[Freeipa-devel] [freeipa PR#1416][opened] Do not allow users delete their last otp token
URL: https://github.com/freeipa/freeipa/pull/1416
Author: felipevolpone
Title: #1416: Do not allow users delete their last otp token
Action: opened
PR body:
"""
This adds a new verification on the ipa_otp_lasttoken 389 plugin, in order to
do not allow users delete their
last otp token. The verification is done checking if the global configuration
is set to otp in `cn=ipaConfig,cn=etc`
Fixes: [7012](https://pagure.io/freeipa/issue/7012)
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1416/head:pr1416
git checkout pr1416
From 1f626781d0aaa8866d248abcbc8aedb943c7 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Wed, 20 Dec 2017 09:44:20 -0200
Subject: [PATCH] Do not allow users delete their last otp token
This adds a new verification on the ipa_otp_lasttoken
389 plugin, in order to do not allow users delete their
last otp token. The verification is done checking if the
global configuration is set to otp in cn=ipaConfig,cn=etc.
Fixes: 7012
---
.../ipa-otp-lasttoken/ipa_otp_lasttoken.c | 38 +++
ipatests/test_integration/test_otp.py | 54 ++
2 files changed, 92 insertions(+)
create mode 100644 ipatests/test_integration/test_otp.py
diff --git a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
index a085a3a328..3f59f08840 100644
--- a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
+++ b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
@@ -105,6 +105,41 @@ static bool sdn_is_only_enabled_token(Slapi_DN *target_sdn, const char *user_dn)
return result;
}
+static bool is_otp_enabled(const char *user_dn)
+{
+char *attrs[] = { "ipaUserAuthType", NULL };
+Slapi_Entry *entry = NULL;
+Slapi_DN *sdn;
+const Slapi_DN *base;
+uint32_t authtypes;
+int search_result = 0;
+char *authConfigDN;
+
+sdn = slapi_sdn_new_dn_byval(user_dn);
+base = slapi_get_suffix_by_dn(sdn);
+
+authConfigDN = slapi_ch_smprintf("cn=ipaConfig,cn=etc,%s",
+ slapi_sdn_get_dn(base));
+sdn = slapi_sdn_new_dn_byval(authConfigDN);
+
+search_result = slapi_search_internal_get_entry(sdn, attrs, &entry,
+otp_config_plugin_id(otp_config));
+if (search_result != LDAP_SUCCESS) {
+LOG_TRACE("File '%s' line %d: Unable to access LDAP entry '%s'. "
+"Perhaps it doesn't exist? Error code: %d\n", __FILE__,
+__LINE__, slapi_sdn_get_dn(sdn), search_result);
+}
+
+slapi_sdn_free(&sdn);
+if (entry == NULL)
+return false;
+
+authtypes = otp_config_auth_types(otp_config, entry);
+slapi_entry_free(entry);
+
+return authtypes & OTP_CONFIG_AUTH_TYPE_OTP;
+}
+
static bool is_pwd_enabled(const char *user_dn)
{
char *attrs[] = { "ipaUserAuthType", NULL };
@@ -159,6 +194,9 @@ static bool is_allowed(Slapi_PBlock *pb, Slapi_Entry *entry)
if (!sdn_is_only_enabled_token(target_sdn, bind_dn))
return true;
+if (is_otp_enabled(bind_dn))
+return false;
+
if (is_pwd_enabled(bind_dn))
return true;
diff --git a/ipatests/test_integration/test_otp.py b/ipatests/test_integration/test_otp.py
new file mode 100644
index 00..d6935886d1
--- /dev/null
+++ b/ipatests/test_integration/test_otp.py
@@ -0,0 +1,54 @@
+#
+# Copyright (C) 2017 FreeIPA Contributors see COPYING for license
+#
+
+from ipatests.test_integration.base import IntegrationTest
+from ipatests.pytest_plugins.integration import tasks
+
+
+class TestOTPTokenCommand(IntegrationTest):
+"""Test functionality of the ipa otptoken-* commands"""
+
+topology = 'line'
+
+def test_delete_last_active_otp_token(self):
+"""Test if a user is able to delete their last token"""
+
+pwd = '12345678'
+new_pwd = 'Secret123'
+user_login = 'test1'
+
+tasks.kinit_admin(self.master)
+self.master.run_command(['ipa', 'user-add', user_login,
+ '--first', 'test', '--last', 'user',
+ '--password'],
+ stdin_text=pwd)
+
+self.master.run_command(['ipa', 'passwd', user_login],
+stdin_text=new_pwd)
+
+# set the global configs
+self.master.run_command(['ipa', 'config-mod',
+ '--user-auth-type', 'otp'])
+
+self.master.run_command(['kdestroy', '-A'])
+
+# write the password down three times as it's needed when
+# doing "kinit" for the first time
+user_kinit_stdin_text = "%s\n%s\n%s\n" % (new_pwd, new_pwd, new_pwd)
+self.master.run_command(['kinit', user_login],
+stdin_text=user_kinit_stdin_text)
+
+result = self.master.run_command(['ipa', 'otptoken-add'])
+as
[Freeipa-devel] [freeipa PR#1423][opened] IntegrationTests now collects logs from all test methods
URL: https://github.com/freeipa/freeipa/pull/1423
Author: felipevolpone
Title: #1423: IntegrationTests now collects logs from all test methods
Action: opened
PR body:
"""
It was missing the configuration and the proper use of the logfile_dir. Also,
the dict of
logs to be collected should not be cleared. Now, all logs from all test methods
will
be collected.
It's useful to say that it doesn't mean that all methods are changing the
environment
or installing/reinstalling freeIPA. So, it's possible that some logs in
different methods
would be the same.
Fixes: #7310 and #7335
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1423/head:pr1423
git checkout pr1423
From 85e31a315a789575b45316756c0b6fa6f1e0ef36 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Wed, 27 Dec 2017 10:02:39 -0200
Subject: [PATCH] IntegrationTests now collects logs from all test methods
It was missing the configuration and the properly use of
the logfile_dir property and the dict of logs to be
collected should not be cleared. Now, all logs from all
test methods will be collected.
It's useful to say that it doesn't mean that all methods
are changing the environment or installing/reinstalling
freeIPA. So, it's possible that some logs in different
methods would be the same.
Fixes: #7310 and #7335
---
ipatests/pytest_plugins/integration/__init__.py | 18 --
ipatests/pytest_plugins/integration/config.py | 2 ++
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/ipatests/pytest_plugins/integration/__init__.py b/ipatests/pytest_plugins/integration/__init__.py
index bee669b0dd..1bc1ba460e 100644
--- a/ipatests/pytest_plugins/integration/__init__.py
+++ b/ipatests/pytest_plugins/integration/__init__.py
@@ -55,7 +55,7 @@ def _get_logname_from_node(node):
return name
-def collect_test_logs(node, logs_dict, test_config):
+def collect_test_logs(node, logs_dict, test_config, custom_config):
"""Collect logs from a test
Calls collect_logs
@@ -64,10 +64,14 @@ def collect_test_logs(node, logs_dict, test_config):
:param logs_dict: Mapping of host to list of log filnames to collect
:param test_config: Pytest configuration
"""
+logfile_dir = test_config.getoption('logfile_dir')
+if not logfile_dir:
+logfile_dir = custom_config.logfile_dir
+
collect_logs(
name=_get_logname_from_node(node),
logs_dict=logs_dict,
-logfile_dir=test_config.getoption('logfile_dir'),
+logfile_dir=logfile_dir,
beakerlib_plugin=test_config.pluginmanager.getplugin('BeakerLibPlugin'),
)
@@ -179,8 +183,6 @@ def collect_logs(name, logs_dict, logfile_dir=None, beakerlib_plugin=None):
else:
shutil.rmtree(topdirname)
-logs_dict.clear()
-
@pytest.fixture(scope='class')
def class_integration_logs():
@@ -194,7 +196,8 @@ def integration_logs(class_integration_logs, request):
"""
yield class_integration_logs
hosts = class_integration_logs.keys()
-collect_test_logs(request.node, class_integration_logs, request.config)
+collect_test_logs(request.node, class_integration_logs,
+ request.config, request.cls.custom_config)
collect_systemd_journal(request.node, hosts, request.config)
@@ -229,6 +232,8 @@ def mh(request, class_integration_logs):
_config=get_global_config(),
)
+request.cls.custom_config = mh.config
+
mh.domain = mh.config.domains[0]
[mh.master] = mh.domain.hosts_by_role('master')
mh.replicas = mh.domain.hosts_by_role('replica')
@@ -255,7 +260,8 @@ def collect_log(host, filename):
for host in cls.get_all_hosts():
host.remove_log_collector(collect_log)
-collect_test_logs(request.node, class_integration_logs, request.config)
+collect_test_logs(request.node, class_integration_logs,
+ request.config, mh.config)
def setup_class(cls, mh):
diff --git a/ipatests/pytest_plugins/integration/config.py b/ipatests/pytest_plugins/integration/config.py
index 734a2d92f1..1a2a31dddc 100644
--- a/ipatests/pytest_plugins/integration/config.py
+++ b/ipatests/pytest_plugins/integration/config.py
@@ -42,6 +42,7 @@ class Config(pytest_multihost.config.Config):
'dns_forwarder',
'domain_level',
'log_journal_since',
+'logfile_dir',
}
def __init__(self, **kwargs):
@@ -63,6 +64,7 @@ def __init__(self, **kwargs):
# 8.8.8.8 is probably the best-known public DNS
self.dns_forwarder = kwargs.get('dns_forwarder') or '8.8.8.8'
self.debug = False
+self.logfile_dir = kwargs.get('logfile_dir')
self.log_journal_since = kwargs.get('log_journal_since') or '-1h'
if self.domain_level is None:
self.domain_level = MAX_DOMAIN_LEVEL
___
FreeIPA-devel mailing list -- freeipa-devel@li
[Freeipa-devel] [freeipa PR#1424][opened] Fixing how to parse the backup dir in test_backup_and_restore
URL: https://github.com/freeipa/freeipa/pull/1424
Author: felipevolpone
Title: #1424: Fixing how to parse the backup dir in test_backup_and_restore
Action: opened
PR body:
"""
Fixing how the test_backup_and_restore.py suite parses the output
from the `ipa-backup -v` command in order to get the backup directory.
Fixes: [#7339](https://pagure.io/freeipa/issue/7339)
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1424/head:pr1424
git checkout pr1424
From 3fa1b050d73340da26755775faf5c42267f63fd6 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Thu, 28 Dec 2017 16:50:40 -0200
Subject: [PATCH] Fixing how to parse the backup dir from the ipa-backup output
Fixing how the test_backup_and_restore.py suite parses the output
from the `ipa-backup -v` command in order to get the backup directory.
Fixes: #7339
---
ipatests/test_integration/test_backup_and_restore.py | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/ipatests/test_integration/test_backup_and_restore.py b/ipatests/test_integration/test_backup_and_restore.py
index 4912bc2476..10acbc13bb 100644
--- a/ipatests/test_integration/test_backup_and_restore.py
+++ b/ipatests/test_integration/test_backup_and_restore.py
@@ -126,8 +126,7 @@ def backup(host):
# Get the backup location from the command's output
for line in result.stderr_text.splitlines():
-prefix = ('ipa.ipaserver.install.ipa_backup.Backup: '
- 'INFO: Backed up to ')
+prefix = 'ipaserver.install.ipa_backup: INFO: Backed up to'
if line.startswith(prefix):
backup_path = line[len(prefix):].strip()
logger.info('Backup path for %s is %s', host, backup_path)
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1428][opened] Check if replication exist before enable it
URL: https://github.com/freeipa/freeipa/pull/1428 Author: felipevolpone Title: #1428: Check if replication exist before enable it Action: opened PR body: """ If the replication does not exist a custom exception is raised explaining the problem. Fixes: #7201 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1428/head:pr1428 git checkout pr1428 From 012592b67a55534bbd155f1a8436ad6d2aa7b404 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Tue, 2 Jan 2018 21:40:49 -0200 Subject: [PATCH] Check if replication exists before enable it If the replication does not exists a custom exception is raised explaining the problem. Fixes: #7201 --- ipaserver/install/replication.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 8aae90c0a9..6d13c3bf06 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -1561,6 +1561,9 @@ def enable_agreement(self, hostname): Note: for replication to work it needs to be enabled both ways. """ entry = self.get_replication_agreement(hostname) +if not entry: +raise errors.NotFound( +reason="Replication agreement for %s not found" % hostname) entry['nsds5ReplicaEnabled'] = 'on' try: ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1431][opened] Fixing test_testconfig with proper asserts
URL: https://github.com/freeipa/freeipa/pull/1431
Author: felipevolpone
Title: #1431: Fixing test_testconfig with proper asserts
Action: opened
PR body:
"""
When the `cls` in env_config.py is a WinHost, the `__init__` receives different
parameters. Now, it's adapted to all different kinds of hosts.
Also, it's necessary to add the host_type field to most of the domains created
in the
test classes, because the field is returned by `pytest_multihost.Config`
in `pytest_plugins/integration/config.py::Config::to_dict`
Fixes: [#7346](https://pagure.io/freeipa/issue/7346)
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1431/head:pr1431
git checkout pr1431
From 2638c8f960539b2c759f629a625b05a9ce4ce54f Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Wed, 3 Jan 2018 16:09:32 -0200
Subject: [PATCH] Fixing test_testconfig with proper asserts
When the cls in env_config.py is a WinHost, the __init__ receives different
parameters. Now, it's adapted to all different kinds of hosts.
Also, it's necessary to add the host_type field to most of domains created
in the test classes, because the field is returned by pytest_multihost.Config
in pytest_plugins/integration/config.py::Config::to_dict
https://pagure.io/freeipa/issue/7346
---
ipatests/pytest_plugins/integration/env_config.py | 3 +-
ipatests/test_integration/test_testconfig.py | 39 ---
2 files changed, 30 insertions(+), 12 deletions(-)
diff --git a/ipatests/pytest_plugins/integration/env_config.py b/ipatests/pytest_plugins/integration/env_config.py
index d140aa9df6..5208cc0f29 100644
--- a/ipatests/pytest_plugins/integration/env_config.py
+++ b/ipatests/pytest_plugins/integration/env_config.py
@@ -334,7 +334,8 @@ def host_from_env(env, domain, hostname, role, index, domain_index):
cls = domain.get_host_class({})
-return cls(domain, hostname, role, ip, external_hostname)
+return cls(domain, hostname, role, ip=ip,
+ external_hostname=external_hostname)
def host_to_env(host, **kwargs):
diff --git a/ipatests/test_integration/test_testconfig.py b/ipatests/test_integration/test_testconfig.py
index b495f368e4..aaba1621c9 100644
--- a/ipatests/test_integration/test_testconfig.py
+++ b/ipatests/test_integration/test_testconfig.py
@@ -152,7 +152,7 @@ class TestMinimalConfig(CheckConfig):
extra_input_dict = dict(
domains=[
dict(name='ipadomain.test', type='IPA', hosts=[
-dict(name='master', ip='192.0.2.1'),
+dict(name='master', ip='192.0.2.1', host_type=None),
]),
],
)
@@ -171,6 +171,7 @@ class TestMinimalConfig(CheckConfig):
ip="192.0.2.1",
external_hostname="master.ipadomain.test",
role="master",
+host_type=None,
),
],
),
@@ -212,23 +213,29 @@ class TestComplexConfig(CheckConfig):
extra_input_dict = dict(
domains=[
dict(name='ipadomain.test', type='IPA', hosts=[
-dict(name='master', ip='192.0.2.1', role='master'),
-dict(name='replica1', ip='192.0.2.2', role='replica'),
+dict(name='master', ip='192.0.2.1', role='master',
+ host_type=None),
+dict(name='replica1', ip='192.0.2.2', role='replica',
+ host_type=None),
dict(name='replica2', ip='192.0.2.3', role='replica',
- external_hostname='r2.ipadomain.test'),
-dict(name='client1', ip='192.0.2.4', role='client'),
+ external_hostname='r2.ipadomain.test', host_type=None),
+dict(name='client1', ip='192.0.2.4', role='client',
+ host_type=None),
dict(name='client2', ip='192.0.2.5', role='client',
- external_hostname='c2.ipadomain.test'),
-dict(name='extra', ip='192.0.2.6', role='extrarole'),
-dict(name='extram1', ip='192.0.2.7', role='extrarolem'),
+ external_hostname='c2.ipadomain.test', host_type=None),
+dict(name='extra', ip='192.0.2.6', role='extrarole',
+ host_type=None),
+dict(name='extram1', ip='192.0.2.7', role='extrarolem',
+ host_type=None),
dict(name='extram2', ip='192.0.2.8', role='extrarolem',
- external_hostname='e2.ipadomain.test'),
+ external_hostname='e2.ipadomain.test', host_type=None),
]),
dict(name='addomain.test', type='AD', hosts=[
-dict(name='ad', ip='192.0.2.33', role='ad'),
+dict(name='ad', ip='192.0.2.33', role='ad', host_type=None),
]),
dict(name='ipadomain2.test', type='IP
[Freeipa-devel] [freeipa PR#1446][opened] Fixing test_backup_and_restore assert to do not rely on the order of returned data
URL: https://github.com/freeipa/freeipa/pull/1446
Author: felipevolpone
Title: #1446: Fixing test_backup_and_restore assert to do not rely on the
order of returned data
Action: opened
PR body:
"""
Since we cannot assume that LDAP will return data in an ordered way,
the test should be changed to do not rely on that.
Instead of just comparing the output of the show-user command, this change
first order the groups returned in the 'Member of Group' field before
compare them.
https://pagure.io/freeipa/issue/7339
The result (green tests) can be checked here:
https://fedorapeople.org/groups/freeipa/prci/jobs/c43c46d0-f4aa-11e7-925b-001a4a2316ab/
This PR depends on the PR #1354
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1446/head:pr1446
git checkout pr1446
From 6c1f2dbc93a79d559428f4535d2b968e65831da0 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Mon, 8 Jan 2018 16:25:39 -0200
Subject: [PATCH] Fixing test_backup_and_restore assert to do not rely on the
order
Since we cannot assume that LDAP will return data in any ordered way,
the test should be changed to do not rely on that.
Instead of just comparing the output of the show-user command, this change
first order the groups returned in the 'Member of Group' field before
compare them.
https://pagure.io/freeipa/issue/7339
---
ipatests/test_integration/test_backup_and_restore.py | 20
1 file changed, 20 insertions(+)
diff --git a/ipatests/test_integration/test_backup_and_restore.py b/ipatests/test_integration/test_backup_and_restore.py
index 4912bc2476..2723ada766 100644
--- a/ipatests/test_integration/test_backup_and_restore.py
+++ b/ipatests/test_integration/test_backup_and_restore.py
@@ -65,6 +65,26 @@ def check_admin_in_ldap(host):
def check_admin_in_cli(host):
result = host.run_command(['ipa', 'user-show', 'admin'])
assert 'User login: admin' in result.stdout_text, result.stdout_text
+output = result.stdout_text.split('\n')
+
+# LDAP do not guarantee any order, so the test cannot assume it. Based on
+# that, the code bellow order the 'Member of groups' field to able to
+# assert it latter.
+
+# field that contains the data to be ordered
+GROUPS_MEMBER_FIELD = 9
+
+# e.g: Member of groups: admins, trust admins
+groups_field = output[GROUPS_MEMBER_FIELD].split(':')
+label_part = groups_field[0] # Member of groups
+groups_part = groups_field[1:][0] # admins, trust admins
+
+# ordening groups and then putting them together separated by a comma
+groups_orderned = ','.join(sorted(groups_part.split(','),
+ key=lambda group: group.strip()))
+
+output[GROUPS_MEMBER_FIELD] = '{}:{}'.format(label_part, groups_orderned)
+result.stdout_text = '\n'.join(output)
return result
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1459][opened] Make IntegrationTest fail if an error happened during uninstall
URL: https://github.com/freeipa/freeipa/pull/1459
Author: felipevolpone
Title: #1459: Make IntegrationTest fail if an error happened during uninstall
Action: opened
PR body:
"""
Before this change, if the uninstall process fails, the test would not fail,
due to the raiseonerr=False.
Fixes: https://pagure.io/freeipa/issue/7357
The results can be checked here:
https://fedorapeople.org/groups/freeipa/prci/jobs/e0c64916-f6ff-11e7-baa4-001a4a23169a/
https://fedorapeople.org/groups/freeipa/prci/jobs/05d5be8a-f700-11e7-a97e-001a4a231699/
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1459/head:pr1459
git checkout pr1459
From d865bde3f00699c68f1e62cb5abd075eb4f73764 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Thu, 11 Jan 2018 17:33:59 -0200
Subject: [PATCH] Make IntegrationTest fail if an error happened during
uninstall
Before this change if the uninstall process fails, the test would not
fail, due to the raiseonerr=False.
Fixes: https://pagure.io/freeipa/issue/7357
---
ipatests/pytest_plugins/integration/tasks.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipatests/pytest_plugins/integration/tasks.py b/ipatests/pytest_plugins/integration/tasks.py
index b407145ace..2d1932ff62 100644
--- a/ipatests/pytest_plugins/integration/tasks.py
+++ b/ipatests/pytest_plugins/integration/tasks.py
@@ -709,7 +709,7 @@ def uninstall_master(host, ignore_topology_disconnect=True,
if ignore_last_of_role and host_domain_level != DOMAIN_LEVEL_0:
uninstall_cmd.append('--ignore-last-of-role')
-host.run_command(uninstall_cmd, raiseonerr=False)
+host.run_command(uninstall_cmd)
host.run_command(['pkidestroy', '-s', 'CA', '-i', 'pki-tomcat'],
raiseonerr=False)
host.run_command(['rm', '-rf',
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1423][closed] IntegrationTests now collects logs from all test methods
URL: https://github.com/freeipa/freeipa/pull/1423 Author: felipevolpone Title: #1423: IntegrationTests now collects logs from all test methods Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1423/head:pr1423 git checkout pr1423 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1479][opened] Fixing WebUI Tests
URL: https://github.com/freeipa/freeipa/pull/1479
Author: felipevolpone
Title: #1479: Fixing WebUI Tests
Action: opened
PR body:
"""
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1479/head:pr1479
git checkout pr1479
From 866a5551a22aa91a33fb6c87938b2842d3105fbb Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Tue, 16 Jan 2018 18:36:50 -0200
Subject: [PATCH 1/7] WebUI Tests: fixing logout problem in test_user.py
Now, when calling login, if the user is already logged in, it will
---
ipatests/test_webui/ui_driver.py | 52 +---
1 file changed, 27 insertions(+), 25 deletions(-)
diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py
index d027f1cd44..67a9ce877b 100644
--- a/ipatests/test_webui/ui_driver.py
+++ b/ipatests/test_webui/ui_driver.py
@@ -363,34 +363,35 @@ def login(self, login=None, password=None, new_password=None):
Log in if user is not logged in.
"""
self.wait_for_request(n=2)
-if not self.logged_in():
-
-if not login:
-login = self.config['ipa_admin']
-if not password:
-password = self.config['ipa_password']
-if not new_password:
-new_password = password
-
-auth = self.get_login_screen()
-login_tb = self.find("//input[@type='text'][@name='username']", 'xpath', auth, strict=True)
-psw_tb = self.find("//input[@type='password'][@name='password']", 'xpath', auth, strict=True)
-login_tb.send_keys(login)
-psw_tb.send_keys(password)
-psw_tb.send_keys(Keys.RETURN)
+if self.logged_in():
+self.logout()
+
+if not login:
+login = self.config['ipa_admin']
+if not password:
+password = self.config['ipa_password']
+if not new_password:
+new_password = password
+
+auth = self.get_login_screen()
+login_tb = self.find("//input[@type='text'][@name='username']", 'xpath', auth, strict=True)
+psw_tb = self.find("//input[@type='password'][@name='password']", 'xpath', auth, strict=True)
+login_tb.send_keys(login)
+psw_tb.send_keys(password)
+psw_tb.send_keys(Keys.RETURN)
+self.wait(0.5)
+self.wait_for_request(n=2)
+
+# reset password if needed
+newpw_tb = self.find("//input[@type='password'][@name='new_password']", 'xpath', auth)
+verify_tb = self.find("//input[@type='password'][@name='verify_password']", 'xpath', auth)
+if newpw_tb and newpw_tb.is_displayed():
+newpw_tb.send_keys(new_password)
+verify_tb.send_keys(new_password)
+verify_tb.send_keys(Keys.RETURN)
self.wait(0.5)
self.wait_for_request(n=2)
-# reset password if needed
-newpw_tb = self.find("//input[@type='password'][@name='new_password']", 'xpath', auth)
-verify_tb = self.find("//input[@type='password'][@name='verify_password']", 'xpath', auth)
-if newpw_tb and newpw_tb.is_displayed():
-newpw_tb.send_keys(new_password)
-verify_tb.send_keys(new_password)
-verify_tb.send_keys(Keys.RETURN)
-self.wait(0.5)
-self.wait_for_request(n=2)
-
def logged_in(self):
"""
Check if user is logged in
@@ -835,6 +836,7 @@ def select_combobox(self, name, value, parent=None, combobox_input=None):
if combobox_input:
if not option:
self.fill_textbox(combobox_input, value, cb)
+self.wait(5)
else:
if not option:
# try to search
From a56ee82872f20105a0f2854ef87a108ec23fabdd Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Tue, 16 Jan 2018 18:37:51 -0200
Subject: [PATCH 2/7] WebUI Tests: removing workaroud to scroll to the element
Acording to geckodriver, the workaround is not necessary anymore.
---
ipatests/test_webui/ui_driver.py | 1 -
1 file changed, 1 deletion(-)
diff --git a/ipatests/test_webui/ui_driver.py b/ipatests/test_webui/ui_driver.py
index 67a9ce877b..c749f62f16 100644
--- a/ipatests/test_webui/ui_driver.py
+++ b/ipatests/test_webui/ui_driver.py
@@ -664,7 +664,6 @@ def button_click(self, name, parent=None,
def _button_click(self, selector, parent, name=''):
btn = self.find(selector, By.CSS_SELECTOR, parent, strict=True)
-ActionChains(self.driver).move_to_element(btn).perform()
disabled = btn.get_attribute("disabled")
assert btn.is_displayed(), 'Button is not displayed: %s' % name
assert not disabled, 'Invalid button state: disabled. Button: %s' % name
From d1d532c0f425b9f84195f3a82fa2cdc7a9eca8fa Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Tue, 16 Jan 2018 18:38:57 -0200
Subject: [PATCH 3/7] Web
[Freeipa-devel] [freeipa PR#1480][opened] IntegrationTests now collects logs from all test methods
URL: https://github.com/freeipa/freeipa/pull/1480 Author: felipevolpone Title: #1480: IntegrationTests now collects logs from all test methods Action: opened PR body: """ `logs_dict` should not be cleared. It's filled once per class and it should not be cleared after running the first test. https://pagure.io/freeipa/issue/7310 https://pagure.io/freeipa/issue/7335 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1480/head:pr1480 git checkout pr1480 From c75de1008381de45affa9a853989d6278e3b6996 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Thu, 18 Jan 2018 09:10:06 -0200 Subject: [PATCH] IntegrationTests now collects logs from all test methods logs_dict should not be cleared. It's filled once per class and it should not be cleared after running the first test. https://pagure.io/freeipa/issue/7310 https://pagure.io/freeipa/issue/7335 --- ipatests/pytest_plugins/integration/__init__.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/ipatests/pytest_plugins/integration/__init__.py b/ipatests/pytest_plugins/integration/__init__.py index bee669b0dd..2c107b926b 100644 --- a/ipatests/pytest_plugins/integration/__init__.py +++ b/ipatests/pytest_plugins/integration/__init__.py @@ -179,8 +179,6 @@ def collect_logs(name, logs_dict, logfile_dir=None, beakerlib_plugin=None): else: shutil.rmtree(topdirname) -logs_dict.clear() - @pytest.fixture(scope='class') def class_integration_logs(): ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1494][opened] Fixing vault-add-member to be compatible with py3
URL: https://github.com/freeipa/freeipa/pull/1494
Author: felipevolpone
Title: #1494: Fixing vault-add-member to be compatible with py3
Action: opened
PR body:
"""
Changing from iteritems() to items() in order to be compatible with python3.
https://pagure.io/freeipa/issue/7373
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1494/head:pr1494
git checkout pr1494
From 6275edb1615ee7cbfab8150ea54a63bb4e1ed116 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Wed, 24 Jan 2018 14:32:19 -0200
Subject: [PATCH] Fixing vault-add-member to be compatible with py3
Changing from iteritems() to items() in order to be compatible with python3.
https://pagure.io/freeipa/issue/7373
---
ipaserver/plugins/vault.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipaserver/plugins/vault.py b/ipaserver/plugins/vault.py
index d05a240c39..0ab4d3ed88 100644
--- a/ipaserver/plugins/vault.py
+++ b/ipaserver/plugins/vault.py
@@ -238,7 +238,7 @@ def get_member_dns(self, **options):
return super(VaultModMember, self).get_member_dns(**options)
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
-for fail in failed.itervalues():
+for _service_name, fail in failed.items():
fail['services'] = fail.pop('service', [])
self.obj.get_container_attribute(entry_attrs, options)
return completed, dn
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1495][opened] [Backport][ipa-4-6] Fixing vault-add-member to be compatible with py3
URL: https://github.com/freeipa/freeipa/pull/1495
Author: felipevolpone
Title: #1495: [Backport][ipa-4-6] Fixing vault-add-member to be compatible
with py3
Action: opened
PR body:
"""
Changing from itervalues() to values() in order to be compatible with python3.
https://pagure.io/freeipa/issue/7373
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1495/head:pr1495
git checkout pr1495
From c34711be64360aa89513445a82eccc7dc02b3f4e Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Wed, 24 Jan 2018 14:44:39 -0200
Subject: [PATCH] Fixing vault-add-member to be compatible with py3
Changing from iteritems() to values() in order to be compatible with
python3.
https://pagure.io/freeipa/issue/7373
---
ipaserver/plugins/vault.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipaserver/plugins/vault.py b/ipaserver/plugins/vault.py
index d05a240c39..135a51846d 100644
--- a/ipaserver/plugins/vault.py
+++ b/ipaserver/plugins/vault.py
@@ -238,7 +238,7 @@ def get_member_dns(self, **options):
return super(VaultModMember, self).get_member_dns(**options)
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
-for fail in failed.itervalues():
+for fail in failed.values():
fail['services'] = fail.pop('service', [])
self.obj.get_container_attribute(entry_attrs, options)
return completed, dn
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1506][opened] Adding more tests to PR CI
URL: https://github.com/freeipa/freeipa/pull/1506
Author: felipevolpone
Title: #1506: Adding more tests to PR CI
Action: opened
PR body:
"""
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1506/head:pr1506
git checkout pr1506
From 866b249f6e215672c38a723a4291c2cffda67542 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Tue, 30 Jan 2018 18:24:04 -0200
Subject: [PATCH] Adding more tests to PR CI
---
.freeipa-pr-ci.yaml | 224
1 file changed, 224 insertions(+)
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index b98a27835c..d90c75a0aa 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -11,6 +11,14 @@ topologies:
name: master_1repl_1client
cpu: 4
memory: 6700
+ master_2repl_1client: &master_2repl_1client
+name: master_2repl_1client
+cpu: 6
+memory: 9100
+ master_3repl_1client: &master_3repl_1client
+name: master_3repl_1client
+cpu: 8
+memory: 11500
jobs:
fedora-27/build:
@@ -62,3 +70,219 @@ jobs:
template: *ci-master-f27
timeout: 3600
topology: *master_1repl
+
+ fedora-27/test_topologies:
+ requires: [fedora-27/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-27/build_url}'
+ test_suite: test_integration/test_topologies.py
+ template: *ci-master-f27
+ timeout: 3600
+ topology: *master_1repl
+
+ fedora-27/test_sudo:
+ requires: [fedora-27/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-27/build_url}'
+ test_suite: test_integration/test_sudo.py
+ template: *ci-master-f27
+ timeout: 3600
+ topology: *master_1repl_1client
+
+ fedora-27/test_kerberos_flags:
+ requires: [fedora-27/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-27/build_url}'
+ test_suite: test_integration/test_kerberos_flags.py
+ template: *ci-master-f27
+ timeout: 3600
+ topology: *master_1repl_1client
+
+ fedora-27/test_http_kdc_proxy:
+ requires: [fedora-27/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-27/build_url}'
+ test_suite: test_integration/test_http_kdc_proxy.py
+ template: *ci-master-f27
+ timeout: 3600
+ topology: *master_1repl_1client
+
+ fedora-27/forced_client_enrolment:
+ requires: [fedora-27/build]
+ priority: 50
+ job:
+ class: RunPytest
+ args:
+ build_url: '{fedora-27/build_url}'
+ test_suite: test_integration/test_forced_client_reenrollment.py
+ template: *ci-master-f27
+ timeout: 3600
+ topology: *master_1repl_1client
+
+ fedora-27/test_installation_TestInstallMaster:
+requires: [fedora-27/build]
+priority: 50
+job:
+ class: RunPytest
+ args:
+build_url: '{fedora-27/build_url}'
+test_suite: test_integration/test_installation.py::TestInstallMaster
+template: *ci-master-f27
+timeout: 3600
+topology: *master_1repl
+
+ fedora-27/test_installation_TestInstallMasterKRA:
+requires: [fedora-27/build]
+priority: 50
+job:
+ class: RunPytest
+ args:
+build_url: '{fedora-27/build_url}'
+test_suite: test_integration/test_installation.py::TestInstallMasterKRA
+template: *ci-master-f27
+timeout: 3600
+topology: *master_1repl
+
+ fedora-27/test_installation_TestInstallMasterDNS:
+requires: [fedora-27/build]
+priority: 50
+job:
+ class: RunPytest
+ args:
+build_url: '{fedora-27/build_url}'
+test_suite: test_integration/test_installation.py::TestInstallMasterDNS
+template: *ci-master-f27
+timeout: 3600
+topology: *master_1repl
+
+ fedora-27/test_installation_TestInstallWithCA1:
+requires: [fedora-27/build]
+priority: 50
+job:
+ class: RunPytest
+ args:
+build_url: '{fedora-27/build_url}'
+test_suite: test_integration/test_installation.py::TestInstallWithCA1
+template: *ci-master-f27
+timeout: 3600
+topology: *master_3repl_1client
+
+ fedora-27/test_installation_TestInstallWithCA2:
+requires: [fedora-27/build]
+priority: 50
+job:
+ class: RunPytest
+ args:
+build_url: '{fedora-27/build_url}'
+test_suite: test_integration/test_installation.py::TestInstallWithCA2
+template: *ci-master-f27
+timeout: 3600
+topology: *master_3repl_1client
+
+ fedora-27/test_installation_TestInstallWithCA_KRA1:
+requires: [fedora-27/build]
+priority: 50
+job:
+ class: RunPytest
+ args:
+build_url: '{fedora-27/build_url}'
+test_suite: test_integration/test_
[Freeipa-devel] [freeipa PR#1565][opened] Adding the FreeIPA Code of Conduct
URL: https://github.com/freeipa/freeipa/pull/1565
Author: felipevolpone
Title: #1565: Adding the FreeIPA Code of Conduct
Action: opened
PR body:
"""
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1565/head:pr1565
git checkout pr1565
From 8d6697f85962f1b52c8cf503919969543f711426 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Mon, 12 Feb 2018 10:29:04 -0200
Subject: [PATCH] Adding the FreeIPA Code of Conduct
---
CODE_OF_CONDUCT.md | 91 ++
1 file changed, 91 insertions(+)
create mode 100644 CODE_OF_CONDUCT.md
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 00..994cfa4209
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,91 @@
+# FreeIPA Code of Conduct
+
+Our community is made up of a mixture of contributors from all over the world.
+We are diverse in our background, expertise or opinions and it is our strength,
+but diversity can also lead to communication issues and unhappiness. To that
+end, we have a few ground rules that we ask people to adhere to when operating
+in our space.
+
+This isn’t an exhaustive list of things that you can’t do. Rather, take it in
+the spirit in which it’s intended - a guide to make it easier to be excellent to
+each other:
+
+### Be friendly and patient.
+
+### Be welcoming.
+We strive to be a community that welcomes and supports people of all backgrounds
+and identities. This includes, but is not limited to members of any race,
+ethnicity, culture, national origin, colour, immigration status, social and
+economic class, educational level, sex, sexual orientation, gender identity
+and expression, age, size, family status, political belief, religion, and
+mental and physical ability.
+
+### Be considerate.
+Your work will be used by other people, and you in turn will depend on the work
+of others. Any decision you take will affect users and colleagues, and you
+should take those consequences into account when making decisions. Remember that
+we're a world-wide community, so you might not be communicating in someone
+else's primary language.
+
+### Be respectful.
+Not all of us will agree all the time, but disagreement is no excuse for poor
+behavior and poor manners. We might all experience some frustration now and
+then, but we cannot allow that frustration to turn into a personal attack. It’s
+important to remember that a community where people feel uncomfortable or
+threatened is not a productive one. Members of the community should be
+respectful when dealing with other members as well as with people outside the
+community. Success comes from the team and the ability of team members to work
+together. Members have differents skills, talents and roles but each of them is
+important to the team and the final success. Think of the team first.
+
+### Be careful in the words that you choose.
+We are a community of professionals, and we conduct ourselves professionally.
+Be kind to others. Do not insult or put down other participants. Harassment and
+other exclusionary behavior aren't acceptable. This includes, but is not limited
+to:
+* Violent threats or language directed against another person.
+* Discriminatory jokes and language.
+* Posting sexually explicit or violent material.
+* Posting (or threatening to post) other people's personally identifying
+ information ("doxing").
+* Personal insults, especially those using racist or sexist terms.
+* Unwelcome sexual attention.
+* Advocating for, or encouraging, any of the above behavior.
+* Repeated harassment of others. In general, if someone asks you to stop, then
+ stop.
+
+### When we disagree, try to understand why.
+Disagreements, both social and technical, happen all the time and our community
+is no exception. It is important that we resolve disagreements and differing
+views constructively. Remember that we’re different. The strength of community
+comes from its diversity, people from a wide range of backgrounds. Different
+people have different perspectives on issues. Being unable to understand why
+someone holds a viewpoint doesn’t mean that they’re wrong. Don’t forget that it
+is human to err and blaming each other doesn’t get us anywhere. Give people the
+benefit of the doubt, instead of blaming someone and pointing fingers. Speak
+with them and try to understand what happened. Focus on helping to resolve
+issues and learning from mistakes.
+
+### Drive your emotions and create a safe place for others.
+We aren’t robots, we are people with feelings. Feelings are a great gift.
+Unfortunately that gift can betray us sometimes and let our common sense to be
+driven by assumptions, expectations, anger, … To prevent and get away from this
+situation is always better to start with facts, then mention the personal story
+- your story - what are the concerns, objections, experience, and maybe
+observations.
+
+### Listen and hear, ask
[Freeipa-devel] [freeipa PR#1609][closed] [testing_rawhide] Nightly PR
URL: https://github.com/freeipa/freeipa/pull/1609 Author: freeipa-pr-ci Title: #1609: [testing_rawhide] Nightly PR Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1609/head:pr1609 git checkout pr1609 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1592][closed] webui: hbactest: add tooltips to 'enabled' and 'disabled' checkboxes
URL: https://github.com/freeipa/freeipa/pull/1592 Author: pvoborni Title: #1592: webui: hbactest: add tooltips to 'enabled' and 'disabled' checkboxes Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1592/head:pr1592 git checkout pr1592 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1646][opened] Fixing cleanup process in test_caless
URL: https://github.com/freeipa/freeipa/pull/1646
Author: felipevolpone
Title: #1646: Fixing cleanup process in test_caless
Action: opened
PR body:
"""
Fixing cleanup process in test_caless
After commit bbe615e, if the uninstall process fails (in the test cleanup) the
error is not hidden anymore.
That brought light to errors in the cleanup process on `TestReplicaInstall`
test, like this:
```
RUN ['ipa-server-install', '--uninstall', '-U']
ipapython.admintool: ERRORServer removal aborted:
Replication topology in suffix 'domain' is disconnected:
Topology does not allow server master.ipa.test to replicate with servers:
replica0.ipa.test.
ipapython.admintool: ERRORThe ipa-server-install command failed
```
This commit changes the order of how a replica should be removed from the
topology.
Other errors can be checked
[here](https://fedorapeople.org/groups/freeipa/prci/jobs/1b27ac12-1bfe-11e8-9b66-fa163e97f492/).
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1646/head:pr1646
git checkout pr1646
From 3f01916e30cc6c86e78e51f623ab7c9c4fc61900 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Thu, 1 Mar 2018 19:19:05 -0300
Subject: [PATCH 1/2] Fixing cleanup process in test_caless
After commit bbe615e12c278f9cddaeb38e80b970bf14d9b32d, if the uninstall
process fails (in the test cleanup) the error is not hidden anymore.
That brought light to errors in the cleanup process on
TestReplicaInstall test, like this:
```
RUN ['ipa-server-install', '--uninstall', '-U']
ipapython.admintool: ERRORServer removal aborted:
Replication topology in suffix 'domain' is disconnected:
Topology does not allow server master.ipa.test to replicate with servers:
replica0.ipa.test.
ipapython.admintool: ERRORThe ipa-server-install command failed
```
This commit changes the order of how a replica should be removed from
the topology.
---
ipatests/test_integration/test_caless.py | 9 -
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index 9be8c4f413..4d52309108 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -105,15 +105,14 @@ def wrapped(*args):
replica = args[0].replicas[0]
master = args[0].master
tasks.kinit_admin(master)
+tasks.clean_replication_agreement(master, replica, cleanup=True,
+ raiseonerr=False)
+master.run_command(['ipa', 'host-del', replica.hostname],
+ raiseonerr=False)
tasks.uninstall_master(replica, clean=False)
# Now let's uninstall client for the cases when client promotion
# was not successful
tasks.uninstall_client(replica)
-tasks.clean_replication_agreement(master, replica, cleanup=True,
- raiseonerr=False)
-master.run_command(['ipa', 'host-del',
-replica.hostname],
- raiseonerr=False)
ipa_certs_cleanup(replica)
return wrapped
From c1845b76d40c9fc009685efd193960fa148d2695 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Thu, 1 Mar 2018 19:22:24 -0300
Subject: [PATCH 2/2] Temporary commit: adding the test to run in PR CI
---
.freeipa-pr-ci.yaml | 12
1 file changed, 12 insertions(+)
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index b98a27835c..9152a48ab6 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -62,3 +62,15 @@ jobs:
template: *ci-master-f27
timeout: 3600
topology: *master_1repl
+
+ fedora-27/TestReplicaInstall:
+requires: [fedora-27/build]
+priority: 50
+job:
+ class: RunPytest
+ args:
+build_url: '{fedora-27/build_url}'
+test_suite: test_integration/test_caless.py::TestReplicaInstall
+template: *ci-master-f27
+timeout: 8000
+topology: *master_1repl
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1674][closed] [testing_master] Nightly PR
URL: https://github.com/freeipa/freeipa/pull/1674 Author: freeipa-pr-ci Title: #1674: [testing_master] Nightly PR Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1674/head:pr1674 git checkout pr1674 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1673][closed] [testing_rawhide] Nightly PR
URL: https://github.com/freeipa/freeipa/pull/1673 Author: freeipa-pr-ci Title: #1673: [testing_rawhide] Nightly PR Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1673/head:pr1673 git checkout pr1673 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1644][closed] webui:test: Realm Domains
URL: https://github.com/freeipa/freeipa/pull/1644 Author: celestian Title: #1644: webui:test: Realm Domains Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1644/head:pr1644 git checkout pr1644 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1746][opened] Adding hostname parameter to install IPA in TestInstallMasterReservedIPasForwarder
URL: https://github.com/freeipa/freeipa/pull/1746
Author: felipevolpone
Title: #1746: Adding hostname parameter to install IPA in
TestInstallMasterReservedIPasForwarder
Action: opened
PR body:
"""
When installing IPA in interactive mode, it's necessary to provide the
hostname. This will make the test pass.
I've added a temporary commit to run the test in PR CI on this PR. Once this PR
gets approved I'll remove it.
You can check the test running (and failing) on the nightly PRs, like [this
one](https://fedorapeople.org/groups/freeipa/prci/jobs/7191d19c-315a-11e8-98dd-fa163e0e8ed9/report.html)
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1746/head:pr1746
git checkout pr1746
From 69e88dc4bf542f84b616222d192966f02e273319 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Mon, 26 Mar 2018 19:43:13 -0300
Subject: [PATCH 1/2] Adding right parameters to install IPA in
TestInstallMasterReservedIPasForwarder
When installing ipa in interactive mode, it's necessary to provide the
hostname. This will make the test pass.
---
ipatests/test_integration/test_installation.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py
index 514be6e37b..20a08f3919 100644
--- a/ipatests/test_integration/test_installation.py
+++ b/ipatests/test_integration/test_installation.py
@@ -346,13 +346,15 @@ def test_reserved_ip_as_forwarder(self):
server_install_options = (
"yes\n"
+"{hostname}\n"
"{dmname}\n\n"
"{dm_pass}\n{dm_pass}"
"\n{admin_pass}\n{admin_pass}\n"
"yes\nyes\n0.0.0.0\n".format(
dm_pass=self.master.config.dirman_password,
admin_pass=self.master.config.admin_password,
-dmname=self.master.domain.name))
+dmname=self.master.domain.name,
+hostname=self.master.hostname))
cmd = self.master.run_command(['ipa-server-install'],
stdin_text=server_install_options,
From efa3995ed8d4bef015c8d3993520c4fe904d77f4 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Mon, 26 Mar 2018 19:48:00 -0300
Subject: [PATCH 2/2] temp commit: adding test to PR CI run
---
.freeipa-pr-ci.yaml | 13 +
1 file changed, 13 insertions(+)
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index c95bef79e2..1c261141f0 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -182,3 +182,16 @@ jobs:
template: *ci-master-f27
timeout: 3600
topology: *master_1repl
+
+ fedora-27/test_installation_TestInstallMasterReservedIPasForwarder:
+requires: [fedora-27/build]
+priority: 50
+job:
+ class: RunPytest
+ args:
+build_url: '{fedora-27/build_url}'
+test_suite: test_integration/test_installation.py::TestInstallMasterReservedIPasForwarder
+template: *ci-master-f27
+timeout: 10800
+topology: *master_1repl
+
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1758][opened] Fix TestSubCAkeyReplication providing the right path to pki log
URL: https://github.com/freeipa/freeipa/pull/1758
Author: felipevolpone
Title: #1758: Fix TestSubCAkeyReplication providing the right path to pki log
Action: opened
PR body:
"""
The PKI debug log has its name in this format: `debug..log`. This commit
changes the code to use this format, fixing the test.
Unfortunately, it's not possible to use some kind of regex (like debug.*.log)
to get the file, because python multihost gets the path and tries to open
(using the `open` python function) the file with that.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1758/head:pr1758
git checkout pr1758
https://assets-cdn.github.com";>
https://avatars0.githubusercontent.com";>
https://avatars1.githubusercontent.com";>
https://avatars2.githubusercontent.com";>
https://avatars3.githubusercontent.com";>
https://github-cloud.s3.amazonaws.com";>
https://user-images.githubusercontent.com/";>
https://assets-cdn.github.com/assets/frameworks-7d09971c51977b60c6626362003ef38a.css"; />
https://assets-cdn.github.com/assets/github-a88281d6aeed09babd4481cecde3585a.css"; />
https://assets-cdn.github.com/assets/site-83dc1f7ebc9c7461fe1eab799b56c4c4.css"; />
Fix TestSubCAkeyReplication providing the right path to pki log by felipevolpone · Pull Request #1758 · freeipa/freeipa · GitHub
https://github.com/fluidicon.png"; title="GitHub">
https://avatars0.githubusercontent.com/u/1590527?s=400&v=4"; />https://github.com/freeipa/freeipa/pull/1758"; />
https://assets-cdn.github.com/";>
https://collector.githubapp.com/github-external/browser_event"; />
https://github.com/hydro_browser_events"; />
span.labelstyle-0e8a16, .linked-labelstyle-0e8a16 { background-color: #0e8a16 !important; color: #ff !important;}.labelstyle-0e8a16.selected { background-color: #0e8a16 !important; color: #ff !important;}.label-select-menu .labelstyle-0e8a16.selected { background: rgba(14, 138, 22, 0.12) !important; color: #0f9918 !important;}
span.labelstyle-ededed, .linked-labelstyle-ededed { background-color: #ededed !important; color: #00 !important;}.labelstyle-ededed.selected { background-color: #ededed !important; color: #00 !important;}.label-select-menu .labelstyle-ededed.selected { background: rgba(237, 237, 237, 0.12) !important; color: #99 !important;}
span.labelstyle-e4c2fc, .linked-labelstyle-e4c2fc { background-color: #e4c2fc !important; color: #00 !important;}.labelstyle-e4c2fc.selected { background-color: #e4c2fc !important; color: #00 !important;}.label-select-menu .labelstyle-e4c2fc.selected { background: rgba(228, 194, 252, 0.12) !important; color: #8a7599 !important;}
span.labelstyle-fef2c0, .linked-labelstyle-fef2c0 { background-color: #fef2c0 !important; color: #00 !important;}.labelstyle-fef2c0.selected { background-color: #fef2c0 !important; color: #00 !important;}.label-select-menu .labelstyle-fef2c0.selected { background: rgba(254, 242, 192, 0.12) !important; color: #989173 !important;}
span.labelstyle-1d76db, .linked-labelstyle-1d76db { background-color: #1d76db !important; color: #ff !important;}.labelstyle-1d76db.selected { background-color: #1d76db !important; color: #ff !important;}.label-select-menu .labelstyle-1d76db.selected { background: rgba(29, 118, 219, 0.12) !important; color: #145299 !important;}
span.labelstyle-bfd4f2, .linked-labelstyle-bfd4f2 { background-color: #bfd4f2 !important; color: #00 !important;}.labelstyle-bfd4f2.selected { background-color: #bfd4f2 !important; color: #00 !important;}.label-select-menu .labelstyle-bfd4f2.selected { background: rgba(191, 212, 242, 0.12) !important; color: #788699 !important;}
span.labelstyle-660060, .linked-labelstyle-660060 { background-color: #660060 !important; color: #ff !important;}.labelstyle-660060.selected { background-color: #660060 !important; color: #ff !important;}.label-select-menu .labelstyle-660060.selected { background: rgba(102, 0, 96, 0.12) !important; color: #990090 !important;}
span.labelstyle-fbca04, .linked-labelstyle-fbca04 { background-color: #fbca04 !important; color: #00 !important;}.labelstyle-fbca04.selected { background-color: #fbca04 !important; color: #00 !important;}.label-select-menu .labelstyle-fbca04.selected { background: rgba(251, 202, 4, 0.12) !important; color: #997b02 !important;}
span.labelstyle-d93f0b, .linked-labelstyle-d93f0b { background-color: #d93f0b !important; color: #ff !important;}.labelstyle-d93f0b.selected { background-color: #d93f0b !important; color: #ff !important;}.label-select-menu .labelstyle-d93f0b.selected { background: rgba(217, 63, 11, 0.12) !important; color: #982c07 !important;}
span.labelstyle-c2e0c6, .linked-labelst
[Freeipa-devel] [freeipa PR#1772][opened] Check if ldap_uri is on /etc/ipa/default.conf
URL: https://github.com/freeipa/freeipa/pull/1772
Author: felipevolpone
Title: #1772: Check if ldap_uri is on /etc/ipa/default.conf
Action: opened
PR body:
"""
When removing a replica there are cases when ldap_uri is not on the
/etc/ipa/default.conf file anymore. So, before trying to get the value
of it, now the code checks if it's there first.
https://pagure.io/freeipa/issue/7474
This PR fixes the test
`test_replica_promotion.py::TestReplicaPromotionLevel0::test_promotion_disabled
`
Full log:
https://fedorapeople.org/groups/freeipa/prci/jobs/48fd7274-3162-11e8-8f04-fa163efc0cae/report.htm
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1772/head:pr1772
git checkout pr1772
From 7e10995e82514877cd543ce9f76120bd395731f9 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Wed, 4 Apr 2018 07:51:55 -0300
Subject: [PATCH 1/2] Check if ldap_uri is on /etc/ipa/default.conf
When removing a replica there is cases when ldap_uri is not on the
/etc/ipa/default.conf file anymore. So, before trying to get the value
of it, now the code checks if it's there first.
https://pagure.io/freeipa/issue/7474
---
ipaserver/secrets/kem.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipaserver/secrets/kem.py b/ipaserver/secrets/kem.py
index ad932b6b68..5d542dcfef 100644
--- a/ipaserver/secrets/kem.py
+++ b/ipaserver/secrets/kem.py
@@ -213,7 +213,7 @@ def __init__(self, config=None, ipaconf=paths.IPA_DEFAULT_CONF):
if conf.read(ipaconf):
self.host = conf.get('global', 'host')
self.realm = conf.get('global', 'realm')
-if self.ldap_uri is None:
+if self.ldap_uri is None and conf.has_option('global', 'ldap_uri'):
self.ldap_uri = conf.get('global', 'ldap_uri', raw=True)
self._server_keys = None
From 39c66776a6f25e3347d2024a436fc20f44dfd4b1 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Wed, 4 Apr 2018 07:59:38 -0300
Subject: [PATCH 2/2] Temp commit: adding test to run in prci
---
.freeipa-pr-ci.yaml | 11 +++
1 file changed, 11 insertions(+)
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index 1c261141f0..4927bb4b2a 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -195,3 +195,14 @@ jobs:
timeout: 10800
topology: *master_1repl
+ fedora-27/test_replica_promotion_TestReplicaPromotionLevel0:
+requires: [fedora-27/build]
+priority: 50
+job:
+ class: RunPytest
+ args:
+build_url: '{fedora-27/build_url}'
+test_suite: test_integration/test_replica_promotion.py::TestReplicaPromotionLevel0
+template: *ci-master-f27
+timeout: 8000
+topology: *master_1repl
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1801][opened] Reverting commit 6b145bf3e696e6d40b74055ccdf8d14da7828a09
URL: https://github.com/freeipa/freeipa/pull/1801
Author: felipevolpone
Title: #1801: Reverting commit 6b145bf3e696e6d40b74055ccdf8d14da7828a09
Action: opened
PR body:
"""
Commit 6b145bf should not be pushed, because it was not the intention to add a
new test to .freeipa-pr-ci.
This commits reverts its change.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1801/head:pr1801
git checkout pr1801
From f6563476659a4ffa5b4b038b44ace9feed7b5032 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Wed, 11 Apr 2018 11:10:27 -0300
Subject: [PATCH] Reverting commit 6b145bf3e696e6d40b74055ccdf8d14da7828a09
Commit 6b145bf3e696e6d40b74055ccdf8d14da7828a09 should not be pushed,
because it was not the intention to add a new test to .freeipa-pr-ci.
This commits reverts its change.
---
.freeipa-pr-ci.yaml | 13 -
1 file changed, 13 deletions(-)
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index 1c261141f0..c95bef79e2 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -182,16 +182,3 @@ jobs:
template: *ci-master-f27
timeout: 3600
topology: *master_1repl
-
- fedora-27/test_installation_TestInstallMasterReservedIPasForwarder:
-requires: [fedora-27/build]
-priority: 50
-job:
- class: RunPytest
- args:
-build_url: '{fedora-27/build_url}'
-test_suite: test_integration/test_installation.py::TestInstallMasterReservedIPasForwarder
-template: *ci-master-f27
-timeout: 10800
-topology: *master_1repl
-
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1831][opened] Fixing test_topology tests
URL: https://github.com/freeipa/freeipa/pull/1831
Author: felipevolpone
Title: #1831: Fixing test_topology tests
Action: opened
PR body:
"""
Fixing TestCASpecificRUVs::test_replica_uninstall_deletes_ruvs
This test will setup a master and a replica, uninstall replica and check
for the replica RUVs on the master. It was missing the step of running
ipa-replica-manage del to properly remove the RUVs.
Fixing tests on TestReplicaManageDel
This commit fixes the tests on class TestReplicaManageDel:
- test_replica_managed_del_domlevel1
- test_clean_dangling_ruv_multi_ca
- test_replica_managed_del_domlevel0
Given that domain level 0 doest not have autodiscovery, we need to
configure /etc/resolv.conf with the master data (search and
nameserver ) in order to ipa-replica-install succeed.
---
**Atention**: This patch should not be pushed until PR #1748 get merged.
As usual, as soon as we have an ack, I'll rebase the PR and remove the temp
commit.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1831/head:pr1831
git checkout pr1831
From 1a23d01ecc74760d2affe9527eb56ac81378ebfe Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Wed, 18 Apr 2018 14:52:25 -0300
Subject: [PATCH 1/4] Fixing
TestCASpecificRUVs::test_replica_uninstall_deletes_ruvs
This test will setup a master and a replica, uninstall replica and check
for the replica RUVs on the master. It was missing the step of running
ipa-replica-manage del to properly remove the RUVs.
---
ipatests/test_integration/test_topology.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ipatests/test_integration/test_topology.py b/ipatests/test_integration/test_topology.py
index 35898c0796..dd24f7b910 100644
--- a/ipatests/test_integration/test_topology.py
+++ b/ipatests/test_integration/test_topology.py
@@ -239,6 +239,9 @@ def test_replica_uninstall_deletes_ruvs(self):
assert(res1.count(replica.hostname) == 2), (
"Did not find proper number of replica hostname (%s) occurrencies"
" in the command output: %s" % (replica.hostname, res1))
+
+master.run_command(['ipa-replica-manage', 'del', replica.hostname,
+'-p', master.config.dirman_password])
tasks.uninstall_master(replica)
res2 = master.run_command(['ipa-replica-manage', 'list-ruv', '-p',
master.config.dirman_password]).stdout_text
From e883f18f897715178f8f7297e8038c5ff36eb734 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Wed, 18 Apr 2018 14:54:09 -0300
Subject: [PATCH 2/4] Fixing tests on TestReplicaManageDel
This commit fixes the tests on class TestReplicaManageDel:
- test_replica_managed_del_domlevel1
- test_clean_dangling_ruv_multi_ca
- test_replica_managed_del_domlevel0
Given that domain level 0 doest not have autodiscovery, we need to
configure /etc/resolv.conf with the master data (search and
nameserver ) in order to ipa-replica-install succeed.
---
ipatests/pytest_plugins/integration/tasks.py | 15 +++
1 file changed, 15 insertions(+)
diff --git a/ipatests/pytest_plugins/integration/tasks.py b/ipatests/pytest_plugins/integration/tasks.py
index 59fb202e35..542f1a98ca 100644
--- a/ipatests/pytest_plugins/integration/tasks.py
+++ b/ipatests/pytest_plugins/integration/tasks.py
@@ -338,10 +338,25 @@ def master_authoritative_for_client_domain(master, client):
raiseonerr=False)
return result.returncode == 0
+
+def _config_replica_resolvconf_with_master_data(master, replica):
+"""
+Configure replica /etc/resolv.conf to use master as DNS server
+"""
+content = ('search {domain}\nnameserver {master_ip}'
+ .format(domain=master.domain.name, master_ip=master.ip))
+replica.put_file_contents(paths.RESOLV_CONF, content)
+
+
def replica_prepare(master, replica, extra_args=(),
raiseonerr=True, stdin_text=None):
fix_apache_semaphores(replica)
prepare_reverse_zone(master, replica.ip)
+
+# in domain level 0 there is no autodiscovery, so it's necessary to
+# change /etc/resolv.conf to find master DNS server
+_config_replica_resolvconf_with_master_data(master, replica)
+
args = ['ipa-replica-prepare',
'-p', replica.config.dirman_password,
replica.hostname]
From 11d4e7ff8c3c25ff3bb14db555a816ef11722376 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Tue, 27 Mar 2018 16:59:55 -0400
Subject: [PATCH 3/4] Fix certificate retrieval in ipa-replica-prepare for DL0
The NSSDatabase object doesn't know the format of an NSS database
until the database is created so an explcit call to nssdb.create_db.
https://pagure.io/freeipa/issue/7469
Signed-off-by: Rob Crittenden
---
ipaserver/install/certs.py | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 448ca8cc06..17bb
[Freeipa-devel] [freeipa PR#1844][opened] Fixing TestBackupAndRestore
URL: https://github.com/freeipa/freeipa/pull/1844
Author: felipevolpone
Title: #1844: Fixing TestBackupAndRestore
Action: opened
PR body:
"""
Adding GSSPROXY_CONF to be backed up on ipa-backup
Without GSSPROXY_CONF being backed up, we would get this error
"ipa: ERROR: No valid Negotiate header in server response"
when running any ipa command after a ipa backup and restore.
This commit also fixes the tests:
- TestBackupAndRestore::test_full_backup_and_restore
- TesttBackupAndRestore::test_full_backup_and_restore_with_selinux_booleans_off
https://pagure.io/freeipa/issue/7473
Fixing
TestBackupAndRestore::test_full_backup_and_restore_with_removed_users
The test as it was, was testing the backup and restore based on previous
backups and restore, not with an actual installation.
Now, with a clear setup for each test, the test mentioned above will not
fail to do a lookup (using the host command, in check_dns method) for
the master domain.
---
Once we have an ack, I'll remove the temp commit.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1844/head:pr1844
git checkout pr1844
From 342b0695518ff5d3bae9d0ff914d94c6f06d836b Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Wed, 18 Apr 2018 16:00:32 -0300
Subject: [PATCH 1/3] Adding GSSPROXY_CONF to be backed up on ipa-backup
Without GSSPROXY_CONF being backed up, we would get this error
"ipa: ERROR: No valid Negotiate header in server response"
when running any ipa command after a backup restore.
This commit also fixes the tests:
- TestBackupAndRestore::test_full_backup_and_restore
- TesttBackupAndRestore::test_full_backup_and_restore_with_selinux_booleans_off
https://pagure.io/freeipa/issue/7473
---
ipaserver/install/ipa_backup.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index c8382cbfb5..a61a70e226 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -190,6 +190,7 @@ class Backup(admintool.AdminTool):
paths.IPA_DNSKEYSYNCD_KEYTAB,
paths.IPA_CUSTODIA_KEYS,
paths.IPA_CUSTODIA_CONF,
+paths.GSSPROXY_CONF,
paths.HOSTS,
) + tuple(
os.path.join(paths.IPA_NSSDB_DIR, file)
From 78902ced4890c6e5af14906961ec783334a46cd5 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Mon, 23 Apr 2018 08:28:30 -0300
Subject: [PATCH 2/3] Fixing
TestBackupAndRestore::test_full_backup_and_restore_with_removed_users
The test as it was, was testing the backup and restore based on previous
backups and restore, not with an actual installation.
Now, with a clear setup for each test, the test mentioned above will not
fail to do a lookup (using the host command, in check_dns method) for
the master domain.
---
ipatests/test_integration/test_backup_and_restore.py | 4
1 file changed, 4 insertions(+)
diff --git a/ipatests/test_integration/test_backup_and_restore.py b/ipatests/test_integration/test_backup_and_restore.py
index f8bc16601e..e7fe94b0f1 100644
--- a/ipatests/test_integration/test_backup_and_restore.py
+++ b/ipatests/test_integration/test_backup_and_restore.py
@@ -177,6 +177,8 @@ def test_full_backup_and_restore(self):
def test_full_backup_and_restore_with_removed_users(self):
"""regression test for https://fedorahosted.org/freeipa/ticket/3866""";
+tasks.uninstall_master(self.master)
+tasks.install_master(self.master)
with restore_checker(self.master):
backup_path = backup(self.master)
@@ -200,6 +202,8 @@ def test_full_backup_and_restore_with_removed_users(self):
def test_full_backup_and_restore_with_selinux_booleans_off(self):
"""regression test for https://fedorahosted.org/freeipa/ticket/4157""";
+tasks.uninstall_master(self.master)
+tasks.install_master(self.master)
with restore_checker(self.master):
backup_path = backup(self.master)
From a427c7ae713bb6d9c40f025e674fab5452e16d74 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Mon, 23 Apr 2018 08:20:59 -0300
Subject: [PATCH 3/3] temp commit: adding test
---
.freeipa-pr-ci.yaml | 12
1 file changed, 12 insertions(+)
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index c95bef79e2..a5d86f2bcf 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -182,3 +182,15 @@ jobs:
template: *ci-master-f27
timeout: 3600
topology: *master_1repl
+
+ fedora-27/test_backup_and_restore_TestBackupAndRestore:
+requires: [fedora-27/build]
+priority: 50
+job:
+ class: RunPytest
+ args:
+build_url: '{fedora-27/build_url}'
+test_suite: test_integration/test_backup_and_restore.py::TestBackupAndRestore
+template: *ci-master-f27
+timeout: 7200
+topology: *master_1repl
___
FreeIPA-devel mailing list -- freeipa-devel@
[Freeipa-devel] [freeipa PR#1856][opened] [Backport][ipa-4-6] Fixing TestBackupAndRestore
URL: https://github.com/freeipa/freeipa/pull/1856 Author: felipevolpone Title: #1856: [Backport][ipa-4-6] Fixing TestBackupAndRestore Action: opened PR body: """ This PR was opened automatically because PR #1844 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1856/head:pr1856 git checkout pr1856 From cbe0822c8933f9f2b6a3ac6c518d8915139cd73d Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Wed, 18 Apr 2018 16:00:32 -0300 Subject: [PATCH 1/2] Adding GSSPROXY_CONF to be backed up on ipa-backup Without GSSPROXY_CONF being backed up, we would get this error "ipa: ERROR: No valid Negotiate header in server response" when running any ipa command after a backup restore. This commit also fixes the tests: - TestBackupAndRestore::test_full_backup_and_restore - TesttBackupAndRestore::test_full_backup_and_restore_with_selinux_booleans_off https://pagure.io/freeipa/issue/7473 --- ipaserver/install/ipa_backup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index 475d846e6e..b0c1059acd 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -190,6 +190,7 @@ class Backup(admintool.AdminTool): paths.IPA_DNSKEYSYNCD_KEYTAB, paths.IPA_CUSTODIA_KEYS, paths.IPA_CUSTODIA_CONF, +paths.GSSPROXY_CONF, paths.HOSTS, ) + tuple( os.path.join(paths.IPA_NSSDB_DIR, file) From 0cd754664a8652f4164e1edf1ab8be70bd5fc303 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 23 Apr 2018 08:28:30 -0300 Subject: [PATCH 2/2] Fixing TestBackupAndRestore::test_full_backup_and_restore_with_removed_users The test as it was, was testing the backup and restore based on previous backups and restore, not with an actual installation. Now, with a clear setup for each test, the test mentioned above will not fail to do a lookup (using the host command, in check_dns method) for the master domain. --- ipatests/test_integration/test_backup_and_restore.py | 4 1 file changed, 4 insertions(+) diff --git a/ipatests/test_integration/test_backup_and_restore.py b/ipatests/test_integration/test_backup_and_restore.py index 266c36e3fd..089847bbb7 100644 --- a/ipatests/test_integration/test_backup_and_restore.py +++ b/ipatests/test_integration/test_backup_and_restore.py @@ -164,6 +164,8 @@ def test_full_backup_and_restore(self): def test_full_backup_and_restore_with_removed_users(self): """regression test for https://fedorahosted.org/freeipa/ticket/3866"""; +tasks.uninstall_master(self.master) +tasks.install_master(self.master) with restore_checker(self.master): backup_path = backup(self.master) @@ -187,6 +189,8 @@ def test_full_backup_and_restore_with_removed_users(self): def test_full_backup_and_restore_with_selinux_booleans_off(self): """regression test for https://fedorahosted.org/freeipa/ticket/4157"""; +tasks.uninstall_master(self.master) +tasks.install_master(self.master) with restore_checker(self.master): backup_path = backup(self.master) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1844][closed] Fixing TestBackupAndRestore
URL: https://github.com/freeipa/freeipa/pull/1844 Author: felipevolpone Title: #1844: Fixing TestBackupAndRestore Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1844/head:pr1844 git checkout pr1844 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1891][closed] [testing_rawhide] Nightly PR
URL: https://github.com/freeipa/freeipa/pull/1891 Author: freeipa-pr-ci Title: #1891: [testing_rawhide] Nightly PR Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1891/head:pr1891 git checkout pr1891 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1904][opened] [temp PR] f28 Patches and all tests f28
URL: https://github.com/freeipa/freeipa/pull/1904
Author: felipevolpone
Title: #1904: [temp PR] f28 Patches and all tests f28
Action: opened
PR body:
"""
Applying patches from PR #1871 and nightly tests
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1904/head:pr1904
git checkout pr1904
From 5f367231c290119cb35f7a0a7ee76c9eb7dc8479 Mon Sep 17 00:00:00 2001
From: Christian Heimes
Date: Fri, 27 Apr 2018 18:28:44 +0200
Subject: [PATCH 1/4] Run PR-CI with Fedora 28
Signed-off-by: Christian Heimes
---
.freeipa-pr-ci.yaml | 132 ++--
1 file changed, 66 insertions(+), 66 deletions(-)
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index a16b388695..7f8cc4605a 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -13,7 +13,7 @@ topologies:
memory: 6700
jobs:
- fedora-27/build:
+ fedora-28/build:
requires: []
priority: 100
job:
@@ -21,189 +21,189 @@ jobs:
args:
git_repo: '{git_repo}'
git_refspec: '{git_refspec}'
-template: &ci-master-f27
- name: freeipa/ci-master-f27
- version: 1.0.3
+template: &ci-master-f28
+ name: freeipa/ci-master-f28
+ version: 0.1.5
timeout: 1800
topology: *build
- fedora-27/simple_replication:
-requires: [fedora-27/build]
+ fedora-28/simple_replication:
+requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
-build_url: '{fedora-27/build_url}'
+build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_simple_replication.py
-template: *ci-master-f27
+template: *ci-master-f28
timeout: 3600
topology: *master_1repl
- fedora-27/caless:
-requires: [fedora-27/build]
+ fedora-28/caless:
+requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
-build_url: '{fedora-27/build_url}'
+build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
-template: *ci-master-f27
+template: *ci-master-f28
timeout: 3600
topology: *master_1repl
- fedora-27/external_ca:
-requires: [fedora-27/build]
+ fedora-28/external_ca:
+requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
-build_url: '{fedora-27/build_url}'
+build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_external_ca.py
-template: *ci-master-f27
-timeout: 3600
+template: *ci-master-f28
+timeout: 4500
topology: *master_1repl
- fedora-27/test_topologies:
-requires: [fedora-27/build]
+ fedora-28/test_topologies:
+requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
-build_url: '{fedora-27/build_url}'
+build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_topologies.py
-template: *ci-master-f27
+template: *ci-master-f28
timeout: 3600
topology: *master_1repl
- fedora-27/test_sudo:
-requires: [fedora-27/build]
+ fedora-28/test_sudo:
+requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
-build_url: '{fedora-27/build_url}'
+build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_sudo.py
-template: *ci-master-f27
+template: *ci-master-f28
timeout: 3600
topology: *master_1repl_1client
- fedora-27/test_ipa_cli:
-requires: [fedora-27/build]
+ fedora-28/test_ipa_cli:
+requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
-build_url: '{fedora-27/build_url}'
+build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_ipa_cli.py
-template: *ci-master-f27
+template: *ci-master-f28
timeout: 3600
topology: *master_1repl
- fedora-27/test_kerberos_flags:
-requires: [fedora-27/build]
+ fedora-28/test_kerberos_flags:
+requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
-build_url: '{fedora-27/build_url}'
+build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_kerberos_flags.py
-template: *ci-master-f27
+template: *ci-master-f28
timeout: 3600
topology: *master_1repl_1client
- fedora-27/test_http_kdc_proxy:
-requires: [fedora-27/build]
+ fedora-28/test_http_kdc_proxy:
+requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
-build_url: '{fedora-27/build_url}'
+build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_http_kdc_proxy.py
-temp
[Freeipa-devel] [freeipa PR#1748][closed] Fix certificate retrieval in ipa-replica-prepare for DL0
URL: https://github.com/freeipa/freeipa/pull/1748 Author: rcritten Title: #1748: Fix certificate retrieval in ipa-replica-prepare for DL0 Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1748/head:pr1748 git checkout pr1748 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1914][opened] Fixing DNSSEC tests with restarting named
URL: https://github.com/freeipa/freeipa/pull/1914
Author: felipevolpone
Title: #1914: Fixing DNSSEC tests with restarting named
Action: opened
PR body:
"""
This commit fixes:
- TestInstallDNSSECLast::test_disable_reenable_signing_master
- TestInstallDNSSECLast::test_disable_reenable_signing_replica
- TestInstallDNSSECFirst::test_chain_of_trust
https://pagure.io/freeipa/issue/5670
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1914/head:pr1914
git checkout pr1914
From f61929cf00bd63f63487dff882b0c981203fad71 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Wed, 9 May 2018 11:44:19 -0300
Subject: [PATCH 1/2] Fixing DNSSEC tests with restarting named
This commit fixes:
- TestInstallDNSSECLast::test_disable_reenable_signing_master
- TestInstallDNSSECLast::test_disable_reenable_signing_replica
- TestInstallDNSSECFirst::test_chain_of_trust
https://pagure.io/freeipa/issue/5670
---
ipatests/test_integration/test_dnssec.py | 6 ++
1 file changed, 6 insertions(+)
diff --git a/ipatests/test_integration/test_dnssec.py b/ipatests/test_integration/test_dnssec.py
index 40b4e1b356..111256adde 100644
--- a/ipatests/test_integration/test_dnssec.py
+++ b/ipatests/test_integration/test_dnssec.py
@@ -187,6 +187,8 @@ def test_disable_reenable_signing_master(self):
self.replicas[0].ip, test_zone, timeout=200
), "DNS zone %s is not signed (replica)" % test_zone
+tasks.restart_named(self.master)
+
dnskey_new = resolve_with_dnssec(self.master.ip, test_zone,
rtype="DNSKEY").rrset
assert dnskey_old != dnskey_new, "DNSKEY should be different"
@@ -234,6 +236,8 @@ def test_disable_reenable_signing_replica(self):
self.replicas[0].ip, test_zone_repl, timeout=200
), "DNS zone %s is not signed (replica)" % test_zone_repl
+tasks.restart_named(self.master)
+
dnskey_new = resolve_with_dnssec(self.replicas[0].ip, test_zone_repl,
rtype="DNSKEY").rrset
assert dnskey_old != dnskey_new, "DNSKEY should be different"
@@ -327,6 +331,8 @@ def test_chain_of_trust(self):
"--ns-rec=" + self.master.hostname
]
self.master.run_command(args)
+tasks.restart_named(self.master)
+
# wait until zone is signed
assert wait_until_record_is_signed(
self.master.ip, example_test_zone, timeout=100
From f14d941a8202cd1b67b7e68d3f5eb3fc067d2736 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Wed, 9 May 2018 11:49:19 -0300
Subject: [PATCH 2/2] temp commit: adding test_dnssec to run
---
.freeipa-pr-ci.yaml | 15 +++
1 file changed, 15 insertions(+)
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index a16b388695..3a945f236f 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -11,6 +11,10 @@ topologies:
name: master_1repl_1client
cpu: 4
memory: 6700
+ master_2repl_1client: &master_2repl_1client
+name: master_2repl_1client
+cpu: 5
+memory: 9100
jobs:
fedora-27/build:
@@ -207,3 +211,14 @@ jobs:
timeout: 3600
topology: *master_1repl_1client
+ fedora-27/test_dnssec:
+requires: [fedora-27/build]
+priority: 50
+job:
+ class: RunPytest
+ args:
+build_url: '{fedora-27/build_url}'
+test_suite: test_integration/test_dnssec.py
+template: *ci-master-f27
+timeout: 8000
+topology: *master_2repl_1client
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1831][reopened] Fixing test_topology tests
URL: https://github.com/freeipa/freeipa/pull/1831 Author: felipevolpone Title: #1831: Fixing test_topology tests Action: reopened To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1831/head:pr1831 git checkout pr1831 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1831][closed] Fixing test_topology tests
URL: https://github.com/freeipa/freeipa/pull/1831 Author: felipevolpone Title: #1831: Fixing test_topology tests Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1831/head:pr1831 git checkout pr1831 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1831][closed] Fixing test_topology tests
URL: https://github.com/freeipa/freeipa/pull/1831 Author: felipevolpone Title: #1831: Fixing test_topology tests Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1831/head:pr1831 git checkout pr1831 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1957][opened] Making nigthly test definition editable by FreeIPA contributors
URL: https://github.com/freeipa/freeipa/pull/1957
Author: felipevolpone
Title: #1957: Making nigthly test definition editable by FreeIPA contributors
Action: opened
PR body:
"""
Now the test definition of nightly tests will be on freeipa repo. The the
definition that's used on every PR (previously as .freeipa-pr-ci.yaml) is in
ipatests/prci_definitions/gating and the .freeipa-pr-ci.yaml file
is just a symlink to the real file.
In the same dir there is also nightly_master and nightly_rawhide, both to be
used in nightly tests.
This PR is the result of the discussion on freeipa-devel mailing list [1].
[1]
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/4VAWJ4SFKKBFFICDLQCTXJWRRQHIYJLL/
PS: This PR depends on [this PR in
freeipa-pr-ci](https://github.com/freeipa/freeipa-pr-ci/pull/201)
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1957/head:pr1957
git checkout pr1957
From 96de312ba6b9884282119b4057cbc7901a6d681b Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Wed, 23 May 2018 19:06:50 -0300
Subject: [PATCH] Making nigthly test definition editable by FreeIPA's
contributors
Now the test definition of nightly tests will be on freeipa repo. The
definition that's used on every PR (previously as .freeipa-pr-ci.yaml)
is in ipatests/prci_definitions/gating and the .freeipa-pr-ci.yaml file
is just a symlink to the real file.
In the same dir there is also nightly_master and nightly_rawhide, both
to be used in nightly tests.
This PR is the result of discussion on freeipa-devel mailing list [1].
[1] https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/4VAWJ4SFKKBFFICDLQCTXJWRRQHIYJLL/
---
.freeipa-pr-ci.yaml | 210 +-
ipatests/prci_definitions/gating | 209 +
ipatests/prci_definitions/nightly_master | 676 ++
ipatests/prci_definitions/nightly_rawhide | 676 ++
4 files changed, 1562 insertions(+), 209 deletions(-)
mode change 100644 => 12 .freeipa-pr-ci.yaml
create mode 100644 ipatests/prci_definitions/gating
create mode 100644 ipatests/prci_definitions/nightly_master
create mode 100644 ipatests/prci_definitions/nightly_rawhide
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
deleted file mode 100644
index 3a982940d8..00
--- a/.freeipa-pr-ci.yaml
+++ /dev/null
@@ -1,209 +0,0 @@
-topologies:
- build: &build
-name: build
-cpu: 2
-memory: 3800
- master_1repl: &master_1repl
-name: master_1repl
-cpu: 4
-memory: 5750
- master_1repl_1client: &master_1repl_1client
-name: master_1repl_1client
-cpu: 4
-memory: 6700
-
-jobs:
- fedora-28/build:
-requires: []
-priority: 100
-job:
- class: Build
- args:
-git_repo: '{git_repo}'
-git_refspec: '{git_refspec}'
-template: &ci-master-f28
- name: freeipa/ci-master-f28
- version: 0.1.5
-timeout: 1800
-topology: *build
-
- fedora-28/simple_replication:
-requires: [fedora-28/build]
-priority: 50
-job:
- class: RunPytest
- args:
-build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_simple_replication.py
-template: *ci-master-f28
-timeout: 3600
-topology: *master_1repl
-
- fedora-28/caless:
-requires: [fedora-28/build]
-priority: 50
-job:
- class: RunPytest
- args:
-build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
-template: *ci-master-f28
-timeout: 3600
-topology: *master_1repl
-
- fedora-28/external_ca:
-requires: [fedora-28/build]
-priority: 50
-job:
- class: RunPytest
- args:
-build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_external_ca.py::TestExternalCA test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall
-template: *ci-master-f28
-timeout: 3600
-topology: *master_1repl
-
- fedora-28/test_topologies:
-requires: [fedora-28/build]
-priority: 50
-job:
- class: RunPytest
- args:
-build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_topologies.py
-template: *ci-master-f28
-timeout: 3600
-topology: *master_1repl
-
- fedora-28/test_sudo:
-requires: [fedora-28/build]
-priority: 50
-job:
- class: RunPytest
- args:
-build_url: '{fedora-28/build_url}'
-test_suite: test_integration/test_sudo.py
-template: *ci-master-f28
-timeout: 3600
-topology: *master_1repl_1client
-
- fedora-28/test_ipa_cli:
-requires: [fedora-28/build]
-priority: 50
-job:
- class: RunPytest
- args:
-
[Freeipa-devel] [freeipa PR#812][opened] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812
Author: felipevolpone
Title: #812: Refactoring cert-find to use API call directly instead of using
Action: opened
PR body:
"""
Refactoring cert-find to use API calls directly instead of using raw LDAP
search.
Upstream ticket: https://pagure.io/freeipa/issue/6948
I removed the raw LDAP search and used the API directly. In the old code, the
call ` self.obj._owners()` returns `service, hots and user`. However, when
testing the code, only the service was being used, so I made it only use the
service API.
If there another scenario where `user and host` are used, I thought to do
something like:
```python
for owner in self.obj._owners():
api_name = owner.name
response = api.Command[api_name+'_find'](options[api_name])
... # continues
```
Is that correct?
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/812/head:pr812
git checkout pr812
From c5397bf416953674937b3e23f4def73e0fb61b03 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Wed, 24 May 2017 15:33:34 -0300
Subject: [PATCH] Refactoring cert-find to use API call directly instead of
using raw LDAP searchs.
https://pagure.io/freeipa/issue/6948
---
ipaserver/plugins/cert.py | 92 +--
1 file changed, 17 insertions(+), 75 deletions(-)
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index fbda6ca6ca..796f9aad04 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -1500,86 +1500,28 @@ def _ca_search(self, raw, pkey_only, exactly, **options):
return result, False, complete
-def _ldap_search(self, all, pkey_only, no_members, **options):
+def _service_search(self, all, pkey_only, no_members, **options):
ldap = self.api.Backend.ldap2
-
-filters = []
-for owner in self.obj._owners():
-for prefix, rule in (('', ldap.MATCH_ALL),
- ('no_', ldap.MATCH_NONE)):
-try:
-value = options[prefix + owner.name]
-except KeyError:
-continue
-
-filter = ldap.make_filter_from_attr(
-'objectclass',
-owner.object_class,
-ldap.MATCH_ALL)
-if filter not in filters:
-filters.append(filter)
-
-filter = ldap.make_filter_from_attr(
-owner.primary_key.name,
-value,
-rule)
-filters.append(filter)
-
+
+ principal = unicode(options['service'][0])
+response = api.Command['service_find'](principal)
+
result = collections.OrderedDict()
-complete = bool(filters)
-
-cert = options.get('certificate')
-if cert is not None:
-filter = ldap.make_filter_from_attr('usercertificate', cert)
-else:
-filter = '(usercertificate=*)'
-filters.append(filter)
-
-filter = ldap.combine_filters(filters, ldap.MATCH_ALL)
-try:
-entries, truncated = ldap.find_entries(
-base_dn=self.api.env.basedn,
-filter=filter,
-attrs_list=['usercertificate'],
-time_limit=0,
-size_limit=0,
-)
-except errors.EmptyResult:
-entries = []
-truncated = False
-else:
-try:
-ldap.handle_truncated_result(truncated)
-except errors.LimitsExceeded as e:
-self.add_message(messages.SearchResultTruncated(reason=e))
-
-truncated = bool(truncated)
-
-for entry in entries:
-for attr in ('usercertificate', 'usercertificate;binary'):
-for cert in entry.get(attr, []):
-try:
-issuer, serial_number = self._get_cert_key(cert)
-except ValueError:
-truncated = True
-continue
-
-try:
-obj = result[issuer, serial_number]
-except KeyError:
-obj = {'serial_number': serial_number}
-if not pkey_only and all:
-obj['certificate'] = (
-base64.b64encode(cert).decode('ascii'))
-result[issuer, serial_number] = obj
+complete = True if response['count'] >= 1 else False
+truncated = False
+
+ if complete:
+ cert = response['result'][0]['usercertificate']
+ key = self._get_cert_key(cert)
+ content = self._get_cert_obj(cert[0], all, raw, pkey_only)
+ result[key] = content
-if not pkey_only and (all or not no_members):
-owners = obj.setdefault('owner', [])
[Freeipa-devel] [freeipa PR#812][edited] [WIP] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Author: felipevolpone Title: #812: [WIP] Refactoring cert-find to use API call directly instead of using Action: edited Changed field: title Original value: """ Refactoring cert-find to use API call directly instead of using """ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][comment] [WIP] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812
Title: #812: [WIP] Refactoring cert-find to use API call directly instead of
using
felipevolpone commented:
"""
Talking with @simo5 on IRC, he proposed to we do not change the whole code, but
only fix it doing something like:
```python
filter = ldap.make_filter_from_attr('krbprincipalname', value, rule)
```
in
https://github.com/freeipa/freeipa/blob/master/ipaserver/plugins/cert.py#L1523
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/812#issuecomment-304004141
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][synchronized] [WIP] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Author: felipevolpone Title: #812: [WIP] Refactoring cert-find to use API call directly instead of using Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/812/head:pr812 git checkout pr812 From 352e502ae62e35144810a10bca1db5f909e99759 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Fri, 26 May 2017 10:28:21 -0300 Subject: [PATCH] Changing the LDAP search to do not use krbCanonicalName directly, instead it will use krbPrincipalName --- ipaserver/plugins/cert.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index fbda6ca6ca..eba85636f4 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1520,7 +1520,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options): filters.append(filter) filter = ldap.make_filter_from_attr( -owner.primary_key.name, +'krbPrincipalName', value, rule) filters.append(filter) ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][comment] [WIP] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Title: #812: [WIP] Refactoring cert-find to use API call directly instead of using felipevolpone commented: """ @HonzaCholasta thanks for the help, but the idea isn't avoid calling the ldap directly, and instead of that call the APIs? If we change _only_ the `_owners` method, we'll still have ldap calls here: https://github.com/freeipa/freeipa/blob/master/ipaserver/plugins/cert.py#L1515-L1545 . Am I missing something? """ See the full comment at https://github.com/freeipa/freeipa/pull/812#issuecomment-304978593 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#824][comment] ca-add: validate Subject DN name attributes
URL: https://github.com/freeipa/freeipa/pull/824 Title: #824: ca-add: validate Subject DN name attributes felipevolpone commented: """ I tested and it fixes the error. I'm not sure if it's relevant, but maybe the unrecognized attributes could be printed as the user wrote them. This: ```ipa: ERROR: invalid 'Subject DN': Unrecognized attributes: dn``` Could be: ```ipa: ERROR: invalid 'Subject DN': Unrecognized attributes: DN``` Good to go. """ See the full comment at https://github.com/freeipa/freeipa/pull/824#issuecomment-304987610 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][synchronized] [WIP] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812
Author: felipevolpone
Title: #812: [WIP] Refactoring cert-find to use API call directly instead of
using
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/812/head:pr812
git checkout pr812
From 352e502ae62e35144810a10bca1db5f909e99759 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Fri, 26 May 2017 10:28:21 -0300
Subject: [PATCH 1/2] Changing the LDAP search to do not use krbCanonicalName
directly, instead it will use krbPrincipalName
---
ipaserver/plugins/cert.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index fbda6ca6ca..eba85636f4 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -1520,7 +1520,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options):
filters.append(filter)
filter = ldap.make_filter_from_attr(
-owner.primary_key.name,
+'krbPrincipalName',
value,
rule)
filters.append(filter)
From 942b1fcca13ff2ed656e08b1e9d231560ec78b85 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Wed, 31 May 2017 11:37:27 -0300
Subject: [PATCH 2/2] Changing the LDAP search to do not use krbCanonicalName
directly, instead it will use krbPrincipalName
---
ipaserver/plugins/cert.py | 27 +--
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index eba85636f4..1816627b28 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -1090,8 +1090,8 @@ def get_params(self):
param = param.clone(flags=param.flags - {'no_search'})
yield param
-for owner in self._owners():
-yield owner.primary_key.clone_rename(
+for owner, owner_pkey in self._owners():
+yield owner_pkey.clone_rename(
'owner_{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1101,15 +1101,22 @@ def get_params(self):
)
def _owners(self):
-for name in ('user', 'host', 'service'):
-yield self.api.Object[name]
+for obj_name, pkey_name in [('user', None),
+('host', None),
+('service', 'krbprincipalname')]:
+obj = self.api.Object[obj_name]
+if pkey_name is None:
+pkey = obj.primary_key
+else:
+pkey = obj.params[pkey_name]
+yield obj, pkey
def _fill_owners(self, obj):
dns = obj.pop('owner', None)
if dns is None:
return
-for owner in self._owners():
+for owner, __ in self._owners():
container_dn = DN(owner.container_dn, self.api.env.basedn)
name = 'owner_' + owner.name
for dn in dns:
@@ -1373,8 +1380,8 @@ def get_options(self):
option = option.clone(default=None, autofill=None)
yield option
-for owner in self.obj._owners():
-yield owner.primary_key.clone_rename(
+for owner, owner_pkey in self.obj._owners():
+yield owner_pkey.clone_rename(
'{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1385,7 +1392,7 @@ def get_options(self):
owner.object_name_plural),
label=owner.object_name,
)
-yield owner.primary_key.clone_rename(
+yield owner_pkey.clone_rename(
'no_{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1504,7 +1511,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options):
ldap = self.api.Backend.ldap2
filters = []
-for owner in self.obj._owners():
+for owner, owner_pkey in self.obj._owners():
for prefix, rule in (('', ldap.MATCH_ALL),
('no_', ldap.MATCH_NONE)):
try:
@@ -1520,7 +1527,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options):
filters.append(filter)
filter = ldap.make_filter_from_attr(
-'krbPrincipalName',
+owner_pkey.name,
value,
rule)
filters.append(filter)
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][comment] [WIP] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Title: #812: [WIP] Refactoring cert-find to use API call directly instead of using felipevolpone commented: """ @HonzaCholasta thank you for the explanation, I misunderstood the ticket title. I did the changes that you suggested. """ See the full comment at https://github.com/freeipa/freeipa/pull/812#issuecomment-305210568 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][synchronized] [WIP] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812
Author: felipevolpone
Title: #812: [WIP] Refactoring cert-find to use API call directly instead of
using
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/812/head:pr812
git checkout pr812
From 352e502ae62e35144810a10bca1db5f909e99759 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Fri, 26 May 2017 10:28:21 -0300
Subject: [PATCH 1/3] Changing the LDAP search to do not use krbCanonicalName
directly, instead it will use krbPrincipalName
---
ipaserver/plugins/cert.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index fbda6ca6ca..eba85636f4 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -1520,7 +1520,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options):
filters.append(filter)
filter = ldap.make_filter_from_attr(
-owner.primary_key.name,
+'krbPrincipalName',
value,
rule)
filters.append(filter)
From 942b1fcca13ff2ed656e08b1e9d231560ec78b85 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Wed, 31 May 2017 11:37:27 -0300
Subject: [PATCH 2/3] Changing the LDAP search to do not use krbCanonicalName
directly, instead it will use krbPrincipalName
---
ipaserver/plugins/cert.py | 27 +--
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index eba85636f4..1816627b28 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -1090,8 +1090,8 @@ def get_params(self):
param = param.clone(flags=param.flags - {'no_search'})
yield param
-for owner in self._owners():
-yield owner.primary_key.clone_rename(
+for owner, owner_pkey in self._owners():
+yield owner_pkey.clone_rename(
'owner_{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1101,15 +1101,22 @@ def get_params(self):
)
def _owners(self):
-for name in ('user', 'host', 'service'):
-yield self.api.Object[name]
+for obj_name, pkey_name in [('user', None),
+('host', None),
+('service', 'krbprincipalname')]:
+obj = self.api.Object[obj_name]
+if pkey_name is None:
+pkey = obj.primary_key
+else:
+pkey = obj.params[pkey_name]
+yield obj, pkey
def _fill_owners(self, obj):
dns = obj.pop('owner', None)
if dns is None:
return
-for owner in self._owners():
+for owner, __ in self._owners():
container_dn = DN(owner.container_dn, self.api.env.basedn)
name = 'owner_' + owner.name
for dn in dns:
@@ -1373,8 +1380,8 @@ def get_options(self):
option = option.clone(default=None, autofill=None)
yield option
-for owner in self.obj._owners():
-yield owner.primary_key.clone_rename(
+for owner, owner_pkey in self.obj._owners():
+yield owner_pkey.clone_rename(
'{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1385,7 +1392,7 @@ def get_options(self):
owner.object_name_plural),
label=owner.object_name,
)
-yield owner.primary_key.clone_rename(
+yield owner_pkey.clone_rename(
'no_{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1504,7 +1511,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options):
ldap = self.api.Backend.ldap2
filters = []
-for owner in self.obj._owners():
+for owner, owner_pkey in self.obj._owners():
for prefix, rule in (('', ldap.MATCH_ALL),
('no_', ldap.MATCH_NONE)):
try:
@@ -1520,7 +1527,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options):
filters.append(filter)
filter = ldap.make_filter_from_attr(
-'krbPrincipalName',
+owner_pkey.name,
value,
rule)
filters.append(filter)
From f81e8dcb0a6152f0755d1c97b8e0d4a6a1792148 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Wed, 31 May 2017 13:49:15 -0300
Subject: [PATCH 3/3] Refactoring cert-find to use API call directly instead of
using
---
ipaserver/plugins/cert.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipaserver/plugins/cert.py b/ipaserver
[Freeipa-devel] [freeipa PR#812][edited] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Author: felipevolpone Title: #812: Refactoring cert-find to use API call directly instead of using Action: edited Changed field: title Original value: """ [WIP] Refactoring cert-find to use API call directly instead of using """ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][synchronized] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812
Author: felipevolpone
Title: #812: Refactoring cert-find to use API call directly instead of using
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/812/head:pr812
git checkout pr812
From 7629d0f956ec3093d8e96b9bd80f1b9df508e0c4 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Thu, 1 Jun 2017 16:36:03 -0300
Subject: [PATCH] Changing cert-find to do not use only primary key to search
in LDAP.
In service.py the primary key is krbCanonicalName, which we
don't want to use to do searchs. Now, cert-find uses primary
key or a specified attribute to do searches in LDAP, instead
of using only a primary key.
https://pagure.io/freeipa/issue/6948
---
ipaserver/plugins/cert.py | 27 +--
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index fbda6ca6ca..bf2560fba3 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -1090,8 +1090,8 @@ def get_params(self):
param = param.clone(flags=param.flags - {'no_search'})
yield param
-for owner in self._owners():
-yield owner.primary_key.clone_rename(
+for owner, search_key in self._owners():
+yield search_key.clone_rename(
'owner_{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1101,15 +1101,22 @@ def get_params(self):
)
def _owners(self):
-for name in ('user', 'host', 'service'):
-yield self.api.Object[name]
+for obj_name, search_key in [('user', None),
+ ('host', None),
+ ('service', 'krbprincipalname')]:
+obj = self.api.Object[obj_name]
+if search_key is None:
+pkey = obj.primary_key
+else:
+pkey = obj.params[search_key]
+yield obj, pkey
def _fill_owners(self, obj):
dns = obj.pop('owner', None)
if dns is None:
return
-for owner in self._owners():
+for owner, _search_key in self._owners():
container_dn = DN(owner.container_dn, self.api.env.basedn)
name = 'owner_' + owner.name
for dn in dns:
@@ -1373,8 +1380,8 @@ def get_options(self):
option = option.clone(default=None, autofill=None)
yield option
-for owner in self.obj._owners():
-yield owner.primary_key.clone_rename(
+for owner, search_key in self.obj._owners():
+yield search_key.clone_rename(
'{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1385,7 +1392,7 @@ def get_options(self):
owner.object_name_plural),
label=owner.object_name,
)
-yield owner.primary_key.clone_rename(
+yield search_key.clone_rename(
'no_{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1504,7 +1511,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options):
ldap = self.api.Backend.ldap2
filters = []
-for owner in self.obj._owners():
+for owner, search_key in self.obj._owners():
for prefix, rule in (('', ldap.MATCH_ALL),
('no_', ldap.MATCH_NONE)):
try:
@@ -1520,7 +1527,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options):
filters.append(filter)
filter = ldap.make_filter_from_attr(
-owner.primary_key.name,
+search_key.name,
value,
rule)
filters.append(filter)
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][comment] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Title: #812: Refactoring cert-find to use API call directly instead of using felipevolpone commented: """ Done. @frasertweedale if there is something wrong with the commit message, please tell me. Thanks for reviewing :) """ See the full comment at https://github.com/freeipa/freeipa/pull/812#issuecomment-305600312 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][synchronized] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812
Author: felipevolpone
Title: #812: Refactoring cert-find to use API call directly instead of using
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/812/head:pr812
git checkout pr812
From c8913f875b56af412ae0eedb299a9ad9505415ec Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Thu, 1 Jun 2017 16:53:11 -0300
Subject: [PATCH] Changing cert-find to do not use only primary key to search
in LDAP.
In service.py the primary key is krbCanonicalName, which we
don't want to use to do searchs. Now, cert-find uses primary
key or a specified attribute to do searches in LDAP, instead
of using only a primary key.
https://pagure.io/freeipa/issue/6948
---
ipaserver/plugins/cert.py | 27 +--
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index fbda6ca6ca..b62f82541d 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -1090,8 +1090,8 @@ def get_params(self):
param = param.clone(flags=param.flags - {'no_search'})
yield param
-for owner in self._owners():
-yield owner.primary_key.clone_rename(
+for owner, search_key in self._owners():
+yield search_key.clone_rename(
'owner_{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1101,15 +1101,22 @@ def get_params(self):
)
def _owners(self):
-for name in ('user', 'host', 'service'):
-yield self.api.Object[name]
+for obj_name, search_key in [('user', None),
+ ('host', None),
+ ('service', 'krbprincipalname')]:
+obj = self.api.Object[obj_name]
+if search_key is None:
+pkey = obj.primary_key
+else:
+pkey = obj.params[search_key]
+yield obj, pkey
def _fill_owners(self, obj):
dns = obj.pop('owner', None)
if dns is None:
return
-for owner in self._owners():
+for owner, _search_key in self._owners():
container_dn = DN(owner.container_dn, self.api.env.basedn)
name = 'owner_' + owner.name
for dn in dns:
@@ -1373,8 +1380,8 @@ def get_options(self):
option = option.clone(default=None, autofill=None)
yield option
-for owner in self.obj._owners():
-yield owner.primary_key.clone_rename(
+for owner, search_key in self.obj._owners():
+yield search_key.clone_rename(
'{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1385,7 +1392,7 @@ def get_options(self):
owner.object_name_plural),
label=owner.object_name,
)
-yield owner.primary_key.clone_rename(
+yield search_key.clone_rename(
'no_{0}'.format(owner.name),
required=False,
multivalue=True,
@@ -1504,7 +1511,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options):
ldap = self.api.Backend.ldap2
filters = []
-for owner in self.obj._owners():
+for owner, search_key in self.obj._owners():
for prefix, rule in (('', ldap.MATCH_ALL),
('no_', ldap.MATCH_NONE)):
try:
@@ -1520,7 +1527,7 @@ def _ldap_search(self, all, pkey_only, no_members, **options):
filters.append(filter)
filter = ldap.make_filter_from_attr(
-owner.primary_key.name,
+search_key.name,
value,
rule)
filters.append(filter)
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#812][comment] Refactoring cert-find to use API call directly instead of using
URL: https://github.com/freeipa/freeipa/pull/812 Title: #812: Refactoring cert-find to use API call directly instead of using felipevolpone commented: """ Done. @frasertweedale if there is something wrong with the commit message, please tell me. Thanks for reviewing :) """ See the full comment at https://github.com/freeipa/freeipa/pull/812#issuecomment-305600312 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#843][opened] [WIP] Fixing test_installation.py tests
URL: https://github.com/freeipa/freeipa/pull/843 Author: felipevolpone Title: #843: [WIP] Fixing test_installation.py tests Action: opened PR body: """ I've been working on the test_installation.py suite and figure out how to solve some of them. The TestInstallWithCA1 have 9 tests failing; 6 of them can be fixed adding ```bash ipa-ca.$DOMAIN ``` into the master `/etc/hosts`. After that, three of them are still failing. The log: https://paste.fedoraproject.org/paste/7n3CMEH5nhiHu~Vai8cObV5M1UNdIGYhyRLivL9gydE=. They are: * test_replica1_with_ca_install * test_replica2_with_ca_kra_install * test_replica1_ipa_kra_install I've moved the tests * test_replica2_with_ca_kra_install * test_replica1_ipa_kra_install to a new class (TestInstallWithCA1_KRA1) and created a new install method, which use the `setup_kra=True` option in the install_master method. The tests are still failing, but for another reason, the logs: https://paste.fedoraproject.org/paste/ytzzIUDhh5ARcunpSfSubV5M1UNdIGYhyRLivL9gydE= """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/843/head:pr843 git checkout pr843 From d38d090333e6c3e53a2e9c2545e61f26e1d35a11 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Thu, 1 Jun 2017 23:09:25 -0300 Subject: [PATCH] Fixing broken tests in test_installation.py --- ipatests/test_integration/test_installation.py | 21 + 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index f3e9ebac1c..d304543cf9 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -110,7 +110,6 @@ def test_replica1_all_components_adtrust(self): ## # Master X Replicas installation tests ## - class TestInstallWithCA1(InstallTestBase1): @classmethod @@ -119,18 +118,24 @@ def install(cls, mh): @pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0, reason='does not work on DOMAIN_LEVEL_0 by design') -def test_replica1_ipa_kra_install(self): -super(TestInstallWithCA1, self).test_replica1_ipa_kra_install() +def test_replica2_ipa_dns_install(self): +super(TestInstallWithCA1, self).test_replica2_ipa_dns_install() + + +class TestInstallWithCA1_KRA1(InstallTestBase1): + +@classmethod +def install(cls, mh): +tasks.install_master(cls.master, setup_dns=False, setup_kra=True) @pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0, reason='does not work on DOMAIN_LEVEL_0 by design') def test_replica2_with_ca_kra_install(self): -super(TestInstallWithCA1, self).test_replica2_with_ca_kra_install() +super(TestInstallWithCA1_KRA1, + self).test_replica2_with_ca_kra_install() -@pytest.mark.skipif(config.domain_level == DOMAIN_LEVEL_0, -reason='does not work on DOMAIN_LEVEL_0 by design') -def test_replica2_ipa_dns_install(self): -super(TestInstallWithCA1, self).test_replica2_ipa_dns_install() +def test_replica1_ipa_kra_install(self): +super(TestInstallWithCA1_KRA1, self).test_replica1_ipa_kra_install() class TestInstallWithCA2(InstallTestBase2): ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#843][edited] [WIP] Fixing test_installation.py tests
URL: https://github.com/freeipa/freeipa/pull/843 Author: felipevolpone Title: #843: [WIP] Fixing test_installation.py tests Action: edited Changed field: body Original value: """ I've been working on the test_installation.py suite and figure out how to solve some of them. The TestInstallWithCA1 have 9 tests failing; 6 of them can be fixed adding ```bash ipa-ca.$DOMAIN ``` into the master `/etc/hosts`. After that, three of them are still failing. The log: https://paste.fedoraproject.org/paste/7n3CMEH5nhiHu~Vai8cObV5M1UNdIGYhyRLivL9gydE=. They are: * test_replica1_with_ca_install * test_replica2_with_ca_kra_install * test_replica1_ipa_kra_install I've moved the tests * test_replica2_with_ca_kra_install * test_replica1_ipa_kra_install to a new class (TestInstallWithCA1_KRA1) and created a new install method, which use the `setup_kra=True` option in the install_master method. The tests are still failing, but for another reason, the logs: https://paste.fedoraproject.org/paste/ytzzIUDhh5ARcunpSfSubV5M1UNdIGYhyRLivL9gydE= """ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#821][comment] fix incorrect suffix handling in topology checks
URL: https://github.com/freeipa/freeipa/pull/821 Title: #821: fix incorrect suffix handling in topology checks felipevolpone commented: """ Tested, works as advertised. """ See the full comment at https://github.com/freeipa/freeipa/pull/821#issuecomment-305861037 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#821][+ack] fix incorrect suffix handling in topology checks
URL: https://github.com/freeipa/freeipa/pull/821 Title: #821: fix incorrect suffix handling in topology checks Label: +ack ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#843][comment] [WIP] Fixing test_installation.py tests
URL: https://github.com/freeipa/freeipa/pull/843 Title: #843: [WIP] Fixing test_installation.py tests felipevolpone commented: """ @MartinBasti you mean that they're fine after the code change, right? Because, before that they were failing due to `There is no KRA server in the domain, can't setup a KRA clone`. """ See the full comment at https://github.com/freeipa/freeipa/pull/843#issuecomment-306199661 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#843][closed] [WIP] Fixing test_installation.py tests
URL: https://github.com/freeipa/freeipa/pull/843 Author: felipevolpone Title: #843: [WIP] Fixing test_installation.py tests Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/843/head:pr843 git checkout pr843 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#833][comment] Fixes traceback in log and corrects console output
URL: https://github.com/freeipa/freeipa/pull/833 Title: #833: Fixes traceback in log and corrects console output felipevolpone commented: """ Tested and it works. Looks good to me. """ See the full comment at https://github.com/freeipa/freeipa/pull/833#issuecomment-306559399 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#833][+ack] Fixes traceback in log and corrects console output
URL: https://github.com/freeipa/freeipa/pull/833 Title: #833: Fixes traceback in log and corrects console output Label: +ack ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#833][comment] Fixes traceback in log and corrects console output
URL: https://github.com/freeipa/freeipa/pull/833 Title: #833: Fixes traceback in log and corrects console output felipevolpone commented: """ @Tiboris if I understood @HonzaCholasta correctly, the fix should be done in [trustdomain_find command](https://github.com/freeipa/freeipa/blob/master/ipaserver/plugins/trust.py#L1544). """ See the full comment at https://github.com/freeipa/freeipa/pull/833#issuecomment-307449335 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#874][opened] Changing cert-find to go through the proxy instead of using the port 8080
URL: https://github.com/freeipa/freeipa/pull/874
Author: felipevolpone
Title: #874: Changing cert-find to go through the proxy instead of using the
port 8080
Action: opened
PR body:
"""
The cert-find command now uses the proxy to reach Dogtag, instead of using the
port 8080. In order to accomplish that, it's necessary to change the proxy
configuration adding the service URL.
Ticket: https://pagure.io/freeipa/issue/6966
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/874/head:pr874
git checkout pr874
From 4072343accc93fd545391fe74bd969af0e88e10d Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Wed, 14 Jun 2017 17:52:18 -0300
Subject: [PATCH] Changing cert-find to go through the proxy instead of using
the port 8080
The cert-find command now uses the proxy to reach Dogtag, instead of using
the port 8080. In order to accomplish that, it's necessary to change the
proxy configuration including the URL called.
https://pagure.io/freeipa/issue/6966
---
install/conf/ipa-pki-proxy.conf | 2 +-
ipaserver/plugins/dogtag.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/install/conf/ipa-pki-proxy.conf b/install/conf/ipa-pki-proxy.conf
index b48a3020d2..8a8eaa7f3f 100644
--- a/install/conf/ipa-pki-proxy.conf
+++ b/install/conf/ipa-pki-proxy.conf
@@ -27,7 +27,7 @@ ProxyRequests Off
# matches for CA REST API
-
+
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient optional
ProxyPassMatch ajp://localhost:$DOGTAG_PORT
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index bddaab58a5..0e68de6219 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1903,7 +1903,7 @@ def convert_time(value):
self.debug('%s.find(): request: %s', type(self).__name__, payload)
url = 'http://%s/ca/rest/certs/search?size=%d' % (
-ipautil.format_netloc(self.ca_host, 8080),
+ipautil.format_netloc(self.ca_host, 80),
options.get('sizelimit', 0x7fff))
opener = urllib.request.build_opener()
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#874][synchronized] Changing cert-find to go through the proxy instead of using the port 8080
URL: https://github.com/freeipa/freeipa/pull/874
Author: felipevolpone
Title: #874: Changing cert-find to go through the proxy instead of using the
port 8080
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/874/head:pr874
git checkout pr874
From 433b4db62d335e955aa99c2f4031bf6162adaa2b Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Wed, 14 Jun 2017 18:19:41 -0300
Subject: [PATCH] Changing cert-find to go through the proxy instead of using
the port 8080
The cert-find command now uses the proxy to reach Dogtag, instead of using
the port 8080. In order to accomplish that, it's necessary to change the
proxy configuration including the URL called.
https://pagure.io/freeipa/issue/6966
---
install/conf/ipa-pki-proxy.conf | 4 ++--
ipaserver/plugins/dogtag.py | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/install/conf/ipa-pki-proxy.conf b/install/conf/ipa-pki-proxy.conf
index b48a3020d2..106ddc4fa7 100644
--- a/install/conf/ipa-pki-proxy.conf
+++ b/install/conf/ipa-pki-proxy.conf
@@ -1,4 +1,4 @@
-# VERSION 10 - DO NOT REMOVE THIS LINE
+# VERSION 11 - DO NOT REMOVE THIS LINE
ProxyRequests Off
@@ -27,7 +27,7 @@ ProxyRequests Off
# matches for CA REST API
-
+
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient optional
ProxyPassMatch ajp://localhost:$DOGTAG_PORT
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index bddaab58a5..0e68de6219 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1903,7 +1903,7 @@ def convert_time(value):
self.debug('%s.find(): request: %s', type(self).__name__, payload)
url = 'http://%s/ca/rest/certs/search?size=%d' % (
-ipautil.format_netloc(self.ca_host, 8080),
+ipautil.format_netloc(self.ca_host, 80),
options.get('sizelimit', 0x7fff))
opener = urllib.request.build_opener()
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#874][comment] Changing cert-find to go through the proxy instead of using the port 8080
URL: https://github.com/freeipa/freeipa/pull/874 Title: #874: Changing cert-find to go through the proxy instead of using the port 8080 felipevolpone commented: """ @rcritten I forget that. Thanks for reminding me. Done. """ See the full comment at https://github.com/freeipa/freeipa/pull/874#issuecomment-308561793 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#781][edited] Warn in cert-request if CSR doesn't contain SAN
URL: https://github.com/freeipa/freeipa/pull/781 Author: felipevolpone Title: #781: Warn in cert-request if CSR doesn't contain SAN Action: edited Changed field: title Original value: """ [WIP] Warn in cert-request if CSR doesn't contain SAN """ ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#880][opened] Changing how commands handles error when it can't connect to IPA server
URL: https://github.com/freeipa/freeipa/pull/880
Author: felipevolpone
Title: #880: Changing how commands handles error when it can't connect to IPA
server
Action: opened
PR body:
"""
The commands that connects with IPA server can raise a `NetworkError` with the
message: "ipa: ERROR: can't connect to `http://localhost:/ipa/json': [Errno
111] Connection refused`. Instead of that, this changes the message error in
order to be more user-friendly.
I've used the `GenericError` because it inherits from `PublicError`and do not
have a default message. So, I do not have to change the `run` method in
`ipalib/cli.py` to handle a different exception/case.
Ticket: https://pagure.io/freeipa/issue/6261
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/880/head:pr880
git checkout pr880
From 1f9081e1e28176f8de82b866b0fab52282e7a2c4 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Mon, 19 Jun 2017 13:28:45 -0300
Subject: [PATCH] Changing how commands handles error when it can't connect to
IPA server
The commands that connects with IPA server can raise a NetworkError with the
message: "ipa: ERROR: can't connect to 'http://localhost:/ipa/json':
[Errno 111] Connection refused", which is not user friendly. Instead of
that, this changes the message error in order to be more user-friendly.
https://pagure.io/freeipa/issue/6261
---
ipalib/__init__.py | 19 ---
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/ipalib/__init__.py b/ipalib/__init__.py
index 16f90c3bb2..692848a4a3 100644
--- a/ipalib/__init__.py
+++ b/ipalib/__init__.py
@@ -923,7 +923,7 @@ def _enable_warnings(error=False):
from ipalib.parameters import DefaultFrom, Bool, Flag, Int, Decimal, Bytes, Str, IA5Str, Password, DNParam
from ipalib.parameters import (BytesEnum, StrEnum, IntEnum, AccessTime, File,
DateTime, DNSNameParam)
-from ipalib.errors import SkipPluginModule
+from ipalib.errors import SkipPluginModule, GenericError, NetworkError
from ipalib.text import _, ngettext, GettextFactory, NGettextFactory
Registry = plugable.Registry
@@ -942,12 +942,17 @@ def packages(self):
ipaserver.plugins,
)
else:
-import ipaclient.remote_plugins
-import ipaclient.plugins
-result = (
-ipaclient.remote_plugins.get_package(self),
-ipaclient.plugins,
-)
+try:
+import ipaclient.remote_plugins
+import ipaclient.plugins
+result = (
+ipaclient.remote_plugins.get_package(self),
+ipaclient.plugins,
+)
+except NetworkError:
+# instead of raising the default error connection message,
+# raising a more user-friendly one
+raise GenericError('Cannot find IPA server to contact')
if self.env.context in ('installer', 'updates'):
# pylint: disable=import-error,ipa-forbidden-import
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#880][comment] Changing how commands handles error when it can't connect to IPA server
URL: https://github.com/freeipa/freeipa/pull/880 Title: #880: Changing how commands handles error when it can't connect to IPA server felipevolpone commented: """ The ticket describe some commands that are not showing the right message. IMO we could split it into one ticket per command. """ See the full comment at https://github.com/freeipa/freeipa/pull/880#issuecomment-309497175 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#894][opened] Fixing ipa-replica-install --setup-kra if it's the first KRA in topology
URL: https://github.com/freeipa/freeipa/pull/894
Author: felipevolpone
Title: #894: Fixing ipa-replica-install --setup-kra if it's the first KRA in
topology
Action: opened
PR body:
"""
I'm trying to fix the ticket, but I'm not quite sure of how to do it. Until
now, I removed the exception and called the api in kra to install it. However,
I'm getting an exception:
```
bash-4.3$ sudo python /usr/sbin/ipa-replica-install -r
DOM-116.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM --setup-kra --setup-ca
WARNING: conflicting time&date synchronization service 'chronyd' will be
disabled in favor of ntpd
IPA client is already configured on this system, ignoring the --domain,
--server, --realm, --hostname, --password and --keytab options.
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR
Timed out trying to obtain keys.
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for
more information
```
from /var/log/ipareplica-install.log
```
2017-06-23T18:38:44Z DEBUG stderr=
2017-06-23T18:38:44Z DEBUG Destroyed connection context.ldap2_140135237350736
2017-06-23T18:38:44Z DEBUG Created connection context.ldap2_140135237350736
2017-06-23T18:38:44Z DEBUG raw: hostgroup_show(u'ipaservers', rights=True,
all=True, version=u'2.228')
2017-06-23T18:38:44Z DEBUG hostgroup_show(u'ipaservers', rights=True, all=True,
raw=False, version=u'2.228', no_members=False)
2017-06-23T18:38:44Z DEBUG flushing
ldaps://vm-116.abc.idm.lab.eng.brq.redhat.com from SchemaCache
2017-06-23T18:38:44Z DEBUG retrieving schema for SchemaCache
url=ldaps://vm-116.abc.idm.lab.eng.brq.redhat.com
conn=
2017-06-23T18:38:44Z DEBUG Destroyed connection context.ldap2_140135237350736
2017-06-23T18:38:44Z DEBUG Created connection context.ldap2_140135237350736
2017-06-23T18:38:44Z DEBUG flushing
ldaps://vm-116.abc.idm.lab.eng.brq.redhat.com from SchemaCache
2017-06-23T18:38:44Z DEBUG retrieving schema for SchemaCache
url=ldaps://vm-116.abc.idm.lab.eng.brq.redhat.com
conn=
2017-06-23T18:38:44Z DEBUG No IPA DNS servers, skipping forward/reverse
resolution check
2017-06-23T18:38:44Z DEBUG Initializing principal
host/vm-058-064.abc.idm.lab.eng.brq.redhat@dom-116.abc.idm.lab.eng.brq.redhat.com
using keytab /etc/krb5.keytab
2017-06-23T18:38:44Z DEBUG using ccache /tmp/krbcc9omA2g/ccache
2017-06-23T18:38:44Z DEBUG Attempt 1/1: success
2017-06-23T18:38:44Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-06-23T18:38:44Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-06-23T18:38:44Z INFO Waiting up to 300 seconds to see our keys appear on
host: None
2017-06-23T18:38:45Z DEBUG Transient error getting keys: '{'desc': "Can't
contact LDAP server"}'
2017-06-23T18:43:45Z DEBUG Destroyed connection context.ldap2_140135237350736
2017-06-23T18:43:45Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333,
in run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 366,
in run
self.validate()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 375,
in validate
for _nothing in self._validator():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434,
in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458,
in _handle_validate_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424,
in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421,
in
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81,
in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59,
in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 636,
in _configure
next(validator)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434,
in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 458,
in _handle_validate_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521,
in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453,
in _h
[Freeipa-devel] [freeipa PR#902][opened] Improving replica promotion tests
URL: https://github.com/freeipa/freeipa/pull/902 Author: felipevolpone Title: #902: Improving replica promotion tests Action: opened PR body: """ Adding two new test cases in replica promotion scenario: * Testing not interactive mode: Install client; kinit as admin; then ipa-replica-install (without prompting a password) * Testing interactive mode: only the admin password should be prompted https://pagure.io/freeipa/issue/6554 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/902/head:pr902 git checkout pr902 From 6695015bcc40fe18d80b453f3928e05fb100f865 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Mon, 3 Jul 2017 19:27:22 -0300 Subject: [PATCH] Improving replica promotion tests Adding two new test cases: * Testing not interactive mode: Install client; kinit as admin; then ipa-replica-install (without prompting a password) * Test interactive mode: only the admin password should be prompted https://pagure.io/freeipa/issue/6554 --- .../test_integration/test_replica_promotion.py | 34 ++ 1 file changed, 34 insertions(+) diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index bc52566f15..f2da3396e0 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -196,6 +196,40 @@ def test_one_command_installation(self): '-U']) +class TestReplicaPromotionLevel1Interactively(ReplicaPromotionBase): + +topology = 'star' +num_replicas = 1 +domain_level = DOMAIN_LEVEL_1 + +@replicas_cleanup +def test_replica_install_inserting_only_password(self): +replica = self.replicas[0] +tasks.install_client(self.master, replica) +tasks.kinit_admin(self.master) +self.replicas[0].run_command(['ipa-replica-install'], + stdin_text=self.master.config.admin_password) + + +class TestReplicaPromotionLevel1NotInteractive(ReplicaPromotionBase): + +topology = 'star' +num_replicas = 1 +domain_level = DOMAIN_LEVEL_1 + +@replicas_cleanup +def test_replica_install_not_interactive_mode(self): +replica = self.replicas[0] +tasks.install_client(self.master, replica) +tasks.kinit_admin(self.master) +self.replicas[0].run_command(['ipa-replica-install', '-w', + self.master.config.admin_password, + '-n', self.master.domain.name, + '-r', self.master.domain.realm, + '--server', self.master.hostname, + '-U']) + + @pytest.mark.xfail(reason="Ticket N 6274") class TestReplicaManageCommands(IntegrationTest): topology = "star" ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#903][opened] Warning the user when using a loopback IP as forwarder
URL: https://github.com/freeipa/freeipa/pull/903
Author: felipevolpone
Title: #903: Warning the user when using a loopback IP as forwarder
Action: opened
PR body:
"""
Now, the user can pass a loopback IP in the --forwarder option.
Previously, an error would be raised, now we just show a warning message.
Fixes: https://pagure.io/freeipa/issue/5801
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/903/head:pr903
git checkout pr903
From d47baf6ac41649fc241c0d1df00bdf3b2d2c33fb Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Wed, 5 Jul 2017 14:23:19 -0300
Subject: [PATCH] Warning the user when using a loopback IP as forwarder,
instead of raising error
Now, the user can pass a loopback IP in the --forwarder option.
Previously an error wuold be raised, now we just show a warning
message.
https://pagure.io/freeipa/issue/5801
---
ipapython/config.py | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/ipapython/config.py b/ipapython/config.py
index 19abfc51ee..71f19a1b2d 100644
--- a/ipapython/config.py
+++ b/ipapython/config.py
@@ -31,7 +31,7 @@
from six.moves.configparser import SafeConfigParser
from six.moves.urllib.parse import urlsplit
# pylint: enable=import-error
-
+from ipapython.ipa_log_manager import root_logger
from ipapython.dn import DN
try:
@@ -69,7 +69,12 @@ def check_ip_option(option, opt, value):
from ipapython.ipautil import CheckedIPAddress
try:
-return CheckedIPAddress(value)
+allow_loopback = False
+if opt == '--forwarder':
+allow_loopback = True
+root_logger.warning("You're using a loopback IP address {}".format(value))
+
+return CheckedIPAddress(value, allow_loopback=allow_loopback)
except Exception as e:
raise OptionValueError("option %s: invalid IP address %s: %s" % (opt, value, e))
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#906][opened] Adding section "Building FreeIPA from source" on README
URL: https://github.com/freeipa/freeipa/pull/906 Author: felipevolpone Title: #906: Adding section "Building FreeIPA from source" on README Action: opened PR body: """ Fixes: https://pagure.io/freeipa/issue/6725 Preview of it: https://github.com/felipevolpone/freeipa/tree/readme-6725#for-developers """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/906/head:pr906 git checkout pr906 From cdc40be82b7d50b7fa4fe9fa317af04bc43f5998 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Fri, 7 Jul 2017 11:06:23 -0300 Subject: [PATCH] Adding section "Building FreeIPA from source" on README https://pagure.io/freeipa/issue/6725 --- README.md | 6 ++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 9608453b60..8cf36897a6 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,12 @@ server project page at http://www.freeipa.org/ . The most up-to-date documentation can be found at http://freeipa.org/page/Documentation . +## For developers + +* Building FreeIPA from source +* Please, check http://www.freeipa.org/page/Build +* Please, check the BUILD.txt file at the root directory + ## Quick Start To get started quickly, start here: ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#781][closed] Warn in cert-request if CSR doesn't contain SAN
URL: https://github.com/freeipa/freeipa/pull/781 Author: felipevolpone Title: #781: Warn in cert-request if CSR doesn't contain SAN Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/781/head:pr781 git checkout pr781 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#923][opened] py3: fixing zonemgr_callback
URL: https://github.com/freeipa/freeipa/pull/923
Author: felipevolpone
Title: #923: py3: fixing zonemgr_callback
Action: opened
PR body:
"""
Previously, `zonemgr_callback` was expecting unicode, but getting bytes.
https://pagure.io/freeipa/issue/5990
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/923/head:pr923
git checkout pr923
From c30f1988a133ec8116433699ab988576a614e9a9 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Tue, 18 Jul 2017 14:55:43 -0300
Subject: [PATCH] py3: fixing zonemgr_callback
Previously, zonemgr_callback was expecting unicode,
but getting bytes.
https://pagure.io/freeipa/issue/5990
---
ipalib/util.py| 2 +-
ipaserver/install/bindinstance.py | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/ipalib/util.py b/ipalib/util.py
index 880d2bc218..16d90aee02 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -379,7 +379,7 @@ def validate_domain_name(domain_name, allow_underscore=False, allow_slash=False)
def validate_zonemgr(zonemgr):
assert isinstance(zonemgr, DNSName)
-if any('@' in label for label in zonemgr.labels):
+if any(b'@' in label for label in zonemgr.labels):
raise ValueError(_('too many \'@\' characters'))
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 12d4a01ab4..02a4208c66 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -423,7 +423,6 @@ def zonemgr_callback(option, opt_str, value, parser):
encoding = getattr(sys.stdin, 'encoding', None)
if encoding is None:
encoding = 'utf-8'
-value = value.decode(encoding)
validate_zonemgr_str(value)
except ValueError as e:
# FIXME we can do this in better way
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#933][opened] Checks if Directory Server is installed and running before installation
URL: https://github.com/freeipa/freeipa/pull/933
Author: felipevolpone
Title: #933: Checks if Directory Server is installed and running before
installation
Action: opened
PR body:
"""
In cases when IPA is installed in two steps (external CA), it's necessary to
check (in the second step) if Directory Server is running and if it's installed
before continue with the IPA installation.
Fixes: https://pagure.io/freeipa/issue/6611
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/933/head:pr933
git checkout pr933
From 96bee281ff579a5fca19750d9c89fa70f90705f4 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Wed, 26 Jul 2017 11:34:21 -0300
Subject: [PATCH] Checks if dirsrv is installed and running before ipa
installation
In cases when IPA is installed in two steps (external CA), it's
necessary to check (in the second step) if Dir. Server is
running before continue with the installation.
https://pagure.io/freeipa/issue/6611
---
ipaplatform/redhat/services.py | 4
ipaserver/install/server/install.py | 6 ++
2 files changed, 10 insertions(+)
diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index 546886464b..8840807fdf 100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -121,6 +121,10 @@ def tune_nofile_platform(self, num=8192, fstore=None):
return True
+def is_installed(self, instance_name):
+file_path = "{}/{}-{}".format(paths.ETC_DIRSRV, "slapd", instance_name)
+return os.path.exists(file_path)
+
def restart(self, instance_name="", capture_output=True, wait=True,
ldapi=False):
# We need to explicitly enable instances to install proper symlinks as
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 16e0b69d97..70d40b67df 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -336,6 +336,12 @@ def install_check(installer):
"Please uninstall it before configuring the IPA server, "
"using 'ipa-client-install --uninstall'")
+instance_name = "-".join(options.realm_name.split("."))
+if (is_ipa_configured() and
+ services.knownservices.dirsrv.is_installed(instance_name) and not
+ services.knownservices.dirsrv.is_running(instance_name)):
+raise ScriptError('Directory Server is not running')
+
fstore = sysrestore.FileStore(SYSRESTORE_DIR_PATH)
sstore = sysrestore.StateFile(SYSRESTORE_DIR_PATH)
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#937][opened] Configuring log handlers during the input parameters validation phase
URL: https://github.com/freeipa/freeipa/pull/937 Author: felipevolpone Title: #937: Configuring log handlers during the input parameters validation phase Action: opened PR body: """ Previously, a log handler would be configured only after all the input parameters be validated, as can be checked in `ipapython/admintool.py::AdminTool::main`. So, any call to `logger.[warning,info,error,debug]`, during that phase, doesn't work and it also raises an exception. Now, log handlers are setup before the input parameters validation phase. Fixes: https://pagure.io/freeipa/issue/7071 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/937/head:pr937 git checkout pr937 From 8981dacfbe398ccd2f622d44cc2854ad2b893287 Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Thu, 27 Jul 2017 09:20:25 -0300 Subject: [PATCH] Configuring log handlers during the input parameters validation phase Previously, a log handler would be configured only after all the input parameters be validated, as can be checked in ipapython/admintool.py::AdminTool::main. So, any call to logger.[warning,info,error,debug], during that phase, doesn't work and it also raises an exception. Now, log handlers are setup before the input parameters validation phase. https://pagure.io/freeipa/issue/7071 --- ipapython/admintool.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ipapython/admintool.py b/ipapython/admintool.py index 329e20f374..1ff5f3cf61 100644 --- a/ipapython/admintool.py +++ b/ipapython/admintool.py @@ -136,6 +136,8 @@ def main(cls, argv): :param argv: Command-line arguments. :return: Command exit code """ +standard_logging_setup(None, verbose=True) + if cls not in cls._option_parsers: # We use cls._option_parsers, a dictionary keyed on class, to check # if we need to create a parser. This is because cls.option_parser ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#939][opened] Changing how commands handles error when it can't connect to IPA server
URL: https://github.com/freeipa/freeipa/pull/939
Author: felipevolpone
Title: #939: Changing how commands handles error when it can't connect to IPA
server
Action: opened
PR body:
"""
Checking if env has the server attribute. If it doesn't, it means that an IPA
server was not configured.
https://pagure.io/freeipa/issue/6261
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/939/head:pr939
git checkout pr939
From 6efac348cdd4182d51d952d9b1bcf5b637c30890 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Thu, 27 Jul 2017 14:54:56 -0300
Subject: [PATCH] Changing how commands handles error when it can't connect to
IPA server
Checking if env has the server attribute. If it doesn't, it means
that a ipa server was not configured.
https://pagure.io/freeipa/issue/6261
---
ipalib/cli.py | 5 +
1 file changed, 5 insertions(+)
diff --git a/ipalib/cli.py b/ipalib/cli.py
index b1605c5ad3..93bd489e4f 100644
--- a/ipalib/cli.py
+++ b/ipalib/cli.py
@@ -1346,6 +1346,11 @@ def run(api):
error = None
try:
(_options, argv) = api.bootstrap_with_global_options(context='cli')
+
+if not hasattr(api.env, 'server'):
+logger.error('IPA is not configured on this system.')
+return
+
for klass in cli_plugins:
api.add_plugin(klass)
api.finalize()
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#950][opened] Changing idoverrideuser-* to treat objectClass case insensitively
URL: https://github.com/freeipa/freeipa/pull/950
Author: felipevolpone
Title: #950: Changing idoverrideuser-* to treat objectClass case insensitively
Action: opened
PR body:
"""
This is import to avoid problems when migrating from olders
versions of IPA and using idoverrideuser-* commands.
https://pagure.io/freeipa/issue/7074
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/950/head:pr950
git checkout pr950
From 9f292a9db412d58cbc5158edf0391bf209450188 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Tue, 1 Aug 2017 14:58:37 -0300
Subject: [PATCH] Changing idoverrideuser-* to treat objectClass case
insensitively
This is import to avoid problems when migrating from olders
versions of IPA and using idoverrideuser-* commands.
https://pagure.io/freeipa/issue/7074
---
ipaserver/plugins/idviews.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ipaserver/plugins/idviews.py b/ipaserver/plugins/idviews.py
index 263a35a840..74238cc406 100644
--- a/ipaserver/plugins/idviews.py
+++ b/ipaserver/plugins/idviews.py
@@ -547,7 +547,8 @@ def resolve_object_to_anchor(ldap, obj_type, obj, fallback_to_ldap):
'group': 'ipausergroup',
}[obj_type]
-if required_objectclass not in entry['objectclass']:
+if not api.Object[obj_type].has_objectclass(entry['objectclass'],
+required_objectclass):
raise errors.ValidationError(
name=_('IPA object'),
error=_('system IPA objects (e.g. system groups, user '
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#877][closed] LDAP ObjectClasses are case-insensitive
URL: https://github.com/freeipa/freeipa/pull/877 Author: seriv Title: #877: LDAP ObjectClasses are case-insensitive Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/877/head:pr877 git checkout pr877 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#969][opened] [ipa-4-5] Changing how commands handles error when it can't connect to IPA server
URL: https://github.com/freeipa/freeipa/pull/969
Author: felipevolpone
Title: #969: [ipa-4-5] Changing how commands handles error when it can't
connect to IPA server
Action: opened
PR body:
"""
Creating a method to check if ipa client is configured. Also, changing scripts
to use it instead of duplicating the check.
https://pagure.io/freeipa/issue/6261
Reviewed-By: Florence Blanc-Renaud
Backport of PR #939
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/969/head:pr969
git checkout pr969
From 3e9f367d3e49997246a0a7c9456b40921abeae97 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Fri, 4 Aug 2017 18:25:12 -0300
Subject: [PATCH] Changing how commands handles error when it can't connect to
IPA server
Creating a method to check if ipa client is configured. Also,
changing scripts to use it instead of duplicating the check.
https://pagure.io/freeipa/issue/6261
Reviewed-By: Florence Blanc-Renaud
---
client/ipa-client-automount | 9 +++--
ipaclient/install/ipa_certupdate.py | 7 ++-
ipalib/cli.py | 8
ipalib/util.py | 18 +++---
4 files changed, 32 insertions(+), 10 deletions(-)
diff --git a/client/ipa-client-automount b/client/ipa-client-automount
index 2b1d8b9a8c..b95f339b07 100755
--- a/client/ipa-client-automount
+++ b/client/ipa-client-automount
@@ -45,6 +45,7 @@ from ipaclient.install import ipachangeconf, ipadiscovery
from ipalib import api, errors
from ipalib.install import sysrestore
from ipalib.install.kinit import kinit_keytab
+from ipalib.util import check_client_configuration
from ipapython import ipautil
from ipapython.ipa_log_manager import root_logger, standard_logging_setup
from ipapython.dn import DN
@@ -52,6 +53,8 @@ from ipaplatform.constants import constants
from ipaplatform.tasks import tasks
from ipaplatform import services
from ipaplatform.paths import paths
+from ipapython.admintool import ScriptError
+
def parse_options():
usage = "%prog [options]\n"
@@ -367,11 +370,13 @@ def configure_nfs(fstore, statestore):
root_logger.error("Failed to enable automatic startup of the %s daemon: %s" % (rpcgssd.service_name, str(e)))
def main():
+try:
+check_client_configuration()
+except ScriptError as e:
+sys.exit(e)
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
-if not fstore.has_files() and not os.path.exists(paths.IPA_DEFAULT_CONF):
-sys.exit('IPA client is not configured on this system.\n')
options, _args = parse_options()
diff --git a/ipaclient/install/ipa_certupdate.py b/ipaclient/install/ipa_certupdate.py
index 93da8422b6..eeec953a47 100644
--- a/ipaclient/install/ipa_certupdate.py
+++ b/ipaclient/install/ipa_certupdate.py
@@ -33,6 +33,7 @@
from ipaplatform.tasks import tasks
from ipalib import api, errors, x509
from ipalib.constants import IPA_CA_NICKNAME, RENEWAL_CA_NAME
+from ipalib.util import check_client_configuration
class CertUpdate(admintool.AdminTool):
@@ -47,11 +48,7 @@ def validate_options(self):
super(CertUpdate, self).validate_options(needs_root=True)
def run(self):
-fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
-if (not fstore.has_files() and
-not os.path.exists(paths.IPA_DEFAULT_CONF)):
-raise admintool.ScriptError(
-"IPA client is not configured on this system.")
+check_client_configuration()
api.bootstrap(context='cli_installer', confdir=paths.ETC_IPA)
api.finalize()
diff --git a/ipalib/cli.py b/ipalib/cli.py
index 94b49717ba..d4fa7b75eb 100644
--- a/ipalib/cli.py
+++ b/ipalib/cli.py
@@ -54,7 +54,9 @@
from ipalib.parameters import File, Str, Enum, Any, Flag
from ipalib.text import _
from ipalib import api # pylint: disable=unused-import
+from ipalib.util import check_client_configuration
from ipapython.dnsutil import DNSName
+from ipapython.admintool import ScriptError
import datetime
@@ -1343,6 +1345,12 @@ def run(api):
error = None
try:
(_options, argv) = api.bootstrap_with_global_options(context='cli')
+
+try:
+check_client_configuration()
+except ScriptError as e:
+sys.exit(e)
+
for klass in cli_plugins:
api.add_plugin(klass)
api.finalize()
diff --git a/ipalib/util.py b/ipalib/util.py
index 31e73230da..6ee65498b4 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -54,12 +54,15 @@
TLS_VERSIONS, TLS_VERSION_MINIMAL, TLS_HIGH_CIPHERS
)
from ipalib.text import _
+# pylint: disable=ipa-forbidden-import
+from ipalib.install import sysrestore
+from ipaplatform.paths import paths
+# pylint: enable=ipa-forbidden-import
from ipapython.ssh import SSHPublicKey
from ipapython.dn import DN, RDN
-from ipapython.dnsutil import DNS
[Freeipa-devel] [freeipa PR#989][opened] Removing part of circular dependency of ipaplatformin ipalib
URL: https://github.com/freeipa/freeipa/pull/989 Author: felipevolpone Title: #989: Removing part of circular dependency of ipaplatformin ipalib Action: opened PR body: """ After commit cac3475a0454b730d6e5b2093c2e63d395acd387, ipa-backup is broken due to circular dependencies. This fixes it, removing circular dependency of ipalib. The ipalib.constants.IPAAPI_USER is now passed as parameter to the functions that use it. https://pagure.io/freeipa/issue/7108 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/989/head:pr989 git checkout pr989 From 6d4d51faf1c8afde6886c9d38f95ceaedb71328f Mon Sep 17 00:00:00 2001 From: Felipe Volpone Date: Fri, 18 Aug 2017 15:48:45 -0300 Subject: [PATCH] Removing part of circular dependency of ipaplatformin ipalib After commit cac3475, ipa-backup is broken due to circular dependencies. This fixes it, removing circular dependency of ipalib. The ipalib.constants.IPAAPI_USER is now passed as parameter to the functions that use it. https://pagure.io/freeipa/issue/7108 --- ipaplatform/base/tasks.py | 2 +- ipaplatform/redhat/tasks.py| 12 ipaserver/install/httpinstance.py | 3 ++- ipaserver/install/server/install.py| 6 +++--- ipaserver/install/server/replicainstall.py | 2 +- ipaserver/install/server/upgrade.py| 3 ++- 6 files changed, 13 insertions(+), 15 deletions(-) diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index 4175ea261a..e8766fdb81 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -204,7 +204,7 @@ def configure_tmpfiles(self): """Configure tmpfiles to be created at boot""" raise NotImplementedError() -def create_tmpfiles_dirs(self): +def create_tmpfiles_dirs(self, ipaapi_user): """Create run dirs for the install phase""" raise NotImplementedError() diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index d98f8c1691..3996c64be0 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -49,10 +49,6 @@ from ipaplatform.redhat.authconfig import RedHatAuthConfig from ipaplatform.base.tasks import BaseTaskNamespace -# pylint: disable=ipa-forbidden-import -from ipalib.constants import IPAAPI_USER -# pylint: enable=ipa-forbidden-import - logger = logging.getLogger(__name__) _ffi = FFI() @@ -455,7 +451,7 @@ def configure_httpd_service_ipa_conf(self): ipautil.run([paths.SYSTEMCTL, "--system", "daemon-reload"], raiseonerr=False) -def configure_http_gssproxy_conf(self): +def configure_http_gssproxy_conf(self, ipaapi_user): ipautil.copy_template_file( os.path.join(paths.USR_SHARE_IPA_DIR, 'gssproxy.conf.template'), paths.GSSPROXY_CONF, @@ -463,7 +459,7 @@ def configure_http_gssproxy_conf(self): HTTP_KEYTAB=paths.HTTP_KEYTAB, HTTP_CCACHE=paths.HTTP_CCACHE, HTTPD_USER=constants.HTTPD_USER, -IPAAPI_USER=IPAAPI_USER, +IPAAPI_USER=ipaapi_user, ) ) @@ -518,9 +514,9 @@ def _create_tmpfiles_dir(self, name, mode, uid, gid): os.chmod(name, mode) os.chown(name, uid, gid) -def create_tmpfiles_dirs(self): +def create_tmpfiles_dirs(self, ipaapi_user): parent = os.path.dirname(paths.IPA_CCACHES) -pent = pwd.getpwnam(IPAAPI_USER) +pent = pwd.getpwnam(ipaapi_user) self._create_tmpfiles_dir(parent, 0o711, 0, 0) self._create_tmpfiles_dir(paths.IPA_CCACHES, 0o770, pent.pw_uid, pent.pw_gid) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 0b67d6093c..b8afc41734 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -46,6 +46,7 @@ import ipapython.errors from ipaserver.install import sysupgrade from ipalib import api +from ipalib.constants import IPAAPI_USER from ipaplatform.constants import constants from ipaplatform.tasks import tasks from ipaplatform.paths import paths @@ -233,7 +234,7 @@ def __configure_http(self): os.chmod(target_fname, 0o644) def configure_gssproxy(self): -tasks.configure_http_gssproxy_conf() +tasks.configure_http_gssproxy_conf(IPAAPI_USER) services.knownservices.gssproxy.restart() def change_mod_nss_port_from_http(self): diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index a4e3d22b43..a946883946 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -24,7 +24,7 @@ from ipaplatform.paths import paths from ipaplatform.tasks import tasks from ipalib import api, errors, x509 -from ipalib.constants import DOMAIN_LEVEL_0 +from ipalib.constants import DOMAIN_LEVEL_0, IPAAPI_USER from ipalib.util import
[Freeipa-devel] [freeipa PR#1005][opened] Fixing how sssd.conf is updated when promoting a client to replica
URL: https://github.com/freeipa/freeipa/pull/1005
Author: felipevolpone
Title: #1005: Fixing how sssd.conf is updated when promoting a client to
replica
Action: opened
PR body:
"""
When promoting a client to a replica we have to change sssd.conf, deleting
_srv_ part from 'ipa_server' property and setting 'ipa_server_mode' to true.
Previously, the wrong domain could be updated since the ipa_domain variable was
not being used properly.
https://bugzilla.redhat.com/show_bug.cgi?id=1478251
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1005/head:pr1005
git checkout pr1005
From bdd656452ce90685ef5c837db067d2500c24d0e5 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Fri, 25 Aug 2017 15:19:21 -0300
Subject: [PATCH] Fixing how sssd.conf is updated when promoting a client to
replica
When promoting a client to a replica we have to change sssd.conf,
deleting _srv_ part from 'ipa_server' property and setting
'ipa_server_mode' to true.
Previously, the wrong domain could be updated since the ipa_domain
variable was not being used properly.
https://bugzilla.redhat.com/show_bug.cgi?id=1478251
---
ipaserver/install/server/replicainstall.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 6f3b2ace1b..50873c4bd8 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -448,9 +448,9 @@ def promote_sssd(host_name):
if ipa_domain is None:
raise RuntimeError("Couldn't find IPA domain in sssd.conf")
else:
-domain.set_option('ipa_server', host_name)
-domain.set_option('ipa_server_mode', True)
-sssdconfig.save_domain(domain)
+ipa_domain.set_option('ipa_server', host_name)
+ipa_domain.set_option('ipa_server_mode', True)
+sssdconfig.save_domain(ipa_domain)
sssdconfig.write()
sssd = services.service('sssd', api)
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1022][opened] Backport PR 989 to ipa-4-5
URL: https://github.com/freeipa/freeipa/pull/1022
Author: felipevolpone
Title: #1022: Backport PR 989 to ipa-4-5
Action: opened
PR body:
"""
This PR was opened automatically because PR #989 was pushed to master and
backport to ipa-4-5 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1022/head:pr1022
git checkout pr1022
From 3c0f36477fe45d695b48259a06b8d35c7e7fffe0 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Wed, 30 Aug 2017 14:13:38 -0300
Subject: [PATCH] Removing part of circular dependency of ipalib in ipaplaform
After commit cac3475, ipa-backup is broken due to circular
dependencies. This fixes it, removing circular dependency
of ipalib. The ipalib.constants.IPAAPI_USER is now passed
as parameter to the function that use it.
https://pagure.io/freeipa/issue/7108
---
ipaplatform/base/tasks.py | 2 +-
ipaplatform/redhat/tasks.py| 11 ---
ipaserver/install/httpinstance.py | 3 ++-
ipaserver/install/server/install.py| 6 +++---
ipaserver/install/server/replicainstall.py | 2 +-
ipaserver/install/server/upgrade.py| 3 ++-
6 files changed, 13 insertions(+), 14 deletions(-)
diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index 3358b7d257..1ec93e053f 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -203,7 +203,7 @@ def configure_tmpfiles(self):
"""Configure tmpfiles to be created at boot"""
raise NotImplementedError()
-def create_tmpfiles_dirs(self):
+def create_tmpfiles_dirs(self, ipaapi_user):
"""Create run dirs for the install phase"""
raise NotImplementedError()
diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 07efebab97..560f83d1c3 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -50,9 +50,6 @@
from ipaplatform.redhat.authconfig import RedHatAuthConfig
from ipaplatform.base.tasks import BaseTaskNamespace
-# pylint: disable=ipa-forbidden-import
-from ipalib.constants import IPAAPI_USER
-# pylint: enable=ipa-forbidden-import
_ffi = FFI()
_ffi.cdef("""
@@ -460,7 +457,7 @@ def configure_httpd_service_ipa_conf(self):
ipautil.run([paths.SYSTEMCTL, "--system", "daemon-reload"],
raiseonerr=False)
-def configure_http_gssproxy_conf(self):
+def configure_http_gssproxy_conf(self, ipaapi_user):
ipautil.copy_template_file(
os.path.join(paths.USR_SHARE_IPA_DIR, 'gssproxy.conf.template'),
paths.GSSPROXY_CONF,
@@ -468,7 +465,7 @@ def configure_http_gssproxy_conf(self):
HTTP_KEYTAB=paths.HTTP_KEYTAB,
HTTP_CCACHE=paths.HTTP_CCACHE,
HTTPD_USER=constants.HTTPD_USER,
-IPAAPI_USER=IPAAPI_USER,
+IPAAPI_USER=ipaapi_user,
)
)
@@ -523,9 +520,9 @@ def _create_tmpfiles_dir(self, name, mode, uid, gid):
os.chmod(name, mode)
os.chown(name, uid, gid)
-def create_tmpfiles_dirs(self):
+def create_tmpfiles_dirs(self, ipaapi_user):
parent = os.path.dirname(paths.IPA_CCACHES)
-pent = pwd.getpwnam(IPAAPI_USER)
+pent = pwd.getpwnam(ipaapi_user)
self._create_tmpfiles_dir(parent, 0o711, 0, 0)
self._create_tmpfiles_dir(paths.IPA_CCACHES, 0o770,
pent.pw_uid, pent.pw_gid)
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index f637b97db8..50a1069ce0 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -46,6 +46,7 @@
import ipapython.errors
from ipaserver.install import sysupgrade
from ipalib import api
+from ipalib.constants import IPAAPI_USER
from ipaplatform.constants import constants
from ipaplatform.tasks import tasks
from ipaplatform.paths import paths
@@ -238,7 +239,7 @@ def __configure_http(self):
os.chmod(target_fname, 0o644)
def configure_gssproxy(self):
-tasks.configure_http_gssproxy_conf()
+tasks.configure_http_gssproxy_conf(IPAAPI_USER)
services.knownservices.gssproxy.restart()
def change_mod_nss_port_from_http(self):
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index dced253e7f..97cbc6d8c8 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -24,7 +24,7 @@
from ipaplatform.paths import paths
from ipaplatform.tasks import tasks
from ipalib import api, errors, x509
-from ipalib.constants import DOMAIN_LEVEL_0
+from ipalib.constants import DOMAIN_LEVEL_0, IPAAPI_USER
from ipalib.util import (
validate_domain_name,
no_matching_interface_for_ip_address_warning,
@@ -721,7 +721,7 @@ def install(installer):
update_hosts_file(ip_addresses, host_name, fstore)
# Make sure tmpfiles dir exist before installing c
[Freeipa-devel] [freeipa PR#1033][opened] Fixing internal error in param-{find,show}
URL: https://github.com/freeipa/freeipa/pull/1033
Author: felipevolpone
Title: #1033: Fixing internal error in param-{find,show}
Action: opened
PR body:
"""
Fixing internal error in param-{find,show} with nonexistent object and showing
properly error message.
Since PR #1013 probably won't be updated anymore, I created this one with
previous work plus some additional changes.
https://pagure.io/freeipa/issue/7134
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1033/head:pr1033
git checkout pr1033
From 986b15d057e520d3e4fedb3c20fde8831ea6ee49 Mon Sep 17 00:00:00 2001
From: David Kupka
Date: Tue, 29 Aug 2017 16:49:36 +0200
Subject: [PATCH 1/2] schema: Fix internal error in param-{find,show} with
nonexistent object
---
ipaserver/plugins/schema.py | 26 +++---
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/ipaserver/plugins/schema.py b/ipaserver/plugins/schema.py
index 1dbbec5f03..2ed669ded1 100644
--- a/ipaserver/plugins/schema.py
+++ b/ipaserver/plugins/schema.py
@@ -624,16 +624,25 @@ def _get_obj(self, metaobj_param, **kwargs):
return obj
def _retrieve(self, metaobjectfull_name, name, **kwargs):
+found = False
try:
metaobj = self.api.Command[metaobjectfull_name]
plugin = self.api.Object['command']
except KeyError:
-metaobj = self.api.Object[metaobjectfull_name]
-plugin = self.api.Object['class']
+try:
+metaobj = self.api.Object[metaobjectfull_name]
+plugin = self.api.Object['class']
+except KeyError:
+pass
+else:
+found = True
+else:
+found = True
-for param in plugin._iter_params(metaobj):
-if param.name == name:
-return metaobj, param
+if found:
+for param in plugin._iter_params(metaobj):
+if param.name == name:
+return metaobj, param
raise errors.NotFound(
reason=_("%(pkey)s: %(oname)s not found") % {
@@ -646,8 +655,11 @@ def _search(self, metaobjectfull_name, **kwargs):
metaobj = self.api.Command[metaobjectfull_name]
plugin = self.api.Object['command']
except KeyError:
-metaobj = self.api.Object[metaobjectfull_name]
-plugin = self.api.Object['class']
+try:
+metaobj = self.api.Object[metaobjectfull_name]
+plugin = self.api.Object['class']
+except KeyError:
+return tuple()
return ((metaobj, param) for param in plugin._iter_params(metaobj))
From 4699d07164d978d22aa1eb26af4d2d37a93636cf Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Fri, 1 Sep 2017 13:44:08 -0300
Subject: [PATCH 2/2] Show error properly when name or full name are not valid
---
ipaserver/plugins/schema.py | 21 -
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/ipaserver/plugins/schema.py b/ipaserver/plugins/schema.py
index 2ed669ded1..f77418fe75 100644
--- a/ipaserver/plugins/schema.py
+++ b/ipaserver/plugins/schema.py
@@ -625,18 +625,21 @@ def _get_obj(self, metaobj_param, **kwargs):
def _retrieve(self, metaobjectfull_name, name, **kwargs):
found = False
+
try:
metaobj = self.api.Command[metaobjectfull_name]
-plugin = self.api.Object['command']
except KeyError:
-try:
-metaobj = self.api.Object[metaobjectfull_name]
-plugin = self.api.Object['class']
-except KeyError:
-pass
-else:
-found = True
-else:
+raise errors.NotFound(
+reason=_("%(metaobject)s: %(oname)s not found") % {
+'metaobject': metaobjectfull_name, 'oname': self.name,
+}
+)
+
+if 'command' in self.api.Object:
+plugin = self.api.Object['command']
+found = True
+elif 'class' in self.api.Object:
+plugin = self.api.Object['class']
found = True
if found:
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1036][opened] Fixing tox and pylint errors
URL: https://github.com/freeipa/freeipa/pull/1036 Author: felipevolpone Title: #1036: Fixing tox and pylint errors Action: opened PR body: """ Fixing import errors introduced by commit cac3475a0454b730d6e5b2093c2e63d395acd387. https://pagure.io/freeipa/issue/7132 Output of tox commands: tox -e py27 ``` fbarreto@freeipa (fix-tox-imports) tox -e py27 py27 recreate: /home/fbarreto/projects/freeipa/.tox/py27 py27 installdeps: ipaclient[csrgen], ipatests py27 installed: asn1crypto==0.22.0,cffi==1.10.0,cryptography==2.0.3,decorator==4.1.2,dnspython==1.15.0,enum34==1.1.6,gssapi==1.2.0,idna==2.6,ipaclient==4.6.90.dev201709041448+gitac6e4cb61,ipaddress==1.0.18,ipalib==4.6.90.dev201709041448+gitac6e4cb61,ipapython==4.6.90.dev201709041448+gitac6e4cb61,ipatests==4.6.90.dev201709041448+gitac6e4cb61,Jinja2==2.9.6,MarkupSafe==1.0,netaddr==0.7.19,netifaces==0.10.6,nose==1.3.7,polib==1.0.8,py==1.4.34,pyasn1==0.3.3,pyasn1-modules==0.1.1,pycparser==2.18,pytest==3.2.1,pytest-multihost==1.1.1,python-ldap==2.4.42,qrcode==5.3,six==1.10.0 py27 runtests: PYTHONHASHSEED='3471542700' py27 runtests: commands[0] | /home/fbarreto/projects/freeipa/.tox/py27/bin/ipa --help Usage: ipa [global-options] COMMAND [command-options] Manage an IPA domain Options: --version show program's version number and exit -h, --help Show this help message and exit -e KEY=VAL Set environment variable KEY to VAL -c FILELoad configuration from FILE. -d, --debugProduce full debuging output --delegate Delegate the TGT to the IPA server -v, --verbose Produce more verbose output. A second -v displays the XML-RPC request -a, --prompt-all Prompt for ALL values (even if optional) -n, --no-promptPrompt for NO values (even if required) -f, --no-fallback Only use the server configured in /etc/ipa/default.conf See "ipa help topics" for available help topics. See "ipa help " for more information on a specific topic. See "ipa help commands" for the full list of commands. See "ipa --help" for more information on a specific command. py27 runtests: commands[1] | /home/fbarreto/projects/freeipa/.tox/py27/bin/python -bb /home/fbarreto/projects/freeipa/.tox/py27/bin/ipa-run-tests --ipaclient-unittests == test session starts == platform linux2 -- Python 2.7.13, pytest-3.2.1, py-1.4.34, pluggy-0.4.0 rootdir: /home/fbarreto/projects/freeipa/.tox/py27/lib/python2.7/site-packages/ipatests, inifile: plugins: multihost-1.1.1 collected 451 items / 285 skipped test_util.py util.py .. test_ipaclient/test_csrgen.py . test_ipalib/test_aci.py ... test_ipalib/test_backend.py test_ipalib/test_base.py ... test_ipalib/test_capabilities.py . test_ipalib/test_cli.py ... test_ipalib/test_config.py ... test_ipalib/test_crud.py ... test_ipalib/test_errors.py ... test_ipalib/test_frontend.py test_ipalib/test_messages.py test_ipalib/test_output.py ... test_ipalib/test_parameters.py . test_ipalib/test_plugable.py test_ipalib/test_rpc.py .. test_ipalib/test_text.py . test_ipalib/test_x509.py ... test_ipapython/test_cookie.py test_ipapython/test_dn.py test_ipapython/test_ipautil.py .. test_ipapython/test_ipavalidate.py .. test_ipapython/test_kerberos.py .. test_ipapython/test_keyring.py .. test_ipapython/test_session_storage.py sss test_ipapython/test_ssh.py ... test_pkcs10/test_pkcs10.py . === 440 passed, 296 skipped in 14.63 seconds summary py27: commands succeeded congratulations :) ``` tox -e pylint2 ``` fbarreto@freeipa (fix-tox-imports) tox -e pylint2 pylint2 recreate: /home/fbarreto/projects/freeipa/.tox/pylint2 pylint2 installdeps: ipaclient[csrgen,otptoken_yubikey], pylint pylint2 installed: asn1crypto==0.22.0,astroid==1.4.9,backports.functools-lru-cache==1.4,cffi==1.10.0,configparser==3.5.0,cryptography==2.0.3,decorator==4.1.2,dnspython==1.15.0,enum34==1.1.6,gssapi==1.2.0,idna==2.6,ipaclient==4.6.90.dev201709041448+gitac6e4cb61,ipaddress==1.0.18,ipalib==4.6.90.dev201709041448+gitac6e4cb61,ipapython==4.6.90.dev201709041448+gitac6e4cb61,isort==4.2.15,Jinja2==2.9.6,lazy-object-proxy==1.3.1,MarkupSafe==1.0,mccabe==0.6.1,netaddr==0.7.19,netifaces==0.10.6,pyasn1==0.3.3,pyasn1-modules==0.1.1,pycparser==2.18,pylint==1.6.5,python-ldap==2.4.42,python-yubico==1.3.2,pyusb==1.0.0,qrcode==5.3,six==1.10.0,wrapt==1.10.11 pyl
[Freeipa-devel] [freeipa PR#1073][opened] Testing a new vagrant box for PR CI using f26 to ipa-4-5
URL: https://github.com/freeipa/freeipa/pull/1073
Author: felipevolpone
Title: #1073: Testing a new vagrant box for PR CI using f26 to ipa-4-5
Action: opened
PR body:
"""
Using PR CI triggers to test if the new vagrant box will work properly.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1073/head:pr1073
git checkout pr1073
From 594e049ab6b37794cc3dc7d14460a6a5eab9e964 Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Wed, 13 Sep 2017 08:46:06 -0300
Subject: [PATCH] Use f26 template for ipa-4-5
---
.freeipa-pr-ci.yaml | 22 +++---
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index f808714d53..647bdcd4f7 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -1,5 +1,5 @@
jobs:
- fedora-25/build:
+ fedora-26/build:
requires: []
priority: 100
job:
@@ -7,28 +7,28 @@ jobs:
args:
git_repo: '{git_repo}'
git_refspec: '{git_refspec}'
-template: &ci-ipa-4-5-f25
- name: freeipa/ci-ipa-4-5-f25
+template: &ci-ipa-4-5-f26
+ name: felipevolpone/ci-ipa-4-5-f26
version: 0.1.2
timeout: 1800
- fedora-25/simple_replication:
-requires: [fedora-25/build]
+ fedora-26/simple_replication:
+requires: [fedora-26/build]
priority: 50
job:
class: RunPytest
args:
-build_url: '{fedora-25/build_url}'
+build_url: '{fedora-26/build_url}'
test_suite: test_integration/test_simple_replication.py
-template: *ci-ipa-4-5-f25
+template: *ci-ipa-4-5-f26
timeout: 3600
- fedora-25/caless:
-requires: [fedora-25/build]
+ fedora-26/caless:
+requires: [fedora-26/build]
priority: 50
job:
class: RunPytest
args:
-build_url: '{fedora-25/build_url}'
+build_url: '{fedora-26/build_url}'
test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
-template: *ci-ipa-4-5-f25
+template: *ci-ipa-4-5-f26
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1075][opened] [backport][ipa-4-5] Fixing how sssd.conf is updated when promoting a client to replica
URL: https://github.com/freeipa/freeipa/pull/1075
Author: felipevolpone
Title: #1075: [backport][ipa-4-5] Fixing how sssd.conf is updated when
promoting a client to replica
Action: opened
PR body:
"""
When promoting a client to a replica we have to change sssd.conf,
deleting _srv_ part from 'ipa_server' property and setting 'ipa_server_mode' to
true.
Previously, the wrong domain could be updated since the ipa_domain variable was
not being used properly.
https://pagure.io/freeipa/issue/7127
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1075/head:pr1075
git checkout pr1075
From 59ab4c63d4ee1f29953a12f6c0d2f49d075b993f Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Wed, 13 Sep 2017 09:26:41 -0300
Subject: [PATCH] Fixing how sssd.conf is updated when promoting a client to
replica
When promoting a client to a replica we have to change sssd.conf,
deleting _srv_ part from 'ipa_server' property and setting
'ipa_server_mode' to true.
Previously, the wrong domain could be updated since the ipa_domain
variable was not being used properly.
https://pagure.io/freeipa/issue/7127
---
ipaserver/install/server/replicainstall.py | 27 ---
ipaserver/install/server/upgrade.py| 4
2 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index ca5b7e02ac..6aa1157133 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -432,30 +432,27 @@ def promote_sssd(host_name):
sssdconfig.import_config()
domains = sssdconfig.list_active_domains()
-ipa_domain = None
-
for name in domains:
domain = sssdconfig.get_domain(name)
try:
hostname = domain.get_option('ipa_hostname')
if hostname == host_name:
-ipa_domain = domain
+break
except SSSDConfig.NoOptionError:
continue
-
-if ipa_domain is None:
-raise RuntimeError("Couldn't find IPA domain in sssd.conf")
else:
-domain.set_option('ipa_server', host_name)
-domain.set_option('ipa_server_mode', True)
-sssdconfig.save_domain(domain)
-sssdconfig.write()
+raise RuntimeError("Couldn't find IPA domain in sssd.conf")
-sssd = services.service('sssd', api)
-try:
-sssd.restart()
-except CalledProcessError:
-root_logger.warning("SSSD service restart was unsuccessful.")
+domain.set_option('ipa_server', host_name)
+domain.set_option('ipa_server_mode', True)
+sssdconfig.save_domain(domain)
+sssdconfig.write()
+
+sssd = services.service('sssd', api)
+try:
+sssd.restart()
+except CalledProcessError:
+root_logger.warning("SSSD service restart was unsuccessful.")
def promote_openldap_conf(hostname, master):
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index abbfa393d6..893e29b3f3 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1817,11 +1817,15 @@ def upgrade_configuration():
cainstance.ensure_ipa_authority_entry()
set_sssd_domain_option('ipa_server_mode', 'True')
+set_sssd_domain_option('ipa_server', api.env.host)
sssdconfig = SSSDConfig.SSSDConfig()
sssdconfig.import_config()
sssd_enable_service(sssdconfig, 'ifp')
+sssd = services.service('sssd', api)
+sssd.restart()
+
krb = krbinstance.KrbInstance(fstore)
krb.fqdn = fqdn
krb.realm = api.env.realm
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1076][opened] [backport][ipa-4-5] Changing idoverrideuser-* to treat objectClass case insensitively
URL: https://github.com/freeipa/freeipa/pull/1076
Author: felipevolpone
Title: #1076: [backport][ipa-4-5] Changing idoverrideuser-* to treat
objectClass case insensitively
Action: opened
PR body:
"""
This is import to avoid problems when migrating from olders
versions of IPA and using idoverrideuser-* commands.
https://pagure.io/freeipa/issue/7074
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1076/head:pr1076
git checkout pr1076
From 3bbfc46a7df270071db5064c5097f9ef1700854d Mon Sep 17 00:00:00 2001
From: Felipe Volpone
Date: Mon, 4 Sep 2017 09:12:06 -0300
Subject: [PATCH] Changing idoverrideuser-* to treat objectClass case
insensitively
This is import to avoid problems when migrating from olders
versions of IPA and using idoverrideuser-* commands.
https://pagure.io/freeipa/issue/7074
---
ipaserver/plugins/idviews.py | 11 +--
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/ipaserver/plugins/idviews.py b/ipaserver/plugins/idviews.py
index b5ee32cf13..a55c20bbf2 100644
--- a/ipaserver/plugins/idviews.py
+++ b/ipaserver/plugins/idviews.py
@@ -543,7 +543,8 @@ def resolve_object_to_anchor(ldap, obj_type, obj, fallback_to_ldap):
'group': 'ipausergroup',
}[obj_type]
-if required_objectclass not in entry['objectclass']:
+if not api.Object[obj_type].has_objectclass(entry['objectclass'],
+required_objectclass):
raise errors.ValidationError(
name=_('IPA object'),
error=_('system IPA objects (e.g system groups, user '
@@ -786,12 +787,10 @@ def pre_callback(self, ldap, dn, *keys, **options):
except errors.NotFound:
self.obj.handle_not_found(*keys)
-required_object_classes = set(self.obj.object_class)
-actual_object_classes = set(entry['objectclass'])
-
# If not, treat it as a failed search
-if not required_object_classes.issubset(actual_object_classes):
-self.obj.handle_not_found(*keys)
+for required_oc in self.obj.object_class:
+if not self.obj.has_objectclass(entry['objectclass'], required_oc):
+self.obj.handle_not_found(*keys)
return dn
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1117][opened] Testing ipatests with py3 and new template
URL: https://github.com/freeipa/freeipa/pull/1117
Author: felipevolpone
Title: #1117: Testing ipatests with py3 and new template
Action: opened
PR body:
"""
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1117/head:pr1117
git checkout pr1117
From ee96a488edef5e0e76182f3551e1a1a9b9db3174 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Thu, 28 Sep 2017 15:29:41 -0300
Subject: [PATCH] Testing ipatests with py3 and new template
---
.freeipa-pr-ci.yaml | 2 +-
freeipa.spec.in | 13 -
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index de5d959e33..38ceda6ef7 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -9,7 +9,7 @@ jobs:
git_refspec: '{git_refspec}'
template: &ci-master-f26
name: freeipa/ci-master-f26
- version: 0.1.3
+ version: 0.1.4
timeout: 1800
fedora-26/simple_replication:
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 6d992ba151..852e94ccdd 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -1027,10 +1027,21 @@ mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{p
ln -s %{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests-2
ln -s %{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config-2
ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task-2
-# test framework defaults to Python 2
+%endif # with_ipatests
+
+# Decide which Python (2 or 3) should be used as default for tests
+%if 0%{?with_ipatests}
+%if 0%{?with_python3}
+# Building with python3 => make it default for tests
+ln -s %{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests
+ln -s %{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config
+ln -s %{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task
+%else
+# Building python2 only => make it default for tests
ln -s %{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests
ln -s %{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config
ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task
++%endif # with_python3
%endif # with_ipatests
# remove files which are useful only for make uninstall
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1117][closed] Testing ipatests with py3
URL: https://github.com/freeipa/freeipa/pull/1117 Author: felipevolpone Title: #1117: Testing ipatests with py3 Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1117/head:pr1117 git checkout pr1117 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1125][opened] Check if replica-s4u2proxy.ldif should be applied
URL: https://github.com/freeipa/freeipa/pull/1125
Author: felipevolpone
Title: #1125: Check if replica-s4u2proxy.ldif should be applied
Action: opened
PR body:
"""
Now, before applying replica-s3u2proxy.ldif, we check if the values are already
there. The values can be
there, if a replica installation was done in the past and some info was left
behind.
https://pagure.io/freeipa/issue/7174
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1125/head:pr1125
git checkout pr1125
From cc6aa7ef270176279501cce0e7bd297117ba6ec3 Mon Sep 17 00:00:00 2001
From: Felipe Barreto
Date: Tue, 3 Oct 2017 15:18:42 -0300
Subject: [PATCH] Checks if replica-s4u2proxy.ldif should be applied
Now, before applying replica-s3u2proxy.ldif, we check
if the values are already there. The values can be
there if a replica installation was done in the past
and some info was left behind.
https://pagure.io/freeipa/issue/7174
---
ipaserver/install/dsinstance.py | 18 ++
1 file changed, 18 insertions(+)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 4ec6ceed5a..d5b043e4f0 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -935,6 +935,24 @@ def __add_replication_acis(self):
self._ldap_mod("replica-acis.ldif", self.sub_dict)
def __setup_s4u2proxy(self):
+http_dn = DN(('cn', 'ipa-http-delegation'), ('cn', 's4u2proxy'),
+ ('cn', 'etc'), self.suffix)
+
+ldap_dn = DN(('cn', 'ipa-ldap-delegation-targets'),
+ ('cn', 's4u2proxy'), ('cn', 'etc'), self.suffix)
+
+mp_http = 'HTTP/{fqdn}@{realm}'.format(fqdn=self.fqdn,
+ realm=self.realm)
+mp_ldap = 'ldap/{fqdn}@{realm}'.format(fqdn=self.fqdn,
+ realm=self.realm)
+
+entry_http = api.Backend.ldap2.get_entry(http_dn, ['memberPrincipal'])
+entry_ldap = api.Backend.ldap2.get_entry(ldap_dn, ['memberPrincipal'])
+
+if (mp_http in entry_http['memberPrincipal']
+ and mp_ldap in entry_ldap['memberPrincipal']):
+return
+
self._ldap_mod("replica-s4u2proxy.ldif", self.sub_dict)
def __create_indices(self):
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1162][closed] kra-install: better warning message
URL: https://github.com/freeipa/freeipa/pull/1162 Author: akokshar Title: #1162: kra-install: better warning message Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1162/head:pr1162 git checkout pr1162 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1165][opened] [Backport][ipa-4-5] kra-install: better warning message
URL: https://github.com/freeipa/freeipa/pull/1165
Author: felipevolpone
Title: #1165: [Backport][ipa-4-5] kra-install: better warning message
Action: opened
PR body:
"""
This PR was opened automatically because PR #1162 was pushed to master and
backport to ipa-4-5 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1165/head:pr1165
git checkout pr1165
From f82f77b3a0c13059652f1b856a0f99b6860830c5 Mon Sep 17 00:00:00 2001
From: Alexander Koksharov
Date: Tue, 17 Oct 2017 12:29:43 +0200
Subject: [PATCH] kra-install: better warning message
User would like to see CA installation command in KRA installation
warning message.
This makes warning message similar to other installer messages where it
does suggests a command to run.
https://pagure.io/freeipa/issue/6952
---
ipaserver/install/ipa_kra_install.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
index 8369d2f408..3e08f4da94 100644
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -147,7 +147,8 @@ def run(self):
if not cainstance.is_ca_installed_locally():
raise RuntimeError("Dogtag CA is not installed. "
- "Please install the CA first")
+ "Please install a CA first with the "
+ "`ipa-ca-install` command.")
# check if KRA is not already installed
_kra = krainstance.KRAInstance(api)
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1166][opened] [Backport][ipa-4-6] kra-install: better warning message
URL: https://github.com/freeipa/freeipa/pull/1166
Author: felipevolpone
Title: #1166: [Backport][ipa-4-6] kra-install: better warning message
Action: opened
PR body:
"""
This PR was opened automatically because PR #1162 was pushed to master and
backport to ipa-4-6 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1166/head:pr1166
git checkout pr1166
From 10b30031a0b69514d1de8841886c0c919010172d Mon Sep 17 00:00:00 2001
From: Alexander Koksharov
Date: Tue, 17 Oct 2017 12:29:43 +0200
Subject: [PATCH] kra-install: better warning message
User would like to see CA installation command in KRA installation
warning message.
This makes warning message similar to other installer messages where it
does suggests a command to run.
https://pagure.io/freeipa/issue/6952
---
ipaserver/install/ipa_kra_install.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
index 4125c32715..4e5533b67c 100644
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -150,7 +150,8 @@ def run(self):
if not cainstance.is_ca_installed_locally():
raise RuntimeError("Dogtag CA is not installed. "
- "Please install the CA first")
+ "Please install a CA first with the "
+ "`ipa-ca-install` command.")
# check if KRA is not already installed
_kra = krainstance.KRAInstance(api)
___
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1165][closed] [Backport][ipa-4-5] kra-install: better warning message
URL: https://github.com/freeipa/freeipa/pull/1165 Author: felipevolpone Title: #1165: [Backport][ipa-4-5] kra-install: better warning message Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1165/head:pr1165 git checkout pr1165 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1166][closed] [Backport][ipa-4-6] kra-install: better warning message
URL: https://github.com/freeipa/freeipa/pull/1166 Author: felipevolpone Title: #1166: [Backport][ipa-4-6] kra-install: better warning message Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1166/head:pr1166 git checkout pr1166 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1217][closed] [Backport][ipa-4-5] Include the CA basic constraint in CSRs when renewing a CA
URL: https://github.com/freeipa/freeipa/pull/1217 Author: pvoborni Title: #1217: [Backport][ipa-4-5] Include the CA basic constraint in CSRs when renewing a CA Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1217/head:pr1217 git checkout pr1217 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1234][opened] Fix log capture when running pytests_multihosts commands
URL: https://github.com/freeipa/freeipa/pull/1234 Author: felipevolpone Title: #1234: Fix log capture when running pytests_multihosts commands Action: opened PR body: """ The pytests_plugins/integration/config.py::Config class provides the get_logger method in order to customize the default log of the plugin. Previously, before commit 07229c8ff9ba87b7d6599c3ec0d362ef2be4, the code was using ipa_log_manager, a custom log solution. After moving to use the default python way, the log is not configured anymore. This PR address it changing the level to DEBUG in order to capture the output of pytest_multihosts commands. As an example, when running `ipa-server-install`, you will be able to see an output like this: ``` [[...].Host.master.cmd2] Checking DNS domain ipa.test, please wait ... [[...].Host.master.cmd2] [[...].Host.master.cmd2] The log file for this installation can be found in /var/log/ipaserver-install.log [[...].Host.master.cmd2] == [[...].Host.master.cmd2] This program will set up the FreeIPA Server. [[...].Host.master.cmd2] [[...].Host.master.cmd2] This includes: [[...].Host.master.cmd2] * Configure a stand-alone CA (dogtag) for certificate management [[...].Host.master.cmd2] * Configure the Network Time Daemon (ntpd) [[...].Host.master.cmd2] * Create and configure an instance of Directory Server [[...].Host.master.cmd2] * Create and configure a Kerberos Key Distribution Center (KDC) ``` Fixes: https://pagure.io/freeipa/issue/7186 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1234/head:pr1234 git checkout pr1234 From 7ee2ef6586e9e1e2191fc2eb20f9e0e4b0296d5e Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 6 Nov 2017 10:06:33 -0200 Subject: [PATCH] Fix log capture when running pytests_multihosts commands The pytests_plugins/integration/config.py::Config class provides the get_logger method in order to customize the default log of the plugin. Previously, before commit 07229c8ff9ba87b7d6599c3ec0d362ef2be4, the code was using ipa_log_manager, a custom log solution. After moving to use the default python way, the log is not configured anymore. This PR address it changing the level to DEBUG in order to capture the output of pytest_multihosts commands. As an example, when running `ipa-server-install`, you will be able to see an output like this: ``` [[...].Host.master.cmd2] Checking DNS domain ipa.test, please wait ... [[...].Host.master.cmd2] [[...].Host.master.cmd2] The log file for this installation can be found in /var/log/ipaserver-install.log [[...].Host.master.cmd2] == [[...].Host.master.cmd2] This program will set up the FreeIPA Server. [[...].Host.master.cmd2] [[...].Host.master.cmd2] This includes: [[...].Host.master.cmd2] * Configure a stand-alone CA (dogtag) for certificate management [[...].Host.master.cmd2] * Configure the Network Time Daemon (ntpd) [[...].Host.master.cmd2] * Create and configure an instance of Directory Server [[...].Host.master.cmd2] * Create and configure a Kerberos Key Distribution Center (KDC) ``` Fixes: https://pagure.io/freeipa/issue/7186 --- ipatests/pytest_plugins/integration/config.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ipatests/pytest_plugins/integration/config.py b/ipatests/pytest_plugins/integration/config.py index 78fc81d797..734a2d92f1 100644 --- a/ipatests/pytest_plugins/integration/config.py +++ b/ipatests/pytest_plugins/integration/config.py @@ -71,7 +71,9 @@ def get_domain_class(self): return Domain def get_logger(self, name): -return logging.getLogger(name) +logger = logging.getLogger(name) +logger.setLevel(logging.DEBUG) +return logger @property def ad_domains(self): ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1240][opened] Removing replica-s4u2proxy.ldif since it's not used anymore
URL: https://github.com/freeipa/freeipa/pull/1240 Author: felipevolpone Title: #1240: Removing replica-s4u2proxy.ldif since it's not used anymore Action: opened PR body: """ Since commit 23a0453c4d33271376b2156f2e2b484e8b9708c9, the replica-s4u2proxy.ldif file it's not used anymore. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1240/head:pr1240 git checkout pr1240 From 537cfa7380aeb2af0575355447652e1df8a4e2b5 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 6 Nov 2017 14:12:49 -0200 Subject: [PATCH] Removing replica-s4u2proxy.ldif since it's not used anymore Since commit 23a0453c4d33271376b2156f2e2b484e8b9708c9, the replica-s4u2proxy.ldif file it's not used anymore. --- install/share/Makefile.am| 1 - install/share/replica-s4u2proxy.ldif | 14 -- 2 files changed, 15 deletions(-) delete mode 100644 install/share/replica-s4u2proxy.ldif diff --git a/install/share/Makefile.am b/install/share/Makefile.am index e044b328f6..b1285854ea 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -79,7 +79,6 @@ dist_app_DATA =\ sudobind.ldif \ automember.ldif \ replica-automember.ldif \ - replica-s4u2proxy.ldif \ sasl-mapping-fallback.ldif \ schema-update.ldif \ vault.ldif \ diff --git a/install/share/replica-s4u2proxy.ldif b/install/share/replica-s4u2proxy.ldif deleted file mode 100644 index c7ced5ee29..00 --- a/install/share/replica-s4u2proxy.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX -changetype: modify -add: memberPrincipal -memberPrincipal: HTTP/$FQDN@$REALM - -# ipa-cifs-delegation-targets needs to be an ipaAllowedTarget for HTTP -# delegation but we don't add it here as an LDIF because this entry may -# already exist from another replica, or previous install. If it is missing -# then it will be caught by the update file 61-trusts-s4u2proxy.update - -dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX -changetype: modify -add: memberPrincipal -memberPrincipal: ldap/$FQDN@$REALM ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1240][closed] Removing replica-s4u2proxy.ldif since it's not used anymore
URL: https://github.com/freeipa/freeipa/pull/1240 Author: felipevolpone Title: #1240: Removing replica-s4u2proxy.ldif since it's not used anymore Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1240/head:pr1240 git checkout pr1240 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1263][opened] [Backport][ipa-4-5] Removing replica-s4u2proxy.ldif since it's not used anymore
URL: https://github.com/freeipa/freeipa/pull/1263 Author: felipevolpone Title: #1263: [Backport][ipa-4-5] Removing replica-s4u2proxy.ldif since it's not used anymore Action: opened PR body: """ This PR was opened automatically because PR #1240 was pushed to master and backport to ipa-4-5 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1263/head:pr1263 git checkout pr1263 From cf0ae99a28086f012e2096c48367c21668b055ab Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 6 Nov 2017 14:12:49 -0200 Subject: [PATCH] Removing replica-s4u2proxy.ldif since it's not used anymore Since commit 23a0453c4d33271376b2156f2e2b484e8b9708c9, the replica-s4u2proxy.ldif file it's not used anymore. https://pagure.io/freeipa/issue/7174 --- install/share/Makefile.am| 1 - install/share/replica-s4u2proxy.ldif | 14 -- 2 files changed, 15 deletions(-) delete mode 100644 install/share/replica-s4u2proxy.ldif diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 46b3d77663..544bff9c59 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -80,7 +80,6 @@ dist_app_DATA =\ sudobind.ldif \ automember.ldif \ replica-automember.ldif \ - replica-s4u2proxy.ldif \ sasl-mapping-fallback.ldif \ schema-update.ldif \ vault.ldif \ diff --git a/install/share/replica-s4u2proxy.ldif b/install/share/replica-s4u2proxy.ldif deleted file mode 100644 index c7ced5ee29..00 --- a/install/share/replica-s4u2proxy.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX -changetype: modify -add: memberPrincipal -memberPrincipal: HTTP/$FQDN@$REALM - -# ipa-cifs-delegation-targets needs to be an ipaAllowedTarget for HTTP -# delegation but we don't add it here as an LDIF because this entry may -# already exist from another replica, or previous install. If it is missing -# then it will be caught by the update file 61-trusts-s4u2proxy.update - -dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX -changetype: modify -add: memberPrincipal -memberPrincipal: ldap/$FQDN@$REALM ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#1264][opened] [Backport][ipa-4-6] Removing replica-s4u2proxy.ldif since it's not used anymore
URL: https://github.com/freeipa/freeipa/pull/1264 Author: felipevolpone Title: #1264: [Backport][ipa-4-6] Removing replica-s4u2proxy.ldif since it's not used anymore Action: opened PR body: """ This PR was opened automatically because PR #1240 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1264/head:pr1264 git checkout pr1264 From c649a771af26a4f7b8cf549455a27fe6bc99c037 Mon Sep 17 00:00:00 2001 From: Felipe Barreto Date: Mon, 6 Nov 2017 14:12:49 -0200 Subject: [PATCH] Removing replica-s4u2proxy.ldif since it's not used anymore Since commit 23a0453c4d33271376b2156f2e2b484e8b9708c9, the replica-s4u2proxy.ldif file it's not used anymore. https://pagure.io/freeipa/issue/7174 --- install/share/Makefile.am| 1 - install/share/replica-s4u2proxy.ldif | 14 -- 2 files changed, 15 deletions(-) delete mode 100644 install/share/replica-s4u2proxy.ldif diff --git a/install/share/Makefile.am b/install/share/Makefile.am index e044b328f6..b1285854ea 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -79,7 +79,6 @@ dist_app_DATA =\ sudobind.ldif \ automember.ldif \ replica-automember.ldif \ - replica-s4u2proxy.ldif \ sasl-mapping-fallback.ldif \ schema-update.ldif \ vault.ldif \ diff --git a/install/share/replica-s4u2proxy.ldif b/install/share/replica-s4u2proxy.ldif deleted file mode 100644 index c7ced5ee29..00 --- a/install/share/replica-s4u2proxy.ldif +++ /dev/null @@ -1,14 +0,0 @@ -dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX -changetype: modify -add: memberPrincipal -memberPrincipal: HTTP/$FQDN@$REALM - -# ipa-cifs-delegation-targets needs to be an ipaAllowedTarget for HTTP -# delegation but we don't add it here as an LDIF because this entry may -# already exist from another replica, or previous install. If it is missing -# then it will be caught by the update file 61-trusts-s4u2proxy.update - -dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX -changetype: modify -add: memberPrincipal -memberPrincipal: ldap/$FQDN@$REALM ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#903][closed] Warning the user when using a loopback IP as forwarder
URL: https://github.com/freeipa/freeipa/pull/903 Author: felipevolpone Title: #903: Warning the user when using a loopback IP as forwarder Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/903/head:pr903 git checkout pr903 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
