[Freeipa-devel] [freeipa PR#184][comment] Minor install script fixes
URL: https://github.com/freeipa/freeipa/pull/184 Title: #184: Minor install script fixes pvoborni commented: """ The debug patch breaks test installation on RHEL. Following exception is printed only if install.py is adjusted to print exception on line ``` ipa : ERRORdebug Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 899, in install if options.debug: File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 550, in __getattr__ raise AttributeError(name) AttributeError: debug ``` I.e. there is no Knob debug nor verbose unless it is somehow copied. I don't know why it doesn't break install on Fedora but imho the patch cannot work. This might also be the "there is no ipa-client-install.log" issue. Because it fails just before calling ipa-client-install. """ See the full comment at https://github.com/freeipa/freeipa/pull/184#issuecomment-256165308 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#171][comment] Build system cleanup phase 2
URL: https://github.com/freeipa/freeipa/pull/171 Title: #171: Build system cleanup phase 2 lslebodn commented: """ On (20/10/16 10:29), Petr Špaček wrote: >@lslebodn I'm really trying to explain this but I'm still not able to get the >point across. >> My concerns are related purely to C-code. > >Please understand that IPA client consists of components in C as well from >components in Python, and also non-programatic components like translation >machinery etc. > Correct me If I am wrong. The configure script is and will be used just for detection of build dependencies for C-code. So here I cannot see a conflict with my proposal. >We certainly can create m4 include maze I cannot see a reason why it would be a maze Detection of client build dependencies will be done in main configure.ac Detection of server dependencies would be done in `daemons/configure.ac` `./ipatests/man/configure.ac` and `./install/configure.ac` does not have any C-related dependencies and `./asn1/configure.ac` is required by client code. IMHO ans1c/ can be moved to client/asn1c/ (but that's offtopic) There would not be much includes as I showed in POC >and force maintainer to always use `grep` before he finds particular part in >the build system. maintainers do not use grep for finding build dependencies. The most common use case is just to run configure script and wait for reported errors. pkg-config returns nice error messages. And then add new build dependency. However, C related code is not changed very often and even more C-related dependencies are added much less often. But if new depenendecy will be added to server part then it will be much simpler to review whether build dependency is added to the right section if server dependencies will be in separate file. >Unfortunatlly, even the m4 maze will not solve the problem that client-only >build of C binaries simply do not constitute working IPA client. >Integration with other Python components is necessary to get the client to >work. > Totally agree. But python components is not related to checking of build time dependencies for C-code. It should be solved in different PR IMHO, this PR should not complicate client-only build just for C-binaries. >The end goal is to fold all of hand-made Makefile and SPEC file scripts to the >build system, so in the end, it should help with porting to other arches - >there will be just one place where changes need to be done, instead of three. > Agree, but here I cannot see any conflict with my proposal. >I hope that it clears up why it is not useful to insist on keeping current >pieces as they were before. The design document was sent to freeipa-devel >mailing list in this thread: >https://www.redhat.com/archives/freeipa-devel/2016-October/msg00134.html >Please discuss conceptual questions on the mailing list so we can get >attention of other FreeIPA developers and avoid need to point people one by >one to this PR. > I read the desing page and there is mentioned that autotools will be used for C-part as an implementation and configure script should have the option --enable-server which default yes. I could not find any contradiction between my proposal and desing page. LS """ See the full comment at https://github.com/freeipa/freeipa/pull/171#issuecomment-256120734 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#145][comment] Refactoring: LDAP Connection Management
URL: https://github.com/freeipa/freeipa/pull/145 Title: #145: Refactoring: LDAP Connection Management mbasti-rh commented: """ @rcritten Tomas removed timelimit that was used for repeated connections, it is not used for preventing hangs. (If we talk about the same commit 'ldap refactoring: remove wait/timeout during binds') We added this functionality to DS restart, restart will block code until DS is not ready on LDAPI port. @tomaskrizek I put two inline comments there, otherwise changes make sense. I'll wait for tests results """ See the full comment at https://github.com/freeipa/freeipa/pull/145#issuecomment-256088359 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#183][+pushed] Add __name__ == __main__ guards to setup.pys
URL: https://github.com/freeipa/freeipa/pull/183 Title: #183: Add __name__ == __main__ guards to setup.pys Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#183][comment] Add __name__ == __main__ guards to setup.pys
URL: https://github.com/freeipa/freeipa/pull/183 Title: #183: Add __name__ == __main__ guards to setup.pys mbasti-rh commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/91920e7cb48cbf143ae281c9c073df14b2c2dddf """ See the full comment at https://github.com/freeipa/freeipa/pull/183#issuecomment-256082320 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#183][closed] Add __name__ == __main__ guards to setup.pys
URL: https://github.com/freeipa/freeipa/pull/183 Author: tiran Title: #183: Add __name__ == __main__ guards to setup.pys Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/183/head:pr183 git checkout pr183 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#183][+ack] Add __name__ == __main__ guards to setup.pys
URL: https://github.com/freeipa/freeipa/pull/183 Title: #183: Add __name__ == __main__ guards to setup.pys Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#185][opened] TESTS: Update group type name
URL: https://github.com/freeipa/freeipa/pull/185 Author: pvomacka Title: #185: TESTS: Update group type name Action: opened PR body: """ As the group type has been changed from 'normal' to 'nonposix' we need to update this information also in tests. https://fedorahosted.org/freeipa/ticket/6334 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/185/head:pr185 git checkout pr185 From 828037fded701447ef8cd6cb9da1765a316c35f0 Mon Sep 17 00:00:00 2001 From: Pavel VomackaDate: Thu, 20 Oct 2016 15:25:13 +0200 Subject: [PATCH] TESTS: Update group type name As the group type has been changed from 'normal' to 'nonposix' we need to update this information also in tests. https://fedorahosted.org/freeipa/ticket/6334 --- ipatests/test_webui/data_group.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipatests/test_webui/data_group.py b/ipatests/test_webui/data_group.py index 9d79d18..517f98f 100644 --- a/ipatests/test_webui/data_group.py +++ b/ipatests/test_webui/data_group.py @@ -26,7 +26,7 @@ 'add': [ ('textbox', 'cn', PKEY), ('textarea', 'description', 'test-group desc'), -('radio', 'type', 'normal'), +('radio', 'type', 'nonposix'), ], 'mod': [ ('textarea', 'description', 'test-group desc modified'), -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#139][comment] WebUI: Vault Management
URL: https://github.com/freeipa/freeipa/pull/139 Title: #139: WebUI: Vault Management pvomacka commented: """ @mbasti-rh 2) fixed 3) I filled a ticket: https://fedorahosted.org/freeipa/ticket/6388 4) Tests added 5) Fixed 6) Fixed 7) Salt added 8) Field for public key added 9) Warning added 10) Transport certificate is now visible in WebUI 11) Information added into adder dialog The issue with showing error in case that KRA is not installed is also fixed. """ See the full comment at https://github.com/freeipa/freeipa/pull/139#issuecomment-256062716 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#139][synchronized] WebUI: Vault Management
URL: https://github.com/freeipa/freeipa/pull/139 Author: pvomacka Title: #139: WebUI: Vault Management Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/139/head:pr139 git checkout pr139 From 0e038b2e6297e1045008d8aacccfcba067d6e7ab Mon Sep 17 00:00:00 2001 From: Pavel VomackaDate: Wed, 5 Oct 2016 09:54:24 +0200 Subject: [PATCH 01/13] Additional option to add and del operations can be set By setting the property 'additional_add_del_field' to the name of one of the fields which are on current details page, we choose field which value will be added to *_add_* and *_del_* commands in this format: {field_name: field_value} --field_name: field_value Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 22 ++ 1 file changed, 22 insertions(+) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index 7579bb0..d44f8c8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -421,6 +421,14 @@ IPA.association_table_widget = function (spec) { var that = IPA.table_widget(spec); +/** + * The value should be name of the field, which will be added to *_add_*, + * *_del_* commands as option: {fieldname: fieldvalue}. + * + * @property {String} fieldname + */ +that.additional_add_del_field = spec.additional_add_del_field; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -677,9 +685,22 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); + command.execute(); }; +that.join_additional_option = function(command) { +var add_opt = that.additional_add_del_field; +if (add_opt && typeof add_opt === 'string') { +var opt_field = that.entity.facet.get_field(add_opt); +var value; +if (opt_field) value = opt_field.get_value()[0]; + +command.set_option(add_opt, value); +} +}; + that.show_remove_dialog = function() { var selected_values = that.get_selected_values(); @@ -741,6 +762,7 @@ IPA.association_table_widget = function (spec) { }); command.set_option(that.other_entity.name, values); +that.join_additional_option(command); command.execute(); }; From 3f665d1ecff23515c68ff872e7d2fa23f570b0d6 Mon Sep 17 00:00:00 2001 From: Pavel Vomacka Date: Wed, 5 Oct 2016 10:09:20 +0200 Subject: [PATCH 02/13] Allow to set another other_entity name Association table's add, del commands needs as option list of cn of other_entity, which is added or deleted. There is a case (currently in vaults) that the name of option is different than the name of other_entity. In this situation we can set 'other_option_name' and put there the option name. This option name will be used instead of 'other_entity' name. Part of: https://fedorahosted.org/freeipa/ticket/5426 --- install/ui/src/freeipa/association.js | 24 +--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js index d44f8c8..63beeb8 100644 --- a/install/ui/src/freeipa/association.js +++ b/install/ui/src/freeipa/association.js @@ -429,6 +429,17 @@ IPA.association_table_widget = function (spec) { */ that.additional_add_del_field = spec.additional_add_del_field; +/** + * Can be used in situations when the *_add_member command needs entity + * as a parameter, but parameter has different name than entity. + * i.e. vault_add_member --services=[values] ... this needs values from service + * entity, but option is called services, that we can set by setting + * this option in spec to other_option_name: 'services' + * + * @property other_option_name {String} + */ +that.other_option_name = spec.other_option_name; + that.other_entity = IPA.get_entity(spec.other_entity); that.attribute_member = spec.attribute_member; @@ -683,9 +694,9 @@ IPA.association_table_widget = function (spec) { on_success: on_success, on_error: on_error }); -command.set_option(that.other_entity.name, values); that.join_additional_option(command); +that.handle_entity_option(command, values); command.execute(); }; @@ -701,6 +712,14 @@ IPA.association_table_widget = function (spec) { } }; +that.handle_entity_option = function(command, values) { +var option_name = that.other_option_name; +if (!option_name) { +option_name = that.other_entity.name; +} +
[Freeipa-devel] [freeipa PR#182][comment] Use env var IPA_CONFDIR to get confdir for 'cli' context
URL: https://github.com/freeipa/freeipa/pull/182 Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context tiran commented: """ Your proposals are hacks / workarounds, not a proper API to point ipa/ipalib to a custom configuration location. I'm proposing a proper API for integrators that works similar to ```KRB5_CONFIG``` (https://web.mit.edu/kerberos/krb5-1.14/doc/admin/env_variables.html). The PR is part of a larger effort to simplify integration of ipalib and ipa CLI into Ansible and other systems. Such integration needs to set ```KRB5_CONFIG``` anyway. It makes perfectly sense to have ```IPA_CONFDIR```, too. It's not ```IPA_CONFIG``` because a local enrolment needs ```ca.crt``` and ```nssdb```. """ See the full comment at https://github.com/freeipa/freeipa/pull/182#issuecomment-256056130 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#148][closed] Unaccessible variable self.attrs in Tracker
URL: https://github.com/freeipa/freeipa/pull/148 Author: gkaihorodova Title: #148: Unaccessible variable self.attrs in Tracker Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/148/head:pr148 git checkout pr148 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#148][+pushed] Unaccessible variable self.attrs in Tracker
URL: https://github.com/freeipa/freeipa/pull/148 Title: #148: Unaccessible variable self.attrs in Tracker Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#148][comment] Unaccessible variable self.attrs in Tracker
URL: https://github.com/freeipa/freeipa/pull/148 Title: #148: Unaccessible variable self.attrs in Tracker mbasti-rh commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/9b0b97073304ba6bfdd6292b07533ab3e7fe8bcb """ See the full comment at https://github.com/freeipa/freeipa/pull/148#issuecomment-256016975 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] tomcat-8.0.37-3.fc24.noarch package from updates testing breaks CA instance spawn
On ti, 25 loka 2016, Martin Babinsky wrote: An update for Apache Tmocat recently pushed into bodhi[1] seems to break CA instance spawning in a spectacular way.[2] It seems that the update once again breaks the loading of Java classes during Dogtag server initialization. I gave the package negative karma and I suggest for you to do the same until the issue is resolved. As a workaround you can either disable updates-testing or use: """ dnf downgrade --allowerasing tomcat """ to downgrade tomcat and dependencies to version 8.0.36-2.fc24 which works. [1] https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1b01b9278 [2] https://paste.fedoraproject.org/460589/77394029 Thank you Martin. I've found the corresponding Apache bugzilla entry: https://bz.apache.org/bugzilla/show_bug.cgi?id=60101 Tomcat needs to be rebased to 8.0.38 to work. I just broke my test install ;) -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#184][+pushed] Minor install script fixes
URL: https://github.com/freeipa/freeipa/pull/184 Title: #184: Minor install script fixes Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#184][closed] Minor install script fixes
URL: https://github.com/freeipa/freeipa/pull/184 Author: simo5 Title: #184: Minor install script fixes Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/184/head:pr184 git checkout pr184 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] tomcat-8.0.37-3.fc24.noarch package from updates testing breaks CA instance spawn
An update for Apache Tmocat recently pushed into bodhi[1] seems to break CA instance spawning in a spectacular way.[2] It seems that the update once again breaks the loading of Java classes during Dogtag server initialization. I gave the package negative karma and I suggest for you to do the same until the issue is resolved. As a workaround you can either disable updates-testing or use: """ dnf downgrade --allowerasing tomcat """ to downgrade tomcat and dependencies to version 8.0.36-2.fc24 which works. [1] https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1b01b9278 [2] https://paste.fedoraproject.org/460589/77394029 -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#180][comment] Make api.env.nss_dir relative to api.env.confdir
URL: https://github.com/freeipa/freeipa/pull/180 Title: #180: Make api.env.nss_dir relative to api.env.confdir tiran commented: """ The improvement depends on PR #143. """ See the full comment at https://github.com/freeipa/freeipa/pull/180#issuecomment-255978976 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#181][comment] Tests : User Tracker creation of user with minimal values
URL: https://github.com/freeipa/freeipa/pull/181 Title: #181: Tests : User Tracker creation of user with minimal values gkaihorodova commented: """ Yes, It's a valid point to add testcases for these changes . Will do. Thank you. """ See the full comment at https://github.com/freeipa/freeipa/pull/181#issuecomment-255976850 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context
URL: https://github.com/freeipa/freeipa/pull/182 Author: tiran Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/182/head:pr182 git checkout pr182 From efa099f727898172f4addd7cfd89666d56c9988f Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Mon, 24 Oct 2016 10:35:41 +0200 Subject: [PATCH] Use env var IPA_CONFDIR to get confdir for cli contexts For 'cli' and 'cli_installer' contexts, the environment variable IPA_CONFDIR overrides the default confdir path. The value of the environment variable must be an absolute path to an existing directory. The new variable makes it much simpler to use the 'ipa' command and ipalib with a local configuration directory. Server and server installer contexts do not use the env var. Signed-off-by: Christian Heimes --- client/man/ipa.1 | 4 ipalib/config.py | 10 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/client/man/ipa.1 b/client/man/ipa.1 index 9194ca0..b843e7b 100644 --- a/client/man/ipa.1 +++ b/client/man/ipa.1 @@ -186,6 +186,10 @@ The ipa client will determine which server to connect to in this order: .TP If a kerberos error is raised by any of the requests then it will stop processing and display the error message. +.SH "ENVIRONMENT VARIABLES" +.TP +\fBIPA_CONFDIR\fR +Override path to confdir (default: \fB/etc/ipa\fR). .SH "FILES" .TP \fB/etc/ipa/default.conf\fR diff --git a/ipalib/config.py b/ipalib/config.py index cf9e925..3b1eaeb 100644 --- a/ipalib/config.py +++ b/ipalib/config.py @@ -461,7 +461,15 @@ def _bootstrap(self, **overrides): # Set confdir: if 'confdir' not in self: -if self.in_tree: +ipa_confdir = os.environ.get('IPA_CONFDIR') +env_contexts = {'cli', 'cli_installer'} +if ipa_confdir is not None and self.context in env_contexts: +if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir): +raise AttributeError( +'IPA_CONFDIR must be an absolute path to an ' +'existing directory.') +self.confdir = ipa_confdir +elif self.in_tree: self.confdir = self.dot_ipa else: self.confdir = path.join('/', 'etc', 'ipa') -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#182][synchronized] Use env var IPA_CONFDIR to get confdir for 'cli' context
URL: https://github.com/freeipa/freeipa/pull/182 Author: tiran Title: #182: Use env var IPA_CONFDIR to get confdir for 'cli' context Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/182/head:pr182 git checkout pr182 From 703a8e7c36cc0d9c4005681436a5cdba7d0bff47 Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Mon, 24 Oct 2016 10:35:41 +0200 Subject: [PATCH] Use env var IPA_CONFDIR to get confdir for cli contexts For 'cli' and 'cli_installer' contexts, the environment variable IPA_CONFDIR overrides the default confdir path. The value of the environment variable must be an absolute path to an existing directory. The new variable makes it much simpler to use the 'ipa' command and ipalib with a local configuration directory. Server and server installer contexts do not use the env var. Signed-off-by: Christian Heimes --- client/man/ipa.1 | 4 ipalib/config.py | 10 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/client/man/ipa.1 b/client/man/ipa.1 index 9194ca0..b843e7b 100644 --- a/client/man/ipa.1 +++ b/client/man/ipa.1 @@ -186,6 +186,10 @@ The ipa client will determine which server to connect to in this order: .TP If a kerberos error is raised by any of the requests then it will stop processing and display the error message. +.SH "ENVIRONMENT VARIABLES" +.TP +\fBIPA_CONFDIR\fR +Override path to confdir (default: \fB/etc/ipa\fR). .SH "FILES" .TP \fB/etc/ipa/default.conf\fR diff --git a/ipalib/config.py b/ipalib/config.py index cf9e925..b55a524 100644 --- a/ipalib/config.py +++ b/ipalib/config.py @@ -461,7 +461,15 @@ def _bootstrap(self, **overrides): # Set confdir: if 'confdir' not in self: -if self.in_tree: +ipa_confdir = os.environ.get('IPA_CONFDIR') +env_contexts = {'cli', 'cli_installer'} +if ipa_confdir is not None and self.context in env_contests: +if not path.isabs(ipa_confdir) or not path.isdir(ipa_confdir): +raise AttributeError( +'IPA_CONFDIR must be an absolute path to an ' +'existing directory.') +self.confdir = ipa_confdir +elif self.in_tree: self.confdir = self.dot_ipa else: self.confdir = path.join('/', 'etc', 'ipa') -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#183][synchronized] Add __name__ == __main__ guards to setup.pys
URL: https://github.com/freeipa/freeipa/pull/183 Author: tiran Title: #183: Add __name__ == __main__ guards to setup.pys Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/183/head:pr183 git checkout pr183 From 07c46dd705bbebb3faca13997497926c5a77c038 Mon Sep 17 00:00:00 2001 From: Christian HeimesDate: Mon, 24 Oct 2016 14:56:58 +0200 Subject: [PATCH] Add __name__ == __main__ guards to setup.pys Signed-off-by: Christian Heimes --- ipaclient/setup.py | 40 +++--- ipalib/setup.py | 26 +-- ipaplatform/setup.py | 34 - ipapython/setup.py | 32 ipaserver/setup.py | 39 ++--- ipatests/pytest.ini | 7 ++ ipatests/setup.py| 70 ++-- 7 files changed, 127 insertions(+), 121 deletions(-) diff --git a/ipaclient/setup.py b/ipaclient/setup.py index 8b9dd58..32778b0 100644 --- a/ipaclient/setup.py +++ b/ipaclient/setup.py @@ -20,26 +20,26 @@ FreeIPA is a server for identity, policy, and audit. """ -import os +from os.path import abspath, dirname import sys -# include ../ for ipasetup.py -sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__ +if __name__ == '__main__': +# include ../ for ipasetup.py +sys.path.append(dirname(dirname(abspath(__file__ +from ipasetup import ipasetup # noqa: E402 -from ipasetup import ipasetup # noqa: E402 - -ipasetup( -name="ipaclient", -doc=__doc__, -scripts=['../ipa'], -package_dir={'ipaclient': ''}, -packages=[ -"ipaclient", -"ipaclient.plugins", -"ipaclient.remote_plugins", -"ipaclient.remote_plugins.2_49", -"ipaclient.remote_plugins.2_114", -"ipaclient.remote_plugins.2_156", -"ipaclient.remote_plugins.2_164", -], -) +ipasetup( +name="ipaclient", +doc=__doc__, +scripts=['../ipa'], +package_dir={'ipaclient': ''}, +packages=[ +"ipaclient", +"ipaclient.plugins", +"ipaclient.remote_plugins", +"ipaclient.remote_plugins.2_49", +"ipaclient.remote_plugins.2_114", +"ipaclient.remote_plugins.2_156", +"ipaclient.remote_plugins.2_164", +], +) diff --git a/ipalib/setup.py b/ipalib/setup.py index 62a4499..982a783 100644 --- a/ipalib/setup.py +++ b/ipalib/setup.py @@ -20,19 +20,19 @@ FreeIPA is a server for identity, policy, and audit. """ -import os +from os.path import abspath, dirname import sys -# include ../ for ipasetup.py -sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__ +if __name__ == '__main__': +# include ../ for ipasetup.py +sys.path.append(dirname(dirname(abspath(__file__ +from ipasetup import ipasetup # noqa: E402 -from ipasetup import ipasetup # noqa: E402 - -ipasetup( -name="ipalib", -doc=__doc__, -package_dir={'ipalib': ''}, -packages=[ -"ipalib", -], -) +ipasetup( +name="ipalib", +doc=__doc__, +package_dir={'ipalib': ''}, +packages=[ +"ipalib", +], +) diff --git a/ipaplatform/setup.py b/ipaplatform/setup.py index 8b2d75d..82499da 100644 --- a/ipaplatform/setup.py +++ b/ipaplatform/setup.py @@ -20,23 +20,23 @@ FreeIPA is a server for identity, policy, and audit. """ -import os +from os.path import abspath, dirname import sys -# include ../ for ipasetup.py -sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__ +if __name__ == '__main__': +# include ../ for ipasetup.py +sys.path.append(dirname(dirname(abspath(__file__ +from ipasetup import ipasetup # noqa: E402 -from ipasetup import ipasetup # noqa: E402 - -ipasetup( -name="ipaplatform", -doc=__doc__, -package_dir={'ipaplatform': ''}, -packages=[ -"ipaplatform", -"ipaplatform.base", -"ipaplatform.fedora", -"ipaplatform.redhat", -"ipaplatform.rhel" -], -) +ipasetup( +name="ipaplatform", +doc=__doc__, +package_dir={'ipaplatform': ''}, +packages=[ +"ipaplatform", +"ipaplatform.base", +"ipaplatform.fedora", +"ipaplatform.redhat", +"ipaplatform.rhel" +], +) diff --git a/ipapython/setup.py b/ipapython/setup.py index 81e032b..47acdd6 100755 --- a/ipapython/setup.py +++ b/ipapython/setup.py @@ -20,22 +20,22 @@ FreeIPA is a server for identity, policy, and audit. """ -import os +from os.path import abspath, dirname import sys -# include ../ for ipasetup.py -sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__ +if __name__ == '__main__': +# include ../ for ipasetup.py +
Re: [Freeipa-devel] [Test][Patch-0049, 0050] Certs in ID overrides test
Integration part of the tests is ready. 2 tests: 1. Adds a cert to idoverride of a windows user 2. sssd part - looks up user by his certificate using dbus-sssd Second and third dbus call are executed as a string insted of as array of strings because it just does not work otherwise. Some quote escaping gets screwed probably, but the system returns "Error org.freedesktop.DBus.Error.UnknownInterface: Unknown interface" if the command is executed using the standard array-based approach The run looks like this: bash-4.3$ ipa-run-tests test_integration/test_idviews.py --pdb WARNING: Couldn't write lextab module 'pycparser.lextab'. [Errno 13] Permission denied: 'lextab.py' WARNING: yacc table file version is out of date WARNING: Couldn't create 'pycparser.yacctab'. [Errno 13] Permission denied: 'yacctab.py' test session starts platform linux2 -- Python 2.7.11, pytest-2.9.2, py-1.4.31, pluggy-0.3.1 rootdir: /usr/lib/python2.7/site-packages/ipatests, inifile: pytest.ini plugins: sourceorder-0.5, multihost-1.0 collected 2 items test_integration/test_idviews.py .. 2 passed in 948.44 seconds = On 10/21/2016 10:54 AM, Oleg Fayans wrote: Added one more test, resolved the pep8 issues On 10/19/2016 12:32 PM, Oleg Fayans wrote: Hi Martin, As you suggested, I've extended the test_xmlrpc/test_add_remove_cert_cmd.py to contain basic tests for certs in idoverrides. The integration part still needs some polishing in the part related to user lookup by cert On 10/14/2016 03:57 PM, Martin Babinsky wrote: On 10/14/2016 03:48 PM, Oleg Fayans wrote: So, did I understand correctly, that there would be 2 patches: one containing test for basic idoverrides functionality without AD-integration, and the second one - with AD-integration and an sssd check, correct? I guess, the freeipa-ofayans-0050.1-Automated-test-for-certs-in-idoverrides-feature.patch might be a good candidate for the first one, I only have to change the filename to test_idviews.py, right? Oleg, we already have XMLRPC tests for idoverrides: ipatests/test_xmlrpc/test_idviews_plugin.py Is there any particular reason why not to extend them with add cert/remove cert operations? Even better, you can extend `ipatests/test_xmlrpc/test_add_remove_cert_cmd.py` suite by doing the same set of tests on idoverrideuser objects. Or am I missing something? On 09/15/2016 10:32 AM, Martin Basti wrote: On 15.09.2016 10:10, Oleg Fayans wrote: Hi Martin, The file was renamed. Did I understand correctly that for now we are leaving the test as is and are planning to extend it later? I would like to have there SSSD check involved, please use what Summit recommends. No new test cases. And this can be done by separate patch, I want to have API/CLI certificate override tests for non-AD idview (extending current tests I posted in this thread) Martin^2 On 09/15/2016 09:49 AM, Martin Basti wrote: On 14.09.2016 18:53, Sumit Bose wrote: On Wed, Sep 14, 2016 at 06:03:37PM +0200, Martin Basti wrote: On 14.09.2016 17:53, Alexander Bokovoy wrote: On Wed, 14 Sep 2016, Martin Basti wrote: On 14.09.2016 17:41, Alexander Bokovoy wrote: On Wed, 14 Sep 2016, Martin Basti wrote: 1) I still don't see the reason why AD trust is needed. Default trust ID view is added just by ipa-adtrust-install, adding trust is not needed for current implementation. You don't need AD for this, IDviews is generic feature not just for AD. Is that user configured on AD side? You cannot add non-AD user to 'default trust view', so you will not be able to set up certificates to ID override which does not exist. For non-'default trust view' you can add both IPA and AD users, so using some other view and then assign certificate for a ID override in that one. Ok then, but anyway I would like to see API/CLI tests for this feature with proper output validation. How can be this tested with SSSD? You need to log into the system with a certificate... Is this possible from test? We are logged remotely as root, is there any cmdline util which allows us to test certificate against AD user? You can use 'sss_ssh_authorizedkeys aduser@ad.domain' which should return the ssh key derived from the public key in the certificate. This should work for certificate stored in AD as well as for overrides. You can also you the DBus lookup by certificate as described in https://fedorahosted.org/sssd/wiki/DesignDocs/LookupUsersByCertificate . HTH bye, Sumit Thank you Alexander and Summit for hints. Oleg I realized we don't have any other idviews integration tests So I propose to rename test file you are adding to test_idviews.py. We can add more testcases for idviews there later Martin^2 Martin^2 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:
[Freeipa-devel] [freeipa PR#181][comment] Tests : User Tracker creation of user with minimal values
URL: https://github.com/freeipa/freeipa/pull/181 Title: #181: Tests : User Tracker creation of user with minimal values mirielka commented: """ The same minimal values apply for stageuser-add command, can you please modify the stageuser tracker as well? Also adding testcases for these changes would be nice. """ See the full comment at https://github.com/freeipa/freeipa/pull/181#issuecomment-255951439 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code