summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* py3: bindmgr: fix iteration over bytesMartin Basti2018-02-071-10/+16
| | | | | | | | | In py3 iteration over bytes returns integers, in py2 interation over bytes returns string. https://pagure.io/freeipa/issue/4985 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* py3: ipa-dnskeysyncd: fix bytes issuesMartin Basti2018-02-071-13/+13
| | | | | | | | | LDAP client returns values as bytes, thus ipa-dnskeysyncd must work with bytes properly. https://pagure.io/freeipa/issue/4985 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Make IntegrationTest fail if an error happened during uninstallFelipe Barreto2018-02-072-3/+1
| | | | | | | | | | | | | | Before this change, if the uninstall process fails, the test would not fail, due to the raiseonerr=False. It's necessary to remove the uninstall call in CALessBase because in TestIntegration there is another uninstall call. So, without the raiseonerr=False, it would make the uninstall process fail, since the master is already uninstalled. https://pagure.io/freeipa/issue/7357 Reviewed-By: Christian Heimes <cheimes@redhat.com>
* ipa-advise for smartcards updatedamitkuma2018-02-071-1/+2
| | | | | | | | | | | | ...... authconfig --enablesmartcard --smartcardmodule=sssd --updateall Advise is updated to: authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=1 --updateall Resolves: https://pagure.io/freeipa/issue/7358 Reviewed-By: Christian Heimes <cheimes@redhat.com>
* IntegrationTests now collects logs from all test methodsFelipe Barreto2018-02-061-2/+0
| | | | | | | | | | logs_dict should not be cleared. It's filled once per class and it should not be cleared after running the first test. https://pagure.io/freeipa/issue/7310 https://pagure.io/freeipa/issue/7335 Reviewed-By: Michal Reznik <mreznik@redhat.com>
* Fix replica_promotion-domlevel0 test failuresAlexander Koksharov2018-02-061-8/+8
| | | | | | | | | | | Integration test is failing due to wrong message being displayed by ipa. This issue was most probably introduced by PR: https://github.com/freeipa/freeipa/commit/f51869bf5214e2d2322f85bf72b7ae86b6893974 Error messages for domain level 0 and >=1 cases were basically swapped. This PR is swapping them back. Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
* Updated the TestExternalCA with the functions introduced for the steps of ↵Mohammad Rizwan Yusuf2018-02-061-19/+8
| | | | | | | external CA installation. Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* When the dirsrv service, which gets started during the first ↵Mohammad Rizwan Yusuf2018-02-061-0/+71
| | | | | | | | | | | | ipa-server-install --external-ca phase, is not running when the second phase is run with --external-cert-file options, the ipa-server-install command fail. This test checks if second phase installs successfully when dirsrv is stoped. related ticket: https://pagure.io/freeipa/issue/6611 Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* cert-request: avoid internal error when cert malformedFraser Tweedale2018-02-061-1/+13
| | | | | | | | | | When executing cert-request, if Dogtag successfully issues a certificate but python-cryptography cannot parse the certificate, an unhandled exception occurs. Handle the exception by notifying about the malformed certificate in the response messages. Fixes: https://pagure.io/freeipa/issue/7390 Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
* Improve warning message for malformed certificatesFraser Tweedale2018-02-061-1/+1
| | | | | | | | | | | | The 'CertificateInvalid' message is used for malformed certificates. The user error messages says "Invalid certificate...", but in X.509 "validity" has a specific meaning that does not encompass well-formedness. For clarify, change the user-visible message to say "Malformed". Part of: https://pagure.io/freeipa/issue/7390 Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
* Move Requires: pythonX-sssdconfig into conditionalRob Crittenden2018-02-061-1/+2
| | | | | | https://pagure.io/freeipa/issue/5638 Reviewed-By: Christian Heimes <cheimes@redhat.com>
* IANA reserved IP address can not be used as a forwarder. This test checks if ↵Mohammad Rizwan Yusuf2018-01-311-0/+42
| | | | | | | | | ipa server installation throws an error when 0.0.0.0 is specified as forwarder IP address. related ticket: https://pagure.io/freeipa/issue/6894 Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com> Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
* Fixing translation problemsAleksei Slaikovskii2018-01-314-16/+21
| | | | | | | | | | | | | | | | | | | ipa rpc server did set the LANG environment variable on each request and it was not thread safe which led to unpredictable mixed languages output. Also, there were mistakes regarding setting the Accept-Language HTTP header. Now on each request we're setting the "languages" property in the context thread local variable and client is setting the Accept-Language HTTP header correctly. Also, as the server is caching the schema and the schema can be generated for several languages it's good to store different schema fingerprint for each language separately. pagure: https://pagure.io/freeipa/issue/7238 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
* preventing ldap principal to be deletedAlexander Koksharov2018-01-311-3/+19
| | | | | | | | | | | | | | | | | | | | ipa-server-install --uninstall command is calling server-del to delete replica. This scenario does not work since server-del is also deleting all principals from and ldap breaking ldap replication. As a result, only part of deletions are propagated to the other replicals leaving a lot of orphaned data there. https://pagure.io/freeipa/issue/7371 This patch won't fully fix the issue with left-over data but more data is cleaned up and only ldap principal is left thus ending in a better state. Issue will be fully fixed only when topology plugin is patched as well. The following pagure ticket is created to track topology plugin change: https://pagure.io/freeipa/issue/7359 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Remove unused PyOpenSSL from spec fileChristian Heimes2018-01-291-2/+0
| | | | | | | https://pagure.io/freeipa/issue/7381 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* test_integration: backup custodia conf and keysFlorence Blanc-Renaud2018-01-291-0/+13
| | | | | | | | | | | Add an integration test for issue 7247 (ipa-backup does not backup Custodia keys and files) The test performs backup / uninstall / check custodia files were removed / restore and check that the custodia conf and keys files are restored. related ticket https://pagure.io/freeipa/issue/7247 Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Fixing vault-add-member to be compatible with py3Felipe Barreto2018-01-241-1/+1
| | | | | | | | | Changing from iteritems() to values() in order to be compatible with python3. https://pagure.io/freeipa/issue/7373 Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Give ODS socket a bit of timeChristian Heimes2018-01-231-4/+8
| | | | | | | | | | | | | | ipa-ods-exporter uses systemd socket activation. The script uses select() to check if the socket is readable. A timeout of 0 is a bit too aggressive. Sometimes select() doesn't consider the systemd socket as readable. This causes ODS to fail silently A timeout of one second seems to remove the problem. A proper error code also signals that something went wrong. Closes: https://pagure.io/freeipa/issue/7378 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Require dbus-python on F27Christian Heimes2018-01-231-2/+14
| | | | | | | | | | | | | | | Partly revert b03d5155. python2-dbus is not available on F27. The package only provides dbus-python: $ dnf install python2-dbus dbus-python Last metadata expiration check: 0:18:39 ago on 2018-01-23T18:59:22 CET. No match for argument: python2-dbus Package dbus-python-1.2.4-8.fc27.x86_64 is already installed, skipping. Error: Unable to find a match Part of: https://pagure.io/freeipa/issue/7131 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Fix pylint error in ipapython/dn.pyChristian Heimes2018-01-231-5/+7
| | | | | | | | ipapython/dn.py:1324: [R1710(inconsistent-return-statements), DN.__contains__] Either all return statements in a function should return an expression, or none of them should.) Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Custom ca-subject loggingamitkuma2018-01-231-1/+2
| | | | | | | | | | | | | Present Situation: Logging is a bit incomplete when using a custom CA subject passed in via --ca-subject. If there is a problem finding the IPA CA certificate then the installer will log: ERROR IPA CA certificate not found in /tmp/servercert.pem, /tmp/cacert.pem After the Fix this sort of log is seen: ipa.ipapython.install.cli.install_tool(CompatServerMasterInstall): DEBUG The ipa-server-install command failed, exception: ScriptError: IPA CA certificate with subject 'CN=Certificate Authority,O=GSSLAB.PNQ2.REDHAT.COM' was not found in /root/ipa.cert, /root/rootCA.crt. Resolves: https://pagure.io/freeipa/issue/7245 Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
* Lower python-ldap requirement for F27Christian Heimes2018-01-231-12/+23
| | | | | | | | | | | | | | For DNSSEC daemons on Python 3, python-ldap requirement was bumped to python-ldap 3.0. But python-ldap 3.0 hasn't been released yet and is only available as beta4 on rawhide. The DNSSEC fix hasn't landed either. Lower requirements to python2-ldap 2.4.15 and python3-pyldap 2.4.35.1-2 until the DNSSEC fix has landed. See https://pagure.io/freeipa/issue/7257 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Fixing test_backup_and_restore assert to do not rely on the orderFelipe Barreto2018-01-171-0/+9
| | | | | | | | | | | | | | | Since we cannot assume that LDAP will return data in any ordered way, the test should be changed to do not rely on that. Instead of just comparing the output of the show-user command, this change first order the groups returned in the 'Member of Group' field before compare them. https://pagure.io/freeipa/issue/7339 Reviewed-By: Aleksei Slaikovskii <aslaikov@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* test_caless: add SAN extension to other certsMichal Reznik2018-01-171-5/+5
| | | | | | | | | Currently when testing we are using SAN extension only in KDC, wildcard certs and not in the other certs. During replica installation we then see a warning about certs having no `subjectAltName`. Reviewed-By: Christian Heimes <cheimes@redhat.com>
* replica_prepare: Remove the correct NSS DB filesStanislav Laznicka2018-01-161-1/+1
| | | | | | | | | | Mistake in recent fixes made the ipa-replica-prepare include some extra files in the info file should the legacy format of NSS databases be used. https://pagure.io/freeipa/issue/7049 Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Add a helpful comment to ca.py:install_check()Stanislav Laznicka2018-01-161-0/+1
| | | | Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Documenting kinit_lifetime in /etc/ipa/default.confamitkuma2018-01-124-15/+3
| | | | | | | Describing the parameter kinit_lifetime that allows to limit the lifetime of ticket obtained by users authenticating to the WebGUI using login/password. Removing session_auth_duration and session_duration_type since these parameters are not relevant anymore. Resolves: https://pagure.io/freeipa/issue/7333 Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
* ipa-run-tests: make --ignore absolute, tooChristian Heimes2018-01-121-0/+9
| | | | | | | | | | ipa-run-tests now applies the same logic to --ignore then to included paths. https://pagure.io/freeipa/issue/7355 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Michal Reznik <mreznik@redhat.com>
* Sort external schema filesChristian Heimes2018-01-101-1/+1
| | | | | | | | | get_all_external_schema_files() now returns schema files sorted. Fixes: https://pagure.io/freeipa/issue/7338 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* prci: run full external_ca test suiteMichal Reznik2018-01-091-1/+1
| | | | | | | | | | Before this patch there was just one test in external_ca suite, now we add one new test class thus deleting the specific class in external_ca PRCI section. https://pagure.io/freeipa/issue/7302 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
* tests: move CA related modules to pytest_pluginsMichal Reznik2018-01-093-2/+2
| | | | | | | | | | | | | Till now both create_caless_pki.py and create_external_ca.py were stored in test_integration folder. However when trying to import e.g. "from create_external_ca import ExternalCA" from tasks.py where all other integration test`s support functions lives we get "AttributeError: module 'pytest' has no attribute 'config' as pytest was not completely initialized at the moment of the import. https://pagure.io/freeipa/issue/7302 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
* test_external_ca: selfsigned->ext_ca->selfsignedMichal Reznik2018-01-091-19/+106
| | | | | | | | | | Add selfsigned > external_ca > selfsigned test case. Covers Pagure issue #7106 https://pagure.io/freeipa/issue/7302 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
* test_tasks: add sign_ca_and_transport() functionMichal Reznik2018-01-091-0/+28
| | | | | | | | | Add sign_ca_and_transport() function which will sign provided csr and transport root CA and signed IPA CA to the host. https://pagure.io/freeipa/issue/7302 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
* paths: add IPA_CACERT_MANAGE and IPA_CERTUPDATE constantsMichal Reznik2018-01-091-0/+2
| | | | | | | | | Add IPA_CACERT_MANAGE and IPA_CERTUPDATE constants which will be used in test_external_ca test suite. https://pagure.io/freeipa/issue/7302 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
* test_caless: test PKINIT install and anchor updateMichal Reznik2018-01-091-7/+34
| | | | | | | | | Add test case for installing PKINIT and anchor update when using 3rd party CA after caless installation. Related to #6831 issue. https://pagure.io/freeipa/issue/7233 Reviewed-By: Christian Heimes <cheimes@redhat.com>
* test_renewal_master: add ipa csreplica-manage testMichal Reznik2018-01-091-2/+45
| | | | | | | | | | | | Add test case for setting renewal master using command ipa-csreplica-manage. Automation related to upstream ticket #7120. Testing using config-mod already covered. https://pagure.io/freeipa/issue/7321 Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Fixing test_testconfig with proper assertsFelipe Barreto2018-01-092-12/+30
| | | | | | | | | | | | | When the cls in env_config.py is a WinHost, the __init__ receives different parameters. Now, it's adapted to all different kinds of hosts. Also, it's necessary to add the host_type field to most of domains created in the test classes, because the field is returned by pytest_multihost.Config in pytest_plugins/integration/config.py::Config::to_dict https://pagure.io/freeipa/issue/7346 Reviewed-By: Christian Heimes <cheimes@redhat.com>
* test_backup_and_restore.py AssertionError fixAleksei Slaikovskii2018-01-091-3/+2
| | | | | | | | | | prefix in the backup function expects output to have 'ipa.ipaserver.install.ipa_backup.Backup:' and it's wrong. The right one is 'ipaserver.install.ipa_backup:'. https://pagure.io/freeipa/issue/7339 Reviewed-By: Felipe Volpone <fbarreto@redhat.com>
* Idviews: fix objectclass violation on idview-addFlorence Blanc-Renaud2018-01-092-4/+46
| | | | | | | | | | | | | | | | | | | | When the option --domain-resolution-order is used with the command ipa idview-add, the resulting LDAP object stores the value in ipadomainresolutionorder attribute. The issue is that the add command does not add the needed object class (ipaNameResolutionData) because it is part of possible_objectclasses but not of object_class. The fix makes sure to add the objectclass when the option --domain-resolution-order is used, and adds a non-regression test. Note that idview-mod does not have any issue as it correctly handles the addition of missing possible objectclasses. Fixes: https://pagure.io/freeipa/issue/7350 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* LGTM: unnecessary else in for loopChristian Heimes2018-01-094-18/+17
| | | | | | | | for/else makes only sense when the for loop uses break, too. If the for loop simply returns on success, then else is not necessary. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* LGTM: Use explicit string concatenationChristian Heimes2018-01-092-20/+22
| | | | | | | | | Implicit string concatenation is technically correct, too. But when combined in list, it's confusing for both human eye and static code analysis. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* LGTM: raise handle_not_found()Christian Heimes2018-01-0925-145/+205
| | | | | | | | | | | | | | Turn calls "handle_not_found()" into "raise handle_not_found()" to indicate control flow chance. It makes the code easier to understand, the control flow more obvious and helps static analyzers. It's OK to raise here because handle_not_found() always raises an exception. https://pagure.io/freeipa/issue/7344 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* LGTM: Fix multiple use before assignmentChristian Heimes2018-01-099-25/+45
| | | | | | | | | | | - Move assignment before try/finally block - Add raise to indicate control flow change - Add default value https://pagure.io/freeipa/issue/7344 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* LGTM: Remove redundant assignmentChristian Heimes2018-01-091-2/+0
| | | | | | | https://pagure.io/freeipa/issue/7344 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* LGTM: Fix exception in permission_delChristian Heimes2018-01-091-1/+1
| | | | | | | | | Instantiating an exception, but not raising it, has no effect. https://pagure.io/freeipa/issue/7344 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* LGTM: Membership test with a non-containerChristian Heimes2018-01-091-8/+12
| | | | | | | | | | | Silence false positive by using isinstance(value, dict). Also clean up and optimize most common cases. https://pagure.io/freeipa/issue/7344 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* LGTM: Name unused variable in loopChristian Heimes2018-01-092-3/+3
| | | | | | | | | | For loop variable '_nothing' is not used in the loop body. The name 'unused' is used to indicate that a variable is unused. https://pagure.io/freeipa/issue/7344 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* LGTM: Use of exit() or quit()Christian Heimes2018-01-095-16/+22
| | | | | | | | | | Replace exit() with sys.exit(). exit() or quit() may fail if the interpreter is run with the -S option. https://pagure.io/freeipa/issue/7344 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* LGTM: Silence unmatchable dollarChristian Heimes2018-01-091-1/+5
| | | | | | | | | Silence false positive "unmatchable dollar in regular expression". https://pagure.io/freeipa/issue/7344 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* Make fastlint even fasterChristian Heimes2018-01-081-8/+8
| | | | | | | | | | - Check pycodestyle before pylint. pycodestyle takes seconds while pylint can easily take half a minute or more. - Fix exit, needs two $ - Add some newlines to make output more readable Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
generated by cgit (git 2.34.1) at 2025-08-31 22:48:40 +0000