Re: [Freeipa-devel] Build system refactoring - design document

[Jan Cholasta]

Hi,

On 7.10.2016 11:56, Petr Spacek wrote:

Dear FreeIPA developers and packagers,

you can find first version of the Build system refactoring design document on:
http://www.freeipa.org/page/V4/Build_system_refactoring

If you do not care about implementation details, please be so kind and quickly
scan through chapter
http://www.freeipa.org/page/V4/Build_system_refactoring#Feature_Management

I'm not an FreeIPA packager so I might miss some important thing which needs
to be configurable.


1) There should be a --with-python switch to select the version of 
Python to use in our command line tools and/or during build. The default 
would be "python", i.e. the default Python interpreter found in the path.


2) There is --with-pylint, --with-jslint, but no --with-po-validate.

3) I would prefer that if pylint (or jslint or python-polib) is not 
installed the build would fail instead of silently skipping the lint. 
Let it be a wilful decision of the packager whether to run the lint or not.


4) It is explicitly stated that I can turn off features using 
--without-feature. But how do I disable building server components?





Also, I would appreciate ideas how to handle build versioning:
http://www.freeipa.org/page/V4/Build_system_refactoring#Versioning

My main questions are:
* What is triggering IPA upgrade?
* Would it be sufficient to bump release in RPM? (I mean - theoretically.
Could the code be modified to detect this?)

Here I'm trying to avoid unnecessary rebuilds caused by changes to
IPA_VENDOR_VERSION during each build.


How exactly is IPA_VENDOR_VERSION causing unnecessary rebuilds? I can 
see it is written only to ipapython/version.py:


$ git grep -E '\bIPA_VENDOR_VERSION\b'
Makefile:IPA_VENDOR_VERSION=$(IPA_VERSION)$(IPA_VENDOR_VERSION_SUFFIX)
Makefile:   sed -i -e "s:__VENDOR_VERSION__:$(IPA_VENDOR_VERSION):" 
ipapython/version.py


Honza

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#148][comment] Unaccessible variable self.attrs in Tracker

[mbasti-rh]

  URL: https://github.com/freeipa/freeipa/pull/148
Title: #148: Unaccessible variable self.attrs in Tracker

mbasti-rh commented:
"""
You can check last step in this howto 
http://www.freeipa.org/page/Pull_request_on_Github
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/148#issuecomment-252827639
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#148][reopened] Unaccessible variable self.attrs in Tracker

[stlaz]

   URL: https://github.com/freeipa/freeipa/pull/148
Author: gkaihorodova
 Title: #148: Unaccessible variable self.attrs in Tracker
Action: reopened

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/148/head:pr148
git checkout pr148
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#149][comment] Tests: Unaccessible variable self.attrs in Tracker

[stlaz]

  URL: https://github.com/freeipa/freeipa/pull/149
Title: #149: Tests: Unaccessible variable self.attrs in Tracker

stlaz commented:
"""
Please fix this in the original PR, it will be a nice training for you ;)
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/149#issuecomment-252822977
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#149][closed] Tests: Unaccessible variable self.attrs in Tracker

[stlaz]

   URL: https://github.com/freeipa/freeipa/pull/149
Author: gkaihorodova
 Title: #149: Tests: Unaccessible variable self.attrs in Tracker
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/149/head:pr149
git checkout pr149
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#149][+rejected] Tests: Unaccessible variable self.attrs in Tracker

[stlaz]

  URL: https://github.com/freeipa/freeipa/pull/149
Title: #149: Tests: Unaccessible variable self.attrs in Tracker

Label: +rejected
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#148][comment] Unaccessible variable self.attrs in Tracker

[stlaz]

  URL: https://github.com/freeipa/freeipa/pull/148
Title: #148: Unaccessible variable self.attrs in Tracker

stlaz commented:
"""
That's not how pull requests work. You should change the commit and force push 
it to the branch instead.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/148#issuecomment-252822061
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#149][opened] Tests: Unaccessible variable self.attrs in Tracker

[gkaihorodova]

   URL: https://github.com/freeipa/freeipa/pull/149
Author: gkaihorodova
 Title: #149: Tests: Unaccessible variable self.attrs in Tracker
Action: opened

PR body:
"""
In tracker, 'self.attrs' variable is created and filled in track_create method.
Some objects are not created but still require access to this variable.
Created 'self.attrs' variable in init

https://fedorahosted.org/freeipa/ticket/6125
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/149/head:pr149
git checkout pr149
From 1efa0501316f04ea0990d1d0cbe7ef08090f3cba Mon Sep 17 00:00:00 2001
From: Ganna Kaihorodova 
Date: Mon, 10 Oct 2016 19:28:54 +0200
Subject: [PATCH] Unaccessible variable self.attrs in Tracker

In tracker, 'self.attrs' variable is created and filled in track_create method.
Some objects are not created but still require access to this variable.
Created 'self.attrs' variable in init

https://fedorahosted.org/freeipa/ticket/6125
---
 ipatests/test_xmlrpc/tracker/base.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ipatests/test_xmlrpc/tracker/base.py b/ipatests/test_xmlrpc/tracker/base.py
index a2b7406..aa88e6b 100644
--- a/ipatests/test_xmlrpc/tracker/base.py
+++ b/ipatests/test_xmlrpc/tracker/base.py
@@ -76,6 +76,7 @@ def __init__(self, default_version=None):
 self.api = api
 self.default_version = default_version or API_VERSION
 self._dn = None
+self.attrs = {}
 
 self.exists = False
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#148][closed] Unaccessible variable self.attrs in Tracker

[gkaihorodova]

   URL: https://github.com/freeipa/freeipa/pull/148
Author: gkaihorodova
 Title: #148: Unaccessible variable self.attrs in Tracker
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/148/head:pr148
git checkout pr148
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#148][comment] Unaccessible variable self.attrs in Tracker

[gkaihorodova]

  URL: https://github.com/freeipa/freeipa/pull/148
Title: #148: Unaccessible variable self.attrs in Tracker

gkaihorodova commented:
"""
You're right, empty dict is more applicable here. I will close that one and 
open new with suggested fix.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/148#issuecomment-252685347
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#145][comment] [WIP] Refactoring: LDAP Connection Management

[mbasti-rh]

  URL: https://github.com/freeipa/freeipa/pull/145
Title: #145: [WIP] Refactoring: LDAP Connection Management

mbasti-rh commented:
"""
I did some inline comments, I'm not fully satisfied with implementation of the 
connection manager, I'll think about it tomorrow.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/145#issuecomment-252676568
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#10][comment] Client-side CSR autogeneration

[LiptonB]

  URL: https://github.com/freeipa/freeipa/pull/10
Title: #10: Client-side CSR autogeneration

LiptonB commented:
"""
Thanks, I've updated the code based on your comments (force pushed to fix 
conflicts with master). And thanks for pointing out that email! I don't know 
how I missed it, but I will respond shortly.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/10#issuecomment-252676408
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#145][comment] [WIP] Refactoring: LDAP Connection Management

[mbasti-rh]

  URL: https://github.com/freeipa/freeipa/pull/145
Title: #145: [WIP] Refactoring: LDAP Connection Management

mbasti-rh commented:
"""
Please fix PEP8
```
./ipapython/ipaldap.py:766:49: E231 missing whitespace after ','
./ipapython/ipaldap.py:822:9: E265 block comment should start with '# '
./ipaserver/install/bindinstance.py:231:1: E302 expected 2 blank lines, found 1
./ipaserver/install/bindinstance.py:231:80: E501 line too long (82 > 79 
characters)
./ipaserver/install/krbinstance.py:170:80: E501 line too long (89 > 79 
characters)
./ipaserver/install/ldapupdate.py:59:80: E501 line too long (85 > 79 characters)
./ipaserver/install/replication.py:218:80: E501 line too long (82 > 79 
characters)
```


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/145#issuecomment-252662459
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#148][comment] Unaccessible variable self.attrs in Tracker

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/148
Title: #148: Unaccessible variable self.attrs in Tracker

apophys commented:
"""
NACK, comments inline.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/148#issuecomment-252603864
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#147][+rejected] Tests: Unaccessible variable self.attrs in Tracker

[mbasti-rh]

  URL: https://github.com/freeipa/freeipa/pull/147
Title: #147: Tests: Unaccessible variable self.attrs in Tracker

Label: +rejected
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#148][opened] Unaccessible variable self.attrs in Tracker

[gkaihorodova]

   URL: https://github.com/freeipa/freeipa/pull/148
Author: gkaihorodova
 Title: #148: Unaccessible variable self.attrs in Tracker
Action: opened

PR body:
"""
In tracker, 'self.attrs' variable is created and filled in track_create method.
Some objects are not created but still require access to this variable.
Created 'self.attrs' variable in init

https://fedorahosted.org/freeipa/ticket/6125
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/148/head:pr148
git checkout pr148
From d82743ca51d800b1af365a3193cdbb24f1574901 Mon Sep 17 00:00:00 2001
From: Ganna Kaihorodova 
Date: Mon, 10 Oct 2016 14:00:51 +0200
Subject: [PATCH] Unaccessible variable self.attrs in Tracker

In tracker, 'self.attrs' variable is created and filled in track_create method.
Some objects are not created but still require access to this variable.
Created 'self.attrs' variable in init

https://fedorahosted.org/freeipa/ticket/6125
---
 ipatests/test_xmlrpc/tracker/base.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ipatests/test_xmlrpc/tracker/base.py b/ipatests/test_xmlrpc/tracker/base.py
index a2b7406..ecf8c75 100644
--- a/ipatests/test_xmlrpc/tracker/base.py
+++ b/ipatests/test_xmlrpc/tracker/base.py
@@ -76,6 +76,7 @@ def __init__(self, default_version=None):
 self.api = api
 self.default_version = default_version or API_VERSION
 self._dn = None
+self.attrs = None
 
 self.exists = False
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#147][closed] Tests: Unaccessible variable self.attrs in Tracker

[gkaihorodova]

   URL: https://github.com/freeipa/freeipa/pull/147
Author: gkaihorodova
 Title: #147: Tests: Unaccessible variable self.attrs in Tracker
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/147/head:pr147
git checkout pr147
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#147][opened] Tests: Unaccessible variable self.attrs in Tracker

[gkaihorodova]

   URL: https://github.com/freeipa/freeipa/pull/147
Author: gkaihorodova
 Title: #147: Tests: Unaccessible variable self.attrs in Tracker
Action: opened

PR body:
"""
https://fedorahosted.org/freeipa/ticket/6125

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/147/head:pr147
git checkout pr147
From f3e20d8f9618421f6f05acdafea95c220a25ce78 Mon Sep 17 00:00:00 2001
From: gkaihoro 
Date: Mon, 29 Aug 2016 12:09:07 +0200
Subject: [PATCH] Test for caacl-add-service

Test for caacl-add-service: incorrect error message when service does not exists

https://fedorahosted.org/freeipa/ticket/6171
---
 ipatests/test_xmlrpc/test_caacl_plugin.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ipatests/test_xmlrpc/test_caacl_plugin.py b/ipatests/test_xmlrpc/test_caacl_plugin.py
index dce12e4..5286417 100644
--- a/ipatests/test_xmlrpc/test_caacl_plugin.py
+++ b/ipatests/test_xmlrpc/test_caacl_plugin.py
@@ -141,6 +141,7 @@ def test_remove_ca(self, category_acl, caacl_test_ca):
 def test_add_invalid_value_service(self, category_acl, default_profile):
 res = category_acl.add_service(service=default_profile.name, track=False)
 assert len(res['failed']) == 1
+assert(res['failed']['memberservice']['service'][0][0].startswith(default_profile.name))
 
 # the same for other types
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#142][synchronized] CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper (un)pickling

[dkupka]

   URL: https://github.com/freeipa/freeipa/pull/142
Author: dkupka
 Title: #142: CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper 
(un)pickling
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/142/head:pr142
git checkout pr142
From 7d60c47bdb2022c107bb60826e76ae21d746aeb9 Mon Sep 17 00:00:00 2001
From: David Kupka 
Date: Thu, 6 Oct 2016 13:31:52 +0200
Subject: [PATCH] UnsafeIPAddress: Implement __(g|s)etstate__ and to ensure
 proper (un)pickling

Missing attributes in instance created by pickle.load cause AttributeError in
second part of ipa-server-install --external-ca.

https://fedorahosted.org/freeipa/ticket/6385
---
 ipapython/ipautil.py | 24 
 1 file changed, 24 insertions(+)

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 41544a1..e4f4f39 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -127,12 +127,24 @@ def __init__(self, addr):
 super(UnsafeIPAddress, self).__init__(addr,
   flags=self.netaddr_ip_flags)
 
+def __getstate__(self):
+state = {
+'_net': self._net,
+'super_state': super(UnsafeIPAddress, self).__getstate__(),
+}
+return state
+
+def __setstate__(self, state):
+super(UnsafeIPAddress, self).__setstate__(state.pop('super_state'))
+self._net = state['_net']
+
 
 class CheckedIPAddress(UnsafeIPAddress):
 """IPv4 or IPv6 address with additional constraints.
 
 Reserved or link-local addresses are never accepted.
 """
+
 def __init__(self, addr, match_local=False, parse_netmask=True,
  allow_loopback=False, allow_multicast=False):
 try:
@@ -142,6 +154,7 @@ def __init__(self, addr, match_local=False, parse_netmask=True,
 
 if isinstance(addr, CheckedIPAddress):
 self.prefixlen = addr.prefixlen
+self._net = addr._net
 return
 
 if not parse_netmask and self._net:
@@ -205,6 +218,17 @@ def __init__(self, addr, match_local=False, parse_netmask=True,
 
 self.prefixlen = self._net.prefixlen
 
+def __getstate__(self):
+state = {
+'prefixlen': self.prefixlen,
+'super_state': super(CheckedIPAddress, self).__getstate__(),
+}
+return state
+
+def __setstate__(self, state):
+super(CheckedIPAddress, self).__setstate__(state.pop('super_state'))
+self.prefixlen = state['prefixlen']
+
 def is_network_addr(self):
 return self == self._net.network
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#142][-ack] CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper (un)pickling

[jcholast]

  URL: https://github.com/freeipa/freeipa/pull/142
Title: #142: CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper 
(un)pickling

Label: -ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#142][comment] CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper (un)pickling

[jcholast]

  URL: https://github.com/freeipa/freeipa/pull/142
Title: #142: CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper 
(un)pickling

jcholast commented:
"""
NACK, see inline comments.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/142#issuecomment-252580195
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#142][synchronized] CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper (un)pickling

[dkupka]

   URL: https://github.com/freeipa/freeipa/pull/142
Author: dkupka
 Title: #142: CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper 
(un)pickling
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/142/head:pr142
git checkout pr142
From 122f5f802219dd3245d16cbf871452fb3adfbb87 Mon Sep 17 00:00:00 2001
From: David Kupka 
Date: Thu, 6 Oct 2016 13:31:52 +0200
Subject: [PATCH] UnsafeIPAddress: Implement __(g|s)etstate__ and to ensure
 proper (un)pickling

Missing attributes in instance created by pickle.load cause AttributeError in
second part of ipa-server-install --external-ca.

https://fedorahosted.org/freeipa/ticket/6385
---
 ipapython/ipautil.py | 44 
 1 file changed, 44 insertions(+)

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 41544a1..6cb1a2c 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -127,12 +127,34 @@ def __init__(self, addr):
 super(UnsafeIPAddress, self).__init__(addr,
   flags=self.netaddr_ip_flags)
 
+def __getstate__(self):
+state = {attr: getattr(self, attr) for attr in ['_net']}
+try:
+state['super_state'] = super(UnsafeIPAddress, self).__getstate__()
+except AttributeError:
+# none of base classes implements custom pickling
+pass
+
+return state
+
+def __setstate__(self, state):
+try:
+super_state = state.pop('super_state')
+except KeyError:
+# no state saved for base classes
+pass
+else:
+super(UnsafeIPAddress, self).__setstate__(super_state)
+
+self.__dict__.update(state)
+
 
 class CheckedIPAddress(UnsafeIPAddress):
 """IPv4 or IPv6 address with additional constraints.
 
 Reserved or link-local addresses are never accepted.
 """
+
 def __init__(self, addr, match_local=False, parse_netmask=True,
  allow_loopback=False, allow_multicast=False):
 try:
@@ -142,6 +164,7 @@ def __init__(self, addr, match_local=False, parse_netmask=True,
 
 if isinstance(addr, CheckedIPAddress):
 self.prefixlen = addr.prefixlen
+self._net = addr._net
 return
 
 if not parse_netmask and self._net:
@@ -205,6 +228,27 @@ def __init__(self, addr, match_local=False, parse_netmask=True,
 
 self.prefixlen = self._net.prefixlen
 
+def __getstate__(self):
+state = {attr: getattr(self, attr) for attr in ['prefixlen']}
+try:
+state['super_state'] = super(CheckedIPAddress, self).__getstate__()
+except AttributeError:
+# none of base classes implements custom pickling
+pass
+
+return state
+
+def __setstate__(self, state):
+try:
+super_state = state.pop('super_state')
+except KeyError:
+# no state saved for base classes
+pass
+else:
+super(CheckedIPAddress, self).__setstate__(super_state)
+
+self.__dict__.update(state)
+
 def is_network_addr(self):
 return self == self._net.network
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0497] Py3: fix unicode/str error in LDAP*ReverseMember

[Martin Basti]

On 10.10.2016 07:57, Jan Cholasta wrote:

On 7.6.2016 10:35, Martin Basti wrote:



On 07.06.2016 10:35, Jan Cholasta wrote:

On 7.6.2016 10:29, Martin Basti wrote:



On 07.06.2016 09:08, Jan Cholasta wrote:

On 6.6.2016 14:33, Martin Basti wrote:

https://fedorahosted.org/freeipa/ticket/5923

Patch attached.


Could we drop the error message parsing and do something sane 
instead?




Not now, we can do it later and push this patch just as workaround


What's the point of that?


Point is that it will work as before, and I don't have to time to fix it
nicely now.


Bump. Do you now have time to fix it nicely, or should we move the 
ticket to 4.5 or later?




We should move it to milestone where we will fix/enable py3.

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] Broken IPA installation caused by new python-dns package

[Martin Basti]

https://bodhi.fedoraproject.org/updates/FEDORA-2016-1857421df6


Please set karma accordingly


Traceback:

...

  File 
"/usr/lib/python2.7/site-packages/ipaserver/dns_data_management.py", 
line 426, in update_dns_records

self.update_base_records(),
  File 
"/usr/lib/python2.7/site-packages/ipaserver/dns_data_management.py", 
line 377, in update_base_records

base_zone = self.get_base_records()
  File 
"/usr/lib/python2.7/site-packages/ipaserver/dns_data_management.py", 
line 328, in get_base_records

include_kerberos_realm=include_kerberos_realm
  File 
"/usr/lib/python2.7/site-packages/ipaserver/dns_data_management.py", 
line 179, in _add_base_dns_records_for_server

self.__add_kerberos_txt_rec(zone_obj)
  File 
"/usr/lib/python2.7/site-packages/ipaserver/dns_data_management.py", 
line 165, in __add_kerberos_txt_rec

rdataset.add(rd, ttl=86400)  # FIXME: use TTL from config
  File "/usr/lib/python2.7/site-packages/dns/rdataset.py", line 129, in add
super(Rdataset, self).add(rd)
  File "/usr/lib/python2.7/site-packages/dns/set.py", line 49, in add
if item not in self.items:
  File "/usr/lib/python2.7/site-packages/dns/rdata.py", line 217, in __eq__
return self._cmp(other) == 0
  File "/usr/lib/python2.7/site-packages/dns/rdata.py", line 203, in _cmp
our = self.to_digestable(dns.name.root)
  File "/usr/lib/python2.7/site-packages/dns/rdata.py", line 174, in 
to_digestable

self.to_wire(f, None, origin)
  File "/usr/lib/python2.7/site-packages/dns/rdtypes/txtbase.py", line 
75, in to_wire

file.write(s)

2016-10-10T04:44:05Z DEBUG The ipa-replica-install command failed, 
exception: TypeError: 'unicode' does not have the buffer interface

2016-10-10T04:44:05Z ERROR 'unicode' does not have the buffer interface


I'll investigate if IPA using it wrong or there is new error introduced 
in pyhton-dns


--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] Freeipa-devel Digest, Vol 113, Issue 35

[Alexander Bokovoy]

>>>> should be passed to find_entries(). This definitely needs to be
>>>>>> fixed.
>>>>>>
>>>>>>>>
>>>>>>>> Anyway, this ticket is not really easily fixable without more
>>>>>>>> profound
>>>>>>>> changes. Often, multiple LDAP searches are done during command
>>>>>>>> execution. What do you do with the size limit then? Do you pass
>>>>>>>> the
>>>>>>>> same size limit to all the searches? Do you subtract the result
>>>>>>>> size
>>>>>>>> from the size limit after each search? Do you do something else
>>>>>>>> with
>>>>>>>> it? ... The answer is that it depends on the purpose of each
>>>>>>>> individual LDAP search (like in get_memberindirect() above, we
>>>>>>>> have to
>>>>>>>> do unlimited search, otherwise the resulting entry would be
>>>>>>>> incomplete), and fixing this accross the whole framework is a
>>>>>>>> non-trivial task.
>>>>>>>>
>>>>>>> I do realize that the proposed fix for the permission plugin is not
>>>>>>> perfect, it would probably be better to subtract the number of
>>>>>>> currently
>>>>>>> loaded records from the sizelimit, although in the end the
>>>>>>> number of
>>>>>>> returned values will not be higher than the given size_limit.
>>>>>>> However,
>>>>>>> it seems reasonable that if get_entries is passed a size limit, it
>>>>>>> should apply it over current ipaSearchRecordsLimit rather than
>>>>>>> ignoring
>>>>>>> it. Then, any use of get_entries could be fixed accordingly if
>>>>>>> someone
>>>>>>> sees fit.
>>>>>>>
>>>>>>
>>>>>> Right. Anyway, this is a different issue than above, so please put
>>>>>> this into a separate commit.
>>>>>>
>>>>> Please see the attached patches, then.
>>>>>
>>>> Self-NACK, with Honza's help I found there was a mistake in the
>>>> code. I
>>>> also found an off-by-one bug which I hope I could stick to the
>>>> other two
>>>> patches (attaching only the modified and new patches).
>>>
>>> Works for me, but this bit in patch 0064 looks suspicious to me:
>>>
>>> +if max_entries > 0 and len(entries) ==
>>> max_entries:
>>>
>>> Shouldn't it rather be:
>>>
>>> +if max_entries > 0 and len(entries) >=
>>> max_entries:
>>>
>>> ?
>>>
>> The length of entries list should not exceed max_entries if size_limit
>> is properly implemented. Therefore the list you get from execute()
>> should not have more then max_entries entries. You shouldn't also be
>> able to append a legacy entry to entries list if this check is the first
>> thing you do.
>
> That's a lot of shoulds :-) I would expect at least an assert
> statement to make sure everything is right.
>
>>
>> That being said, >= could be used but then some popping of entries from
>> entries list would be necessary. But it's perhaps safer to do, although
>> if there's a bug, it won't be that obvious :)
>
> OK, nevermind then, just add the assert please, to make bugs *very*
> obvious.
>
An assert seems like a very good idea, attached is an asserting patch.

-- next part --
A non-text attachment was scrubbed...
Name: freeipa-slaznick-0064-2-permission-find-fix-a-
sizelimit-off-by-one-bug.patch
Type: text/x-patch
Size: 2640 bytes
Desc: not available
URL: <https://www.redhat.com/archives/freeipa-devel/
attachments/20161010/eddd5901/attachment.bin>

--

Message: 5
Date: Mon, 10 Oct 2016 08:56:59 +0200
From: Petr Spacek 
To: freeipa-devel@redhat.com
Subject: Re: [Freeipa-devel] kinit: Cannot contact any KDC for
realm... from Freeipa clinet (Active Directory trust setup)
Message-ID: <74136c2e-87aa-e18a-b16e-d2839ea12...@redhat.com>
Content-Type: text/plain; charset=windows-1252

On 10.10.2016 05:23, rajat gupta wrote:
> Hi,
>
> I am trying to setup the freeipa  Active Directory trust setup and i am
> following
> the http://www.freeipa.org/page/Active_Directory_

Re: [Freeipa-devel] kinit: Cannot contact any KDC for realm... from Freeipa clinet (Active Directory trust setup)

[Sumit Bose]

On Mon, Oct 10, 2016 at 09:43:24AM +0200, rajat gupta wrote:
> https://access.redhat.com/documentation/en-US/Red_Hat_
> Enterprise_Linux/7/html/Windows_Integration_Guide/
> trust-requirements.html#trust-req-ports
> 
> these port are required for trust. Is port 88 required to open from ipa
> client to AD?

Yes, in general the clients need to talk directly to the AD DC because
you do not want a man-in-the-middle during authentication.

For special environments it is possible to setup a KDC proxy, see
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System-Level_Authentication_Guide/Configuring_a_Kerberos_5_Server.html#KKDCP
for details.

HTH

bye,
Sumit

> 
> 
> On Mon, Oct 10, 2016 at 5:23 AM, rajat gupta  wrote:
> 
> > Hi,
> >
> > I am trying to setup the freeipa  Active Directory trust setup and i am
> > following
> > the http://www.freeipa.org/page/Active_Directory_trust_setup
> > documentation.
> >
> > I am able to login on freeipa Server with AD users.
> >
> > But when i am trying to login with some other IPA client machine I am not
> > able to to login with AD user.
> >
> > Required firewall port is opened between freeipa server to AD server and
> > freeipa server to freeipa clinets
> >
> > There is no firewall port is opened between from  freeipa client to AD
> > server.
> >
> > =
> > against addomain from ipaserver :-
> >
> > ipa01 ~]# KRB5_TRACE=/dev/stdout kinit raja...@ad.addomain.com
> > [24633] 1476069033.462976: Resolving unique ccache of type KEYRING
> > [24633] 1476069033.463027: Getting initial credentials for
> > raja...@ad.addomain.com
> > [24633] 1476069033.465229: Sending request (183 bytes) to AD.ADDOMAIN.COM
> > [24633] 1476069033.471891: Resolving hostname ad1.ad.addomain.com
> > [24633] 1476069033.474439: Sending initial UDP request to dgram
> > 192.168.20.100:88
> > [24633] 1476069033.487765: Received answer (212 bytes) from dgram
> > 192.168.20.100:88
> > [24633] 1476069033.488098: Response was not from master KDC
> > [24633] 1476069033.488136: Received error from KDC: -1765328359/Additional
> > pre-authentication required
> > [24633] 1476069033.488179: Processing preauth types: 16, 15, 19, 2
> > [24633] 1476069033.488192: Selected etype info: etype aes256-cts, salt
> > "AD.ADDOMAIN.COMRajat.Gupta", params ""
> > [24633] 1476069033.488215: PKINIT client has no configured identity;
> > giving up
> > [24633] 1476069033.488233: PKINIT client has no configured identity;
> > giving up
> > [24633] 1476069033.488242: Preauth module pkinit (16) (real) returned:
> > 22/Invalid argument
> > [24633] 1476069033.488250: PKINIT client has no configured identity;
> > giving up
> > [24633] 1476069033.488255: Preauth module pkinit (14) (real) returned:
> > 22/Invalid argument
> > Password for raja...@ad.addomain.com:
> >
> > this is working fine.
> > =
> >
> >
> > =
> > against addomain from ipaclinet :-
> >
> > *ipaclinet ~] #  KRB5_TRACE=/dev/stdout kinit  raja...@ad.addomain.com
> > [4133] 1476067599.43421: Getting initial
> > credentials for raja...@ad.addomain.com [4133]
> > 1476067599.43599: Sending request (183 bytes) to AD.ADDOMAIN.COM
> > *
> > *[4133] 1476067599.49544: Resolving hostname *
> > *ad1.ad.addomain.com .*
> > *[4133] 1476067599.53762: Sending initial UDP request to dgram
> > 192.168.20.100*
> >
> > NOT WORKING
> > =
> >
> > =
> > against ipdomain from ipaclinet
> >
> > # KRB5_TRACE=/dev/stdout kinit  admin@IPA.IPASERVER.LOCAL
> > [4914] 1476068067.763574: Getting initial credentials for
> > admin@IPA.IPASERVER.LOCAL
> > [4914] 1476068067.763889: Sending request (177 bytes) to
> > IPA.IPASERVER.LOCAL
> > [4914] 1476068067.764033: Initiating TCP connection to stream
> > 10.246.104.14:88
> > [4914] 1476068067.765089: Sending TCP request to stream 192.168.100.100:88
> > [4914] 1476068067.767593: Received answer (356 bytes) from stream
> > 192.168.100.100:88
> > [4914] 1476068067.767603: Terminating TCP connection to stream
> > 192.168.100.100:88
> > [4914] 1476068067.767661: Response was from master KDC
> > [4914] 1476068067.767685: Received error from KDC: -1765328359/Additional
> > pre-authentication required
> > [4914] 1476068067.767730: Processing preauth types: 136, 19, 2, 133
> > [4914] 1476068067.767742: Selected etype info: etype aes256-cts, salt
> > "k},(k&+qA)Mosf6z", params ""
> > [4914] 1476068067.767747: Received cookie: MIT
> > Password for admin@IPA.IPASERVER.LOCAL:
> >
> > this is working fine.
> > =
> >
> >
> > it looks for password-based authentication requests, the IPA clients
> > 

Re: [Freeipa-devel] kinit: Cannot contact any KDC for realm... from Freeipa clinet (Active Directory trust setup)

[rajat gupta]

https://access.redhat.com/documentation/en-US/Red_Hat_
Enterprise_Linux/7/html/Windows_Integration_Guide/
trust-requirements.html#trust-req-ports

these port are required for trust. Is port 88 required to open from ipa
client to AD?


On Mon, Oct 10, 2016 at 5:23 AM, rajat gupta  wrote:

> Hi,
>
> I am trying to setup the freeipa  Active Directory trust setup and i am
> following
> the http://www.freeipa.org/page/Active_Directory_trust_setup
> documentation.
>
> I am able to login on freeipa Server with AD users.
>
> But when i am trying to login with some other IPA client machine I am not
> able to to login with AD user.
>
> Required firewall port is opened between freeipa server to AD server and
> freeipa server to freeipa clinets
>
> There is no firewall port is opened between from  freeipa client to AD
> server.
>
> =
> against addomain from ipaserver :-
>
> ipa01 ~]# KRB5_TRACE=/dev/stdout kinit raja...@ad.addomain.com
> [24633] 1476069033.462976: Resolving unique ccache of type KEYRING
> [24633] 1476069033.463027: Getting initial credentials for
> raja...@ad.addomain.com
> [24633] 1476069033.465229: Sending request (183 bytes) to AD.ADDOMAIN.COM
> [24633] 1476069033.471891: Resolving hostname ad1.ad.addomain.com
> [24633] 1476069033.474439: Sending initial UDP request to dgram
> 192.168.20.100:88
> [24633] 1476069033.487765: Received answer (212 bytes) from dgram
> 192.168.20.100:88
> [24633] 1476069033.488098: Response was not from master KDC
> [24633] 1476069033.488136: Received error from KDC: -1765328359/Additional
> pre-authentication required
> [24633] 1476069033.488179: Processing preauth types: 16, 15, 19, 2
> [24633] 1476069033.488192: Selected etype info: etype aes256-cts, salt
> "AD.ADDOMAIN.COMRajat.Gupta", params ""
> [24633] 1476069033.488215: PKINIT client has no configured identity;
> giving up
> [24633] 1476069033.488233: PKINIT client has no configured identity;
> giving up
> [24633] 1476069033.488242: Preauth module pkinit (16) (real) returned:
> 22/Invalid argument
> [24633] 1476069033.488250: PKINIT client has no configured identity;
> giving up
> [24633] 1476069033.488255: Preauth module pkinit (14) (real) returned:
> 22/Invalid argument
> Password for raja...@ad.addomain.com:
>
> this is working fine.
> =
>
>
> =
> against addomain from ipaclinet :-
>
> *ipaclinet ~] #  KRB5_TRACE=/dev/stdout kinit  raja...@ad.addomain.com
> [4133] 1476067599.43421: Getting initial
> credentials for raja...@ad.addomain.com [4133]
> 1476067599.43599: Sending request (183 bytes) to AD.ADDOMAIN.COM
> *
> *[4133] 1476067599.49544: Resolving hostname *
> *ad1.ad.addomain.com .*
> *[4133] 1476067599.53762: Sending initial UDP request to dgram
> 192.168.20.100*
>
> NOT WORKING
> =
>
> =
> against ipdomain from ipaclinet
>
> # KRB5_TRACE=/dev/stdout kinit  admin@IPA.IPASERVER.LOCAL
> [4914] 1476068067.763574: Getting initial credentials for
> admin@IPA.IPASERVER.LOCAL
> [4914] 1476068067.763889: Sending request (177 bytes) to
> IPA.IPASERVER.LOCAL
> [4914] 1476068067.764033: Initiating TCP connection to stream
> 10.246.104.14:88
> [4914] 1476068067.765089: Sending TCP request to stream 192.168.100.100:88
> [4914] 1476068067.767593: Received answer (356 bytes) from stream
> 192.168.100.100:88
> [4914] 1476068067.767603: Terminating TCP connection to stream
> 192.168.100.100:88
> [4914] 1476068067.767661: Response was from master KDC
> [4914] 1476068067.767685: Received error from KDC: -1765328359/Additional
> pre-authentication required
> [4914] 1476068067.767730: Processing preauth types: 136, 19, 2, 133
> [4914] 1476068067.767742: Selected etype info: etype aes256-cts, salt
> "k},(k&+qA)Mosf6z", params ""
> [4914] 1476068067.767747: Received cookie: MIT
> Password for admin@IPA.IPASERVER.LOCAL:
>
> this is working fine.
> =
>
>
> it looks for password-based authentication requests, the IPA clients
> connect directly to the AD servers using Kerberos.
>
> then there is port firewall opening required  between ipaclinet and AD
> Server as well. Is it required ? OR I am doing something wrong.
>
> /Rajat
>
>
>
>
>
>
>
>
> --
>
> *Rajat Gupta *
>



-- 

*Rajat Gupta *
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] Freeipa-devel Digest, Vol 113, Issue 35

[rajat gupta]

> changes. Often, multiple LDAP searches are done during command
> >>>>>>>> execution. What do you do with the size limit then? Do you pass
> >>>>>>>> the
> >>>>>>>> same size limit to all the searches? Do you subtract the result
> >>>>>>>> size
> >>>>>>>> from the size limit after each search? Do you do something else
> >>>>>>>> with
> >>>>>>>> it? ... The answer is that it depends on the purpose of each
> >>>>>>>> individual LDAP search (like in get_memberindirect() above, we
> >>>>>>>> have to
> >>>>>>>> do unlimited search, otherwise the resulting entry would be
> >>>>>>>> incomplete), and fixing this accross the whole framework is a
> >>>>>>>> non-trivial task.
> >>>>>>>>
> >>>>>>> I do realize that the proposed fix for the permission plugin is not
> >>>>>>> perfect, it would probably be better to subtract the number of
> >>>>>>> currently
> >>>>>>> loaded records from the sizelimit, although in the end the
> >>>>>>> number of
> >>>>>>> returned values will not be higher than the given size_limit.
> >>>>>>> However,
> >>>>>>> it seems reasonable that if get_entries is passed a size limit, it
> >>>>>>> should apply it over current ipaSearchRecordsLimit rather than
> >>>>>>> ignoring
> >>>>>>> it. Then, any use of get_entries could be fixed accordingly if
> >>>>>>> someone
> >>>>>>> sees fit.
> >>>>>>>
> >>>>>>
> >>>>>> Right. Anyway, this is a different issue than above, so please put
> >>>>>> this into a separate commit.
> >>>>>>
> >>>>> Please see the attached patches, then.
> >>>>>
> >>>> Self-NACK, with Honza's help I found there was a mistake in the
> >>>> code. I
> >>>> also found an off-by-one bug which I hope I could stick to the
> >>>> other two
> >>>> patches (attaching only the modified and new patches).
> >>>
> >>> Works for me, but this bit in patch 0064 looks suspicious to me:
> >>>
> >>> +if max_entries > 0 and len(entries) ==
> >>> max_entries:
> >>>
> >>> Shouldn't it rather be:
> >>>
> >>> +if max_entries > 0 and len(entries) >=
> >>> max_entries:
> >>>
> >>> ?
> >>>
> >> The length of entries list should not exceed max_entries if size_limit
> >> is properly implemented. Therefore the list you get from execute()
> >> should not have more then max_entries entries. You shouldn't also be
> >> able to append a legacy entry to entries list if this check is the first
> >> thing you do.
> >
> > That's a lot of shoulds :-) I would expect at least an assert
> > statement to make sure everything is right.
> >
> >>
> >> That being said, >= could be used but then some popping of entries from
> >> entries list would be necessary. But it's perhaps safer to do, although
> >> if there's a bug, it won't be that obvious :)
> >
> > OK, nevermind then, just add the assert please, to make bugs *very*
> > obvious.
> >
> An assert seems like a very good idea, attached is an asserting patch.
>
> -- next part --
> A non-text attachment was scrubbed...
> Name: freeipa-slaznick-0064-2-permission-find-fix-a-
> sizelimit-off-by-one-bug.patch
> Type: text/x-patch
> Size: 2640 bytes
> Desc: not available
> URL: <https://www.redhat.com/archives/freeipa-devel/
> attachments/20161010/eddd5901/attachment.bin>
>
> --
>
> Message: 5
> Date: Mon, 10 Oct 2016 08:56:59 +0200
> From: Petr Spacek 
> To: freeipa-devel@redhat.com
> Subject: Re: [Freeipa-devel] kinit: Cannot contact any KDC for
> realm... from Freeipa clinet (Active Directory trust setup)
> Message-ID: <74136c2e-87aa-e18a-b16e-d2839ea12...@redhat.com>
> Content-Type: text/plain; charset=windows-1252
>
> On 10.10.2016 05:23, rajat gupta wrote:
> > Hi,
> >
> > I a

[Freeipa-devel] [freeipa PR#146][opened] WebUI: fix API Browser menu label

[pvomacka]

   URL: https://github.com/freeipa/freeipa/pull/146
Author: pvomacka
 Title: #146: WebUI: fix API Browser menu label
Action: opened

PR body:
"""
The label of API Browser is now in translatable strings and it has
uppercase B at the beginnig of second word.

https://fedorahosted.org/freeipa/ticket/6384
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/146/head:pr146
git checkout pr146
From bdbd92358bc9ad3025b8adad8993f69d584f96e1 Mon Sep 17 00:00:00 2001
From: Pavel Vomacka 
Date: Mon, 10 Oct 2016 09:19:32 +0200
Subject: [PATCH] WebUI: fix API Browser menu label

The label of API Browser is now in translatable strings and it has
uppercase B at the beginnig of second word.

https://fedorahosted.org/freeipa/ticket/6384
---
 install/ui/src/freeipa/navigation/menu_spec.js | 2 +-
 install/ui/test/data/ipa_init.json | 1 +
 ipaserver/plugins/internal.py  | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/install/ui/src/freeipa/navigation/menu_spec.js b/install/ui/src/freeipa/navigation/menu_spec.js
index 1abd720..7d121d9 100644
--- a/install/ui/src/freeipa/navigation/menu_spec.js
+++ b/install/ui/src/freeipa/navigation/menu_spec.js
@@ -249,7 +249,7 @@ var nav = {};
 },
 {
 name: 'apibrowser',
-label: 'API browser',
+label: '@i18n:widget.api_browser',
 facet: 'apibrowser',
 args: { 'type': 'command' }
 },
diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json
index 99851ab..514206a 100644
--- a/install/ui/test/data/ipa_init.json
+++ b/install/ui/test/data/ipa_init.json
@@ -734,6 +734,7 @@
 },
 "true": "True",
 "widget": {
+"api_browser": "API Browser",
 "first": "First",
 "last": "Last",
 "next": "Next",
diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py
index 530458d..6107a14 100644
--- a/ipaserver/plugins/internal.py
+++ b/ipaserver/plugins/internal.py
@@ -887,6 +887,7 @@ class i18n_messages(Command):
 },
 "true": _("True"),
 "widget": {
+"api_browser": _("API Browser"),
 "first": _("First"),
 "last": _("Last"),
 "next": _("Next"),
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code