[Freeipa-devel] [freeipa PR#1431][opened] Fixing test_testconfig with proper asserts

[felipevolpone via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1431
Author: felipevolpone
 Title: #1431: Fixing test_testconfig with proper asserts
Action: opened

PR body:
"""
When the `cls` in env_config.py is a WinHost, the `__init__` receives different
parameters. Now, it's adapted to all different kinds of hosts.

Also, it's necessary to add the host_type field to most of the domains created 
in the
test classes, because the field is returned by `pytest_multihost.Config`
in `pytest_plugins/integration/config.py::Config::to_dict`

Fixes: [#7346](https://pagure.io/freeipa/issue/7346)
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1431/head:pr1431
git checkout pr1431
From 2638c8f960539b2c759f629a625b05a9ce4ce54f Mon Sep 17 00:00:00 2001
From: Felipe Barreto 
Date: Wed, 3 Jan 2018 16:09:32 -0200
Subject: [PATCH] Fixing test_testconfig with proper asserts

When the cls in env_config.py is a WinHost, the __init__ receives different
parameters. Now, it's adapted to all different kinds of hosts.

Also, it's necessary to add the host_type field to most of domains created
in the test classes, because the field is returned by pytest_multihost.Config
in pytest_plugins/integration/config.py::Config::to_dict

https://pagure.io/freeipa/issue/7346
---
 ipatests/pytest_plugins/integration/env_config.py |  3 +-
 ipatests/test_integration/test_testconfig.py  | 39 ---
 2 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/ipatests/pytest_plugins/integration/env_config.py b/ipatests/pytest_plugins/integration/env_config.py
index d140aa9df6..5208cc0f29 100644
--- a/ipatests/pytest_plugins/integration/env_config.py
+++ b/ipatests/pytest_plugins/integration/env_config.py
@@ -334,7 +334,8 @@ def host_from_env(env, domain, hostname, role, index, domain_index):
 
 cls = domain.get_host_class({})
 
-return cls(domain, hostname, role, ip, external_hostname)
+return cls(domain, hostname, role, ip=ip,
+   external_hostname=external_hostname)
 
 
 def host_to_env(host, **kwargs):
diff --git a/ipatests/test_integration/test_testconfig.py b/ipatests/test_integration/test_testconfig.py
index b495f368e4..aaba1621c9 100644
--- a/ipatests/test_integration/test_testconfig.py
+++ b/ipatests/test_integration/test_testconfig.py
@@ -152,7 +152,7 @@ class TestMinimalConfig(CheckConfig):
 extra_input_dict = dict(
 domains=[
 dict(name='ipadomain.test', type='IPA', hosts=[
-dict(name='master', ip='192.0.2.1'),
+dict(name='master', ip='192.0.2.1', host_type=None),
 ]),
 ],
 )
@@ -171,6 +171,7 @@ class TestMinimalConfig(CheckConfig):
 ip="192.0.2.1",
 external_hostname="master.ipadomain.test",
 role="master",
+host_type=None,
 ),
 ],
 ),
@@ -212,23 +213,29 @@ class TestComplexConfig(CheckConfig):
 extra_input_dict = dict(
 domains=[
 dict(name='ipadomain.test', type='IPA', hosts=[
-dict(name='master', ip='192.0.2.1', role='master'),
-dict(name='replica1', ip='192.0.2.2', role='replica'),
+dict(name='master', ip='192.0.2.1', role='master',
+ host_type=None),
+dict(name='replica1', ip='192.0.2.2', role='replica',
+ host_type=None),
 dict(name='replica2', ip='192.0.2.3', role='replica',
-  external_hostname='r2.ipadomain.test'),
-dict(name='client1', ip='192.0.2.4', role='client'),
+ external_hostname='r2.ipadomain.test', host_type=None),
+dict(name='client1', ip='192.0.2.4', role='client',
+ host_type=None),
 dict(name='client2', ip='192.0.2.5', role='client',
-  external_hostname='c2.ipadomain.test'),
-dict(name='extra', ip='192.0.2.6', role='extrarole'),
-dict(name='extram1', ip='192.0.2.7', role='extrarolem'),
+ external_hostname='c2.ipadomain.test', host_type=None),
+dict(name='extra', ip='192.0.2.6', role='extrarole',
+ host_type=None),
+dict(name='extram1', ip='192.0.2.7', role='extrarolem',
+ host_type=None),
 dict(name='extram2', ip='192.0.2.8', role='extrarolem',
-  external_hostname='e2.ipadomain.test'),
+ external_hostname='e2.ipadomain.test', host_type=None),
 ]),
 dict(name='addomain.test', type='AD', hosts=[
-dict(name='ad', ip='192.0.2.33', role='ad'),
+dict(name='ad', ip='192.0.2.33', role='ad', host_type=None),
 ]),
 

[Freeipa-devel] Re: freeIPA certificate with Let’s Encrypt

[Antonia Stevens via FreeIPA-devel]

I actually had Rob Crittenden point that issue out to me and encourage me
to work on this after I created the shell scripts as a quick fix to solve
our immediate internal need.

Now I'm dreaming if a day where I can automatically issue and renew certs
signed by a publicly trusted CA across our entire infrastructure, internal
and external.

I've been playing around with APIs and libraries for a couple of days now
and I think the most promising approach is to create one library/project
that's both a plugin for CertBot (the official ACME/Let's Encrypt client)
and a helper for Certmonger at the same time.

This would allow any server with Certbot installed to authenticate using
FreeIPA/DNS and allow any server with Certmonger to get Let's Encrypt certs.

Any/All suggestions are welcome.

On Wed, Jan 3, 2018 at 4:46 AM, Martin Kosek  wrote:

> On 01/02/2018 12:16 PM, Antonia Stevens via FreeIPA-devel wrote:
> > Hey Martin and Paride,
> >
> > There are also some scripts which use DNS auth and allow multiple DNS
> > names/aliases/principals:
> >
> > https://github.com/antevens/letsencrypt-freeipa
> >
> > In addition to that I recently started work on a Certmonger helper which
> > would allow one to use Let's Encrypt certs for the entire infrastructure
> > automatically:
> >
> > https://github.com/antevens/cerlet
>
> Cool! Sounds quite interesting! We have thought about supporting Let's
> Encrypt/ACME in FreeIPA/certmonger also:
> https://pagure.io/freeipa/issue/4751
> but did not get to it yet.
>
> Martin
>



-- 
Antonia Stevens
a...@antevens.com
+1 416 888 6908 <+1%20+(416)%20888-6908>
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1430][opened] Avoid to use non existent attributes

[pilou- via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1430
Author: pilou-
 Title: #1430: Avoid to use non existent attributes
Action: opened

PR body:
"""
Closes: https://pagure.io/freeipa/issue/7345

2nd commit: about `path` used by `ServerInfo._read` and `ServerInfo._write`, I 
am not sure what value could be used here (with this patch both methods do 
nothing). Should the domain be used there (for example: 
`~/.cache/ipa/servers/ipa.test`) or network location extracted from 
`ipalib.request.context.request_url` ?

Related: 3f6411a49c49da7013341ff8feae3a63e75e0fbf.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1430/head:pr1430
git checkout pr1430
From 7a3cc3b696ae4e1b4853a067e5f781658b660097 Mon Sep 17 00:00:00 2001
From: Pierre-Louis Bonicoli 
Date: Wed, 3 Jan 2018 10:34:16 +0100
Subject: [PATCH 1/2] api.env.server doesn't have a default value anymore

Fix AttributeError when both xmlrpc_uri and jsonrpc_uri are unset.

Default value was removed by 3f6411a49c49da7013341ff8feae3a63e75e0fbf.

Using FreeIPA Ansible dynamic inventory:
$ ./freeipa.py --list
Traceback (most recent call last):
  File "./ansible/contrib/inventory/freeipa.py", line 95, in 
api = initialize()
  File "./ansible/contrib/inventory/freeipa.py", line 18, in initialize
api.finalize()
  File "local/lib/python2.7/site-packages/ipalib/plugable.py", line 738, in finalize
self.__do_if_not_done('load_plugins')
  File "local/lib/python2.7/site-packages/ipalib/plugable.py", line 425, in __do_if_not_done
getattr(self, name)()
  File "local/lib/python2.7/site-packages/ipalib/plugable.py", line 618, in load_plugins
for package in self.packages:
  File "local/lib/python2.7/site-packages/ipalib/__init__.py", line 949, in packages
ipaclient.remote_plugins.get_package(self),
  File "local/lib/python2.7/site-packages/ipaclient/remote_plugins/__init__.py", line 120, in get_package
server_info = ServerInfo(api)
  File "local/lib/python2.7/site-packages/ipaclient/remote_plugins/__init__.py", line 26, in __init__
hostname = DNSName(api.env.server).ToASCII()
AttributeError: 'Env' object has no attribute 'server

https://pagure.io/freeipa/issue/7345
---
 ipaclient/remote_plugins/__init__.py | 28 +++-
 ipaclient/remote_plugins/schema.py   |  2 +-
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/ipaclient/remote_plugins/__init__.py b/ipaclient/remote_plugins/__init__.py
index 0dff001762..c70b1259ea 100644
--- a/ipaclient/remote_plugins/__init__.py
+++ b/ipaclient/remote_plugins/__init__.py
@@ -23,8 +23,6 @@ class ServerInfo(collections.MutableMapping):
 _DIR = os.path.join(USER_CACHE_PATH, 'ipa', 'servers')
 
 def __init__(self, api):
-hostname = DNSName(api.env.server).ToASCII()
-self._path = os.path.join(self._DIR, hostname)
 self._force_check = api.env.force_schema_check
 self._dict = {}
 
@@ -36,11 +34,17 @@ def __init__(self, api):
 except locale.Error:
 self._language = 'en_us'
 
-self._read()
+self._read(api)
+
+def _read(self, api):
+if 'server' not in api.env:
+return
+
+hostname = DNSName(api.env.server).ToASCII()
+_path = os.path.join(self._DIR, hostname)
 
-def _read(self):
 try:
-with open(self._path, 'r') as sc:
+with open(_path, 'r') as sc:
 self._dict = json.load(sc)
 except Exception as e:
 if (isinstance(e, EnvironmentError) and
@@ -52,14 +56,20 @@ def _read(self):
 # warn that the file is unreadable, probably corrupted
 logger.warning('Failed to read server info: %s', e)
 
-def _write(self):
+def _write(self, api):
+if 'server' not in api.env:
+return
+
+hostname = DNSName(api.env.server).ToASCII()
+_path = os.path.join(self._DIR, hostname)
+
 try:
 try:
 os.makedirs(self._DIR)
 except EnvironmentError as e:
 if e.errno != errno.EEXIST:
 raise
-with open(self._path, 'w') as sc:
+with open(_path, 'w') as sc:
 json.dump(self._dict, sc)
 except EnvironmentError as e:
 logger.warning('Failed to write server info: %s', e)
@@ -79,12 +89,12 @@ def __iter__(self):
 def __len__(self):
 return len(self._dict)
 
-def update_validity(self, ttl=None):
+def update_validity(self, client, ttl=None):
 if ttl is None:
 ttl = 3600
 self['expiration'] = time.time() + ttl
 self['language'] = self._language
-self._write()
+self._write(client)
 
 def is_valid(self):
 if self._force_check:
diff --git a/ipaclient/remote_plugins/schema.py b/ipaclient/remote_plugins/schema.py
index 863d8f1992..a05985c236 

[Freeipa-devel] FreeIPA wiki - new backup scripts

[Martin Kosek via FreeIPA-devel]

Hello,

I finished hopefully the final major gap with our new FreeIPA wiki
infrastructure - a regular backup.

I used our existing AWS infrastructure to come up with a shell script
[1] and AWS Lambda function triggering it [2] periodically (daily), to
store backups to our S3 storage (database dump and user images).

I originally hoped I can come up with something written purely in Python
and thus without a need for a VM running custom shell script, but I
could not make the OpenShift Python API port forwarding working and
wanted to use "mysqldump" anyway. So shell script it is, for now.

Questions or feedback welcome!

[1]
https://github.com/freeipa/freeipa-wiki/blob/master/tools/backup/freeipa-org-wiki-backup.sh
[2]
https://github.com/freeipa/freeipa-wiki/blob/master/tools/backup/lambda_function.py

-- 
Martin Kosek 
Manager, Software Engineering - Identity Management Team
Red Hat, Inc.
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org