[Freeipa-devel] [freeipa PR#6145][closed] [Backport][ipa-4-9][manual] ipatests: Added test automation for SHA384withRSA CSR support
URL: https://github.com/freeipa/freeipa/pull/6145 Author: ssidhaye Title: #6145: [Backport][ipa-4-9][manual] ipatests: Added test automation for SHA384withRSA CSR support Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6145/head:pr6145 git checkout pr6145 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6146][closed] [Backport][ipa-4-9] Remove deprecation warning when installing a CA replica
URL: https://github.com/freeipa/freeipa/pull/6146 Author: flo-renaud Title: #6146: [Backport][ipa-4-9] Remove deprecation warning when installing a CA replica Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6146/head:pr6146 git checkout pr6146 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6146][opened] [Backport][ipa-4-9] Remove deprecation warning when installing a CA replica
URL: https://github.com/freeipa/freeipa/pull/6146 Author: flo-renaud Title: #6146: [Backport][ipa-4-9] Remove deprecation warning when installing a CA replica Action: opened PR body: """ This PR was opened automatically because PR #6122 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6146/head:pr6146 git checkout pr6146 From 52d4547eb079678b763fb1dcd4d692e2b8048892 Mon Sep 17 00:00:00 2001 From: jh23453 Date: Thu, 9 Dec 2021 12:58:17 +0100 Subject: [PATCH] Remove deprecation warning when installing a CA replica I got the following message when installing a replica with CA: 2021-11-22T21:15:35Z DEBUG [5/30]: configuring certificate server instance ... WARNING: The 'pki_ssl_server_token' in [CA] has been deprecated. Use 'pki_sslserver_token' instead. Installation log: /var/log/pki/pki-ca-spawn.2021111535.log Installing CA into /var/lib/pki/pki-tomcat. With the following change the message no longer appears when installing a replica. This commit fixes the firt (and simple) part of https://pagure.io/freeipa/issue/9056 Signed-off-by: Jochen Kellner --- install/share/ipaca_default.ini | 1 - 1 file changed, 1 deletion(-) diff --git a/install/share/ipaca_default.ini b/install/share/ipaca_default.ini index 3a3dfd0c9b8..082f507b2de 100644 --- a/install/share/ipaca_default.ini +++ b/install/share/ipaca_default.ini @@ -81,7 +81,6 @@ pki_skip_installation=False pki_skip_sd_verify=False pki_sslserver_token=internal -pki_ssl_server_token=%(pki_sslserver_token)s pki_sslserver_nickname=Server-Cert cert-pki-ca pki_sslserver_subject_dn=cn=%(ipa_fqdn)s,%(ipa_subject_base)s ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6122][closed] Remove deprecation warning when installing a CA replica
URL: https://github.com/freeipa/freeipa/pull/6122 Author: jh23453 Title: #6122: Remove deprecation warning when installing a CA replica Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6122/head:pr6122 git checkout pr6122 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6144][closed] [Backport][ipa-4-9] ipatests: webui: Use YAML SafeLoader
URL: https://github.com/freeipa/freeipa/pull/6144 Author: rcritten Title: #6144: [Backport][ipa-4-9] ipatests: webui: Use YAML SafeLoader Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6144/head:pr6144 git checkout pr6144 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6130][closed] Added test automation for SHA384withRSA CSR support
URL: https://github.com/freeipa/freeipa/pull/6130 Author: ssidhaye Title: #6130: Added test automation for SHA384withRSA CSR support Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6130/head:pr6130 git checkout pr6130 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6143][closed] [Backport][ipa-4-9] Config plugin: return EmptyModlist when no change is applied
URL: https://github.com/freeipa/freeipa/pull/6143 Author: rcritten Title: #6143: [Backport][ipa-4-9] Config plugin: return EmptyModlist when no change is applied Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6143/head:pr6143 git checkout pr6143 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6142][closed] [Backport][ipa-4-9] automember default group: remove --desc parameter
URL: https://github.com/freeipa/freeipa/pull/6142 Author: rcritten Title: #6142: [Backport][ipa-4-9] automember default group: remove --desc parameter Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6142/head:pr6142 git checkout pr6142 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6141][opened] ipatests: fix expected automount config in nsswitch.conf
URL: https://github.com/freeipa/freeipa/pull/6141 Author: flo-renaud Title: #6141: ipatests: fix expected automount config in nsswitch.conf Action: opened PR body: """ The test TestIpaClientAutomountFileRestore expects a specific order for the automount sources to query in /etc/nsswitch.conf. With authselect update 1.3.0, the databases are sorted in order of likelihood and the following line in seen: automount: files sss instead of automount: sss files Since the test doesn't care about the order but rather about the list of sources, ignore the order. Fixes: https://pagure.io/freeipa/issue/9067 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6141/head:pr6141 git checkout pr6141 From 0cbb05128b8686aea70fa4f9e12fcb3d2a4e Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Thu, 13 Jan 2022 14:38:27 +0100 Subject: [PATCH 1/2] ipatests: fix expected automount config in nsswitch.conf The test TestIpaClientAutomountFileRestore expects a specific order for the automount sources to query in /etc/nsswitch.conf. With authselect update 1.3.0, the databases are sorted in order of likelihood and the following line in seen: automount: files sss instead of automount: sss files Since the test doesn't care about the order but rather about the list of sources, ignore the order. Fixes: https://pagure.io/freeipa/issue/9067 Signed-off-by: Florence Blanc-Renaud --- ipatests/test_integration/test_nfs.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ipatests/test_integration/test_nfs.py b/ipatests/test_integration/test_nfs.py index dc53a6da9ee..9109a72db5c 100644 --- a/ipatests/test_integration/test_nfs.py +++ b/ipatests/test_integration/test_nfs.py @@ -323,7 +323,9 @@ def nsswitch_backup_restore( if no_sssd: assert after_ipa_client_automount == ['files', 'ldap'] else: -assert after_ipa_client_automount == ['sss', 'files'] +# The default order depends on the authselect version +# but we only care about the list of sources, not their order +assert sorted(after_ipa_client_automount) == ['files', 'sss'] cmd = self.clients[0].run_command(grep_automount_command) assert cmd.stdout_text.split() == after_ipa_client_automount From 14b50958aaab5875367eeed6fd9333a781aea429 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Thu, 13 Jan 2022 16:07:26 +0100 Subject: [PATCH 2/2] Temp commit --- ipatests/prci_definitions/temp_commit.yaml | 33 -- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml index 31935bf044a..725d576e383 100644 --- a/ipatests/prci_definitions/temp_commit.yaml +++ b/ipatests/prci_definitions/temp_commit.yaml @@ -61,14 +61,41 @@ jobs: timeout: 1800 topology: *build - fedora-latest/temp_commit: + fedora-latest/nfs_nsswitch_restore: requires: [fedora-latest/build] priority: 50 job: class: RunPytest args: build_url: '{fedora-latest/build_url}' -test_suite: test_integration/test_REPLACEME.py +test_suite: test_integration/test_nfs.py::TestIpaClientAutomountFileRestore::test_nsswitch_backup_restore_sssd template: *ci-master-latest timeout: 3600 -topology: *master_1repl_1client +topology: *master_3client + + fedora-rawhide/build: +requires: [] +priority: 100 +job: + class: Build + args: +git_repo: '{git_repo}' +git_refspec: '{git_refspec}' +template: + name: freeipa/ci-master-frawhide + version: 0.5.2 +timeout: 1800 +topology: *build + + fedora-rawhide/nfs_nsswitch_restore: +requires: [fedora-rawhide/build] +priority: 50 +job: + class: RunPytest + args: +build_url: '{fedora-rawhide/build_url}' +update_packages: True +test_suite: test_integration/test_nfs.py::TestIpaClientAutomountFileRestore::test_nsswitch_backup_restore_sssd +template: *ci-master-frawhide +timeout: 9000 +topology: *master_3client ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6137][closed] [Backport][ipa-4-9][Manual] web-ui tests for subordinate ids
URL: https://github.com/freeipa/freeipa/pull/6137 Author: miskopo Title: #6137: [Backport][ipa-4-9][Manual] web-ui tests for subordinate ids Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6137/head:pr6137 git checkout pr6137 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6139][closed] [ipa-4-9] ipatests: update images for f34 and f35
URL: https://github.com/freeipa/freeipa/pull/6139 Author: flo-renaud Title: #6139: [ipa-4-9] ipatests: update images for f34 and f35 Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6139/head:pr6139 git checkout pr6139 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6138][closed] ipatests: update images for f34 and f35
URL: https://github.com/freeipa/freeipa/pull/6138 Author: flo-renaud Title: #6138: ipatests: update images for f34 and f35 Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6138/head:pr6138 git checkout pr6138 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6138][opened] ipatests: update images for f34 and f35
URL: https://github.com/freeipa/freeipa/pull/6138 Author: flo-renaud Title: #6138: ipatests: update images for f34 and f35 Action: opened PR body: """ New versions of pki-server fix the following issues: Fixes: https://pagure.io/freeipa/issue/9024 Fixes: https://pagure.io/freeipa/issue/8865 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6138/head:pr6138 git checkout pr6138 From 1a64745e07ca8f404d9f67bb1749c9d7483de4c7 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Wed, 12 Jan 2022 16:42:14 +0100 Subject: [PATCH 1/2] ipatests: update images for f34 and f35 New versions of pki-server fix the following issues: Fixes: https://pagure.io/freeipa/issue/9024 Fixes: https://pagure.io/freeipa/issue/8865 Signed-off-by: Florence Blanc-Renaud --- ipatests/prci_definitions/gating.yaml | 2 +- ipatests/prci_definitions/nightly_latest.yaml | 2 +- ipatests/prci_definitions/nightly_latest_selinux.yaml | 2 +- ipatests/prci_definitions/nightly_previous.yaml | 2 +- ipatests/prci_definitions/temp_commit.yaml| 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ipatests/prci_definitions/gating.yaml b/ipatests/prci_definitions/gating.yaml index 515ddf5b5be..2a5b4f8d6db 100644 --- a/ipatests/prci_definitions/gating.yaml +++ b/ipatests/prci_definitions/gating.yaml @@ -31,7 +31,7 @@ jobs: git_refspec: '{git_refspec}' template: name: freeipa/ci-master-f35 - version: 0.0.2 + version: 0.0.3 timeout: 1800 topology: *build diff --git a/ipatests/prci_definitions/nightly_latest.yaml b/ipatests/prci_definitions/nightly_latest.yaml index fc78b0c52ce..519b1e05bb5 100644 --- a/ipatests/prci_definitions/nightly_latest.yaml +++ b/ipatests/prci_definitions/nightly_latest.yaml @@ -51,7 +51,7 @@ jobs: git_refspec: '{git_refspec}' template: name: freeipa/ci-master-f35 - version: 0.0.2 + version: 0.0.3 timeout: 1800 topology: *build diff --git a/ipatests/prci_definitions/nightly_latest_selinux.yaml b/ipatests/prci_definitions/nightly_latest_selinux.yaml index 282501be986..81a508b67fc 100644 --- a/ipatests/prci_definitions/nightly_latest_selinux.yaml +++ b/ipatests/prci_definitions/nightly_latest_selinux.yaml @@ -51,7 +51,7 @@ jobs: git_refspec: '{git_refspec}' template: name: freeipa/ci-master-f35 - version: 0.0.2 + version: 0.0.3 timeout: 1800 topology: *build diff --git a/ipatests/prci_definitions/nightly_previous.yaml b/ipatests/prci_definitions/nightly_previous.yaml index 826eb8609af..b8b24f5d5a5 100644 --- a/ipatests/prci_definitions/nightly_previous.yaml +++ b/ipatests/prci_definitions/nightly_previous.yaml @@ -51,7 +51,7 @@ jobs: git_refspec: '{git_refspec}' template: name: freeipa/ci-master-f34 - version: 0.0.7 + version: 0.0.8 timeout: 1800 topology: *build diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml index 31935bf044a..23e34da30a4 100644 --- a/ipatests/prci_definitions/temp_commit.yaml +++ b/ipatests/prci_definitions/temp_commit.yaml @@ -57,7 +57,7 @@ jobs: git_refspec: '{git_refspec}' template: name: freeipa/ci-master-f35 - version: 0.0.2 + version: 0.0.3 timeout: 1800 topology: *build From b11c3cf222bc1e5d13dd793c13c6d5477d8bf3ea Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Wed, 12 Jan 2022 16:53:29 +0100 Subject: [PATCH 2/2] Temp commit --- .freeipa-pr-ci.yaml| 2 +- ipatests/prci_definitions/temp_commit.yaml | 56 -- 2 files changed, 54 insertions(+), 4 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index abcf8c5b634..80656690080 12 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -1 +1 @@ -ipatests/prci_definitions/gating.yaml \ No newline at end of file +ipatests/prci_definitions/temp_commit.yaml \ No newline at end of file diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml index 23e34da30a4..9e0d93112a7 100644 --- a/ipatests/prci_definitions/temp_commit.yaml +++ b/ipatests/prci_definitions/temp_commit.yaml @@ -61,14 +61,64 @@ jobs: timeout: 1800 topology: *build - fedora-latest/temp_commit: + fedora-latest/test_server_del: requires: [fedora-latest/build] priority: 50 job: class: RunPytest args: build_url: '{fedora-latest/build_url}' -test_suite: test_integration/test_REPLACEME.py +test_suite: test_integration/test_server_del.py template: *ci-master-latest -timeout: 3600 +timeout: 10800 +topology: *master_2repl_1client + +
[Freeipa-devel] [freeipa PR#6136][closed] [Backport][ipa-4-9] ipatests: Test cases for ipa-replica-conncheck command
URL: https://github.com/freeipa/freeipa/pull/6136 Author: flo-renaud Title: #6136: [Backport][ipa-4-9] ipatests: Test cases for ipa-replica-conncheck command Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6136/head:pr6136 git checkout pr6136 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6136][opened] [Backport][ipa-4-9] ipatests: Test cases for ipa-replica-conncheck command
URL: https://github.com/freeipa/freeipa/pull/6136 Author: flo-renaud Title: #6136: [Backport][ipa-4-9] ipatests: Test cases for ipa-replica-conncheck command Action: opened PR body: """ This PR was opened automatically because PR #6092 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6136/head:pr6136 git checkout pr6136 From e9bffcdb9ee722af35725c23704441adc9120e3f Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Date: Thu, 18 Nov 2021 18:36:58 +0530 Subject: [PATCH 1/2] Test cases for ipa-replica-conncheck command Following test cases would be checked: - when called with --principal (it should then prompt for a password) - when called with --principal / --password - when called without principal and password but with a kerberos TGT, kinit admin done before calling ipa-replica-conncheck - when called without principal and password, and without any kerberos TGT (it should default to principal=admin and prompt for a password) related: https://pagure.io/freeipa/issue/9047 Signed-off-by: Mohammad Rizwan --- .../test_replica_promotion.py | 70 +++ 1 file changed, 70 insertions(+) diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index b9c56f775d0..1a4e9bc121a 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -437,6 +437,76 @@ def test_renewal_master_with_csreplica_manage(self): self.assertCARenewalMaster(master, replica.hostname) self.assertCARenewalMaster(replica, replica.hostname) +def test_replica_concheck(self): +"""Test cases for ipa-replica-conncheck command + +Following test cases would be checked: +- when called with --principal (it should then prompt for a password) +- when called with --principal / --password +- when called without principal and password but with a kerberos TGT, + kinit admin done before calling ipa-replica-conncheck +- when called without principal and password, and without any kerberos + TGT (it should default to principal=admin and prompt for a password) + + related: https://pagure.io/freeipa/issue/9047 +""" +exp_str1 = "Connection from replica to master is OK." +exp_str2 = "Connection from master to replica is OK" +tasks.kdestroy_all(self.replicas[0]) +# when called with --principal (it should then prompt for a password) +result = self.replicas[0].run_command( +['ipa-replica-conncheck', '--auto-master-check', + '--master', self.master.hostname, + '-r', self.replicas[0].domain.realm, + '-p', self.replicas[0].config.admin_name], +stdin_text=self.master.config.admin_password +) +assert result.returncode == 0 +assert ( +exp_str1 in result.stderr_text and exp_str2 in result.stderr_text +) + +# when called with --principal / --password +result = self.replicas[0].run_command([ +'ipa-replica-conncheck', '--auto-master-check', +'--master', self.master.hostname, +'-r', self.replicas[0].domain.realm, +'-p', self.replicas[0].config.admin_name, +'-w', self.master.config.admin_password +]) +assert result.returncode == 0 +assert ( +exp_str1 in result.stderr_text and exp_str2 in result.stderr_text +) + +# when called without principal and password, and without +# any kerberos TGT, it should default to principal=admin +# and prompt for a password +result = self.replicas[0].run_command( +['ipa-replica-conncheck', '--auto-master-check', + '--master', self.master.hostname, + '-r', self.replicas[0].domain.realm], +stdin_text=self.master.config.admin_password +) +assert result.returncode == 0 +assert ( +exp_str1 in result.stderr_text and exp_str2 in result.stderr_text +) + +# when called without principal and password but with a kerberos TGT, +# kinit admin done before calling ipa-replica-conncheck +tasks.kinit_admin(self.replicas[0]) +result = self.replicas[0].run_command( +['ipa-replica-conncheck', '--auto-master-check', + '--master', self.master.hostname, + '-r', self.replicas[0].domain.realm] +) +assert result.returncode == 0 +assert ( +exp_str1 in result.stderr_text and exp_str2 in result.stderr_text +) +tasks.kdestroy_all(self.replicas[0]) + def test_automatic_renewal_master_transfer_ondelete(self): # Test that after replica uninstallation, master overtakes the
[Freeipa-devel] [freeipa PR#6092][closed] ipatests: Test cases for ipa-replica-conncheck command
URL: https://github.com/freeipa/freeipa/pull/6092 Author: mrizwan93 Title: #6092: ipatests: Test cases for ipa-replica-conncheck command Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6092/head:pr6092 git checkout pr6092 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6135][closed] [Backport][ipa-4-9] Support building against OpenLDAP 2.6+
URL: https://github.com/freeipa/freeipa/pull/6135 Author: rcritten Title: #6135: [Backport][ipa-4-9] Support building against OpenLDAP 2.6+ Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6135/head:pr6135 git checkout pr6135 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6129][opened] automember default group: remove --desc parameter
URL: https://github.com/freeipa/freeipa/pull/6129 Author: flo-renaud Title: #6129: automember default group: remove --desc parameter Action: opened PR body: """ The automember-default-group commands inherit from the automember commands but should not provide the --desc parameter. Remove 'description' from the list of parameters. Fixes: https://pagure.io/freeipa/issue/9068 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6129/head:pr6129 git checkout pr6129 From 013fea39a9e6d8eed5e6a2fba37b5166cdc4421d Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Mon, 3 Jan 2022 09:28:13 +0100 Subject: [PATCH] automember default group: remove --desc parameter The automember-default-group commands inherit from the automember commands but should not provide the --desc parameter. Remove 'description' from the list of parameters. Fixes: https://pagure.io/freeipa/issue/9068 --- API.txt | 6 ++ ipaserver/plugins/automember.py | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/API.txt b/API.txt index b43e4a5077f..ac9572c5a40 100644 --- a/API.txt +++ b/API.txt @@ -136,9 +136,8 @@ output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: automember_default_group_remove/1 -args: 0,5,3 +args: 0,4,3 option: Flag('all', autofill=True, cli_name='all', default=False) -option: Str('description?', autofill=False, cli_name='desc') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('type', values=[u'group', u'hostgroup']) option: Str('version?') @@ -146,10 +145,9 @@ output: Entry('result') output: Output('summary', type=[, ]) output: Output('value', type=[]) command: automember_default_group_set/1 -args: 0,6,3 +args: 0,5,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('automemberdefaultgroup', cli_name='default_group') -option: Str('description?', autofill=False, cli_name='desc') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('type', values=[u'group', u'hostgroup']) option: Str('version?') diff --git a/ipaserver/plugins/automember.py b/ipaserver/plugins/automember.py index d1e681f7e29..04f56cd4bee 100644 --- a/ipaserver/plugins/automember.py +++ b/ipaserver/plugins/automember.py @@ -566,7 +566,7 @@ class automember_default_group(automember): def get_params(self): for param in super(automember_default_group, self).get_params(): -if param.name == 'cn': +if param.name == 'cn' or param.name == 'description': continue yield param ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6128][closed] [Backport][ipa-4-9] ipatests: Test empty cert request doesn't force certmonger to segfault
URL: https://github.com/freeipa/freeipa/pull/6128 Author: flo-renaud Title: #6128: [Backport][ipa-4-9] ipatests: Test empty cert request doesn't force certmonger to segfault Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6128/head:pr6128 git checkout pr6128 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6128][opened] [Backport][ipa-4-9] ipatests: Test empty cert request doesn't force certmonger to segfault
URL: https://github.com/freeipa/freeipa/pull/6128 Author: flo-renaud Title: #6128: [Backport][ipa-4-9] ipatests: Test empty cert request doesn't force certmonger to segfault Action: opened PR body: """ This PR was opened automatically because PR #6107 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6128/head:pr6128 git checkout pr6128 From b42883da9865a0d479eadc77978a0918d320a162 Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Date: Thu, 25 Nov 2021 13:10:05 +0530 Subject: [PATCH] ipatests: Test empty cert request doesn't force certmonger to segfault When empty cert request is submitted to certmonger, it goes to segfault. This fix test that if something like this happens, certmonger should gracefuly handle it and some PEP8 fixes related: https://pagure.io/certmonger/issue/191 Signed-off-by: Mohammad Rizwan --- ipatests/test_integration/test_cert.py | 79 +- 1 file changed, 78 insertions(+), 1 deletion(-) diff --git a/ipatests/test_integration/test_cert.py b/ipatests/test_integration/test_cert.py index 5ffb8c60863..0518d79545f 100644 --- a/ipatests/test_integration/test_cert.py +++ b/ipatests/test_integration/test_cert.py @@ -14,6 +14,7 @@ import re import string import time +import textwrap from ipaplatform.paths import paths from ipapython.dn import DN @@ -193,7 +194,7 @@ def test_multiple_user_certificates(self): tasks.kinit_admin(self.master) tasks.user_add(self.master, user) -for id in (0,1): +for id in (0, 1): csr_file = f'{id}.csr' key_file = f'{id}.key' cert_file = f'{id}.crt' @@ -584,3 +585,79 @@ def test_ca_show_error_handling(self): error_msg = 'ipa: ERROR: The certificate for ' \ '{} is not available on this server.'.format(lwca) assert error_msg in result.stderr_text + +def test_certmonger_empty_cert_not_segfault(self): +"""Test empty cert request doesn't force certmonger to segfault + +Test scenario: +create a cert request file in /var/lib/certmonger/requests which is +missing most of the required information, and ask request a new +certificate to certmonger. The wrong request file should not make +certmonger crash. + +related: https://pagure.io/certmonger/issue/191 +""" +empty_cert_req_content = textwrap.dedent(""" +id=dogtag-ipa-renew-agent +key_type=UNSPECIFIED +key_gen_type=UNSPECIFIED +key_size=0 +key_gen_size=0 +key_next_type=UNSPECIFIED +key_next_gen_type=UNSPECIFIED +key_next_size=0 +key_next_gen_size=0 +key_preserve=0 +key_storage_type=NONE +key_perms=0 +key_requested_count=0 +key_issued_count=0 +cert_storage_type=FILE +cert_perms=0 +cert_is_ca=0 +cert_ca_path_length=0 +cert_no_ocsp_check=0 +last_need_notify_check=1970010100 +last_need_enroll_check=1970010100 +template_is_ca=0 +template_ca_path_length=-1 +template_no_ocsp_check=0 +state=NEED_KEY_PAIR +autorenew=0 +monitor=0 +submitted=1970010100 +""") +# stop certmonger service +self.master.run_command(['systemctl', 'stop', 'certmonger']) + +# place an empty cert request file to certmonger request dir +self.master.put_file_contents( +os.path.join(paths.CERTMONGER_REQUESTS_DIR, '20211125062617'), +empty_cert_req_content +) + +# start certmonger, it should not fail +self.master.run_command(['systemctl', 'start', 'certmonger']) + +# request a new cert, should succeed and certmonger doesn't goes +# to segfault +result = self.master.run_command([ +"ipa-getcert", "request", +"-f", os.path.join(paths.OPENSSL_CERTS_DIR, "test.pem"), +"-k", os.path.join(paths.OPENSSL_PRIVATE_DIR, "test.key"), +]) +request_id = re.findall(r'\d+', result.stdout_text) + +# check if certificate is in MONITORING state +status = tasks.wait_for_request(self.master, request_id[0], 50) +assert status == "MONITORING" + +self.master.run_command( +['ipa-getcert', 'stop-tracking', '-i', request_id[0]] +) +self.master.run_command([ +'rm', '-rf', +os.path.join(paths.CERTMONGER_REQUESTS_DIR, '20211125062617'), +os.path.join(paths.OPENSSL_CERTS_DIR, 'test.pem'), +os.path.join(paths.OPENSSL_PRIVATE_DIR, 'test.key') +]) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora
[Freeipa-devel] [freeipa PR#6107][closed] ipatests: Test empty cert request doesn't force certmonger to segfault
URL: https://github.com/freeipa/freeipa/pull/6107 Author: mrizwan93 Title: #6107: ipatests: Test empty cert request doesn't force certmonger to segfault Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6107/head:pr6107 git checkout pr6107 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6127][closed] [Backport][ipa-4-9] ipatests: Test default value of nsslapd-sizelimit.
URL: https://github.com/freeipa/freeipa/pull/6127 Author: flo-renaud Title: #6127: [Backport][ipa-4-9] ipatests: Test default value of nsslapd-sizelimit. Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6127/head:pr6127 git checkout pr6127 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6127][opened] [Backport][ipa-4-9] ipatests: Test default value of nsslapd-sizelimit.
URL: https://github.com/freeipa/freeipa/pull/6127 Author: flo-renaud Title: #6127: [Backport][ipa-4-9] ipatests: Test default value of nsslapd-sizelimit. Action: opened PR body: """ This PR was opened automatically because PR #6123 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6127/head:pr6127 git checkout pr6127 From b98038816d024c9f0cd782feebfe34abf054b1fc Mon Sep 17 00:00:00 2001 From: Anuja More Date: Mon, 13 Dec 2021 17:37:05 +0530 Subject: [PATCH] ipatests: Test default value of nsslapd-sizelimit. related : https://pagure.io/freeipa/issue/8962 Signed-off-by: Anuja More --- ipatests/test_integration/test_installation.py | 13 + 1 file changed, 13 insertions(+) diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index 95cfaad54c3..0947241ae27 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -1067,6 +1067,19 @@ def test_ldbm_tuning(self): ) assert "nsslapd-db-locks" not in result.stdout_text +def test_nsslapd_sizelimit(self): +""" Test for default value of nsslapd-sizelimit. + +Related : https://pagure.io/freeipa/issue/8962 +""" +result = tasks.ldapsearch_dm( +self.master, +"cn=config", +["nsslapd-sizelimit"], +scope="base" +) +assert "nsslapd-sizelimit: 10" in result.stdout_text + def test_admin_root_alias_CVE_2020_10747(self): # Test for CVE-2020-10747 fix # https://bugzilla.redhat.com/show_bug.cgi?id=1810160 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6123][closed] ipatests: Test default value of nsslapd-sizelimit.
URL: https://github.com/freeipa/freeipa/pull/6123 Author: amore17 Title: #6123: ipatests: Test default value of nsslapd-sizelimit. Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6123/head:pr6123 git checkout pr6123 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6126][opened] Bz2031825
URL: https://github.com/freeipa/freeipa/pull/6126 Author: flo-renaud Title: #6126: Bz2031825 Action: opened PR body: """ ### Config plugin: return EmptyModlist when no change is applied When ipa config-mod is called with the option --enable-sid, the code needs to trap EmptyModlist exception (it is expected that no LDAP attribute is modified by this operation). The code had a flaw and was checking: 'enable_sid' in options instead of options['enable_sid'] "'enable_sid' in options" always returns true as this option is a Flag with a default value, hence always present even if not specified on the command line. Fixes: https://pagure.io/freeipa/issue/9063 ### config plugin: add a test ensuring EmptyModlist is returned Add a test to test_config_plugin, that calls ipa config-mod with the same value as already present in LDAP. The call must return EmptyModlist. Related: https://pagure.io/freeipa/issue/9063 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6126/head:pr6126 git checkout pr6126 From 231aec74c3468d53392cd6aeae4ae18d555b5958 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Wed, 15 Dec 2021 10:47:02 +0100 Subject: [PATCH 1/2] Config plugin: return EmptyModlist when no change is applied When ipa config-mod is called with the option --enable-sid, the code needs to trap EmptyModlist exception (it is expected that no LDAP attribute is modified by this operation). The code had a flaw and was checking: 'enable_sid' in options instead of options['enable_sid'] "'enable_sid' in options" always returns true as this option is a Flag with a default value, hence always present even if not specified on the command line. Fixes: https://pagure.io/freeipa/issue/9063 --- ipaserver/plugins/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/plugins/config.py b/ipaserver/plugins/config.py index eae401fc3f7..24446beb0b0 100644 --- a/ipaserver/plugins/config.py +++ b/ipaserver/plugins/config.py @@ -707,7 +707,7 @@ def exc_callback(self, keys, options, exc, call_func, if (isinstance(exc, errors.EmptyModlist) and call_func.__name__ == 'update_entry' and ('ca_renewal_master_server' in options or - 'enable_sid' in options)): + options['enable_sid'])): return super(config_mod, self).exc_callback( From dfcc6852e1ae6b86f4b83704651a4a01189fc243 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Wed, 15 Dec 2021 10:51:05 +0100 Subject: [PATCH 2/2] config plugin: add a test ensuring EmptyModlist is returned Add a test to test_config_plugin, that calls ipa config-mod with the same value as already present in LDAP. The call must return EmptyModlist. Related: https://pagure.io/freeipa/issue/9063 --- ipatests/test_xmlrpc/test_config_plugin.py | 9 + 1 file changed, 9 insertions(+) diff --git a/ipatests/test_xmlrpc/test_config_plugin.py b/ipatests/test_xmlrpc/test_config_plugin.py index e981bb4a03d..a8ec9f0e558 100644 --- a/ipatests/test_xmlrpc/test_config_plugin.py +++ b/ipatests/test_xmlrpc/test_config_plugin.py @@ -312,4 +312,13 @@ class test_config(Declarative): 'value': None, }, ), +dict( +desc='Set the value to the already set value, no modifications', +command=( +'config_mod', [], { +'ipasearchrecordslimit': u'100', +}, +), +expected=errors.EmptyModlist(), +), ] ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6125][opened] ipatests: Fix expected object classes
URL: https://github.com/freeipa/freeipa/pull/6125 Author: flo-renaud Title: #6125: ipatests: Fix expected object classes Action: opened PR body: """ Because the sidgen plugin is a postop plugin, it is not always triggered before the result of an ADD is returned and the objectclasses of the user may / may not contain ipantuserattrs. Fix the expected object classes. Related: https://pagure.io/freeipa/issue/9062 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6125/head:pr6125 git checkout pr6125 From 886934eaba14a4dd711e2fa8929bb73830533016 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Tue, 14 Dec 2021 16:33:29 +0100 Subject: [PATCH] ipatests: Fix expected object classes Because the sidgen plugin is a postop plugin, it is not always triggered before the result of an ADD is returned and the objectclasses of the user may / may not contain ipantuserattrs. Fix the expected object classes. Related: https://pagure.io/freeipa/issue/9062 --- ipatests/test_xmlrpc/test_user_plugin.py | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py index 58996b2132e..b9fed22f30b 100644 --- a/ipatests/test_xmlrpc/test_user_plugin.py +++ b/ipatests/test_xmlrpc/test_user_plugin.py @@ -151,8 +151,9 @@ def user_radius(request, xmlrpc_setup): sn=u'radiususer1', ipatokenradiususername=u'radiususer') tracker.track_create() -tracker.attrs.update( -objectclass=objectclasses.user + [u'ipatokenradiusproxyuser'] +tracker.attrs.update(objectclass=fuzzy_set_optional_oc( +objectclasses.user + [u'ipatokenradiusproxyuser'], +'ipantuserattrs'), ) return tracker.make_fixture(request) @@ -646,7 +647,8 @@ def test_create_without_upg_with_gid_set(self): testuser.attrs.update(gidnumber=[u'1000']) testuser.attrs.update( description=[], -objectclass=objectclasses.user_base + [u'ipantuserattrs'] +objectclass=fuzzy_set_optional_oc( +objectclasses.user_base, 'ipantuserattrs'), ) command = testuser.make_create_command() result = command() ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6124][closed] [Backport][ipa-4-9] ipatests: fix TestOTPToken::test_check_otpd_after_idle_timeout
URL: https://github.com/freeipa/freeipa/pull/6124 Author: flo-renaud Title: #6124: [Backport][ipa-4-9] ipatests: fix TestOTPToken::test_check_otpd_after_idle_timeout Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6124/head:pr6124 git checkout pr6124 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6124][opened] [Backport][ipa-4-9] ipatests: fix TestOTPToken::test_check_otpd_after_idle_timeout
URL: https://github.com/freeipa/freeipa/pull/6124 Author: flo-renaud Title: #6124: [Backport][ipa-4-9] ipatests: fix TestOTPToken::test_check_otpd_after_idle_timeout Action: opened PR body: """ This PR was opened automatically because PR #6119 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6124/head:pr6124 git checkout pr6124 From 94a02c05cf93ab22c139b31075b061df79510615 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Sun, 5 Dec 2021 17:38:58 +0100 Subject: [PATCH] ipatests: fix TestOTPToken::test_check_otpd_after_idle_timeout The test sets 389-ds nsslapd-idletimeout to 60s, then does a kinit with an otp token (which makes ipa-otpd create a LDAP connection), then sleeps for 60s. The expectation is that ns-slapd will detect that the LDAP conn from ipa-otpd is idle and close the connection. According to 389ds doc, the idle timeout is enforced when the connection table is walked. By doing a ldapsearch, the test "wakes up" ns-slapd and forces the detection of ipa-otpd idle connection. Fixes: https://pagure.io/freeipa/issue/9044 Signed-off-by: Florence Blanc-Renaud --- ipatests/test_integration/test_otp.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipatests/test_integration/test_otp.py b/ipatests/test_integration/test_otp.py index 35347089796..d8ce527ca08 100644 --- a/ipatests/test_integration/test_otp.py +++ b/ipatests/test_integration/test_otp.py @@ -354,6 +354,9 @@ def test_check_otpd_after_idle_timeout(self, setup_otp_nsslapd): otpvalue = totp.generate(int(time.time())).decode("ascii") kinit_otp(self.master, USER, password=PASSWORD, otp=otpvalue) time.sleep(60) +# ldapsearch will wake up slapd and force walking through +# the connection list, in order to spot the idle connections +tasks.ldapsearch_dm(self.master, "", ldap_args=[], scope="base") def test_cb(cmd_jornalctl): # check if LDAP connection is timed out ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6119][closed] ipatests: fix TestOTPToken::test_check_otpd_after_idle_timeout
URL: https://github.com/freeipa/freeipa/pull/6119 Author: flo-renaud Title: #6119: ipatests: fix TestOTPToken::test_check_otpd_after_idle_timeout Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6119/head:pr6119 git checkout pr6119 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6119][opened] ipatests: fix TestOTPToken::test_check_otpd_after_idle_timeout
URL: https://github.com/freeipa/freeipa/pull/6119 Author: flo-renaud Title: #6119: ipatests: fix TestOTPToken::test_check_otpd_after_idle_timeout Action: opened PR body: """ The test sets 389-ds nsslapd-idletimeout to 60s, then does a kinit with an otp token (which makes ipa-otpd create a LDAP connection), then sleeps for 60s. The expectation is that ns-slapd will detect that the LDAP conn from ipa-otpd is idle and close the connection. According to 389ds doc, the idle timeout is enforced when the connection table is walked. By doing a ldapsearch, the test "wakes up" ns-slapd and forces the detection of ipa-otpd idle connection. Fixes: https://pagure.io/freeipa/issue/9044 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6119/head:pr6119 git checkout pr6119 From cb919567e1326f9826ddc319e54c5d360f98a288 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Sun, 5 Dec 2021 17:38:58 +0100 Subject: [PATCH 1/2] ipatests: fix TestOTPToken::test_check_otpd_after_idle_timeout The test sets 389-ds nsslapd-idletimeout to 60s, then does a kinit with an otp token (which makes ipa-otpd create a LDAP connection), then sleeps for 60s. The expectation is that ns-slapd will detect that the LDAP conn from ipa-otpd is idle and close the connection. According to 389ds doc, the idle timeout is enforced when the connection table is walked. By doing a ldapsearch, the test "wakes up" ns-slapd and forces the detection of ipa-otpd idle connection. Fixes: https://pagure.io/freeipa/issue/9044 Signed-off-by: Florence Blanc-Renaud --- ipatests/test_integration/test_otp.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipatests/test_integration/test_otp.py b/ipatests/test_integration/test_otp.py index 35347089796..d8ce527ca08 100644 --- a/ipatests/test_integration/test_otp.py +++ b/ipatests/test_integration/test_otp.py @@ -354,6 +354,9 @@ def test_check_otpd_after_idle_timeout(self, setup_otp_nsslapd): otpvalue = totp.generate(int(time.time())).decode("ascii") kinit_otp(self.master, USER, password=PASSWORD, otp=otpvalue) time.sleep(60) +# ldapsearch will wake up slapd and force walking through +# the connection list, in order to spot the idle connections +tasks.ldapsearch_dm(self.master, "", ldap_args=[], scope="base") def test_cb(cmd_jornalctl): # check if LDAP connection is timed out From 4f69429b67e11078fbc8c0b2fa759ae6b36f Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Sun, 5 Dec 2021 17:44:10 +0100 Subject: [PATCH 2/2] Temp commit --- .freeipa-pr-ci.yaml| 2 +- ipatests/prci_definitions/temp_commit.yaml | 33 -- 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index abcf8c5b634..80656690080 12 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -1 +1 @@ -ipatests/prci_definitions/gating.yaml \ No newline at end of file +ipatests/prci_definitions/temp_commit.yaml \ No newline at end of file diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml index 31935bf044a..211c53bf945 100644 --- a/ipatests/prci_definitions/temp_commit.yaml +++ b/ipatests/prci_definitions/temp_commit.yaml @@ -61,14 +61,41 @@ jobs: timeout: 1800 topology: *build - fedora-latest/temp_commit: + fedora-latest/test_otp: requires: [fedora-latest/build] priority: 50 job: class: RunPytest args: build_url: '{fedora-latest/build_url}' -test_suite: test_integration/test_REPLACEME.py +test_suite: test_integration/test_otp.py template: *ci-master-latest timeout: 3600 -topology: *master_1repl_1client +topology: *master_1repl + + fedora-rawhide/build: +requires: [] +priority: 100 +job: + class: Build + args: +git_repo: '{git_repo}' +git_refspec: '{git_refspec}' +template: + name: freeipa/ci-master-frawhide + version: 0.5.2 +timeout: 1800 +topology: *build + + fedora-rawhide/test_otp: +requires: [fedora-rawhide/build] +priority: 50 +job: + class: RunPytest + args: +build_url: '{fedora-rawhide/build_url}' +update_packages: True +test_suite: test_integration/test_otp.py +template: *ci-master-frawhide +timeout: 3600 +topology: *master_1repl ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
[Freeipa-devel] [freeipa PR#6114][closed] [Backport][ipa-4-9] Extend test to see if replica is not shown when running `ipa-replica-manage list -v FQDN`
URL: https://github.com/freeipa/freeipa/pull/6114 Author: flo-renaud Title: #6114: [Backport][ipa-4-9] Extend test to see if replica is not shown when running `ipa-replica-manage list -v FQDN` Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6114/head:pr6114 git checkout pr6114 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6115][closed] [Backport][ipa-4-9] ipatests: Fix test_ipa_cert_fix.py::TestCertFixReplica teardown
URL: https://github.com/freeipa/freeipa/pull/6115 Author: flo-renaud Title: #6115: [Backport][ipa-4-9] ipatests: Fix test_ipa_cert_fix.py::TestCertFixReplica teardown Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6115/head:pr6115 git checkout pr6115 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6116][closed] [Backport][ipa-4-9] PAC fixes for Windows Server November 2021 security release
URL: https://github.com/freeipa/freeipa/pull/6116 Author: abbra Title: #6116: [Backport][ipa-4-9] PAC fixes for Windows Server November 2021 security release Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6116/head:pr6116 git checkout pr6116 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6110][closed] [Backport][ipa-4-9] Various fixes for Debian
URL: https://github.com/freeipa/freeipa/pull/6110 Author: rcritten Title: #6110: [Backport][ipa-4-9] Various fixes for Debian Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6110/head:pr6110 git checkout pr6110 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6115][opened] [Backport][ipa-4-9] ipatests: Fix test_ipa_cert_fix.py::TestCertFixReplica teardown
URL: https://github.com/freeipa/freeipa/pull/6115 Author: flo-renaud Title: #6115: [Backport][ipa-4-9] ipatests: Fix test_ipa_cert_fix.py::TestCertFixReplica teardown Action: opened PR body: """ This PR was opened automatically because PR #6111 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6115/head:pr6115 git checkout pr6115 From 1af332e6a4b783d326e98b0c4c1a59506e26f37c Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Date: Fri, 26 Nov 2021 12:11:21 +0530 Subject: [PATCH] ipatests: Fix test_ipa_cert_fix.py::TestCertFixReplica teardown Fixture `expire_certs` moves date back after renewing the certs. This is causing the ipa-replica to fail. This fix first uninstalls the server then moves back the date. Fixes: https://pagure.io/freeipa/issue/9052 Signed-off-by: Mohammad Rizwan --- ipatests/test_integration/test_ipa_cert_fix.py | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ipatests/test_integration/test_ipa_cert_fix.py b/ipatests/test_integration/test_ipa_cert_fix.py index 39904d5de64..5b56054b4f1 100644 --- a/ipatests/test_integration/test_ipa_cert_fix.py +++ b/ipatests/test_integration/test_ipa_cert_fix.py @@ -389,6 +389,12 @@ def install(cls, mh): setup_dns=False, extra_args=['--no-ntp'] ) +@classmethod +def uninstall(cls, mh): +# Uninstall method is empty as the uninstallation is done in +# the fixture +pass + @pytest.fixture def expire_certs(self): # move system date to expire certs @@ -398,7 +404,8 @@ def expire_certs(self): yield # move date back on replica and master -for host in self.master, self.replicas[0]: +for host in self.replicas[0], self.master: +tasks.uninstall_master(host) tasks.move_date(host, 'start', '-3years-1days') def test_renew_expired_cert_replica(self, expire_certs): ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6111][closed] ipatests: Fix test_ipa_cert_fix.py::TestCertFixReplica teardown
URL: https://github.com/freeipa/freeipa/pull/6111 Author: mrizwan93 Title: #6111: ipatests: Fix test_ipa_cert_fix.py::TestCertFixReplica teardown Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6111/head:pr6111 git checkout pr6111 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6114][opened] [Backport][ipa-4-9] Extend test to see if replica is not shown when running `ipa-replica-manage list -v FQDN`
URL: https://github.com/freeipa/freeipa/pull/6114 Author: flo-renaud Title: #6114: [Backport][ipa-4-9] Extend test to see if replica is not shown when running `ipa-replica-manage list -v FQDN` Action: opened PR body: """ This PR was opened automatically because PR #6108 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6114/head:pr6114 git checkout pr6114 From fb364d4946dde18aae06327e185d74e86b728bca Mon Sep 17 00:00:00 2001 From: Sumedh Sidhaye Date: Thu, 25 Nov 2021 17:48:20 +0530 Subject: [PATCH] Extend test to see if replica is not shown when running `ipa-replica-manage list -v ` Related: https://pagure.io/freeipa/issue/8605 Signed-off-by: Sumedh Sidhaye --- ipatests/test_integration/test_simple_replication.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ipatests/test_integration/test_simple_replication.py b/ipatests/test_integration/test_simple_replication.py index 8de3851447a..17092a49966 100644 --- a/ipatests/test_integration/test_simple_replication.py +++ b/ipatests/test_integration/test_simple_replication.py @@ -111,5 +111,6 @@ def test_replica_removal(self): # has to be run with --force, there is no --unattended self.master.run_command(['ipa-replica-manage', 'del', self.replicas[0].hostname, '--force']) -result = self.master.run_command(['ipa-replica-manage', 'list']) +result = self.master.run_command( +['ipa-replica-manage', 'list', '-v', self.master.hostname]) assert self.replicas[0].hostname not in result.stdout_text ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6108][closed] Extend test to see if replica is not shown when running `ipa-replica-manage list -v FQDN`
URL: https://github.com/freeipa/freeipa/pull/6108 Author: ssidhaye Title: #6108: Extend test to see if replica is not shown when running `ipa-replica-manage list -v FQDN` Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6108/head:pr6108 git checkout pr6108 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6105][closed] [Backport][ipa-4-9] ipatests: remove xfail on f35+ for test_number_of_zones
URL: https://github.com/freeipa/freeipa/pull/6105 Author: flo-renaud Title: #6105: [Backport][ipa-4-9] ipatests: remove xfail on f35+ for test_number_of_zones Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6105/head:pr6105 git checkout pr6105 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6104][closed] [Backport][ipa-4-9] Remove duplicate _() in the error path
URL: https://github.com/freeipa/freeipa/pull/6104 Author: flo-renaud Title: #6104: [Backport][ipa-4-9] Remove duplicate _() in the error path Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6104/head:pr6104 git checkout pr6104 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6105][opened] [Backport][ipa-4-9] ipatests: remove xfail on f35+ for test_number_of_zones
URL: https://github.com/freeipa/freeipa/pull/6105 Author: flo-renaud Title: #6105: [Backport][ipa-4-9] ipatests: remove xfail on f35+ for test_number_of_zones Action: opened PR body: """ This PR was opened automatically because PR #6103 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6105/head:pr6105 git checkout pr6105 From 500ef8c976d540bf41dc8546674be042bf038620 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Tue, 23 Nov 2021 10:14:07 +0100 Subject: [PATCH] ipatests: remove xfail on f35+ for test_number_of_zones systemd-resolved fixed the issue on f35+ Related: https://pagure.io/freeipa/issue/8700 Signed-off-by: Florence Blanc-Renaud --- ipatests/test_integration/test_installation.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index e9d3d1683c9..95cfaad54c3 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -583,7 +583,8 @@ class TestInstallWithCA_DNS3(CALessBase): """ @pytest.mark.xfail( -osinfo.id == 'fedora' and osinfo.version_number >= (33,), +osinfo.id == 'fedora' and osinfo.version_number >= (33,) +and osinfo.version_number < (35,), reason='freeipa ticket 8700', strict=True) @server_install_setup def test_number_of_zones(self): ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6103][closed] ipatests: remove xfail on f35+ for test_number_of_zones
URL: https://github.com/freeipa/freeipa/pull/6103 Author: flo-renaud Title: #6103: ipatests: remove xfail on f35+ for test_number_of_zones Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6103/head:pr6103 git checkout pr6103 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6085][closed] Fix use of comparison functions to avoid GCC bug 95189
URL: https://github.com/freeipa/freeipa/pull/6085 Author: abbra Title: #6085: Fix use of comparison functions to avoid GCC bug 95189 Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6085/head:pr6085 git checkout pr6085 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6104][opened] [Backport][ipa-4-9] Remove duplicate _() in the error path
URL: https://github.com/freeipa/freeipa/pull/6104 Author: flo-renaud Title: #6104: [Backport][ipa-4-9] Remove duplicate _() in the error path Action: opened PR body: """ This PR was opened automatically because PR #6097 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6104/head:pr6104 git checkout pr6104 From bce56740464a603f7d4bb03788573b5f0173831f Mon Sep 17 00:00:00 2001 From: Jochen Kellner Date: Sun, 21 Nov 2021 19:55:12 +0100 Subject: [PATCH] Remove duplicate _() in the error path When running IPA in locale de_DE.UTF-8 I got an internal error: jochen@freeipa1:~$ ipa server-del freeipa4.example.org Removing freeipa4.example.org from replication topology, please wait... ipa: ERROR: Ein interner Fehler ist aufgetreten This is not the complete messages. Using en_US.UTF-8 would be ok. In the httpd error_log: ] ipa: ERROR: non-public: TypeError: unhashable type: 'Gettext' ] Traceback (most recent call last): ] File "/usr/lib/python3.10/site-packags/ipaserver/rpcserver.py", line 407, in wsgi_execute ] result = command(*args, **options) ] File "/usr/lib/python3.10/site-packages/ipalib/frontend.py", line 471, in __call__ ] return self.__do_call(*args, **options) ] File "/usr/lib/python3.10/site-packages/ipalib/frontend.py", line 499, in __do_call ] ret = self.run(*args, **options) ] File "/usr/lib/python3.10/site-packages/ipalib/frontend.py", line 821, in run ] return self.execute(*args, **options) ] File "/usr/lib/python3.10/site-packages/ipaserver/plugins/baseldap.py", line 1686, in execute] return self.execute(*args, **options) ] File "/usr/lib/python3.10/site-packages/ipaserver/plugins/baseldap.py", line 1686, in execute ] delete_entry(pkey) ] File "/usr/lib/python3.10/site-packages/ipaserver/plugins/baseldap.py", line 1637, in delete_entry ] dn = callback(self, ldap, dn, *nkeys, **options) ] File "/usr/lib/python3.10/site-packages/ipaserver/plugins/server.py", line 755, in pre_callback ] self._ensure_last_of_role( ] File "/usr/lib/python3.10/site-packages/ipaserver/plugins/server.py", line 520, in _ensure_last_of_role ] handler( ] File "/usr/lib/python3.10/site-packages/ipaserver/plugins/server.py", line 482, in handler ] raise errors.ServerRemovalError(reason=_(msg)) ] File "/usr/lib/python3.10/site-packages/ipalib/errors.py", line 269, in __init__ ] messages.process_message_arguments(self, format, message, **kw) ] File "/usr/lib/python3.10/site-packages/ipalib/messages.py", line 55, in process_message_arguments ] kw[key] = unicode(value) ] File "/usr/lib/python3.10/site-packages/ipalib/text.py", line 296, in __str__ ] return unicode(self.as_unicode()) ] File "/usr/lib/python3.10/site-packages/ipalib/text.py", line 293, in as_unicode ] return t.gettext(self.msg) ] File "/usr/lib64/python3.10/gettext.py", line 498, in gettext ] tmsg = self._catalog.get(message, missing) ] TypeError: unhashable type: 'Gettext' ] ipa: INFO: [jsonserver_session] ad...@example.org: server_del/1(['freeipa4.example.org'], version='2.245'): InternalError Alexander suggested to remove _() in local handler() function in _ensure_last_of_role(): else: raise errors.ServerRemovalError(reason=_(msg)) Looks like all the callers give already gettext-enabled message (wrapped with _() already). At least for my case I now get a complete error message. Fixes: https://pagure.io/freeipa/issue/9046 Signed-off-by: Jochen Kellner --- ipaserver/plugins/server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py index 60d89d5b383..b51e5015f64 100644 --- a/ipaserver/plugins/server.py +++ b/ipaserver/plugins/server.py @@ -479,7 +479,7 @@ def handler(msg, ignore_last_of_role): ) ) else: -raise errors.ServerRemovalError(reason=_(msg)) +raise errors.ServerRemovalError(reason=msg) ipa_config = self.api.Command.config_show()['result'] ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6097][closed] Remove duplicate _() in the error path
URL: https://github.com/freeipa/freeipa/pull/6097 Author: jh23453 Title: #6097: Remove duplicate _() in the error path Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6097/head:pr6097 git checkout pr6097 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6102][closed] [Backport][ipa-4-9] Don't limit role-find by hostname when searching for last KRA
URL: https://github.com/freeipa/freeipa/pull/6102 Author: rcritten Title: #6102: [Backport][ipa-4-9] Don't limit role-find by hostname when searching for last KRA Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6102/head:pr6102 git checkout pr6102 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6103][opened] ipatests: remove xfail on f35+ for test_number_of_zones
URL: https://github.com/freeipa/freeipa/pull/6103 Author: flo-renaud Title: #6103: ipatests: remove xfail on f35+ for test_number_of_zones Action: opened PR body: """ systemd-resolved fixed the issue on f35+ Related: https://pagure.io/freeipa/issue/8700 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6103/head:pr6103 git checkout pr6103 From 63a344d6b313e345f6bf7a67e2c7b8935a0491eb Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Tue, 23 Nov 2021 10:14:07 +0100 Subject: [PATCH 1/2] ipatests: remove xfail on f35+ for test_number_of_zones systemd-resolved fixed the issue on f35+ Related: https://pagure.io/freeipa/issue/8700 Signed-off-by: Florence Blanc-Renaud --- ipatests/test_integration/test_installation.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index e9d3d1683c9..bf65a5d3619 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -583,7 +583,8 @@ class TestInstallWithCA_DNS3(CALessBase): """ @pytest.mark.xfail( -osinfo.id == 'fedora' and osinfo.version_number >= (33,), +osinfo.id == 'fedora' and osinfo.version_number >= (33,) +and osinfo.version_number < (35,0), reason='freeipa ticket 8700', strict=True) @server_install_setup def test_number_of_zones(self): From 612f639d490ac5d93d935f16945fa9fe6637debc Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Tue, 23 Nov 2021 10:18:31 +0100 Subject: [PATCH 2/2] Temp commit --- .freeipa-pr-ci.yaml| 2 +- ipatests/prci_definitions/temp_commit.yaml | 59 -- 2 files changed, 57 insertions(+), 4 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index abcf8c5b634..80656690080 12 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -1 +1 @@ -ipatests/prci_definitions/gating.yaml \ No newline at end of file +ipatests/prci_definitions/temp_commit.yaml \ No newline at end of file diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml index 31935bf044a..f9f46195863 100644 --- a/ipatests/prci_definitions/temp_commit.yaml +++ b/ipatests/prci_definitions/temp_commit.yaml @@ -61,14 +61,67 @@ jobs: timeout: 1800 topology: *build - fedora-latest/temp_commit: + fedora-latest/test_installation_TestInstallWithCA_DNS3: requires: [fedora-latest/build] priority: 50 job: class: RunPytest args: build_url: '{fedora-latest/build_url}' -test_suite: test_integration/test_REPLACEME.py +test_suite: test_integration/test_installation.py::TestInstallWithCA_DNS3 template: *ci-master-latest timeout: 3600 -topology: *master_1repl_1client +topology: *master_1repl + + fedora-rawhide/build: +requires: [] +priority: 100 +job: + class: Build + args: +git_repo: '{git_repo}' +git_refspec: '{git_refspec}' +template: + name: freeipa/ci-master-frawhide + version: 0.5.2 +timeout: 1800 +topology: *build + + fedora-rawhide/test_installation_TestInstallWithCA_DNS3: +requires: [fedora-rawhide/build] +priority: 50 +job: + class: RunPytest + args: +build_url: '{fedora-rawhide/build_url}' +update_packages: True +test_suite: test_integration/test_installation.py::TestInstallWithCA_DNS3 +template: *ci-master-frawhide +timeout: 3600 +topology: *master_1repl + + fedora-previous/build: +requires: [] +priority: 100 +job: + class: Build + args: +git_repo: '{git_repo}' +git_refspec: '{git_refspec}' +template: + name: freeipa/ci-master-f34 + version: 0.0.7 +timeout: 1800 +topology: *build + + fedora-previous/test_installation_TestInstallWithCA_DNS3: +requires: [fedora-previous/build] +priority: 50 +job: + class: RunPytest + args: +build_url: '{fedora-previous/build_url}' +test_suite: test_integration/test_installation.py::TestInstallWithCA_DNS3 +template: *ci-master-previous +timeout: 3600 +topology: *master_1repl ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6100][closed] [Backport][ipa-4-9] fix(webui): create correct PTR record when navigated from host page
URL: https://github.com/freeipa/freeipa/pull/6100 Author: pvoborni Title: #6100: [Backport][ipa-4-9] fix(webui): create correct PTR record when navigated from host page Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6100/head:pr6100 git checkout pr6100 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6084][closed] fix(webui): create correct PTR record when navigated from host page
URL: https://github.com/freeipa/freeipa/pull/6084 Author: pvoborni Title: #6084: fix(webui): create correct PTR record when navigated from host page Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6084/head:pr6084 git checkout pr6084 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6099][closed] [Backport][ipa-4-9] pwpolicy: change lifetime error message
URL: https://github.com/freeipa/freeipa/pull/6099 Author: fcami Title: #6099: [Backport][ipa-4-9] pwpolicy: change lifetime error message Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6099/head:pr6099 git checkout pr6099 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6082][closed] ipatests: update packages in rawhide test test_installation_client.py
URL: https://github.com/freeipa/freeipa/pull/6082 Author: flo-renaud Title: #6082: ipatests: update packages in rawhide test test_installation_client.py Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6082/head:pr6082 git checkout pr6082 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6094][closed] [Backport][ipa-4-9] freeipa.spec.in: -server subpackage should require samba-client-libs
URL: https://github.com/freeipa/freeipa/pull/6094 Author: flo-renaud Title: #6094: [Backport][ipa-4-9] freeipa.spec.in: -server subpackage should require samba-client-libs Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6094/head:pr6094 git checkout pr6094 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6093][closed] [Backport][ipa-4-9] ipatests: mark test_installation_TestInstallWithCA_DNS3 as xfail
URL: https://github.com/freeipa/freeipa/pull/6093 Author: flo-renaud Title: #6093: [Backport][ipa-4-9] ipatests: mark test_installation_TestInstallWithCA_DNS3 as xfail Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6093/head:pr6093 git checkout pr6093 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6094][opened] [Backport][ipa-4-9] freeipa.spec.in: -server subpackage should require samba-client-libs
URL: https://github.com/freeipa/freeipa/pull/6094 Author: flo-renaud Title: #6094: [Backport][ipa-4-9] freeipa.spec.in: -server subpackage should require samba-client-libs Action: opened PR body: """ This PR was opened automatically because PR #6083 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6094/head:pr6094 git checkout pr6094 From e7c0b0de778db4d5116039d47dc5b9bd34c8f00a Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 15 Nov 2021 16:41:01 +0200 Subject: [PATCH] freeipa.spec.in: -server subpackage should require samba-client-libs KDB driver extensively uses NDR parsing and marshalling code provided by Samba libraries. Since these libraries are internal to Samba, they often change structures without updating SONAME. Typical changes include adding new structures, so we should require samba-client-libs we were built against. There used to be %requires_eq macros in RPM but it was removed from Fedora some time ago. We need greater than or equal version of it, thus %ipa_requires_gt is defined in the spec file. Related: https://pagure.io/freeipa/issue/9031 Signed-off-by: Alexander Bokovoy --- freeipa.spec.in | 4 1 file changed, 4 insertions(+) diff --git a/freeipa.spec.in b/freeipa.spec.in index 952c1ad1894..e20edb7bc60 100755 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -1,3 +1,5 @@ +%define ipa_requires_gt() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}-%%{release}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") + # ipatests enabled by default, can be disabled with --without ipatests %bcond_without ipatests # default to not use XML-RPC in Rawhide, can be turned around with --with ipa_join_xml @@ -473,6 +475,8 @@ Requires: gssproxy >= 0.7.0-2 Requires: sssd-dbus >= %{sssd_version} Requires: libpwquality Requires: cracklib-dicts +# NDR libraries are internal in Samba and change with version without changing SONAME +%ipa_requires_gt samba-client-libs Provides: %{alt_name}-server = %{version} Conflicts: %{alt_name}-server ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6093][opened] [Backport][ipa-4-9] ipatests: mark test_installation_TestInstallWithCA_DNS3 as xfail
URL: https://github.com/freeipa/freeipa/pull/6093 Author: flo-renaud Title: #6093: [Backport][ipa-4-9] ipatests: mark test_installation_TestInstallWithCA_DNS3 as xfail Action: opened PR body: """ This PR was opened automatically because PR #6090 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6093/head:pr6093 git checkout pr6093 From 34dd852606756833fcb3447730bebaba3dc64c7d Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Thu, 18 Nov 2021 08:35:23 +0100 Subject: [PATCH] ipatests: mark test_installation_TestInstallWithCA_DNS3 as xfail The test failure is a known issue, happening on f33+. Mark as xfail until 8700 is fixed. Related: https://pagure.io/freeipa/issue/8700 Signed-off-by: Florence Blanc-Renaud --- ipatests/test_integration/test_installation.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index 3a44f5ed897..e9d3d1683c9 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -582,6 +582,9 @@ class TestInstallWithCA_DNS3(CALessBase): ticket 7239 """ +@pytest.mark.xfail( +osinfo.id == 'fedora' and osinfo.version_number >= (33,), +reason='freeipa ticket 8700', strict=True) @server_install_setup def test_number_of_zones(self): """There should be two zones: one forward, one reverse""" ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6090][closed] ipatests: mark test_installation_TestInstallWithCA_DNS3 as xfail
URL: https://github.com/freeipa/freeipa/pull/6090 Author: flo-renaud Title: #6090: ipatests: mark test_installation_TestInstallWithCA_DNS3 as xfail Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6090/head:pr6090 git checkout pr6090 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6090][opened] ipatests: mark test_installation_TestInstallWithCA_DNS3 as xfail
URL: https://github.com/freeipa/freeipa/pull/6090 Author: flo-renaud Title: #6090: ipatests: mark test_installation_TestInstallWithCA_DNS3 as xfail Action: opened PR body: """ The test failure is a known issue, happening on f33+. Mark as xfail until 8700 is fixed. Related: https://pagure.io/freeipa/issue/8700 Signed-off-by: Florence Blanc-Renaud """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6090/head:pr6090 git checkout pr6090 From 57f6986c2a7ecbd9b113aae030f1e3f80f68558e Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Thu, 18 Nov 2021 08:35:23 +0100 Subject: [PATCH] ipatests: mark test_installation_TestInstallWithCA_DNS3 as xfail The test failure is a known issue, happening on f33+. Mark as xfail until 8700 is fixed. Related: https://pagure.io/freeipa/issue/8700 Signed-off-by: Florence Blanc-Renaud --- ipatests/test_integration/test_installation.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index 3a44f5ed897..19a81a5e6e9 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -582,6 +582,7 @@ class TestInstallWithCA_DNS3(CALessBase): ticket 7239 """ +@pytest.mark.xfail(reason='freeipa ticket 8700', strict=True) @server_install_setup def test_number_of_zones(self): """There should be two zones: one forward, one reverse""" ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6081][closed] [Backport][ipa-4-9] Harden PAC processing leftovers
URL: https://github.com/freeipa/freeipa/pull/6081 Author: rcritten Title: #6081: [Backport][ipa-4-9] Harden PAC processing leftovers Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6081/head:pr6081 git checkout pr6081 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6082][opened] ipatests: update packages in rawhide test test_installation_client.py
URL: https://github.com/freeipa/freeipa/pull/6082 Author: flo-renaud Title: #6082: ipatests: update packages in rawhide test test_installation_client.py Action: opened PR body: """ The test definition is missing the instruction to update the packages. Fixes: https://pagure.io/freeipa/issue/9035 Signed-off-by: Florence Blanc-Renaud """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6082/head:pr6082 git checkout pr6082 From 7a88b35d71153bcd3de2f87ed85cd5c8880889a1 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Sun, 14 Nov 2021 13:17:27 +0100 Subject: [PATCH 1/2] ipatests: update packages in rawhide test test_installation_client.py The test definition is missing the instruction to update the packages. Fixes: https://pagure.io/freeipa/issue/9035 Signed-off-by: Florence Blanc-Renaud --- ipatests/prci_definitions/nightly_rawhide.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/ipatests/prci_definitions/nightly_rawhide.yaml b/ipatests/prci_definitions/nightly_rawhide.yaml index ee95f979919..8a3e7dc7e6a 100644 --- a/ipatests/prci_definitions/nightly_rawhide.yaml +++ b/ipatests/prci_definitions/nightly_rawhide.yaml @@ -1220,6 +1220,7 @@ jobs: class: RunPytest args: build_url: '{fedora-rawhide/build_url}' +update_packages: True test_suite: test_integration/test_installation_client.py template: *ci-master-frawhide timeout: 3600 From ec2ce0276d6e81f678609b92d8afcdaa10f9203d Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Sun, 14 Nov 2021 13:20:13 +0100 Subject: [PATCH 2/2] Temp commit --- .freeipa-pr-ci.yaml| 2 +- ipatests/prci_definitions/temp_commit.yaml | 21 +++-- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index abcf8c5b634..80656690080 12 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -1 +1 @@ -ipatests/prci_definitions/gating.yaml \ No newline at end of file +ipatests/prci_definitions/temp_commit.yaml \ No newline at end of file diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml index 4b0398b9218..23b632839cd 100644 --- a/ipatests/prci_definitions/temp_commit.yaml +++ b/ipatests/prci_definitions/temp_commit.yaml @@ -47,7 +47,7 @@ topologies: memory: 14500 jobs: - fedora-latest/build: + fedora-rawhide/build: requires: [] priority: 100 job: @@ -55,20 +55,21 @@ jobs: args: git_repo: '{git_repo}' git_refspec: '{git_refspec}' -template: - name: freeipa/ci-master-f34 - version: 0.0.5 +template: + name: freeipa/ci-master-frawhide + version: 0.5.1 timeout: 1800 topology: *build - fedora-latest/temp_commit: -requires: [fedora-latest/build] + fedora-rawhide/test_installation_client: +requires: [fedora-rawhide/build] priority: 50 job: class: RunPytest args: -build_url: '{fedora-latest/build_url}' -test_suite: test_integration/test_REPLACEME.py -template: *ci-master-latest +build_url: '{fedora-rawhide/build_url}' +update_packages: True +test_suite: test_integration/test_installation_client.py +template: *ci-master-frawhide timeout: 3600 -topology: *master_1repl_1client +topology: *master_3client ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6078][closed] [Backport][ipa-4-9] ipatests: fix get_user_result method
URL: https://github.com/freeipa/freeipa/pull/6078 Author: flo-renaud Title: #6078: [Backport][ipa-4-9] ipatests: fix get_user_result method Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6078/head:pr6078 git checkout pr6078 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6078][opened] [Backport][ipa-4-9] ipatests: fix get_user_result method
URL: https://github.com/freeipa/freeipa/pull/6078 Author: flo-renaud Title: #6078: [Backport][ipa-4-9] ipatests: fix get_user_result method Action: opened PR body: """ This PR was opened automatically because PR #6077 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6078/head:pr6078 git checkout pr6078 From 7c1c7cc1a7e54e18c9c38204a7a56f3f5efa7687 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Wed, 10 Nov 2021 10:54:37 +0100 Subject: [PATCH] ipatests: fix get_user_result method Because the sidgen plugin is a postop plugin, it is not always triggered before the result of an ADD is returned and the objectclasses of the user may / may not contain ipantuserattrs. Fix the get_user_result method to work in all the cases. Related: https://pagure.io/freeipa/issue/8995 Signed-off-by: Florence Blanc-Renaud --- ipatests/test_xmlrpc/test_user_plugin.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py index b093a9f2b2d..58996b2132e 100644 --- a/ipatests/test_xmlrpc/test_user_plugin.py +++ b/ipatests/test_xmlrpc/test_user_plugin.py @@ -38,7 +38,7 @@ assert_deepequal, assert_equal, assert_not_equal, raises) from ipatests.test_xmlrpc.xmlrpc_test import ( XMLRPC_test, fuzzy_digits, fuzzy_uuid, fuzzy_password, -fuzzy_user_or_group_sid, +fuzzy_user_or_group_sid, fuzzy_set_optional_oc, Fuzzy, fuzzy_dergeneralizedtime, raises_exact) from ipapython.dn import DN from ipapython.ipaldap import ldap_initialize @@ -1179,7 +1179,8 @@ def get_user_result(uid, givenname, sn, operation='show', omit=[], initials=[givenname[0] + (sn or '')[:1]], ipauniqueid=[fuzzy_uuid], mepmanagedentry=[get_group_dn(uid)], -objectclass=objectclasses.user, +objectclass=fuzzy_set_optional_oc( +objectclasses.user, 'ipantuserattrs'), krbprincipalname=[u'%s@%s' % (uid, api.env.realm)], krbcanonicalname=[u'%s@%s' % (uid, api.env.realm)], ) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6077][closed] ipatests: fix get_user_result method
URL: https://github.com/freeipa/freeipa/pull/6077 Author: flo-renaud Title: #6077: ipatests: fix get_user_result method Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6077/head:pr6077 git checkout pr6077 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6077][opened] ipatests: fix get_user_result method
URL: https://github.com/freeipa/freeipa/pull/6077 Author: flo-renaud Title: #6077: ipatests: fix get_user_result method Action: opened PR body: """ Because the sidgen plugin is a postop plugin, it is not always triggered before the result of an ADD is returned and the objectclasses of the user may / may not contain ipantuserattrs. Fix the get_user_result method to work in all the cases. Related: https://pagure.io/freeipa/issue/8995 Signed-off-by: Florence Blanc-Renaud """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6077/head:pr6077 git checkout pr6077 From 4d7b17fe2ba9898fb544a081175022b32d4b2793 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Wed, 10 Nov 2021 10:54:37 +0100 Subject: [PATCH] ipatests: fix get_user_result method Because the sidgen plugin is a postop plugin, it is not always triggered before the result of an ADD is returned and the objectclasses of the user may / may not contain ipantuserattrs. Fix the get_user_result method to work in all the cases. Related: https://pagure.io/freeipa/issue/8995 Signed-off-by: Florence Blanc-Renaud --- ipatests/test_xmlrpc/test_user_plugin.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py index b093a9f2b2d..58996b2132e 100644 --- a/ipatests/test_xmlrpc/test_user_plugin.py +++ b/ipatests/test_xmlrpc/test_user_plugin.py @@ -38,7 +38,7 @@ assert_deepequal, assert_equal, assert_not_equal, raises) from ipatests.test_xmlrpc.xmlrpc_test import ( XMLRPC_test, fuzzy_digits, fuzzy_uuid, fuzzy_password, -fuzzy_user_or_group_sid, +fuzzy_user_or_group_sid, fuzzy_set_optional_oc, Fuzzy, fuzzy_dergeneralizedtime, raises_exact) from ipapython.dn import DN from ipapython.ipaldap import ldap_initialize @@ -1179,7 +1179,8 @@ def get_user_result(uid, givenname, sn, operation='show', omit=[], initials=[givenname[0] + (sn or '')[:1]], ipauniqueid=[fuzzy_uuid], mepmanagedentry=[get_group_dn(uid)], -objectclass=objectclasses.user, +objectclass=fuzzy_set_optional_oc( +objectclasses.user, 'ipantuserattrs'), krbprincipalname=[u'%s@%s' % (uid, api.env.realm)], krbcanonicalname=[u'%s@%s' % (uid, api.env.realm)], ) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6075][closed] [Backport][ipa-4-9] ipatests: Test to check ipa ca-show error handling
URL: https://github.com/freeipa/freeipa/pull/6075 Author: ssidhaye Title: #6075: [Backport][ipa-4-9] ipatests: Test to check ipa ca-show error handling Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6075/head:pr6075 git checkout pr6075 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6072][closed] [Backport][ipa-4-9] ipatests: remove redundant kinit from test_renew()
URL: https://github.com/freeipa/freeipa/pull/6072 Author: flo-renaud Title: #6072: [Backport][ipa-4-9] ipatests: remove redundant kinit from test_renew() Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6072/head:pr6072 git checkout pr6072 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6073][closed] [Backport][ipa-4-9] Make the schema cache TTL user-configurable
URL: https://github.com/freeipa/freeipa/pull/6073 Author: flo-renaud Title: #6073: [Backport][ipa-4-9] Make the schema cache TTL user-configurable Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6073/head:pr6073 git checkout pr6073 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6071][closed] [Backport][ipa-4-9] Integrate SID configuration into base IPA installers
URL: https://github.com/freeipa/freeipa/pull/6071 Author: flo-renaud Title: #6071: [Backport][ipa-4-9] Integrate SID configuration into base IPA installers Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6071/head:pr6071 git checkout pr6071 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6073][opened] [Backport][ipa-4-9] Make the schema cache TTL user-configurable
URL: https://github.com/freeipa/freeipa/pull/6073 Author: flo-renaud Title: #6073: [Backport][ipa-4-9] Make the schema cache TTL user-configurable Action: opened PR body: """ This PR was opened automatically because PR #6049 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6073/head:pr6073 git checkout pr6073 From 64d028b484b4dce9ab4b6e3a6ba52d4199f38cd2 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 14 Oct 2021 17:07:32 -0400 Subject: [PATCH] Make the schema cache TTL user-configurable The API schema is not checked for changes until after a TTL is expired. A one-hour TTL was hardcoded which makes development tedious because the only way to force a schema update is to remember to remove files between invocations. This adds a new environment variable, schema_ttl, to configure the TTL returned by the server to schema() calls. This can be set low to ensure a frequent refresh during development. If the client is in compat mode, that is if client is working against a server that doesn't support the schema() command, then use the client's schema_ttl instead so that the user still has control. Re-check validity before writing the cache. This saves us both a disk write and the possibility of updating the expiration with a ttl of 0. This can happen if the fingerprint is still valid (not expired, no language change) the schema check is skipped so we have no server-provided ttl. https://pagure.io/freeipa/issue/8492 Signed-off-by: Rob Crittenden --- client/man/default.conf.5| 3 ++ ipaclient/remote_plugins/__init__.py | 15 +++--- ipaclient/remote_plugins/compat.py | 5 +- ipaclient/remote_plugins/schema.py | 7 ++- ipalib/constants.py | 3 ++ ipaserver/plugins/schema.py | 8 +-- ipatests/test_cmdline/test_schema.py | 80 7 files changed, 101 insertions(+), 20 deletions(-) create mode 100644 ipatests/test_cmdline/test_schema.py diff --git a/client/man/default.conf.5 b/client/man/default.conf.5 index 1fdceb122ed..4231d2a5316 100644 --- a/client/man/default.conf.5 +++ b/client/man/default.conf.5 @@ -172,6 +172,9 @@ Specifies the Kerberos realm. .B replication_wait_timeout The time to wait for a new entry to be replicated during replica installation. The default value is 300 seconds. .TP +.B schema_ttl +The number of seconds for the ipa tool to cache the IPA API and help schema. Reducing this value during development is helpful so that API changes are seen sooner in the tool. Setting this on a server will define the TTL for all client versions > 4.3.1. Client versions > 4.3.1 that connect to IPA servers older than 4.3.1 will use the client-side configuration value. The default is 3600 seconds. 0 disables the cache. A change in the ttl will not be immediately recognized by clients. They will use the new value once their current cache expires. +.TP .B server Specifies the IPA Server hostname. .TP diff --git a/ipaclient/remote_plugins/__init__.py b/ipaclient/remote_plugins/__init__.py index fe75b81b882..a4901335a3b 100644 --- a/ipaclient/remote_plugins/__init__.py +++ b/ipaclient/remote_plugins/__init__.py @@ -34,6 +34,7 @@ def __init__(self, api): hostname = DNSName(api.env.server).ToASCII() self._path = os.path.join(self._DIR, hostname) self._force_check = api.env.force_schema_check +self._now = time.time() self._dict = {} # copy-paste from ipalib/rpc.py @@ -87,12 +88,11 @@ def __iter__(self): def __len__(self): return len(self._dict) -def update_validity(self, ttl=None): -if ttl is None: -ttl = 3600 -self['expiration'] = time.time() + ttl -self['language'] = self._language -self._write() +def update_validity(self, ttl): +if not self.is_valid(): +self['expiration'] = self._now + ttl +self['language'] = self._language +self._write() def is_valid(self): if self._force_check: @@ -105,8 +105,7 @@ def is_valid(self): # if any of these is missing consider the entry expired return False -if expiration < time.time(): -# validity passed +if expiration < self._now: return False if language != self._language: diff --git a/ipaclient/remote_plugins/compat.py b/ipaclient/remote_plugins/compat.py index 2a600fccc89..351669a961c 100644 --- a/ipaclient/remote_plugins/compat.py +++ b/ipaclient/remote_plugins/compat.py @@ -58,7 +58,10 @@ def get_package(server_info, client): else: server_version = '2.0' server_info['version'] = server_version -server_info.update_validity() + +# in compat mode we don't get the schema TTL from the server +# so use the client context value. +
[Freeipa-devel] [freeipa PR#6049][closed] Make the schema cache TTL user-configurable
URL: https://github.com/freeipa/freeipa/pull/6049 Author: rcritten Title: #6049: Make the schema cache TTL user-configurable Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6049/head:pr6049 git checkout pr6049 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6072][opened] [Backport][ipa-4-9] ipatests: remove redundant kinit from test_renew()
URL: https://github.com/freeipa/freeipa/pull/6072 Author: flo-renaud Title: #6072: [Backport][ipa-4-9] ipatests: remove redundant kinit from test_renew() Action: opened PR body: """ This PR was opened automatically because PR #6068 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6072/head:pr6072 git checkout pr6072 From 08cbccf3e43d3d59d99bcc95dbac43abb9b399f0 Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Date: Mon, 1 Nov 2021 20:36:01 +0530 Subject: [PATCH] ipatests: remove redundant kinit from test Fixture issue_and_expire_cert() kinit after moving the date to expire certs. This fix is to rely on kinit from fixture. Signed-off-by: Mohammad Rizwan --- ipatests/test_integration/test_acme.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ipatests/test_integration/test_acme.py b/ipatests/test_integration/test_acme.py index 10195a95f93..a30f2fc7567 100644 --- a/ipatests/test_integration/test_acme.py +++ b/ipatests/test_integration/test_acme.py @@ -585,7 +585,7 @@ def issue_and_expire_cert(self): # Note raiseonerr=False: # the assert is located after kdcinfo retrieval. result = host.run_command( -"KRB5_TRACE=/dev/stdout kinit %s" % 'admin', +"KRB5_TRACE=/dev/stdout kinit admin", stdin_text='{0}\n{0}\n{0}\n'.format( self.clients[0].config.admin_password ), @@ -619,8 +619,6 @@ def test_renew(self, issue_and_expire_cert): cert = x509.load_pem_x509_certificate(data, backend=default_backend()) initial_expiry = cert.not_valid_after -tasks.kinit_admin(self.clients[0]) - self.clients[0].run_command(['certbot', 'renew']) data = self.clients[0].get_file_contents( ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6068][closed] ipatests: remove redundant kinit from test_renew()
URL: https://github.com/freeipa/freeipa/pull/6068 Author: mrizwan93 Title: #6068: ipatests: remove redundant kinit from test_renew() Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6068/head:pr6068 git checkout pr6068 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6067][closed] [Backport][ipa-4-6] ipatests: use AD domain name from config instead of hardcoded value
URL: https://github.com/freeipa/freeipa/pull/6067 Author: wladich Title: #6067: [Backport][ipa-4-6] ipatests: use AD domain name from config instead of hardcoded value Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6067/head:pr6067 git checkout pr6067 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6070][closed] ipatests: revert wrong commit on gating definition
URL: https://github.com/freeipa/freeipa/pull/6070 Author: flo-renaud Title: #6070: ipatests: revert wrong commit on gating definition Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6070/head:pr6070 git checkout pr6070 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6069][closed] ipa-4-6: ipatests: Update PR-CI template
URL: https://github.com/freeipa/freeipa/pull/6069 Author: netoarmando Title: #6069: ipa-4-6: ipatests: Update PR-CI template Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6069/head:pr6069 git checkout pr6069 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6071][opened] [Backport][ipa-4-9] Integrate SID configuration into base IPA installers
URL: https://github.com/freeipa/freeipa/pull/6071 Author: flo-renaud Title: #6071: [Backport][ipa-4-9] Integrate SID configuration into base IPA installers Action: opened PR body: """ This is a manual backport of PR #6045 to ipa-4-9 branch. There was a conflict on VERSION.m4 file because ipa-4-9 doesn't contain the `make sudorule option multivalue` update. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6071/head:pr6071 git checkout pr6071 From 730365dfacfe0c1940be97c07b9e0fc06f46f9c8 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Mon, 27 Sep 2021 08:36:32 +0200 Subject: [PATCH 01/12] SID generation: define SIDInstallInterface Move the SID-related options into a separate InstallInterface (--add-sids, --netbios-name, --rid-base and --secondary-rid-base), make ADTrustInstallInterface inherit from SIDInstallInterface. Related: https://pagure.io/freeipa/issue/8995 Signed-off-by: Florence Blanc-Renaud Reviewed-By: Christian Heimes Reviewed-By: Rob Crittenden Reviewed-By: Alexander Bokovoy --- ipaserver/install/adtrust.py | 56 ++-- 1 file changed, 35 insertions(+), 21 deletions(-) diff --git a/ipaserver/install/adtrust.py b/ipaserver/install/adtrust.py index ea279b56b1e..0409743ee94 100644 --- a/ipaserver/install/adtrust.py +++ b/ipaserver/install/adtrust.py @@ -530,43 +530,26 @@ def generate_dns_service_records_help(api): @group -class ADTrustInstallInterface(ServiceAdminInstallInterface): +class SIDInstallInterface(ServiceAdminInstallInterface): """ -Interface for the AD trust installer +Interface for the SID generation Installer Knobs defined here will be available in: * ipa-server-install * ipa-replica-install * ipa-adtrust-install """ -description = "AD trust" - -# the following knobs are provided on top of those specified for -# admin credentials +description = "SID generation" add_sids = knob( None, description="Add SIDs for existing users and groups as the final step" ) -add_agents = knob( -None, -description="Add IPA masters to a list of hosts allowed to " -"serve information about users from trusted forests" -) -add_agents = replica_install_only(add_agents) -enable_compat = knob( -None, -description="Enable support for trusted domains for old clients" -) +add_sids = replica_install_only(add_sids) netbios_name = knob( str, None, description="NetBIOS name of the IPA domain" ) -no_msdcs = knob( -None, -description="Deprecated: has no effect", -deprecated=True -) rid_base = knob( int, 1000, @@ -578,3 +561,34 @@ class ADTrustInstallInterface(ServiceAdminInstallInterface): description="Start value of the secondary range for mapping " "UIDs and GIDs to RIDs" ) + + +@group +class ADTrustInstallInterface(SIDInstallInterface): +""" +Interface for the AD trust installer + +Knobs defined here will be available in: +* ipa-server-install +* ipa-replica-install +* ipa-adtrust-install +""" +description = "AD trust" + +# the following knobs are provided on top of those specified for +# admin credentials +add_agents = knob( +None, +description="Add IPA masters to a list of hosts allowed to " +"serve information about users from trusted forests" +) +add_agents = replica_install_only(add_agents) +enable_compat = knob( +None, +description="Enable support for trusted domains for old clients" +) +no_msdcs = knob( +None, +description="Deprecated: has no effect", +deprecated=True +) From fe5256b045f8c8109f4efaf3d4fa13b8c29fc5a2 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Mon, 27 Sep 2021 11:44:43 +0200 Subject: [PATCH 02/12] Installers: configure sid generation in server/replica installer ADTRUSTInstance performs only sid configuration when it is called without --setup-adtrust. Update man pages for ipa-server-install and ipa-replica-install with the SID-related options. Related: https://pagure.io/freeipa/issue/8995 Signed-off-by: Florence Blanc-Renaud Reviewed-By: Christian Heimes Reviewed-By: Rob Crittenden Reviewed-By: Alexander Bokovoy --- install/tools/ipa-adtrust-install.in | 2 + install/tools/man/ipa-replica-install.1| 30 install/tools/man/ipa-server-install.1 | 11 +-- ipaserver/install/adtrust.py | 45 +-- ipaserver/install/adtrustinstance.py | 86 +- ipaserver/install/server/__init__.py | 5 -- ipaserver/install/server/install.py| 11 ++- ipaserver/install/server/replicainstall.py | 10 ++- 8 files changed, 113 insertions(+), 87 deletions(-)
[Freeipa-devel] [freeipa PR#6045][closed] Integrate SID configuration into base IPA installers
URL: https://github.com/freeipa/freeipa/pull/6045 Author: flo-renaud Title: #6045: Integrate SID configuration into base IPA installers Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6045/head:pr6045 git checkout pr6045 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6070][opened] ipatests: revert wrong commit on gating definition
URL: https://github.com/freeipa/freeipa/pull/6070 Author: flo-renaud Title: #6070: ipatests: revert wrong commit on gating definition Action: opened PR body: """ Commit ebe838c overwrote the PRCI definition with temp commit and needs to be reverted. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6070/head:pr6070 git checkout pr6070 From 1de2605b6098f92a8392b84341e8c0a6627abd71 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Tue, 2 Nov 2021 09:21:14 +0100 Subject: [PATCH] ipatests: revert wrong commit on gating definition Commit ebe838c overwrote the PRCI definition with temp commit and needs to be reverted. --- .freeipa-pr-ci.yaml| 2 +- ipatests/prci_definitions/temp_commit.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index 80656690080..abcf8c5b634 12 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -1 +1 @@ -ipatests/prci_definitions/temp_commit.yaml \ No newline at end of file +ipatests/prci_definitions/gating.yaml \ No newline at end of file diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml index e159c3c88b7..4b0398b9218 100644 --- a/ipatests/prci_definitions/temp_commit.yaml +++ b/ipatests/prci_definitions/temp_commit.yaml @@ -68,7 +68,7 @@ jobs: class: RunPytest args: build_url: '{fedora-latest/build_url}' -test_suite: test_integration/test_cert.py::TestCAShowErrorHandling +test_suite: test_integration/test_REPLACEME.py template: *ci-master-latest timeout: 3600 -topology: *master_1repl +topology: *master_1repl_1client ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6051][closed] [Backport][ipa-4-8] seccomp profile: Default to ENOSYS instead of EPERM
URL: https://github.com/freeipa/freeipa/pull/6051 Author: flo-renaud Title: #6051: [Backport][ipa-4-8] seccomp profile: Default to ENOSYS instead of EPERM Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6051/head:pr6051 git checkout pr6051 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6059][opened] [Backport][ipa-4-9] ipa-client-samba uninstall: remove tdb files
URL: https://github.com/freeipa/freeipa/pull/6059 Author: flo-renaud Title: #6059: [Backport][ipa-4-9] ipa-client-samba uninstall: remove tdb files Action: opened PR body: """ This PR was opened automatically because PR #6056 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6059/head:pr6059 git checkout pr6059 From 35f41f8b1bb9bcf3e40907250d3dab1b07c7aea9 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Wed, 20 Oct 2021 13:23:28 +0200 Subject: [PATCH 1/2] ipa-client-samba uninstall: remove tdb files ipa-client-samba uninstaller must remove samba *.tdb files in /var/lib/samba, /var/lib/samba/private and /var/lib/samba/lock. The current code calls rm on the relative path filename instead of building an absolute path filename, resulting in failure to remove the tdb files. Fixes: https://pagure.io/freeipa/issue/8687 Signed-off-by: Florence Blanc-Renaud --- ipaclient/install/ipa_client_samba.py | 18 +++--- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/ipaclient/install/ipa_client_samba.py b/ipaclient/install/ipa_client_samba.py index fd89e59e505..222ff311252 100755 --- a/ipaclient/install/ipa_client_samba.py +++ b/ipaclient/install/ipa_client_samba.py @@ -446,13 +446,17 @@ def uninstall(fstore, statestore, options): fstore.restore_file(paths.SMB_CONF) # Remove samba's persistent and temporary tdb files -tdb_files = [ -tdb_file -for tdb_file in os.listdir(paths.SAMBA_DIR) -if tdb_file.endswith(".tdb") -] -for tdb_file in tdb_files: -ipautil.remove_file(tdb_file) +# in /var/lib/samba and /var/lib/samba/private +for smbpath in (paths.SAMBA_DIR, +os.path.join(paths.SAMBA_DIR, "private"), +os.path.join(paths.SAMBA_DIR, "lock")): +tdb_files = [ +os.path.join(smbpath, tdb_file) +for tdb_file in os.listdir(smbpath) +if tdb_file.endswith(".tdb") +] +for tdb_file in tdb_files: +ipautil.remove_file(tdb_file) # Remove our keys from samba's keytab if os.path.exists(paths.SAMBA_KEYTAB): From bde65639ef19a1a1138c8a6d930a95894cc816ea Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Thu, 21 Oct 2021 16:09:20 +0200 Subject: [PATCH 2/2] ipa-server-install uninstall: remove tdb files ipa-server-install uninstaller must remove samba *.tdb files in /var/lib/samba, /var/lib/samba/private and /var/lib/samba/lock. The current code calls rm on the relative path filename instead of building an absolute path filename, resulting in failure to remove the tdb files. Related: https://pagure.io/freeipa/issue/8687 Signed-off-by: Florence Blanc-Renaud --- ipaserver/install/adtrustinstance.py | 17 - 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index 24e90f3ecf5..e034fabb3b9 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -918,11 +918,18 @@ def uninstall(self): ipautil.remove_file(self.smb_conf) # Remove samba's persistent and temporary tdb files -if os.path.isdir(paths.SAMBA_DIR): -tdb_files = [tdb_file for tdb_file in os.listdir(paths.SAMBA_DIR) - if tdb_file.endswith(".tdb")] -for tdb_file in tdb_files: -ipautil.remove_file(tdb_file) +# in /var/lib/samba and /var/lib/samba/private +for smbpath in (paths.SAMBA_DIR, +os.path.join(paths.SAMBA_DIR, "private"), +os.path.join(paths.SAMBA_DIR, "lock")): +if os.path.isdir(smbpath): +tdb_files = [ +os.path.join(smbpath, tdb_file) +for tdb_file in os.listdir(smbpath) +if tdb_file.endswith(".tdb") +] +for tdb_file in tdb_files: +ipautil.remove_file(tdb_file) # Remove our keys from samba's keytab self.clean_samba_keytab() ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6056][closed] ipa-client-samba uninstall: remove tdb files
URL: https://github.com/freeipa/freeipa/pull/6056 Author: flo-renaud Title: #6056: ipa-client-samba uninstall: remove tdb files Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6056/head:pr6056 git checkout pr6056 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6058][closed] [Backport][ipa-4-9] ipatests: webui: Specify configuration loader
URL: https://github.com/freeipa/freeipa/pull/6058 Author: miskopo Title: #6058: [Backport][ipa-4-9] ipatests: webui: Specify configuration loader Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6058/head:pr6058 git checkout pr6058 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6057][closed] [Backport][ipa-4-9] azure: Don't customize pip's builddir
URL: https://github.com/freeipa/freeipa/pull/6057 Author: flo-renaud Title: #6057: [Backport][ipa-4-9] azure: Don't customize pip's builddir Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6057/head:pr6057 git checkout pr6057 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6055][closed] [Backport][ipa-4-8] ipatests: Update the subca used in TestIPACommand::test_cacert_manage
URL: https://github.com/freeipa/freeipa/pull/6055 Author: stanislavlevin Title: #6055: [Backport][ipa-4-8] ipatests: Update the subca used in TestIPACommand::test_cacert_manage Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6055/head:pr6055 git checkout pr6055 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6057][opened] [Backport][ipa-4-9] azure: Don't customize pip's builddir
URL: https://github.com/freeipa/freeipa/pull/6057 Author: flo-renaud Title: #6057: [Backport][ipa-4-9] azure: Don't customize pip's builddir Action: opened PR body: """ This PR was opened automatically because PR #6053 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6057/head:pr6057 git checkout pr6057 From e650db547c092bf96468335b4b2ecc6852453f21 Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: Tue, 19 Oct 2021 13:32:57 +0300 Subject: [PATCH] azure: Don't customize pip's builddir As of 21.3 pip: > Remove the --build-dir option and aliases, one last time. (pypa/pip#10485) https://pip.pypa.io/en/stable/news/#v21-3 Previous versions warn about deprecation. The builddir is provided to pip via env variable PIP_BUILD in Tox task. The purpose of changing of default builddir was noexec mount option for /tmp in Travis (see 17d571c961). Since Travis is no longer used and Azure lacks this issue the PIP_BUILD can be safely removed. Note: pip 21.3 just ignores this env variable, which is more than can be said for the command line option. It's better to clean it up, since the behaviour may be changed in future. This is effectively the revert of 17d571c961. Fixes: https://pagure.io/freeipa/issue/9011 Signed-off-by: Stanislav Levin --- .tox-install.sh | 16 ++-- tox.ini | 4 ++-- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/.tox-install.sh b/.tox-install.sh index ff22b4d79fe..94c1dc6270a 100755 --- a/.tox-install.sh +++ b/.tox-install.sh @@ -4,9 +4,8 @@ set -ex FLAVOR="$1" ENVPYTHON="$(realpath -s "$2")" ENVSITEPACKAGESDIR="$(realpath -s "$3")" -ENVDIR="$4" -# 4...end are package requirements -shift 4 +# 3...end are package requirements +shift 3 TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" @@ -26,21 +25,10 @@ if [ ! -f "${TOXINIDIR}/tox.ini" ]; then exit 3 fi -if [ ! -d "${ENVDIR}" ]; then -echo "${ENVDIR}: no such directory" -exit 4 -fi - # https://pip.pypa.io/en/stable/user_guide/#environment-variables export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" mkdir -p "${PIP_CACHE_DIR}" -# /tmp could be mounted with noexec option. -# pip checks if path is executable and if not then doesn't set such -# permission bits -export PIP_BUILD="${ENVDIR}/pip_build" -rm -rf "${PIP_BUILD}" - DISTBUNDLE="${TOXINIDIR}/dist/bundle" mkdir -p "${DISTBUNDLE}" diff --git a/tox.ini b/tox.ini index 38d1b5a38df..7f2835d0655 100644 --- a/tox.ini +++ b/tox.ini @@ -8,7 +8,7 @@ skipsdist=true # always re-create virtual env. A special install helper is used to configure, # build and install packages. recreate=True -install_command={toxinidir}/.tox-install.sh wheel_bundle {envpython} {envsitepackagesdir} {envdir} {packages} +install_command={toxinidir}/.tox-install.sh wheel_bundle {envpython} {envsitepackagesdir} {packages} changedir={envdir} setenv= HOME={envtmpdir} @@ -34,7 +34,7 @@ commands= [testenv:pypi] recreate=True -install_command={toxinidir}/.tox-install.sh pypi_packages {envpython} {envsitepackagesdir} {envdir} {packages} +install_command={toxinidir}/.tox-install.sh pypi_packages {envpython} {envsitepackagesdir} {packages} changedir={envdir} setenv= HOME={envtmpdir} ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6053][closed] azure: Don't customize pip's builddir
URL: https://github.com/freeipa/freeipa/pull/6053 Author: stanislavlevin Title: #6053: azure: Don't customize pip's builddir Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6053/head:pr6053 git checkout pr6053 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6056][opened] ipa-client-samba uninstall: remove tdb files
URL: https://github.com/freeipa/freeipa/pull/6056 Author: flo-renaud Title: #6056: ipa-client-samba uninstall: remove tdb files Action: opened PR body: """ ipa-client-samba uninstaller must remove samba *.tdb files in /var/lib/samba. The current code calls rm on the relative path filename instead of building an absolute path filename, resulting in failure to remove the tdb files. Fixes: https://pagure.io/freeipa/issue/8687 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6056/head:pr6056 git checkout pr6056 From 5eaefeee6376e4e8b2ced0a30208766b7bbb39d8 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Wed, 20 Oct 2021 13:23:28 +0200 Subject: [PATCH 1/2] ipa-client-samba uninstall: remove tdb files ipa-client-samba uninstaller must remove samba *.tdb files in /var/lib/samba. The current code calls rm on the relative path filename instead of building an absolute path filename, resulting in failure to remove the tdb files. Fixes: https://pagure.io/freeipa/issue/8687 Signed-off-by: Florence Blanc-Renaud --- ipaclient/install/ipa_client_samba.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaclient/install/ipa_client_samba.py b/ipaclient/install/ipa_client_samba.py index fd89e59e505..3d46cd1b5cd 100755 --- a/ipaclient/install/ipa_client_samba.py +++ b/ipaclient/install/ipa_client_samba.py @@ -447,7 +447,7 @@ def uninstall(fstore, statestore, options): # Remove samba's persistent and temporary tdb files tdb_files = [ -tdb_file +os.path.join(paths.SAMBA_DIR, tdb_file) for tdb_file in os.listdir(paths.SAMBA_DIR) if tdb_file.endswith(".tdb") ] From f30994869bdc5d02c2268d77ae829d8d9da1510e Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Wed, 20 Oct 2021 13:28:12 +0200 Subject: [PATCH 2/2] Temp commit --- .freeipa-pr-ci.yaml| 2 +- ipatests/prci_definitions/temp_commit.yaml | 11 ++- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index abcf8c5b634..80656690080 12 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -1 +1 @@ -ipatests/prci_definitions/gating.yaml \ No newline at end of file +ipatests/prci_definitions/temp_commit.yaml \ No newline at end of file diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml index 4b0398b9218..a0e49a3e646 100644 --- a/ipatests/prci_definitions/temp_commit.yaml +++ b/ipatests/prci_definitions/temp_commit.yaml @@ -61,14 +61,15 @@ jobs: timeout: 1800 topology: *build - fedora-latest/temp_commit: + fedora-latest/test_smb: requires: [fedora-latest/build] priority: 50 job: - class: RunPytest + class: RunADTests args: build_url: '{fedora-latest/build_url}' -test_suite: test_integration/test_REPLACEME.py +test_suite: test_integration/test_smb.py template: *ci-master-latest -timeout: 3600 -topology: *master_1repl_1client +timeout: 7200 +topology: *ad_master_2client + ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6052][opened] [Backport][ipa-4-9] seccomp profile: Default to ENOSYS instead of EPERM
URL: https://github.com/freeipa/freeipa/pull/6052 Author: flo-renaud Title: #6052: [Backport][ipa-4-9] seccomp profile: Default to ENOSYS instead of EPERM Action: opened PR body: """ This PR was opened automatically because PR #6048 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6052/head:pr6052 git checkout pr6052 From 4d1a0a5ff5b22b1adf86355ec8ed9b1c1800a1e2 Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: Fri, 15 Oct 2021 18:02:29 +0300 Subject: [PATCH] seccomp profile: Default to ENOSYS instead of EPERM This allows application to detect whether the kernel supports syscall or not. Previously, an error was unconditionally EPERM. There are many issues about glibc failed with new syscalls in containerized environments if their host run on old kernel. More about motivation for ENOSYS over EPERM: https://github.com/opencontainers/runc/issues/2151 https://github.com/opencontainers/runc/pull/2750 See about defaultErrnoRet introduction: https://github.com/opencontainers/runtime-spec/pull/1087 Previously, FreeIPA profile was vendored from https://github.com/containers/podman/blob/main/vendor/github.com/containers/common/pkg/seccomp/seccomp.json Now it is merged directly from https://github.com/containers/common/blob/main/pkg/seccomp/seccomp.json Fixes: https://pagure.io/freeipa/issue/9008 Signed-off-by: Stanislav Levin --- ipatests/azure/Dockerfiles/seccomp.json | 413 +++- 1 file changed, 327 insertions(+), 86 deletions(-) diff --git a/ipatests/azure/Dockerfiles/seccomp.json b/ipatests/azure/Dockerfiles/seccomp.json index 350f1b4fa05..7d50588e31a 100644 --- a/ipatests/azure/Dockerfiles/seccomp.json +++ b/ipatests/azure/Dockerfiles/seccomp.json @@ -1,6 +1,7 @@ { "__defaultAction": "Change defaultAction to SCMP_ACT_LOG and then check Host's journal for SECCOMP", -"defaultAction": "SCMP_ACT_ERRNO", + "defaultAction": "SCMP_ACT_ERRNO", + "defaultErrnoRet": 38, "archMap": [ { "architecture": "SCMP_ARCH_X86_64", @@ -53,6 +54,46 @@ "syscalls": [ { "names": [ +"bdflush", +"io_pgetevents", +"kexec_file_load", +"kexec_load", +"migrate_pages", +"move_pages", +"nfsservctl", +"nice", +"oldfstat", +"oldlstat", +"oldolduname", +"oldstat", +"olduname", +"pciconfig_iobase", +"pciconfig_read", +"pciconfig_write", +"sgetmask", +"ssetmask", +"swapcontext", +"swapoff", +"swapon", +"sysfs", +"uselib", +"userfaultfd", +"ustat", +"vm86", +"vm86old", +"vmsplice" + ], + "action": "SCMP_ACT_ERRNO", + "args": [], + "comment": "", + "includes": {}, + "excludes": {}, + "errnoRet": 1 + }, + { + "names": [ +"_llseek", +"_newselect", "accept", "accept4", "access", @@ -67,10 +108,17 @@ "chown", "chown32", "clock_adjtime", +"clock_adjtime64", "clock_getres", +"clock_getres_time64", "clock_gettime", +"clock_gettime64", "clock_nanosleep", +"clock_nanosleep_time64", +"clone", +"clone3", "close", +"close_range", "connect", "copy_file_range", "creat", @@ -82,6 +130,7 @@ "epoll_ctl", "epoll_ctl_old", "epoll_pwait", +"epoll_pwait2", "epoll_wait", "epoll_wait_old", "eventfd", @@ -110,7 +159,11 @@ "flock", "fork", "fremovexattr", +"fsconfig", "fsetxattr", +"fsmount", +"fsopen", +"fspick", "fstat", "fstat64", "fstatat64", @@ -120,7 +173,10 @@ "ftruncate", "ftruncate64", "futex", +"futex_time64", "futimesat", +"get_robust_list", +"get_thread_area", "getcpu", "getcwd", "getdents", @@ -134,6 +190,7 @@ "getgroups", "getgroups32", "getitimer", +"get_mempolicy", "getpeername", "getpgid", "getpgrp", @@ -146,12 +203,10 @@ "getresuid", "getresuid32", "getrlimit", -"get_robust_list", "getrusage", "getsid", "getsockname", "getsockopt", -"get_thread_area", "gettid", "gettimeofday", "getuid", @@ -162,14 +217,15 @@ "inotify_init1", "inotify_rm_watch", "io_cancel", -"ioctl", "io_destroy", "io_getevents", -"ioprio_get", -"ioprio_set", "io_setup", "io_submit", +"ioctl", +"ioprio_get", +"ioprio_set", "ipc", +"keyctl", "kill", "lchown", "lchown32", @@ -179,14 +235,15 @@ "listen", "listxattr", "llistxattr", -"_llseek", "lremovexattr", "lseek", "lsetxattr", "lstat", "lstat64", "madvise", +"mbind", "memfd_create", +"memfd_secret", "mincore", "mkdir", "mkdirat", @@ -197,12 +254,16 @@ "mlockall", "mmap", "mmap2", +"mount", +"move_mount", "mprotect",
[Freeipa-devel] [freeipa PR#6048][closed] seccomp profile: Default to ENOSYS instead of EPERM
URL: https://github.com/freeipa/freeipa/pull/6048 Author: stanislavlevin Title: #6048: seccomp profile: Default to ENOSYS instead of EPERM Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6048/head:pr6048 git checkout pr6048 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6045][opened] Integrate SID configuration into base IPA installers
URL: https://github.com/freeipa/freeipa/pull/6045 Author: flo-renaud Title: #6045: Integrate SID configuration into base IPA installers Action: opened PR body: """ Implementation of the design available in PR #6033 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6045/head:pr6045 git checkout pr6045 From 637166f0de3b31b302011f36883ac9e7a58371e2 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Mon, 27 Sep 2021 08:36:32 +0200 Subject: [PATCH 1/5] SID generation: define SIDInstallInterface Move the SID-related options into a separate InstallInterface (--add-sids, --netbios-name, --rid-base and --secondary-rid-base), make ADTrustInstallInterface inherit from SIDInstallInterface. Related: https://pagure.io/freeipa/issue/8995 --- ipaserver/install/adtrust.py | 56 ++-- 1 file changed, 35 insertions(+), 21 deletions(-) diff --git a/ipaserver/install/adtrust.py b/ipaserver/install/adtrust.py index ea279b56b1e..0409743ee94 100644 --- a/ipaserver/install/adtrust.py +++ b/ipaserver/install/adtrust.py @@ -530,43 +530,26 @@ def generate_dns_service_records_help(api): @group -class ADTrustInstallInterface(ServiceAdminInstallInterface): +class SIDInstallInterface(ServiceAdminInstallInterface): """ -Interface for the AD trust installer +Interface for the SID generation Installer Knobs defined here will be available in: * ipa-server-install * ipa-replica-install * ipa-adtrust-install """ -description = "AD trust" - -# the following knobs are provided on top of those specified for -# admin credentials +description = "SID generation" add_sids = knob( None, description="Add SIDs for existing users and groups as the final step" ) -add_agents = knob( -None, -description="Add IPA masters to a list of hosts allowed to " -"serve information about users from trusted forests" -) -add_agents = replica_install_only(add_agents) -enable_compat = knob( -None, -description="Enable support for trusted domains for old clients" -) +add_sids = replica_install_only(add_sids) netbios_name = knob( str, None, description="NetBIOS name of the IPA domain" ) -no_msdcs = knob( -None, -description="Deprecated: has no effect", -deprecated=True -) rid_base = knob( int, 1000, @@ -578,3 +561,34 @@ class ADTrustInstallInterface(ServiceAdminInstallInterface): description="Start value of the secondary range for mapping " "UIDs and GIDs to RIDs" ) + + +@group +class ADTrustInstallInterface(SIDInstallInterface): +""" +Interface for the AD trust installer + +Knobs defined here will be available in: +* ipa-server-install +* ipa-replica-install +* ipa-adtrust-install +""" +description = "AD trust" + +# the following knobs are provided on top of those specified for +# admin credentials +add_agents = knob( +None, +description="Add IPA masters to a list of hosts allowed to " +"serve information about users from trusted forests" +) +add_agents = replica_install_only(add_agents) +enable_compat = knob( +None, +description="Enable support for trusted domains for old clients" +) +no_msdcs = knob( +None, +description="Deprecated: has no effect", +deprecated=True +) From 7483705e61b7e897387b1212a9e1868943b16d4c Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Mon, 27 Sep 2021 11:44:43 +0200 Subject: [PATCH 2/5] Installers: configure sid generation in server/replica installer ADTRUSTInstance performs only sid configuration when it is called without --setup-adtrust. Update man pages for ipa-server-install and ipa-replica-install with the SID-related options. Related: https://pagure.io/freeipa/issue/8995 --- install/tools/man/ipa-replica-install.1| 30 install/tools/man/ipa-server-install.1 | 11 +-- ipaserver/install/adtrust.py | 45 +-- ipaserver/install/adtrustinstance.py | 86 +- ipaserver/install/server/__init__.py | 5 -- ipaserver/install/server/install.py| 11 ++- ipaserver/install/server/replicainstall.py | 10 ++- 7 files changed, 111 insertions(+), 87 deletions(-) diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1 index 44fce10ba94..7f88303d2bb 100644 --- a/install/tools/man/ipa-replica-install.1 +++ b/install/tools/man/ipa-replica-install.1 @@ -205,10 +205,7 @@ Do not automatically create DNS SSHFP records. \fB\-\-no\-dnssec\-validation\fR Disable DNSSEC validation on this server. -.SS "AD TRUST OPTIONS" -.TP -\fB\-\-setup\-adtrust\fR -Configure AD Trust capability on a
[Freeipa-devel] [freeipa PR#6044][closed] [Backport][ipa-4-9] ipatests: Update the subca used in TestIPACommand::test_cacert_manage
URL: https://github.com/freeipa/freeipa/pull/6044 Author: flo-renaud Title: #6044: [Backport][ipa-4-9] ipatests: Update the subca used in TestIPACommand::test_cacert_manage Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6044/head:pr6044 git checkout pr6044 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6031][closed] Improve sudooption docs, make the option multi-value
URL: https://github.com/freeipa/freeipa/pull/6031 Author: rcritten Title: #6031: Improve sudooption docs, make the option multi-value Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6031/head:pr6031 git checkout pr6031 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6042][closed] [Backport][ipa-4-9] Make Dogtag return XML for ipa cert-find
URL: https://github.com/freeipa/freeipa/pull/6042 Author: flo-renaud Title: #6042: [Backport][ipa-4-9] Make Dogtag return XML for ipa cert-find Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6042/head:pr6042 git checkout pr6042 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6044][opened] [Backport][ipa-4-9] ipatests: Update the subca used in TestIPACommand::test_cacert_manage
URL: https://github.com/freeipa/freeipa/pull/6044 Author: flo-renaud Title: #6044: [Backport][ipa-4-9] ipatests: Update the subca used in TestIPACommand::test_cacert_manage Action: opened PR body: """ This PR was opened automatically because PR #6043 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6044/head:pr6044 git checkout pr6044 From 3192d0ed8b22ea149669c02f93f9c7c09d5b8f98 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Thu, 7 Oct 2021 08:39:23 +0200 Subject: [PATCH] ipatests: Update the subca used in TestIPACommand::test_cacert_manage The above test is installing 2 Let's Encrypt certificates: the root ISRG Root X1 and a subca. The subca expired Oct 6 and needs to be replaced with a valid one, otherwise ipa-cacert-manage install refuses to install it. Fixes: https://pagure.io/freeipa/issue/9006 Signed-off-by: Florence Blanc-Renaud --- ipatests/test_integration/test_commands.py | 68 +++--- 1 file changed, 33 insertions(+), 35 deletions(-) diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py index a5c4a86d4f6..4c2d2674925 100644 --- a/ipatests/test_integration/test_commands.py +++ b/ipatests/test_integration/test_commands.py @@ -84,43 +84,41 @@ ) isrgrootx1_nick = 'CN=ISRG Root X1,O=Internet Security Research Group,C=US' -# This sub-CA expires on Oct 6, 2021 but it is functional for our -# purposes of testing, the date validity is not considered (yet). -letsencryptauthorityx3 = ( +# This sub-CA expires on Sep 15, 2025 and will need to be replaced +# after this date. Otherwise TestIPACommand::test_cacert_manage fails. +letsencryptauthorityr3 = ( b'-BEGIN CERTIFICATE-\n' -b'MIIFjTCCA3WgAwIBAgIRANOxciY0IzLc9AUoUSrsnGowDQYJKoZIhvcNAQELBQAw\n' +b'MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw\n' b'TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\n' -b'cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0MzU1\n' -b'WhcNMjExMDA2MTU0MzU1WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\n' -b'RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEi\n' -b'MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrX\n' -b'NSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB/XkZqf\n' -b'89B4Z3HIaQ6Vkc/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHl\n' -b'Npi5y/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2/oOVvaGifOFP5eGr7Dc\n' -b'Gu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgz\n' -b'uEPxsR/DMH+ieTETPS02+OP88jNquTkxxa/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMB\n' -b'AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU\n' -b'BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB\n' -b'FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBSo\n' -b'SmpjBH3duubRObemRWXv86jsoTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js\n' -b'LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF\n' -b'BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG\n' -b'AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD\n' -b'VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB\n' -b'ABnPdSA0LTqmRf/Q1eaM2jLonG4bQdEnqOJQ8nCqxOeTRrToEKtwT++36gTSlBGx\n' -b'A/5dut82jJQ2jxN8RI8L9QFXrWi4xXnA2EqA10yjHiR6H9cj6MFiOnb5In1eWsRM\n' -b'UM2v3e9tNsCAgBukPHAg1lQh07rvFKm/Bz9BCjaxorALINUfZ9DD64j2igLIxle2\n' -b'DPxW8dI/F2loHMjXZjqG8RkqZUdoxtID5+90FgsGIfkMpqgRS05f4zPbCEHqCXl1\n' -b'eO5HyELTgcVlLXXQDgAWnRzut1hFJeczY1tjQQno6f6s+nMydLN26WuU4s3UYvOu\n' -b'OsUxRlJu7TSRHqDC3lSE5XggVkzdaPkuKGQbGpny+01/47hfXXNB7HntWNZ6N2Vw\n' -b'p7G6OfY+YQrZwIaQmhrIqJZuigsrbe3W+gdn5ykE9+Ky0VgVUsfxo52mwFYs1JKY\n' -b'2PGDuWx8M6DlS6qQkvHaRUo0FMd8TsSlbF0/v965qGFKhSDeQoMpYnwcmQilRh/0\n' -b'ayLThlHLN81gSkJjVrPI0Y8xCVPB4twb1PFUd2fPM3sA1tJ83sZ5v8vgFv2yofKR\n' -b'PB0t6JzUA81mSqM3kxl5e+IZwhYAyO0OTg3/fs8HqGTNKd9BqoUwSRBzp06JMg5b\n' -b'rUCGwbCUDI0mxadJ3Bz4WxR6fyNpBK2yAinWEsikxqEt\n' +b'cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw\n' +b'WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\n' +b'RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n' +b'AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP\n' +b'R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx\n' +b'sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm\n' +b'NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg\n' +b'Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG\n' +b'/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC\n' +b'AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB\n' +b'Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA\n' +
[Freeipa-devel] [freeipa PR#6043][closed] ipatests: Update the subca used in TestIPACommand::test_cacert_manage
URL: https://github.com/freeipa/freeipa/pull/6043 Author: flo-renaud Title: #6043: ipatests: Update the subca used in TestIPACommand::test_cacert_manage Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6043/head:pr6043 git checkout pr6043 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6043][opened] ipatests: Update the subca used in TestIPACommand::test_cacert_manage
URL: https://github.com/freeipa/freeipa/pull/6043 Author: flo-renaud Title: #6043: ipatests: Update the subca used in TestIPACommand::test_cacert_manage Action: opened PR body: """ The above test is installing 2 Let's Encrypt certificates: the root ISRG Root X1 and a subca. The subca expired Oct 6 and needs to be replaced with a valid one, otherwise ipa-cacert-manage install refuses to install it. Fixes: https://pagure.io/freeipa/issue/9006 Signed-off-by: Florence Blanc-Renaud """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6043/head:pr6043 git checkout pr6043 From 7387ecc312f866985f3573aa6541c61790f7dd35 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Thu, 7 Oct 2021 08:39:23 +0200 Subject: [PATCH] ipatests: Update the subca used in TestIPACommand::test_cacert_manage The above test is installing 2 Let's Encrypt certificates: the root ISRG Root X1 and a subca. The subca expired Oct 6 and needs to be replaced with a valid one, otherwise ipa-cacert-manage install refuses to install it. Fixes: https://pagure.io/freeipa/issue/9006 Signed-off-by: Florence Blanc-Renaud --- ipatests/test_integration/test_commands.py | 70 +++--- 1 file changed, 34 insertions(+), 36 deletions(-) diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py index bd175c2c657..5322b9bfc17 100644 --- a/ipatests/test_integration/test_commands.py +++ b/ipatests/test_integration/test_commands.py @@ -84,43 +84,41 @@ ) isrgrootx1_nick = 'CN=ISRG Root X1,O=Internet Security Research Group,C=US' -# This sub-CA expires on Oct 6, 2021 but it is functional for our -# purposes of testing, the date validity is not considered (yet). -letsencryptauthorityx3 = ( -b'-BEGIN CERTIFICATE-\n' -b'MIIFjTCCA3WgAwIBAgIRANOxciY0IzLc9AUoUSrsnGowDQYJKoZIhvcNAQELBQAw\n' +# This sub-CA expires on Sep 15, 2025 and will need to be replaced +# after this date. Otherwise TestIPACommand::test_cacert_manage fails. +letsencryptauthorityr3 = ( +b'-BEGIN CERTIFICATE-\n' +b'MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw\n' b'TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\n' -b'cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0MzU1\n' -b'WhcNMjExMDA2MTU0MzU1WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\n' -b'RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEi\n' -b'MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrX\n' -b'NSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB/XkZqf\n' -b'89B4Z3HIaQ6Vkc/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHl\n' -b'Npi5y/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2/oOVvaGifOFP5eGr7Dc\n' -b'Gu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgz\n' -b'uEPxsR/DMH+ieTETPS02+OP88jNquTkxxa/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMB\n' -b'AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU\n' -b'BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB\n' -b'FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBSo\n' -b'SmpjBH3duubRObemRWXv86jsoTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js\n' -b'LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF\n' -b'BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG\n' -b'AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD\n' -b'VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB\n' -b'ABnPdSA0LTqmRf/Q1eaM2jLonG4bQdEnqOJQ8nCqxOeTRrToEKtwT++36gTSlBGx\n' -b'A/5dut82jJQ2jxN8RI8L9QFXrWi4xXnA2EqA10yjHiR6H9cj6MFiOnb5In1eWsRM\n' -b'UM2v3e9tNsCAgBukPHAg1lQh07rvFKm/Bz9BCjaxorALINUfZ9DD64j2igLIxle2\n' -b'DPxW8dI/F2loHMjXZjqG8RkqZUdoxtID5+90FgsGIfkMpqgRS05f4zPbCEHqCXl1\n' -b'eO5HyELTgcVlLXXQDgAWnRzut1hFJeczY1tjQQno6f6s+nMydLN26WuU4s3UYvOu\n' -b'OsUxRlJu7TSRHqDC3lSE5XggVkzdaPkuKGQbGpny+01/47hfXXNB7HntWNZ6N2Vw\n' -b'p7G6OfY+YQrZwIaQmhrIqJZuigsrbe3W+gdn5ykE9+Ky0VgVUsfxo52mwFYs1JKY\n' -b'2PGDuWx8M6DlS6qQkvHaRUo0FMd8TsSlbF0/v965qGFKhSDeQoMpYnwcmQilRh/0\n' -b'ayLThlHLN81gSkJjVrPI0Y8xCVPB4twb1PFUd2fPM3sA1tJ83sZ5v8vgFv2yofKR\n' -b'PB0t6JzUA81mSqM3kxl5e+IZwhYAyO0OTg3/fs8HqGTNKd9BqoUwSRBzp06JMg5b\n' -b'rUCGwbCUDI0mxadJ3Bz4WxR6fyNpBK2yAinWEsikxqEt\n' +b'cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw\n' +b'WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\n' +b'RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n' +b'AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP\n' +b'R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx\n' +b'sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm\n' +b'NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg\n' +b'Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG\n' +
[Freeipa-devel] [freeipa PR#6042][opened] [Backport][ipa-4-9] Make Dogtag return XML for ipa cert-find
URL: https://github.com/freeipa/freeipa/pull/6042 Author: flo-renaud Title: #6042: [Backport][ipa-4-9] Make Dogtag return XML for ipa cert-find Action: opened PR body: """ This PR was opened automatically because PR #6014 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6042/head:pr6042 git checkout pr6042 From b706483c827a971aeae855199b9d4ce6005e53b1 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Sat, 2 Oct 2021 13:18:23 +0200 Subject: [PATCH 1/3] webui test: close notification after selinux user map update The test test_undo_refresh_reset_update_cancel is sometimes failing because a notification obscures the selinuxmap record. After saving the modification on the record, close any notification to make sure the test succeeds. Fixes: https://pagure.io/freeipa/issue/8846 Signed-off-by: Florence Blanc-Renaud Reviewed-By: Anuja More --- ipatests/test_webui/test_selinuxusermap.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ipatests/test_webui/test_selinuxusermap.py b/ipatests/test_webui/test_selinuxusermap.py index 038204e9d41..bd2024ee26e 100644 --- a/ipatests/test_webui/test_selinuxusermap.py +++ b/ipatests/test_webui/test_selinuxusermap.py @@ -356,6 +356,7 @@ def test_undo_refresh_reset_update_cancel(self): self.fill_fields(selinuxmap.DATA['mod'], undo=True) self.click_on_link('SELinux User Maps') self.dialog_button_click('save') +self.close_notifications() self.navigate_to_record(selinuxmap.PKEY) self.verify_btn_action(mod_description, negative=True) self.wait_for_request(n=2) From e60076690cc02105d4a6abd9afb6aba5dd70b6bd Mon Sep 17 00:00:00 2001 From: Sergey Orlov Date: Tue, 21 Sep 2021 16:57:59 +0200 Subject: [PATCH 2/3] ipatests: check for message in sssd log only during actual test action Get size of the log file immediately before main test action to avoid capturing messages written to log during environment preparation. Fixes https://pagure.io/freeipa/issue/8987 Reviewed-By: Florence Blanc-Renaud --- ipatests/test_integration/test_trust.py | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ipatests/test_integration/test_trust.py b/ipatests/test_integration/test_trust.py index 207cddb2275..a58e27af0c4 100644 --- a/ipatests/test_integration/test_trust.py +++ b/ipatests/test_integration/test_trust.py @@ -571,9 +571,6 @@ def test_extdom_plugin(self): client = self.clients[0] tasks.backup_file(self.master, paths.SSSD_CONF) -log_file = '{0}/sssd_{1}.log'.format(paths.VAR_LOG_SSSD_DIR, - client.domain.name) -logsize = len(client.get_file_contents(log_file)) res = self.master.run_command(['pidof', 'sssd_be']) pid = res.stdout_text.strip() test_id = 'id testuser@%s' % self.ad_domain @@ -595,6 +592,10 @@ def test_extdom_plugin(self): self.master.run_command(remove_cache) client.run_command(remove_cache) +log_file = '{0}/sssd_{1}.log'.format(paths.VAR_LOG_SSSD_DIR, + client.domain.name) +logsize = len(client.get_file_contents(log_file)) + try: # stop sssd_be, needed to simulate a timeout in the extdom plugin. stop_sssdbe = self.master.run_command('kill -STOP %s' % pid) From 1f5f24bef2e9b2faef145dbf8ea78b650dd41d96 Mon Sep 17 00:00:00 2001 From: Chris Kelley Date: Fri, 10 Sep 2021 16:47:22 +0100 Subject: [PATCH 3/3] Make Dogtag return XML for ipa cert-find Using JSON by default within Dogtag appears to cause ipa cert-find to return JSON, when the request was made with XML. We can request that XML is returned as before by specifying so in the request header. Fixes: https://pagure.io/freeipa/issue/8980 Signed-off-by: Chris Kelley --- ipaserver/plugins/dogtag.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index be2e4bb4e2a..b4feddfac19 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1832,7 +1832,8 @@ def convert_time(value): method='POST', headers={'Accept-Encoding': 'gzip, deflate', 'User-Agent': 'IPA', - 'Content-Type': 'application/xml'}, + 'Content-Type': 'application/xml', + 'Accept': 'application/xml'}, body=payload ) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
[Freeipa-devel] [freeipa PR#6039][closed] [Backport][ipa-4-9] webui test: close notification after selinux user map update
URL: https://github.com/freeipa/freeipa/pull/6039 Author: rcritten Title: #6039: [Backport][ipa-4-9] webui test: close notification after selinux user map update Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6039/head:pr6039 git checkout pr6039 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6037][opened] webui test: close notification after selinux user map update
URL: https://github.com/freeipa/freeipa/pull/6037 Author: flo-renaud Title: #6037: webui test: close notification after selinux user map update Action: opened PR body: """ The test test_undo_refresh_reset_update_cancel is sometimes failing because a notification obscures the selinuxmap record. After saving the modification on the record, close any notification to make sure the test succeeds. Fixes: https://pagure.io/freeipa/issue/8846 Signed-off-by: Florence Blanc-Renaud """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6037/head:pr6037 git checkout pr6037 From 353119094ec475a6c00e8e9205533b2767f8acea Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Sat, 2 Oct 2021 13:18:23 +0200 Subject: [PATCH 1/2] webui test: close notification after selinux user map update The test test_undo_refresh_reset_update_cancel is sometimes failing because a notification obscures the selinuxmap record. After saving the modification on the record, close any notification to make sure the test succeeds. Fixes: https://pagure.io/freeipa/issue/8846 Signed-off-by: Florence Blanc-Renaud --- ipatests/test_webui/test_selinuxusermap.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ipatests/test_webui/test_selinuxusermap.py b/ipatests/test_webui/test_selinuxusermap.py index 038204e9d41..bd2024ee26e 100644 --- a/ipatests/test_webui/test_selinuxusermap.py +++ b/ipatests/test_webui/test_selinuxusermap.py @@ -356,6 +356,7 @@ def test_undo_refresh_reset_update_cancel(self): self.fill_fields(selinuxmap.DATA['mod'], undo=True) self.click_on_link('SELinux User Maps') self.dialog_button_click('save') +self.close_notifications() self.navigate_to_record(selinuxmap.PKEY) self.verify_btn_action(mod_description, negative=True) self.wait_for_request(n=2) From ef66e7dc05361af10046a6ad56a4154943c1202d Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Sat, 2 Oct 2021 13:24:00 +0200 Subject: [PATCH 2/2] Temp commit --- .freeipa-pr-ci.yaml| 2 +- ipatests/prci_definitions/temp_commit.yaml | 9 + 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index abcf8c5b634..80656690080 12 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -1 +1 @@ -ipatests/prci_definitions/gating.yaml \ No newline at end of file +ipatests/prci_definitions/temp_commit.yaml \ No newline at end of file diff --git a/ipatests/prci_definitions/temp_commit.yaml b/ipatests/prci_definitions/temp_commit.yaml index 4b0398b9218..b8b7aad80ca 100644 --- a/ipatests/prci_definitions/temp_commit.yaml +++ b/ipatests/prci_definitions/temp_commit.yaml @@ -61,14 +61,15 @@ jobs: timeout: 1800 topology: *build - fedora-latest/temp_commit: + fedora-latest/test_webui_policy: requires: [fedora-latest/build] priority: 50 job: - class: RunPytest + class: RunWebuiTests args: build_url: '{fedora-latest/build_url}' -test_suite: test_integration/test_REPLACEME.py +test_suite: test_webui/test_selinuxusermap.py template: *ci-master-latest timeout: 3600 -topology: *master_1repl_1client +topology: *ipaserver + ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6034][closed] [Backport][ipa-4-9] ipatests: increase sosreport verbosity
URL: https://github.com/freeipa/freeipa/pull/6034 Author: flo-renaud Title: #6034: [Backport][ipa-4-9] ipatests: increase sosreport verbosity Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6034/head:pr6034 git checkout pr6034 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6035][closed] [Backport][ipa-4-9] ipatests: update expected error message for openssl verify
URL: https://github.com/freeipa/freeipa/pull/6035 Author: flo-renaud Title: #6035: [Backport][ipa-4-9] ipatests: update expected error message for openssl verify Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6035/head:pr6035 git checkout pr6035 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure