[Freeipa-devel] [freeipa PR#745][comment] tests: add missing dependency iptables

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/745
Title: #745: tests: add missing dependency iptables

apophys commented:
"""
The kdc proxy test requiring the package is also in ipa-4-5 branch. Should it 
not go there as well?
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/745#issuecomment-300455303
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#693][+ack] [tests] collect audit.log for easier selinux investigation

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/693
Title: #693: [tests] collect audit.log for easier selinux investigation

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#626][comment] Move helper code for integration plugin

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/626
Title: #626: Move helper code for integration plugin

apophys commented:
"""
will do
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/626#issuecomment-288355769
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#626][comment] Move helper code for integration plugin

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/626
Title: #626: Move helper code for integration plugin

apophys commented:
"""
Thanks for the update
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/626#issuecomment-288140640
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#626][+ack] Move helper code for integration plugin

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/626
Title: #626: Move helper code for integration plugin

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#537][comment] test_csrgen: adjusted comparison test scripts for CSRGenerator

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/537
Title: #537: test_csrgen: adjusted comparison test scripts for CSRGenerator

apophys commented:
"""
Ack.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/537#issuecomment-284012793
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#537][+ack] test_csrgen: adjusted comparison test scripts for CSRGenerator

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/537
Title: #537: test_csrgen: adjusted comparison test scripts for CSRGenerator

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#537][comment] test_csrgen: adjusted comparison test scripts for CSRGenerator

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/537
Title: #537: test_csrgen: adjusted comparison test scripts for CSRGenerator

apophys commented:
"""
Ack.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/537#issuecomment-284012793
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#532][comment] Fix cookie with Max-Age processing

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/532
Title: #532: Fix cookie with Max-Age processing

apophys commented:
"""
Hi, can this PR get little more attention? The issue seems to be a cause for a 
lot of failures in our integration tests. (I'm not 100% sure though)
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/532#issuecomment-283999510
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#424][+ack] Tests: fix wait_for_replication task

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/424
Title: #424: Tests: fix wait_for_replication task

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#415][comment] ca-del: require CA to already be disabled

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/415
Title: #415: ca-del: require CA to already be disabled

apophys commented:
"""
Could you please extend the tests with the invalid order of the commands on a 
ca entry?
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/415#issuecomment-276363432
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#196][closed] ipatests: unresolvable nested netgroups

[apophys]

   URL: https://github.com/freeipa/freeipa/pull/196
Author: apophys
 Title: #196: ipatests: unresolvable nested netgroups
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/196/head:pr196
git checkout pr196
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#196][comment] ipatests: unresolvable nested netgroups

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/196
Title: #196: ipatests: unresolvable nested netgroups

apophys commented:
"""
Yes.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/196#issuecomment-274738684
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#391][+ack] ipapython: Add dependencies on version.py

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/391
Title: #391: ipapython: Add dependencies on version.py

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#369][+ack] Catch ValueError raised by pytest.config.getoption()

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/369
Title: #369: Catch ValueError raised by pytest.config.getoption()

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#366][comment] Use pytest conftest.py

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/366
Title: #366: Use pytest conftest.py 

apophys commented:
"""
Thank you for squashing the commits.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/366#issuecomment-270653055
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#366][+ack] Use pytest conftest.py

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/366
Title: #366: Use pytest conftest.py 

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#196][comment] ipatests: unresolvable nested netgroups

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/196
Title: #196: ipatests: unresolvable nested netgroups

apophys commented:
"""
The rewrite to integration test is in my queue.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/196#issuecomment-266418775
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#227][comment] cert-request: match names against principal aliases

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/227
Title: #227: cert-request: match names against principal aliases

apophys commented:
"""
The tests look good to me.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/227#issuecomment-264854251
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#225][+ack] tests: Added basic tests for certs in idoverrides

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/225
Title: #225: tests: Added basic tests for certs in idoverrides

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#225][comment] tests: Added basic tests for certs in idoverrides

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/225
Title: #225: tests: Added basic tests for certs in idoverrides

apophys commented:
"""
Thank you for addressing the issues. The implementation is somehow minimal, 
however in the future it can be extended as needed.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/225#issuecomment-263638790
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#200][+ack] Test: basic kerberos over http functionality

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/200
Title: #200: Test: basic kerberos over http functionality

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#200][comment] Test: basic kerberos over http functionality

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/200
Title: #200: Test: basic kerberos over http functionality

apophys commented:
"""
Thank you for rebasing the commits. The test looks good.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/200#issuecomment-263578009
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#225][comment] tests: Added basic tests for certs in idoverrides

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/225
Title: #225: tests: Added basic tests for certs in idoverrides

apophys commented:
"""
Thank you for the change of the order and using the objectclasses module. There 
are still things I'd like to be changed, though.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/225#issuecomment-263505112
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#200][comment] Test: basic kerberos over http functionality

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/200
Title: #200: Test: basic kerberos over http functionality

apophys commented:
"""
Please rebase the commits in the right order.

What will happen when the hosts in the topology have both IPv4 and IPv6 stacks 
when you disable ports for only one? Is the IPA server serving on both network 
stacks?
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/200#issuecomment-262982688
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#225][comment] tests: Added basic tests for certs in idoverrides

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/225
Title: #225: tests: Added basic tests for certs in idoverrides

apophys commented:
"""
Please address the inline comments
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/225#issuecomment-262961820
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#181][comment] Tests : User Tracker creation of user with minimal values

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/181
Title: #181: Tests : User Tracker creation of user with minimal values

apophys commented:
"""
I think in this case we can go with keyword arguments only. Most of the uses of 
the tracker in the tests do it already. What I will need in the case of keyword 
arguments is an explicit check for some non-empty unicode string for the 
required attributes in the __init__ method.

All of this applies to `StageUserTracker` in #210 as well
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/181#issuecomment-261940072
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#240][+ack] Document make_delete_command method in UserTracker

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/240
Title: #240: Document make_delete_command method in UserTracker

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#225][comment] tests: Added basic tests for certs in idoverrides

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/225
Title: #225: tests: Added basic tests for certs in idoverrides

apophys commented:
"""
Please address the inline comments.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/225#issuecomment-259679240
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#196][comment] ipatests: unresolvable nested netgroups

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/196
Title: #196: ipatests: unresolvable nested netgroups

apophys commented:
"""
Ping for review.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/196#issuecomment-259666959
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#196][opened] ipatests: unresolvable nested netgroups

[apophys]

   URL: https://github.com/freeipa/freeipa/pull/196
Author: apophys
 Title: #196: ipatests: unresolvable nested netgroups
Action: opened

PR body:
"""
Adds a test case for issue in SSSD that manifested in
an inability to resolve nested membership in netgroups

The test case tests for direct and indirect membership.

https://fedorahosted.org/freeipa/ticket/6439
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/196/head:pr196
git checkout pr196
From 92f114d7b93fe13c4f9f6d06a02916aa8cb00cf5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com>
Date: Wed, 26 Oct 2016 13:41:02 +
Subject: [PATCH] ipatests: unresolvable nested netgroups

Adds a test case for issue in SSSD that manifested in
an inability to resolve nested membership in netgroups

The test case tests for direct and indirect membership.

https://fedorahosted.org/freeipa/ticket/6439
---
 ipatests/test_xmlrpc/test_netgroup_plugin.py | 113 +++
 1 file changed, 113 insertions(+)

diff --git a/ipatests/test_xmlrpc/test_netgroup_plugin.py b/ipatests/test_xmlrpc/test_netgroup_plugin.py
index b6f004e..42bc579 100644
--- a/ipatests/test_xmlrpc/test_netgroup_plugin.py
+++ b/ipatests/test_xmlrpc/test_netgroup_plugin.py
@@ -26,8 +26,10 @@
 from ipatests.test_xmlrpc.xmlrpc_test import (Declarative, fuzzy_digits,
   fuzzy_uuid, fuzzy_netgroupdn)
 from ipatests.test_xmlrpc import objectclasses
+from ipatests.test_xmlrpc.tracker.user_plugin import UserTracker
 from ipapython.dn import DN
 from ipatests.test_xmlrpc.test_user_plugin import get_user_result
+from ipatests.util import run
 import pytest
 
 # Global so we can save the value between tests
@@ -1408,3 +1410,114 @@ class test_netgroup(Declarative):
 ## and even which user gets into which triple can be random.
 #assert '(nosuchhost,jexample,example.com)' in triples
 #assert '(ipatesthost.%s,pexample,example.com)' % api.env.domain in triples
+
+
+@pytest.fixture(scope='function')
+def netgroup_test1(request):
+name = u'netgroup-test-1'
+
+def ng_cleanup():
+api.Command.netgroup_del(name)
+
+request.addfinalizer(ng_cleanup)
+
+api.Command.netgroup_add(name)
+return name
+
+
+@pytest.fixture(scope='function')
+def netgroup_test2(request):
+name = u'netgroup-test-2'
+
+def ng_cleanup():
+api.Command.netgroup_del(name)
+request.addfinalizer(ng_cleanup)
+
+api.Command.netgroup_add(name)
+return name
+
+
+@pytest.fixture(scope='function')
+def netgroup_test3(request):
+name = u'netgroup-test-3'
+
+def ng_cleanup():
+api.Command.netgroup_del(name)
+request.addfinalizer(ng_cleanup)
+
+api.Command.netgroup_add(name)
+return name
+
+
+@pytest.fixture(scope='function')
+def netgroup_user1(request):
+tr = UserTracker(u'ng_user_1', u'ng', u'user')
+
+return tr.make_fixture(request)
+
+
+@pytest.fixture(scope='function')
+def netgroup_user2(request):
+tr = UserTracker(u'ng_user_2', u'ng', u'user')
+
+return tr.make_fixture(request)
+
+
+@pytest.fixture(scope='function')
+def netgroup_user3(request):
+tr = UserTracker(u'ng_user_3', u'ng', u'user')
+
+return tr.make_fixture(request)
+
+
+def test_netgroup_nested_groups(
+netgroup_test1, netgroup_test2, netgroup_test3,
+netgroup_user1, netgroup_user2, netgroup_user3):
+"""Test resolution of nested netgroup membership
+
+The test sets up a chain of netgroups with user members in
+each of the groups. Then the membership is evaluated on each
+group, expecting the membership of users in nested groups to be
+propagated into parent groups.
+"""
+
+netgroup_user1.create()
+netgroup_user2.create()
+netgroup_user3.create()
+
+# Prepare the nested netgroup hierarchy
+api.Command.netgroup_add_member(netgroup_test1, netgroup=netgroup_test2)
+api.Command.netgroup_add_member(netgroup_test2, netgroup=netgroup_test3)
+
+# Add an user to each group
+api.Command.netgroup_add_member(netgroup_test1, user=netgroup_user1.name)
+api.Command.netgroup_add_member(netgroup_test2, user=netgroup_user2.name)
+api.Command.netgroup_add_member(netgroup_test3, user=netgroup_user3.name)
+
+# Clean the sssd cache
+run(['sudo', 'sss_cache', '-E'], raiseonerr=False)
+
+# Call getent for each group and check if the users are in the right groups
+
+# Expected results: getent output in form (-,USERNAME,DOMAIN)
+# where the DOMAIN part is the nisDomainName of the netgroup
+nisdomain = (
+api.Command.netgroup_show(netgroup_test1)['result']['nisdomainname'][0]
+)
+
+ng_rec_tmpl = '(-,{user},{domain})'
+ng_rec_u1 = ng_rec_tmpl.format(user=netgroup_user1.name, domain=nisdomain)
+ng_rec_u2 = ng_rec_tmpl.format(user=netgroup_user

[Freeipa-devel] [freeipa PR#148][+ack] Unaccessible variable self.attrs in Tracker

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/148
Title: #148: Unaccessible variable self.attrs in Tracker

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#148][comment] Unaccessible variable self.attrs in Tracker

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/148
Title: #148: Unaccessible variable self.attrs in Tracker

apophys commented:
"""
Thank you, ack.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/148#issuecomment-255363641
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#178][opened] ipatests: Fix assert_deepequal outside of pytest process

[apophys]

   URL: https://github.com/freeipa/freeipa/pull/178
Author: apophys
 Title: #178: ipatests: Fix assert_deepequal outside of pytest process
Action: opened

PR body:
"""
https://fedorahosted.org/freeipa/ticket/6420
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/178/head:pr178
git checkout pr178
From 9ea5c11a90bdf9d41b874b34904afaa567cecf74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com>
Date: Fri, 21 Oct 2016 14:29:50 +0200
Subject: [PATCH] ipatests: Fix assert_deepequal outside of pytest process

https://fedorahosted.org/freeipa/ticket/6420
---
 ipatests/util.py | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ipatests/util.py b/ipatests/util.py
index 889e850..bca8e9c 100644
--- a/ipatests/util.py
+++ b/ipatests/util.py
@@ -330,7 +330,12 @@ def assert_deepequal(expected, got, doc='', stack=tuple()):
 Note that lists and tuples are considered equivalent, and the order of
 their elements does not matter.
 """
-if pytest.config.getoption("pretty_print"):  # pylint: disable=no-member
+try:
+pretty_print = pytest.config.getoption("pretty_print")  # pylint: disable=no-member
+except AttributeError:
+pretty_print = False
+
+if pretty_print:
 expected_str = struct_to_string(expected, EXPECTED_LEN)
 got_str = struct_to_string(got, GOT_LEN)
 else:
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#148][comment] Unaccessible variable self.attrs in Tracker

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/148
Title: #148: Unaccessible variable self.attrs in Tracker

apophys commented:
"""
NACK, comments inline.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/148#issuecomment-252603864
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#123][comment] Tests: Remove silent deleting and creating entries by tracker

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/123
Title: #123: Tests: Remove silent deleting and creating entries by tracker

apophys commented:
"""
Looks good, thanks.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/123#issuecomment-251931803
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#123][+ack] Tests: Remove silent deleting and creating entries by tracker

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/123
Title: #123: Tests: Remove silent deleting and creating entries by tracker

Label: +ack
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#73][comment] Tests for certificates with SAN

[apophys]

  URL: https://github.com/freeipa/freeipa/pull/73
Title: #73: Tests for certificates with SAN

apophys commented:
"""
I have fixed typos and implemented the proposed test cases. I have also 
provided docstring to the change_principal context manager.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/73#issuecomment-250461484
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#73][synchronized] Tests for certificates with SAN

[apophys]

   URL: https://github.com/freeipa/freeipa/pull/73
Author: apophys
 Title: #73: Tests for certificates with SAN
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/73/head:pr73
git checkout pr73
From 7ef1437d1edca904ef6528ca3b9571e35351b8ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com>
Date: Mon, 12 Sep 2016 14:52:05 +0200
Subject: [PATCH 1/3] ipatests: provide context manager for keytab usage in RPC
 tests

https://fedorahosted.org/freeipa/ticket/6366
---
 ipatests/util.py | 72 
 1 file changed, 67 insertions(+), 5 deletions(-)

diff --git a/ipatests/util.py b/ipatests/util.py
index 0b50f85..aed5cc5 100644
--- a/ipatests/util.py
+++ b/ipatests/util.py
@@ -40,7 +40,9 @@
 from ipalib.plugable import Plugin
 from ipalib.request import context
 from ipapython.dn import DN
-from ipapython.ipautil import private_ccache, kinit_password, run
+from ipapython.ipautil import (
+private_ccache, kinit_password, kinit_keytab, run
+)
 from ipaplatform.paths import paths
 
 if six.PY3:
@@ -693,8 +695,28 @@ def unlock_principal_password(user, oldpw, newpw):
 
 
 @contextmanager
-def change_principal(user, password, client=None, path=None,
- canonicalize=False, enterprise=False):
+def change_principal(principal, password=None, client=None, path=None,
+ canonicalize=False, enterprise=False, keytab=None):
+"""Temporarily change the kerberos principal
+
+Most of the test cases run with the admin ipa user which is granted
+all access and exceptions from rules on some occasions.
+
+When the test needs to test for an application of some kind
+of a restriction it needs to authenticate as a different principal
+with required set of rights to the operation.
+
+The context manager changes the principal identity in two ways:
+
+* using password
+* using keytab
+
+If the context manager is to be used with a keytab, the keytab
+option must be its absolute path.
+
+The context manager can be used to authenticate with enterprise
+principals and aliases when given respective options.
+"""
 
 if path:
 ccache_name = path
@@ -709,8 +731,12 @@ def change_principal(user, password, client=None, path=None,
 
 try:
 with private_ccache(ccache_name):
-kinit_password(user, password, ccache_name,
-   canonicalize=canonicalize, enterprise=enterprise)
+if keytab:
+kinit_keytab(principal, keytab, ccache_name)
+else:
+kinit_password(principal, password, ccache_name,
+   canonicalize=canonicalize,
+   enterprise=enterprise)
 client.Backend.rpcclient.connect()
 
 try:
@@ -720,6 +746,42 @@ def change_principal(user, password, client=None, path=None,
 finally:
 client.Backend.rpcclient.connect()
 
+
+@contextmanager
+def get_entity_keytab(principal, options=None):
+"""Requests a keytab for an entity
+
+The keytab will generate new keys if not specified
+otherwise in the options.
+To retrieve existing keytab, use the -r option
+"""
+keytab_filename = os.path.join('/tmp', str(uuid.uuid4()))
+
+try:
+cmd = [paths.IPA_GETKEYTAB, '-p', principal, '-k', keytab_filename]
+
+if options:
+cmd.extend(options)
+run(cmd)
+
+yield keytab_filename
+finally:
+os.remove(keytab_filename)
+
+
+@contextmanager
+def host_keytab(hostname, options=None):
+"""Retrieves keytab for a particular host
+
+After leaving the context manager, the keytab file is
+deleted.
+"""
+principal = u'host/{}'.format(hostname)
+
+with get_entity_keytab(principal, options) as keytab:
+yield keytab
+
+
 def get_group_dn(cn):
 return DN(('cn', cn), api.env.container_group, api.env.basedn)
 

From 0b39203678b709da375740f9e78349f3903c8035 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com>
Date: Mon, 12 Sep 2016 14:53:48 +0200
Subject: [PATCH 2/3] ipatests: Fix name property on a service tracker

https://fedorahosted.org/freeipa/ticket/6366
---
 ipatests/test_xmlrpc/tracker/service_plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipatests/test_xmlrpc/tracker/service_plugin.py b/ipatests/test_xmlrpc/tracker/service_plugin.py
index a0bb884..0a90115 100644
--- a/ipatests/test_xmlrpc/tracker/service_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/service_plugin.py
@@ -52,7 +52,7 @@ class ServiceTracker(KerberosAliasMixin, Tracker):
 
 def __init__(self, name, host_fqdn, options=None):
 super(ServiceTracker, self).__init__(default_version=None)

[Freeipa-devel] [freeipa PR#73][synchronized] Tests for certificates with SAN

[apophys]

   URL: https://github.com/freeipa/freeipa/pull/73
Author: apophys
 Title: #73: Tests for certificates with SAN
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/73/head:pr73
git checkout pr73
From 2159887dc5d01d3cf578d45825163e1add52e8a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com>
Date: Mon, 12 Sep 2016 14:52:05 +0200
Subject: [PATCH 1/5] ipatests: provide context manager for keytab usage in RPC
 tests

https://fedorahosted.org/freeipa/ticket/6291
---
 ipatests/util.py | 52 +++-
 1 file changed, 47 insertions(+), 5 deletions(-)

diff --git a/ipatests/util.py b/ipatests/util.py
index 0b50f85..48a0faf 100644
--- a/ipatests/util.py
+++ b/ipatests/util.py
@@ -40,7 +40,9 @@
 from ipalib.plugable import Plugin
 from ipalib.request import context
 from ipapython.dn import DN
-from ipapython.ipautil import private_ccache, kinit_password, run
+from ipapython.ipautil import (
+private_ccache, kinit_password, kinit_keytab, run
+)
 from ipaplatform.paths import paths
 
 if six.PY3:
@@ -693,8 +695,8 @@ def unlock_principal_password(user, oldpw, newpw):
 
 
 @contextmanager
-def change_principal(user, password, client=None, path=None,
- canonicalize=False, enterprise=False):
+def change_principal(principal, password=None, client=None, path=None,
+ canonicalize=False, enterprise=False, keytab=None):
 
 if path:
 ccache_name = path
@@ -709,8 +711,12 @@ def change_principal(user, password, client=None, path=None,
 
 try:
 with private_ccache(ccache_name):
-kinit_password(user, password, ccache_name,
-   canonicalize=canonicalize, enterprise=enterprise)
+if keytab:
+kinit_keytab(principal, keytab, ccache_name)
+else:
+kinit_password(principal, password, ccache_name,
+   canonicalize=canonicalize,
+   enterprise=enterprise)
 client.Backend.rpcclient.connect()
 
 try:
@@ -720,6 +726,42 @@ def change_principal(user, password, client=None, path=None,
 finally:
 client.Backend.rpcclient.connect()
 
+
+@contextmanager
+def get_entity_keytab(principal, options=None):
+"""Requests a keytab for an entity
+
+The keytab will generate new keys if not specified
+otherwise in the options.
+To retrieve existing keytab, use the -r option
+"""
+keytab_filename = os.path.join('/tmp', str(uuid.uuid4()))
+
+try:
+cmd = [paths.IPA_GETKEYTAB, '-p', principal, '-k', keytab_filename]
+
+if options:
+cmd.extend(options)
+run(cmd)
+
+yield keytab_filename
+finally:
+os.remove(keytab_filename)
+
+
+@contextmanager
+def host_keytab(hostname, options=None):
+"""Retrieves keytab for a particular host
+
+After leaving the context manager, the keytab file is
+deleted.
+"""
+principal = u'host/{}'.format(hostname)
+
+with get_entity_keytab(principal, options) as keytab:
+yield keytab
+
+
 def get_group_dn(cn):
 return DN(('cn', cn), api.env.container_group, api.env.basedn)
 

From 9ed0d71a133fdd0d888f0b588a8e56e67b12e774 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com>
Date: Mon, 12 Sep 2016 14:53:48 +0200
Subject: [PATCH 2/5] ipatests: Fix name property on a service tracker

https://fedorahosted.org/freeipa/ticket/6291
---
 ipatests/test_xmlrpc/tracker/service_plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipatests/test_xmlrpc/tracker/service_plugin.py b/ipatests/test_xmlrpc/tracker/service_plugin.py
index a0bb884..0a90115 100644
--- a/ipatests/test_xmlrpc/tracker/service_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/service_plugin.py
@@ -52,7 +52,7 @@ class ServiceTracker(KerberosAliasMixin, Tracker):
 
 def __init__(self, name, host_fqdn, options=None):
 super(ServiceTracker, self).__init__(default_version=None)
-self._name = "{0}/{1}@{2}".format(name, host_fqdn, api.env.realm)
+self._name = u"{0}/{1}@{2}".format(name, host_fqdn, api.env.realm)
 self.dn = DN(
 ('krbprincipalname', self.name), api.env.container_service,
 api.env.basedn)

From 2d75883302db07061f8062751aae392ece23bcf9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com>
Date: Mon, 12 Sep 2016 14:54:40 +0200
Subject: [PATCH 3/5] ipatests: Implement tests with CSRs requesting SAN

The patch implements several test cases testing the enforcement
of CA ACLs on certificate requests with subject alternative names.

https://fedorahosted.org/freeipa/ticket/6291
---
 freeipa.spec.in  

[Freeipa-devel] [freeipa PR#73][synchronized] Tests for certificates with SAN

[apophys]

   URL: https://github.com/freeipa/freeipa/pull/73
Author: apophys
 Title: #73: Tests for certificates with SAN
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/73/head:pr73
git checkout pr73
From 909ab9fa6405acb346162508729cda8b56e08f9e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com>
Date: Mon, 12 Sep 2016 14:52:05 +0200
Subject: [PATCH 1/5] ipatests: provide context manager for keytab usage in RPC
 tests

https://fedorahosted.org/freeipa/ticket/6291
---
 ipatests/util.py | 52 +++-
 1 file changed, 47 insertions(+), 5 deletions(-)

diff --git a/ipatests/util.py b/ipatests/util.py
index 8878993..4c1a77a 100644
--- a/ipatests/util.py
+++ b/ipatests/util.py
@@ -40,7 +40,9 @@
 from ipalib.plugable import Plugin
 from ipalib.request import context
 from ipapython.dn import DN
-from ipapython.ipautil import private_ccache, kinit_password, run
+from ipapython.ipautil import (
+private_ccache, kinit_password, kinit_keytab, run
+)
 from ipaplatform.paths import paths
 
 if six.PY3:
@@ -693,8 +695,8 @@ def unlock_principal_password(user, oldpw, newpw):
 
 
 @contextmanager
-def change_principal(user, password, client=None, path=None,
- canonicalize=False, enterprise=False):
+def change_principal(principal, password=None, client=None, path=None,
+ canonicalize=False, enterprise=False, keytab=None):
 
 if path:
 ccache_name = path
@@ -709,8 +711,12 @@ def change_principal(user, password, client=None, path=None,
 
 try:
 with private_ccache(ccache_name):
-kinit_password(user, password, ccache_name,
-   canonicalize=canonicalize, enterprise=enterprise)
+if keytab:
+kinit_keytab(principal, keytab, ccache_name)
+else:
+kinit_password(principal, password, ccache_name,
+   canonicalize=canonicalize,
+   enterprise=enterprise)
 client.Backend.rpcclient.connect()
 
 try:
@@ -720,6 +726,42 @@ def change_principal(user, password, client=None, path=None,
 finally:
 client.Backend.rpcclient.connect()
 
+
+@contextmanager
+def get_entity_keytab(principal, options=None):
+"""Requests a keytab for an entity
+
+The keytab will generate new keys if not specified
+otherwise in the options.
+To retrieve existing keytab, use the -r option
+"""
+keytab_filename = os.path.join('/tmp', str(uuid.uuid4()))
+
+try:
+cmd = [paths.IPA_GETKEYTAB, '-p', principal, '-k', keytab_filename]
+
+if options:
+cmd.extend(options)
+run(cmd)
+
+yield keytab_filename
+finally:
+os.remove(keytab_filename)
+
+
+@contextmanager
+def host_keytab(hostname, options=None):
+"""Retrieves keytab for a particular host
+
+After leaving the context manager, the keytab file is
+deleted.
+"""
+principal = u'host/{}'.format(hostname)
+
+with get_entity_keytab(principal, options) as keytab:
+yield keytab
+
+
 def get_group_dn(cn):
 return DN(('cn', cn), api.env.container_group, api.env.basedn)
 

From 7b962b358198559966f0f750edd9210a140b57c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com>
Date: Mon, 12 Sep 2016 14:53:48 +0200
Subject: [PATCH 2/5] ipatests: Fix name property on a service tracker

https://fedorahosted.org/freeipa/ticket/6291
---
 ipatests/test_xmlrpc/tracker/service_plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipatests/test_xmlrpc/tracker/service_plugin.py b/ipatests/test_xmlrpc/tracker/service_plugin.py
index a0bb884..0a90115 100644
--- a/ipatests/test_xmlrpc/tracker/service_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/service_plugin.py
@@ -52,7 +52,7 @@ class ServiceTracker(KerberosAliasMixin, Tracker):
 
 def __init__(self, name, host_fqdn, options=None):
 super(ServiceTracker, self).__init__(default_version=None)
-self._name = "{0}/{1}@{2}".format(name, host_fqdn, api.env.realm)
+self._name = u"{0}/{1}@{2}".format(name, host_fqdn, api.env.realm)
 self.dn = DN(
 ('krbprincipalname', self.name), api.env.container_service,
 api.env.basedn)

From 941b2f8e7b0661837d6fb10bfd9a4d26c45158e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= <mku...@redhat.com>
Date: Mon, 12 Sep 2016 14:54:40 +0200
Subject: [PATCH 3/5] ipatests: Implement tests with CSRs requesting SAN

The patch implements several test cases testing the enforcement
of CA ACLs on certificate requests with subject alternative names.

https://fedorahosted.org/freeipa/ticket/6291
---
 freeipa.spec.in  

[Freeipa-devel] [freeipa PR#73] Tests for certificates with SAN (opened)

[apophys]

apophys's pull request #73: "Tests for certificates with SAN" was opened

PR body:
"""
Commits include several new test cases for CA ACLs and cert request for CSRs 
containing subject alternative name extension.

Also included minor fixes in used tracker and couple of new context managers 
used in the test cases.
"""

See the full pull-request at https://github.com/freeipa/freeipa/pull/73
... or pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/73/head:pr73
git checkout pr73
From c76d81a83e723634558bc1d8d3b0c8923414ff7a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= 
Date: Mon, 12 Sep 2016 14:52:05 +0200
Subject: [PATCH 1/3] ipatests: provide context manager for keytab usage in RPC
 tests

https://fedorahosted.org/freeipa/ticket/6291
---
 ipatests/util.py | 52 +++-
 1 file changed, 47 insertions(+), 5 deletions(-)

diff --git a/ipatests/util.py b/ipatests/util.py
index 8878993..4c1a77a 100644
--- a/ipatests/util.py
+++ b/ipatests/util.py
@@ -40,7 +40,9 @@
 from ipalib.plugable import Plugin
 from ipalib.request import context
 from ipapython.dn import DN
-from ipapython.ipautil import private_ccache, kinit_password, run
+from ipapython.ipautil import (
+private_ccache, kinit_password, kinit_keytab, run
+)
 from ipaplatform.paths import paths
 
 if six.PY3:
@@ -693,8 +695,8 @@ def unlock_principal_password(user, oldpw, newpw):
 
 
 @contextmanager
-def change_principal(user, password, client=None, path=None,
- canonicalize=False, enterprise=False):
+def change_principal(principal, password=None, client=None, path=None,
+ canonicalize=False, enterprise=False, keytab=None):
 
 if path:
 ccache_name = path
@@ -709,8 +711,12 @@ def change_principal(user, password, client=None, path=None,
 
 try:
 with private_ccache(ccache_name):
-kinit_password(user, password, ccache_name,
-   canonicalize=canonicalize, enterprise=enterprise)
+if keytab:
+kinit_keytab(principal, keytab, ccache_name)
+else:
+kinit_password(principal, password, ccache_name,
+   canonicalize=canonicalize,
+   enterprise=enterprise)
 client.Backend.rpcclient.connect()
 
 try:
@@ -720,6 +726,42 @@ def change_principal(user, password, client=None, path=None,
 finally:
 client.Backend.rpcclient.connect()
 
+
+@contextmanager
+def get_entity_keytab(principal, options=None):
+"""Requests a keytab for an entity
+
+The keytab will generate new keys if not specified
+otherwise in the options.
+To retrieve existing keytab, use the -r option
+"""
+keytab_filename = os.path.join('/tmp', str(uuid.uuid4()))
+
+try:
+cmd = [paths.IPA_GETKEYTAB, '-p', principal, '-k', keytab_filename]
+
+if options:
+cmd.extend(options)
+run(cmd)
+
+yield keytab_filename
+finally:
+os.remove(keytab_filename)
+
+
+@contextmanager
+def host_keytab(hostname, options=None):
+"""Retrieves keytab for a particular host
+
+After leaving the context manager, the keytab file is
+deleted.
+"""
+principal = u'host/{}'.format(hostname)
+
+with get_entity_keytab(principal, options) as keytab:
+yield keytab
+
+
 def get_group_dn(cn):
 return DN(('cn', cn), api.env.container_group, api.env.basedn)
 

From 98c89a239b4b16a1be67aac72ac1b556900f46c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= 
Date: Mon, 12 Sep 2016 14:53:48 +0200
Subject: [PATCH 2/3] ipatests: Fix name property on a service tracker

https://fedorahosted.org/freeipa/ticket/6291
---
 ipatests/test_xmlrpc/tracker/service_plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipatests/test_xmlrpc/tracker/service_plugin.py b/ipatests/test_xmlrpc/tracker/service_plugin.py
index fe34390..8a52446 100644
--- a/ipatests/test_xmlrpc/tracker/service_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/service_plugin.py
@@ -52,7 +52,7 @@ class ServiceTracker(KerberosAliasMixin, Tracker):
 
 def __init__(self, name, host_fqdn, options=None):
 super(ServiceTracker, self).__init__(default_version=None)
-self._name = "{0}/{1}@{2}".format(name, host_fqdn, api.env.realm)
+self._name = u"{0}/{1}@{2}".format(name, host_fqdn, api.env.realm)
 self.dn = DN(
 ('krbprincipalname', self.name), api.env.container_service,
 api.env.basedn)

From 89be52d2cf3db8b978429607d0d730a32898f047 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20Kub=C3=ADk?= 
Date: Mon, 12 Sep 2016 14:54:40 +0200
Subject: [PATCH 3/3] ipatests: Implement tests with CSRs requesting SAN

The patch implements several test cases testing the enforcement
of CA 

[Freeipa-devel] [freeipa PR#38] Removed incorrect check for returncode (comment)

[apophys]

apophys commented on a pull request

"""
Can you please rewrite the commit message in second commit to something 
meaningful? 
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/38#issuecomment-243400759
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code