[Freeipa-devel] [freeipa PR#6100][opened] [Backport][ipa-4-9] fix(webui): create correct PTR record when navigated from host page
URL: https://github.com/freeipa/freeipa/pull/6100 Author: pvoborni Title: #6100: [Backport][ipa-4-9] fix(webui): create correct PTR record when navigated from host page Action: opened PR body: """ This PR is manual backport of pushed-to-master PR #6084 to ipa-4-9 branch. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6100/head:pr6100 git checkout pr6100 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Freeipa-devel] [freeipa PR#6084][opened] fix(webui): create correct PTR record when navigated from host page
URL: https://github.com/freeipa/freeipa/pull/6084 Author: pvoborni Title: #6084: fix(webui): create correct PTR record when navigated from host page Action: opened PR body: """ In scenario: 1. make sure that reverse zone doesn't have the desired PTR record 2. open host page of the host with matchnig the A record, e.g.: https://server.pvoborni.test/ipa/ui/#/e/host/details/test2.pvoborni.test 3. click on the "Host name" link, it will bring us to it's DNS record page. E.g., https://server.pvoborni.test/ipa/ui/#/e/dnsrecord/details/pvoborni.test ! notice the missing '.' in the URL after zone name (pvoborni.test) 4. click on the A record , dialog will show up, saying "record not found" 5. click on the "create DNS record" PTR record created by Web UI doesn't have trailing '.' (is not fully qualified record) even if the DNS zone is. This patch is fixing the link to the DNS Record page so that the page then correctly gets the DNS Zone name and thus creates a correct fully qualified PTR record. https://bugzilla.redhat.com/show_bug.cgi?id=2009114 https://pagure.io/freeipa/issue/9036 Signed-off-by: Petr Vobornik """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6084/head:pr6084 git checkout pr6084 From a32efdbd4af3a6ce3335c5a106cfe5ed58abeec5 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Mon, 4 Oct 2021 20:53:27 +0200 Subject: [PATCH 1/3] fix(webui): create correct PTR record when navigated from host page In scenario: 1. make sure that reverse zone doesn't have the desired PTR record 2. open host page of the host with matchnig the A record, e.g.: https://server.pvoborni.test/ipa/ui/#/e/host/details/test2.pvoborni.test 3. click on the "Host name" link, it will bring us to it's DNS record page. E.g., https://server.pvoborni.test/ipa/ui/#/e/dnsrecord/details/pvoborni.test ! notice the missing '.' in the URL after zone name (pvoborni.test) 4. click on the A record , dialog will show up, saying "record not found" 5. click on the "create DNS record" PTR record created by Web UI doesn't have trailing '.' (is not fully qualified record) even if the DNS zone is. This patch is fixing the link to the DNS Record page so that the page then correctly gets the DNS Zone name and thus creates a correct fully qualified PTR record. https://bugzilla.redhat.com/show_bug.cgi?id=2009114 https://pagure.io/freeipa/issue/9036 Signed-off-by: Petr Vobornik --- install/ui/src/freeipa/host.js | 17 +++- install/ui/src/freeipa/widget.js | 3 ++ ipatests/test_webui/test_dns.py | 68 +++- 3 files changed, 86 insertions(+), 2 deletions(-) diff --git a/install/ui/src/freeipa/host.js b/install/ui/src/freeipa/host.js index 81b6a3fc52d..c4c1e0491ce 100644 --- a/install/ui/src/freeipa/host.js +++ b/install/ui/src/freeipa/host.js @@ -840,7 +840,22 @@ IPA.host_dnsrecord_entity_link_widget = function(spec) { var first_dot = pkey.search(/\./); var pkeys = []; pkeys[1] = pkey.substring(0,first_dot); -pkeys[0] = pkey.substring(first_dot+1); +var dnszone = pkey.substring(first_dot+1); +pkeys[0] = dnszone; + +// Check whether DNS record associated with the host belongs to a +// fully qualified DNS zone (has trailing '.'). If so, modify the +// pkey to be correct in the link. +if (that.check_data && dnszone[dnszone.length-1] !== '.') { +var avas = that.check_data.dn.split(','); +for (var i=0, j=avas.length; i 0) { +pkeys[0] = dnszone + '.'; +} +} +} + return pkeys; }; diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js index ec2d10503f0..025743a8d09 100644 --- a/install/ui/src/freeipa/widget.js +++ b/install/ui/src/freeipa/widget.js @@ -5223,6 +5223,9 @@ IPA.link_widget = function(spec) { retry: false, on_success: function(data) { that.is_link = data.result && data.result.result; +if (that.is_link) { +that.check_data = data.result.result; +} that.update_link(); }, on_error: function() { diff --git a/ipatests/test_webui/test_dns.py b/ipatests/test_webui/test_dns.py index 864b8494b76..7d129db004e 100644 --- a/ipatests/test_webui/test_dns.py +++ b/ipatests/test_webui/test_dns.py @@ -24,7 +24,7 @@ from ipatests.test_webui.ui_driver import UI_driver from ipatests.test_webui.ui_driver import screenshot from ipatests.test_webui.data_dns import ( -ZONE_ENTITY, FORWARD_ZONE_ENTITY, CONFIG_ENTITY, +ZONE_ENTITY, FORWARD_ZONE_ENTITY, CONFIG_ENTITY, RECORD_ENTITY, ZONE_DEFAULT_FACET, ZONE_PKEY, ZONE_DATA, FORWARD_ZONE_PKEY, FORWARD_ZONE_DATA, RECORD_PKEY, A_IP, RECORD_ADD_DATA, RECORD_MOD_DATA, CONFIG_MOD_DATA @@ -113,3 +113,69 @@ def test_config_crud(self):
[Freeipa-devel] [freeipa PR#2448][opened] ipa-advise: update url of cacerdir_rehash tool
URL: https://github.com/freeipa/freeipa/pull/2448 Author: pvoborni Title: #2448: ipa-advise: update url of cacerdir_rehash tool Action: opened PR body: """ On legacy systems which don't have cacerdir_rehash tool (provided by authconfig) the generated advise script downloads this tool from project page and uses it. After decommision of Fedorahosted and move of authconfig project to Pagure, this url was not updated in FreeIPA project. This patch updates the url. https://pagure.io/freeipa/issue/7731 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2448/head:pr2448 git checkout pr2448 From 3d8756c059b46ae64dc15cc0383204ff64551738 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Fri, 12 Oct 2018 14:20:25 +0200 Subject: [PATCH] ipa-advise: update url of cacerdir_rehash tool On legacy systems which don't have cacerdir_rehash tool (provided by authconfig) the generated advise script downloads this tool from project page and uses it. After decommision of Fedorahosted and move of authconfig project to Pagure, this url was not updated in FreeIPA project. This patch updates the url. https://pagure.io/freeipa/issue/7731 Signed-off-by: Petr Vobornik --- ipaserver/advise/plugins/legacy_clients.py | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ipaserver/advise/plugins/legacy_clients.py b/ipaserver/advise/plugins/legacy_clients.py index 7916965ddd..2a56922b83 100644 --- a/ipaserver/advise/plugins/legacy_clients.py +++ b/ipaserver/advise/plugins/legacy_clients.py @@ -28,6 +28,9 @@ register = Registry() +CACERTDIR_REHASH_URL = ('https://pagure.io/authconfig/raw/master/f/' +'cacertdir_rehash') + class config_base_legacy_client(Advice): def get_uri_and_base(self): @@ -50,8 +53,6 @@ def configure_ca_cert(self): 'location. If this value is different on your system ' 'the script needs to be modified accordingly.\n') -cacertdir_rehash = ('https://fedorahosted.org/authconfig/browser/' -'cacertdir_rehash?format=txt') self.log.comment('Download the CA certificate of the IPA server') self.log.command('mkdir -p -m 755 /etc/openldap/cacerts') self.log.command('curl http://%s/ipa/config/ca.crt -o ' @@ -60,7 +61,8 @@ def configure_ca_cert(self): self.log.comment('Generate hashes for the openldap library') self.log.command('command -v cacertdir_rehash') self.log.command('if [ $? -ne 0 ] ; then') -self.log.command(' curl "%s" -o cacertdir_rehash ;' % cacertdir_rehash) +self.log.command(' curl "%s" -o cacertdir_rehash ;' % + CACERTDIR_REHASH_URL) self.log.command(' chmod 755 ./cacertdir_rehash ;') self.log.command(' ./cacertdir_rehash /etc/openldap/cacerts/ ;') self.log.command('else') ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1932][closed] test_server_del: fix TestServerDel suite
URL: https://github.com/freeipa/freeipa/pull/1932 Author: pvoborni Title: #1932: test_server_del: fix TestServerDel suite Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1932/head:pr1932 git checkout pr1932 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/ILMT3ZYHW4VZXHPJPZZILOLFJAGMGD66/
[Freeipa-devel] [freeipa PR#2177][opened] webui: fix indentation on multiple places
URL: https://github.com/freeipa/freeipa/pull/2177 Author: pvoborni Title: #2177: webui: fix indentation on multiple places Action: opened PR body: """ ## webui: change indentation of freeipa/_base/debug.js Change to use spaces for indentation as it was the the only file which uses tabs and not spaces. ## webui: remove mixed indentation in App and LoginScreen Only spaces should be used for indentation. It was introduced in commits: * 7f9f59b * 5d8fde0 Related to: https://pagure.io/freeipa/issue/7559 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2177/head:pr2177 git checkout pr2177 From 5976a6306688c2347233120461e6e2cf7b6cbe83 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Fri, 20 Jul 2018 18:53:21 +0200 Subject: [PATCH 1/2] webui: change indentation of freeipa/_base/debug.js Change to use spaces for indentation as it was the the only file which uses tabs and not spaces. Signed-off-by: Petr Vobornik --- install/ui/src/freeipa/_base/debug.js | 38 +-- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/install/ui/src/freeipa/_base/debug.js b/install/ui/src/freeipa/_base/debug.js index 1332aa7dd2..4fdfa63dd5 100644 --- a/install/ui/src/freeipa/_base/debug.js +++ b/install/ui/src/freeipa/_base/debug.js @@ -19,23 +19,23 @@ */ define([], function() { - /** - * Debug module - * - * One can set flags to enable console output of various messages. - * - * """ - * var debug = require('freeipa._base.debug'); - * debug.provider_missing_value = true; - * """ - * - * Currently used flags - * - * - provider_missing_value - * - * @class _base.debug - */ - return { - provider_missing_value: false - }; +/** + * Debug module + * + * One can set flags to enable console output of various messages. + * + * """ + * var debug = require('freeipa._base.debug'); + * debug.provider_missing_value = true; + * """ + * + * Currently used flags + * + * - provider_missing_value + * + * @class _base.debug + */ +return { +provider_missing_value: false +}; }); \ No newline at end of file From c22495abc256739d4f7c330114f2589f58324041 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Fri, 20 Jul 2018 18:55:56 +0200 Subject: [PATCH 2/2] webui: remove mixed indentation in App and LoginScreen Only spaces should be used for indentation. It was introduced in commits: * 7f9f59bae2a362ce945c49ad8342393b7a5c024f * 5d8fde0ac1a43c8f3dbc53b44d69f3663a8b36fb Related to: https://pagure.io/freeipa/issue/7559 Signed-off-by: Petr Vobornik --- install/ui/src/freeipa/widgets/App.js | 8 install/ui/src/freeipa/widgets/LoginScreen.js | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/install/ui/src/freeipa/widgets/App.js b/install/ui/src/freeipa/widgets/App.js index 75337f9b3b..3a139555a0 100644 --- a/install/ui/src/freeipa/widgets/App.js +++ b/install/ui/src/freeipa/widgets/App.js @@ -260,13 +260,13 @@ define(['dojo/_base/declare', { name: 'profile', label: text.get('@i18n:profile-menu.profile', - 'Profile'), +'Profile'), icon: 'fa-user' }, { name: 'password_reset', label: text.get('@i18n:profile-menu.password_reset', - 'Change password'), +'Change password'), icon: 'fa-key' }, { @@ -275,7 +275,7 @@ define(['dojo/_base/declare', { name: 'configuration', label: text.get('@i18n:profile-menu.configuration', - 'Customization'), +'Customization'), icon: 'fa-gear' }, { @@ -289,7 +289,7 @@ define(['dojo/_base/declare', { name: 'logout', label: text.get('@i18n:profile-menu.logout', - 'Log out'), +'Log out'), icon: 'fa-sign-out' } ] diff --git a/install/ui/src/freeipa/widgets/LoginScreen.js b/install/ui/src/freeipa/widgets/LoginScreen.js index 745a71c18f..9e5f38b480 100644 --- a/install/ui/src/freeipa/widgets/LoginScreen.js +++ b/install/ui/src/freeipa/widgets/LoginScreen.js @@ -97,7 +97,7 @@ define(['dojo/_base/declare', this.cert_btn_node = IPA.button({ name: 'cert_auth', - title: text.get('@i18n:login.login_certificate_desc', +title: text.get('@i18n:login.login_certificate_desc', 'Log in using personal certificate'),
[Freeipa-devel] [freeipa PR#1904][closed] [temp PR] f28 Patches and all nightly tests
URL: https://github.com/freeipa/freeipa/pull/1904 Author: felipevolpone Title: #1904: [temp PR] f28 Patches and all nightly tests Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1904/head:pr1904 git checkout pr1904 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/ESRKLRA4VPSUTI5PSE4QP3GSG2IZBVCX/
[Freeipa-devel] [freeipa PR#1943][opened] [Backport][ipa-4-6] Fix test_server_del::TestLastServices
URL: https://github.com/freeipa/freeipa/pull/1943 Author: pvoborni Title: #1943: [Backport][ipa-4-6] Fix test_server_del::TestLastServices Action: opened PR body: """ This PR was opened manually because PR #1913 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1943/head:pr1943 git checkout pr1943 From bfd3fa34e5fff5a4d463479017e99f7e169389d6 Mon Sep 17 00:00:00 2001 From: Petr VobornikDate: Thu, 10 May 2018 10:02:16 +0200 Subject: [PATCH 1/2] server-del do not return early if CA renewal master cannot be changed Early return prevented adding last warning message in the method: "Ignoring these warnings and proceeding with removal" And thus `check_master_removal` in `test_server_del` did not work. https://pagure.io/freeipa/issue/7517 Signed-off-by: Petr Vobornik Reviewed-By: Florence Blanc-Renaud --- ipaserver/plugins/server.py | 11 --- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py index 59e611fc4c..4ea6f5b4b4 100644 --- a/ipaserver/plugins/server.py +++ b/ipaserver/plugins/server.py @@ -523,16 +523,13 @@ def handler(msg, ignore_last_of_role): "leave your installation without a CA."), ignore_last_of_role) +# change the renewal master if there is other master with CA if ca_renewal_master == hostname: other_cas = [ca for ca in ca_servers if ca != hostname] -# if this is the last CA there is no other server to become -# renewal master -if not other_cas: -return - -self.api.Command.config_mod( -ca_renewal_master_server=other_cas[0]) +if other_cas: +self.api.Command.config_mod( +ca_renewal_master_server=other_cas[0]) if ignore_last_of_role: self.add_message( From a575151434dbd4ba8349c7788e426c828e7c5e67 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Thu, 10 May 2018 12:53:20 +0200 Subject: [PATCH 2/2] Fix test_server_del::TestLastServices The reason why the test started to fail is probably commit be3ad1e where the checks were reordered. TestLastServices relies on execution of tests in a specific order. So it fails given that checks were changed but tests weren't. Given that master is installed with DNS and CA and replica with anything and given that checks in server-del command are in order: DNS, DNSSec, CA, KRA then the test should be something like: * install master (with DNS, CA) * install replica * test test_removal_of_master_raises_error_about_last_dns * test_install_dns_on_replica1_and_dnssec_on_master (installing DNS and DNSSec will allow DNSSec check) * test_removal_of_master_raises_error_about_dnssec * test_disable_dnssec_on_master (will allow CA check) * test_removal_of_master_raises_error_about_last_ca * test_forced_removal_of_master https://pagure.io/freeipa/issue/7517 Signed-off-by: Petr Vobornik Reviewed-By: Florence Blanc-Renaud --- ipatests/test_integration/test_server_del.py | 43 +--- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/ipatests/test_integration/test_server_del.py b/ipatests/test_integration/test_server_del.py index f5738a3a59..c35bcb87d3 100644 --- a/ipatests/test_integration/test_server_del.py +++ b/ipatests/test_integration/test_server_del.py @@ -241,23 +241,6 @@ def install(cls, mh): cls.topology, cls.master, cls.replicas, [], domain_level=cls.domain_level, setup_replica_cas=False) -def test_removal_of_master_raises_error_about_last_ca(self): -""" -test that removal of master fails on the last -""" -tasks.assert_error( -tasks.run_server_del(self.replicas[0], self.master.hostname), -"Deleting this server is not allowed as it would leave your " -"installation without a CA.", -1 -) - -def test_install_ca_on_replica1(self): -""" -Install CA on replica so that we can test DNS-related checks -""" -tasks.install_ca(self.replicas[0], domain_level=self.domain_level) - def test_removal_of_master_raises_error_about_last_dns(self): """ Now server-del should complain about the removal of last DNS server @@ -291,6 +274,32 @@ def test_removal_of_master_raises_error_about_dnssec(self): 1 ) +def test_disable_dnssec_on_master(self): +""" +Disable DNSSec master so that it is not tested anymore. Normal way +would be to move the DNSSec master to replica, but that is tested in +DNSSec tests.
[Freeipa-devel] [freeipa PR#1733][closed] Corrected the size of the user profile-menu in the utility navbar.
URL: https://github.com/freeipa/freeipa/pull/1733 Author: edward-of-clt Title: #1733: Corrected the size of the user profile-menu in the utility navbar. Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1733/head:pr1733 git checkout pr1733 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/BQXNMZNAPBGUEH76UM35ZDZR52IQMTRZ/
[Freeipa-devel] [freeipa PR#1913][opened] Fix test_server_del::TestLastServices
URL: https://github.com/freeipa/freeipa/pull/1913 Author: pvoborni Title: #1913: Fix test_server_del::TestLastServices Action: opened PR body: """ this is just a quick check of theory outlined in PR #1809 Commit details: The reason why the test started to fail is probably commit be3ad1e where the checks were reordered. TestLastServices relies on execution of tests in a specific order. So it fails given that checks were changed but tests weren't. Given that master is installed with DNS and CA and replica with anything and given that checks in server-del command are in order: DNS, DNSSec, CA, KRA then the test should be something like: * install master (with DNS, CA) * install replica * test test_removal_of_master_raises_error_about_last_dns * test_install_dns_on_replica1_and_dnssec_on_master (installing DNS and DNSSec will allow DNSSec check) * test_removal_of_master_raises_error_about_dnssec * test_install_dnssec_on_replica (will allow CA check) * test_removal_of_master_raises_error_about_last_ca * test_forced_removal_of_master https://pagure.io/freeipa/issue/7517 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1913/head:pr1913 git checkout pr1913 From 751580fbab2727111bb3ed3316ad6aac9926ed82 Mon Sep 17 00:00:00 2001 From: Petr VobornikDate: Wed, 9 May 2018 12:35:26 +0200 Subject: [PATCH] Fix test_server_del::TestLastServices The reason why the test started to fail is probably commit be3ad1e where the checks were reordered. TestLastServices relies on execution of tests in a specific order. So it fails given that checks were changed but tests weren't. Given that master is installed with DNS and CA and replica with anything and given that checks in server-del command are in order: DNS, DNSSec, CA, KRA then the test should be something like: * install master (with DNS, CA) * install replica * test test_removal_of_master_raises_error_about_last_dns * test_install_dns_on_replica1_and_dnssec_on_master (installing DNS and DNSSec will allow DNSSec check) * test_removal_of_master_raises_error_about_dnssec * test_install_dnssec_on_replica (will allow CA check) * test_removal_of_master_raises_error_about_last_ca * test_forced_removal_of_master https://pagure.io/freeipa/issue/7517 --- .freeipa-pr-ci.yaml | 185 ++- ipatests/test_integration/test_server_del.py | 41 +++--- 2 files changed, 36 insertions(+), 190 deletions(-) diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml index 88d34d58fc..6aaa173b95 100644 --- a/.freeipa-pr-ci.yaml +++ b/.freeipa-pr-ci.yaml @@ -3,14 +3,10 @@ topologies: name: build cpu: 2 memory: 3800 - master_1repl: _1repl -name: master_1repl -cpu: 4 -memory: 5750 - master_1repl_1client: _1repl_1client -name: master_1repl_1client -cpu: 4 -memory: 6700 +master_2repl_1client: _2repl_1client +name: master_2repl_1client +cpu: 5 +memory: 9100 jobs: fedora-27/build: @@ -27,183 +23,26 @@ jobs: timeout: 1800 topology: *build - fedora-27/simple_replication: + fedora-27/test_server_del: requires: [fedora-27/build] priority: 50 job: class: RunPytest args: build_url: '{fedora-27/build_url}' -test_suite: test_integration/test_simple_replication.py +test_suite: test_integration/test_server_del.py::TestServerDel template: *ci-master-f27 -timeout: 3600 -topology: *master_1repl +timeout: 8000 +topology: *master_2repl_1client - fedora-27/caless: + fedora-27/test_server_del2: requires: [fedora-27/build] priority: 50 job: class: RunPytest args: build_url: '{fedora-27/build_url}' -test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull +test_suite: test_integration/test_server_del.py::TestLastServices template: *ci-master-f27 -timeout: 3600 -topology: *master_1repl - - fedora-27/external_ca: -requires: [fedora-27/build] -priority: 50 -job: - class: RunPytest - args: -build_url: '{fedora-27/build_url}' -test_suite: test_integration/test_external_ca.py::TestExternalCA test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall -template: *ci-master-f27 -timeout: 3600 -topology: *master_1repl - - fedora-27/test_topologies: -requires: [fedora-27/build] -priority: 50 -job: - class: RunPytest - args: -build_url: '{fedora-27/build_url}' -test_suite: test_integration/test_topologies.py -template: *ci-master-f27 -timeout: 3600 -topology: *master_1repl - - fedora-27/test_sudo: -requires: [fedora-27/build] -priority: 50 -job: - class: RunPytest - args: -build_url:
[Freeipa-devel] [freeipa PR#1782][opened] webui: refresh complex pages after modification
URL: https://github.com/freeipa/freeipa/pull/1782 Author: pvoborni Title: #1782: webui: refresh complex pages after modification Action: opened PR body: """ Details facet for user, hosts, service, user override entities require complex reload as they gather information from multiple sources - e.g. all of them do cert-find. On update only $entity-mod is execute and its result doesn't have all information required for refresh of the page therefore some fields are missing or empty. This patch modifies the facets to do full refresh instead of default load and thus the pages will have all required info. https://pagure.io/freeipa/issue/5776 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1782/head:pr1782 git checkout pr1782 From c612e673219353ec97596945e7390d827f0b9f4d Mon Sep 17 00:00:00 2001 From: Petr VobornikDate: Thu, 5 Apr 2018 13:56:00 +0200 Subject: [PATCH] webui: refresh complex pages after modification Details facet for user, hosts, service, user override entities require complex reload as they gather information from multiple sources - e.g. all of them do cert-find. On update only $entity-mod is execute and its result doesn't have all information required for refresh of the page therefore some fields are missing or empty. This patch modifies the facets to do full refresh instead of default load and thus the pages will have all required info. https://pagure.io/freeipa/issue/5776 --- install/ui/src/freeipa/host.js| 6 ++ install/ui/src/freeipa/idviews.js | 6 ++ install/ui/src/freeipa/service.js | 6 ++ install/ui/src/freeipa/user.js| 5 + 4 files changed, 23 insertions(+) diff --git a/install/ui/src/freeipa/host.js b/install/ui/src/freeipa/host.js index acecff1e5b..8aa1ef9d8c 100644 --- a/install/ui/src/freeipa/host.js +++ b/install/ui/src/freeipa/host.js @@ -518,6 +518,12 @@ IPA.host.details_facet = function(spec, no_init) { return that.entity.name+'_show_'+that.get_pkey(); }; +that.update_on_success = function(data, text_status, xhr) { +that.on_update.notify(); +that.nofify_update_success(); +that.refresh(); +}; + if (!no_init) that.init_details_facet(); return that; diff --git a/install/ui/src/freeipa/idviews.js b/install/ui/src/freeipa/idviews.js index 0511820e2b..b0ee8b5a03 100644 --- a/install/ui/src/freeipa/idviews.js +++ b/install/ui/src/freeipa/idviews.js @@ -450,6 +450,12 @@ idviews.id_override_user_details_facet = function(spec) { return batch; }; +that.update_on_success = function(data, text_status, xhr) { +that.on_update.notify(); +that.nofify_update_success(); +that.refresh(); +}; + return that; }; diff --git a/install/ui/src/freeipa/service.js b/install/ui/src/freeipa/service.js index c798d2999f..93808b0122 100644 --- a/install/ui/src/freeipa/service.js +++ b/install/ui/src/freeipa/service.js @@ -500,6 +500,12 @@ IPA.service.details_facet = function(spec, no_init) { return batch; }; +that.update_on_success = function(data, text_status, xhr) { +that.on_update.notify(); +that.nofify_update_success(); +that.refresh(); +}; + if (!no_init) that.init_details_facet(); return that; diff --git a/install/ui/src/freeipa/user.js b/install/ui/src/freeipa/user.js index 6b2bf196c3..30ab40fb33 100644 --- a/install/ui/src/freeipa/user.js +++ b/install/ui/src/freeipa/user.js @@ -621,6 +621,11 @@ IPA.user.details_facet = function(spec, no_init) { return batch; }; +that.update_on_success = function(data, text_status, xhr) { +that.on_update.notify(); +that.nofify_update_success(); +that.refresh(); +}; if (!no_init) that.init_details_facet(); ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1771][opened] Fix order of commands in test for removing topology segments
URL: https://github.com/freeipa/freeipa/pull/1771 Author: pvoborni Title: #1771: Fix order of commands in test for removing topology segments Action: opened PR body: """ this is an alternative approach to PR #1766 test_topology_updated_on_replica_install_remove from the beginning used invalid sequence of commands for removing a replica. Proper order is: master$ ipa server-del $REPLICA replica$ ipa-server-install --uninstall Alternatively usage of `ipa-replica-manage del $replica` instead of `ipa server-del $replica` is possible. In essence ipa-replica-manage calls the server-del command. At some point there was a plan to achieve uninstalation only through `ipa-server-install --uninstall` but that was never achieved to this date. This change also removes the ugly wrapper which makes test collection fail if no environment config is provided (i.e. replicas cannot be indexed). $ pytest --collect-test ipatests/test_integration https://pagure.io/freeipa/issue/6250 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1771/head:pr1771 git checkout pr1771 From 1002e4f4b363486c9104f7bebd479510757ded2e Mon Sep 17 00:00:00 2001 From: Petr VobornikDate: Wed, 4 Apr 2018 11:00:11 +0200 Subject: [PATCH] Fix order of commands in test for removing topology segments test_topology_updated_on_replica_install_remove from the beginning used invalid sequence of commands for removing a replica. Proper order is: master$ ipa server-del $REPLICA replica$ ipa-server-install --uninstall Alternatively usage of `ipa-replica-manage del $replica` instead of `ipa server-del $replica` is possible. In essence ipa-replica-manage calls the server-del command. At some point there was a plan to achieve uninstalation only through `ipa-server-install --uninstall` but that was never achieved to this date. This change also removes the ugly wrapper which makes test collection fail if no environment config is provided (i.e. replicas cannot be indexed). $ pytest --collect-test ipatests/test_integration https://pagure.io/freeipa/issue/6250 --- ipatests/test_integration/test_topology.py | 30 +- 1 file changed, 5 insertions(+), 25 deletions(-) diff --git a/ipatests/test_integration/test_topology.py b/ipatests/test_integration/test_topology.py index fb7047e32c..35898c0796 100644 --- a/ipatests/test_integration/test_topology.py +++ b/ipatests/test_integration/test_topology.py @@ -27,26 +27,6 @@ def find_segment(master, replica): return '-to-'.join(segment) -def remove_segment(master, host1, host2): -""" -This removes a segment between host1 and host2 on master. The function is -needed because test_add_remove_segment expects only one segment, but due to -track tickete N 6250, the test_topology_updated_on_replica_install_remove -leaves 2 topology segments -""" -def wrapper(func): -def wrapped(*args, **kwargs): -try: -func(*args, **kwargs) -finally: -segment = find_segment(host1, host2) -master.run_command(['ipa', 'topologysegment-del', -DOMAIN_SUFFIX_NAME, segment], - raiseonerr=False) -return wrapped -return wrapper - - @pytest.mark.skipif(config.domain_level == 0, reason=reasoning) class TestTopologyOptions(IntegrationTest): num_replicas = 2 @@ -84,10 +64,7 @@ def tokenize_topologies(self, command_output): ) return result -@pytest.mark.xfail(reason="Trac 6250", strict=True) -@remove_segment(config.domains[0].master, -config.domains[0].master, -config.domains[0].replicas[1]) + def test_topology_updated_on_replica_install_remove(self): """ Install and remove a replica and make sure topology information is @@ -120,8 +97,11 @@ def test_topology_updated_on_replica_install_remove(self): assert_deepequal(result3.stdout_text, result4.stdout_text) # Now let's check that uninstalling the replica will update the topology # info on the rest of replicas. -tasks.uninstall_master(self.replicas[1]) +# first step of uninstallation is removal of the replica on other +# master, then it can be uninstalled. Doing it the other way is also +# possible, but not reliable - some data might not be replicated. tasks.clean_replication_agreement(self.master, self.replicas[1]) +tasks.uninstall_master(self.replicas[1]) result5 = self.master.run_command(['ipa', 'topologysegment-find', DOMAIN_SUFFIX_NAME]) num_entries = self.noentries_re.search(result5.stdout_text).group(1) ___ FreeIPA-devel mailing list --
[Freeipa-devel] [freeipa PR#1765][opened] [Backport][ipa-4-6] test realm domain add with DNS check
URL: https://github.com/freeipa/freeipa/pull/1765 Author: pvoborni Title: #1765: [Backport][ipa-4-6] test realm domain add with DNS check Action: opened PR body: """ This is a backport of PR #1596 to ipa-4-6. A new ticket was created for the backport: https://pagure.io/freeipa/issue/7481 Only commit message was changed. So could be acked automatically as other backport patches. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1765/head:pr1765 git checkout pr1765 From 6bd4051108dad19a46e82315730dcb4e13ceca6b Mon Sep 17 00:00:00 2001 From: Petr VobornikDate: Fri, 16 Feb 2018 17:26:33 +0100 Subject: [PATCH 1/3] webui:tests: move DNS test data to separate file So that the data can be used in other test without running the DNS tests. https://pagure.io/freeipa/issue/7481 Reviewed-By: Petr Cech --- ipatests/test_webui/data_dns.py | 63 +++ ipatests/test_webui/test_dns.py | 66 - 2 files changed, 69 insertions(+), 60 deletions(-) create mode 100644 ipatests/test_webui/data_dns.py diff --git a/ipatests/test_webui/data_dns.py b/ipatests/test_webui/data_dns.py new file mode 100644 index 00..95e502adad --- /dev/null +++ b/ipatests/test_webui/data_dns.py @@ -0,0 +1,63 @@ +# +# Copyright (C) 2018 FreeIPA Contributors see COPYING for license +# + +ZONE_ENTITY = 'dnszone' +FORWARD_ZONE_ENTITY = 'dnsforwardzone' +RECORD_ENTITY = 'dnsrecord' +CONFIG_ENTITY = 'dnsconfig' + +ZONE_DEFAULT_FACET = 'records' + +ZONE_PKEY = 'foo.itest.' + +ZONE_DATA = { +'pkey': ZONE_PKEY, +'add': [ +('textbox', 'idnsname', ZONE_PKEY), +], +'mod': [ +('checkbox', 'idnsallowsyncptr', 'checked'), +], +} + +FORWARD_ZONE_PKEY = 'forward.itest.' + +FORWARD_ZONE_DATA = { +'pkey': FORWARD_ZONE_PKEY, +'add': [ +('textbox', 'idnsname', FORWARD_ZONE_PKEY), +('multivalued', 'idnsforwarders', [ +('add', '192.168.2.1'), +]), +('radio', 'idnsforwardpolicy', 'only'), +], +'mod': [ +('multivalued', 'idnsforwarders', [ +('add', '192.168.3.1'), +]), +('checkbox', 'idnsforwardpolicy', 'first'), +], +} + +RECORD_PKEY = 'itest' +A_IP = '192.168.1.10' +RECORD_ADD_DATA = { +'pkey': RECORD_PKEY, +'add': [ +('textbox', 'idnsname', RECORD_PKEY), +('textbox', 'a_part_ip_address', A_IP), +] +} + +RECORD_MOD_DATA = { +'fields': [ +('textbox', 'a_part_ip_address', '192.168.1.11'), +] +} + +CONFIG_MOD_DATA = { +'mod': [ +('checkbox', 'idnsallowsyncptr', 'checked'), +], +} diff --git a/ipatests/test_webui/test_dns.py b/ipatests/test_webui/test_dns.py index a576db9df7..24e79dd85a 100644 --- a/ipatests/test_webui/test_dns.py +++ b/ipatests/test_webui/test_dns.py @@ -23,68 +23,14 @@ from ipatests.test_webui.ui_driver import UI_driver from ipatests.test_webui.ui_driver import screenshot +from ipatests.test_webui.data_dns import ( +ZONE_ENTITY, FORWARD_ZONE_ENTITY, CONFIG_ENTITY, +ZONE_DEFAULT_FACET, ZONE_PKEY, ZONE_DATA, FORWARD_ZONE_PKEY, +FORWARD_ZONE_DATA, RECORD_PKEY, A_IP, RECORD_ADD_DATA, RECORD_MOD_DATA, +CONFIG_MOD_DATA +) import pytest -ZONE_ENTITY = 'dnszone' -FORWARD_ZONE_ENTITY = 'dnsforwardzone' -RECORD_ENTITY = 'dnsrecord' -CONFIG_ENTITY = 'dnsconfig' - -ZONE_DEFAULT_FACET = 'records' - -ZONE_PKEY = 'foo.itest.' - -ZONE_DATA = { -'pkey': ZONE_PKEY, -'add': [ -('textbox', 'idnsname', ZONE_PKEY), -], -'mod': [ -('checkbox', 'idnsallowsyncptr', 'checked'), -], -} - -FORWARD_ZONE_PKEY = 'forward.itest.' - -FORWARD_ZONE_DATA = { -'pkey': FORWARD_ZONE_PKEY, -'add': [ -('textbox', 'idnsname', FORWARD_ZONE_PKEY), -('multivalued', 'idnsforwarders', [ -('add', '192.168.2.1'), -]), -('radio', 'idnsforwardpolicy', 'only'), -], -'mod': [ -('multivalued', 'idnsforwarders', [ -('add', '192.168.3.1'), -]), -('checkbox', 'idnsforwardpolicy', 'first'), -], -} - -RECORD_PKEY = 'itest' -A_IP = '192.168.1.10' -RECORD_ADD_DATA = { -'pkey': RECORD_PKEY, -'add': [ -('textbox', 'idnsname', RECORD_PKEY), -('textbox', 'a_part_ip_address', A_IP), -] -} - -RECORD_MOD_DATA = { -'fields': [ -('textbox', 'a_part_ip_address', '192.168.1.11'), -] -} - -CONFIG_MOD_DATA = { -'mod': [ -('checkbox', 'idnsallowsyncptr', 'checked'), -], -} - @pytest.mark.tier1 class test_dns(UI_driver): From 9cae0f3e8ecb75569b6a41411364c9e02a48adbf Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Fri, 16 Feb 2018 18:12:48 +0100 Subject: [PATCH 2/3] webui:tests: realm domain add with DNS check Try adding and deleting with "Check DNS" (in html 'ok' button) DNS check expects
[Freeipa-devel] [freeipa PR#953][closed] [master] WebUI: Turn on pagination on certificate page
URL: https://github.com/freeipa/freeipa/pull/953 Author: pvomacka Title: #953: [master] WebUI: Turn on pagination on certificate page Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/953/head:pr953 git checkout pr953 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1598][opened] fastcheck: do not test context in pycodestyle
URL: https://github.com/freeipa/freeipa/pull/1598 Author: pvoborni Title: #1598: fastcheck: do not test context in pycodestyle Action: opened PR body: """ `git diff` shows also context lines by default. When passed to pycodestyle it can produce errors unrelated to changed lines. It prevents running of subsequent checks. Limiting context to 0 lines by `git diff -U0` enables to test only the modified lines and allows to run subsequent checks. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1598/head:pr1598 git checkout pr1598 From 3deae5e7a856e8492c4374cd49bf99be5e885c0e Mon Sep 17 00:00:00 2001 From: Petr VobornikDate: Fri, 16 Feb 2018 17:23:23 +0100 Subject: [PATCH] fastcheck: do not test context in pycodestyle `git diff` shows also context lines by default. When passed to pycodestyle it can produce errors unrelated to changed lines. It prevents running of subsequent checks. Limiting context to 0 lines by `git diff -U0` enables to test only the modified lines and allows to run subsequent checks. --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index a4381dd071..21fb6d19c7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -215,7 +215,7 @@ endif echo -e "Fast linting files:\n$${FILES}\n"; \ echo "pycodestyle"; \ echo "---"; \ - git diff $${MERGEBASE} | \ + git diff -U0 $${MERGEBASE} | \ $(PYTHON) -m pycodestyle --diff || exit $$?; \ echo -e "\npylint"; \ echo "--"; \ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1597][opened] realm domains: improve doc text
URL: https://github.com/freeipa/freeipa/pull/1597 Author: pvoborni Title: #1597: realm domains: improve doc text Action: opened PR body: """ It is quite unclear how realm domains behave without reading source code. New doc text describes its purpose and how it is managed. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1597/head:pr1597 git checkout pr1597 From bcdb9c917d1db28179a2d6a167070df03e8601a3 Mon Sep 17 00:00:00 2001 From: Petr VobornikDate: Fri, 16 Feb 2018 20:58:52 +0100 Subject: [PATCH] realm domains: improve doc text It is quite unclear how realm domains behave without reading source code. New doc text describes its purpose and how it is managed. --- ipaserver/plugins/realmdomains.py | 26 -- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/ipaserver/plugins/realmdomains.py b/ipaserver/plugins/realmdomains.py index 13631e47cc..619bc6f525 100644 --- a/ipaserver/plugins/realmdomains.py +++ b/ipaserver/plugins/realmdomains.py @@ -36,6 +36,16 @@ Manage the list of domains associated with IPA realm. +This list is useful for Domain Controllers from other realms which have +established trust with this IPA realm. They need the information to know +which request should be forwarded to KDC of this IPA realm. + +Automatic management: a domain is added to realm domains list automatically +when new DNS Zone managed by IPA is created. Same applies for deletion. + +Externally managed DNS: domains which are not managed in IPA server DNS needs +to be added to the list manually using `ipa realmdomains-mod` command. + EXAMPLES: Display the current list of realm domains: @@ -118,10 +128,22 @@ class realmdomains(LDAPObject): ) - @register() class realmdomains_mod(LDAPUpdate): -__doc__ = _('Modify realm domains.') +__doc__ = _(""" +Modify realm domains + +DNS check: When adding domain to the list manually, a DNS check is +performed by default. It checks whether the domain is associated +with the IPA realm. In practice it checks whether the domain has +_kerberos TXT record containing IPA realm name. This check can be +skipped by specifying --force option. + +Removal: when a realm domain which has a matching DNS zone managed by +IPA is being removed, a corresponding _kerberos TXT record in the zone is +removed automatically as well. Other records in the zone or the zone +itself are not affected. +""") takes_options = LDAPUpdate.takes_options + ( Flag('force', ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1596][opened] webui:test realm domain add with DNS check
URL: https://github.com/freeipa/freeipa/pull/1596 Author: pvoborni Title: #1596: webui:test realm domain add with DNS check Action: opened PR body: """ Try adding and deleting with "Check DNS" (in html 'ok' button) DNS check expects that the added domain will have DNS record: TXT kerberos.$domain "$REALM" When a new domain is added using dnszone-add it automatically adds this TXT record and adds a realm domain. So in order to test without external DNS we must get into state where realm domain is not added (in order to add it) but DNS domain with the TXT record exists. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1596/head:pr1596 git checkout pr1596 From dc28d3653365d0a658b2ecb73f7d9c3bd603e465 Mon Sep 17 00:00:00 2001 From: Petr VobornikDate: Fri, 16 Feb 2018 17:26:33 +0100 Subject: [PATCH 1/3] webui:tests: move DNS test data to separate file So that the data can be used in other test without running the DNS tests. --- ipatests/test_webui/data_dns.py | 63 +++ ipatests/test_webui/test_dns.py | 66 - 2 files changed, 69 insertions(+), 60 deletions(-) create mode 100644 ipatests/test_webui/data_dns.py diff --git a/ipatests/test_webui/data_dns.py b/ipatests/test_webui/data_dns.py new file mode 100644 index 00..95e502adad --- /dev/null +++ b/ipatests/test_webui/data_dns.py @@ -0,0 +1,63 @@ +# +# Copyright (C) 2018 FreeIPA Contributors see COPYING for license +# + +ZONE_ENTITY = 'dnszone' +FORWARD_ZONE_ENTITY = 'dnsforwardzone' +RECORD_ENTITY = 'dnsrecord' +CONFIG_ENTITY = 'dnsconfig' + +ZONE_DEFAULT_FACET = 'records' + +ZONE_PKEY = 'foo.itest.' + +ZONE_DATA = { +'pkey': ZONE_PKEY, +'add': [ +('textbox', 'idnsname', ZONE_PKEY), +], +'mod': [ +('checkbox', 'idnsallowsyncptr', 'checked'), +], +} + +FORWARD_ZONE_PKEY = 'forward.itest.' + +FORWARD_ZONE_DATA = { +'pkey': FORWARD_ZONE_PKEY, +'add': [ +('textbox', 'idnsname', FORWARD_ZONE_PKEY), +('multivalued', 'idnsforwarders', [ +('add', '192.168.2.1'), +]), +('radio', 'idnsforwardpolicy', 'only'), +], +'mod': [ +('multivalued', 'idnsforwarders', [ +('add', '192.168.3.1'), +]), +('checkbox', 'idnsforwardpolicy', 'first'), +], +} + +RECORD_PKEY = 'itest' +A_IP = '192.168.1.10' +RECORD_ADD_DATA = { +'pkey': RECORD_PKEY, +'add': [ +('textbox', 'idnsname', RECORD_PKEY), +('textbox', 'a_part_ip_address', A_IP), +] +} + +RECORD_MOD_DATA = { +'fields': [ +('textbox', 'a_part_ip_address', '192.168.1.11'), +] +} + +CONFIG_MOD_DATA = { +'mod': [ +('checkbox', 'idnsallowsyncptr', 'checked'), +], +} diff --git a/ipatests/test_webui/test_dns.py b/ipatests/test_webui/test_dns.py index a576db9df7..24e79dd85a 100644 --- a/ipatests/test_webui/test_dns.py +++ b/ipatests/test_webui/test_dns.py @@ -23,68 +23,14 @@ from ipatests.test_webui.ui_driver import UI_driver from ipatests.test_webui.ui_driver import screenshot +from ipatests.test_webui.data_dns import ( +ZONE_ENTITY, FORWARD_ZONE_ENTITY, CONFIG_ENTITY, +ZONE_DEFAULT_FACET, ZONE_PKEY, ZONE_DATA, FORWARD_ZONE_PKEY, +FORWARD_ZONE_DATA, RECORD_PKEY, A_IP, RECORD_ADD_DATA, RECORD_MOD_DATA, +CONFIG_MOD_DATA +) import pytest -ZONE_ENTITY = 'dnszone' -FORWARD_ZONE_ENTITY = 'dnsforwardzone' -RECORD_ENTITY = 'dnsrecord' -CONFIG_ENTITY = 'dnsconfig' - -ZONE_DEFAULT_FACET = 'records' - -ZONE_PKEY = 'foo.itest.' - -ZONE_DATA = { -'pkey': ZONE_PKEY, -'add': [ -('textbox', 'idnsname', ZONE_PKEY), -], -'mod': [ -('checkbox', 'idnsallowsyncptr', 'checked'), -], -} - -FORWARD_ZONE_PKEY = 'forward.itest.' - -FORWARD_ZONE_DATA = { -'pkey': FORWARD_ZONE_PKEY, -'add': [ -('textbox', 'idnsname', FORWARD_ZONE_PKEY), -('multivalued', 'idnsforwarders', [ -('add', '192.168.2.1'), -]), -('radio', 'idnsforwardpolicy', 'only'), -], -'mod': [ -('multivalued', 'idnsforwarders', [ -('add', '192.168.3.1'), -]), -('checkbox', 'idnsforwardpolicy', 'first'), -], -} - -RECORD_PKEY = 'itest' -A_IP = '192.168.1.10' -RECORD_ADD_DATA = { -'pkey': RECORD_PKEY, -'add': [ -('textbox', 'idnsname', RECORD_PKEY), -('textbox', 'a_part_ip_address', A_IP), -] -} - -RECORD_MOD_DATA = { -'fields': [ -('textbox', 'a_part_ip_address', '192.168.1.11'), -] -} - -CONFIG_MOD_DATA = { -'mod': [ -('checkbox', 'idnsallowsyncptr', 'checked'), -], -} - @pytest.mark.tier1 class test_dns(UI_driver): From b64f8fe24ce50ee7870c1c00dc60a49089624838 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Fri, 16 Feb 2018 18:12:48 +0100 Subject: [PATCH 2/3] webui:test realm
[Freeipa-devel] [freeipa PR#1592][opened] webui: hbactest: add tooltips to 'enabled' and 'disabled' checkboxes
URL: https://github.com/freeipa/freeipa/pull/1592 Author: pvoborni Title: #1592: webui: hbactest: add tooltips to 'enabled' and 'disabled' checkboxes Action: opened PR body: """ "Include enabled" and "Include disabled" checkboxes on "Rules" tab of HBAC Test Web UI page don't have any descriptions. It is not clear what they do from only the labels. This patch adds tooltips with metadata doc text of respected API options. I.e. in practice it adds the same as CLI help when user hovers over the checkbox label. ``` --enabledInclude all enabled IPA rules into test [default] --disabled Include all disabled IPA rules into test ``` """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1592/head:pr1592 git checkout pr1592 From 1c91a35587807ad6554c87bc3f1340c1ac9d2e88 Mon Sep 17 00:00:00 2001 From: Petr VobornikDate: Thu, 15 Feb 2018 21:17:25 +0100 Subject: [PATCH] webui: hbactest: add tooltips to 'enabled' and 'disabled' checkboxes "Include enabled" and "Include disabled" checkboxes on "Rules" tab of HBAC Test Web UI page don't have any descriptions. It is not clear what they do from only the labels. This patch adds tooltips with metadata doc text of respected API options. I.e. in practice it adds the same as CLI help when user hovers over the checkbox label. --enabledInclude all enabled IPA rules into test [default] --disabled Include all disabled IPA rules into test --- install/ui/src/freeipa/hbactest.js | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/install/ui/src/freeipa/hbactest.js b/install/ui/src/freeipa/hbactest.js index 83e609381f..81f9bbf7db 100644 --- a/install/ui/src/freeipa/hbactest.js +++ b/install/ui/src/freeipa/hbactest.js @@ -441,7 +441,8 @@ IPA.hbac.test_rules_facet = function(spec) { $('', { 'for': 'hbactest-rules-include-enabled', -text: text.get('@i18n:objects.hbactest.include_enabled') +text: text.get('@i18n:objects.hbactest.include_enabled'), +title: text.get('@mc-opt:hbactest:enabled:doc') }).appendTo(header); that.disabled = $('', { @@ -452,7 +453,8 @@ IPA.hbac.test_rules_facet = function(spec) { $('', { 'for': 'hbactest-rules-include-disabled', -text: text.get('@i18n:objects.hbactest.include_disabled') +text: text.get('@i18n:objects.hbactest.include_disabled'), +title: text.get('@mc-opt:hbactest:disabled:doc') }).appendTo(header); var content = $('', { ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#310][closed] WIP: CLI testing
URL: https://github.com/freeipa/freeipa/pull/310 Author: mirielka Title: #310: WIP: CLI testing Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/310/head:pr310 git checkout pr310 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1217][opened] [Backport][ipa-4-5] Include the CA basic constraint in CSRs when renewing a CA
URL: https://github.com/freeipa/freeipa/pull/1217 Author: pvoborni Title: #1217: [Backport][ipa-4-5] Include the CA basic constraint in CSRs when renewing a CA Action: opened PR body: """ Opened manually as backport of #963 manual changes done on cherry-pick are: ```diff diff --cc ipaserver/install/ipa_cacert_manage.py index fcbf091,86243d3..000 --- a/ipaserver/install/ipa_cacert_manage.py +++ b/ipaserver/install/ipa_cacert_manage.py @@@ -309,8 -302,9 +309,9 @@@ class CACertManage(admintool.AdminTool) def resubmit_request(self, ca='dogtag-ipa-ca-renew-agent', profile=''): timeout = api.env.startup_timeout + 60 -logger.debug("resubmitting certmonger request '%s'", self.request_id) +self.log.debug("resubmitting certmonger request '%s'", self.request_id) - certmonger.resubmit_request(self.request_id, ca=ca, profile=profile) + certmonger.resubmit_request(self.request_id, ca=ca, profile=profile, + is_ca=True) try: state = certmonger.wait_for_request(self.request_id, timeout) except RuntimeError: ``` (there was conflict in logging) """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1217/head:pr1217 git checkout pr1217 From 42a64c93e277e5e03ac8102abfa322adca5a6582 Mon Sep 17 00:00:00 2001 From: Rob CrittendenDate: Wed, 9 Aug 2017 17:28:35 -0400 Subject: [PATCH] Include the CA basic constraint in CSRs when renewing a CA The CSR generated by `ipa-cacert-manage renew --external-ca` did not include the CA basic constraint: X509v3 Basic Constraints: critical CA:TRUE Add a flag to certmonger::resubmit_request to specify that a CA is being requested. Note that this also sets pathlen to -1 which means an unlimited pathlen. Leave it up to the issuing CA to set this. https://pagure.io/freeipa/issue/7088 Reviewed-By: Florence Blanc-Renaud --- ipalib/install/certmonger.py | 13 +++-- ipaserver/install/ipa_cacert_manage.py | 3 ++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/ipalib/install/certmonger.py b/ipalib/install/certmonger.py index c286996ee2..d2b782ddb0 100644 --- a/ipalib/install/certmonger.py +++ b/ipalib/install/certmonger.py @@ -519,16 +519,25 @@ def modify(request_id, ca=None, profile=None): request.obj_if.modify(update) -def resubmit_request(request_id, ca=None, profile=None): +def resubmit_request(request_id, ca=None, profile=None, is_ca=False): +""" +:param request_id: the certmonger numeric request ID +:param ca: the nickname for the certmonger CA, e.g. IPA or SelfSign +:param profile: the dogtag template profile to use, e.g. SubCA +:param is_ca: boolean that if True adds the CA basic constraint +""" request = _get_request({'nickname': request_id}) if request: -if ca or profile: +if ca or profile or is_ca: update = {} if ca is not None: cm = _certmonger() update['CA'] = cm.obj_if.find_ca_by_nickname(ca) if profile is not None: update['template-profile'] = profile +if is_ca: +update['template-is-ca'] = True +update['template-ca-path-length'] = -1 # no path length request.obj_if.modify(update) request.obj_if.resubmit() diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py index fcbf09155a..9607620d6c 100644 --- a/ipaserver/install/ipa_cacert_manage.py +++ b/ipaserver/install/ipa_cacert_manage.py @@ -310,7 +310,8 @@ def resubmit_request(self, ca='dogtag-ipa-ca-renew-agent', profile=''): timeout = api.env.startup_timeout + 60 self.log.debug("resubmitting certmonger request '%s'", self.request_id) -certmonger.resubmit_request(self.request_id, ca=ca, profile=profile) +certmonger.resubmit_request(self.request_id, ca=ca, profile=profile, +is_ca=True) try: state = certmonger.wait_for_request(self.request_id, timeout) except RuntimeError: ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#956][opened] og progress of wait_for_open_ports
URL: https://github.com/freeipa/freeipa/pull/956 Author: pvoborni Title: #956: og progress of wait_for_open_ports Action: opened PR body: """ ### control logging of host_port_open from caller host_port_open copied logging behavior of ipa-replica-conncheck utility which doesn't make it much reusable. Now log level can be controlled from caller so other callers might use other logging level without host_port_open guessing what was the intention. ### log progress of wait_for_open_ports To know what to focus on when some check fail. E.g. to detect that IPv6 address or its resolution for localhost is misconfigured. Also gradually increases wait time so that it won't log 600 same messages when wait time is 600. https://pagure.io/freeipa/issue/7083 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/956/head:pr956 git checkout pr956 From 603456c3d18220d94e2c1b051b8baca19b9c3d61 Mon Sep 17 00:00:00 2001 From: Petr VobornikDate: Thu, 3 Aug 2017 15:48:33 +0200 Subject: [PATCH 1/2] control logging of host_port_open from caller host_port_open copied logging behavior of ipa-replica-conncheck utility which doesn't make it much reusable. Now log level can be controlled from caller so other callers might use other logging level without host_port_open guessing what was the intention. https://pagure.io/freeipa/issue/7083 --- install/tools/ipa-replica-conncheck | 7 ++- ipapython/ipautil.py| 14 -- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index 15e45e0a2f..5014ac0246 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -376,11 +376,16 @@ class PortResponder(threading.Thread): def port_check(host, port_list): ports_failed = [] ports_udp_warning = [] # conncheck could not verify that port is open +log_level = { +SOCK_DGRAM: logging.WARNING, +SOCK_STREAM: logging.ERROR +} for port in port_list: try: port_open = ipautil.host_port_open( host, port.port, port.port_type, -socket_timeout=CONNECT_TIMEOUT, log_errors=True) +socket_timeout=CONNECT_TIMEOUT, log_errors=True, +log_level=log_level[port.port_type]) except socket.gaierror: raise RuntimeError("Port check failed! Unable to resolve host name '%s'" % host) if port_open: diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index d2b5abb085..10a105b8fc 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -960,7 +960,8 @@ def user_input(prompt, default = None, allow_empty = True): def host_port_open(host, port, socket_type=socket.SOCK_STREAM, - socket_timeout=None, log_errors=False): + socket_timeout=None, log_errors=False, + log_level=logging.DEBUG): """ host: either hostname or IP address; if hostname is provided, port MUST be open on ALL resolved IPs @@ -986,19 +987,12 @@ def host_port_open(host, port, socket_type=socket.SOCK_STREAM, s.recv(512) except socket.error: port_open = False - if log_errors: -msg = ('Failed to connect to port %(port)d %(proto)s on ' +msg = ('Failed to connect to port %(port)s %(proto)s on ' '%(addr)s' % dict(port=port, proto=PROTOCOL_NAMES[socket_type], addr=sa[0])) - -# Do not log udp failures as errors (to be consistent with -# the rest of the code that checks for open ports) -if socket_type == socket.SOCK_DGRAM: -logger.warning('%s', msg) -else: -logger.error('%s', msg) +logger.log(log_level, '%s', msg) finally: if s is not None: s.close() From 43616dc7667e643a559a5a06d2a78de203069c0f Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Thu, 3 Aug 2017 16:03:29 +0200 Subject: [PATCH 2/2] log progress of wait_for_open_ports To know what to focus on when some check fail. E.g. to detect that IPv6 address or its resolution for localhost is misconfigured. Also gradually increases wait time so that it won't log 600 same messages when wait time is 600. https://pagure.io/freeipa/issue/7083 --- ipapython/ipautil.py | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 10a105b8fc..76059a0ba1 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -1222,16 +1222,20 @@ def wait_for_open_ports(host, ports, timeout=0): logger.debug('wait_for_open_ports: %s %s timeout %d', host, ports,
[Freeipa-devel] [freeipa PR#955][closed] host_port_open: revert to old behavior where one iface is sufficient
URL: https://github.com/freeipa/freeipa/pull/955 Author: pvoborni Title: #955: host_port_open: revert to old behavior where one iface is sufficient Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/955/head:pr955 git checkout pr955 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#955][opened] host_port_open: revert to old behavior where one iface is sufficient
URL: https://github.com/freeipa/freeipa/pull/955 Author: pvoborni Title: #955: host_port_open: revert to old behavior where one iface is sufficient Action: opened PR body: """ Commit a24cd01304aaef77b66d0e178585c9ec8bbce9b5 Changed behavior of host_port_open to require all discovered interfaces to listed on the port. But usage of host_port_open function in wait_for_open_ports function which is indirectly used from service.start might be still ok with only one interface. Requiring all interfaces might then cause issue(waiting till timeout) in IPA upgrader in specific DNS or network setups. https://pagure.io/freeipa/issue/7083 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/955/head:pr955 git checkout pr955 From f5a11c38d26a01a4e15bf61f2094a78de5a5561c Mon Sep 17 00:00:00 2001 From: Petr VobornikDate: Wed, 2 Aug 2017 17:52:58 +0200 Subject: [PATCH] host_port_open: revert to old behavior where one iface is sufficient Commit https://pagure.io/freeipa/c/a24cd01304aaef77b66d0e178585c9ec8bbce9b5 Changed behavior of host_port_open to require all discovered interfaces to listed on the port. But usage of host_port_open function in wait_for_open_ports function which is indirectly used from service.start might be still ok with only one interface. Requiring all interfaces might then cause issue in IPA upgrader in specific DNS or network setups. https://pagure.io/freeipa/issue/7083 --- install/tools/ipa-replica-conncheck | 3 ++- ipapython/ipautil.py| 13 - 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index 9b92de3f66..3835548e98 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -382,7 +382,8 @@ def port_check(host, port_list): try: port_open = ipautil.host_port_open( host, port.port, port.port_type, -socket_timeout=CONNECT_TIMEOUT, log_errors=True) +socket_timeout=CONNECT_TIMEOUT, log_errors=True, +check_all_ifaces=True) except socket.gaierror: raise RuntimeError("Port check failed! Unable to resolve host name '%s'" % host) if port_open: diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 1bb48d4fc2..6e61cad66b 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -959,14 +959,16 @@ def user_input(prompt, default = None, allow_empty = True): def host_port_open(host, port, socket_type=socket.SOCK_STREAM, - socket_timeout=None, log_errors=False): + socket_timeout=None, log_errors=False, + check_all_ifaces=False): """ host: either hostname or IP address; if hostname is provided, port MUST be open on ALL resolved IPs returns True is port is open, False otherwise """ -port_open = True +all_open = True +some_open = False # port has to be open on ALL resolved IPs for res in socket.getaddrinfo(host, port, socket.AF_UNSPEC, socket_type): @@ -983,9 +985,10 @@ def host_port_open(host, port, socket_type=socket.SOCK_STREAM, if socket_type == socket.SOCK_DGRAM: s.send('') s.recv(512) -except socket.error: -port_open = False +some_open = True +except socket.error: +all_open = False if log_errors: msg = ('Failed to connect to port %(port)d %(proto)s on ' '%(addr)s' % dict(port=port, @@ -1002,7 +1005,7 @@ def host_port_open(host, port, socket_type=socket.SOCK_STREAM, if s is not None: s.close() -return port_open +return all_open if check_all_ifaces else some_open def reverse_record_exists(ip_address): ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#864][comment] Create indexes for 'serverhostname' attribute
URL: https://github.com/freeipa/freeipa/pull/864 Title: #864: Create indexes for 'serverhostname' attribute pvoborni commented: """ Hi, why did you choose this implementation for the fix? Were removal/changes in host.get_dn() method considered? """ See the full comment at https://github.com/freeipa/freeipa/pull/864#issuecomment-307390913 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#855][comment] Prevent issues with older clients
URL: https://github.com/freeipa/freeipa/pull/855 Title: #855: Prevent issues with older clients pvoborni commented: """ @MartinBasti is the correct way how to solve this pylint issue to extend pylint_plugins.py? snippet. of similar vars: ```python fake_api_env = {'env': [ 'host', 'realm', 'session_auth_duration', 'session_duration_type', ]} # this is due ipaserver.rpcserver.KerberosSession where api is undefined fake_api = {'api': [fake_api_env] + NAMESPACE_ATTRS} ``` """ See the full comment at https://github.com/freeipa/freeipa/pull/855#issuecomment-306758867 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#855][+prioritized] Prevent issues with older clients
URL: https://github.com/freeipa/freeipa/pull/855 Title: #855: Prevent issues with older clients Label: +prioritized ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#823][+prioritized] ipa-kdb: reload certificate mapping rules periodically
URL: https://github.com/freeipa/freeipa/pull/823 Title: #823: ipa-kdb: reload certificate mapping rules periodically Label: +prioritized ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#816][+prioritized] only stop/disable simple service if it is installed
URL: https://github.com/freeipa/freeipa/pull/816 Title: #816: only stop/disable simple service if it is installed Label: +prioritized ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#790][+prioritized] RFC: API for reporting PKINIT status
URL: https://github.com/freeipa/freeipa/pull/790 Title: #790: RFC: API for reporting PKINIT status Label: +prioritized ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#795][+prioritized] dnskeysyncd: enable authlogin_nsswitch_use_ldap boolean
URL: https://github.com/freeipa/freeipa/pull/795 Title: #795: dnskeysyncd: enable authlogin_nsswitch_use_ldap boolean Label: +prioritized ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#801][+prioritized] httpinstance: wait until the service entry is replicated
URL: https://github.com/freeipa/freeipa/pull/801 Title: #801: httpinstance: wait until the service entry is replicated Label: +prioritized ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org