[Freeipa-devel] [freeipa PR#6100][opened] [Backport][ipa-4-9] fix(webui): create correct PTR record when navigated from host page

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/6100
Author: pvoborni
 Title: #6100: [Backport][ipa-4-9] fix(webui): create correct PTR record when 
navigated from host page
Action: opened

PR body:
"""
This PR is manual backport of pushed-to-master PR #6084 to ipa-4-9 branch. 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6100/head:pr6100
git checkout pr6100
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-devel] [freeipa PR#6084][opened] fix(webui): create correct PTR record when navigated from host page

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/6084
Author: pvoborni
 Title: #6084: fix(webui): create correct PTR record when navigated from host 
page
Action: opened

PR body:
"""

In scenario:
1. make sure that reverse zone doesn't have the desired PTR record
2. open host page of the host with matchnig the A record, e.g.: 
https://server.pvoborni.test/ipa/ui/#/e/host/details/test2.pvoborni.test
3. click on the "Host name" link, it will bring us to it's DNS record page. 
E.g., 
https://server.pvoborni.test/ipa/ui/#/e/dnsrecord/details/pvoborni.test
! notice the missing '.' in the URL after zone name (pvoborni.test)
4. click on the A record , dialog will show up, saying "record not found"
5. click on the "create DNS record"

PTR record created by Web UI doesn't have trailing '.' (is not fully
qualified record) even if the DNS zone is.

This patch is fixing the link to the DNS Record page so that the
page then correctly gets the DNS Zone name and thus creates a correct
fully qualified PTR record.

https://bugzilla.redhat.com/show_bug.cgi?id=2009114
https://pagure.io/freeipa/issue/9036

Signed-off-by: Petr Vobornik 
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6084/head:pr6084
git checkout pr6084
From a32efdbd4af3a6ce3335c5a106cfe5ed58abeec5 Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Mon, 4 Oct 2021 20:53:27 +0200
Subject: [PATCH 1/3] fix(webui): create correct PTR record when navigated from
 host page

In scenario:
1. make sure that reverse zone doesn't have the desired PTR record
2. open host page of the host with matchnig the A record, e.g.: https://server.pvoborni.test/ipa/ui/#/e/host/details/test2.pvoborni.test
3. click on the "Host name" link, it will bring us to it's DNS record page. E.g., https://server.pvoborni.test/ipa/ui/#/e/dnsrecord/details/pvoborni.test
! notice the missing '.' in the URL after zone name (pvoborni.test)
4. click on the A record , dialog will show up, saying "record not found"
5. click on the "create DNS record"

PTR record created by Web UI doesn't have trailing '.' (is not fully
qualified record) even if the DNS zone is.

This patch is fixing the link to the DNS Record page so that the
page then correctly gets the DNS Zone name and thus creates a correct
fully qualified PTR record.

https://bugzilla.redhat.com/show_bug.cgi?id=2009114
https://pagure.io/freeipa/issue/9036

Signed-off-by: Petr Vobornik 
---
 install/ui/src/freeipa/host.js   | 17 +++-
 install/ui/src/freeipa/widget.js |  3 ++
 ipatests/test_webui/test_dns.py  | 68 +++-
 3 files changed, 86 insertions(+), 2 deletions(-)

diff --git a/install/ui/src/freeipa/host.js b/install/ui/src/freeipa/host.js
index 81b6a3fc52d..c4c1e0491ce 100644
--- a/install/ui/src/freeipa/host.js
+++ b/install/ui/src/freeipa/host.js
@@ -840,7 +840,22 @@ IPA.host_dnsrecord_entity_link_widget = function(spec) {
 var first_dot = pkey.search(/\./);
 var pkeys = [];
 pkeys[1] = pkey.substring(0,first_dot);
-pkeys[0] = pkey.substring(first_dot+1);
+var dnszone = pkey.substring(first_dot+1);
+pkeys[0] = dnszone;
+
+// Check whether DNS record associated with the host belongs to a
+// fully qualified DNS zone (has trailing '.'). If so, modify the
+// pkey to be correct in the link.
+if (that.check_data && dnszone[dnszone.length-1] !== '.') {
+var avas = that.check_data.dn.split(',');
+for (var i=0, j=avas.length; i 0) {
+pkeys[0] = dnszone + '.';
+}
+}
+}
+
 return pkeys;
 };
 
diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js
index ec2d10503f0..025743a8d09 100644
--- a/install/ui/src/freeipa/widget.js
+++ b/install/ui/src/freeipa/widget.js
@@ -5223,6 +5223,9 @@ IPA.link_widget = function(spec) {
 retry: false,
 on_success: function(data) {
 that.is_link = data.result && data.result.result;
+if (that.is_link) {
+that.check_data = data.result.result;
+}
 that.update_link();
 },
 on_error: function() {
diff --git a/ipatests/test_webui/test_dns.py b/ipatests/test_webui/test_dns.py
index 864b8494b76..7d129db004e 100644
--- a/ipatests/test_webui/test_dns.py
+++ b/ipatests/test_webui/test_dns.py
@@ -24,7 +24,7 @@
 from ipatests.test_webui.ui_driver import UI_driver
 from ipatests.test_webui.ui_driver import screenshot
 from ipatests.test_webui.data_dns import (
-ZONE_ENTITY, FORWARD_ZONE_ENTITY, CONFIG_ENTITY,
+ZONE_ENTITY, FORWARD_ZONE_ENTITY, CONFIG_ENTITY, RECORD_ENTITY,
 ZONE_DEFAULT_FACET, ZONE_PKEY, ZONE_DATA, FORWARD_ZONE_PKEY,
 FORWARD_ZONE_DATA, RECORD_PKEY, A_IP, RECORD_ADD_DATA, RECORD_MOD_DATA,
 CONFIG_MOD_DATA
@@ -113,3 +113,69 @@ def test_config_crud(self):
 

[Freeipa-devel] [freeipa PR#2448][opened] ipa-advise: update url of cacerdir_rehash tool

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2448
Author: pvoborni
 Title: #2448: ipa-advise: update url of cacerdir_rehash tool
Action: opened

PR body:
"""
On legacy systems which don't have cacerdir_rehash tool (provided by authconfig)
the generated advise script downloads this tool from project page and uses it.

After decommision of Fedorahosted and move of authconfig project to Pagure,
this url was not updated in FreeIPA project.

This patch updates the url.

https://pagure.io/freeipa/issue/7731

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2448/head:pr2448
git checkout pr2448
From 3d8756c059b46ae64dc15cc0383204ff64551738 Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Fri, 12 Oct 2018 14:20:25 +0200
Subject: [PATCH] ipa-advise: update url of cacerdir_rehash tool

On legacy systems which don't have cacerdir_rehash tool (provided by authconfig)
the generated advise script downloads this tool from project page and uses it.

After decommision of Fedorahosted and move of authconfig project to Pagure,
this url was not updated in FreeIPA project.

This patch updates the url.

https://pagure.io/freeipa/issue/7731

Signed-off-by: Petr Vobornik 
---
 ipaserver/advise/plugins/legacy_clients.py | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ipaserver/advise/plugins/legacy_clients.py b/ipaserver/advise/plugins/legacy_clients.py
index 7916965ddd..2a56922b83 100644
--- a/ipaserver/advise/plugins/legacy_clients.py
+++ b/ipaserver/advise/plugins/legacy_clients.py
@@ -28,6 +28,9 @@
 
 register = Registry()
 
+CACERTDIR_REHASH_URL = ('https://pagure.io/authconfig/raw/master/f/'
+'cacertdir_rehash')
+
 
 class config_base_legacy_client(Advice):
 def get_uri_and_base(self):
@@ -50,8 +53,6 @@ def configure_ca_cert(self):
  'location. If this value is different on your system '
  'the script needs to be modified accordingly.\n')
 
-cacertdir_rehash = ('https://fedorahosted.org/authconfig/browser/'
-'cacertdir_rehash?format=txt')
 self.log.comment('Download the CA certificate of the IPA server')
 self.log.command('mkdir -p -m 755 /etc/openldap/cacerts')
 self.log.command('curl http://%s/ipa/config/ca.crt -o '
@@ -60,7 +61,8 @@ def configure_ca_cert(self):
 self.log.comment('Generate hashes for the openldap library')
 self.log.command('command -v cacertdir_rehash')
 self.log.command('if [ $? -ne 0 ] ; then')
-self.log.command(' curl "%s" -o cacertdir_rehash ;' % cacertdir_rehash)
+self.log.command(' curl "%s" -o cacertdir_rehash ;' %
+ CACERTDIR_REHASH_URL)
 self.log.command(' chmod 755 ./cacertdir_rehash ;')
 self.log.command(' ./cacertdir_rehash /etc/openldap/cacerts/ ;')
 self.log.command('else')
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1932][closed] test_server_del: fix TestServerDel suite

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1932
Author: pvoborni
 Title: #1932: test_server_del: fix TestServerDel suite
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1932/head:pr1932
git checkout pr1932
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/ILMT3ZYHW4VZXHPJPZZILOLFJAGMGD66/

[Freeipa-devel] [freeipa PR#2177][opened] webui: fix indentation on multiple places

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/2177
Author: pvoborni
 Title: #2177: webui: fix indentation on multiple places
Action: opened

PR body:
"""
## webui: change indentation of freeipa/_base/debug.js

Change to use spaces for indentation as it was the the only file
which uses tabs and not spaces.

## webui: remove mixed indentation in App and LoginScreen

Only spaces should be used for indentation.

It was introduced in commits:

* 7f9f59b
* 5d8fde0

Related to: https://pagure.io/freeipa/issue/7559
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2177/head:pr2177
git checkout pr2177
From 5976a6306688c2347233120461e6e2cf7b6cbe83 Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Fri, 20 Jul 2018 18:53:21 +0200
Subject: [PATCH 1/2] webui: change indentation of freeipa/_base/debug.js

Change to use spaces for indentation as it was the the only file
which uses tabs and not spaces.

Signed-off-by: Petr Vobornik 
---
 install/ui/src/freeipa/_base/debug.js | 38 +--
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/install/ui/src/freeipa/_base/debug.js b/install/ui/src/freeipa/_base/debug.js
index 1332aa7dd2..4fdfa63dd5 100644
--- a/install/ui/src/freeipa/_base/debug.js
+++ b/install/ui/src/freeipa/_base/debug.js
@@ -19,23 +19,23 @@
  */
 define([], function() {
 
-	/**
-	 * Debug module
-	 *
-	 * One can set flags to enable console output of various messages.
-	 *
-	 * """
-	 * var debug = require('freeipa._base.debug');
-	 * debug.provider_missing_value = true;
-	 * """
-	 *
-	 * Currently used flags
-	 *
-	 * - provider_missing_value
-	 *
-	 * @class _base.debug
-	 */
-	return {
-		provider_missing_value: false
-	};
+/**
+ * Debug module
+ *
+ * One can set flags to enable console output of various messages.
+ *
+ * """
+ * var debug = require('freeipa._base.debug');
+ * debug.provider_missing_value = true;
+ * """
+ *
+ * Currently used flags
+ *
+ * - provider_missing_value
+ *
+ * @class _base.debug
+ */
+return {
+provider_missing_value: false
+};
 });
\ No newline at end of file

From c22495abc256739d4f7c330114f2589f58324041 Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Fri, 20 Jul 2018 18:55:56 +0200
Subject: [PATCH 2/2] webui: remove mixed indentation in App and LoginScreen

Only spaces should be used for indentation.

It was introduced in commits:

* 7f9f59bae2a362ce945c49ad8342393b7a5c024f
* 5d8fde0ac1a43c8f3dbc53b44d69f3663a8b36fb

Related to: https://pagure.io/freeipa/issue/7559

Signed-off-by: Petr Vobornik 
---
 install/ui/src/freeipa/widgets/App.js | 8 
 install/ui/src/freeipa/widgets/LoginScreen.js | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/install/ui/src/freeipa/widgets/App.js b/install/ui/src/freeipa/widgets/App.js
index 75337f9b3b..3a139555a0 100644
--- a/install/ui/src/freeipa/widgets/App.js
+++ b/install/ui/src/freeipa/widgets/App.js
@@ -260,13 +260,13 @@ define(['dojo/_base/declare',
 {
 name: 'profile',
 label: text.get('@i18n:profile-menu.profile',
-			'Profile'),
+'Profile'),
 icon: 'fa-user'
 },
 {
 name: 'password_reset',
 label: text.get('@i18n:profile-menu.password_reset',
-			'Change password'),
+'Change password'),
 icon: 'fa-key'
 },
 {
@@ -275,7 +275,7 @@ define(['dojo/_base/declare',
 {
 name: 'configuration',
 label: text.get('@i18n:profile-menu.configuration',
-			'Customization'),
+'Customization'),
 icon: 'fa-gear'
 },
 {
@@ -289,7 +289,7 @@ define(['dojo/_base/declare',
 {
 name: 'logout',
 label: text.get('@i18n:profile-menu.logout',
-			'Log out'),
+'Log out'),
 icon: 'fa-sign-out'
 }
 ]
diff --git a/install/ui/src/freeipa/widgets/LoginScreen.js b/install/ui/src/freeipa/widgets/LoginScreen.js
index 745a71c18f..9e5f38b480 100644
--- a/install/ui/src/freeipa/widgets/LoginScreen.js
+++ b/install/ui/src/freeipa/widgets/LoginScreen.js
@@ -97,7 +97,7 @@ define(['dojo/_base/declare',
 
 this.cert_btn_node = IPA.button({
 name: 'cert_auth',
-		title: text.get('@i18n:login.login_certificate_desc',
+title: text.get('@i18n:login.login_certificate_desc',
 'Log in using personal certificate'),
  

[Freeipa-devel] [freeipa PR#1904][closed] [temp PR] f28 Patches and all nightly tests

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1904
Author: felipevolpone
 Title: #1904: [temp PR] f28 Patches and all nightly tests
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1904/head:pr1904
git checkout pr1904
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/ESRKLRA4VPSUTI5PSE4QP3GSG2IZBVCX/

[Freeipa-devel] [freeipa PR#1943][opened] [Backport][ipa-4-6] Fix test_server_del::TestLastServices

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1943
Author: pvoborni
 Title: #1943: [Backport][ipa-4-6] Fix test_server_del::TestLastServices
Action: opened

PR body:
"""
This PR was opened manually because PR #1913 was pushed to master and backport 
to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1943/head:pr1943
git checkout pr1943
From bfd3fa34e5fff5a4d463479017e99f7e169389d6 Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Thu, 10 May 2018 10:02:16 +0200
Subject: [PATCH 1/2] server-del do not return early if CA renewal master
 cannot be changed

Early return prevented adding last warning message in the method:
   "Ignoring these warnings and proceeding with removal"

And thus `check_master_removal` in `test_server_del` did not work.

https://pagure.io/freeipa/issue/7517

Signed-off-by: Petr Vobornik 
Reviewed-By: Florence Blanc-Renaud 
---
 ipaserver/plugins/server.py | 11 ---
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py
index 59e611fc4c..4ea6f5b4b4 100644
--- a/ipaserver/plugins/server.py
+++ b/ipaserver/plugins/server.py
@@ -523,16 +523,13 @@ def handler(msg, ignore_last_of_role):
   "leave your installation without a CA."),
 ignore_last_of_role)
 
+# change the renewal master if there is other master with CA
 if ca_renewal_master == hostname:
 other_cas = [ca for ca in ca_servers if ca != hostname]
 
-# if this is the last CA there is no other server to become
-# renewal master
-if not other_cas:
-return
-
-self.api.Command.config_mod(
-ca_renewal_master_server=other_cas[0])
+if other_cas:
+self.api.Command.config_mod(
+ca_renewal_master_server=other_cas[0])
 
 if ignore_last_of_role:
 self.add_message(

From a575151434dbd4ba8349c7788e426c828e7c5e67 Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Thu, 10 May 2018 12:53:20 +0200
Subject: [PATCH 2/2] Fix test_server_del::TestLastServices

The reason why the test started to fail is probably commit be3ad1e where the checks
were reordered. TestLastServices relies on execution of tests in a specific order.
So it fails given that checks were changed but tests weren't.

Given that master is installed with DNS and CA and replica with anything and given
that checks in server-del command are in order: DNS, DNSSec, CA, KRA then the test
should be something like:
* install master (with DNS, CA)
* install replica
* test test_removal_of_master_raises_error_about_last_dns
* test_install_dns_on_replica1_and_dnssec_on_master (installing DNS and
  DNSSec will allow DNSSec check)
* test_removal_of_master_raises_error_about_dnssec
* test_disable_dnssec_on_master (will allow CA check)
* test_removal_of_master_raises_error_about_last_ca
* test_forced_removal_of_master

https://pagure.io/freeipa/issue/7517

Signed-off-by: Petr Vobornik 
Reviewed-By: Florence Blanc-Renaud 
---
 ipatests/test_integration/test_server_del.py | 43 +---
 1 file changed, 26 insertions(+), 17 deletions(-)

diff --git a/ipatests/test_integration/test_server_del.py b/ipatests/test_integration/test_server_del.py
index f5738a3a59..c35bcb87d3 100644
--- a/ipatests/test_integration/test_server_del.py
+++ b/ipatests/test_integration/test_server_del.py
@@ -241,23 +241,6 @@ def install(cls, mh):
 cls.topology, cls.master, cls.replicas, [],
 domain_level=cls.domain_level, setup_replica_cas=False)
 
-def test_removal_of_master_raises_error_about_last_ca(self):
-"""
-test that removal of master fails on the last
-"""
-tasks.assert_error(
-tasks.run_server_del(self.replicas[0], self.master.hostname),
-"Deleting this server is not allowed as it would leave your "
-"installation without a CA.",
-1
-)
-
-def test_install_ca_on_replica1(self):
-"""
-Install CA on replica so that we can test DNS-related checks
-"""
-tasks.install_ca(self.replicas[0], domain_level=self.domain_level)
-
 def test_removal_of_master_raises_error_about_last_dns(self):
 """
 Now server-del should complain about the removal of last DNS server
@@ -291,6 +274,32 @@ def test_removal_of_master_raises_error_about_dnssec(self):
 1
 )
 
+def test_disable_dnssec_on_master(self):
+"""
+Disable DNSSec master so that it is not tested anymore. Normal way
+would be to move the DNSSec master to replica, but that is tested in
+DNSSec tests.

[Freeipa-devel] [freeipa PR#1733][closed] Corrected the size of the user profile-menu in the utility navbar.

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1733
Author: edward-of-clt
 Title: #1733: Corrected the size of the user profile-menu in the utility 
navbar.
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1733/head:pr1733
git checkout pr1733
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/BQXNMZNAPBGUEH76UM35ZDZR52IQMTRZ/

[Freeipa-devel] [freeipa PR#1913][opened] Fix test_server_del::TestLastServices

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1913
Author: pvoborni
 Title: #1913: Fix test_server_del::TestLastServices
Action: opened

PR body:
"""
this is just a quick check of theory outlined in PR #1809 

Commit details:

The reason why the test started to fail is probably commit be3ad1e where the 
checks
were reordered. TestLastServices relies on execution of tests in a specific 
order.
So it fails given that checks were changed but tests weren't.

Given that master is installed with DNS and CA and replica with anything and 
given
that checks in server-del command are in order: DNS, DNSSec, CA, KRA then the 
test
should be something like:
* install master (with DNS, CA)
* install replica
* test test_removal_of_master_raises_error_about_last_dns
* test_install_dns_on_replica1_and_dnssec_on_master (installing DNS and
  DNSSec will allow DNSSec check)
* test_removal_of_master_raises_error_about_dnssec
* test_install_dnssec_on_replica (will allow CA check)
* test_removal_of_master_raises_error_about_last_ca
* test_forced_removal_of_master

https://pagure.io/freeipa/issue/7517
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1913/head:pr1913
git checkout pr1913
From 751580fbab2727111bb3ed3316ad6aac9926ed82 Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Wed, 9 May 2018 12:35:26 +0200
Subject: [PATCH] Fix test_server_del::TestLastServices

The reason why the test started to fail is probably commit be3ad1e where the checks
were reordered. TestLastServices relies on execution of tests in a specific order.
So it fails given that checks were changed but tests weren't.

Given that master is installed with DNS and CA and replica with anything and given
that checks in server-del command are in order: DNS, DNSSec, CA, KRA then the test
should be something like:
* install master (with DNS, CA)
* install replica
* test test_removal_of_master_raises_error_about_last_dns
* test_install_dns_on_replica1_and_dnssec_on_master (installing DNS and
  DNSSec will allow DNSSec check)
* test_removal_of_master_raises_error_about_dnssec
* test_install_dnssec_on_replica (will allow CA check)
* test_removal_of_master_raises_error_about_last_ca
* test_forced_removal_of_master

https://pagure.io/freeipa/issue/7517
---
 .freeipa-pr-ci.yaml  | 185 ++-
 ipatests/test_integration/test_server_del.py |  41 +++---
 2 files changed, 36 insertions(+), 190 deletions(-)

diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index 88d34d58fc..6aaa173b95 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -3,14 +3,10 @@ topologies:
 name: build
 cpu: 2
 memory: 3800
-  master_1repl: _1repl
-name: master_1repl
-cpu: 4
-memory: 5750
-  master_1repl_1client: _1repl_1client
-name: master_1repl_1client
-cpu: 4
-memory: 6700
+master_2repl_1client: _2repl_1client
+name: master_2repl_1client
+cpu: 5
+memory: 9100
 
 jobs:
   fedora-27/build:
@@ -27,183 +23,26 @@ jobs:
 timeout: 1800
 topology: *build
 
-  fedora-27/simple_replication:
+  fedora-27/test_server_del:
 requires: [fedora-27/build]
 priority: 50
 job:
   class: RunPytest
   args:
 build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_simple_replication.py
+test_suite: test_integration/test_server_del.py::TestServerDel
 template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl
+timeout: 8000
+topology: *master_2repl_1client
 
-  fedora-27/caless:
+  fedora-27/test_server_del2:
 requires: [fedora-27/build]
 priority: 50
 job:
   class: RunPytest
   args:
 build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
+test_suite: test_integration/test_server_del.py::TestLastServices
 template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl
-
-  fedora-27/external_ca:
-requires: [fedora-27/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_external_ca.py::TestExternalCA test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall
-template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl
-
-  fedora-27/test_topologies:
-requires: [fedora-27/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_topologies.py
-template: *ci-master-f27
-timeout: 3600
-topology: *master_1repl
-
-  fedora-27/test_sudo:
-requires: [fedora-27/build]
-priority: 50
-job:
-  class: RunPytest
-  args:
-build_url: 

[Freeipa-devel] [freeipa PR#1782][opened] webui: refresh complex pages after modification

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1782
Author: pvoborni
 Title: #1782: webui: refresh complex pages after modification
Action: opened

PR body:
"""
Details facet for user, hosts, service, user override entities require
complex reload as they gather information from multiple sources - e.g.
all of them do cert-find. On update only $entity-mod is execute and its
result doesn't have all information required for refresh of the page
therefore some fields are missing or empty.

This patch modifies the facets to do full refresh instead of default
load and thus the pages will have all required info.

https://pagure.io/freeipa/issue/5776
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1782/head:pr1782
git checkout pr1782
From c612e673219353ec97596945e7390d827f0b9f4d Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Thu, 5 Apr 2018 13:56:00 +0200
Subject: [PATCH] webui: refresh complex pages after modification

Details facet for user, hosts, service, user override entities require
complex reload as they gather information from multiple sources - e.g.
all of them do cert-find. On update only $entity-mod is execute and its
result doesn't have all information required for refresh of the page
therefore some fields are missing or empty.

This patch modifies the facets to do full refresh instead of default
load and thus the pages will have all required info.

https://pagure.io/freeipa/issue/5776
---
 install/ui/src/freeipa/host.js| 6 ++
 install/ui/src/freeipa/idviews.js | 6 ++
 install/ui/src/freeipa/service.js | 6 ++
 install/ui/src/freeipa/user.js| 5 +
 4 files changed, 23 insertions(+)

diff --git a/install/ui/src/freeipa/host.js b/install/ui/src/freeipa/host.js
index acecff1e5b..8aa1ef9d8c 100644
--- a/install/ui/src/freeipa/host.js
+++ b/install/ui/src/freeipa/host.js
@@ -518,6 +518,12 @@ IPA.host.details_facet = function(spec, no_init) {
 return that.entity.name+'_show_'+that.get_pkey();
 };
 
+that.update_on_success = function(data, text_status, xhr) {
+that.on_update.notify();
+that.nofify_update_success();
+that.refresh();
+};
+
 if (!no_init) that.init_details_facet();
 
 return that;
diff --git a/install/ui/src/freeipa/idviews.js b/install/ui/src/freeipa/idviews.js
index 0511820e2b..b0ee8b5a03 100644
--- a/install/ui/src/freeipa/idviews.js
+++ b/install/ui/src/freeipa/idviews.js
@@ -450,6 +450,12 @@ idviews.id_override_user_details_facet = function(spec) {
 return batch;
 };
 
+that.update_on_success = function(data, text_status, xhr) {
+that.on_update.notify();
+that.nofify_update_success();
+that.refresh();
+};
+
 return that;
 };
 
diff --git a/install/ui/src/freeipa/service.js b/install/ui/src/freeipa/service.js
index c798d2999f..93808b0122 100644
--- a/install/ui/src/freeipa/service.js
+++ b/install/ui/src/freeipa/service.js
@@ -500,6 +500,12 @@ IPA.service.details_facet = function(spec, no_init) {
 return batch;
 };
 
+that.update_on_success = function(data, text_status, xhr) {
+that.on_update.notify();
+that.nofify_update_success();
+that.refresh();
+};
+
 if (!no_init) that.init_details_facet();
 
 return that;
diff --git a/install/ui/src/freeipa/user.js b/install/ui/src/freeipa/user.js
index 6b2bf196c3..30ab40fb33 100644
--- a/install/ui/src/freeipa/user.js
+++ b/install/ui/src/freeipa/user.js
@@ -621,6 +621,11 @@ IPA.user.details_facet = function(spec, no_init) {
 return batch;
 };
 
+that.update_on_success = function(data, text_status, xhr) {
+that.on_update.notify();
+that.nofify_update_success();
+that.refresh();
+};
 
 if (!no_init) that.init_details_facet();
 
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1771][opened] Fix order of commands in test for removing topology segments

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1771
Author: pvoborni
 Title: #1771: Fix order of commands in test for removing topology segments
Action: opened

PR body:
"""
this is an alternative approach to PR #1766 

test_topology_updated_on_replica_install_remove from the beginning used
invalid sequence of commands for removing a replica.

Proper order is:
  master$ ipa server-del $REPLICA
  replica$ ipa-server-install --uninstall

Alternatively usage of `ipa-replica-manage del $replica` instead of
`ipa server-del $replica` is possible. In essence ipa-replica-manage
calls the server-del command.

At some point there  was a plan to achieve uninstalation only through
`ipa-server-install --uninstall` but that was never achieved to this
date.

This change also removes the ugly wrapper which makes test collection
fail if no environment config is provided (i.e. replicas cannot be
indexed).
  $ pytest --collect-test ipatests/test_integration

https://pagure.io/freeipa/issue/6250
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1771/head:pr1771
git checkout pr1771
From 1002e4f4b363486c9104f7bebd479510757ded2e Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Wed, 4 Apr 2018 11:00:11 +0200
Subject: [PATCH] Fix order of commands in test for removing topology segments

test_topology_updated_on_replica_install_remove from the beginning used
invalid sequence of commands for removing a replica.

Proper order is:
  master$ ipa server-del $REPLICA
  replica$ ipa-server-install --uninstall

Alternatively usage of `ipa-replica-manage del $replica` instead of
`ipa server-del $replica` is possible. In essence ipa-replica-manage
calls the server-del command.

At some point there  was a plan to achieve uninstalation only through
`ipa-server-install --uninstall` but that was never achieved to this
date.

This change also removes the ugly wrapper which makes test collection
fail if no environment config is provided (i.e. replicas cannot be
indexed).
  $ pytest --collect-test ipatests/test_integration

https://pagure.io/freeipa/issue/6250
---
 ipatests/test_integration/test_topology.py | 30 +-
 1 file changed, 5 insertions(+), 25 deletions(-)

diff --git a/ipatests/test_integration/test_topology.py b/ipatests/test_integration/test_topology.py
index fb7047e32c..35898c0796 100644
--- a/ipatests/test_integration/test_topology.py
+++ b/ipatests/test_integration/test_topology.py
@@ -27,26 +27,6 @@ def find_segment(master, replica):
 return '-to-'.join(segment)
 
 
-def remove_segment(master, host1, host2):
-"""
-This removes a segment between host1 and host2 on master. The function is
-needed because test_add_remove_segment expects only one segment, but due to
-track tickete N 6250, the test_topology_updated_on_replica_install_remove
-leaves 2 topology segments
-"""
-def wrapper(func):
-def wrapped(*args, **kwargs):
-try:
-func(*args, **kwargs)
-finally:
-segment = find_segment(host1, host2)
-master.run_command(['ipa', 'topologysegment-del',
-DOMAIN_SUFFIX_NAME, segment],
-   raiseonerr=False)
-return wrapped
-return wrapper
-
-
 @pytest.mark.skipif(config.domain_level == 0, reason=reasoning)
 class TestTopologyOptions(IntegrationTest):
 num_replicas = 2
@@ -84,10 +64,7 @@ def tokenize_topologies(self, command_output):
   )
 return result
 
-@pytest.mark.xfail(reason="Trac 6250", strict=True)
-@remove_segment(config.domains[0].master,
-config.domains[0].master,
-config.domains[0].replicas[1])
+
 def test_topology_updated_on_replica_install_remove(self):
 """
 Install and remove a replica and make sure topology information is
@@ -120,8 +97,11 @@ def test_topology_updated_on_replica_install_remove(self):
 assert_deepequal(result3.stdout_text,  result4.stdout_text)
 # Now let's check that uninstalling the replica will update the topology
 # info on the rest of replicas.
-tasks.uninstall_master(self.replicas[1])
+# first step of uninstallation is removal of the replica on other
+# master, then it can be uninstalled. Doing it the other way is also
+# possible, but not reliable - some data might not be replicated.
 tasks.clean_replication_agreement(self.master, self.replicas[1])
+tasks.uninstall_master(self.replicas[1])
 result5 = self.master.run_command(['ipa', 'topologysegment-find',
DOMAIN_SUFFIX_NAME])
 num_entries = self.noentries_re.search(result5.stdout_text).group(1)
___
FreeIPA-devel mailing list -- 

[Freeipa-devel] [freeipa PR#1765][opened] [Backport][ipa-4-6] test realm domain add with DNS check

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1765
Author: pvoborni
 Title: #1765: [Backport][ipa-4-6] test realm domain add with DNS check
Action: opened

PR body:
"""
This is a backport of PR #1596 to ipa-4-6. A new ticket was created for the 
backport: https://pagure.io/freeipa/issue/7481  

Only commit message was changed.  So could be acked automatically as other 
backport patches.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1765/head:pr1765
git checkout pr1765
From 6bd4051108dad19a46e82315730dcb4e13ceca6b Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Fri, 16 Feb 2018 17:26:33 +0100
Subject: [PATCH 1/3] webui:tests: move DNS test data to separate file

So that the data can be used in other test without running
the DNS tests.

https://pagure.io/freeipa/issue/7481

Reviewed-By: Petr Cech 
---
 ipatests/test_webui/data_dns.py | 63 +++
 ipatests/test_webui/test_dns.py | 66 -
 2 files changed, 69 insertions(+), 60 deletions(-)
 create mode 100644 ipatests/test_webui/data_dns.py

diff --git a/ipatests/test_webui/data_dns.py b/ipatests/test_webui/data_dns.py
new file mode 100644
index 00..95e502adad
--- /dev/null
+++ b/ipatests/test_webui/data_dns.py
@@ -0,0 +1,63 @@
+#
+# Copyright (C) 2018  FreeIPA Contributors see COPYING for license
+#
+
+ZONE_ENTITY = 'dnszone'
+FORWARD_ZONE_ENTITY = 'dnsforwardzone'
+RECORD_ENTITY = 'dnsrecord'
+CONFIG_ENTITY = 'dnsconfig'
+
+ZONE_DEFAULT_FACET = 'records'
+
+ZONE_PKEY = 'foo.itest.'
+
+ZONE_DATA = {
+'pkey': ZONE_PKEY,
+'add': [
+('textbox', 'idnsname', ZONE_PKEY),
+],
+'mod': [
+('checkbox', 'idnsallowsyncptr', 'checked'),
+],
+}
+
+FORWARD_ZONE_PKEY = 'forward.itest.'
+
+FORWARD_ZONE_DATA = {
+'pkey': FORWARD_ZONE_PKEY,
+'add': [
+('textbox', 'idnsname', FORWARD_ZONE_PKEY),
+('multivalued', 'idnsforwarders', [
+('add', '192.168.2.1'),
+]),
+('radio', 'idnsforwardpolicy', 'only'),
+],
+'mod': [
+('multivalued', 'idnsforwarders', [
+('add', '192.168.3.1'),
+]),
+('checkbox', 'idnsforwardpolicy', 'first'),
+],
+}
+
+RECORD_PKEY = 'itest'
+A_IP = '192.168.1.10'
+RECORD_ADD_DATA = {
+'pkey': RECORD_PKEY,
+'add': [
+('textbox', 'idnsname', RECORD_PKEY),
+('textbox', 'a_part_ip_address', A_IP),
+]
+}
+
+RECORD_MOD_DATA = {
+'fields': [
+('textbox', 'a_part_ip_address', '192.168.1.11'),
+]
+}
+
+CONFIG_MOD_DATA = {
+'mod': [
+('checkbox', 'idnsallowsyncptr', 'checked'),
+],
+}
diff --git a/ipatests/test_webui/test_dns.py b/ipatests/test_webui/test_dns.py
index a576db9df7..24e79dd85a 100644
--- a/ipatests/test_webui/test_dns.py
+++ b/ipatests/test_webui/test_dns.py
@@ -23,68 +23,14 @@
 
 from ipatests.test_webui.ui_driver import UI_driver
 from ipatests.test_webui.ui_driver import screenshot
+from ipatests.test_webui.data_dns import (
+ZONE_ENTITY, FORWARD_ZONE_ENTITY, CONFIG_ENTITY,
+ZONE_DEFAULT_FACET, ZONE_PKEY, ZONE_DATA, FORWARD_ZONE_PKEY,
+FORWARD_ZONE_DATA, RECORD_PKEY, A_IP, RECORD_ADD_DATA, RECORD_MOD_DATA,
+CONFIG_MOD_DATA
+)
 import pytest
 
-ZONE_ENTITY = 'dnszone'
-FORWARD_ZONE_ENTITY = 'dnsforwardzone'
-RECORD_ENTITY = 'dnsrecord'
-CONFIG_ENTITY = 'dnsconfig'
-
-ZONE_DEFAULT_FACET = 'records'
-
-ZONE_PKEY = 'foo.itest.'
-
-ZONE_DATA = {
-'pkey': ZONE_PKEY,
-'add': [
-('textbox', 'idnsname', ZONE_PKEY),
-],
-'mod': [
-('checkbox', 'idnsallowsyncptr', 'checked'),
-],
-}
-
-FORWARD_ZONE_PKEY = 'forward.itest.'
-
-FORWARD_ZONE_DATA = {
-'pkey': FORWARD_ZONE_PKEY,
-'add': [
-('textbox', 'idnsname', FORWARD_ZONE_PKEY),
-('multivalued', 'idnsforwarders', [
-('add', '192.168.2.1'),
-]),
-('radio', 'idnsforwardpolicy', 'only'),
-],
-'mod': [
-('multivalued', 'idnsforwarders', [
-('add', '192.168.3.1'),
-]),
-('checkbox', 'idnsforwardpolicy', 'first'),
-],
-}
-
-RECORD_PKEY = 'itest'
-A_IP = '192.168.1.10'
-RECORD_ADD_DATA = {
-'pkey': RECORD_PKEY,
-'add': [
-('textbox', 'idnsname', RECORD_PKEY),
-('textbox', 'a_part_ip_address', A_IP),
-]
-}
-
-RECORD_MOD_DATA = {
-'fields': [
-('textbox', 'a_part_ip_address', '192.168.1.11'),
-]
-}
-
-CONFIG_MOD_DATA = {
-'mod': [
-('checkbox', 'idnsallowsyncptr', 'checked'),
-],
-}
-
 
 @pytest.mark.tier1
 class test_dns(UI_driver):

From 9cae0f3e8ecb75569b6a41411364c9e02a48adbf Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Fri, 16 Feb 2018 18:12:48 +0100
Subject: [PATCH 2/3] webui:tests: realm domain add with DNS check

Try adding and deleting with "Check DNS" (in html 'ok' button)

DNS check expects 

[Freeipa-devel] [freeipa PR#953][closed] [master] WebUI: Turn on pagination on certificate page

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/953
Author: pvomacka
 Title: #953: [master] WebUI: Turn on pagination on certificate page
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/953/head:pr953
git checkout pr953
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1598][opened] fastcheck: do not test context in pycodestyle

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1598
Author: pvoborni
 Title: #1598: fastcheck: do not test context in pycodestyle
Action: opened

PR body:
"""
`git diff` shows also context lines by default. When passed to pycodestyle
it can produce errors unrelated to changed lines. It prevents running of
subsequent checks.

Limiting context to 0 lines by `git diff -U0` enables to test only the
modified lines and allows to run subsequent checks.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1598/head:pr1598
git checkout pr1598
From 3deae5e7a856e8492c4374cd49bf99be5e885c0e Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Fri, 16 Feb 2018 17:23:23 +0100
Subject: [PATCH] fastcheck: do not test context in pycodestyle

`git diff` shows also context lines by default. When passed to pycodestyle
it can produce errors unrelated to changed lines. It prevents running of
subsequent checks.

Limiting context to 0 lines by `git diff -U0` enables to test only the
modified lines and allows to run subsequent checks.
---
 Makefile.am | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile.am b/Makefile.am
index a4381dd071..21fb6d19c7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -215,7 +215,7 @@ endif
 	echo -e "Fast linting files:\n$${FILES}\n"; \
 	echo "pycodestyle"; \
 	echo "---"; \
-	git diff $${MERGEBASE} | \
+	git diff -U0 $${MERGEBASE} | \
 	$(PYTHON) -m pycodestyle --diff || exit $$?; \
 	echo -e "\npylint"; \
 	echo "--"; \
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1597][opened] realm domains: improve doc text

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1597
Author: pvoborni
 Title: #1597: realm domains: improve doc text
Action: opened

PR body:
"""
It is quite unclear how realm domains behave without reading source
code. New doc text describes its purpose and how it is managed.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1597/head:pr1597
git checkout pr1597
From bcdb9c917d1db28179a2d6a167070df03e8601a3 Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Fri, 16 Feb 2018 20:58:52 +0100
Subject: [PATCH] realm domains: improve doc text

It is quite unclear how realm domains behave without reading source
code. New doc text describes its purpose and how it is managed.
---
 ipaserver/plugins/realmdomains.py | 26 --
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/ipaserver/plugins/realmdomains.py b/ipaserver/plugins/realmdomains.py
index 13631e47cc..619bc6f525 100644
--- a/ipaserver/plugins/realmdomains.py
+++ b/ipaserver/plugins/realmdomains.py
@@ -36,6 +36,16 @@
 
 Manage the list of domains associated with IPA realm.
 
+This list is useful for Domain Controllers from other realms which have
+established trust with this IPA realm. They need the information to know
+which request should be forwarded to KDC of this IPA realm.
+
+Automatic management: a domain is added to realm domains list automatically
+when new DNS Zone managed by IPA is created. Same applies for deletion.
+
+Externally managed DNS: domains which are not managed in IPA server DNS needs
+to be added to the list manually using `ipa realmdomains-mod` command.
+
 EXAMPLES:
 
  Display the current list of realm domains:
@@ -118,10 +128,22 @@ class realmdomains(LDAPObject):
 )
 
 
-
 @register()
 class realmdomains_mod(LDAPUpdate):
-__doc__ = _('Modify realm domains.')
+__doc__ = _("""
+Modify realm domains
+
+DNS check: When adding domain to the list manually, a DNS check is
+performed by default. It checks whether the domain is associated
+with the IPA realm. In practice it checks whether the domain has
+_kerberos TXT record containing IPA realm name. This check can be
+skipped by specifying --force option.
+
+Removal: when a realm domain which has a matching DNS zone managed by
+IPA is being removed, a corresponding _kerberos TXT record in the zone is
+removed automatically as well. Other records in the zone or the zone
+itself are not affected.
+""")
 
 takes_options = LDAPUpdate.takes_options + (
 Flag('force',
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1596][opened] webui:test realm domain add with DNS check

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1596
Author: pvoborni
 Title: #1596: webui:test realm domain add with DNS check
Action: opened

PR body:
"""
Try adding and deleting with "Check DNS" (in html 'ok' button)

DNS check expects that the added domain will have DNS record:
TXT kerberos.$domain "$REALM"

When a new domain is added using dnszone-add it automatically adds
this TXT record and adds a realm domain. So in order to test without
external DNS we must get into state where realm domain is not added
(in order to add it) but DNS domain with the TXT record exists.

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1596/head:pr1596
git checkout pr1596
From dc28d3653365d0a658b2ecb73f7d9c3bd603e465 Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Fri, 16 Feb 2018 17:26:33 +0100
Subject: [PATCH 1/3] webui:tests: move DNS test data to separate file

So that the data can be used in other test without running
the DNS tests.
---
 ipatests/test_webui/data_dns.py | 63 +++
 ipatests/test_webui/test_dns.py | 66 -
 2 files changed, 69 insertions(+), 60 deletions(-)
 create mode 100644 ipatests/test_webui/data_dns.py

diff --git a/ipatests/test_webui/data_dns.py b/ipatests/test_webui/data_dns.py
new file mode 100644
index 00..95e502adad
--- /dev/null
+++ b/ipatests/test_webui/data_dns.py
@@ -0,0 +1,63 @@
+#
+# Copyright (C) 2018  FreeIPA Contributors see COPYING for license
+#
+
+ZONE_ENTITY = 'dnszone'
+FORWARD_ZONE_ENTITY = 'dnsforwardzone'
+RECORD_ENTITY = 'dnsrecord'
+CONFIG_ENTITY = 'dnsconfig'
+
+ZONE_DEFAULT_FACET = 'records'
+
+ZONE_PKEY = 'foo.itest.'
+
+ZONE_DATA = {
+'pkey': ZONE_PKEY,
+'add': [
+('textbox', 'idnsname', ZONE_PKEY),
+],
+'mod': [
+('checkbox', 'idnsallowsyncptr', 'checked'),
+],
+}
+
+FORWARD_ZONE_PKEY = 'forward.itest.'
+
+FORWARD_ZONE_DATA = {
+'pkey': FORWARD_ZONE_PKEY,
+'add': [
+('textbox', 'idnsname', FORWARD_ZONE_PKEY),
+('multivalued', 'idnsforwarders', [
+('add', '192.168.2.1'),
+]),
+('radio', 'idnsforwardpolicy', 'only'),
+],
+'mod': [
+('multivalued', 'idnsforwarders', [
+('add', '192.168.3.1'),
+]),
+('checkbox', 'idnsforwardpolicy', 'first'),
+],
+}
+
+RECORD_PKEY = 'itest'
+A_IP = '192.168.1.10'
+RECORD_ADD_DATA = {
+'pkey': RECORD_PKEY,
+'add': [
+('textbox', 'idnsname', RECORD_PKEY),
+('textbox', 'a_part_ip_address', A_IP),
+]
+}
+
+RECORD_MOD_DATA = {
+'fields': [
+('textbox', 'a_part_ip_address', '192.168.1.11'),
+]
+}
+
+CONFIG_MOD_DATA = {
+'mod': [
+('checkbox', 'idnsallowsyncptr', 'checked'),
+],
+}
diff --git a/ipatests/test_webui/test_dns.py b/ipatests/test_webui/test_dns.py
index a576db9df7..24e79dd85a 100644
--- a/ipatests/test_webui/test_dns.py
+++ b/ipatests/test_webui/test_dns.py
@@ -23,68 +23,14 @@
 
 from ipatests.test_webui.ui_driver import UI_driver
 from ipatests.test_webui.ui_driver import screenshot
+from ipatests.test_webui.data_dns import (
+ZONE_ENTITY, FORWARD_ZONE_ENTITY, CONFIG_ENTITY,
+ZONE_DEFAULT_FACET, ZONE_PKEY, ZONE_DATA, FORWARD_ZONE_PKEY,
+FORWARD_ZONE_DATA, RECORD_PKEY, A_IP, RECORD_ADD_DATA, RECORD_MOD_DATA,
+CONFIG_MOD_DATA
+)
 import pytest
 
-ZONE_ENTITY = 'dnszone'
-FORWARD_ZONE_ENTITY = 'dnsforwardzone'
-RECORD_ENTITY = 'dnsrecord'
-CONFIG_ENTITY = 'dnsconfig'
-
-ZONE_DEFAULT_FACET = 'records'
-
-ZONE_PKEY = 'foo.itest.'
-
-ZONE_DATA = {
-'pkey': ZONE_PKEY,
-'add': [
-('textbox', 'idnsname', ZONE_PKEY),
-],
-'mod': [
-('checkbox', 'idnsallowsyncptr', 'checked'),
-],
-}
-
-FORWARD_ZONE_PKEY = 'forward.itest.'
-
-FORWARD_ZONE_DATA = {
-'pkey': FORWARD_ZONE_PKEY,
-'add': [
-('textbox', 'idnsname', FORWARD_ZONE_PKEY),
-('multivalued', 'idnsforwarders', [
-('add', '192.168.2.1'),
-]),
-('radio', 'idnsforwardpolicy', 'only'),
-],
-'mod': [
-('multivalued', 'idnsforwarders', [
-('add', '192.168.3.1'),
-]),
-('checkbox', 'idnsforwardpolicy', 'first'),
-],
-}
-
-RECORD_PKEY = 'itest'
-A_IP = '192.168.1.10'
-RECORD_ADD_DATA = {
-'pkey': RECORD_PKEY,
-'add': [
-('textbox', 'idnsname', RECORD_PKEY),
-('textbox', 'a_part_ip_address', A_IP),
-]
-}
-
-RECORD_MOD_DATA = {
-'fields': [
-('textbox', 'a_part_ip_address', '192.168.1.11'),
-]
-}
-
-CONFIG_MOD_DATA = {
-'mod': [
-('checkbox', 'idnsallowsyncptr', 'checked'),
-],
-}
-
 
 @pytest.mark.tier1
 class test_dns(UI_driver):

From b64f8fe24ce50ee7870c1c00dc60a49089624838 Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Fri, 16 Feb 2018 18:12:48 +0100
Subject: [PATCH 2/3] webui:test realm 

[Freeipa-devel] [freeipa PR#1592][opened] webui: hbactest: add tooltips to 'enabled' and 'disabled' checkboxes

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1592
Author: pvoborni
 Title: #1592: webui: hbactest: add tooltips to 'enabled' and 'disabled' 
checkboxes
Action: opened

PR body:
"""
"Include enabled" and "Include disabled" checkboxes on "Rules" tab
of HBAC Test Web UI page don't have any descriptions. It is not
clear what they do from only the labels.

This patch adds tooltips with metadata doc text of respected API
options. I.e. in practice it adds the same as CLI help when user
hovers over the checkbox label.
```
  --enabledInclude all enabled IPA rules into test [default]
  --disabled   Include all disabled IPA rules into test
```
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1592/head:pr1592
git checkout pr1592
From 1c91a35587807ad6554c87bc3f1340c1ac9d2e88 Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Thu, 15 Feb 2018 21:17:25 +0100
Subject: [PATCH] webui: hbactest: add tooltips to 'enabled' and 'disabled'
 checkboxes

"Include enabled" and "Include disabled" checkboxes on "Rules" tab
of HBAC Test Web UI page don't have any descriptions. It is not
clear what they do from only the labels.

This patch adds tooltips with metadata doc text of respected API
options. I.e. in practice it adds the same as CLI help when user
hovers over the checkbox label.

  --enabledInclude all enabled IPA rules into test [default]
  --disabled   Include all disabled IPA rules into test
---
 install/ui/src/freeipa/hbactest.js | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/install/ui/src/freeipa/hbactest.js b/install/ui/src/freeipa/hbactest.js
index 83e609381f..81f9bbf7db 100644
--- a/install/ui/src/freeipa/hbactest.js
+++ b/install/ui/src/freeipa/hbactest.js
@@ -441,7 +441,8 @@ IPA.hbac.test_rules_facet = function(spec) {
 
 $('', {
 'for': 'hbactest-rules-include-enabled',
-text: text.get('@i18n:objects.hbactest.include_enabled')
+text: text.get('@i18n:objects.hbactest.include_enabled'),
+title: text.get('@mc-opt:hbactest:enabled:doc')
 }).appendTo(header);
 
 that.disabled = $('', {
@@ -452,7 +453,8 @@ IPA.hbac.test_rules_facet = function(spec) {
 
 $('', {
 'for': 'hbactest-rules-include-disabled',
-text: text.get('@i18n:objects.hbactest.include_disabled')
+text: text.get('@i18n:objects.hbactest.include_disabled'),
+title: text.get('@mc-opt:hbactest:disabled:doc')
 }).appendTo(header);
 
 var content = $('', {
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#310][closed] WIP: CLI testing

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/310
Author: mirielka
 Title: #310: WIP: CLI testing
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/310/head:pr310
git checkout pr310
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#1217][opened] [Backport][ipa-4-5] Include the CA basic constraint in CSRs when renewing a CA

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/1217
Author: pvoborni
 Title: #1217:  [Backport][ipa-4-5]  Include the CA basic constraint in CSRs 
when renewing a CA
Action: opened

PR body:
"""
Opened manually as backport of #963
manual changes done on cherry-pick are:

```diff
diff --cc ipaserver/install/ipa_cacert_manage.py
index fcbf091,86243d3..000
--- a/ipaserver/install/ipa_cacert_manage.py
+++ b/ipaserver/install/ipa_cacert_manage.py
@@@ -309,8 -302,9 +309,9 @@@ class CACertManage(admintool.AdminTool)
  def resubmit_request(self, ca='dogtag-ipa-ca-renew-agent', profile=''):
  timeout = api.env.startup_timeout + 60
  
 -logger.debug("resubmitting certmonger request '%s'", self.request_id)
 +self.log.debug("resubmitting certmonger request '%s'", 
self.request_id)
- certmonger.resubmit_request(self.request_id, ca=ca, profile=profile)
+ certmonger.resubmit_request(self.request_id, ca=ca, profile=profile,
+ is_ca=True)
  try:
  state = certmonger.wait_for_request(self.request_id, timeout)
  except RuntimeError:

```
(there was conflict in logging)
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1217/head:pr1217
git checkout pr1217
From 42a64c93e277e5e03ac8102abfa322adca5a6582 Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Wed, 9 Aug 2017 17:28:35 -0400
Subject: [PATCH] Include the CA basic constraint in CSRs when renewing a CA

The CSR generated by `ipa-cacert-manage renew --external-ca` did
not include the CA basic constraint:

  X509v3 Basic Constraints: critical
  CA:TRUE

Add a flag to certmonger::resubmit_request to specify that a
CA is being requested.

Note that this also sets pathlen to -1 which means an unlimited
pathlen. Leave it up to the issuing CA to set this.

https://pagure.io/freeipa/issue/7088

Reviewed-By: Florence Blanc-Renaud 
---
 ipalib/install/certmonger.py   | 13 +++--
 ipaserver/install/ipa_cacert_manage.py |  3 ++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/ipalib/install/certmonger.py b/ipalib/install/certmonger.py
index c286996ee2..d2b782ddb0 100644
--- a/ipalib/install/certmonger.py
+++ b/ipalib/install/certmonger.py
@@ -519,16 +519,25 @@ def modify(request_id, ca=None, profile=None):
 request.obj_if.modify(update)
 
 
-def resubmit_request(request_id, ca=None, profile=None):
+def resubmit_request(request_id, ca=None, profile=None, is_ca=False):
+"""
+:param request_id: the certmonger numeric request ID
+:param ca: the nickname for the certmonger CA, e.g. IPA or SelfSign
+:param profile: the dogtag template profile to use, e.g. SubCA
+:param is_ca: boolean that if True adds the CA basic constraint
+"""
 request = _get_request({'nickname': request_id})
 if request:
-if ca or profile:
+if ca or profile or is_ca:
 update = {}
 if ca is not None:
 cm = _certmonger()
 update['CA'] = cm.obj_if.find_ca_by_nickname(ca)
 if profile is not None:
 update['template-profile'] = profile
+if is_ca:
+update['template-is-ca'] = True
+update['template-ca-path-length'] = -1  # no path length
 request.obj_if.modify(update)
 request.obj_if.resubmit()
 
diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py
index fcbf09155a..9607620d6c 100644
--- a/ipaserver/install/ipa_cacert_manage.py
+++ b/ipaserver/install/ipa_cacert_manage.py
@@ -310,7 +310,8 @@ def resubmit_request(self, ca='dogtag-ipa-ca-renew-agent', profile=''):
 timeout = api.env.startup_timeout + 60
 
 self.log.debug("resubmitting certmonger request '%s'", self.request_id)
-certmonger.resubmit_request(self.request_id, ca=ca, profile=profile)
+certmonger.resubmit_request(self.request_id, ca=ca, profile=profile,
+is_ca=True)
 try:
 state = certmonger.wait_for_request(self.request_id, timeout)
 except RuntimeError:
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#956][opened] og progress of wait_for_open_ports

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/956
Author: pvoborni
 Title: #956: og progress of wait_for_open_ports
Action: opened

PR body:
"""
### control logging of host_port_open from caller

host_port_open copied logging behavior of ipa-replica-conncheck utility
which doesn't make it much reusable.

Now log level can be controlled from caller so other callers might use
other logging level without host_port_open guessing what was the
intention.

### log progress of wait_for_open_ports

To know what to focus on when some check fail. E.g. to detect that
IPv6 address or its resolution for localhost is misconfigured.

Also gradually increases wait time so that it won't log 600 same
messages when wait time is 600.

https://pagure.io/freeipa/issue/7083
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/956/head:pr956
git checkout pr956
From 603456c3d18220d94e2c1b051b8baca19b9c3d61 Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Thu, 3 Aug 2017 15:48:33 +0200
Subject: [PATCH 1/2] control logging of host_port_open from caller

host_port_open copied logging behavior of ipa-replica-conncheck utility
which doesn't make it much reusable.

Now log level can be controlled from caller so other callers might use
other logging level without host_port_open guessing what was the
intention.

https://pagure.io/freeipa/issue/7083
---
 install/tools/ipa-replica-conncheck |  7 ++-
 ipapython/ipautil.py| 14 --
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index 15e45e0a2f..5014ac0246 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -376,11 +376,16 @@ class PortResponder(threading.Thread):
 def port_check(host, port_list):
 ports_failed = []
 ports_udp_warning = []  # conncheck could not verify that port is open
+log_level = {
+SOCK_DGRAM: logging.WARNING,
+SOCK_STREAM: logging.ERROR
+}
 for port in port_list:
 try:
 port_open = ipautil.host_port_open(
 host, port.port, port.port_type,
-socket_timeout=CONNECT_TIMEOUT, log_errors=True)
+socket_timeout=CONNECT_TIMEOUT, log_errors=True,
+log_level=log_level[port.port_type])
 except socket.gaierror:
 raise RuntimeError("Port check failed! Unable to resolve host name '%s'" % host)
 if port_open:
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index d2b5abb085..10a105b8fc 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -960,7 +960,8 @@ def user_input(prompt, default = None, allow_empty = True):
 
 
 def host_port_open(host, port, socket_type=socket.SOCK_STREAM,
-   socket_timeout=None, log_errors=False):
+   socket_timeout=None, log_errors=False,
+   log_level=logging.DEBUG):
 """
 host: either hostname or IP address;
   if hostname is provided, port MUST be open on ALL resolved IPs
@@ -986,19 +987,12 @@ def host_port_open(host, port, socket_type=socket.SOCK_STREAM,
 s.recv(512)
 except socket.error:
 port_open = False
-
 if log_errors:
-msg = ('Failed to connect to port %(port)d %(proto)s on '
+msg = ('Failed to connect to port %(port)s %(proto)s on '
'%(addr)s' % dict(port=port,
  proto=PROTOCOL_NAMES[socket_type],
  addr=sa[0]))
-
-# Do not log udp failures as errors (to be consistent with
-# the rest of the code that checks for open ports)
-if socket_type == socket.SOCK_DGRAM:
-logger.warning('%s', msg)
-else:
-logger.error('%s', msg)
+logger.log(log_level, '%s', msg)
 finally:
 if s is not None:
 s.close()

From 43616dc7667e643a559a5a06d2a78de203069c0f Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Thu, 3 Aug 2017 16:03:29 +0200
Subject: [PATCH 2/2] log progress of wait_for_open_ports

To know what to focus on when some check fail. E.g. to detect that
IPv6 address or its resolution for localhost is misconfigured.

Also gradually increases wait time so that it won't log 600 same
messages when wait time is 600.

https://pagure.io/freeipa/issue/7083
---
 ipapython/ipautil.py | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 10a105b8fc..76059a0ba1 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -1222,16 +1222,20 @@ def wait_for_open_ports(host, ports, timeout=0):
 
 logger.debug('wait_for_open_ports: %s %s timeout %d', host, ports, 

[Freeipa-devel] [freeipa PR#955][closed] host_port_open: revert to old behavior where one iface is sufficient

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/955
Author: pvoborni
 Title: #955: host_port_open: revert to old behavior where one iface is 
sufficient
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/955/head:pr955
git checkout pr955
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#955][opened] host_port_open: revert to old behavior where one iface is sufficient

[pvoborni via FreeIPA-devel]

   URL: https://github.com/freeipa/freeipa/pull/955
Author: pvoborni
 Title: #955: host_port_open: revert to old behavior where one iface is 
sufficient
Action: opened

PR body:
"""
Commit a24cd01304aaef77b66d0e178585c9ec8bbce9b5

Changed behavior of host_port_open to require all discovered interfaces to
listed on the port.

But usage of host_port_open function in wait_for_open_ports function which is
indirectly used from service.start might be still ok with only one interface.

Requiring all interfaces might then cause issue(waiting till timeout) in IPA 
upgrader in specific DNS
or network setups.

https://pagure.io/freeipa/issue/7083
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/955/head:pr955
git checkout pr955
From f5a11c38d26a01a4e15bf61f2094a78de5a5561c Mon Sep 17 00:00:00 2001
From: Petr Vobornik 
Date: Wed, 2 Aug 2017 17:52:58 +0200
Subject: [PATCH] host_port_open: revert to old behavior where one iface is
 sufficient

Commit https://pagure.io/freeipa/c/a24cd01304aaef77b66d0e178585c9ec8bbce9b5

Changed behavior of host_port_open to require all discovered interfaces to
listed on the port.

But usage of host_port_open function in wait_for_open_ports function which is
indirectly used from service.start might be still ok with only one interface.

Requiring all interfaces might then cause issue in IPA upgrader in specific DNS
or network setups.

https://pagure.io/freeipa/issue/7083
---
 install/tools/ipa-replica-conncheck |  3 ++-
 ipapython/ipautil.py| 13 -
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index 9b92de3f66..3835548e98 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -382,7 +382,8 @@ def port_check(host, port_list):
 try:
 port_open = ipautil.host_port_open(
 host, port.port, port.port_type,
-socket_timeout=CONNECT_TIMEOUT, log_errors=True)
+socket_timeout=CONNECT_TIMEOUT, log_errors=True,
+check_all_ifaces=True)
 except socket.gaierror:
 raise RuntimeError("Port check failed! Unable to resolve host name '%s'" % host)
 if port_open:
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 1bb48d4fc2..6e61cad66b 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -959,14 +959,16 @@ def user_input(prompt, default = None, allow_empty = True):
 
 
 def host_port_open(host, port, socket_type=socket.SOCK_STREAM,
-   socket_timeout=None, log_errors=False):
+   socket_timeout=None, log_errors=False,
+   check_all_ifaces=False):
 """
 host: either hostname or IP address;
   if hostname is provided, port MUST be open on ALL resolved IPs
 
 returns True is port is open, False otherwise
 """
-port_open = True
+all_open = True
+some_open = False
 
 # port has to be open on ALL resolved IPs
 for res in socket.getaddrinfo(host, port, socket.AF_UNSPEC, socket_type):
@@ -983,9 +985,10 @@ def host_port_open(host, port, socket_type=socket.SOCK_STREAM,
 if socket_type == socket.SOCK_DGRAM:
 s.send('')
 s.recv(512)
-except socket.error:
-port_open = False
 
+some_open = True
+except socket.error:
+all_open = False
 if log_errors:
 msg = ('Failed to connect to port %(port)d %(proto)s on '
'%(addr)s' % dict(port=port,
@@ -1002,7 +1005,7 @@ def host_port_open(host, port, socket_type=socket.SOCK_STREAM,
 if s is not None:
 s.close()
 
-return port_open
+return all_open if check_all_ifaces else some_open
 
 
 def reverse_record_exists(ip_address):
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#864][comment] Create indexes for 'serverhostname' attribute

[pvoborni via FreeIPA-devel]

  URL: https://github.com/freeipa/freeipa/pull/864
Title: #864: Create indexes for 'serverhostname' attribute

pvoborni commented:
"""
Hi, why did you choose this implementation for the fix? Were removal/changes in 
host.get_dn() method considered? 
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/864#issuecomment-307390913
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#855][comment] Prevent issues with older clients

[pvoborni via FreeIPA-devel]

  URL: https://github.com/freeipa/freeipa/pull/855
Title: #855: Prevent issues with older clients

pvoborni commented:
"""
@MartinBasti is the correct way how to solve this pylint issue to extend 
pylint_plugins.py?

snippet. of similar vars: 
```python
fake_api_env = {'env': [
'host',
'realm',
'session_auth_duration',
'session_duration_type',
]}

# this is due ipaserver.rpcserver.KerberosSession where api is undefined
fake_api = {'api': [fake_api_env] + NAMESPACE_ATTRS}
```
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/855#issuecomment-306758867
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#855][+prioritized] Prevent issues with older clients

[pvoborni via FreeIPA-devel]

  URL: https://github.com/freeipa/freeipa/pull/855
Title: #855: Prevent issues with older clients

Label: +prioritized
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#823][+prioritized] ipa-kdb: reload certificate mapping rules periodically

[pvoborni via FreeIPA-devel]

  URL: https://github.com/freeipa/freeipa/pull/823
Title: #823: ipa-kdb: reload certificate mapping rules periodically

Label: +prioritized
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#816][+prioritized] only stop/disable simple service if it is installed

[pvoborni via FreeIPA-devel]

  URL: https://github.com/freeipa/freeipa/pull/816
Title: #816: only stop/disable simple service if it is installed

Label: +prioritized
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#790][+prioritized] RFC: API for reporting PKINIT status

[pvoborni via FreeIPA-devel]

  URL: https://github.com/freeipa/freeipa/pull/790
Title: #790: RFC: API for reporting PKINIT status

Label: +prioritized
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#795][+prioritized] dnskeysyncd: enable authlogin_nsswitch_use_ldap boolean

[pvoborni via FreeIPA-devel]

  URL: https://github.com/freeipa/freeipa/pull/795
Title: #795: dnskeysyncd: enable authlogin_nsswitch_use_ldap boolean

Label: +prioritized
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#801][+prioritized] httpinstance: wait until the service entry is replicated

[pvoborni via FreeIPA-devel]

  URL: https://github.com/freeipa/freeipa/pull/801
Title: #801: httpinstance: wait until the service entry is replicated

Label: +prioritized
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org