/ipatests/pytest_plugins/integration/env_config.py b/ipatests/pytest_plugins/integration/env_config.py index d140aa9df6..5208cc0f29 100644 --- a/ipatests/pytest_plugins/integration/env_config.py +++ b/ipatests/pytest_plugins/integration/env_config.py @@ -334,7 +334,8 @@ def host_from_env(env, domain, hostname, role, index, domain_index): cls = domain.get_host_class({}) -return cls(domain, hostname, role, ip, external_hostname) +return cls(domain, hostname, role, ip=ip, + external_hostname=external_hostname) def host_to_env(host, **kwargs): diff --git a/ipatests/test_integration/test_testconfig.py b/ipatests/test_integration/test_testconfig.py index b495f368e4..aaba1621c9 100644 --- a/ipatests/test_integration/test_testconfig.py +++ b/ipatests/test_integration/test_testconfig.py @@ -152,7 +152,7 @@ class TestMinimalConfig(CheckConfig): extra_input_dict = dict( domains=[ dict(name='ipadomain.test', type='IPA', hosts=[ -dict(name='master', ip='192.0.2.1'), +dict(name='master', ip='192.0.2.1', host_type=None), ]), ], ) @@ -171,6 +171,7 @@ class TestMinimalConfig(CheckConfig): ip="192.0.2.1", external_hostname="master.ipadomain.test", role="master", +host_type=None, ), ], ), @@ -212,23 +213,29 @@ class TestComplexConfig(CheckConfig): extra_input_dict = dict( domains=[ dict(name='ipadomain.test', type='IPA', hosts=[ -dict(name='master', ip='192.0.2.1', role='master'), -dict(name='replica1', ip='192.0.2.2', role='replica'), +dict(name='master', ip='192.0.2.1', role='master', + host_type=None), +dict(name='replica1', ip='192.0.2.2', role='replica', + host_type=None), dict(name='replica2', ip='192.0.2.3', role='replica', - external_hostname='r2.ipadomain.test'), -dict(name='client1', ip='192.0.2.4', role='client'), + external_hostname='r2.ipadomain.test', host_type=None), +dict(name='client1', ip='192.0.2.4', role='client', + host_type=None), dict(name='client2', ip='192.0.2.5', role='client', - external_hostname='c2.ipadomain.test'), -dict(name='extra', ip='192.0.2.6', role='extrarole'), -dict(name='extram1', ip='192.0.2.7', role='extrarolem'), + external_hostname='c2.ipadomain.test', host_type=None), +dict(name='extra', ip='192.0.2.6', role='extrarole', + host_type=None), +dict(name='extram1', ip='192.0.2.7', role='extrarolem', + host_type=None), dict(name='extram2', ip='192.0.2.8', role='extrarolem', - external_hostname='e2.ipadomain.test'), + external_hostname='e2.ipadomain.test', host_type=None), ]), dict(name='addomain.test', type='AD', hosts=[ -dict(name='ad', ip='192.0.2.33', role='ad'), +dict(name='ad', ip='192.0.2.33', role='ad', host_type=None), ]),
[Freeipa-devel] Re: freeIPA certificate with Let’s Encrypt
I actually had Rob Crittenden point that issue out to me and encourage me to work on this after I created the shell scripts as a quick fix to solve our immediate internal need. Now I'm dreaming if a day where I can automatically issue and renew certs signed by a publicly trusted CA across our entire infrastructure, internal and external. I've been playing around with APIs and libraries for a couple of days now and I think the most promising approach is to create one library/project that's both a plugin for CertBot (the official ACME/Let's Encrypt client) and a helper for Certmonger at the same time. This would allow any server with Certbot installed to authenticate using FreeIPA/DNS and allow any server with Certmonger to get Let's Encrypt certs. Any/All suggestions are welcome. On Wed, Jan 3, 2018 at 4:46 AM, Martin Kosekwrote: > On 01/02/2018 12:16 PM, Antonia Stevens via FreeIPA-devel wrote: > > Hey Martin and Paride, > > > > There are also some scripts which use DNS auth and allow multiple DNS > > names/aliases/principals: > > > > https://github.com/antevens/letsencrypt-freeipa > > > > In addition to that I recently started work on a Certmonger helper which > > would allow one to use Let's Encrypt certs for the entire infrastructure > > automatically: > > > > https://github.com/antevens/cerlet > > Cool! Sounds quite interesting! We have thought about supporting Let's > Encrypt/ACME in FreeIPA/certmonger also: > https://pagure.io/freeipa/issue/4751 > but did not get to it yet. > > Martin > -- Antonia Stevens a...@antevens.com +1 416 888 6908 <+1%20+(416)%20888-6908> ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1430][opened] Avoid to use non existent attributes
URL: https://github.com/freeipa/freeipa/pull/1430 Author: pilou- Title: #1430: Avoid to use non existent attributes Action: opened PR body: """ Closes: https://pagure.io/freeipa/issue/7345 2nd commit: about `path` used by `ServerInfo._read` and `ServerInfo._write`, I am not sure what value could be used here (with this patch both methods do nothing). Should the domain be used there (for example: `~/.cache/ipa/servers/ipa.test`) or network location extracted from `ipalib.request.context.request_url` ? Related: 3f6411a49c49da7013341ff8feae3a63e75e0fbf. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1430/head:pr1430 git checkout pr1430 From 7a3cc3b696ae4e1b4853a067e5f781658b660097 Mon Sep 17 00:00:00 2001 From: Pierre-Louis BonicoliDate: Wed, 3 Jan 2018 10:34:16 +0100 Subject: [PATCH 1/2] api.env.server doesn't have a default value anymore Fix AttributeError when both xmlrpc_uri and jsonrpc_uri are unset. Default value was removed by 3f6411a49c49da7013341ff8feae3a63e75e0fbf. Using FreeIPA Ansible dynamic inventory: $ ./freeipa.py --list Traceback (most recent call last): File "./ansible/contrib/inventory/freeipa.py", line 95, in api = initialize() File "./ansible/contrib/inventory/freeipa.py", line 18, in initialize api.finalize() File "local/lib/python2.7/site-packages/ipalib/plugable.py", line 738, in finalize self.__do_if_not_done('load_plugins') File "local/lib/python2.7/site-packages/ipalib/plugable.py", line 425, in __do_if_not_done getattr(self, name)() File "local/lib/python2.7/site-packages/ipalib/plugable.py", line 618, in load_plugins for package in self.packages: File "local/lib/python2.7/site-packages/ipalib/__init__.py", line 949, in packages ipaclient.remote_plugins.get_package(self), File "local/lib/python2.7/site-packages/ipaclient/remote_plugins/__init__.py", line 120, in get_package server_info = ServerInfo(api) File "local/lib/python2.7/site-packages/ipaclient/remote_plugins/__init__.py", line 26, in __init__ hostname = DNSName(api.env.server).ToASCII() AttributeError: 'Env' object has no attribute 'server https://pagure.io/freeipa/issue/7345 --- ipaclient/remote_plugins/__init__.py | 28 +++- ipaclient/remote_plugins/schema.py | 2 +- 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/ipaclient/remote_plugins/__init__.py b/ipaclient/remote_plugins/__init__.py index 0dff001762..c70b1259ea 100644 --- a/ipaclient/remote_plugins/__init__.py +++ b/ipaclient/remote_plugins/__init__.py @@ -23,8 +23,6 @@ class ServerInfo(collections.MutableMapping): _DIR = os.path.join(USER_CACHE_PATH, 'ipa', 'servers') def __init__(self, api): -hostname = DNSName(api.env.server).ToASCII() -self._path = os.path.join(self._DIR, hostname) self._force_check = api.env.force_schema_check self._dict = {} @@ -36,11 +34,17 @@ def __init__(self, api): except locale.Error: self._language = 'en_us' -self._read() +self._read(api) + +def _read(self, api): +if 'server' not in api.env: +return + +hostname = DNSName(api.env.server).ToASCII() +_path = os.path.join(self._DIR, hostname) -def _read(self): try: -with open(self._path, 'r') as sc: +with open(_path, 'r') as sc: self._dict = json.load(sc) except Exception as e: if (isinstance(e, EnvironmentError) and @@ -52,14 +56,20 @@ def _read(self): # warn that the file is unreadable, probably corrupted logger.warning('Failed to read server info: %s', e) -def _write(self): +def _write(self, api): +if 'server' not in api.env: +return + +hostname = DNSName(api.env.server).ToASCII() +_path = os.path.join(self._DIR, hostname) + try: try: os.makedirs(self._DIR) except EnvironmentError as e: if e.errno != errno.EEXIST: raise -with open(self._path, 'w') as sc: +with open(_path, 'w') as sc: json.dump(self._dict, sc) except EnvironmentError as e: logger.warning('Failed to write server info: %s', e) @@ -79,12 +89,12 @@ def __iter__(self): def __len__(self): return len(self._dict) -def update_validity(self, ttl=None): +def update_validity(self, client, ttl=None): if ttl is None: ttl = 3600 self['expiration'] = time.time() + ttl self['language'] = self._language -self._write() +self._write(client) def is_valid(self): if self._force_check: diff --git a/ipaclient/remote_plugins/schema.py b/ipaclient/remote_plugins/schema.py index 863d8f1992..a05985c236
[Freeipa-devel] FreeIPA wiki - new backup scripts
Hello, I finished hopefully the final major gap with our new FreeIPA wiki infrastructure - a regular backup. I used our existing AWS infrastructure to come up with a shell script [1] and AWS Lambda function triggering it [2] periodically (daily), to store backups to our S3 storage (database dump and user images). I originally hoped I can come up with something written purely in Python and thus without a need for a VM running custom shell script, but I could not make the OpenShift Python API port forwarding working and wanted to use "mysqldump" anyway. So shell script it is, for now. Questions or feedback welcome! [1] https://github.com/freeipa/freeipa-wiki/blob/master/tools/backup/freeipa-org-wiki-backup.sh [2] https://github.com/freeipa/freeipa-wiki/blob/master/tools/backup/lambda_function.py -- Martin KosekManager, Software Engineering - Identity Management Team Red Hat, Inc. ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org