summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix replica install with CAMartin Basti2016-06-302-11/+6
| | | | | | | | The incorrect api was used, and CA record updated was duplicated. https://fedorahosted.org/freeipa/ticket/5966 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Tests: Fix frontend testsLenka Doudova2016-06-301-3/+0
| | | | | | | | Test ipatests/test_ipalib/test_frontend.py::test_Command::test_validate fails due to attributes that are no longer present, therefore assertion for these values was removed. https://fedorahosted.org/freeipa/ticket/5987 Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
* Tests: Fix failing tests in ipatests/test_ipalib/test_frontend.pyLenka Doudova2016-06-301-11/+9
| | | | | | | | | | | | Test fails were caused mainly by assertion between unicode and nonunicode string, or due to changes in code related to thin client. Fixes: test_Command::test_default_from_chaining test_Command::test_args_options_2_params test_Command::test_params_2_args_options test_Command::test_validate_output_per_type Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
* Tests: Remove DNS configuration from trust testsLenka Doudova2016-06-301-40/+4
| | | | | | | Since DNS configuration is no longer needed for running trust tests, this method's contents are removed. Method is left empty as reference for others, should they have issues with DNS configuration. Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* replica install: don't allow install against a newer serverJan Cholasta2016-06-301-2/+26
| | | | | | | | | If the version of the remote server is higher than the local version, don't allow installing a replica of it. https://fedorahosted.org/freeipa/ticket/5983 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* backup: use in-server API in ipa-backup and ipa-restoreJan Cholasta2016-06-302-2/+2
| | | | | | | | | Use in-server API so that the commands don't try to fetch API schema and fail. https://fedorahosted.org/freeipa/ticket/5995 Reviewed-By: Milan Kubik <mkubik@redhat.com>
* schema: properly fix Flag arguments on the clientJan Cholasta2016-06-301-2/+2
| | | | | | | | | The previous fix in commit a77e21cbca05be422fe5826857cfba7e0ba6e71f made some Bool arguments appear as Flag on the client. This change fixes that. https://fedorahosted.org/freeipa/ticket/6009 Reviewed-By: David Kupka <dkupka@redhat.com>
* Add certificate widget to ID override user details page.Pavel Vomacka2016-06-291-1/+167
| | | | | | | | Add possibility to add, remove, view, get and download custom certificates on ID override user page. https://fedorahosted.org/freeipa/ticket/5926 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Tests: Fix failing ipatests/test_ipalib/test_errors.pyLenka Doudova2016-06-291-4/+4
| | | | | | Some strings in the testsuite are unicode which wasn't reflected in the tests. This patch fixes the problem by changing concerned strings to unicode. Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
* Add button for dns_update_system_records commandPavel Vomacka2016-06-293-2/+50
| | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/5905 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Do not allow installation in FIPS modeFlorence Blanc-Renaud2016-06-296-3/+39
| | | | | | | https://fedorahosted.org/freeipa/ticket/5761 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add new custom command multivalued widgetPavel Vomacka2016-06-291-0/+292
| | | | | | | | | Add general class for multivalued widget which uses special commands which are performed immediately. Part of: https://fedorahosted.org/freeipa/ticket/5108 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Updated certificates tablePavel Vomacka2016-06-291-0/+6
| | | | | | | | | All certificates which are not issued by IPA CA are grey and not clickable. That's because these certificates are not maintained by IPA CA. Part of: https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add new certificates widget to the service details pagePavel Vomacka2016-06-291-15/+38
| | | | | | | https://fedorahosted.org/freeipa/ticket/5108 https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add new certificates widget to the host details page. Also extends evaluator ↵Pavel Vomacka2016-06-292-23/+79
| | | | | | | | | and add support for adapters. https://fedorahosted.org/freeipa/ticket/5108 https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add new certificates widget to the user details pagePavel Vomacka2016-06-291-2/+31
| | | | | | | https://fedorahosted.org/freeipa/ticket/5108 https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add certificate widgetPavel Vomacka2016-06-294-24/+311
| | | | | | | | | | The certificate widget is used for each certificate in certs_widget. It allows to view, get, download, revoke and restore certificate. https://fedorahosted.org/freeipa/ticket/5108 https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add widget for showing multiple certificatesPavel Vomacka2016-06-294-64/+111
| | | | | | | | | | Certs widget is based on multivalued widget and adds ability to add new certificate and delete it. Each line is cert_widget. https://fedorahosted.org/freeipa/ticket/5108 https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Remove old useless actions - get and viewPavel Vomacka2016-06-291-68/+0
| | | | | | | | These two actions are not available any more. So that code is never called. https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Changed the way how to handle remove hold and revoke actionsPavel Vomacka2016-06-291-17/+40
| | | | | | | | | Method calling in actions is moved to another function - these calls may be used by another functions, not only by actions. https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Refactored certificate view and remove hold dialogPavel Vomacka2016-06-295-112/+192
| | | | | | | | | Removed old layout created using html tables. Now table layout is made by div and modern css styling. https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add Object adapterPavel Vomacka2016-06-291-0/+40
| | | | | | | | | Object adapter changes data to more useful format. Single value is reachable as single value, property with more values is transformed to array. https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add ability to turn off activity iconPavel Vomacka2016-06-291-4/+42
| | | | | | | | | By specifying correct attribute when creating command it turn off showing activity icon when webui waits for response from the server. https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add working widgetPavel Vomacka2016-06-292-0/+77
| | | | | | | | | This widget can be used as notification that some other widget is working. It shows spinner and cover the other widget by specified color. https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Extends functionality of DropdownWidgetPavel Vomacka2016-06-291-0/+36
| | | | | | | | | Adds methods which are able to enable and disable options according to the name of option and methods which set or get whole item list. https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add support for custom menu in multivalued widgetPavel Vomacka2016-06-291-16/+66
| | | | | | | | | | Every single widget which is in multivalued widget can now have custom action menu and the delete button is included in this custom action menu. Part of this ticket: https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* test: cert: Reflect change in behavior in testsDavid Kupka2016-06-291-2/+3
| | | | | | | | | | | | | Command cert-find with parameter sizelimit set to 0 no longer returns 0 certificates but returns all. More precise ConversionError is returned when parameter is not convertible to its type. https://fedorahosted.org/freeipa/ticket/5381 https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS: Remove unnecessary DNS check from installerPetr Spacek2016-06-291-9/+1
| | | | | | | | | | | | | | Previously we were checking content of DNS before actually adding DNS records for replicas. This is causing cycle in logic and adds weird corner cases to the installer which can blow up on DNS timeout or so. The check was completely unnecessary because the installer knows IP addresses and name of the machine. Removal of the check makes the installer more reliable. https://fedorahosted.org/freeipa/ticket/5962 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use NSS for name->resolution in IPA installerPetr Spacek2016-06-293-6/+43
| | | | | | | | | | | | This fixes scenarios where IPA server is not able to resolve own name and option --ip-address was not specified by the user. This partially reverts changes from commit dc405005f537cf278fd6ddfe6b87060bd13d9a67 https://fedorahosted.org/freeipa/ticket/5962 Reviewed-By: Martin Basti <mbasti@redhat.com>
* client-install: do not fail if DNS times out during DNS update generationPetr Spacek2016-06-291-0/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/5962 Reviewed-By: Martin Basti <mbasti@redhat.com>
* test: automember: Fix expected exception messageDavid Kupka2016-06-291-2/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* The LDAP*ReverseMember shouldn't imply --all is always specifiedStanislav Laznicka2016-06-293-11/+2
| | | | | | | | | | | The LDAP*ReverseMember methods would always return the whole LDAP object even though --all is not specified. Also had to fix some tests as objectClass will not be returned by default now. https://fedorahosted.org/freeipa/ticket/5892 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Revert "Removed dead code from LDAP{Remove,Add}ReverseMember"Stanislav Laznicka2016-06-291-0/+16
| | | | | | | | | While the code was really dead, it should serve a purpose elsewhere. This reverts commit c56d65b064e1e0410c03cf1206816cad4d8d86cc. https://fedorahosted.org/freeipa/ticket/5892 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* schema: fix Flag arguments on the clientJan Cholasta2016-06-291-1/+1
| | | | | | | | Fix Flag arguments appearing as Bool on the client. https://fedorahosted.org/freeipa/ticket/6009 Reviewed-By: David Kupka <dkupka@redhat.com>
* cert-find: fix 'issuer' optionFraser Tweedale2016-06-291-0/+2
| | | | | | | | | | | | | The 'issuer' option of cert-find was recently changed from Str to DNParam, however, 'ra.find' expects a string and throws when it receives a DN. When constructing the dict that gets passed to 'ra.find', turn DNParams into strings. Part of: https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa-certupdate: track lightweight CA certificatesFraser Tweedale2016-06-292-9/+82
| | | | | | | | | | | | | | Enhance the ipa-certupdate program to add Certmonger tracking requests for lightweight CA certificates. Also update the dogtag-ipa-ca-renew-agent-submit to not store or retrieve lightweight CA certificates, becaues Dogtag clones observe renewals and update their NSSDBs on their own, and allow the helper to request non-self-signed certificates. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Update lightweight CA serial after renewalFraser Tweedale2016-06-292-18/+72
| | | | | | | | | | | | | | | For CA replicas to pick up renewed lightweight CA signing certificates, the authoritySerial attribute can be updated with the new serial number. Update the renew_ca_cert script, which is executed by Certmonger after writing a renewed CA certificate to the NSSDB, to update the authoritySerial attribute if the certificate belongs to a lightweight CA. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Skip CS.cfg update if cert nickname not knownFraser Tweedale2016-06-293-8/+9
| | | | | | | | | | | | After CA certificate renewal, the ``renew_ca_cert`` helper updates certificate data in CS.cfg. An unrecognised nickname will raise ``KeyError``. To allow the helper to be used for arbitrary certificates (e.g. lightweight CAs), do not fail if the nickname is unrecognised - just skip the update. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipaldap: turn LDAP filter utility functions into class methodsFraser Tweedale2016-06-291-16/+19
| | | | | | | | | The LDAP filter utilities do not use any instance attributes, so collectively turn them into class methods to promote reuse. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Set default OCSP URI on install and upgradeFraser Tweedale2016-06-283-3/+30
| | | | | | | | | | | | | | Dogtag has been updated to support a default OCSP URI when the profile includes AuthInfoAccess with URI method but does not specify the URI (instead of constructing one based on Dogtag's hostname and port). Add the pkispawn config to ensure that the OCSP URI is set before issuing CA and system certificates, and add the config to existing CA instances on upgrade. Fixes: https://fedorahosted.org/freeipa/ticket/5956 Reviewed-By: Martin Basti <mbasti@redhat.com>
* CA replica promotion: add proper CA DNS recordsMartin Basti2016-06-283-6/+13
| | | | | | | | Update 'ipa-ca' records with A/AAAA records of the newly added replica https://fedorahosted.org/freeipa/ticket/5966 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS Locations: cleanup of bininstanceMartin Basti2016-06-287-84/+30
| | | | | | | | | | | | | | | | We don't need anymore: * sample of zone file - list of all records required by IPa will be provided * NTP related params - DNS records will be updated automatically, based on LDAP values * CA related params - DNS records will be updated automatically based * on LDAP values https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* schema: Caching on schema on clientDavid Kupka2016-06-282-10/+223
| | | | | | | | | Store schema in per user cache. Together with schemas also information about mapping between server and fingerprint is stored to reduce traffic. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* env: Add 'server' variable to api.envDavid Kupka2016-06-282-0/+10
| | | | | | https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* DNS: Fix tests for realm domains integration with DNS zone addPetr Spacek2016-06-281-5/+5
| | | | | | | | | We forgot to update tests after change in 22f4045f72daf182c44ce574291c0d8a7733713b. https://fedorahosted.org/freeipa/ticket/5980 Reviewed-By: David Kupka <dkupka@redhat.com>
* client: Share validator and domain name normalization with server installPetr Spacek2016-06-281-1/+9
| | | | | | https://fedorahosted.org/freeipa/ticket/5976 Reviewed-By: Martin Basti <mbasti@redhat.com>
* frontend: forward command calls using full nameJan Cholasta2016-06-281-1/+6
| | | | | | | | Forward commands to remote server using the full versioned name. https://fedorahosted.org/freeipa/ticket/4427 Reviewed-By: David Kupka <dkupka@redhat.com>
* schema: support plugin versioningJan Cholasta2016-06-284-77/+127
| | | | | | | | Update API schema server and client code to support plugin versioning. https://fedorahosted.org/freeipa/ticket/4427 Reviewed-By: David Kupka <dkupka@redhat.com>
* plugable: support plugin versioningJan Cholasta2016-06-2811-448/+1056
| | | | | | | | | | | | | | Allow multiple incompatible versions of a plugin using the same name. The current plugins are assumed to be version '1'. The unique identifier of plugins was changed from plugin name to plugin name and version. By default, the highest version available at build time is used. If the plugin is an unknown remote plugin, version of '1' is used by default. https://fedorahosted.org/freeipa/ticket/4427 Reviewed-By: David Kupka <dkupka@redhat.com>
* plugable: use plugin class as the key in API namespacesJan Cholasta2016-06-284-69/+83
| | | | | | | | | When iterating over APINameSpace objects, use plugin class rather than its name as the key. https://fedorahosted.org/freeipa/ticket/4427 Reviewed-By: David Kupka <dkupka@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-12 02:06:28 +0000