| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
The incorrect api was used, and CA record updated was duplicated.
https://fedorahosted.org/freeipa/ticket/5966
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
|
| |
Test ipatests/test_ipalib/test_frontend.py::test_Command::test_validate fails due to attributes that are no longer present, therefore assertion for these values was removed.
https://fedorahosted.org/freeipa/ticket/5987
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test fails were caused mainly by assertion between unicode and nonunicode string, or due to changes in code related to thin client.
Fixes:
test_Command::test_default_from_chaining
test_Command::test_args_options_2_params
test_Command::test_params_2_args_options
test_Command::test_validate_output_per_type
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
|
|
|
|
|
|
|
| |
Since DNS configuration is no longer needed for running trust tests, this method's contents are removed. Method is left empty as reference for others, should they have issues with DNS configuration.
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
|
|
|
|
|
|
|
|
|
| |
If the version of the remote server is higher than the local version, don't
allow installing a replica of it.
https://fedorahosted.org/freeipa/ticket/5983
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Use in-server API so that the commands don't try to fetch API schema and
fail.
https://fedorahosted.org/freeipa/ticket/5995
Reviewed-By: Milan Kubik <mkubik@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The previous fix in commit a77e21cbca05be422fe5826857cfba7e0ba6e71f made
some Bool arguments appear as Flag on the client. This change fixes that.
https://fedorahosted.org/freeipa/ticket/6009
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
| |
Add possibility to add, remove, view, get and download custom certificates on ID override user page.
https://fedorahosted.org/freeipa/ticket/5926
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
| |
Some strings in the testsuite are unicode which wasn't reflected in the tests. This patch fixes the problem by changing concerned strings to unicode.
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
|
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/5905
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5761
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Add general class for multivalued widget which uses special commands which
are performed immediately.
Part of: https://fedorahosted.org/freeipa/ticket/5108
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
All certificates which are not issued by IPA CA are grey and not clickable. That's
because these certificates are not maintained by IPA CA.
Part of: https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
and add support for adapters.
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The certificate widget is used for each certificate in certs_widget. It allows to
view, get, download, revoke and restore certificate.
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Certs widget is based on multivalued widget and adds ability to add new certificate
and delete it. Each line is cert_widget.
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
| |
These two actions are not available any more. So that code is never called.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Method calling in actions is moved to another function - these calls may be used
by another functions, not only by actions.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Removed old layout created using html tables. Now table layout is made by div
and modern css styling.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Object adapter changes data to more useful format. Single value is reachable
as single value, property with more values is transformed to array.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
By specifying correct attribute when creating command it turn off showing activity icon
when webui waits for response from the server.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This widget can be used as notification that some other widget is working.
It shows spinner and cover the other widget by specified color.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Adds methods which are able to enable and disable options according to the name of option
and methods which set or get whole item list.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Every single widget which is in multivalued widget can now have custom action menu
and the delete button is included in this custom action menu.
Part of this ticket:
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Command cert-find with parameter sizelimit set to 0 no longer returns 0
certificates but returns all.
More precise ConversionError is returned when parameter is not
convertible to its type.
https://fedorahosted.org/freeipa/ticket/5381
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we were checking content of DNS before actually adding DNS
records for replicas. This is causing cycle in logic and adds weird
corner cases to the installer which can blow up on DNS timeout or so.
The check was completely unnecessary because the installer knows IP
addresses and name of the machine. Removal of the check makes
the installer more reliable.
https://fedorahosted.org/freeipa/ticket/5962
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes scenarios where IPA server is not able to resolve own name
and option --ip-address was not specified by the user.
This partially reverts changes from commit
dc405005f537cf278fd6ddfe6b87060bd13d9a67
https://fedorahosted.org/freeipa/ticket/5962
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5962
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The LDAP*ReverseMember methods would always return the whole LDAP
object even though --all is not specified.
Also had to fix some tests as objectClass will not be returned by
default now.
https://fedorahosted.org/freeipa/ticket/5892
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
| |
While the code was really dead, it should serve a purpose elsewhere.
This reverts commit c56d65b064e1e0410c03cf1206816cad4d8d86cc.
https://fedorahosted.org/freeipa/ticket/5892
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
| |
Fix Flag arguments appearing as Bool on the client.
https://fedorahosted.org/freeipa/ticket/6009
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'issuer' option of cert-find was recently changed from Str to
DNParam, however, 'ra.find' expects a string and throws when it
receives a DN.
When constructing the dict that gets passed to 'ra.find', turn
DNParams into strings.
Part of: https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enhance the ipa-certupdate program to add Certmonger tracking
requests for lightweight CA certificates.
Also update the dogtag-ipa-ca-renew-agent-submit to not store or
retrieve lightweight CA certificates, becaues Dogtag clones observe
renewals and update their NSSDBs on their own, and allow the helper
to request non-self-signed certificates.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For CA replicas to pick up renewed lightweight CA signing
certificates, the authoritySerial attribute can be updated with the
new serial number.
Update the renew_ca_cert script, which is executed by Certmonger
after writing a renewed CA certificate to the NSSDB, to update the
authoritySerial attribute if the certificate belongs to a
lightweight CA.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
After CA certificate renewal, the ``renew_ca_cert`` helper updates
certificate data in CS.cfg. An unrecognised nickname will raise
``KeyError``. To allow the helper to be used for arbitrary
certificates (e.g. lightweight CAs), do not fail if the nickname is
unrecognised - just skip the update.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The LDAP filter utilities do not use any instance attributes, so
collectively turn them into class methods to promote reuse.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dogtag has been updated to support a default OCSP URI when the
profile includes AuthInfoAccess with URI method but does not specify
the URI (instead of constructing one based on Dogtag's hostname and
port).
Add the pkispawn config to ensure that the OCSP URI is set before
issuing CA and system certificates, and add the config to existing
CA instances on upgrade.
Fixes: https://fedorahosted.org/freeipa/ticket/5956
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
|
|
| |
Update 'ipa-ca' records with A/AAAA records of the newly added replica
https://fedorahosted.org/freeipa/ticket/5966
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't need anymore:
* sample of zone file - list of all records required by IPa will be
provided
* NTP related params - DNS records will be updated automatically,
based on LDAP values
* CA related params - DNS records will be updated automatically based
* on LDAP values
https://fedorahosted.org/freeipa/ticket/2008
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Store schema in per user cache. Together with schemas also information
about mapping between server and fingerprint is stored to reduce traffic.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
| |
We forgot to update tests after change in
22f4045f72daf182c44ce574291c0d8a7733713b.
https://fedorahosted.org/freeipa/ticket/5980
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5976
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
|
|
| |
Forward commands to remote server using the full versioned name.
https://fedorahosted.org/freeipa/ticket/4427
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
| |
Update API schema server and client code to support plugin versioning.
https://fedorahosted.org/freeipa/ticket/4427
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow multiple incompatible versions of a plugin using the same name. The
current plugins are assumed to be version '1'.
The unique identifier of plugins was changed from plugin name to plugin
name and version. By default, the highest version available at build time
is used. If the plugin is an unknown remote plugin, version of '1' is used
by default.
https://fedorahosted.org/freeipa/ticket/4427
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
| |
When iterating over APINameSpace objects, use plugin class rather than its
name as the key.
https://fedorahosted.org/freeipa/ticket/4427
Reviewed-By: David Kupka <dkupka@redhat.com>
|