[Freeipa-devel] [freeipa PR#140][comment] Tests: Remove invalid certplugin tests

2016-10-06 Thread pvomacka
URL: https://github.com/freeipa/freeipa/pull/140 Title: #140: Tests: Remove invalid certplugin tests pvomacka commented: """ I think that it is not good idea to remove tests, because we are lowering coverage. Therefore NACK. Could we rather rewrite these tests? For example issue certain

Re: [Freeipa-devel] [PATCH] 0097 Add options to write lightweight CA cert or chain to file

2016-10-06 Thread Jan Cholasta
On 23.9.2016 05:29, Fraser Tweedale wrote: Bump for review. Rebased patches attached (there was a trivial conflict in imports). Thanks, Fraser On Tue, Sep 06, 2016 at 02:05:06AM +1000, Fraser Tweedale wrote: On Fri, Aug 26, 2016 at 10:28:58AM +0200, Jan Cholasta wrote: On 19.8.2016 13:11,

[Freeipa-devel] [freeipa PR#135][comment] Pylint: remove unused variables

2016-10-06 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/135 Title: #135: Pylint: remove unused variables stlaz commented: """ A refactoring ticket needs opening for the issues with find_entries mentioned here. Tests seem to pass, so ACK. """ See the full comment at

[Freeipa-devel] [freeipa PR#135][+ack] Pylint: remove unused variables

2016-10-06 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/135 Title: #135: Pylint: remove unused variables Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#140][opened] Tests: Remove invalid certplugin tests

2016-10-06 Thread mirielka
URL: https://github.com/freeipa/freeipa/pull/140 Author: mirielka Title: #140: Tests: Remove invalid certplugin tests Action: opened PR body: """ A bunch of certplugin tests were testing number of revoked certificates with various revocation reasons. Since existence of revoked certificates

[Freeipa-devel] [freeipa PR#140][comment] Tests: Remove invalid certplugin tests

2016-10-06 Thread pvomacka
URL: https://github.com/freeipa/freeipa/pull/140 Title: #140: Tests: Remove invalid certplugin tests pvomacka commented: """ Yes, that's true and I understand that these tests depend on previous actions. What I actually wanted to say is that I think that we should rather rewrite these tests

[Freeipa-devel] [freeipa PR#113][comment] ipalib.constants: Remove default domain, realm, basedn, xmlrpc_uri, ldap_uri

2016-10-06 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/113 Title: #113: ipalib.constants: Remove default domain, realm, basedn, xmlrpc_uri, ldap_uri stlaz commented: """ NACK, please see the review comment. """ See the full comment at https://github.com/freeipa/freeipa/pull/113#issuecomment-251895399

[Freeipa-devel] [freeipa PR#140][comment] Tests: Remove invalid certplugin tests

2016-10-06 Thread mirielka
URL: https://github.com/freeipa/freeipa/pull/140 Title: #140: Tests: Remove invalid certplugin tests mirielka commented: """ Hi, I discussed this with Rob who authored the tests and he said that these tests were there just as a kind of checking that no extra revoked certificates get in. Tests

[Freeipa-devel] [freeipa PR#139][synchronized] WebUI: Vault Management

2016-10-06 Thread pvomacka
URL: https://github.com/freeipa/freeipa/pull/139 Author: pvomacka Title: #139: WebUI: Vault Management Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/139/head:pr139 git checkout pr139 From

[Freeipa-devel] [freeipa PR#138][comment] Fix ipa-cacert-manage man page

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/138 Title: #138: Fix ipa-cacert-manage man page mbasti-rh commented: """ Is this written in IdM guide, if not IMO it would be nice to open doc bug in BZ and add this info there as well """ See the full comment at

[Freeipa-devel] [freeipa PR#128][+pushed] Properly handle LDAP socket closures in ipa-otpd

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/128 Title: #128: Properly handle LDAP socket closures in ipa-otpd Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#128][closed] Properly handle LDAP socket closures in ipa-otpd

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/128 Author: npmccallum Title: #128: Properly handle LDAP socket closures in ipa-otpd Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/128/head:pr128 git checkout pr128

[Freeipa-devel] [freeipa PR#135][+pushed] Pylint: remove unused variables

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/135 Title: #135: Pylint: remove unused variables Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#135][closed] Pylint: remove unused variables

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/135 Author: mbasti-rh Title: #135: Pylint: remove unused variables Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/135/head:pr135 git checkout pr135 -- Manage your

[Freeipa-devel] [freeipa PR#125][closed] Add iSecStore.span

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/125 Author: tiran Title: #125: Add iSecStore.span Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/125/head:pr125 git checkout pr125 -- Manage your subscription for

[Freeipa-devel] [freeipa PR#125][+pushed] Add iSecStore.span

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/125 Title: #125: Add iSecStore.span Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#135][comment] Pylint: remove unused variables

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/135 Title: #135: Pylint: remove unused variables mbasti-rh commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/d9375881460d63cdd696bb0705da0ac205db9870

[Freeipa-devel] [freeipa PR#115][+ack] Don't show traceback when ipa config file is not an absolute path

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/115 Title: #115: Don't show traceback when ipa config file is not an absolute path Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#123][comment] Tests: Remove silent deleting and creating entries by tracker

2016-10-06 Thread apophys
URL: https://github.com/freeipa/freeipa/pull/123 Title: #123: Tests: Remove silent deleting and creating entries by tracker apophys commented: """ Looks good, thanks. """ See the full comment at https://github.com/freeipa/freeipa/pull/123#issuecomment-251931803 -- Manage your subscription

[Freeipa-devel] [freeipa PR#123][+ack] Tests: Remove silent deleting and creating entries by tracker

2016-10-06 Thread apophys
URL: https://github.com/freeipa/freeipa/pull/123 Title: #123: Tests: Remove silent deleting and creating entries by tracker Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#138][comment] Fix ipa-cacert-manage man page

2016-10-06 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/138 Title: #138: Fix ipa-cacert-manage man page flo-renaud commented: """ Hi, thanks for your comment. Yes, the IDM guide is currently being updated to describe this requirement. See

[Freeipa-devel] [freeipa PR#140][comment] Tests: Remove invalid certplugin tests

2016-10-06 Thread alichbox
URL: https://github.com/freeipa/freeipa/pull/140 Title: #140: Tests: Remove invalid certplugin tests alichbox commented: """ Ok, I would vote for the new tests and when we have them merged we can safely delete this part of code that is not relevant anymore. The reason we would leave the

[Freeipa-devel] [freeipa PR#134][comment] DNS URI support

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/134 Title: #134: DNS URI support mbasti-rh commented: """ NACK, please see inline comments """ See the full comment at https://github.com/freeipa/freeipa/pull/134#issuecomment-251916849 -- Manage your subscription for the Freeipa-devel mailing

[Freeipa-devel] [RFC] Matching and Mapping Certificates

2016-10-06 Thread Sumit Bose
Hi, I've started to write a SSSD design page about enhancing the current mapping of certificates to users and how to select/match a suitable certificate if multiple certificates are on a Smartcard. My currently thoughts and idea and be found at

[Freeipa-devel] [freeipa PR#134][comment] DNS URI support

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/134 Title: #134: DNS URI support mbasti-rh commented: """ I was able to add an invalid URI record ``` [root@vm-058-017 ~]# ipa dnsrecord-add test.zone. --uri-rec='0 0 trolo"lo' Record name: test2 Record name: test2 URI record: 0 0 "trolo"lo"

[Freeipa-devel] [freeipa PR#138][comment] Fix ipa-cacert-manage man page

2016-10-06 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/138 Title: #138: Fix ipa-cacert-manage man page flo-renaud commented: """ Hi, thanks for your comment. Yes, the IDM guide is currently being updated to describe this requirement. See

[Freeipa-devel] [freeipa PR#132][comment] Draft for a new setup.py (WIP)

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/132 Title: #132: Draft for a new setup.py (WIP) mbasti-rh commented: """ This WIP works for me, I like that we get rid of setup.py.in files. I'm looking forward to final version Please fix PEP8 reported error and my inline comments """ See the

[Freeipa-devel] [freeipa PR#141][opened] Tests: Fix failing test_ipalib/test_parameters

2016-10-06 Thread mirielka
URL: https://github.com/freeipa/freeipa/pull/141 Author: mirielka Title: #141: Tests: Fix failing test_ipalib/test_parameters Action: opened PR body: """ Parameters test fails because of KeyError caused by improper manipulation with kwargs in Param.__init__ method. During initialization, if

[Freeipa-devel] [freeipa PR#140][comment] Tests: Remove invalid certplugin tests

2016-10-06 Thread mirielka
URL: https://github.com/freeipa/freeipa/pull/140 Title: #140: Tests: Remove invalid certplugin tests mirielka commented: """ Ok, I will do it like Ales proposed and will sync this PR when new tests are ready. """ See the full comment at

[Freeipa-devel] [freeipa PR#108][+ack] Bump pki min version and add commentary about sub-CA revocation on delete

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/108 Title: #108: Bump pki min version and add commentary about sub-CA revocation on delete Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#139][comment] WebUI: Vault Management

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/139 Title: #139: WebUI: Vault Management mbasti-rh commented: """ I'm not sure if this is done on purpose, but Vault section is shown there even I have no KRA installed in topology, and I'm getting error ``` An error has occurred (IPA Error 3000:

Re: [Freeipa-devel] [RFC] Matching and Mapping Certificates

2016-10-06 Thread Rob Crittenden
Sumit Bose wrote: Hi, I've started to write a SSSD design page about enhancing the current mapping of certificates to users and how to select/match a suitable certificate if multiple certificates are on a Smartcard. My currently thoughts and idea and be found at

[Freeipa-devel] [freeipa PR#134][synchronized] DNS URI support

2016-10-06 Thread pspacek
URL: https://github.com/freeipa/freeipa/pull/134 Author: pspacek Title: #134: DNS URI support Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/134/head:pr134 git checkout pr134 From

[Freeipa-devel] [freeipa PR#134][synchronized] DNS URI support

2016-10-06 Thread pspacek
URL: https://github.com/freeipa/freeipa/pull/134 Author: pspacek Title: #134: DNS URI support Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/134/head:pr134 git checkout pr134 From

[Freeipa-devel] [freeipa PR#142][comment] CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper (un)pickling

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/142 Title: #142: CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper (un)pickling mbasti-rh commented: """ IMO here (__init__ of CheckedIPAddress) is missing self._net = addr._net it may cause issues ``` if isinstance(addr,

[Freeipa-devel] [freeipa PR#134][synchronized] DNS URI support

2016-10-06 Thread pspacek
URL: https://github.com/freeipa/freeipa/pull/134 Author: pspacek Title: #134: DNS URI support Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/134/head:pr134 git checkout pr134 From

[Freeipa-devel] [freeipa PR#140][comment] Tests: Remove invalid certplugin tests

2016-10-06 Thread pvomacka
URL: https://github.com/freeipa/freeipa/pull/140 Title: #140: Tests: Remove invalid certplugin tests pvomacka commented: """ Hi alichbox, I agree with steps you are proposing, it does make sense. """ See the full comment at https://github.com/freeipa/freeipa/pull/140#issuecomment-251962169

[Freeipa-devel] [freeipa PR#132][comment] Draft for a new setup.py (WIP)

2016-10-06 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/132 Title: #132: Draft for a new setup.py (WIP) tiran commented: """ @mbasti-rh I have removed more hacks and made each setup.py even simpler. """ See the full comment at https://github.com/freeipa/freeipa/pull/132#issuecomment-251963879 -- Manage

[Freeipa-devel] [freeipa PR#133][comment] Tests: print what was expected from exceptions and callables in xmlrpc_tests

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/133 Title: #133: Tests: print what was expected from exceptions and callables in xmlrpc_tests mbasti-rh commented: """ Please set proper patch author, otherwise LGTM """ See the full comment at

[Freeipa-devel] [freeipa PR#134][synchronized] DNS URI support

2016-10-06 Thread pspacek
URL: https://github.com/freeipa/freeipa/pull/134 Author: pspacek Title: #134: DNS URI support Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/134/head:pr134 git checkout pr134 From

[Freeipa-devel] [freeipa PR#108][comment] Bump pki min version and add commentary about sub-CA revocation on delete

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/108 Title: #108: Bump pki min version and add commentary about sub-CA revocation on delete mbasti-rh commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/6b3f4984296f3caff8f29490eae3ed1dca64b8c3

[Freeipa-devel] [freeipa PR#108][closed] Bump pki min version and add commentary about sub-CA revocation on delete

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/108 Author: frasertweedale Title: #108: Bump pki min version and add commentary about sub-CA revocation on delete Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa

[Freeipa-devel] [freeipa PR#108][+pushed] Bump pki min version and add commentary about sub-CA revocation on delete

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/108 Title: #108: Bump pki min version and add commentary about sub-CA revocation on delete Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#123][comment] Tests: Remove silent deleting and creating entries by tracker

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/123 Title: #123: Tests: Remove silent deleting and creating entries by tracker mbasti-rh commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/74e52e86867372365d1d63561f7d1ff961b89ee0 """ See the full comment at

[Freeipa-devel] [freeipa PR#123][+pushed] Tests: Remove silent deleting and creating entries by tracker

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/123 Title: #123: Tests: Remove silent deleting and creating entries by tracker Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] [RFC] Matching and Mapping Certificates

2016-10-06 Thread Rob Crittenden
Sumit Bose wrote: On Thu, Oct 06, 2016 at 10:33:48AM -0400, Rob Crittenden wrote: Sumit Bose wrote: Hi, Wow, this is really great. Hi Rob, thank you for the feedback. I think I'd pre-plan to support different configuration per issuer subject, with one named default. It shouldn't be a

[Freeipa-devel] [freeipa PR#115][closed] Don't show traceback when ipa config file is not an absolute path

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/115 Author: tomaskrizek Title: #115: Don't show traceback when ipa config file is not an absolute path Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/115/head:pr115

[Freeipa-devel] [freeipa PR#115][comment] Don't show traceback when ipa config file is not an absolute path

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/115 Title: #115: Don't show traceback when ipa config file is not an absolute path mbasti-rh commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/d7a2dfddbc2dc9ae4cea7d65e56d61a6a4d2b928

Re: [Freeipa-devel] [RFC] Matching and Mapping Certificates

2016-10-06 Thread Fraser Tweedale
On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote: > Question, do we need search-and-replace at all (or at this > stage)? Most of the interesting values from the SAN should be > directly map-able to LDAP attributes. And processing the string > representation of might be tricky as

[Freeipa-devel] [freeipa PR#143][opened] Issue6386 nss dir

2016-10-06 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/143 Author: tiran Title: #143: Issue6386 nss dir Action: opened PR body: """ See https://fedorahosted.org/freeipa/ticket/6386 * use api.env.nss_dir in all ipaclient plugins * set api.env.nss_dir to confdir/nssdb """ To pull the PR as Git branch:

[Freeipa-devel] [freeipa PR#139][comment] WebUI: Vault Management

2016-10-06 Thread pvoborni
URL: https://github.com/freeipa/freeipa/pull/139 Title: #139: WebUI: Vault Management pvoborni commented: """ For other optional UIs like CA/Trusts or DNS, Web UI checks on UI start if the component is installed by batch command with: ```JavaScript {method: "env", params: [[], {}]} {method:

[Freeipa-devel] [freeipa PR#139][comment] WebUI: Vault Management

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/139 Title: #139: WebUI: Vault Management mbasti-rh commented: """ 1) I created shared vault, but I cannot see it in 'Shared Vaults', it is show only in 'My Vaults' i.e. it was created ad user vault according CLI 2) 'My Vaults' I expected that it

[Freeipa-devel] [freeipa PR#139][comment] WebUI: Vault Management

2016-10-06 Thread mbasti-rh
URL: https://github.com/freeipa/freeipa/pull/139 Title: #139: WebUI: Vault Management mbasti-rh commented: """ Yeah, and I forgot to write: 11) There should be an information in webUI, that secrets can be added/retrieved to vault only by using vault-archive and vault-retrieve from CLI """

[Freeipa-devel] [freeipa PR#142][opened] CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper (un)pickling

2016-10-06 Thread dkupka
URL: https://github.com/freeipa/freeipa/pull/142 Author: dkupka Title: #142: CheckedIPAddress: Implement __(g|s)etstate__ and to ensure proper (un)pickling Action: opened PR body: """ Missing attributes in instance created by pickle.load cause AttributeError in second part of

[Freeipa-devel] [freeipa PR#134][comment] DNS URI support

2016-10-06 Thread pspacek
URL: https://github.com/freeipa/freeipa/pull/134 Title: #134: DNS URI support pspacek commented: """ I was playing with an idea of automatic escaping but it cannot be done with current record format: There is no way to distinguish alredy escaped text from a text which needs escaping. This

Re: [Freeipa-devel] 4.4.2 release notes draft

2016-10-06 Thread Petr Vobornik
On 10/05/2016 06:40 PM, Petr Vobornik wrote: > Hi, > > we planned to release 4.4.2 Today. I'd postpone it to tomorrow morning > so you have time to read the RN page. > > Almost completely auto-generated release notes page: > http://www.freeipa.org/page/Releases/4.4.2 > > Please help to to

[Freeipa-devel] [freeipa PR#132][synchronized] Draft for a new setup.py (WIP)

2016-10-06 Thread tiran
URL: https://github.com/freeipa/freeipa/pull/132 Author: tiran Title: #132: Draft for a new setup.py (WIP) Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/132/head:pr132 git checkout pr132 From

Re: [Freeipa-devel] [RFC] Matching and Mapping Certificates

2016-10-06 Thread Sumit Bose
On Thu, Oct 06, 2016 at 10:33:48AM -0400, Rob Crittenden wrote: > Sumit Bose wrote: > > Hi, > > > > > > Wow, this is really great. Hi Rob, thank you for the feedback. > > I think I'd pre-plan to support different configuration per issuer subject, > with one named default. It shouldn't be a