[Freeipa-devel] [freeipa PR#1957][opened] Making nigthly test definition editable by FreeIPA contributors
URL: https://github.com/freeipa/freeipa/pull/1957 Author: felipevolpone Title: #1957: Making nigthly test definition editable by FreeIPA contributors Action: opened PR body: """ Now the test definition of nightly tests will be on freeipa repo. The the definition that's used on every PR (previously as .freeipa-pr-ci.yaml) is in ipatests/prci_definitions/gating and the .freeipa-pr-ci.yaml file is just a symlink to the real file. In the same dir there is also nightly_master and nightly_rawhide, both to be used in nightly tests. This PR is the result of the discussion on freeipa-devel mailing list [1]. [1] https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/4VAWJ4SFKKBFFICDLQCTXJWRRQHIYJLL/ PS: This PR depends on [this PR in freeipa-pr-ci](https://github.com/freeipa/freeipa-pr-ci/pull/201) """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1957/head:pr1957 git checkout pr1957 From 96de312ba6b9884282119b4057cbc7901a6d681b Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 23 May 2018 19:06:50 -0300 Subject: [PATCH] Making nigthly test definition editable by FreeIPA's contributors Now the test definition of nightly tests will be on freeipa repo. The definition that's used on every PR (previously as .freeipa-pr-ci.yaml) is in ipatests/prci_definitions/gating and the .freeipa-pr-ci.yaml file is just a symlink to the real file. In the same dir there is also nightly_master and nightly_rawhide, both to be used in nightly tests. This PR is the result of discussion on freeipa-devel mailing list [1]. [1] https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/4VAWJ4SFKKBFFICDLQCTXJWRRQHIYJLL/ --- .freeipa-pr-ci.yaml | 210 +- ipatests/prci_definitions/gating | 209 + ipatests/prci_definitions/nightly_master | 676 ++ ipatests/prci_definitions/nightly_rawhide | 676 ++ 4 files changed, 1562 insertions(+), 209 deletions(-) mode change 100644 => 12 .freeipa-pr-ci.yaml create mode 100644 ipatests/prci_definitions/gating create mode 100644 ipatests/prci_definitions/nightly_master create mode 100644 ipatests/prci_definitions/nightly_rawhide diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml deleted file mode 100644 index 3a982940d8..00 --- a/.freeipa-pr-ci.yaml +++ /dev/null @@ -1,209 +0,0 @@ -topologies: - build: &build -name: build -cpu: 2 -memory: 3800 - master_1repl: &master_1repl -name: master_1repl -cpu: 4 -memory: 5750 - master_1repl_1client: &master_1repl_1client -name: master_1repl_1client -cpu: 4 -memory: 6700 - -jobs: - fedora-28/build: -requires: [] -priority: 100 -job: - class: Build - args: -git_repo: '{git_repo}' -git_refspec: '{git_refspec}' -template: &ci-master-f28 - name: freeipa/ci-master-f28 - version: 0.1.5 -timeout: 1800 -topology: *build - - fedora-28/simple_replication: -requires: [fedora-28/build] -priority: 50 -job: - class: RunPytest - args: -build_url: '{fedora-28/build_url}' -test_suite: test_integration/test_simple_replication.py -template: *ci-master-f28 -timeout: 3600 -topology: *master_1repl - - fedora-28/caless: -requires: [fedora-28/build] -priority: 50 -job: - class: RunPytest - args: -build_url: '{fedora-28/build_url}' -test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull -template: *ci-master-f28 -timeout: 3600 -topology: *master_1repl - - fedora-28/external_ca: -requires: [fedora-28/build] -priority: 50 -job: - class: RunPytest - args: -build_url: '{fedora-28/build_url}' -test_suite: test_integration/test_external_ca.py::TestExternalCA test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall -template: *ci-master-f28 -timeout: 3600 -topology: *master_1repl - - fedora-28/test_topologies: -requires: [fedora-28/build] -priority: 50 -job: - class: RunPytest - args: -build_url: '{fedora-28/build_url}' -test_suite: test_integration/test_topologies.py -template: *ci-master-f28 -timeout: 3600 -topology: *master_1repl - - fedora-28/test_sudo: -requires: [fedora-28/build] -priority: 50 -job: - class: RunPytest - args: -build_url: '{fedora-28/build_url}' -test_suite: test_integration/test_sudo.py -template: *ci-master-f28 -timeout: 3600 -topology: *master_1repl_1client - - fedora-28/test_ipa_cli: -requires: [fedora-28/build] -priority: 50 -job: - class: RunPytest - args: -
[Freeipa-devel] [freeipa PR#1831][closed] Fixing test_topology tests
URL: https://github.com/freeipa/freeipa/pull/1831 Author: felipevolpone Title: #1831: Fixing test_topology tests Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1831/head:pr1831 git checkout pr1831 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1831][closed] Fixing test_topology tests
URL: https://github.com/freeipa/freeipa/pull/1831 Author: felipevolpone Title: #1831: Fixing test_topology tests Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1831/head:pr1831 git checkout pr1831 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1831][reopened] Fixing test_topology tests
URL: https://github.com/freeipa/freeipa/pull/1831 Author: felipevolpone Title: #1831: Fixing test_topology tests Action: reopened To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1831/head:pr1831 git checkout pr1831 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1914][opened] Fixing DNSSEC tests with restarting named
URL: https://github.com/freeipa/freeipa/pull/1914 Author: felipevolpone Title: #1914: Fixing DNSSEC tests with restarting named Action: opened PR body: """ This commit fixes: - TestInstallDNSSECLast::test_disable_reenable_signing_master - TestInstallDNSSECLast::test_disable_reenable_signing_replica - TestInstallDNSSECFirst::test_chain_of_trust https://pagure.io/freeipa/issue/5670 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1914/head:pr1914 git checkout pr1914 From f61929cf00bd63f63487dff882b0c981203fad71 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 9 May 2018 11:44:19 -0300 Subject: [PATCH 1/2] Fixing DNSSEC tests with restarting named This commit fixes: - TestInstallDNSSECLast::test_disable_reenable_signing_master - TestInstallDNSSECLast::test_disable_reenable_signing_replica - TestInstallDNSSECFirst::test_chain_of_trust https://pagure.io/freeipa/issue/5670 --- ipatests/test_integration/test_dnssec.py | 6 ++ 1 file changed, 6 insertions(+) diff --git a/ipatests/test_integration/test_dnssec.py b/ipatests/test_integration/test_dnssec.py index 40b4e1b356..111256adde 100644 --- a/ipatests/test_integration/test_dnssec.py +++ b/ipatests/test_integration/test_dnssec.py @@ -187,6 +187,8 @@ def test_disable_reenable_signing_master(self): self.replicas[0].ip, test_zone, timeout=200 ), "DNS zone %s is not signed (replica)" % test_zone +tasks.restart_named(self.master) + dnskey_new = resolve_with_dnssec(self.master.ip, test_zone, rtype="DNSKEY").rrset assert dnskey_old != dnskey_new, "DNSKEY should be different" @@ -234,6 +236,8 @@ def test_disable_reenable_signing_replica(self): self.replicas[0].ip, test_zone_repl, timeout=200 ), "DNS zone %s is not signed (replica)" % test_zone_repl +tasks.restart_named(self.master) + dnskey_new = resolve_with_dnssec(self.replicas[0].ip, test_zone_repl, rtype="DNSKEY").rrset assert dnskey_old != dnskey_new, "DNSKEY should be different" @@ -327,6 +331,8 @@ def test_chain_of_trust(self): "--ns-rec=" + self.master.hostname ] self.master.run_command(args) +tasks.restart_named(self.master) + # wait until zone is signed assert wait_until_record_is_signed( self.master.ip, example_test_zone, timeout=100 From f14d941a8202cd1b67b7e68d3f5eb3fc067d2736 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 9 May 2018 11:49:19 -0300 Subject: [PATCH 2/2] temp commit: adding test_dnssec to run --- .freeipa-pr-ci.yaml | 15 +++ 1 file changed, 15 insertions(+) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index a16b388695..3a945f236f 100644 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -11,6 +11,10 @@ topologies: name: master_1repl_1client cpu: 4 memory: 6700 + master_2repl_1client: &master_2repl_1client +name: master_2repl_1client +cpu: 5 +memory: 9100 jobs: fedora-27/build: @@ -207,3 +211,14 @@ jobs: timeout: 3600 topology: *master_1repl_1client + fedora-27/test_dnssec: +requires: [fedora-27/build] +priority: 50 +job: + class: RunPytest + args: +build_url: '{fedora-27/build_url}' +test_suite: test_integration/test_dnssec.py +template: *ci-master-f27 +timeout: 8000 +topology: *master_2repl_1client ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1748][closed] Fix certificate retrieval in ipa-replica-prepare for DL0
URL: https://github.com/freeipa/freeipa/pull/1748 Author: rcritten Title: #1748: Fix certificate retrieval in ipa-replica-prepare for DL0 Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1748/head:pr1748 git checkout pr1748 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1904][opened] [temp PR] f28 Patches and all tests f28
URL: https://github.com/freeipa/freeipa/pull/1904 Author: felipevolpone Title: #1904: [temp PR] f28 Patches and all tests f28 Action: opened PR body: """ Applying patches from PR #1871 and nightly tests """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1904/head:pr1904 git checkout pr1904 From 5f367231c290119cb35f7a0a7ee76c9eb7dc8479 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Fri, 27 Apr 2018 18:28:44 +0200 Subject: [PATCH 1/4] Run PR-CI with Fedora 28 Signed-off-by: Christian Heimes --- .freeipa-pr-ci.yaml | 132 ++-- 1 file changed, 66 insertions(+), 66 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index a16b388695..7f8cc4605a 100644 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -13,7 +13,7 @@ topologies: memory: 6700 jobs: - fedora-27/build: + fedora-28/build: requires: [] priority: 100 job: @@ -21,189 +21,189 @@ jobs: args: git_repo: '{git_repo}' git_refspec: '{git_refspec}' -template: &ci-master-f27 - name: freeipa/ci-master-f27 - version: 1.0.3 +template: &ci-master-f28 + name: freeipa/ci-master-f28 + version: 0.1.5 timeout: 1800 topology: *build - fedora-27/simple_replication: -requires: [fedora-27/build] + fedora-28/simple_replication: +requires: [fedora-28/build] priority: 50 job: class: RunPytest args: -build_url: '{fedora-27/build_url}' +build_url: '{fedora-28/build_url}' test_suite: test_integration/test_simple_replication.py -template: *ci-master-f27 +template: *ci-master-f28 timeout: 3600 topology: *master_1repl - fedora-27/caless: -requires: [fedora-27/build] + fedora-28/caless: +requires: [fedora-28/build] priority: 50 job: class: RunPytest args: -build_url: '{fedora-27/build_url}' +build_url: '{fedora-28/build_url}' test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull -template: *ci-master-f27 +template: *ci-master-f28 timeout: 3600 topology: *master_1repl - fedora-27/external_ca: -requires: [fedora-27/build] + fedora-28/external_ca: +requires: [fedora-28/build] priority: 50 job: class: RunPytest args: -build_url: '{fedora-27/build_url}' +build_url: '{fedora-28/build_url}' test_suite: test_integration/test_external_ca.py -template: *ci-master-f27 -timeout: 3600 +template: *ci-master-f28 +timeout: 4500 topology: *master_1repl - fedora-27/test_topologies: -requires: [fedora-27/build] + fedora-28/test_topologies: +requires: [fedora-28/build] priority: 50 job: class: RunPytest args: -build_url: '{fedora-27/build_url}' +build_url: '{fedora-28/build_url}' test_suite: test_integration/test_topologies.py -template: *ci-master-f27 +template: *ci-master-f28 timeout: 3600 topology: *master_1repl - fedora-27/test_sudo: -requires: [fedora-27/build] + fedora-28/test_sudo: +requires: [fedora-28/build] priority: 50 job: class: RunPytest args: -build_url: '{fedora-27/build_url}' +build_url: '{fedora-28/build_url}' test_suite: test_integration/test_sudo.py -template: *ci-master-f27 +template: *ci-master-f28 timeout: 3600 topology: *master_1repl_1client - fedora-27/test_ipa_cli: -requires: [fedora-27/build] + fedora-28/test_ipa_cli: +requires: [fedora-28/build] priority: 50 job: class: RunPytest args: -build_url: '{fedora-27/build_url}' +build_url: '{fedora-28/build_url}' test_suite: test_integration/test_ipa_cli.py -template: *ci-master-f27 +template: *ci-master-f28 timeout: 3600 topology: *master_1repl - fedora-27/test_kerberos_flags: -requires: [fedora-27/build] + fedora-28/test_kerberos_flags: +requires: [fedora-28/build] priority: 50 job: class: RunPytest args: -build_url: '{fedora-27/build_url}' +build_url: '{fedora-28/build_url}' test_suite: test_integration/test_kerberos_flags.py -template: *ci-master-f27 +template: *ci-master-f28 timeout: 3600 topology: *master_1repl_1client - fedora-27/test_http_kdc_proxy: -requires: [fedora-27/build] + fedora-28/test_http_kdc_proxy: +requires: [fedora-28/build] priority: 50 job: class: RunPytest args: -build_url: '{fedora-27/build_url}' +build_url: '{fedora-28/build_url}' test_suite: test_integration/test_http_kdc_proxy.py -temp
[Freeipa-devel] [freeipa PR#1891][closed] [testing_rawhide] Nightly PR
URL: https://github.com/freeipa/freeipa/pull/1891 Author: freeipa-pr-ci Title: #1891: [testing_rawhide] Nightly PR Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1891/head:pr1891 git checkout pr1891 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1844][closed] Fixing TestBackupAndRestore
URL: https://github.com/freeipa/freeipa/pull/1844 Author: felipevolpone Title: #1844: Fixing TestBackupAndRestore Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1844/head:pr1844 git checkout pr1844 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1856][opened] [Backport][ipa-4-6] Fixing TestBackupAndRestore
URL: https://github.com/freeipa/freeipa/pull/1856 Author: felipevolpone Title: #1856: [Backport][ipa-4-6] Fixing TestBackupAndRestore Action: opened PR body: """ This PR was opened automatically because PR #1844 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1856/head:pr1856 git checkout pr1856 From cbe0822c8933f9f2b6a3ac6c518d8915139cd73d Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 18 Apr 2018 16:00:32 -0300 Subject: [PATCH 1/2] Adding GSSPROXY_CONF to be backed up on ipa-backup Without GSSPROXY_CONF being backed up, we would get this error "ipa: ERROR: No valid Negotiate header in server response" when running any ipa command after a backup restore. This commit also fixes the tests: - TestBackupAndRestore::test_full_backup_and_restore - TesttBackupAndRestore::test_full_backup_and_restore_with_selinux_booleans_off https://pagure.io/freeipa/issue/7473 --- ipaserver/install/ipa_backup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index 475d846e6e..b0c1059acd 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -190,6 +190,7 @@ class Backup(admintool.AdminTool): paths.IPA_DNSKEYSYNCD_KEYTAB, paths.IPA_CUSTODIA_KEYS, paths.IPA_CUSTODIA_CONF, +paths.GSSPROXY_CONF, paths.HOSTS, ) + tuple( os.path.join(paths.IPA_NSSDB_DIR, file) From 0cd754664a8652f4164e1edf1ab8be70bd5fc303 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 23 Apr 2018 08:28:30 -0300 Subject: [PATCH 2/2] Fixing TestBackupAndRestore::test_full_backup_and_restore_with_removed_users The test as it was, was testing the backup and restore based on previous backups and restore, not with an actual installation. Now, with a clear setup for each test, the test mentioned above will not fail to do a lookup (using the host command, in check_dns method) for the master domain. --- ipatests/test_integration/test_backup_and_restore.py | 4 1 file changed, 4 insertions(+) diff --git a/ipatests/test_integration/test_backup_and_restore.py b/ipatests/test_integration/test_backup_and_restore.py index 266c36e3fd..089847bbb7 100644 --- a/ipatests/test_integration/test_backup_and_restore.py +++ b/ipatests/test_integration/test_backup_and_restore.py @@ -164,6 +164,8 @@ def test_full_backup_and_restore(self): def test_full_backup_and_restore_with_removed_users(self): """regression test for https://fedorahosted.org/freeipa/ticket/3866"""; +tasks.uninstall_master(self.master) +tasks.install_master(self.master) with restore_checker(self.master): backup_path = backup(self.master) @@ -187,6 +189,8 @@ def test_full_backup_and_restore_with_removed_users(self): def test_full_backup_and_restore_with_selinux_booleans_off(self): """regression test for https://fedorahosted.org/freeipa/ticket/4157"""; +tasks.uninstall_master(self.master) +tasks.install_master(self.master) with restore_checker(self.master): backup_path = backup(self.master) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1844][opened] Fixing TestBackupAndRestore
URL: https://github.com/freeipa/freeipa/pull/1844 Author: felipevolpone Title: #1844: Fixing TestBackupAndRestore Action: opened PR body: """ Adding GSSPROXY_CONF to be backed up on ipa-backup Without GSSPROXY_CONF being backed up, we would get this error "ipa: ERROR: No valid Negotiate header in server response" when running any ipa command after a ipa backup and restore. This commit also fixes the tests: - TestBackupAndRestore::test_full_backup_and_restore - TesttBackupAndRestore::test_full_backup_and_restore_with_selinux_booleans_off https://pagure.io/freeipa/issue/7473 Fixing TestBackupAndRestore::test_full_backup_and_restore_with_removed_users The test as it was, was testing the backup and restore based on previous backups and restore, not with an actual installation. Now, with a clear setup for each test, the test mentioned above will not fail to do a lookup (using the host command, in check_dns method) for the master domain. --- Once we have an ack, I'll remove the temp commit. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1844/head:pr1844 git checkout pr1844 From 342b0695518ff5d3bae9d0ff914d94c6f06d836b Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 18 Apr 2018 16:00:32 -0300 Subject: [PATCH 1/3] Adding GSSPROXY_CONF to be backed up on ipa-backup Without GSSPROXY_CONF being backed up, we would get this error "ipa: ERROR: No valid Negotiate header in server response" when running any ipa command after a backup restore. This commit also fixes the tests: - TestBackupAndRestore::test_full_backup_and_restore - TesttBackupAndRestore::test_full_backup_and_restore_with_selinux_booleans_off https://pagure.io/freeipa/issue/7473 --- ipaserver/install/ipa_backup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index c8382cbfb5..a61a70e226 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -190,6 +190,7 @@ class Backup(admintool.AdminTool): paths.IPA_DNSKEYSYNCD_KEYTAB, paths.IPA_CUSTODIA_KEYS, paths.IPA_CUSTODIA_CONF, +paths.GSSPROXY_CONF, paths.HOSTS, ) + tuple( os.path.join(paths.IPA_NSSDB_DIR, file) From 78902ced4890c6e5af14906961ec783334a46cd5 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 23 Apr 2018 08:28:30 -0300 Subject: [PATCH 2/3] Fixing TestBackupAndRestore::test_full_backup_and_restore_with_removed_users The test as it was, was testing the backup and restore based on previous backups and restore, not with an actual installation. Now, with a clear setup for each test, the test mentioned above will not fail to do a lookup (using the host command, in check_dns method) for the master domain. --- ipatests/test_integration/test_backup_and_restore.py | 4 1 file changed, 4 insertions(+) diff --git a/ipatests/test_integration/test_backup_and_restore.py b/ipatests/test_integration/test_backup_and_restore.py index f8bc16601e..e7fe94b0f1 100644 --- a/ipatests/test_integration/test_backup_and_restore.py +++ b/ipatests/test_integration/test_backup_and_restore.py @@ -177,6 +177,8 @@ def test_full_backup_and_restore(self): def test_full_backup_and_restore_with_removed_users(self): """regression test for https://fedorahosted.org/freeipa/ticket/3866"""; +tasks.uninstall_master(self.master) +tasks.install_master(self.master) with restore_checker(self.master): backup_path = backup(self.master) @@ -200,6 +202,8 @@ def test_full_backup_and_restore_with_removed_users(self): def test_full_backup_and_restore_with_selinux_booleans_off(self): """regression test for https://fedorahosted.org/freeipa/ticket/4157"""; +tasks.uninstall_master(self.master) +tasks.install_master(self.master) with restore_checker(self.master): backup_path = backup(self.master) From a427c7ae713bb6d9c40f025e674fab5452e16d74 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 23 Apr 2018 08:20:59 -0300 Subject: [PATCH 3/3] temp commit: adding test --- .freeipa-pr-ci.yaml | 12 1 file changed, 12 insertions(+) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index c95bef79e2..a5d86f2bcf 100644 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -182,3 +182,15 @@ jobs: template: *ci-master-f27 timeout: 3600 topology: *master_1repl + + fedora-27/test_backup_and_restore_TestBackupAndRestore: +requires: [fedora-27/build] +priority: 50 +job: + class: RunPytest + args: +build_url: '{fedora-27/build_url}' +test_suite: test_integration/test_backup_and_restore.py::TestBackupAndRestore +template: *ci-master-f27 +timeout: 7200 +topology: *master_1repl ___ FreeIPA-devel mailing list -- freeipa-devel@
[Freeipa-devel] [freeipa PR#1831][opened] Fixing test_topology tests
URL: https://github.com/freeipa/freeipa/pull/1831 Author: felipevolpone Title: #1831: Fixing test_topology tests Action: opened PR body: """ Fixing TestCASpecificRUVs::test_replica_uninstall_deletes_ruvs This test will setup a master and a replica, uninstall replica and check for the replica RUVs on the master. It was missing the step of running ipa-replica-manage del to properly remove the RUVs. Fixing tests on TestReplicaManageDel This commit fixes the tests on class TestReplicaManageDel: - test_replica_managed_del_domlevel1 - test_clean_dangling_ruv_multi_ca - test_replica_managed_del_domlevel0 Given that domain level 0 doest not have autodiscovery, we need to configure /etc/resolv.conf with the master data (search and nameserver ) in order to ipa-replica-install succeed. --- **Atention**: This patch should not be pushed until PR #1748 get merged. As usual, as soon as we have an ack, I'll rebase the PR and remove the temp commit. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1831/head:pr1831 git checkout pr1831 From 1a23d01ecc74760d2affe9527eb56ac81378ebfe Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 18 Apr 2018 14:52:25 -0300 Subject: [PATCH 1/4] Fixing TestCASpecificRUVs::test_replica_uninstall_deletes_ruvs This test will setup a master and a replica, uninstall replica and check for the replica RUVs on the master. It was missing the step of running ipa-replica-manage del to properly remove the RUVs. --- ipatests/test_integration/test_topology.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipatests/test_integration/test_topology.py b/ipatests/test_integration/test_topology.py index 35898c0796..dd24f7b910 100644 --- a/ipatests/test_integration/test_topology.py +++ b/ipatests/test_integration/test_topology.py @@ -239,6 +239,9 @@ def test_replica_uninstall_deletes_ruvs(self): assert(res1.count(replica.hostname) == 2), ( "Did not find proper number of replica hostname (%s) occurrencies" " in the command output: %s" % (replica.hostname, res1)) + +master.run_command(['ipa-replica-manage', 'del', replica.hostname, +'-p', master.config.dirman_password]) tasks.uninstall_master(replica) res2 = master.run_command(['ipa-replica-manage', 'list-ruv', '-p', master.config.dirman_password]).stdout_text From e883f18f897715178f8f7297e8038c5ff36eb734 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 18 Apr 2018 14:54:09 -0300 Subject: [PATCH 2/4] Fixing tests on TestReplicaManageDel This commit fixes the tests on class TestReplicaManageDel: - test_replica_managed_del_domlevel1 - test_clean_dangling_ruv_multi_ca - test_replica_managed_del_domlevel0 Given that domain level 0 doest not have autodiscovery, we need to configure /etc/resolv.conf with the master data (search and nameserver ) in order to ipa-replica-install succeed. --- ipatests/pytest_plugins/integration/tasks.py | 15 +++ 1 file changed, 15 insertions(+) diff --git a/ipatests/pytest_plugins/integration/tasks.py b/ipatests/pytest_plugins/integration/tasks.py index 59fb202e35..542f1a98ca 100644 --- a/ipatests/pytest_plugins/integration/tasks.py +++ b/ipatests/pytest_plugins/integration/tasks.py @@ -338,10 +338,25 @@ def master_authoritative_for_client_domain(master, client): raiseonerr=False) return result.returncode == 0 + +def _config_replica_resolvconf_with_master_data(master, replica): +""" +Configure replica /etc/resolv.conf to use master as DNS server +""" +content = ('search {domain}\nnameserver {master_ip}' + .format(domain=master.domain.name, master_ip=master.ip)) +replica.put_file_contents(paths.RESOLV_CONF, content) + + def replica_prepare(master, replica, extra_args=(), raiseonerr=True, stdin_text=None): fix_apache_semaphores(replica) prepare_reverse_zone(master, replica.ip) + +# in domain level 0 there is no autodiscovery, so it's necessary to +# change /etc/resolv.conf to find master DNS server +_config_replica_resolvconf_with_master_data(master, replica) + args = ['ipa-replica-prepare', '-p', replica.config.dirman_password, replica.hostname] From 11d4e7ff8c3c25ff3bb14db555a816ef11722376 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 27 Mar 2018 16:59:55 -0400 Subject: [PATCH 3/4] Fix certificate retrieval in ipa-replica-prepare for DL0 The NSSDatabase object doesn't know the format of an NSS database until the database is created so an explcit call to nssdb.create_db. https://pagure.io/freeipa/issue/7469 Signed-off-by: Rob Crittenden --- ipaserver/install/certs.py | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 448ca8cc06..17bb
[Freeipa-devel] [freeipa PR#1801][opened] Reverting commit 6b145bf3e696e6d40b74055ccdf8d14da7828a09
URL: https://github.com/freeipa/freeipa/pull/1801 Author: felipevolpone Title: #1801: Reverting commit 6b145bf3e696e6d40b74055ccdf8d14da7828a09 Action: opened PR body: """ Commit 6b145bf should not be pushed, because it was not the intention to add a new test to .freeipa-pr-ci. This commits reverts its change. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1801/head:pr1801 git checkout pr1801 From f6563476659a4ffa5b4b038b44ace9feed7b5032 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 11 Apr 2018 11:10:27 -0300 Subject: [PATCH] Reverting commit 6b145bf3e696e6d40b74055ccdf8d14da7828a09 Commit 6b145bf3e696e6d40b74055ccdf8d14da7828a09 should not be pushed, because it was not the intention to add a new test to .freeipa-pr-ci. This commits reverts its change. --- .freeipa-pr-ci.yaml | 13 - 1 file changed, 13 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index 1c261141f0..c95bef79e2 100644 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -182,16 +182,3 @@ jobs: template: *ci-master-f27 timeout: 3600 topology: *master_1repl - - fedora-27/test_installation_TestInstallMasterReservedIPasForwarder: -requires: [fedora-27/build] -priority: 50 -job: - class: RunPytest - args: -build_url: '{fedora-27/build_url}' -test_suite: test_integration/test_installation.py::TestInstallMasterReservedIPasForwarder -template: *ci-master-f27 -timeout: 10800 -topology: *master_1repl - ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1772][opened] Check if ldap_uri is on /etc/ipa/default.conf
URL: https://github.com/freeipa/freeipa/pull/1772 Author: felipevolpone Title: #1772: Check if ldap_uri is on /etc/ipa/default.conf Action: opened PR body: """ When removing a replica there are cases when ldap_uri is not on the /etc/ipa/default.conf file anymore. So, before trying to get the value of it, now the code checks if it's there first. https://pagure.io/freeipa/issue/7474 This PR fixes the test `test_replica_promotion.py::TestReplicaPromotionLevel0::test_promotion_disabled ` Full log: https://fedorapeople.org/groups/freeipa/prci/jobs/48fd7274-3162-11e8-8f04-fa163efc0cae/report.htm """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1772/head:pr1772 git checkout pr1772 From 7e10995e82514877cd543ce9f76120bd395731f9 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 4 Apr 2018 07:51:55 -0300 Subject: [PATCH 1/2] Check if ldap_uri is on /etc/ipa/default.conf When removing a replica there is cases when ldap_uri is not on the /etc/ipa/default.conf file anymore. So, before trying to get the value of it, now the code checks if it's there first. https://pagure.io/freeipa/issue/7474 --- ipaserver/secrets/kem.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/secrets/kem.py b/ipaserver/secrets/kem.py index ad932b6b68..5d542dcfef 100644 --- a/ipaserver/secrets/kem.py +++ b/ipaserver/secrets/kem.py @@ -213,7 +213,7 @@ def __init__(self, config=None, ipaconf=paths.IPA_DEFAULT_CONF): if conf.read(ipaconf): self.host = conf.get('global', 'host') self.realm = conf.get('global', 'realm') -if self.ldap_uri is None: +if self.ldap_uri is None and conf.has_option('global', 'ldap_uri'): self.ldap_uri = conf.get('global', 'ldap_uri', raw=True) self._server_keys = None From 39c66776a6f25e3347d2024a436fc20f44dfd4b1 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 4 Apr 2018 07:59:38 -0300 Subject: [PATCH 2/2] Temp commit: adding test to run in prci --- .freeipa-pr-ci.yaml | 11 +++ 1 file changed, 11 insertions(+) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index 1c261141f0..4927bb4b2a 100644 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -195,3 +195,14 @@ jobs: timeout: 10800 topology: *master_1repl + fedora-27/test_replica_promotion_TestReplicaPromotionLevel0: +requires: [fedora-27/build] +priority: 50 +job: + class: RunPytest + args: +build_url: '{fedora-27/build_url}' +test_suite: test_integration/test_replica_promotion.py::TestReplicaPromotionLevel0 +template: *ci-master-f27 +timeout: 8000 +topology: *master_1repl ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1758][opened] Fix TestSubCAkeyReplication providing the right path to pki log
URL: https://github.com/freeipa/freeipa/pull/1758 Author: felipevolpone Title: #1758: Fix TestSubCAkeyReplication providing the right path to pki log Action: opened PR body: """ The PKI debug log has its name in this format: `debug..log`. This commit changes the code to use this format, fixing the test. Unfortunately, it's not possible to use some kind of regex (like debug.*.log) to get the file, because python multihost gets the path and tries to open (using the `open` python function) the file with that. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1758/head:pr1758 git checkout pr1758 https://assets-cdn.github.com";> https://avatars0.githubusercontent.com";> https://avatars1.githubusercontent.com";> https://avatars2.githubusercontent.com";> https://avatars3.githubusercontent.com";> https://github-cloud.s3.amazonaws.com";> https://user-images.githubusercontent.com/";> https://assets-cdn.github.com/assets/frameworks-7d09971c51977b60c6626362003ef38a.css"; /> https://assets-cdn.github.com/assets/github-a88281d6aeed09babd4481cecde3585a.css"; /> https://assets-cdn.github.com/assets/site-83dc1f7ebc9c7461fe1eab799b56c4c4.css"; /> Fix TestSubCAkeyReplication providing the right path to pki log by felipevolpone · Pull Request #1758 · freeipa/freeipa · GitHub https://github.com/fluidicon.png"; title="GitHub"> https://avatars0.githubusercontent.com/u/1590527?s=400&v=4"; />https://github.com/freeipa/freeipa/pull/1758"; /> https://assets-cdn.github.com/";> https://collector.githubapp.com/github-external/browser_event"; /> https://github.com/hydro_browser_events"; /> span.labelstyle-0e8a16, .linked-labelstyle-0e8a16 { background-color: #0e8a16 !important; color: #ff !important;}.labelstyle-0e8a16.selected { background-color: #0e8a16 !important; color: #ff !important;}.label-select-menu .labelstyle-0e8a16.selected { background: rgba(14, 138, 22, 0.12) !important; color: #0f9918 !important;} span.labelstyle-ededed, .linked-labelstyle-ededed { background-color: #ededed !important; color: #00 !important;}.labelstyle-ededed.selected { background-color: #ededed !important; color: #00 !important;}.label-select-menu .labelstyle-ededed.selected { background: rgba(237, 237, 237, 0.12) !important; color: #99 !important;} span.labelstyle-e4c2fc, .linked-labelstyle-e4c2fc { background-color: #e4c2fc !important; color: #00 !important;}.labelstyle-e4c2fc.selected { background-color: #e4c2fc !important; color: #00 !important;}.label-select-menu .labelstyle-e4c2fc.selected { background: rgba(228, 194, 252, 0.12) !important; color: #8a7599 !important;} span.labelstyle-fef2c0, .linked-labelstyle-fef2c0 { background-color: #fef2c0 !important; color: #00 !important;}.labelstyle-fef2c0.selected { background-color: #fef2c0 !important; color: #00 !important;}.label-select-menu .labelstyle-fef2c0.selected { background: rgba(254, 242, 192, 0.12) !important; color: #989173 !important;} span.labelstyle-1d76db, .linked-labelstyle-1d76db { background-color: #1d76db !important; color: #ff !important;}.labelstyle-1d76db.selected { background-color: #1d76db !important; color: #ff !important;}.label-select-menu .labelstyle-1d76db.selected { background: rgba(29, 118, 219, 0.12) !important; color: #145299 !important;} span.labelstyle-bfd4f2, .linked-labelstyle-bfd4f2 { background-color: #bfd4f2 !important; color: #00 !important;}.labelstyle-bfd4f2.selected { background-color: #bfd4f2 !important; color: #00 !important;}.label-select-menu .labelstyle-bfd4f2.selected { background: rgba(191, 212, 242, 0.12) !important; color: #788699 !important;} span.labelstyle-660060, .linked-labelstyle-660060 { background-color: #660060 !important; color: #ff !important;}.labelstyle-660060.selected { background-color: #660060 !important; color: #ff !important;}.label-select-menu .labelstyle-660060.selected { background: rgba(102, 0, 96, 0.12) !important; color: #990090 !important;} span.labelstyle-fbca04, .linked-labelstyle-fbca04 { background-color: #fbca04 !important; color: #00 !important;}.labelstyle-fbca04.selected { background-color: #fbca04 !important; color: #00 !important;}.label-select-menu .labelstyle-fbca04.selected { background: rgba(251, 202, 4, 0.12) !important; color: #997b02 !important;} span.labelstyle-d93f0b, .linked-labelstyle-d93f0b { background-color: #d93f0b !important; color: #ff !important;}.labelstyle-d93f0b.selected { background-color: #d93f0b !important; color: #ff !important;}.label-select-menu .labelstyle-d93f0b.selected { background: rgba(217, 63, 11, 0.12) !important; color: #982c07 !important;} span.labelstyle-c2e0c6, .linked-labelst
[Freeipa-devel] [freeipa PR#1746][opened] Adding hostname parameter to install IPA in TestInstallMasterReservedIPasForwarder
URL: https://github.com/freeipa/freeipa/pull/1746 Author: felipevolpone Title: #1746: Adding hostname parameter to install IPA in TestInstallMasterReservedIPasForwarder Action: opened PR body: """ When installing IPA in interactive mode, it's necessary to provide the hostname. This will make the test pass. I've added a temporary commit to run the test in PR CI on this PR. Once this PR gets approved I'll remove it. You can check the test running (and failing) on the nightly PRs, like [this one](https://fedorapeople.org/groups/freeipa/prci/jobs/7191d19c-315a-11e8-98dd-fa163e0e8ed9/report.html) """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1746/head:pr1746 git checkout pr1746 From 69e88dc4bf542f84b616222d192966f02e273319 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 26 Mar 2018 19:43:13 -0300 Subject: [PATCH 1/2] Adding right parameters to install IPA in TestInstallMasterReservedIPasForwarder When installing ipa in interactive mode, it's necessary to provide the hostname. This will make the test pass. --- ipatests/test_integration/test_installation.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index 514be6e37b..20a08f3919 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -346,13 +346,15 @@ def test_reserved_ip_as_forwarder(self): server_install_options = ( "yes\n" +"{hostname}\n" "{dmname}\n\n" "{dm_pass}\n{dm_pass}" "\n{admin_pass}\n{admin_pass}\n" "yes\nyes\n0.0.0.0\n".format( dm_pass=self.master.config.dirman_password, admin_pass=self.master.config.admin_password, -dmname=self.master.domain.name)) +dmname=self.master.domain.name, +hostname=self.master.hostname)) cmd = self.master.run_command(['ipa-server-install'], stdin_text=server_install_options, From efa3995ed8d4bef015c8d3993520c4fe904d77f4 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 26 Mar 2018 19:48:00 -0300 Subject: [PATCH 2/2] temp commit: adding test to PR CI run --- .freeipa-pr-ci.yaml | 13 + 1 file changed, 13 insertions(+) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index c95bef79e2..1c261141f0 100644 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -182,3 +182,16 @@ jobs: template: *ci-master-f27 timeout: 3600 topology: *master_1repl + + fedora-27/test_installation_TestInstallMasterReservedIPasForwarder: +requires: [fedora-27/build] +priority: 50 +job: + class: RunPytest + args: +build_url: '{fedora-27/build_url}' +test_suite: test_integration/test_installation.py::TestInstallMasterReservedIPasForwarder +template: *ci-master-f27 +timeout: 10800 +topology: *master_1repl + ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1644][closed] webui:test: Realm Domains
URL: https://github.com/freeipa/freeipa/pull/1644 Author: celestian Title: #1644: webui:test: Realm Domains Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1644/head:pr1644 git checkout pr1644 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1674][closed] [testing_master] Nightly PR
URL: https://github.com/freeipa/freeipa/pull/1674 Author: freeipa-pr-ci Title: #1674: [testing_master] Nightly PR Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1674/head:pr1674 git checkout pr1674 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1673][closed] [testing_rawhide] Nightly PR
URL: https://github.com/freeipa/freeipa/pull/1673 Author: freeipa-pr-ci Title: #1673: [testing_rawhide] Nightly PR Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1673/head:pr1673 git checkout pr1673 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1646][opened] Fixing cleanup process in test_caless
URL: https://github.com/freeipa/freeipa/pull/1646 Author: felipevolpone Title: #1646: Fixing cleanup process in test_caless Action: opened PR body: """ Fixing cleanup process in test_caless After commit bbe615e, if the uninstall process fails (in the test cleanup) the error is not hidden anymore. That brought light to errors in the cleanup process on `TestReplicaInstall` test, like this: ``` RUN ['ipa-server-install', '--uninstall', '-U'] ipapython.admintool: ERRORServer removal aborted: Replication topology in suffix 'domain' is disconnected: Topology does not allow server master.ipa.test to replicate with servers: replica0.ipa.test. ipapython.admintool: ERRORThe ipa-server-install command failed ``` This commit changes the order of how a replica should be removed from the topology. Other errors can be checked [here](https://fedorapeople.org/groups/freeipa/prci/jobs/1b27ac12-1bfe-11e8-9b66-fa163e97f492/). """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1646/head:pr1646 git checkout pr1646 From 3f01916e30cc6c86e78e51f623ab7c9c4fc61900 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Thu, 1 Mar 2018 19:19:05 -0300 Subject: [PATCH 1/2] Fixing cleanup process in test_caless After commit bbe615e12c278f9cddaeb38e80b970bf14d9b32d, if the uninstall process fails (in the test cleanup) the error is not hidden anymore. That brought light to errors in the cleanup process on TestReplicaInstall test, like this: ``` RUN ['ipa-server-install', '--uninstall', '-U'] ipapython.admintool: ERRORServer removal aborted: Replication topology in suffix 'domain' is disconnected: Topology does not allow server master.ipa.test to replicate with servers: replica0.ipa.test. ipapython.admintool: ERRORThe ipa-server-install command failed ``` This commit changes the order of how a replica should be removed from the topology. --- ipatests/test_integration/test_caless.py | 9 - 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py index 9be8c4f413..4d52309108 100644 --- a/ipatests/test_integration/test_caless.py +++ b/ipatests/test_integration/test_caless.py @@ -105,15 +105,14 @@ def wrapped(*args): replica = args[0].replicas[0] master = args[0].master tasks.kinit_admin(master) +tasks.clean_replication_agreement(master, replica, cleanup=True, + raiseonerr=False) +master.run_command(['ipa', 'host-del', replica.hostname], + raiseonerr=False) tasks.uninstall_master(replica, clean=False) # Now let's uninstall client for the cases when client promotion # was not successful tasks.uninstall_client(replica) -tasks.clean_replication_agreement(master, replica, cleanup=True, - raiseonerr=False) -master.run_command(['ipa', 'host-del', -replica.hostname], - raiseonerr=False) ipa_certs_cleanup(replica) return wrapped From c1845b76d40c9fc009685efd193960fa148d2695 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Thu, 1 Mar 2018 19:22:24 -0300 Subject: [PATCH 2/2] Temporary commit: adding the test to run in PR CI --- .freeipa-pr-ci.yaml | 12 1 file changed, 12 insertions(+) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index b98a27835c..9152a48ab6 100644 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -62,3 +62,15 @@ jobs: template: *ci-master-f27 timeout: 3600 topology: *master_1repl + + fedora-27/TestReplicaInstall: +requires: [fedora-27/build] +priority: 50 +job: + class: RunPytest + args: +build_url: '{fedora-27/build_url}' +test_suite: test_integration/test_caless.py::TestReplicaInstall +template: *ci-master-f27 +timeout: 8000 +topology: *master_1repl ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1592][closed] webui: hbactest: add tooltips to 'enabled' and 'disabled' checkboxes
URL: https://github.com/freeipa/freeipa/pull/1592 Author: pvoborni Title: #1592: webui: hbactest: add tooltips to 'enabled' and 'disabled' checkboxes Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1592/head:pr1592 git checkout pr1592 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1609][closed] [testing_rawhide] Nightly PR
URL: https://github.com/freeipa/freeipa/pull/1609 Author: freeipa-pr-ci Title: #1609: [testing_rawhide] Nightly PR Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1609/head:pr1609 git checkout pr1609 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1565][opened] Adding the FreeIPA Code of Conduct
URL: https://github.com/freeipa/freeipa/pull/1565 Author: felipevolpone Title: #1565: Adding the FreeIPA Code of Conduct Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1565/head:pr1565 git checkout pr1565 From 8d6697f85962f1b52c8cf503919969543f711426 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 12 Feb 2018 10:29:04 -0200 Subject: [PATCH] Adding the FreeIPA Code of Conduct --- CODE_OF_CONDUCT.md | 91 ++ 1 file changed, 91 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00..994cfa4209 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,91 @@ +# FreeIPA Code of Conduct + +Our community is made up of a mixture of contributors from all over the world. +We are diverse in our background, expertise or opinions and it is our strength, +but diversity can also lead to communication issues and unhappiness. To that +end, we have a few ground rules that we ask people to adhere to when operating +in our space. + +This isn’t an exhaustive list of things that you can’t do. Rather, take it in +the spirit in which it’s intended - a guide to make it easier to be excellent to +each other: + +### Be friendly and patient. + +### Be welcoming. +We strive to be a community that welcomes and supports people of all backgrounds +and identities. This includes, but is not limited to members of any race, +ethnicity, culture, national origin, colour, immigration status, social and +economic class, educational level, sex, sexual orientation, gender identity +and expression, age, size, family status, political belief, religion, and +mental and physical ability. + +### Be considerate. +Your work will be used by other people, and you in turn will depend on the work +of others. Any decision you take will affect users and colleagues, and you +should take those consequences into account when making decisions. Remember that +we're a world-wide community, so you might not be communicating in someone +else's primary language. + +### Be respectful. +Not all of us will agree all the time, but disagreement is no excuse for poor +behavior and poor manners. We might all experience some frustration now and +then, but we cannot allow that frustration to turn into a personal attack. It’s +important to remember that a community where people feel uncomfortable or +threatened is not a productive one. Members of the community should be +respectful when dealing with other members as well as with people outside the +community. Success comes from the team and the ability of team members to work +together. Members have differents skills, talents and roles but each of them is +important to the team and the final success. Think of the team first. + +### Be careful in the words that you choose. +We are a community of professionals, and we conduct ourselves professionally. +Be kind to others. Do not insult or put down other participants. Harassment and +other exclusionary behavior aren't acceptable. This includes, but is not limited +to: +* Violent threats or language directed against another person. +* Discriminatory jokes and language. +* Posting sexually explicit or violent material. +* Posting (or threatening to post) other people's personally identifying + information ("doxing"). +* Personal insults, especially those using racist or sexist terms. +* Unwelcome sexual attention. +* Advocating for, or encouraging, any of the above behavior. +* Repeated harassment of others. In general, if someone asks you to stop, then + stop. + +### When we disagree, try to understand why. +Disagreements, both social and technical, happen all the time and our community +is no exception. It is important that we resolve disagreements and differing +views constructively. Remember that we’re different. The strength of community +comes from its diversity, people from a wide range of backgrounds. Different +people have different perspectives on issues. Being unable to understand why +someone holds a viewpoint doesn’t mean that they’re wrong. Don’t forget that it +is human to err and blaming each other doesn’t get us anywhere. Give people the +benefit of the doubt, instead of blaming someone and pointing fingers. Speak +with them and try to understand what happened. Focus on helping to resolve +issues and learning from mistakes. + +### Drive your emotions and create a safe place for others. +We aren’t robots, we are people with feelings. Feelings are a great gift. +Unfortunately that gift can betray us sometimes and let our common sense to be +driven by assumptions, expectations, anger, … To prevent and get away from this +situation is always better to start with facts, then mention the personal story +- your story - what are the concerns, objections, experience, and maybe +observations. + +### Listen and hear, ask
[Freeipa-devel] [freeipa PR#1506][opened] Adding more tests to PR CI
URL: https://github.com/freeipa/freeipa/pull/1506 Author: felipevolpone Title: #1506: Adding more tests to PR CI Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1506/head:pr1506 git checkout pr1506 From 866b249f6e215672c38a723a4291c2cffda67542 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Tue, 30 Jan 2018 18:24:04 -0200 Subject: [PATCH] Adding more tests to PR CI --- .freeipa-pr-ci.yaml | 224 1 file changed, 224 insertions(+) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index b98a27835c..d90c75a0aa 100644 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -11,6 +11,14 @@ topologies: name: master_1repl_1client cpu: 4 memory: 6700 + master_2repl_1client: &master_2repl_1client +name: master_2repl_1client +cpu: 6 +memory: 9100 + master_3repl_1client: &master_3repl_1client +name: master_3repl_1client +cpu: 8 +memory: 11500 jobs: fedora-27/build: @@ -62,3 +70,219 @@ jobs: template: *ci-master-f27 timeout: 3600 topology: *master_1repl + + fedora-27/test_topologies: + requires: [fedora-27/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-27/build_url}' + test_suite: test_integration/test_topologies.py + template: *ci-master-f27 + timeout: 3600 + topology: *master_1repl + + fedora-27/test_sudo: + requires: [fedora-27/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-27/build_url}' + test_suite: test_integration/test_sudo.py + template: *ci-master-f27 + timeout: 3600 + topology: *master_1repl_1client + + fedora-27/test_kerberos_flags: + requires: [fedora-27/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-27/build_url}' + test_suite: test_integration/test_kerberos_flags.py + template: *ci-master-f27 + timeout: 3600 + topology: *master_1repl_1client + + fedora-27/test_http_kdc_proxy: + requires: [fedora-27/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-27/build_url}' + test_suite: test_integration/test_http_kdc_proxy.py + template: *ci-master-f27 + timeout: 3600 + topology: *master_1repl_1client + + fedora-27/forced_client_enrolment: + requires: [fedora-27/build] + priority: 50 + job: + class: RunPytest + args: + build_url: '{fedora-27/build_url}' + test_suite: test_integration/test_forced_client_reenrollment.py + template: *ci-master-f27 + timeout: 3600 + topology: *master_1repl_1client + + fedora-27/test_installation_TestInstallMaster: +requires: [fedora-27/build] +priority: 50 +job: + class: RunPytest + args: +build_url: '{fedora-27/build_url}' +test_suite: test_integration/test_installation.py::TestInstallMaster +template: *ci-master-f27 +timeout: 3600 +topology: *master_1repl + + fedora-27/test_installation_TestInstallMasterKRA: +requires: [fedora-27/build] +priority: 50 +job: + class: RunPytest + args: +build_url: '{fedora-27/build_url}' +test_suite: test_integration/test_installation.py::TestInstallMasterKRA +template: *ci-master-f27 +timeout: 3600 +topology: *master_1repl + + fedora-27/test_installation_TestInstallMasterDNS: +requires: [fedora-27/build] +priority: 50 +job: + class: RunPytest + args: +build_url: '{fedora-27/build_url}' +test_suite: test_integration/test_installation.py::TestInstallMasterDNS +template: *ci-master-f27 +timeout: 3600 +topology: *master_1repl + + fedora-27/test_installation_TestInstallWithCA1: +requires: [fedora-27/build] +priority: 50 +job: + class: RunPytest + args: +build_url: '{fedora-27/build_url}' +test_suite: test_integration/test_installation.py::TestInstallWithCA1 +template: *ci-master-f27 +timeout: 3600 +topology: *master_3repl_1client + + fedora-27/test_installation_TestInstallWithCA2: +requires: [fedora-27/build] +priority: 50 +job: + class: RunPytest + args: +build_url: '{fedora-27/build_url}' +test_suite: test_integration/test_installation.py::TestInstallWithCA2 +template: *ci-master-f27 +timeout: 3600 +topology: *master_3repl_1client + + fedora-27/test_installation_TestInstallWithCA_KRA1: +requires: [fedora-27/build] +priority: 50 +job: + class: RunPytest + args: +build_url: '{fedora-27/build_url}' +test_suite: test_integration/test_
[Freeipa-devel] [freeipa PR#1495][opened] [Backport][ipa-4-6] Fixing vault-add-member to be compatible with py3
URL: https://github.com/freeipa/freeipa/pull/1495 Author: felipevolpone Title: #1495: [Backport][ipa-4-6] Fixing vault-add-member to be compatible with py3 Action: opened PR body: """ Changing from itervalues() to values() in order to be compatible with python3. https://pagure.io/freeipa/issue/7373 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1495/head:pr1495 git checkout pr1495 From c34711be64360aa89513445a82eccc7dc02b3f4e Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 24 Jan 2018 14:44:39 -0200 Subject: [PATCH] Fixing vault-add-member to be compatible with py3 Changing from iteritems() to values() in order to be compatible with python3. https://pagure.io/freeipa/issue/7373 --- ipaserver/plugins/vault.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/plugins/vault.py b/ipaserver/plugins/vault.py index d05a240c39..135a51846d 100644 --- a/ipaserver/plugins/vault.py +++ b/ipaserver/plugins/vault.py @@ -238,7 +238,7 @@ def get_member_dns(self, **options): return super(VaultModMember, self).get_member_dns(**options) def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): -for fail in failed.itervalues(): +for fail in failed.values(): fail['services'] = fail.pop('service', []) self.obj.get_container_attribute(entry_attrs, options) return completed, dn ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1494][opened] Fixing vault-add-member to be compatible with py3
URL: https://github.com/freeipa/freeipa/pull/1494 Author: felipevolpone Title: #1494: Fixing vault-add-member to be compatible with py3 Action: opened PR body: """ Changing from iteritems() to items() in order to be compatible with python3. https://pagure.io/freeipa/issue/7373 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1494/head:pr1494 git checkout pr1494 From 6275edb1615ee7cbfab8150ea54a63bb4e1ed116 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 24 Jan 2018 14:32:19 -0200 Subject: [PATCH] Fixing vault-add-member to be compatible with py3 Changing from iteritems() to items() in order to be compatible with python3. https://pagure.io/freeipa/issue/7373 --- ipaserver/plugins/vault.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/plugins/vault.py b/ipaserver/plugins/vault.py index d05a240c39..0ab4d3ed88 100644 --- a/ipaserver/plugins/vault.py +++ b/ipaserver/plugins/vault.py @@ -238,7 +238,7 @@ def get_member_dns(self, **options): return super(VaultModMember, self).get_member_dns(**options) def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): -for fail in failed.itervalues(): +for _service_name, fail in failed.items(): fail['services'] = fail.pop('service', []) self.obj.get_container_attribute(entry_attrs, options) return completed, dn ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1480][opened] IntegrationTests now collects logs from all test methods
URL: https://github.com/freeipa/freeipa/pull/1480 Author: felipevolpone Title: #1480: IntegrationTests now collects logs from all test methods Action: opened PR body: """ `logs_dict` should not be cleared. It's filled once per class and it should not be cleared after running the first test. https://pagure.io/freeipa/issue/7310 https://pagure.io/freeipa/issue/7335 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1480/head:pr1480 git checkout pr1480 From c75de1008381de45affa9a853989d6278e3b6996 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Thu, 18 Jan 2018 09:10:06 -0200 Subject: [PATCH] IntegrationTests now collects logs from all test methods logs_dict should not be cleared. It's filled once per class and it should not be cleared after running the first test. https://pagure.io/freeipa/issue/7310 https://pagure.io/freeipa/issue/7335 --- ipatests/pytest_plugins/integration/__init__.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/ipatests/pytest_plugins/integration/__init__.py b/ipatests/pytest_plugins/integration/__init__.py index bee669b0dd..2c107b926b 100644 --- a/ipatests/pytest_plugins/integration/__init__.py +++ b/ipatests/pytest_plugins/integration/__init__.py @@ -179,8 +179,6 @@ def collect_logs(name, logs_dict, logfile_dir=None, beakerlib_plugin=None): else: shutil.rmtree(topdirname) -logs_dict.clear() - @pytest.fixture(scope='class') def class_integration_logs(): ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1479][opened] Fixing WebUI Tests
URL: https://github.com/freeipa/freeipa/pull/1479 Author: felipevolpone Title: #1479: Fixing WebUI Tests Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1479/head:pr1479 git checkout pr1479 From 866a5551a22aa91a33fb6c87938b2842d3105fbb Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Tue, 16 Jan 2018 18:36:50 -0200 Subject: [PATCH 1/7] WebUI Tests: fixing logout problem in test_user.py Now, when calling login, if the user is already logged in, it will --- ipatests/test_webui/ui_driver.py | 52 +--- 1 file changed, 27 insertions(+), 25 deletions(-) diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py index d027f1cd44..67a9ce877b 100644 --- a/ipatests/test_webui/ui_driver.py +++ b/ipatests/test_webui/ui_driver.py @@ -363,34 +363,35 @@ def login(self, login=None, password=None, new_password=None): Log in if user is not logged in. """ self.wait_for_request(n=2) -if not self.logged_in(): - -if not login: -login = self.config['ipa_admin'] -if not password: -password = self.config['ipa_password'] -if not new_password: -new_password = password - -auth = self.get_login_screen() -login_tb = self.find("//input[@type='text'][@name='username']", 'xpath', auth, strict=True) -psw_tb = self.find("//input[@type='password'][@name='password']", 'xpath', auth, strict=True) -login_tb.send_keys(login) -psw_tb.send_keys(password) -psw_tb.send_keys(Keys.RETURN) +if self.logged_in(): +self.logout() + +if not login: +login = self.config['ipa_admin'] +if not password: +password = self.config['ipa_password'] +if not new_password: +new_password = password + +auth = self.get_login_screen() +login_tb = self.find("//input[@type='text'][@name='username']", 'xpath', auth, strict=True) +psw_tb = self.find("//input[@type='password'][@name='password']", 'xpath', auth, strict=True) +login_tb.send_keys(login) +psw_tb.send_keys(password) +psw_tb.send_keys(Keys.RETURN) +self.wait(0.5) +self.wait_for_request(n=2) + +# reset password if needed +newpw_tb = self.find("//input[@type='password'][@name='new_password']", 'xpath', auth) +verify_tb = self.find("//input[@type='password'][@name='verify_password']", 'xpath', auth) +if newpw_tb and newpw_tb.is_displayed(): +newpw_tb.send_keys(new_password) +verify_tb.send_keys(new_password) +verify_tb.send_keys(Keys.RETURN) self.wait(0.5) self.wait_for_request(n=2) -# reset password if needed -newpw_tb = self.find("//input[@type='password'][@name='new_password']", 'xpath', auth) -verify_tb = self.find("//input[@type='password'][@name='verify_password']", 'xpath', auth) -if newpw_tb and newpw_tb.is_displayed(): -newpw_tb.send_keys(new_password) -verify_tb.send_keys(new_password) -verify_tb.send_keys(Keys.RETURN) -self.wait(0.5) -self.wait_for_request(n=2) - def logged_in(self): """ Check if user is logged in @@ -835,6 +836,7 @@ def select_combobox(self, name, value, parent=None, combobox_input=None): if combobox_input: if not option: self.fill_textbox(combobox_input, value, cb) +self.wait(5) else: if not option: # try to search From a56ee82872f20105a0f2854ef87a108ec23fabdd Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Tue, 16 Jan 2018 18:37:51 -0200 Subject: [PATCH 2/7] WebUI Tests: removing workaroud to scroll to the element Acording to geckodriver, the workaround is not necessary anymore. --- ipatests/test_webui/ui_driver.py | 1 - 1 file changed, 1 deletion(-) diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py index 67a9ce877b..c749f62f16 100644 --- a/ipatests/test_webui/ui_driver.py +++ b/ipatests/test_webui/ui_driver.py @@ -664,7 +664,6 @@ def button_click(self, name, parent=None, def _button_click(self, selector, parent, name=''): btn = self.find(selector, By.CSS_SELECTOR, parent, strict=True) -ActionChains(self.driver).move_to_element(btn).perform() disabled = btn.get_attribute("disabled") assert btn.is_displayed(), 'Button is not displayed: %s' % name assert not disabled, 'Invalid button state: disabled. Button: %s' % name From d1d532c0f425b9f84195f3a82fa2cdc7a9eca8fa Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Tue, 16 Jan 2018 18:38:57 -0200 Subject: [PATCH 3/7] Web
[Freeipa-devel] [freeipa PR#1423][closed] IntegrationTests now collects logs from all test methods
URL: https://github.com/freeipa/freeipa/pull/1423 Author: felipevolpone Title: #1423: IntegrationTests now collects logs from all test methods Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1423/head:pr1423 git checkout pr1423 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1459][opened] Make IntegrationTest fail if an error happened during uninstall
URL: https://github.com/freeipa/freeipa/pull/1459 Author: felipevolpone Title: #1459: Make IntegrationTest fail if an error happened during uninstall Action: opened PR body: """ Before this change, if the uninstall process fails, the test would not fail, due to the raiseonerr=False. Fixes: https://pagure.io/freeipa/issue/7357 The results can be checked here: https://fedorapeople.org/groups/freeipa/prci/jobs/e0c64916-f6ff-11e7-baa4-001a4a23169a/ https://fedorapeople.org/groups/freeipa/prci/jobs/05d5be8a-f700-11e7-a97e-001a4a231699/ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1459/head:pr1459 git checkout pr1459 From d865bde3f00699c68f1e62cb5abd075eb4f73764 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Thu, 11 Jan 2018 17:33:59 -0200 Subject: [PATCH] Make IntegrationTest fail if an error happened during uninstall Before this change if the uninstall process fails, the test would not fail, due to the raiseonerr=False. Fixes: https://pagure.io/freeipa/issue/7357 --- ipatests/pytest_plugins/integration/tasks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipatests/pytest_plugins/integration/tasks.py b/ipatests/pytest_plugins/integration/tasks.py index b407145ace..2d1932ff62 100644 --- a/ipatests/pytest_plugins/integration/tasks.py +++ b/ipatests/pytest_plugins/integration/tasks.py @@ -709,7 +709,7 @@ def uninstall_master(host, ignore_topology_disconnect=True, if ignore_last_of_role and host_domain_level != DOMAIN_LEVEL_0: uninstall_cmd.append('--ignore-last-of-role') -host.run_command(uninstall_cmd, raiseonerr=False) +host.run_command(uninstall_cmd) host.run_command(['pkidestroy', '-s', 'CA', '-i', 'pki-tomcat'], raiseonerr=False) host.run_command(['rm', '-rf', ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1446][opened] Fixing test_backup_and_restore assert to do not rely on the order of returned data
URL: https://github.com/freeipa/freeipa/pull/1446 Author: felipevolpone Title: #1446: Fixing test_backup_and_restore assert to do not rely on the order of returned data Action: opened PR body: """ Since we cannot assume that LDAP will return data in an ordered way, the test should be changed to do not rely on that. Instead of just comparing the output of the show-user command, this change first order the groups returned in the 'Member of Group' field before compare them. https://pagure.io/freeipa/issue/7339 The result (green tests) can be checked here: https://fedorapeople.org/groups/freeipa/prci/jobs/c43c46d0-f4aa-11e7-925b-001a4a2316ab/ This PR depends on the PR #1354 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1446/head:pr1446 git checkout pr1446 From 6c1f2dbc93a79d559428f4535d2b968e65831da0 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 8 Jan 2018 16:25:39 -0200 Subject: [PATCH] Fixing test_backup_and_restore assert to do not rely on the order Since we cannot assume that LDAP will return data in any ordered way, the test should be changed to do not rely on that. Instead of just comparing the output of the show-user command, this change first order the groups returned in the 'Member of Group' field before compare them. https://pagure.io/freeipa/issue/7339 --- ipatests/test_integration/test_backup_and_restore.py | 20 1 file changed, 20 insertions(+) diff --git a/ipatests/test_integration/test_backup_and_restore.py b/ipatests/test_integration/test_backup_and_restore.py index 4912bc2476..2723ada766 100644 --- a/ipatests/test_integration/test_backup_and_restore.py +++ b/ipatests/test_integration/test_backup_and_restore.py @@ -65,6 +65,26 @@ def check_admin_in_ldap(host): def check_admin_in_cli(host): result = host.run_command(['ipa', 'user-show', 'admin']) assert 'User login: admin' in result.stdout_text, result.stdout_text +output = result.stdout_text.split('\n') + +# LDAP do not guarantee any order, so the test cannot assume it. Based on +# that, the code bellow order the 'Member of groups' field to able to +# assert it latter. + +# field that contains the data to be ordered +GROUPS_MEMBER_FIELD = 9 + +# e.g: Member of groups: admins, trust admins +groups_field = output[GROUPS_MEMBER_FIELD].split(':') +label_part = groups_field[0] # Member of groups +groups_part = groups_field[1:][0] # admins, trust admins + +# ordening groups and then putting them together separated by a comma +groups_orderned = ','.join(sorted(groups_part.split(','), + key=lambda group: group.strip())) + +output[GROUPS_MEMBER_FIELD] = '{}:{}'.format(label_part, groups_orderned) +result.stdout_text = '\n'.join(output) return result ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1431][opened] Fixing test_testconfig with proper asserts
URL: https://github.com/freeipa/freeipa/pull/1431 Author: felipevolpone Title: #1431: Fixing test_testconfig with proper asserts Action: opened PR body: """ When the `cls` in env_config.py is a WinHost, the `__init__` receives different parameters. Now, it's adapted to all different kinds of hosts. Also, it's necessary to add the host_type field to most of the domains created in the test classes, because the field is returned by `pytest_multihost.Config` in `pytest_plugins/integration/config.py::Config::to_dict` Fixes: [#7346](https://pagure.io/freeipa/issue/7346) """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1431/head:pr1431 git checkout pr1431 From 2638c8f960539b2c759f629a625b05a9ce4ce54f Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 3 Jan 2018 16:09:32 -0200 Subject: [PATCH] Fixing test_testconfig with proper asserts When the cls in env_config.py is a WinHost, the __init__ receives different parameters. Now, it's adapted to all different kinds of hosts. Also, it's necessary to add the host_type field to most of domains created in the test classes, because the field is returned by pytest_multihost.Config in pytest_plugins/integration/config.py::Config::to_dict https://pagure.io/freeipa/issue/7346 --- ipatests/pytest_plugins/integration/env_config.py | 3 +- ipatests/test_integration/test_testconfig.py | 39 --- 2 files changed, 30 insertions(+), 12 deletions(-) diff --git a/ipatests/pytest_plugins/integration/env_config.py b/ipatests/pytest_plugins/integration/env_config.py index d140aa9df6..5208cc0f29 100644 --- a/ipatests/pytest_plugins/integration/env_config.py +++ b/ipatests/pytest_plugins/integration/env_config.py @@ -334,7 +334,8 @@ def host_from_env(env, domain, hostname, role, index, domain_index): cls = domain.get_host_class({}) -return cls(domain, hostname, role, ip, external_hostname) +return cls(domain, hostname, role, ip=ip, + external_hostname=external_hostname) def host_to_env(host, **kwargs): diff --git a/ipatests/test_integration/test_testconfig.py b/ipatests/test_integration/test_testconfig.py index b495f368e4..aaba1621c9 100644 --- a/ipatests/test_integration/test_testconfig.py +++ b/ipatests/test_integration/test_testconfig.py @@ -152,7 +152,7 @@ class TestMinimalConfig(CheckConfig): extra_input_dict = dict( domains=[ dict(name='ipadomain.test', type='IPA', hosts=[ -dict(name='master', ip='192.0.2.1'), +dict(name='master', ip='192.0.2.1', host_type=None), ]), ], ) @@ -171,6 +171,7 @@ class TestMinimalConfig(CheckConfig): ip="192.0.2.1", external_hostname="master.ipadomain.test", role="master", +host_type=None, ), ], ), @@ -212,23 +213,29 @@ class TestComplexConfig(CheckConfig): extra_input_dict = dict( domains=[ dict(name='ipadomain.test', type='IPA', hosts=[ -dict(name='master', ip='192.0.2.1', role='master'), -dict(name='replica1', ip='192.0.2.2', role='replica'), +dict(name='master', ip='192.0.2.1', role='master', + host_type=None), +dict(name='replica1', ip='192.0.2.2', role='replica', + host_type=None), dict(name='replica2', ip='192.0.2.3', role='replica', - external_hostname='r2.ipadomain.test'), -dict(name='client1', ip='192.0.2.4', role='client'), + external_hostname='r2.ipadomain.test', host_type=None), +dict(name='client1', ip='192.0.2.4', role='client', + host_type=None), dict(name='client2', ip='192.0.2.5', role='client', - external_hostname='c2.ipadomain.test'), -dict(name='extra', ip='192.0.2.6', role='extrarole'), -dict(name='extram1', ip='192.0.2.7', role='extrarolem'), + external_hostname='c2.ipadomain.test', host_type=None), +dict(name='extra', ip='192.0.2.6', role='extrarole', + host_type=None), +dict(name='extram1', ip='192.0.2.7', role='extrarolem', + host_type=None), dict(name='extram2', ip='192.0.2.8', role='extrarolem', - external_hostname='e2.ipadomain.test'), + external_hostname='e2.ipadomain.test', host_type=None), ]), dict(name='addomain.test', type='AD', hosts=[ -dict(name='ad', ip='192.0.2.33', role='ad'), +dict(name='ad', ip='192.0.2.33', role='ad', host_type=None), ]), dict(name='ipadomain2.test', type='IP
[Freeipa-devel] [freeipa PR#1428][opened] Check if replication exist before enable it
URL: https://github.com/freeipa/freeipa/pull/1428 Author: felipevolpone Title: #1428: Check if replication exist before enable it Action: opened PR body: """ If the replication does not exist a custom exception is raised explaining the problem. Fixes: #7201 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1428/head:pr1428 git checkout pr1428 From 012592b67a55534bbd155f1a8436ad6d2aa7b404 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Tue, 2 Jan 2018 21:40:49 -0200 Subject: [PATCH] Check if replication exists before enable it If the replication does not exists a custom exception is raised explaining the problem. Fixes: #7201 --- ipaserver/install/replication.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 8aae90c0a9..6d13c3bf06 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -1561,6 +1561,9 @@ def enable_agreement(self, hostname): Note: for replication to work it needs to be enabled both ways. """ entry = self.get_replication_agreement(hostname) +if not entry: +raise errors.NotFound( +reason="Replication agreement for %s not found" % hostname) entry['nsds5ReplicaEnabled'] = 'on' try: ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1424][opened] Fixing how to parse the backup dir in test_backup_and_restore
URL: https://github.com/freeipa/freeipa/pull/1424 Author: felipevolpone Title: #1424: Fixing how to parse the backup dir in test_backup_and_restore Action: opened PR body: """ Fixing how the test_backup_and_restore.py suite parses the output from the `ipa-backup -v` command in order to get the backup directory. Fixes: [#7339](https://pagure.io/freeipa/issue/7339) """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1424/head:pr1424 git checkout pr1424 From 3fa1b050d73340da26755775faf5c42267f63fd6 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Thu, 28 Dec 2017 16:50:40 -0200 Subject: [PATCH] Fixing how to parse the backup dir from the ipa-backup output Fixing how the test_backup_and_restore.py suite parses the output from the `ipa-backup -v` command in order to get the backup directory. Fixes: #7339 --- ipatests/test_integration/test_backup_and_restore.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ipatests/test_integration/test_backup_and_restore.py b/ipatests/test_integration/test_backup_and_restore.py index 4912bc2476..10acbc13bb 100644 --- a/ipatests/test_integration/test_backup_and_restore.py +++ b/ipatests/test_integration/test_backup_and_restore.py @@ -126,8 +126,7 @@ def backup(host): # Get the backup location from the command's output for line in result.stderr_text.splitlines(): -prefix = ('ipa.ipaserver.install.ipa_backup.Backup: ' - 'INFO: Backed up to ') +prefix = 'ipaserver.install.ipa_backup: INFO: Backed up to' if line.startswith(prefix): backup_path = line[len(prefix):].strip() logger.info('Backup path for %s is %s', host, backup_path) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1423][opened] IntegrationTests now collects logs from all test methods
URL: https://github.com/freeipa/freeipa/pull/1423 Author: felipevolpone Title: #1423: IntegrationTests now collects logs from all test methods Action: opened PR body: """ It was missing the configuration and the proper use of the logfile_dir. Also, the dict of logs to be collected should not be cleared. Now, all logs from all test methods will be collected. It's useful to say that it doesn't mean that all methods are changing the environment or installing/reinstalling freeIPA. So, it's possible that some logs in different methods would be the same. Fixes: #7310 and #7335 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1423/head:pr1423 git checkout pr1423 From 85e31a315a789575b45316756c0b6fa6f1e0ef36 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 27 Dec 2017 10:02:39 -0200 Subject: [PATCH] IntegrationTests now collects logs from all test methods It was missing the configuration and the properly use of the logfile_dir property and the dict of logs to be collected should not be cleared. Now, all logs from all test methods will be collected. It's useful to say that it doesn't mean that all methods are changing the environment or installing/reinstalling freeIPA. So, it's possible that some logs in different methods would be the same. Fixes: #7310 and #7335 --- ipatests/pytest_plugins/integration/__init__.py | 18 -- ipatests/pytest_plugins/integration/config.py | 2 ++ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/ipatests/pytest_plugins/integration/__init__.py b/ipatests/pytest_plugins/integration/__init__.py index bee669b0dd..1bc1ba460e 100644 --- a/ipatests/pytest_plugins/integration/__init__.py +++ b/ipatests/pytest_plugins/integration/__init__.py @@ -55,7 +55,7 @@ def _get_logname_from_node(node): return name -def collect_test_logs(node, logs_dict, test_config): +def collect_test_logs(node, logs_dict, test_config, custom_config): """Collect logs from a test Calls collect_logs @@ -64,10 +64,14 @@ def collect_test_logs(node, logs_dict, test_config): :param logs_dict: Mapping of host to list of log filnames to collect :param test_config: Pytest configuration """ +logfile_dir = test_config.getoption('logfile_dir') +if not logfile_dir: +logfile_dir = custom_config.logfile_dir + collect_logs( name=_get_logname_from_node(node), logs_dict=logs_dict, -logfile_dir=test_config.getoption('logfile_dir'), +logfile_dir=logfile_dir, beakerlib_plugin=test_config.pluginmanager.getplugin('BeakerLibPlugin'), ) @@ -179,8 +183,6 @@ def collect_logs(name, logs_dict, logfile_dir=None, beakerlib_plugin=None): else: shutil.rmtree(topdirname) -logs_dict.clear() - @pytest.fixture(scope='class') def class_integration_logs(): @@ -194,7 +196,8 @@ def integration_logs(class_integration_logs, request): """ yield class_integration_logs hosts = class_integration_logs.keys() -collect_test_logs(request.node, class_integration_logs, request.config) +collect_test_logs(request.node, class_integration_logs, + request.config, request.cls.custom_config) collect_systemd_journal(request.node, hosts, request.config) @@ -229,6 +232,8 @@ def mh(request, class_integration_logs): _config=get_global_config(), ) +request.cls.custom_config = mh.config + mh.domain = mh.config.domains[0] [mh.master] = mh.domain.hosts_by_role('master') mh.replicas = mh.domain.hosts_by_role('replica') @@ -255,7 +260,8 @@ def collect_log(host, filename): for host in cls.get_all_hosts(): host.remove_log_collector(collect_log) -collect_test_logs(request.node, class_integration_logs, request.config) +collect_test_logs(request.node, class_integration_logs, + request.config, mh.config) def setup_class(cls, mh): diff --git a/ipatests/pytest_plugins/integration/config.py b/ipatests/pytest_plugins/integration/config.py index 734a2d92f1..1a2a31dddc 100644 --- a/ipatests/pytest_plugins/integration/config.py +++ b/ipatests/pytest_plugins/integration/config.py @@ -42,6 +42,7 @@ class Config(pytest_multihost.config.Config): 'dns_forwarder', 'domain_level', 'log_journal_since', +'logfile_dir', } def __init__(self, **kwargs): @@ -63,6 +64,7 @@ def __init__(self, **kwargs): # 8.8.8.8 is probably the best-known public DNS self.dns_forwarder = kwargs.get('dns_forwarder') or '8.8.8.8' self.debug = False +self.logfile_dir = kwargs.get('logfile_dir') self.log_journal_since = kwargs.get('log_journal_since') or '-1h' if self.domain_level is None: self.domain_level = MAX_DOMAIN_LEVEL ___ FreeIPA-devel mailing list -- freeipa-devel@li
[Freeipa-devel] [freeipa PR#1416][opened] Do not allow users delete their last otp token
URL: https://github.com/freeipa/freeipa/pull/1416 Author: felipevolpone Title: #1416: Do not allow users delete their last otp token Action: opened PR body: """ This adds a new verification on the ipa_otp_lasttoken 389 plugin, in order to do not allow users delete their last otp token. The verification is done checking if the global configuration is set to otp in `cn=ipaConfig,cn=etc` Fixes: [7012](https://pagure.io/freeipa/issue/7012) """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1416/head:pr1416 git checkout pr1416 From 1f626781d0aaa8866d248abcbc8aedb943c7 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 20 Dec 2017 09:44:20 -0200 Subject: [PATCH] Do not allow users delete their last otp token This adds a new verification on the ipa_otp_lasttoken 389 plugin, in order to do not allow users delete their last otp token. The verification is done checking if the global configuration is set to otp in cn=ipaConfig,cn=etc. Fixes: 7012 --- .../ipa-otp-lasttoken/ipa_otp_lasttoken.c | 38 +++ ipatests/test_integration/test_otp.py | 54 ++ 2 files changed, 92 insertions(+) create mode 100644 ipatests/test_integration/test_otp.py diff --git a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c index a085a3a328..3f59f08840 100644 --- a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c +++ b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c @@ -105,6 +105,41 @@ static bool sdn_is_only_enabled_token(Slapi_DN *target_sdn, const char *user_dn) return result; } +static bool is_otp_enabled(const char *user_dn) +{ +char *attrs[] = { "ipaUserAuthType", NULL }; +Slapi_Entry *entry = NULL; +Slapi_DN *sdn; +const Slapi_DN *base; +uint32_t authtypes; +int search_result = 0; +char *authConfigDN; + +sdn = slapi_sdn_new_dn_byval(user_dn); +base = slapi_get_suffix_by_dn(sdn); + +authConfigDN = slapi_ch_smprintf("cn=ipaConfig,cn=etc,%s", + slapi_sdn_get_dn(base)); +sdn = slapi_sdn_new_dn_byval(authConfigDN); + +search_result = slapi_search_internal_get_entry(sdn, attrs, &entry, +otp_config_plugin_id(otp_config)); +if (search_result != LDAP_SUCCESS) { +LOG_TRACE("File '%s' line %d: Unable to access LDAP entry '%s'. " +"Perhaps it doesn't exist? Error code: %d\n", __FILE__, +__LINE__, slapi_sdn_get_dn(sdn), search_result); +} + +slapi_sdn_free(&sdn); +if (entry == NULL) +return false; + +authtypes = otp_config_auth_types(otp_config, entry); +slapi_entry_free(entry); + +return authtypes & OTP_CONFIG_AUTH_TYPE_OTP; +} + static bool is_pwd_enabled(const char *user_dn) { char *attrs[] = { "ipaUserAuthType", NULL }; @@ -159,6 +194,9 @@ static bool is_allowed(Slapi_PBlock *pb, Slapi_Entry *entry) if (!sdn_is_only_enabled_token(target_sdn, bind_dn)) return true; +if (is_otp_enabled(bind_dn)) +return false; + if (is_pwd_enabled(bind_dn)) return true; diff --git a/ipatests/test_integration/test_otp.py b/ipatests/test_integration/test_otp.py new file mode 100644 index 00..d6935886d1 --- /dev/null +++ b/ipatests/test_integration/test_otp.py @@ -0,0 +1,54 @@ +# +# Copyright (C) 2017 FreeIPA Contributors see COPYING for license +# + +from ipatests.test_integration.base import IntegrationTest +from ipatests.pytest_plugins.integration import tasks + + +class TestOTPTokenCommand(IntegrationTest): +"""Test functionality of the ipa otptoken-* commands""" + +topology = 'line' + +def test_delete_last_active_otp_token(self): +"""Test if a user is able to delete their last token""" + +pwd = '12345678' +new_pwd = 'Secret123' +user_login = 'test1' + +tasks.kinit_admin(self.master) +self.master.run_command(['ipa', 'user-add', user_login, + '--first', 'test', '--last', 'user', + '--password'], + stdin_text=pwd) + +self.master.run_command(['ipa', 'passwd', user_login], +stdin_text=new_pwd) + +# set the global configs +self.master.run_command(['ipa', 'config-mod', + '--user-auth-type', 'otp']) + +self.master.run_command(['kdestroy', '-A']) + +# write the password down three times as it's needed when +# doing "kinit" for the first time +user_kinit_stdin_text = "%s\n%s\n%s\n" % (new_pwd, new_pwd, new_pwd) +self.master.run_command(['kinit', user_login], +stdin_text=user_kinit_stdin_text) + +result = self.master.run_command(['ipa', 'otptoken-add']) +as
[Freeipa-devel] [freeipa PR#1278][opened] [Backport][ipa-4-5] Warning the user when using a loopback IP as forwarder
URL: https://github.com/freeipa/freeipa/pull/1278 Author: felipevolpone Title: #1278: [Backport][ipa-4-5] Warning the user when using a loopback IP as forwarder Action: opened PR body: """ Manual backport of PR #903 Changing the --forwarder option to accept a loopback IP. Previously, an error would be raised, now we just show a warning message. Fixes: https://pagure.io/freeipa/issue/5801 Reviewed-By: Stanislav Laznicka Reviewed-By: Martin Basti """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1278/head:pr1278 git checkout pr1278 From d1c7c970d46d2e057acf633f68f6afcea6b55e84 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 13 Nov 2017 14:24:45 -0200 Subject: [PATCH] Warning the user when using a loopback IP as forwarder Changing the --forwarder option to accept a loopback IP. Previously, an error would be raised, now we just show a warning message. Fixes: https://pagure.io/freeipa/issue/5801 Reviewed-By: Stanislav Laznicka Reviewed-By: Martin Basti --- install/tools/ipa-dns-install | 2 +- ipapython/config.py | 17 - ipapython/install/cli.py | 5 - ipapython/ipautil.py | 19 +++ ipaserver/install/dns.py | 2 +- 5 files changed, 37 insertions(+), 8 deletions(-) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index cb6c5d887f..a497e5d356 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -51,7 +51,7 @@ def parse_options(): help="Master Server IP Address. This option can be used " "multiple times") parser.add_option("--forwarder", dest="forwarders", action="append", - type="ip", help="Add a DNS forwarder. This option can be used multiple times") + type="ip_with_loopback", help="Add a DNS forwarder. This option can be used multiple times") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") parser.add_option("--auto-forwarders", dest="auto_forwarders", diff --git a/ipapython/config.py b/ipapython/config.py index 19abfc51ee..70187fae73 100644 --- a/ipapython/config.py +++ b/ipapython/config.py @@ -23,6 +23,7 @@ # pylint: enable=deprecated-module from copy import copy import socket +import functools from dns import resolver, rdatatype from dns.exception import DNSException @@ -33,6 +34,7 @@ # pylint: enable=import-error from ipapython.dn import DN +from ipapython.ipautil import CheckedIPAddress, CheckedIPAddressLoopback try: # pylint: disable=ipa-forbidden-import @@ -65,13 +67,16 @@ def format_usage(self, usage): ret += "%s %s\n" % (spacing, line) return ret -def check_ip_option(option, opt, value): -from ipapython.ipautil import CheckedIPAddress +def check_ip_option(option, opt, value, allow_loopback=False): try: -return CheckedIPAddress(value) +if allow_loopback: +return CheckedIPAddressLoopback(value) +else: +return CheckedIPAddress(value) except Exception as e: -raise OptionValueError("option %s: invalid IP address %s: %s" % (opt, value, e)) +raise OptionValueError("option {}: invalid IP address {}: {}" + .format(opt, value, e)) def check_dn_option(option, opt, value): try: @@ -85,9 +90,11 @@ class IPAOption(Option): security-sensitive such as passwords. """ ATTRS = Option.ATTRS + ["sensitive"] -TYPES = Option.TYPES + ("ip", "dn") +TYPES = Option.TYPES + ("ip", "dn", "ip_with_loopback") TYPE_CHECKER = copy(Option.TYPE_CHECKER) TYPE_CHECKER["ip"] = check_ip_option +TYPE_CHECKER["ip_with_loopback"] = functools.partial(check_ip_option, + allow_loopback=True) TYPE_CHECKER["dn"] = check_dn_option class IPAOptionParser(OptionParser): diff --git a/ipapython/install/cli.py b/ipapython/install/cli.py index bcee6d7256..c824315b6d 100644 --- a/ipapython/install/cli.py +++ b/ipapython/install/cli.py @@ -15,7 +15,8 @@ import six from ipapython import admintool, ipa_log_manager -from ipapython.ipautil import CheckedIPAddress, private_ccache +from ipapython.ipautil import (CheckedIPAddress, CheckedIPAddressLoopback, + private_ccache) from . import core, common @@ -174,6 +175,8 @@ def add_options(cls, parser, positional=False): kwargs['type'] = 'int' elif knob_scalar_type is long: kwargs['type'] = 'long' +elif knob_scalar_type is CheckedIPAddressLoopback: +kwargs['type'] = 'ip_with_loopback' elif knob_scalar_type is CheckedIPAddress: kwargs['type'] = 'ip' elif i
[Freeipa-devel] [freeipa PR#1265][closed] [Backport][ipa-4-6] Warning the user when using a loopback IP as forwarder
URL: https://github.com/freeipa/freeipa/pull/1265 Author: felipevolpone Title: #1265: [Backport][ipa-4-6] Warning the user when using a loopback IP as forwarder Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1265/head:pr1265 git checkout pr1265 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1263][closed] [Backport][ipa-4-5] Removing replica-s4u2proxy.ldif since it's not used anymore
URL: https://github.com/freeipa/freeipa/pull/1263 Author: felipevolpone Title: #1263: [Backport][ipa-4-5] Removing replica-s4u2proxy.ldif since it's not used anymore Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1263/head:pr1263 git checkout pr1263 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1264][closed] [Backport][ipa-4-6] Removing replica-s4u2proxy.ldif since it's not used anymore
URL: https://github.com/freeipa/freeipa/pull/1264 Author: felipevolpone Title: #1264: [Backport][ipa-4-6] Removing replica-s4u2proxy.ldif since it's not used anymore Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1264/head:pr1264 git checkout pr1264 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1265][opened] [Backport][ipa-4-6] Warning the user when using a loopback IP as forwarder
URL: https://github.com/freeipa/freeipa/pull/1265 Author: felipevolpone Title: #1265: [Backport][ipa-4-6] Warning the user when using a loopback IP as forwarder Action: opened PR body: """ This PR was opened automatically because PR #903 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1265/head:pr1265 git checkout pr1265 From 8156209aa97b2060349ee9883cbe7b2e316e36d5 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 23 Oct 2017 09:45:56 -0200 Subject: [PATCH] Warning the user when using a loopback IP as forwarder Changing the --forwarder option to accept a loopback IP. Previously, an error would be raised, now we just show a warning message. Fixes: https://pagure.io/freeipa/issue/5801 --- install/tools/ipa-dns-install | 2 +- ipapython/config.py | 17 - ipapython/install/cli.py | 5 - ipapython/ipautil.py | 19 +++ ipaserver/install/dns.py | 2 +- 5 files changed, 37 insertions(+), 8 deletions(-) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index 6963cb343e..a7f136b16a 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -54,7 +54,7 @@ def parse_options(): help="Master Server IP Address. This option can be used " "multiple times") parser.add_option("--forwarder", dest="forwarders", action="append", - type="ip", help="Add a DNS forwarder. This option can be used multiple times") + type="ip_with_loopback", help="Add a DNS forwarder. This option can be used multiple times") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") parser.add_option("--auto-forwarders", dest="auto_forwarders", diff --git a/ipapython/config.py b/ipapython/config.py index 8393e0d5d5..aa4b3e48fe 100644 --- a/ipapython/config.py +++ b/ipapython/config.py @@ -23,6 +23,7 @@ # pylint: enable=deprecated-module from copy import copy import socket +import functools from dns import resolver, rdatatype from dns.exception import DNSException @@ -33,6 +34,7 @@ # pylint: enable=import-error from ipapython.dn import DN +from ipapython.ipautil import CheckedIPAddress, CheckedIPAddressLoopback try: # pylint: disable=ipa-forbidden-import @@ -65,13 +67,16 @@ def format_usage(self, usage): ret += "%s %s\n" % (spacing, line) return ret -def check_ip_option(option, opt, value): -from ipapython.ipautil import CheckedIPAddress +def check_ip_option(option, opt, value, allow_loopback=False): try: -return CheckedIPAddress(value) +if allow_loopback: +return CheckedIPAddressLoopback(value) +else: +return CheckedIPAddress(value) except Exception as e: -raise OptionValueError("option %s: invalid IP address %s: %s" % (opt, value, e)) +raise OptionValueError("option {}: invalid IP address {}: {}" + .format(opt, value, e)) def check_dn_option(option, opt, value): try: @@ -95,9 +100,11 @@ class IPAOption(Option): security-sensitive such as passwords. """ ATTRS = Option.ATTRS + ["sensitive", "constructor"] -TYPES = Option.TYPES + ("ip", "dn", "constructor") +TYPES = Option.TYPES + ("ip", "dn", "constructor", "ip_with_loopback") TYPE_CHECKER = copy(Option.TYPE_CHECKER) TYPE_CHECKER["ip"] = check_ip_option +TYPE_CHECKER["ip_with_loopback"] = functools.partial(check_ip_option, + allow_loopback=True) TYPE_CHECKER["dn"] = check_dn_option TYPE_CHECKER["constructor"] = check_constructor diff --git a/ipapython/install/cli.py b/ipapython/install/cli.py index 1cac24d50e..e8f67a3de3 100644 --- a/ipapython/install/cli.py +++ b/ipapython/install/cli.py @@ -16,7 +16,8 @@ from ipapython import admintool from ipapython.ipa_log_manager import standard_logging_setup -from ipapython.ipautil import CheckedIPAddress, private_ccache +from ipapython.ipautil import (CheckedIPAddress, CheckedIPAddressLoopback, + private_ccache) from . import core, common @@ -166,6 +167,8 @@ def add_options(cls, parser, positional=False): kwargs['type'] = 'int' elif knob_scalar_type is long: kwargs['type'] = 'long' +elif knob_scalar_type is CheckedIPAddressLoopback: +kwargs['type'] = 'ip_with_loopback' elif knob_scalar_type is CheckedIPAddress: kwargs['type'] = 'ip' elif issubclass(knob_scalar_type, enum.Enum): diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 71ed4a1747..c4149a18
[Freeipa-devel] [freeipa PR#903][closed] Warning the user when using a loopback IP as forwarder
URL: https://github.com/freeipa/freeipa/pull/903 Author: felipevolpone Title: #903: Warning the user when using a loopback IP as forwarder Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/903/head:pr903 git checkout pr903 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1264][opened] [Backport][ipa-4-6] Removing replica-s4u2proxy.ldif since it's not used anymore
URL: https://github.com/freeipa/freeipa/pull/1264 Author: felipevolpone Title: #1264: [Backport][ipa-4-6] Removing replica-s4u2proxy.ldif since it's not used anymore Action: opened PR body: """ This PR was opened automatically because PR #1240 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1264/head:pr1264 git checkout pr1264 From c649a771af26a4f7b8cf549455a27fe6bc99c037 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 6 Nov 2017 14:12:49 -0200 Subject: [PATCH] Removing replica-s4u2proxy.ldif since it's not used anymore Since commit 23a0453c4d33271376b2156f2e2b484e8b9708c9, the replica-s4u2proxy.ldif file it's not used anymore. https://pagure.io/freeipa/issue/7174 --- install/share/Makefile.am| 1 - install/share/replica-s4u2proxy.ldif | 14 -- 2 files changed, 15 deletions(-) delete mode 100644 install/share/replica-s4u2proxy.ldif diff --git a/install/share/Makefile.am b/install/share/Makefile.am index e044b328f6..b1285854ea 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -79,7 +79,6 @@ dist_app_DATA =\ sudobind.ldif \ automember.ldif \ replica-automember.ldif \ - replica-s4u2proxy.ldif \ sasl-mapping-fallback.ldif \ schema-update.ldif \ vault.ldif \ diff --git a/install/share/replica-s4u2proxy.ldif b/install/share/replica-s4u2proxy.ldif deleted file mode 100644 index c7ced5ee29..00 --- a/install/share/replica-s4u2proxy.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX -changetype: modify -add: memberPrincipal -memberPrincipal: HTTP/$FQDN@$REALM - -# ipa-cifs-delegation-targets needs to be an ipaAllowedTarget for HTTP -# delegation but we don't add it here as an LDIF because this entry may -# already exist from another replica, or previous install. If it is missing -# then it will be caught by the update file 61-trusts-s4u2proxy.update - -dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX -changetype: modify -add: memberPrincipal -memberPrincipal: ldap/$FQDN@$REALM ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1240][closed] Removing replica-s4u2proxy.ldif since it's not used anymore
URL: https://github.com/freeipa/freeipa/pull/1240 Author: felipevolpone Title: #1240: Removing replica-s4u2proxy.ldif since it's not used anymore Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1240/head:pr1240 git checkout pr1240 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1263][opened] [Backport][ipa-4-5] Removing replica-s4u2proxy.ldif since it's not used anymore
URL: https://github.com/freeipa/freeipa/pull/1263 Author: felipevolpone Title: #1263: [Backport][ipa-4-5] Removing replica-s4u2proxy.ldif since it's not used anymore Action: opened PR body: """ This PR was opened automatically because PR #1240 was pushed to master and backport to ipa-4-5 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1263/head:pr1263 git checkout pr1263 From cf0ae99a28086f012e2096c48367c21668b055ab Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 6 Nov 2017 14:12:49 -0200 Subject: [PATCH] Removing replica-s4u2proxy.ldif since it's not used anymore Since commit 23a0453c4d33271376b2156f2e2b484e8b9708c9, the replica-s4u2proxy.ldif file it's not used anymore. https://pagure.io/freeipa/issue/7174 --- install/share/Makefile.am| 1 - install/share/replica-s4u2proxy.ldif | 14 -- 2 files changed, 15 deletions(-) delete mode 100644 install/share/replica-s4u2proxy.ldif diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 46b3d77663..544bff9c59 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -80,7 +80,6 @@ dist_app_DATA =\ sudobind.ldif \ automember.ldif \ replica-automember.ldif \ - replica-s4u2proxy.ldif \ sasl-mapping-fallback.ldif \ schema-update.ldif \ vault.ldif \ diff --git a/install/share/replica-s4u2proxy.ldif b/install/share/replica-s4u2proxy.ldif deleted file mode 100644 index c7ced5ee29..00 --- a/install/share/replica-s4u2proxy.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX -changetype: modify -add: memberPrincipal -memberPrincipal: HTTP/$FQDN@$REALM - -# ipa-cifs-delegation-targets needs to be an ipaAllowedTarget for HTTP -# delegation but we don't add it here as an LDIF because this entry may -# already exist from another replica, or previous install. If it is missing -# then it will be caught by the update file 61-trusts-s4u2proxy.update - -dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX -changetype: modify -add: memberPrincipal -memberPrincipal: ldap/$FQDN@$REALM ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1240][opened] Removing replica-s4u2proxy.ldif since it's not used anymore
URL: https://github.com/freeipa/freeipa/pull/1240 Author: felipevolpone Title: #1240: Removing replica-s4u2proxy.ldif since it's not used anymore Action: opened PR body: """ Since commit 23a0453c4d33271376b2156f2e2b484e8b9708c9, the replica-s4u2proxy.ldif file it's not used anymore. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1240/head:pr1240 git checkout pr1240 From 537cfa7380aeb2af0575355447652e1df8a4e2b5 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 6 Nov 2017 14:12:49 -0200 Subject: [PATCH] Removing replica-s4u2proxy.ldif since it's not used anymore Since commit 23a0453c4d33271376b2156f2e2b484e8b9708c9, the replica-s4u2proxy.ldif file it's not used anymore. --- install/share/Makefile.am| 1 - install/share/replica-s4u2proxy.ldif | 14 -- 2 files changed, 15 deletions(-) delete mode 100644 install/share/replica-s4u2proxy.ldif diff --git a/install/share/Makefile.am b/install/share/Makefile.am index e044b328f6..b1285854ea 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -79,7 +79,6 @@ dist_app_DATA =\ sudobind.ldif \ automember.ldif \ replica-automember.ldif \ - replica-s4u2proxy.ldif \ sasl-mapping-fallback.ldif \ schema-update.ldif \ vault.ldif \ diff --git a/install/share/replica-s4u2proxy.ldif b/install/share/replica-s4u2proxy.ldif deleted file mode 100644 index c7ced5ee29..00 --- a/install/share/replica-s4u2proxy.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX -changetype: modify -add: memberPrincipal -memberPrincipal: HTTP/$FQDN@$REALM - -# ipa-cifs-delegation-targets needs to be an ipaAllowedTarget for HTTP -# delegation but we don't add it here as an LDIF because this entry may -# already exist from another replica, or previous install. If it is missing -# then it will be caught by the update file 61-trusts-s4u2proxy.update - -dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX -changetype: modify -add: memberPrincipal -memberPrincipal: ldap/$FQDN@$REALM ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1234][opened] Fix log capture when running pytests_multihosts commands
URL: https://github.com/freeipa/freeipa/pull/1234 Author: felipevolpone Title: #1234: Fix log capture when running pytests_multihosts commands Action: opened PR body: """ The pytests_plugins/integration/config.py::Config class provides the get_logger method in order to customize the default log of the plugin. Previously, before commit 07229c8ff9ba87b7d6599c3ec0d362ef2be4, the code was using ipa_log_manager, a custom log solution. After moving to use the default python way, the log is not configured anymore. This PR address it changing the level to DEBUG in order to capture the output of pytest_multihosts commands. As an example, when running `ipa-server-install`, you will be able to see an output like this: ``` [[...].Host.master.cmd2] Checking DNS domain ipa.test, please wait ... [[...].Host.master.cmd2] [[...].Host.master.cmd2] The log file for this installation can be found in /var/log/ipaserver-install.log [[...].Host.master.cmd2] == [[...].Host.master.cmd2] This program will set up the FreeIPA Server. [[...].Host.master.cmd2] [[...].Host.master.cmd2] This includes: [[...].Host.master.cmd2] * Configure a stand-alone CA (dogtag) for certificate management [[...].Host.master.cmd2] * Configure the Network Time Daemon (ntpd) [[...].Host.master.cmd2] * Create and configure an instance of Directory Server [[...].Host.master.cmd2] * Create and configure a Kerberos Key Distribution Center (KDC) ``` Fixes: https://pagure.io/freeipa/issue/7186 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1234/head:pr1234 git checkout pr1234 From 7ee2ef6586e9e1e2191fc2eb20f9e0e4b0296d5e Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 6 Nov 2017 10:06:33 -0200 Subject: [PATCH] Fix log capture when running pytests_multihosts commands The pytests_plugins/integration/config.py::Config class provides the get_logger method in order to customize the default log of the plugin. Previously, before commit 07229c8ff9ba87b7d6599c3ec0d362ef2be4, the code was using ipa_log_manager, a custom log solution. After moving to use the default python way, the log is not configured anymore. This PR address it changing the level to DEBUG in order to capture the output of pytest_multihosts commands. As an example, when running `ipa-server-install`, you will be able to see an output like this: ``` [[...].Host.master.cmd2] Checking DNS domain ipa.test, please wait ... [[...].Host.master.cmd2] [[...].Host.master.cmd2] The log file for this installation can be found in /var/log/ipaserver-install.log [[...].Host.master.cmd2] == [[...].Host.master.cmd2] This program will set up the FreeIPA Server. [[...].Host.master.cmd2] [[...].Host.master.cmd2] This includes: [[...].Host.master.cmd2] * Configure a stand-alone CA (dogtag) for certificate management [[...].Host.master.cmd2] * Configure the Network Time Daemon (ntpd) [[...].Host.master.cmd2] * Create and configure an instance of Directory Server [[...].Host.master.cmd2] * Create and configure a Kerberos Key Distribution Center (KDC) ``` Fixes: https://pagure.io/freeipa/issue/7186 --- ipatests/pytest_plugins/integration/config.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ipatests/pytest_plugins/integration/config.py b/ipatests/pytest_plugins/integration/config.py index 78fc81d797..734a2d92f1 100644 --- a/ipatests/pytest_plugins/integration/config.py +++ b/ipatests/pytest_plugins/integration/config.py @@ -71,7 +71,9 @@ def get_domain_class(self): return Domain def get_logger(self, name): -return logging.getLogger(name) +logger = logging.getLogger(name) +logger.setLevel(logging.DEBUG) +return logger @property def ad_domains(self): ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1217][closed] [Backport][ipa-4-5] Include the CA basic constraint in CSRs when renewing a CA
URL: https://github.com/freeipa/freeipa/pull/1217 Author: pvoborni Title: #1217: [Backport][ipa-4-5] Include the CA basic constraint in CSRs when renewing a CA Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1217/head:pr1217 git checkout pr1217 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1166][closed] [Backport][ipa-4-6] kra-install: better warning message
URL: https://github.com/freeipa/freeipa/pull/1166 Author: felipevolpone Title: #1166: [Backport][ipa-4-6] kra-install: better warning message Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1166/head:pr1166 git checkout pr1166 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1165][closed] [Backport][ipa-4-5] kra-install: better warning message
URL: https://github.com/freeipa/freeipa/pull/1165 Author: felipevolpone Title: #1165: [Backport][ipa-4-5] kra-install: better warning message Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1165/head:pr1165 git checkout pr1165 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1166][opened] [Backport][ipa-4-6] kra-install: better warning message
URL: https://github.com/freeipa/freeipa/pull/1166 Author: felipevolpone Title: #1166: [Backport][ipa-4-6] kra-install: better warning message Action: opened PR body: """ This PR was opened automatically because PR #1162 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1166/head:pr1166 git checkout pr1166 From 10b30031a0b69514d1de8841886c0c919010172d Mon Sep 17 00:00:00 2001 From: Alexander Koksharov Date: Tue, 17 Oct 2017 12:29:43 +0200 Subject: [PATCH] kra-install: better warning message User would like to see CA installation command in KRA installation warning message. This makes warning message similar to other installer messages where it does suggests a command to run. https://pagure.io/freeipa/issue/6952 --- ipaserver/install/ipa_kra_install.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py index 4125c32715..4e5533b67c 100644 --- a/ipaserver/install/ipa_kra_install.py +++ b/ipaserver/install/ipa_kra_install.py @@ -150,7 +150,8 @@ def run(self): if not cainstance.is_ca_installed_locally(): raise RuntimeError("Dogtag CA is not installed. " - "Please install the CA first") + "Please install a CA first with the " + "`ipa-ca-install` command.") # check if KRA is not already installed _kra = krainstance.KRAInstance(api) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1165][opened] [Backport][ipa-4-5] kra-install: better warning message
URL: https://github.com/freeipa/freeipa/pull/1165 Author: felipevolpone Title: #1165: [Backport][ipa-4-5] kra-install: better warning message Action: opened PR body: """ This PR was opened automatically because PR #1162 was pushed to master and backport to ipa-4-5 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1165/head:pr1165 git checkout pr1165 From f82f77b3a0c13059652f1b856a0f99b6860830c5 Mon Sep 17 00:00:00 2001 From: Alexander Koksharov Date: Tue, 17 Oct 2017 12:29:43 +0200 Subject: [PATCH] kra-install: better warning message User would like to see CA installation command in KRA installation warning message. This makes warning message similar to other installer messages where it does suggests a command to run. https://pagure.io/freeipa/issue/6952 --- ipaserver/install/ipa_kra_install.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py index 8369d2f408..3e08f4da94 100644 --- a/ipaserver/install/ipa_kra_install.py +++ b/ipaserver/install/ipa_kra_install.py @@ -147,7 +147,8 @@ def run(self): if not cainstance.is_ca_installed_locally(): raise RuntimeError("Dogtag CA is not installed. " - "Please install the CA first") + "Please install a CA first with the " + "`ipa-ca-install` command.") # check if KRA is not already installed _kra = krainstance.KRAInstance(api) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1162][closed] kra-install: better warning message
URL: https://github.com/freeipa/freeipa/pull/1162 Author: akokshar Title: #1162: kra-install: better warning message Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1162/head:pr1162 git checkout pr1162 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1125][opened] Check if replica-s4u2proxy.ldif should be applied
URL: https://github.com/freeipa/freeipa/pull/1125 Author: felipevolpone Title: #1125: Check if replica-s4u2proxy.ldif should be applied Action: opened PR body: """ Now, before applying replica-s3u2proxy.ldif, we check if the values are already there. The values can be there, if a replica installation was done in the past and some info was left behind. https://pagure.io/freeipa/issue/7174 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1125/head:pr1125 git checkout pr1125 From cc6aa7ef270176279501cce0e7bd297117ba6ec3 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Tue, 3 Oct 2017 15:18:42 -0300 Subject: [PATCH] Checks if replica-s4u2proxy.ldif should be applied Now, before applying replica-s3u2proxy.ldif, we check if the values are already there. The values can be there if a replica installation was done in the past and some info was left behind. https://pagure.io/freeipa/issue/7174 --- ipaserver/install/dsinstance.py | 18 ++ 1 file changed, 18 insertions(+) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 4ec6ceed5a..d5b043e4f0 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -935,6 +935,24 @@ def __add_replication_acis(self): self._ldap_mod("replica-acis.ldif", self.sub_dict) def __setup_s4u2proxy(self): +http_dn = DN(('cn', 'ipa-http-delegation'), ('cn', 's4u2proxy'), + ('cn', 'etc'), self.suffix) + +ldap_dn = DN(('cn', 'ipa-ldap-delegation-targets'), + ('cn', 's4u2proxy'), ('cn', 'etc'), self.suffix) + +mp_http = 'HTTP/{fqdn}@{realm}'.format(fqdn=self.fqdn, + realm=self.realm) +mp_ldap = 'ldap/{fqdn}@{realm}'.format(fqdn=self.fqdn, + realm=self.realm) + +entry_http = api.Backend.ldap2.get_entry(http_dn, ['memberPrincipal']) +entry_ldap = api.Backend.ldap2.get_entry(ldap_dn, ['memberPrincipal']) + +if (mp_http in entry_http['memberPrincipal'] + and mp_ldap in entry_ldap['memberPrincipal']): +return + self._ldap_mod("replica-s4u2proxy.ldif", self.sub_dict) def __create_indices(self): ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1117][closed] Testing ipatests with py3
URL: https://github.com/freeipa/freeipa/pull/1117 Author: felipevolpone Title: #1117: Testing ipatests with py3 Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1117/head:pr1117 git checkout pr1117 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1117][opened] Testing ipatests with py3 and new template
URL: https://github.com/freeipa/freeipa/pull/1117 Author: felipevolpone Title: #1117: Testing ipatests with py3 and new template Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1117/head:pr1117 git checkout pr1117 From ee96a488edef5e0e76182f3551e1a1a9b9db3174 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Thu, 28 Sep 2017 15:29:41 -0300 Subject: [PATCH] Testing ipatests with py3 and new template --- .freeipa-pr-ci.yaml | 2 +- freeipa.spec.in | 13 - 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index de5d959e33..38ceda6ef7 100644 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -9,7 +9,7 @@ jobs: git_refspec: '{git_refspec}' template: &ci-master-f26 name: freeipa/ci-master-f26 - version: 0.1.3 + version: 0.1.4 timeout: 1800 fedora-26/simple_replication: diff --git a/freeipa.spec.in b/freeipa.spec.in index 6d992ba151..852e94ccdd 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -1027,10 +1027,21 @@ mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{p ln -s %{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests-2 ln -s %{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config-2 ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task-2 -# test framework defaults to Python 2 +%endif # with_ipatests + +# Decide which Python (2 or 3) should be used as default for tests +%if 0%{?with_ipatests} +%if 0%{?with_python3} +# Building with python3 => make it default for tests +ln -s %{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests +ln -s %{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config +ln -s %{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task +%else +# Building python2 only => make it default for tests ln -s %{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests ln -s %{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task ++%endif # with_python3 %endif # with_ipatests # remove files which are useful only for make uninstall ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1076][opened] [backport][ipa-4-5] Changing idoverrideuser-* to treat objectClass case insensitively
URL: https://github.com/freeipa/freeipa/pull/1076 Author: felipevolpone Title: #1076: [backport][ipa-4-5] Changing idoverrideuser-* to treat objectClass case insensitively Action: opened PR body: """ This is import to avoid problems when migrating from olders versions of IPA and using idoverrideuser-* commands. https://pagure.io/freeipa/issue/7074 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1076/head:pr1076 git checkout pr1076 From 3bbfc46a7df270071db5064c5097f9ef1700854d Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Mon, 4 Sep 2017 09:12:06 -0300 Subject: [PATCH] Changing idoverrideuser-* to treat objectClass case insensitively This is import to avoid problems when migrating from olders versions of IPA and using idoverrideuser-* commands. https://pagure.io/freeipa/issue/7074 --- ipaserver/plugins/idviews.py | 11 +-- 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/ipaserver/plugins/idviews.py b/ipaserver/plugins/idviews.py index b5ee32cf13..a55c20bbf2 100644 --- a/ipaserver/plugins/idviews.py +++ b/ipaserver/plugins/idviews.py @@ -543,7 +543,8 @@ def resolve_object_to_anchor(ldap, obj_type, obj, fallback_to_ldap): 'group': 'ipausergroup', }[obj_type] -if required_objectclass not in entry['objectclass']: +if not api.Object[obj_type].has_objectclass(entry['objectclass'], +required_objectclass): raise errors.ValidationError( name=_('IPA object'), error=_('system IPA objects (e.g system groups, user ' @@ -786,12 +787,10 @@ def pre_callback(self, ldap, dn, *keys, **options): except errors.NotFound: self.obj.handle_not_found(*keys) -required_object_classes = set(self.obj.object_class) -actual_object_classes = set(entry['objectclass']) - # If not, treat it as a failed search -if not required_object_classes.issubset(actual_object_classes): -self.obj.handle_not_found(*keys) +for required_oc in self.obj.object_class: +if not self.obj.has_objectclass(entry['objectclass'], required_oc): +self.obj.handle_not_found(*keys) return dn ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1075][opened] [backport][ipa-4-5] Fixing how sssd.conf is updated when promoting a client to replica
URL: https://github.com/freeipa/freeipa/pull/1075 Author: felipevolpone Title: #1075: [backport][ipa-4-5] Fixing how sssd.conf is updated when promoting a client to replica Action: opened PR body: """ When promoting a client to a replica we have to change sssd.conf, deleting _srv_ part from 'ipa_server' property and setting 'ipa_server_mode' to true. Previously, the wrong domain could be updated since the ipa_domain variable was not being used properly. https://pagure.io/freeipa/issue/7127 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1075/head:pr1075 git checkout pr1075 From 59ab4c63d4ee1f29953a12f6c0d2f49d075b993f Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Wed, 13 Sep 2017 09:26:41 -0300 Subject: [PATCH] Fixing how sssd.conf is updated when promoting a client to replica When promoting a client to a replica we have to change sssd.conf, deleting _srv_ part from 'ipa_server' property and setting 'ipa_server_mode' to true. Previously, the wrong domain could be updated since the ipa_domain variable was not being used properly. https://pagure.io/freeipa/issue/7127 --- ipaserver/install/server/replicainstall.py | 27 --- ipaserver/install/server/upgrade.py| 4 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index ca5b7e02ac..6aa1157133 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -432,30 +432,27 @@ def promote_sssd(host_name): sssdconfig.import_config() domains = sssdconfig.list_active_domains() -ipa_domain = None - for name in domains: domain = sssdconfig.get_domain(name) try: hostname = domain.get_option('ipa_hostname') if hostname == host_name: -ipa_domain = domain +break except SSSDConfig.NoOptionError: continue - -if ipa_domain is None: -raise RuntimeError("Couldn't find IPA domain in sssd.conf") else: -domain.set_option('ipa_server', host_name) -domain.set_option('ipa_server_mode', True) -sssdconfig.save_domain(domain) -sssdconfig.write() +raise RuntimeError("Couldn't find IPA domain in sssd.conf") -sssd = services.service('sssd', api) -try: -sssd.restart() -except CalledProcessError: -root_logger.warning("SSSD service restart was unsuccessful.") +domain.set_option('ipa_server', host_name) +domain.set_option('ipa_server_mode', True) +sssdconfig.save_domain(domain) +sssdconfig.write() + +sssd = services.service('sssd', api) +try: +sssd.restart() +except CalledProcessError: +root_logger.warning("SSSD service restart was unsuccessful.") def promote_openldap_conf(hostname, master): diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index abbfa393d6..893e29b3f3 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1817,11 +1817,15 @@ def upgrade_configuration(): cainstance.ensure_ipa_authority_entry() set_sssd_domain_option('ipa_server_mode', 'True') +set_sssd_domain_option('ipa_server', api.env.host) sssdconfig = SSSDConfig.SSSDConfig() sssdconfig.import_config() sssd_enable_service(sssdconfig, 'ifp') +sssd = services.service('sssd', api) +sssd.restart() + krb = krbinstance.KrbInstance(fstore) krb.fqdn = fqdn krb.realm = api.env.realm ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1073][opened] Testing a new vagrant box for PR CI using f26 to ipa-4-5
URL: https://github.com/freeipa/freeipa/pull/1073 Author: felipevolpone Title: #1073: Testing a new vagrant box for PR CI using f26 to ipa-4-5 Action: opened PR body: """ Using PR CI triggers to test if the new vagrant box will work properly. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1073/head:pr1073 git checkout pr1073 From 594e049ab6b37794cc3dc7d14460a6a5eab9e964 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Wed, 13 Sep 2017 08:46:06 -0300 Subject: [PATCH] Use f26 template for ipa-4-5 --- .freeipa-pr-ci.yaml | 22 +++--- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index f808714d53..647bdcd4f7 100644 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -1,5 +1,5 @@ jobs: - fedora-25/build: + fedora-26/build: requires: [] priority: 100 job: @@ -7,28 +7,28 @@ jobs: args: git_repo: '{git_repo}' git_refspec: '{git_refspec}' -template: &ci-ipa-4-5-f25 - name: freeipa/ci-ipa-4-5-f25 +template: &ci-ipa-4-5-f26 + name: felipevolpone/ci-ipa-4-5-f26 version: 0.1.2 timeout: 1800 - fedora-25/simple_replication: -requires: [fedora-25/build] + fedora-26/simple_replication: +requires: [fedora-26/build] priority: 50 job: class: RunPytest args: -build_url: '{fedora-25/build_url}' +build_url: '{fedora-26/build_url}' test_suite: test_integration/test_simple_replication.py -template: *ci-ipa-4-5-f25 +template: *ci-ipa-4-5-f26 timeout: 3600 - fedora-25/caless: -requires: [fedora-25/build] + fedora-26/caless: +requires: [fedora-26/build] priority: 50 job: class: RunPytest args: -build_url: '{fedora-25/build_url}' +build_url: '{fedora-26/build_url}' test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull -template: *ci-ipa-4-5-f25 +template: *ci-ipa-4-5-f26 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1036][opened] Fixing tox and pylint errors
URL: https://github.com/freeipa/freeipa/pull/1036 Author: felipevolpone Title: #1036: Fixing tox and pylint errors Action: opened PR body: """ Fixing import errors introduced by commit cac3475a0454b730d6e5b2093c2e63d395acd387. https://pagure.io/freeipa/issue/7132 Output of tox commands: tox -e py27 ``` fbarreto@freeipa (fix-tox-imports) tox -e py27 py27 recreate: /home/fbarreto/projects/freeipa/.tox/py27 py27 installdeps: ipaclient[csrgen], ipatests py27 installed: asn1crypto==0.22.0,cffi==1.10.0,cryptography==2.0.3,decorator==4.1.2,dnspython==1.15.0,enum34==1.1.6,gssapi==1.2.0,idna==2.6,ipaclient==4.6.90.dev201709041448+gitac6e4cb61,ipaddress==1.0.18,ipalib==4.6.90.dev201709041448+gitac6e4cb61,ipapython==4.6.90.dev201709041448+gitac6e4cb61,ipatests==4.6.90.dev201709041448+gitac6e4cb61,Jinja2==2.9.6,MarkupSafe==1.0,netaddr==0.7.19,netifaces==0.10.6,nose==1.3.7,polib==1.0.8,py==1.4.34,pyasn1==0.3.3,pyasn1-modules==0.1.1,pycparser==2.18,pytest==3.2.1,pytest-multihost==1.1.1,python-ldap==2.4.42,qrcode==5.3,six==1.10.0 py27 runtests: PYTHONHASHSEED='3471542700' py27 runtests: commands[0] | /home/fbarreto/projects/freeipa/.tox/py27/bin/ipa --help Usage: ipa [global-options] COMMAND [command-options] Manage an IPA domain Options: --version show program's version number and exit -h, --help Show this help message and exit -e KEY=VAL Set environment variable KEY to VAL -c FILELoad configuration from FILE. -d, --debugProduce full debuging output --delegate Delegate the TGT to the IPA server -v, --verbose Produce more verbose output. A second -v displays the XML-RPC request -a, --prompt-all Prompt for ALL values (even if optional) -n, --no-promptPrompt for NO values (even if required) -f, --no-fallback Only use the server configured in /etc/ipa/default.conf See "ipa help topics" for available help topics. See "ipa help " for more information on a specific topic. See "ipa help commands" for the full list of commands. See "ipa --help" for more information on a specific command. py27 runtests: commands[1] | /home/fbarreto/projects/freeipa/.tox/py27/bin/python -bb /home/fbarreto/projects/freeipa/.tox/py27/bin/ipa-run-tests --ipaclient-unittests == test session starts == platform linux2 -- Python 2.7.13, pytest-3.2.1, py-1.4.34, pluggy-0.4.0 rootdir: /home/fbarreto/projects/freeipa/.tox/py27/lib/python2.7/site-packages/ipatests, inifile: plugins: multihost-1.1.1 collected 451 items / 285 skipped test_util.py util.py .. test_ipaclient/test_csrgen.py . test_ipalib/test_aci.py ... test_ipalib/test_backend.py test_ipalib/test_base.py ... test_ipalib/test_capabilities.py . test_ipalib/test_cli.py ... test_ipalib/test_config.py ... test_ipalib/test_crud.py ... test_ipalib/test_errors.py ... test_ipalib/test_frontend.py test_ipalib/test_messages.py test_ipalib/test_output.py ... test_ipalib/test_parameters.py . test_ipalib/test_plugable.py test_ipalib/test_rpc.py .. test_ipalib/test_text.py . test_ipalib/test_x509.py ... test_ipapython/test_cookie.py test_ipapython/test_dn.py test_ipapython/test_ipautil.py .. test_ipapython/test_ipavalidate.py .. test_ipapython/test_kerberos.py .. test_ipapython/test_keyring.py .. test_ipapython/test_session_storage.py sss test_ipapython/test_ssh.py ... test_pkcs10/test_pkcs10.py . === 440 passed, 296 skipped in 14.63 seconds summary py27: commands succeeded congratulations :) ``` tox -e pylint2 ``` fbarreto@freeipa (fix-tox-imports) tox -e pylint2 pylint2 recreate: /home/fbarreto/projects/freeipa/.tox/pylint2 pylint2 installdeps: ipaclient[csrgen,otptoken_yubikey], pylint pylint2 installed: asn1crypto==0.22.0,astroid==1.4.9,backports.functools-lru-cache==1.4,cffi==1.10.0,configparser==3.5.0,cryptography==2.0.3,decorator==4.1.2,dnspython==1.15.0,enum34==1.1.6,gssapi==1.2.0,idna==2.6,ipaclient==4.6.90.dev201709041448+gitac6e4cb61,ipaddress==1.0.18,ipalib==4.6.90.dev201709041448+gitac6e4cb61,ipapython==4.6.90.dev201709041448+gitac6e4cb61,isort==4.2.15,Jinja2==2.9.6,lazy-object-proxy==1.3.1,MarkupSafe==1.0,mccabe==0.6.1,netaddr==0.7.19,netifaces==0.10.6,pyasn1==0.3.3,pyasn1-modules==0.1.1,pycparser==2.18,pylint==1.6.5,python-ldap==2.4.42,python-yubico==1.3.2,pyusb==1.0.0,qrcode==5.3,six==1.10.0,wrapt==1.10.11 pyl
[Freeipa-devel] [freeipa PR#1033][opened] Fixing internal error in param-{find,show}
URL: https://github.com/freeipa/freeipa/pull/1033 Author: felipevolpone Title: #1033: Fixing internal error in param-{find,show} Action: opened PR body: """ Fixing internal error in param-{find,show} with nonexistent object and showing properly error message. Since PR #1013 probably won't be updated anymore, I created this one with previous work plus some additional changes. https://pagure.io/freeipa/issue/7134 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1033/head:pr1033 git checkout pr1033 From 986b15d057e520d3e4fedb3c20fde8831ea6ee49 Mon Sep 17 00:00:00 2001 From: David Kupka Date: Tue, 29 Aug 2017 16:49:36 +0200 Subject: [PATCH 1/2] schema: Fix internal error in param-{find,show} with nonexistent object --- ipaserver/plugins/schema.py | 26 +++--- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/ipaserver/plugins/schema.py b/ipaserver/plugins/schema.py index 1dbbec5f03..2ed669ded1 100644 --- a/ipaserver/plugins/schema.py +++ b/ipaserver/plugins/schema.py @@ -624,16 +624,25 @@ def _get_obj(self, metaobj_param, **kwargs): return obj def _retrieve(self, metaobjectfull_name, name, **kwargs): +found = False try: metaobj = self.api.Command[metaobjectfull_name] plugin = self.api.Object['command'] except KeyError: -metaobj = self.api.Object[metaobjectfull_name] -plugin = self.api.Object['class'] +try: +metaobj = self.api.Object[metaobjectfull_name] +plugin = self.api.Object['class'] +except KeyError: +pass +else: +found = True +else: +found = True -for param in plugin._iter_params(metaobj): -if param.name == name: -return metaobj, param +if found: +for param in plugin._iter_params(metaobj): +if param.name == name: +return metaobj, param raise errors.NotFound( reason=_("%(pkey)s: %(oname)s not found") % { @@ -646,8 +655,11 @@ def _search(self, metaobjectfull_name, **kwargs): metaobj = self.api.Command[metaobjectfull_name] plugin = self.api.Object['command'] except KeyError: -metaobj = self.api.Object[metaobjectfull_name] -plugin = self.api.Object['class'] +try: +metaobj = self.api.Object[metaobjectfull_name] +plugin = self.api.Object['class'] +except KeyError: +return tuple() return ((metaobj, param) for param in plugin._iter_params(metaobj)) From 4699d07164d978d22aa1eb26af4d2d37a93636cf Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Fri, 1 Sep 2017 13:44:08 -0300 Subject: [PATCH 2/2] Show error properly when name or full name are not valid --- ipaserver/plugins/schema.py | 21 - 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/ipaserver/plugins/schema.py b/ipaserver/plugins/schema.py index 2ed669ded1..f77418fe75 100644 --- a/ipaserver/plugins/schema.py +++ b/ipaserver/plugins/schema.py @@ -625,18 +625,21 @@ def _get_obj(self, metaobj_param, **kwargs): def _retrieve(self, metaobjectfull_name, name, **kwargs): found = False + try: metaobj = self.api.Command[metaobjectfull_name] -plugin = self.api.Object['command'] except KeyError: -try: -metaobj = self.api.Object[metaobjectfull_name] -plugin = self.api.Object['class'] -except KeyError: -pass -else: -found = True -else: +raise errors.NotFound( +reason=_("%(metaobject)s: %(oname)s not found") % { +'metaobject': metaobjectfull_name, 'oname': self.name, +} +) + +if 'command' in self.api.Object: +plugin = self.api.Object['command'] +found = True +elif 'class' in self.api.Object: +plugin = self.api.Object['class'] found = True if found: ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1022][opened] Backport PR 989 to ipa-4-5
URL: https://github.com/freeipa/freeipa/pull/1022 Author: felipevolpone Title: #1022: Backport PR 989 to ipa-4-5 Action: opened PR body: """ This PR was opened automatically because PR #989 was pushed to master and backport to ipa-4-5 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1022/head:pr1022 git checkout pr1022 From 3c0f36477fe45d695b48259a06b8d35c7e7fffe0 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Wed, 30 Aug 2017 14:13:38 -0300 Subject: [PATCH] Removing part of circular dependency of ipalib in ipaplaform After commit cac3475, ipa-backup is broken due to circular dependencies. This fixes it, removing circular dependency of ipalib. The ipalib.constants.IPAAPI_USER is now passed as parameter to the function that use it. https://pagure.io/freeipa/issue/7108 --- ipaplatform/base/tasks.py | 2 +- ipaplatform/redhat/tasks.py| 11 --- ipaserver/install/httpinstance.py | 3 ++- ipaserver/install/server/install.py| 6 +++--- ipaserver/install/server/replicainstall.py | 2 +- ipaserver/install/server/upgrade.py| 3 ++- 6 files changed, 13 insertions(+), 14 deletions(-) diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index 3358b7d257..1ec93e053f 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -203,7 +203,7 @@ def configure_tmpfiles(self): """Configure tmpfiles to be created at boot""" raise NotImplementedError() -def create_tmpfiles_dirs(self): +def create_tmpfiles_dirs(self, ipaapi_user): """Create run dirs for the install phase""" raise NotImplementedError() diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index 07efebab97..560f83d1c3 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -50,9 +50,6 @@ from ipaplatform.redhat.authconfig import RedHatAuthConfig from ipaplatform.base.tasks import BaseTaskNamespace -# pylint: disable=ipa-forbidden-import -from ipalib.constants import IPAAPI_USER -# pylint: enable=ipa-forbidden-import _ffi = FFI() _ffi.cdef(""" @@ -460,7 +457,7 @@ def configure_httpd_service_ipa_conf(self): ipautil.run([paths.SYSTEMCTL, "--system", "daemon-reload"], raiseonerr=False) -def configure_http_gssproxy_conf(self): +def configure_http_gssproxy_conf(self, ipaapi_user): ipautil.copy_template_file( os.path.join(paths.USR_SHARE_IPA_DIR, 'gssproxy.conf.template'), paths.GSSPROXY_CONF, @@ -468,7 +465,7 @@ def configure_http_gssproxy_conf(self): HTTP_KEYTAB=paths.HTTP_KEYTAB, HTTP_CCACHE=paths.HTTP_CCACHE, HTTPD_USER=constants.HTTPD_USER, -IPAAPI_USER=IPAAPI_USER, +IPAAPI_USER=ipaapi_user, ) ) @@ -523,9 +520,9 @@ def _create_tmpfiles_dir(self, name, mode, uid, gid): os.chmod(name, mode) os.chown(name, uid, gid) -def create_tmpfiles_dirs(self): +def create_tmpfiles_dirs(self, ipaapi_user): parent = os.path.dirname(paths.IPA_CCACHES) -pent = pwd.getpwnam(IPAAPI_USER) +pent = pwd.getpwnam(ipaapi_user) self._create_tmpfiles_dir(parent, 0o711, 0, 0) self._create_tmpfiles_dir(paths.IPA_CCACHES, 0o770, pent.pw_uid, pent.pw_gid) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index f637b97db8..50a1069ce0 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -46,6 +46,7 @@ import ipapython.errors from ipaserver.install import sysupgrade from ipalib import api +from ipalib.constants import IPAAPI_USER from ipaplatform.constants import constants from ipaplatform.tasks import tasks from ipaplatform.paths import paths @@ -238,7 +239,7 @@ def __configure_http(self): os.chmod(target_fname, 0o644) def configure_gssproxy(self): -tasks.configure_http_gssproxy_conf() +tasks.configure_http_gssproxy_conf(IPAAPI_USER) services.knownservices.gssproxy.restart() def change_mod_nss_port_from_http(self): diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index dced253e7f..97cbc6d8c8 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -24,7 +24,7 @@ from ipaplatform.paths import paths from ipaplatform.tasks import tasks from ipalib import api, errors, x509 -from ipalib.constants import DOMAIN_LEVEL_0 +from ipalib.constants import DOMAIN_LEVEL_0, IPAAPI_USER from ipalib.util import ( validate_domain_name, no_matching_interface_for_ip_address_warning, @@ -721,7 +721,7 @@ def install(installer): update_hosts_file(ip_addresses, host_name, fstore) # Make sure tmpfiles dir exist before installing c
[Freeipa-devel] [freeipa PR#1005][opened] Fixing how sssd.conf is updated when promoting a client to replica
URL: https://github.com/freeipa/freeipa/pull/1005 Author: felipevolpone Title: #1005: Fixing how sssd.conf is updated when promoting a client to replica Action: opened PR body: """ When promoting a client to a replica we have to change sssd.conf, deleting _srv_ part from 'ipa_server' property and setting 'ipa_server_mode' to true. Previously, the wrong domain could be updated since the ipa_domain variable was not being used properly. https://bugzilla.redhat.com/show_bug.cgi?id=1478251 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1005/head:pr1005 git checkout pr1005 From bdd656452ce90685ef5c837db067d2500c24d0e5 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Fri, 25 Aug 2017 15:19:21 -0300 Subject: [PATCH] Fixing how sssd.conf is updated when promoting a client to replica When promoting a client to a replica we have to change sssd.conf, deleting _srv_ part from 'ipa_server' property and setting 'ipa_server_mode' to true. Previously, the wrong domain could be updated since the ipa_domain variable was not being used properly. https://bugzilla.redhat.com/show_bug.cgi?id=1478251 --- ipaserver/install/server/replicainstall.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 6f3b2ace1b..50873c4bd8 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -448,9 +448,9 @@ def promote_sssd(host_name): if ipa_domain is None: raise RuntimeError("Couldn't find IPA domain in sssd.conf") else: -domain.set_option('ipa_server', host_name) -domain.set_option('ipa_server_mode', True) -sssdconfig.save_domain(domain) +ipa_domain.set_option('ipa_server', host_name) +ipa_domain.set_option('ipa_server_mode', True) +sssdconfig.save_domain(ipa_domain) sssdconfig.write() sssd = services.service('sssd', api) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#989][opened] Removing part of circular dependency of ipaplatformin ipalib
URL: https://github.com/freeipa/freeipa/pull/989 Author: felipevolpone Title: #989: Removing part of circular dependency of ipaplatformin ipalib Action: opened PR body: """ After commit cac3475a0454b730d6e5b2093c2e63d395acd387, ipa-backup is broken due to circular dependencies. This fixes it, removing circular dependency of ipalib. The ipalib.constants.IPAAPI_USER is now passed as parameter to the functions that use it. https://pagure.io/freeipa/issue/7108 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/989/head:pr989 git checkout pr989 From 6d4d51faf1c8afde6886c9d38f95ceaedb71328f Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Fri, 18 Aug 2017 15:48:45 -0300 Subject: [PATCH] Removing part of circular dependency of ipaplatformin ipalib After commit cac3475, ipa-backup is broken due to circular dependencies. This fixes it, removing circular dependency of ipalib. The ipalib.constants.IPAAPI_USER is now passed as parameter to the functions that use it. https://pagure.io/freeipa/issue/7108 --- ipaplatform/base/tasks.py | 2 +- ipaplatform/redhat/tasks.py| 12 ipaserver/install/httpinstance.py | 3 ++- ipaserver/install/server/install.py| 6 +++--- ipaserver/install/server/replicainstall.py | 2 +- ipaserver/install/server/upgrade.py| 3 ++- 6 files changed, 13 insertions(+), 15 deletions(-) diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index 4175ea261a..e8766fdb81 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -204,7 +204,7 @@ def configure_tmpfiles(self): """Configure tmpfiles to be created at boot""" raise NotImplementedError() -def create_tmpfiles_dirs(self): +def create_tmpfiles_dirs(self, ipaapi_user): """Create run dirs for the install phase""" raise NotImplementedError() diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index d98f8c1691..3996c64be0 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -49,10 +49,6 @@ from ipaplatform.redhat.authconfig import RedHatAuthConfig from ipaplatform.base.tasks import BaseTaskNamespace -# pylint: disable=ipa-forbidden-import -from ipalib.constants import IPAAPI_USER -# pylint: enable=ipa-forbidden-import - logger = logging.getLogger(__name__) _ffi = FFI() @@ -455,7 +451,7 @@ def configure_httpd_service_ipa_conf(self): ipautil.run([paths.SYSTEMCTL, "--system", "daemon-reload"], raiseonerr=False) -def configure_http_gssproxy_conf(self): +def configure_http_gssproxy_conf(self, ipaapi_user): ipautil.copy_template_file( os.path.join(paths.USR_SHARE_IPA_DIR, 'gssproxy.conf.template'), paths.GSSPROXY_CONF, @@ -463,7 +459,7 @@ def configure_http_gssproxy_conf(self): HTTP_KEYTAB=paths.HTTP_KEYTAB, HTTP_CCACHE=paths.HTTP_CCACHE, HTTPD_USER=constants.HTTPD_USER, -IPAAPI_USER=IPAAPI_USER, +IPAAPI_USER=ipaapi_user, ) ) @@ -518,9 +514,9 @@ def _create_tmpfiles_dir(self, name, mode, uid, gid): os.chmod(name, mode) os.chown(name, uid, gid) -def create_tmpfiles_dirs(self): +def create_tmpfiles_dirs(self, ipaapi_user): parent = os.path.dirname(paths.IPA_CCACHES) -pent = pwd.getpwnam(IPAAPI_USER) +pent = pwd.getpwnam(ipaapi_user) self._create_tmpfiles_dir(parent, 0o711, 0, 0) self._create_tmpfiles_dir(paths.IPA_CCACHES, 0o770, pent.pw_uid, pent.pw_gid) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 0b67d6093c..b8afc41734 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -46,6 +46,7 @@ import ipapython.errors from ipaserver.install import sysupgrade from ipalib import api +from ipalib.constants import IPAAPI_USER from ipaplatform.constants import constants from ipaplatform.tasks import tasks from ipaplatform.paths import paths @@ -233,7 +234,7 @@ def __configure_http(self): os.chmod(target_fname, 0o644) def configure_gssproxy(self): -tasks.configure_http_gssproxy_conf() +tasks.configure_http_gssproxy_conf(IPAAPI_USER) services.knownservices.gssproxy.restart() def change_mod_nss_port_from_http(self): diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index a4e3d22b43..a946883946 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -24,7 +24,7 @@ from ipaplatform.paths import paths from ipaplatform.tasks import tasks from ipalib import api, errors, x509 -from ipalib.constants import DOMAIN_LEVEL_0 +from ipalib.constants import DOMAIN_LEVEL_0, IPAAPI_USER from ipalib.util import
[Freeipa-devel] [freeipa PR#969][opened] [ipa-4-5] Changing how commands handles error when it can't connect to IPA server
URL: https://github.com/freeipa/freeipa/pull/969 Author: felipevolpone Title: #969: [ipa-4-5] Changing how commands handles error when it can't connect to IPA server Action: opened PR body: """ Creating a method to check if ipa client is configured. Also, changing scripts to use it instead of duplicating the check. https://pagure.io/freeipa/issue/6261 Reviewed-By: Florence Blanc-Renaud Backport of PR #939 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/969/head:pr969 git checkout pr969 From 3e9f367d3e49997246a0a7c9456b40921abeae97 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Fri, 4 Aug 2017 18:25:12 -0300 Subject: [PATCH] Changing how commands handles error when it can't connect to IPA server Creating a method to check if ipa client is configured. Also, changing scripts to use it instead of duplicating the check. https://pagure.io/freeipa/issue/6261 Reviewed-By: Florence Blanc-Renaud --- client/ipa-client-automount | 9 +++-- ipaclient/install/ipa_certupdate.py | 7 ++- ipalib/cli.py | 8 ipalib/util.py | 18 +++--- 4 files changed, 32 insertions(+), 10 deletions(-) diff --git a/client/ipa-client-automount b/client/ipa-client-automount index 2b1d8b9a8c..b95f339b07 100755 --- a/client/ipa-client-automount +++ b/client/ipa-client-automount @@ -45,6 +45,7 @@ from ipaclient.install import ipachangeconf, ipadiscovery from ipalib import api, errors from ipalib.install import sysrestore from ipalib.install.kinit import kinit_keytab +from ipalib.util import check_client_configuration from ipapython import ipautil from ipapython.ipa_log_manager import root_logger, standard_logging_setup from ipapython.dn import DN @@ -52,6 +53,8 @@ from ipaplatform.constants import constants from ipaplatform.tasks import tasks from ipaplatform import services from ipaplatform.paths import paths +from ipapython.admintool import ScriptError + def parse_options(): usage = "%prog [options]\n" @@ -367,11 +370,13 @@ def configure_nfs(fstore, statestore): root_logger.error("Failed to enable automatic startup of the %s daemon: %s" % (rpcgssd.service_name, str(e))) def main(): +try: +check_client_configuration() +except ScriptError as e: +sys.exit(e) fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE) statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE) -if not fstore.has_files() and not os.path.exists(paths.IPA_DEFAULT_CONF): -sys.exit('IPA client is not configured on this system.\n') options, _args = parse_options() diff --git a/ipaclient/install/ipa_certupdate.py b/ipaclient/install/ipa_certupdate.py index 93da8422b6..eeec953a47 100644 --- a/ipaclient/install/ipa_certupdate.py +++ b/ipaclient/install/ipa_certupdate.py @@ -33,6 +33,7 @@ from ipaplatform.tasks import tasks from ipalib import api, errors, x509 from ipalib.constants import IPA_CA_NICKNAME, RENEWAL_CA_NAME +from ipalib.util import check_client_configuration class CertUpdate(admintool.AdminTool): @@ -47,11 +48,7 @@ def validate_options(self): super(CertUpdate, self).validate_options(needs_root=True) def run(self): -fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE) -if (not fstore.has_files() and -not os.path.exists(paths.IPA_DEFAULT_CONF)): -raise admintool.ScriptError( -"IPA client is not configured on this system.") +check_client_configuration() api.bootstrap(context='cli_installer', confdir=paths.ETC_IPA) api.finalize() diff --git a/ipalib/cli.py b/ipalib/cli.py index 94b49717ba..d4fa7b75eb 100644 --- a/ipalib/cli.py +++ b/ipalib/cli.py @@ -54,7 +54,9 @@ from ipalib.parameters import File, Str, Enum, Any, Flag from ipalib.text import _ from ipalib import api # pylint: disable=unused-import +from ipalib.util import check_client_configuration from ipapython.dnsutil import DNSName +from ipapython.admintool import ScriptError import datetime @@ -1343,6 +1345,12 @@ def run(api): error = None try: (_options, argv) = api.bootstrap_with_global_options(context='cli') + +try: +check_client_configuration() +except ScriptError as e: +sys.exit(e) + for klass in cli_plugins: api.add_plugin(klass) api.finalize() diff --git a/ipalib/util.py b/ipalib/util.py index 31e73230da..6ee65498b4 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -54,12 +54,15 @@ TLS_VERSIONS, TLS_VERSION_MINIMAL, TLS_HIGH_CIPHERS ) from ipalib.text import _ +# pylint: disable=ipa-forbidden-import +from ipalib.install import sysrestore +from ipaplatform.paths import paths +# pylint: enable=ipa-forbidden-import from ipapython.ssh import SSHPublicKey from ipapython.dn import DN, RDN -from ipapython.dnsutil import DNS
[Freeipa-devel] [freeipa PR#877][closed] LDAP ObjectClasses are case-insensitive
URL: https://github.com/freeipa/freeipa/pull/877 Author: seriv Title: #877: LDAP ObjectClasses are case-insensitive Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/877/head:pr877 git checkout pr877 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#950][opened] Changing idoverrideuser-* to treat objectClass case insensitively
URL: https://github.com/freeipa/freeipa/pull/950 Author: felipevolpone Title: #950: Changing idoverrideuser-* to treat objectClass case insensitively Action: opened PR body: """ This is import to avoid problems when migrating from olders versions of IPA and using idoverrideuser-* commands. https://pagure.io/freeipa/issue/7074 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/950/head:pr950 git checkout pr950 From 9f292a9db412d58cbc5158edf0391bf209450188 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Tue, 1 Aug 2017 14:58:37 -0300 Subject: [PATCH] Changing idoverrideuser-* to treat objectClass case insensitively This is import to avoid problems when migrating from olders versions of IPA and using idoverrideuser-* commands. https://pagure.io/freeipa/issue/7074 --- ipaserver/plugins/idviews.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ipaserver/plugins/idviews.py b/ipaserver/plugins/idviews.py index 263a35a840..74238cc406 100644 --- a/ipaserver/plugins/idviews.py +++ b/ipaserver/plugins/idviews.py @@ -547,7 +547,8 @@ def resolve_object_to_anchor(ldap, obj_type, obj, fallback_to_ldap): 'group': 'ipausergroup', }[obj_type] -if required_objectclass not in entry['objectclass']: +if not api.Object[obj_type].has_objectclass(entry['objectclass'], +required_objectclass): raise errors.ValidationError( name=_('IPA object'), error=_('system IPA objects (e.g. system groups, user ' ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#939][opened] Changing how commands handles error when it can't connect to IPA server
URL: https://github.com/freeipa/freeipa/pull/939 Author: felipevolpone Title: #939: Changing how commands handles error when it can't connect to IPA server Action: opened PR body: """ Checking if env has the server attribute. If it doesn't, it means that an IPA server was not configured. https://pagure.io/freeipa/issue/6261 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/939/head:pr939 git checkout pr939 From 6efac348cdd4182d51d952d9b1bcf5b637c30890 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Thu, 27 Jul 2017 14:54:56 -0300 Subject: [PATCH] Changing how commands handles error when it can't connect to IPA server Checking if env has the server attribute. If it doesn't, it means that a ipa server was not configured. https://pagure.io/freeipa/issue/6261 --- ipalib/cli.py | 5 + 1 file changed, 5 insertions(+) diff --git a/ipalib/cli.py b/ipalib/cli.py index b1605c5ad3..93bd489e4f 100644 --- a/ipalib/cli.py +++ b/ipalib/cli.py @@ -1346,6 +1346,11 @@ def run(api): error = None try: (_options, argv) = api.bootstrap_with_global_options(context='cli') + +if not hasattr(api.env, 'server'): +logger.error('IPA is not configured on this system.') +return + for klass in cli_plugins: api.add_plugin(klass) api.finalize() ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#937][opened] Configuring log handlers during the input parameters validation phase
URL: https://github.com/freeipa/freeipa/pull/937 Author: felipevolpone Title: #937: Configuring log handlers during the input parameters validation phase Action: opened PR body: """ Previously, a log handler would be configured only after all the input parameters be validated, as can be checked in `ipapython/admintool.py::AdminTool::main`. So, any call to `logger.[warning,info,error,debug]`, during that phase, doesn't work and it also raises an exception. Now, log handlers are setup before the input parameters validation phase. Fixes: https://pagure.io/freeipa/issue/7071 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/937/head:pr937 git checkout pr937 From 8981dacfbe398ccd2f622d44cc2854ad2b893287 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Thu, 27 Jul 2017 09:20:25 -0300 Subject: [PATCH] Configuring log handlers during the input parameters validation phase Previously, a log handler would be configured only after all the input parameters be validated, as can be checked in ipapython/admintool.py::AdminTool::main. So, any call to logger.[warning,info,error,debug], during that phase, doesn't work and it also raises an exception. Now, log handlers are setup before the input parameters validation phase. https://pagure.io/freeipa/issue/7071 --- ipapython/admintool.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ipapython/admintool.py b/ipapython/admintool.py index 329e20f374..1ff5f3cf61 100644 --- a/ipapython/admintool.py +++ b/ipapython/admintool.py @@ -136,6 +136,8 @@ def main(cls, argv): :param argv: Command-line arguments. :return: Command exit code """ +standard_logging_setup(None, verbose=True) + if cls not in cls._option_parsers: # We use cls._option_parsers, a dictionary keyed on class, to check # if we need to create a parser. This is because cls.option_parser ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#933][opened] Checks if Directory Server is installed and running before installation
URL: https://github.com/freeipa/freeipa/pull/933 Author: felipevolpone Title: #933: Checks if Directory Server is installed and running before installation Action: opened PR body: """ In cases when IPA is installed in two steps (external CA), it's necessary to check (in the second step) if Directory Server is running and if it's installed before continue with the IPA installation. Fixes: https://pagure.io/freeipa/issue/6611 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/933/head:pr933 git checkout pr933 From 96bee281ff579a5fca19750d9c89fa70f90705f4 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Wed, 26 Jul 2017 11:34:21 -0300 Subject: [PATCH] Checks if dirsrv is installed and running before ipa installation In cases when IPA is installed in two steps (external CA), it's necessary to check (in the second step) if Dir. Server is running before continue with the installation. https://pagure.io/freeipa/issue/6611 --- ipaplatform/redhat/services.py | 4 ipaserver/install/server/install.py | 6 ++ 2 files changed, 10 insertions(+) diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py index 546886464b..8840807fdf 100644 --- a/ipaplatform/redhat/services.py +++ b/ipaplatform/redhat/services.py @@ -121,6 +121,10 @@ def tune_nofile_platform(self, num=8192, fstore=None): return True +def is_installed(self, instance_name): +file_path = "{}/{}-{}".format(paths.ETC_DIRSRV, "slapd", instance_name) +return os.path.exists(file_path) + def restart(self, instance_name="", capture_output=True, wait=True, ldapi=False): # We need to explicitly enable instances to install proper symlinks as diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 16e0b69d97..70d40b67df 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -336,6 +336,12 @@ def install_check(installer): "Please uninstall it before configuring the IPA server, " "using 'ipa-client-install --uninstall'") +instance_name = "-".join(options.realm_name.split(".")) +if (is_ipa_configured() and + services.knownservices.dirsrv.is_installed(instance_name) and not + services.knownservices.dirsrv.is_running(instance_name)): +raise ScriptError('Directory Server is not running') + fstore = sysrestore.FileStore(SYSRESTORE_DIR_PATH) sstore = sysrestore.StateFile(SYSRESTORE_DIR_PATH) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#923][opened] py3: fixing zonemgr_callback
URL: https://github.com/freeipa/freeipa/pull/923 Author: felipevolpone Title: #923: py3: fixing zonemgr_callback Action: opened PR body: """ Previously, `zonemgr_callback` was expecting unicode, but getting bytes. https://pagure.io/freeipa/issue/5990 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/923/head:pr923 git checkout pr923 From c30f1988a133ec8116433699ab988576a614e9a9 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Tue, 18 Jul 2017 14:55:43 -0300 Subject: [PATCH] py3: fixing zonemgr_callback Previously, zonemgr_callback was expecting unicode, but getting bytes. https://pagure.io/freeipa/issue/5990 --- ipalib/util.py| 2 +- ipaserver/install/bindinstance.py | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/ipalib/util.py b/ipalib/util.py index 880d2bc218..16d90aee02 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -379,7 +379,7 @@ def validate_domain_name(domain_name, allow_underscore=False, allow_slash=False) def validate_zonemgr(zonemgr): assert isinstance(zonemgr, DNSName) -if any('@' in label for label in zonemgr.labels): +if any(b'@' in label for label in zonemgr.labels): raise ValueError(_('too many \'@\' characters')) diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 12d4a01ab4..02a4208c66 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -423,7 +423,6 @@ def zonemgr_callback(option, opt_str, value, parser): encoding = getattr(sys.stdin, 'encoding', None) if encoding is None: encoding = 'utf-8' -value = value.decode(encoding) validate_zonemgr_str(value) except ValueError as e: # FIXME we can do this in better way ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#781][closed] Warn in cert-request if CSR doesn't contain SAN
URL: https://github.com/freeipa/freeipa/pull/781 Author: felipevolpone Title: #781: Warn in cert-request if CSR doesn't contain SAN Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/781/head:pr781 git checkout pr781 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#906][opened] Adding section "Building FreeIPA from source" on README
URL: https://github.com/freeipa/freeipa/pull/906 Author: felipevolpone Title: #906: Adding section "Building FreeIPA from source" on README Action: opened PR body: """ Fixes: https://pagure.io/freeipa/issue/6725 Preview of it: https://github.com/felipevolpone/freeipa/tree/readme-6725#for-developers """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/906/head:pr906 git checkout pr906 From cdc40be82b7d50b7fa4fe9fa317af04bc43f5998 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Fri, 7 Jul 2017 11:06:23 -0300 Subject: [PATCH] Adding section "Building FreeIPA from source" on README https://pagure.io/freeipa/issue/6725 --- README.md | 6 ++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 9608453b60..8cf36897a6 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,12 @@ server project page at http://www.freeipa.org/ . The most up-to-date documentation can be found at http://freeipa.org/page/Documentation . +## For developers + +* Building FreeIPA from source +* Please, check http://www.freeipa.org/page/Build +* Please, check the BUILD.txt file at the root directory + ## Quick Start To get started quickly, start here: ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#903][opened] Warning the user when using a loopback IP as forwarder
URL: https://github.com/freeipa/freeipa/pull/903 Author: felipevolpone Title: #903: Warning the user when using a loopback IP as forwarder Action: opened PR body: """ Now, the user can pass a loopback IP in the --forwarder option. Previously, an error would be raised, now we just show a warning message. Fixes: https://pagure.io/freeipa/issue/5801 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/903/head:pr903 git checkout pr903 From d47baf6ac41649fc241c0d1df00bdf3b2d2c33fb Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Wed, 5 Jul 2017 14:23:19 -0300 Subject: [PATCH] Warning the user when using a loopback IP as forwarder, instead of raising error Now, the user can pass a loopback IP in the --forwarder option. Previously an error wuold be raised, now we just show a warning message. https://pagure.io/freeipa/issue/5801 --- ipapython/config.py | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ipapython/config.py b/ipapython/config.py index 19abfc51ee..71f19a1b2d 100644 --- a/ipapython/config.py +++ b/ipapython/config.py @@ -31,7 +31,7 @@ from six.moves.configparser import SafeConfigParser from six.moves.urllib.parse import urlsplit # pylint: enable=import-error - +from ipapython.ipa_log_manager import root_logger from ipapython.dn import DN try: @@ -69,7 +69,12 @@ def check_ip_option(option, opt, value): from ipapython.ipautil import CheckedIPAddress try: -return CheckedIPAddress(value) +allow_loopback = False +if opt == '--forwarder': +allow_loopback = True +root_logger.warning("You're using a loopback IP address {}".format(value)) + +return CheckedIPAddress(value, allow_loopback=allow_loopback) except Exception as e: raise OptionValueError("option %s: invalid IP address %s: %s" % (opt, value, e)) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#902][opened] Improving replica promotion tests
URL: https://github.com/freeipa/freeipa/pull/902 Author: felipevolpone Title: #902: Improving replica promotion tests Action: opened PR body: """ Adding two new test cases in replica promotion scenario: * Testing not interactive mode: Install client; kinit as admin; then ipa-replica-install (without prompting a password) * Testing interactive mode: only the admin password should be prompted https://pagure.io/freeipa/issue/6554 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/902/head:pr902 git checkout pr902 From 6695015bcc40fe18d80b453f3928e05fb100f865 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Mon, 3 Jul 2017 19:27:22 -0300 Subject: [PATCH] Improving replica promotion tests Adding two new test cases: * Testing not interactive mode: Install client; kinit as admin; then ipa-replica-install (without prompting a password) * Test interactive mode: only the admin password should be prompted https://pagure.io/freeipa/issue/6554 --- .../test_integration/test_replica_promotion.py | 34 ++ 1 file changed, 34 insertions(+) diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index bc52566f15..f2da3396e0 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -196,6 +196,40 @@ def test_one_command_installation(self): '-U']) +class TestReplicaPromotionLevel1Interactively(ReplicaPromotionBase): + +topology = 'star' +num_replicas = 1 +domain_level = DOMAIN_LEVEL_1 + +@replicas_cleanup +def test_replica_install_inserting_only_password(self): +replica = self.replicas[0] +tasks.install_client(self.master, replica) +tasks.kinit_admin(self.master) +self.replicas[0].run_command(['ipa-replica-install'], + stdin_text=self.master.config.admin_password) + + +class TestReplicaPromotionLevel1NotInteractive(ReplicaPromotionBase): + +topology = 'star' +num_replicas = 1 +domain_level = DOMAIN_LEVEL_1 + +@replicas_cleanup +def test_replica_install_not_interactive_mode(self): +replica = self.replicas[0] +tasks.install_client(self.master, replica) +tasks.kinit_admin(self.master) +self.replicas[0].run_command(['ipa-replica-install', '-w', + self.master.config.admin_password, + '-n', self.master.domain.name, + '-r', self.master.domain.realm, + '--server', self.master.hostname, + '-U']) + + @pytest.mark.xfail(reason="Ticket N 6274") class TestReplicaManageCommands(IntegrationTest): topology = "star" ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#894][opened] Fixing ipa-replica-install --setup-kra if it's the first KRA in topology
URL: https://github.com/freeipa/freeipa/pull/894 Author: felipevolpone Title: #894: Fixing ipa-replica-install --setup-kra if it's the first KRA in topology Action: opened PR body: """ I'm trying to fix the ticket, but I'm not quite sure of how to do it. Until now, I removed the exception and called the api in kra to install it. However, I'm getting an exception: ``` bash-4.3$ sudo python /usr/sbin/ipa-replica-install -r DOM-116.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM --setup-kra --setup-ca WARNING: conflicting time&date synchronization service 'chronyd' will be disabled in favor of ntpd IPA client is already configured on this system, ignoring the --domain, --server, --realm, --hostname, --password and --keytab options. Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR Timed out trying to obtain keys. ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information ``` from /var/log/ipareplica-install.log ``` 2017-06-23T18:38:44Z DEBUG stderr= 2017-06-23T18:38:44Z DEBUG Destroyed connection context.ldap2_140135237350736 2017-06-23T18:38:44Z DEBUG Created connection context.ldap2_140135237350736 2017-06-23T18:38:44Z DEBUG raw: hostgroup_show(u'ipaservers', rights=True, all=True, version=u'2.228') 2017-06-23T18:38:44Z DEBUG hostgroup_show(u'ipaservers', rights=True, all=True, raw=False, version=u'2.228', no_members=False) 2017-06-23T18:38:44Z DEBUG flushing ldaps://vm-116.abc.idm.lab.eng.brq.redhat.com from SchemaCache 2017-06-23T18:38:44Z DEBUG retrieving schema for SchemaCache url=ldaps://vm-116.abc.idm.lab.eng.brq.redhat.com conn= 2017-06-23T18:38:44Z DEBUG Destroyed connection context.ldap2_140135237350736 2017-06-23T18:38:44Z DEBUG Created connection context.ldap2_140135237350736 2017-06-23T18:38:44Z DEBUG flushing ldaps://vm-116.abc.idm.lab.eng.brq.redhat.com from SchemaCache 2017-06-23T18:38:44Z DEBUG retrieving schema for SchemaCache url=ldaps://vm-116.abc.idm.lab.eng.brq.redhat.com conn= 2017-06-23T18:38:44Z DEBUG No IPA DNS servers, skipping forward/reverse resolution check 2017-06-23T18:38:44Z DEBUG Initializing principal host/vm-058-064.abc.idm.lab.eng.brq.redhat@dom-116.abc.idm.lab.eng.brq.redhat.com using keytab /etc/krb5.keytab 2017-06-23T18:38:44Z DEBUG using ccache /tmp/krbcc9omA2g/ccache 2017-06-23T18:38:44Z DEBUG Attempt 1/1: success 2017-06-23T18:38:44Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2017-06-23T18:38:44Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2017-06-23T18:38:44Z INFO Waiting up to 300 seconds to see our keys appear on host: None 2017-06-23T18:38:45Z DEBUG Transient error getting keys: '{'desc': "Can't contact LDAP server"}' 2017-06-23T18:43:45Z DEBUG Destroyed connection context.ldap2_140135237350736 2017-06-23T18:43:45Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 366, in run self.validate() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 375, in validate for _nothing in self._validator(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 636, in _configure next(validator) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner exc_handler(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458, in _handle_validate_exception self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _h
[Freeipa-devel] [freeipa PR#880][comment] Changing how commands handles error when it can't connect to IPA server
URL: https://github.com/freeipa/freeipa/pull/880 Title: #880: Changing how commands handles error when it can't connect to IPA server felipevolpone commented: """ The ticket describe some commands that are not showing the right message. IMO we could split it into one ticket per command. """ See the full comment at https://github.com/freeipa/freeipa/pull/880#issuecomment-309497175 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#880][opened] Changing how commands handles error when it can't connect to IPA server
URL: https://github.com/freeipa/freeipa/pull/880 Author: felipevolpone Title: #880: Changing how commands handles error when it can't connect to IPA server Action: opened PR body: """ The commands that connects with IPA server can raise a `NetworkError` with the message: "ipa: ERROR: can't connect to `http://localhost:/ipa/json': [Errno 111] Connection refused`. Instead of that, this changes the message error in order to be more user-friendly. I've used the `GenericError` because it inherits from `PublicError`and do not have a default message. So, I do not have to change the `run` method in `ipalib/cli.py` to handle a different exception/case. Ticket: https://pagure.io/freeipa/issue/6261 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/880/head:pr880 git checkout pr880 From 1f9081e1e28176f8de82b866b0fab52282e7a2c4 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Mon, 19 Jun 2017 13:28:45 -0300 Subject: [PATCH] Changing how commands handles error when it can't connect to IPA server The commands that connects with IPA server can raise a NetworkError with the message: "ipa: ERROR: can't connect to 'http://localhost:/ipa/json': [Errno 111] Connection refused", which is not user friendly. Instead of that, this changes the message error in order to be more user-friendly. https://pagure.io/freeipa/issue/6261 --- ipalib/__init__.py | 19 --- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/ipalib/__init__.py b/ipalib/__init__.py index 16f90c3bb2..692848a4a3 100644 --- a/ipalib/__init__.py +++ b/ipalib/__init__.py @@ -923,7 +923,7 @@ def _enable_warnings(error=False): from ipalib.parameters import DefaultFrom, Bool, Flag, Int, Decimal, Bytes, Str, IA5Str, Password, DNParam from ipalib.parameters import (BytesEnum, StrEnum, IntEnum, AccessTime, File, DateTime, DNSNameParam) -from ipalib.errors import SkipPluginModule +from ipalib.errors import SkipPluginModule, GenericError, NetworkError from ipalib.text import _, ngettext, GettextFactory, NGettextFactory Registry = plugable.Registry @@ -942,12 +942,17 @@ def packages(self): ipaserver.plugins, ) else: -import ipaclient.remote_plugins -import ipaclient.plugins -result = ( -ipaclient.remote_plugins.get_package(self), -ipaclient.plugins, -) +try: +import ipaclient.remote_plugins +import ipaclient.plugins +result = ( +ipaclient.remote_plugins.get_package(self), +ipaclient.plugins, +) +except NetworkError: +# instead of raising the default error connection message, +# raising a more user-friendly one +raise GenericError('Cannot find IPA server to contact') if self.env.context in ('installer', 'updates'): # pylint: disable=import-error,ipa-forbidden-import ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#781][edited] Warn in cert-request if CSR doesn't contain SAN
URL: https://github.com/freeipa/freeipa/pull/781 Author: felipevolpone Title: #781: Warn in cert-request if CSR doesn't contain SAN Action: edited Changed field: title Original value: """ [WIP] Warn in cert-request if CSR doesn't contain SAN """ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#874][comment] Changing cert-find to go through the proxy instead of using the port 8080
URL: https://github.com/freeipa/freeipa/pull/874 Title: #874: Changing cert-find to go through the proxy instead of using the port 8080 felipevolpone commented: """ @rcritten I forget that. Thanks for reminding me. Done. """ See the full comment at https://github.com/freeipa/freeipa/pull/874#issuecomment-308561793 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#874][synchronized] Changing cert-find to go through the proxy instead of using the port 8080
URL: https://github.com/freeipa/freeipa/pull/874 Author: felipevolpone Title: #874: Changing cert-find to go through the proxy instead of using the port 8080 Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/874/head:pr874 git checkout pr874 From 433b4db62d335e955aa99c2f4031bf6162adaa2b Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Wed, 14 Jun 2017 18:19:41 -0300 Subject: [PATCH] Changing cert-find to go through the proxy instead of using the port 8080 The cert-find command now uses the proxy to reach Dogtag, instead of using the port 8080. In order to accomplish that, it's necessary to change the proxy configuration including the URL called. https://pagure.io/freeipa/issue/6966 --- install/conf/ipa-pki-proxy.conf | 4 ++-- ipaserver/plugins/dogtag.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/install/conf/ipa-pki-proxy.conf b/install/conf/ipa-pki-proxy.conf index b48a3020d2..106ddc4fa7 100644 --- a/install/conf/ipa-pki-proxy.conf +++ b/install/conf/ipa-pki-proxy.conf @@ -1,4 +1,4 @@ -# VERSION 10 - DO NOT REMOVE THIS LINE +# VERSION 11 - DO NOT REMOVE THIS LINE ProxyRequests Off @@ -27,7 +27,7 @@ ProxyRequests Off # matches for CA REST API - + NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate NSSVerifyClient optional ProxyPassMatch ajp://localhost:$DOGTAG_PORT diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index bddaab58a5..0e68de6219 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1903,7 +1903,7 @@ def convert_time(value): self.debug('%s.find(): request: %s', type(self).__name__, payload) url = 'http://%s/ca/rest/certs/search?size=%d' % ( -ipautil.format_netloc(self.ca_host, 8080), +ipautil.format_netloc(self.ca_host, 80), options.get('sizelimit', 0x7fff)) opener = urllib.request.build_opener() ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#874][opened] Changing cert-find to go through the proxy instead of using the port 8080
URL: https://github.com/freeipa/freeipa/pull/874 Author: felipevolpone Title: #874: Changing cert-find to go through the proxy instead of using the port 8080 Action: opened PR body: """ The cert-find command now uses the proxy to reach Dogtag, instead of using the port 8080. In order to accomplish that, it's necessary to change the proxy configuration adding the service URL. Ticket: https://pagure.io/freeipa/issue/6966 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/874/head:pr874 git checkout pr874 From 4072343accc93fd545391fe74bd969af0e88e10d Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Wed, 14 Jun 2017 17:52:18 -0300 Subject: [PATCH] Changing cert-find to go through the proxy instead of using the port 8080 The cert-find command now uses the proxy to reach Dogtag, instead of using the port 8080. In order to accomplish that, it's necessary to change the proxy configuration including the URL called. https://pagure.io/freeipa/issue/6966 --- install/conf/ipa-pki-proxy.conf | 2 +- ipaserver/plugins/dogtag.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/install/conf/ipa-pki-proxy.conf b/install/conf/ipa-pki-proxy.conf index b48a3020d2..8a8eaa7f3f 100644 --- a/install/conf/ipa-pki-proxy.conf +++ b/install/conf/ipa-pki-proxy.conf @@ -27,7 +27,7 @@ ProxyRequests Off # matches for CA REST API - + NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate NSSVerifyClient optional ProxyPassMatch ajp://localhost:$DOGTAG_PORT diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index bddaab58a5..0e68de6219 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1903,7 +1903,7 @@ def convert_time(value): self.debug('%s.find(): request: %s', type(self).__name__, payload) url = 'http://%s/ca/rest/certs/search?size=%d' % ( -ipautil.format_netloc(self.ca_host, 8080), +ipautil.format_netloc(self.ca_host, 80), options.get('sizelimit', 0x7fff)) opener = urllib.request.build_opener() ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#833][comment] Fixes traceback in log and corrects console output
URL: https://github.com/freeipa/freeipa/pull/833 Title: #833: Fixes traceback in log and corrects console output felipevolpone commented: """ @Tiboris if I understood @HonzaCholasta correctly, the fix should be done in [trustdomain_find command](https://github.com/freeipa/freeipa/blob/master/ipaserver/plugins/trust.py#L1544). """ See the full comment at https://github.com/freeipa/freeipa/pull/833#issuecomment-307449335 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#833][+ack] Fixes traceback in log and corrects console output
URL: https://github.com/freeipa/freeipa/pull/833 Title: #833: Fixes traceback in log and corrects console output Label: +ack ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#833][comment] Fixes traceback in log and corrects console output
URL: https://github.com/freeipa/freeipa/pull/833 Title: #833: Fixes traceback in log and corrects console output felipevolpone commented: """ Tested and it works. Looks good to me. """ See the full comment at https://github.com/freeipa/freeipa/pull/833#issuecomment-306559399 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#843][closed] [WIP] Fixing test_installation.py tests
URL: https://github.com/freeipa/freeipa/pull/843 Author: felipevolpone Title: #843: [WIP] Fixing test_installation.py tests Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/843/head:pr843 git checkout pr843 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#843][comment] [WIP] Fixing test_installation.py tests
URL: https://github.com/freeipa/freeipa/pull/843 Title: #843: [WIP] Fixing test_installation.py tests felipevolpone commented: """ @MartinBasti you mean that they're fine after the code change, right? Because, before that they were failing due to `There is no KRA server in the domain, can't setup a KRA clone`. """ See the full comment at https://github.com/freeipa/freeipa/pull/843#issuecomment-306199661 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#821][comment] fix incorrect suffix handling in topology checks
URL: https://github.com/freeipa/freeipa/pull/821 Title: #821: fix incorrect suffix handling in topology checks felipevolpone commented: """ Tested, works as advertised. """ See the full comment at https://github.com/freeipa/freeipa/pull/821#issuecomment-305861037 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#821][+ack] fix incorrect suffix handling in topology checks
URL: https://github.com/freeipa/freeipa/pull/821 Title: #821: fix incorrect suffix handling in topology checks Label: +ack ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#843][edited] [WIP] Fixing test_installation.py tests
URL: https://github.com/freeipa/freeipa/pull/843 Author: felipevolpone Title: #843: [WIP] Fixing test_installation.py tests Action: edited Changed field: body Original value: """ I've been working on the test_installation.py suite and figure out how to solve some of them. The TestInstallWithCA1 have 9 tests failing; 6 of them can be fixed adding ```bash ipa-ca.$DOMAIN ``` into the master `/etc/hosts`. After that, three of them are still failing. The log: https://paste.fedoraproject.org/paste/7n3CMEH5nhiHu~Vai8cObV5M1UNdIGYhyRLivL9gydE=. They are: * test_replica1_with_ca_install * test_replica2_with_ca_kra_install * test_replica1_ipa_kra_install I've moved the tests * test_replica2_with_ca_kra_install * test_replica1_ipa_kra_install to a new class (TestInstallWithCA1_KRA1) and created a new install method, which use the `setup_kra=True` option in the install_master method. The tests are still failing, but for another reason, the logs: https://paste.fedoraproject.org/paste/ytzzIUDhh5ARcunpSfSubV5M1UNdIGYhyRLivL9gydE= """ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#843][opened] [WIP] Fixing test_installation.py tests
URL: https://github.com/freeipa/freeipa/pull/843 Author: felipevolpone Title: #843: [WIP] Fixing test_installation.py tests Action: opened PR body: """ I've been working on the test_installation.py suite and figure out how to solve some of them. The TestInstallWithCA1 have 9 tests failing; 6 of them can be fixed adding ```bash ipa-ca.$DOMAIN ``` into the master `/etc/hosts`. After that, three of them are still failing. The log: https://paste.fedoraproject.org/paste/7n3CMEH5nhiHu~Vai8cObV5M1UNdIGYhyRLivL9gydE=. They are: * test_replica1_with_ca_install * test_replica2_with_ca_kra_install * test_replica1_ipa_kra_install I've moved the tests * test_replica2_with_ca_kra_install * test_replica1_ipa_kra_install to a new class (TestInstallWithCA1_KRA1) and created a new install method, which use the `setup_kra=True` option in the install_master method. The tests are still failing, but for another reason, the logs: https://paste.fedoraproject.org/paste/ytzzIUDhh5ARcunpSfSubV5M1UNdIGYhyRLivL9gydE= """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/843/head:pr843 git checkout pr843 From d38d090333e6c3e53a2e9c2545e61f26e1d35a11 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Thu, 1 Jun 2017 23:09:25 -0300 Subject: [PATCH] Fixing broken tests in test_installation.py --- ipatests/test_integration/test_installation.py | 21 + 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index f3e9ebac1c..d304543cf9 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -110,7 +110,6 @@ def test_replica1_all_components_adtrust(self): ## # Master X Replicas installation tests ## - class TestInstallWithCA1(InstallTestBase1): @classmethod @@ -119,18 +118,24 @@ def install(cls, mh): @pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0, reason='does not work on DOMAIN_LEVEL_0 by design') -def test_replica1_ipa_kra_install(self): -super(TestInstallWithCA1, self).test_replica1_ipa_kra_install() +def test_replica2_ipa_dns_install(self): +super(TestInstallWithCA1, self).test_replica2_ipa_dns_install() + + +class TestInstallWithCA1_KRA1(InstallTestBase1): + +@classmethod +def install(cls, mh): +tasks.install_master(cls.master, setup_dns=False, setup_kra=True) @pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0, reason='does not work on DOMAIN_LEVEL_0 by design') def test_replica2_with_ca_kra_install(self): -super(TestInstallWithCA1, self).test_replica2_with_ca_kra_install() +super(TestInstallWithCA1_KRA1, + self).test_replica2_with_ca_kra_install() -@pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0, -reason='does not work on DOMAIN_LEVEL_0 by design') -def test_replica2_ipa_dns_install(self): -super(TestInstallWithCA1, self).test_replica2_ipa_dns_install() +def test_replica1_ipa_kra_install(self): +super(TestInstallWithCA1_KRA1, self).test_replica1_ipa_kra_install() class TestInstallWithCA2(InstallTestBase2): ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][comment] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Title: #812: Refactoring cert-find to use API call directly instead of using felipevolpone commented: """ Done. @frasertweedale if there is something wrong with the commit message, please tell me. Thanks for reviewing :) """ See the full comment at https://github.com/freeipa/freeipa/pull/812#issuecomment-305600312 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][synchronized] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Author: felipevolpone Title: #812: Refactoring cert-find to use API call directly instead of using Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/812/head:pr812 git checkout pr812 From c8913f875b56af412ae0eedb299a9ad9505415ec Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Thu, 1 Jun 2017 16:53:11 -0300 Subject: [PATCH] Changing cert-find to do not use only primary key to search in LDAP. In service.py the primary key is krbCanonicalName, which we don't want to use to do searchs. Now, cert-find uses primary key or a specified attribute to do searches in LDAP, instead of using only a primary key. https://pagure.io/freeipa/issue/6948 --- ipaserver/plugins/cert.py | 27 +-- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index fbda6ca6ca..b62f82541d 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1090,8 +1090,8 @@ def get_params(self): param = param.clone(flags=param.flags - {'no_search'}) yield param -for owner in self._owners(): -yield owner.primary_key.clone_rename( +for owner, search_key in self._owners(): +yield search_key.clone_rename( 'owner_{0}'.format(owner.name), required=False, multivalue=True, @@ -1101,15 +1101,22 @@ def get_params(self): ) def _owners(self): -for name in ('user', 'host', 'service'): -yield self.api.Object[name] +for obj_name, search_key in [('user', None), + ('host', None), + ('service', 'krbprincipalname')]: +obj = self.api.Object[obj_name] +if search_key is None: +pkey = obj.primary_key +else: +pkey = obj.params[search_key] +yield obj, pkey def _fill_owners(self, obj): dns = obj.pop('owner', None) if dns is None: return -for owner in self._owners(): +for owner, _search_key in self._owners(): container_dn = DN(owner.container_dn, self.api.env.basedn) name = 'owner_' + owner.name for dn in dns: @@ -1373,8 +1380,8 @@ def get_options(self): option = option.clone(default=None, autofill=None) yield option -for owner in self.obj._owners(): -yield owner.primary_key.clone_rename( +for owner, search_key in self.obj._owners(): +yield search_key.clone_rename( '{0}'.format(owner.name), required=False, multivalue=True, @@ -1385,7 +1392,7 @@ def get_options(self): owner.object_name_plural), label=owner.object_name, ) -yield owner.primary_key.clone_rename( +yield search_key.clone_rename( 'no_{0}'.format(owner.name), required=False, multivalue=True, @@ -1504,7 +1511,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): ldap = self.api.Backend.ldap2 filters = [] -for owner in self.obj._owners(): +for owner, search_key in self.obj._owners(): for prefix, rule in (('', ldap.MATCH_ALL), ('no_', ldap.MATCH_NONE)): try: @@ -1520,7 +1527,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): filters.append(filter) filter = ldap.make_filter_from_attr( -owner.primary_key.name, +search_key.name, value, rule) filters.append(filter) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][comment] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Title: #812: Refactoring cert-find to use API call directly instead of using felipevolpone commented: """ Done. @frasertweedale if there is something wrong with the commit message, please tell me. Thanks for reviewing :) """ See the full comment at https://github.com/freeipa/freeipa/pull/812#issuecomment-305600312 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][synchronized] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Author: felipevolpone Title: #812: Refactoring cert-find to use API call directly instead of using Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/812/head:pr812 git checkout pr812 From 7629d0f956ec3093d8e96b9bd80f1b9df508e0c4 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Thu, 1 Jun 2017 16:36:03 -0300 Subject: [PATCH] Changing cert-find to do not use only primary key to search in LDAP. In service.py the primary key is krbCanonicalName, which we don't want to use to do searchs. Now, cert-find uses primary key or a specified attribute to do searches in LDAP, instead of using only a primary key. https://pagure.io/freeipa/issue/6948 --- ipaserver/plugins/cert.py | 27 +-- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index fbda6ca6ca..bf2560fba3 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1090,8 +1090,8 @@ def get_params(self): param = param.clone(flags=param.flags - {'no_search'}) yield param -for owner in self._owners(): -yield owner.primary_key.clone_rename( +for owner, search_key in self._owners(): +yield search_key.clone_rename( 'owner_{0}'.format(owner.name), required=False, multivalue=True, @@ -1101,15 +1101,22 @@ def get_params(self): ) def _owners(self): -for name in ('user', 'host', 'service'): -yield self.api.Object[name] +for obj_name, search_key in [('user', None), + ('host', None), + ('service', 'krbprincipalname')]: +obj = self.api.Object[obj_name] +if search_key is None: +pkey = obj.primary_key +else: +pkey = obj.params[search_key] +yield obj, pkey def _fill_owners(self, obj): dns = obj.pop('owner', None) if dns is None: return -for owner in self._owners(): +for owner, _search_key in self._owners(): container_dn = DN(owner.container_dn, self.api.env.basedn) name = 'owner_' + owner.name for dn in dns: @@ -1373,8 +1380,8 @@ def get_options(self): option = option.clone(default=None, autofill=None) yield option -for owner in self.obj._owners(): -yield owner.primary_key.clone_rename( +for owner, search_key in self.obj._owners(): +yield search_key.clone_rename( '{0}'.format(owner.name), required=False, multivalue=True, @@ -1385,7 +1392,7 @@ def get_options(self): owner.object_name_plural), label=owner.object_name, ) -yield owner.primary_key.clone_rename( +yield search_key.clone_rename( 'no_{0}'.format(owner.name), required=False, multivalue=True, @@ -1504,7 +1511,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): ldap = self.api.Backend.ldap2 filters = [] -for owner in self.obj._owners(): +for owner, search_key in self.obj._owners(): for prefix, rule in (('', ldap.MATCH_ALL), ('no_', ldap.MATCH_NONE)): try: @@ -1520,7 +1527,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): filters.append(filter) filter = ldap.make_filter_from_attr( -owner.primary_key.name, +search_key.name, value, rule) filters.append(filter) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][edited] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Author: felipevolpone Title: #812: Refactoring cert-find to use API call directly instead of using Action: edited Changed field: title Original value: """ [WIP] Refactoring cert-find to use API call directly instead of using """ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][synchronized] [WIP] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Author: felipevolpone Title: #812: [WIP] Refactoring cert-find to use API call directly instead of using Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/812/head:pr812 git checkout pr812 From 352e502ae62e35144810a10bca1db5f909e99759 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Fri, 26 May 2017 10:28:21 -0300 Subject: [PATCH 1/3] Changing the LDAP search to do not use krbCanonicalName directly, instead it will use krbPrincipalName --- ipaserver/plugins/cert.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index fbda6ca6ca..eba85636f4 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1520,7 +1520,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): filters.append(filter) filter = ldap.make_filter_from_attr( -owner.primary_key.name, +'krbPrincipalName', value, rule) filters.append(filter) From 942b1fcca13ff2ed656e08b1e9d231560ec78b85 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Wed, 31 May 2017 11:37:27 -0300 Subject: [PATCH 2/3] Changing the LDAP search to do not use krbCanonicalName directly, instead it will use krbPrincipalName --- ipaserver/plugins/cert.py | 27 +-- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index eba85636f4..1816627b28 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1090,8 +1090,8 @@ def get_params(self): param = param.clone(flags=param.flags - {'no_search'}) yield param -for owner in self._owners(): -yield owner.primary_key.clone_rename( +for owner, owner_pkey in self._owners(): +yield owner_pkey.clone_rename( 'owner_{0}'.format(owner.name), required=False, multivalue=True, @@ -1101,15 +1101,22 @@ def get_params(self): ) def _owners(self): -for name in ('user', 'host', 'service'): -yield self.api.Object[name] +for obj_name, pkey_name in [('user', None), +('host', None), +('service', 'krbprincipalname')]: +obj = self.api.Object[obj_name] +if pkey_name is None: +pkey = obj.primary_key +else: +pkey = obj.params[pkey_name] +yield obj, pkey def _fill_owners(self, obj): dns = obj.pop('owner', None) if dns is None: return -for owner in self._owners(): +for owner, __ in self._owners(): container_dn = DN(owner.container_dn, self.api.env.basedn) name = 'owner_' + owner.name for dn in dns: @@ -1373,8 +1380,8 @@ def get_options(self): option = option.clone(default=None, autofill=None) yield option -for owner in self.obj._owners(): -yield owner.primary_key.clone_rename( +for owner, owner_pkey in self.obj._owners(): +yield owner_pkey.clone_rename( '{0}'.format(owner.name), required=False, multivalue=True, @@ -1385,7 +1392,7 @@ def get_options(self): owner.object_name_plural), label=owner.object_name, ) -yield owner.primary_key.clone_rename( +yield owner_pkey.clone_rename( 'no_{0}'.format(owner.name), required=False, multivalue=True, @@ -1504,7 +1511,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): ldap = self.api.Backend.ldap2 filters = [] -for owner in self.obj._owners(): +for owner, owner_pkey in self.obj._owners(): for prefix, rule in (('', ldap.MATCH_ALL), ('no_', ldap.MATCH_NONE)): try: @@ -1520,7 +1527,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): filters.append(filter) filter = ldap.make_filter_from_attr( -'krbPrincipalName', +owner_pkey.name, value, rule) filters.append(filter) From f81e8dcb0a6152f0755d1c97b8e0d4a6a1792148 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Wed, 31 May 2017 13:49:15 -0300 Subject: [PATCH 3/3] Refactoring cert-find to use API call directly instead of using --- ipaserver/plugins/cert.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver
[Freeipa-devel] [freeipa PR#812][comment] [WIP] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Title: #812: [WIP] Refactoring cert-find to use API call directly instead of using felipevolpone commented: """ @HonzaCholasta thank you for the explanation, I misunderstood the ticket title. I did the changes that you suggested. """ See the full comment at https://github.com/freeipa/freeipa/pull/812#issuecomment-305210568 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][synchronized] [WIP] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Author: felipevolpone Title: #812: [WIP] Refactoring cert-find to use API call directly instead of using Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/812/head:pr812 git checkout pr812 From 352e502ae62e35144810a10bca1db5f909e99759 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Fri, 26 May 2017 10:28:21 -0300 Subject: [PATCH 1/2] Changing the LDAP search to do not use krbCanonicalName directly, instead it will use krbPrincipalName --- ipaserver/plugins/cert.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index fbda6ca6ca..eba85636f4 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1520,7 +1520,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): filters.append(filter) filter = ldap.make_filter_from_attr( -owner.primary_key.name, +'krbPrincipalName', value, rule) filters.append(filter) From 942b1fcca13ff2ed656e08b1e9d231560ec78b85 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Wed, 31 May 2017 11:37:27 -0300 Subject: [PATCH 2/2] Changing the LDAP search to do not use krbCanonicalName directly, instead it will use krbPrincipalName --- ipaserver/plugins/cert.py | 27 +-- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index eba85636f4..1816627b28 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1090,8 +1090,8 @@ def get_params(self): param = param.clone(flags=param.flags - {'no_search'}) yield param -for owner in self._owners(): -yield owner.primary_key.clone_rename( +for owner, owner_pkey in self._owners(): +yield owner_pkey.clone_rename( 'owner_{0}'.format(owner.name), required=False, multivalue=True, @@ -1101,15 +1101,22 @@ def get_params(self): ) def _owners(self): -for name in ('user', 'host', 'service'): -yield self.api.Object[name] +for obj_name, pkey_name in [('user', None), +('host', None), +('service', 'krbprincipalname')]: +obj = self.api.Object[obj_name] +if pkey_name is None: +pkey = obj.primary_key +else: +pkey = obj.params[pkey_name] +yield obj, pkey def _fill_owners(self, obj): dns = obj.pop('owner', None) if dns is None: return -for owner in self._owners(): +for owner, __ in self._owners(): container_dn = DN(owner.container_dn, self.api.env.basedn) name = 'owner_' + owner.name for dn in dns: @@ -1373,8 +1380,8 @@ def get_options(self): option = option.clone(default=None, autofill=None) yield option -for owner in self.obj._owners(): -yield owner.primary_key.clone_rename( +for owner, owner_pkey in self.obj._owners(): +yield owner_pkey.clone_rename( '{0}'.format(owner.name), required=False, multivalue=True, @@ -1385,7 +1392,7 @@ def get_options(self): owner.object_name_plural), label=owner.object_name, ) -yield owner.primary_key.clone_rename( +yield owner_pkey.clone_rename( 'no_{0}'.format(owner.name), required=False, multivalue=True, @@ -1504,7 +1511,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): ldap = self.api.Backend.ldap2 filters = [] -for owner in self.obj._owners(): +for owner, owner_pkey in self.obj._owners(): for prefix, rule in (('', ldap.MATCH_ALL), ('no_', ldap.MATCH_NONE)): try: @@ -1520,7 +1527,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): filters.append(filter) filter = ldap.make_filter_from_attr( -'krbPrincipalName', +owner_pkey.name, value, rule) filters.append(filter) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#824][comment] ca-add: validate Subject DN name attributes
URL: https://github.com/freeipa/freeipa/pull/824 Title: #824: ca-add: validate Subject DN name attributes felipevolpone commented: """ I tested and it fixes the error. I'm not sure if it's relevant, but maybe the unrecognized attributes could be printed as the user wrote them. This: ```ipa: ERROR: invalid 'Subject DN': Unrecognized attributes: dn``` Could be: ```ipa: ERROR: invalid 'Subject DN': Unrecognized attributes: DN``` Good to go. """ See the full comment at https://github.com/freeipa/freeipa/pull/824#issuecomment-304987610 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org