summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Require Dogtag 10.2.6-13 to fix KRA uninstallChristian Heimes2016-01-061-2/+2
| | | | | | | | | | | | The combination of a bug in Dogtag's sslget command and a new feature in mod_nss causes an incomplete uninstallation of KRA. The bug has been fixed in Dogtag 10.2.6-13. https://fedorahosted.org/freeipa/ticket/5469 https://fedorahosted.org/pki/ticket/1704 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipalib/x509.py: revert deletion of ipalib api importMartin Babinsky2016-01-041-0/+1
| | | | | | | | | | | This import statement has been removed in commit e4075b1fe26a608cd1f3778ee1f655a5f5700c65. This caused requests for service certs to fail, since the validation functions from x509 module crashed with NameError. https://fedorahosted.org/freeipa/ticket/5561 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Enable pylint unnecessary-pass checkMartin Basti2015-12-2314-19/+2
| | | | | | Enables check and removes extra pass statement from code. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Enable pylint empty-docstring checkMartin Basti2015-12-233-9/+0
| | | | | | | | | | | | | | Enables check and fixes: ************* Module ipalib.session ipalib/session.py:671: [C0112(empty-docstring), SessionAuthManager] Empty class docstring) ipalib/session.py:705: [C0112(empty-docstring), SessionAuthManager.logout] Empty method docstring) ************* Module ipalib.cli ipalib/cli.py:364: [C0112(empty-docstring), textui.print_entry] Empty method docstring) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Enable pylint expression-not-assigned checkMartin Basti2015-12-236-9/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enables check and fixes: ************* Module ipa-replica-conncheck install/tools/ipa-replica-conncheck:150: [W0106(expression-not-assigned), parse_options] Expression "(replica_group.add_option('-w', '--password', dest='password', sensitive=True, help='Password for the principal'), )" is assigned to nothing) ************* Module ipatests.test_xmlrpc.test_automount_plugin ipatests/test_xmlrpc/test_automount_plugin.py:437: [W0106(expression-not-assigned), test_automount_indirect.test_1a_automountmap_add_indirect] Expression "api.Command['automountmap_add_indirect'](self.locname, self.mapname, **self.map_kw)['result']" is assigned to nothing) ************* Module ipatests.test_ipaserver.test_otptoken_import ipatests/test_ipaserver/test_otptoken_import.py:128: [W0106(expression-not-assigned), test_otptoken_import.test_mini] Expression "[(t.id, t.options) for t in doc.getKeyPackages()]" is assigned to nothing) ************* Module ipatests.test_ipaserver.test_ldap ipatests/test_ipaserver/test_ldap.py:221: [W0106(expression-not-assigned), test_LDAPEntry.test_popitem] Expression "list(e) == []" is assigned to nothing) ************* Module ipa-client-install ipa-client/ipa-install/ipa-client-install:114: [W0106(expression-not-assigned), parse_options] Expression "(basic_group.add_option('-p', '--principal', dest='principal', help='principal to use to join the IPA realm'), )" is assigned to nothing) ipa-client/ipa-install/ipa-client-install:116: [W0106(expression-not-assigned), parse_options] Expression "(basic_group.add_option('-w', '--password', dest='password', sensitive=True, help='password to join the IPA realm (assumes bulk password unless principal is also set)'), )" is assigned to nothing) ipa-client/ipa-install/ipa-client-install:118: [W0106(expression-not-assigned), parse_options] Expression "(basic_group.add_option('-k', '--keytab', dest='keytab', help='path to backed up keytab from previous enrollment'), )" is assigned to nothing) ipa-client/ipa-install/ipa-client-install:120: [W0106(expression-not-assigned), parse_options] Expression "(basic_group.add_option('-W', dest='prompt_password', action='store_true', default=False, help='Prompt for a password to join the IPA realm'), )" is assigned to nothing) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Enable pylint unused-format-string-key checkMartin Basti2015-12-232-5/+2
| | | | | | | | | | | | Enables check and fixes: ipatests/test_xmlrpc/test_permission_plugin.py:534: [W1301(unused-format-string-key), test_permission] Unused key 'tdn' in format string dictionary) ipatests/test_xmlrpc/test_permission_plugin.py:652: [W1301(unused-format-string-key), test_permission] Unused key 'tdn' in format string dictionary) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Enable pylint missing-final-newline checkMartin Basti2015-12-232-2/+1
| | | | | | | | Enables check and fixes: ipaserver/install/otpdinstance.py:25: [C0304(missing-final-newline), ] Final newline missing) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Enable pylint trailing-whitespace checkMartin Basti2015-12-234-6/+5
| | | | | | | | | | | | | | | | | | | Enables check and fixes: ************* Module ipapython.log_manager ipapython/log_manager.py:808: [C0303(trailing-whitespace), ] Trailing whitespace) ************* Module ipachangeconf contrib/RHEL4/ipachangeconf.py:28: [C0303(trailing-whitespace), ] Trailing whitespace) contrib/RHEL4/ipachangeconf.py:116: [C0303(trailing-whitespace), ] Trailing whitespace) ************* Module ipalib.plugins.pwpolicy ipalib/plugins/pwpolicy.py:174: [C0303(trailing-whitespace), ] Trailing whitespace) ipalib/plugins/pwpolicy.py:180: [C0303(trailing-whitespace), ] Trailing whitespace) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Enable pylint duplicated-key checkMartin Basti2015-12-232-2/+0
| | | | | | | | Enables check and fixes: ipatests/test_xmlrpc/test_permission_plugin.py:65: [W0109(duplicate-key), ] Duplicate key 'ipapermlocation' in dictionary) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Enable pylint lost exception checkMartin Basti2015-12-232-3/+2
| | | | | | | | | Commit enables check and also fixes: ipaserver/dcerpc.py:718: [W0150(lost-exception), DomainValidator.__search_in_dc] return statement in finally block may swallow exception) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Enable multiple warnings checks in PylintMartin Basti2015-12-231-3/+67
| | | | | | | Enable more checks in pylint. Currently disabled checks are check that we do not want, or issues are already in code. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove wildcard importsMartin Basti2015-12-2361-71/+295
| | | | | | | | | | | Wildcard imports should not be used. Check for wildcard imports has been enabled in pylint. Pylint note: options 'wildcard-import' causes too much false positive results, so instead it I used 'unused-wildcard-import' option which has almost the same effect. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove unused importsMartin Basti2015-12-23158-365/+152
| | | | | | | This patch removes unused imports, alse pylint has been configured to check unused imports. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove empty test fileMartin Basti2015-12-231-26/+0
| | | | | | This test file has not been used Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use module variables for timedate_servicesMartin Basti2015-12-233-3/+3
| | | | | | | Explicitly store timedate services in module variable is safer than doind just unused import. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix: replace mkdir with chmodMartin Basti2015-12-221-1/+1
| | | | | | | | In original patches, extra mkdir has been added instead of chmod. https://fedorahosted.org/freeipa/ticket/5520 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-dns-install: Do not check for zone overlap when DNS installed.David Kupka2015-12-224-20/+12
| | | | | | | | | | | When DNS is already installed somewhere in topology we should not check for zone overlap because it would always say that we are overlapping our own domain. ipa-replica-install already does that but ipa-dns-install did not. https://fedorahosted.org/freeipa/ticket/5564 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix version comparisonMartin Basti2015-12-222-0/+54
| | | | | | | | Use RPM library to compare vendor versions of IPA for redhat platform https://fedorahosted.org/freeipa/ticket/5535 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Remove unused code in server installer related to KRAMartin Basti2015-12-221-21/+3
| | | | | | The first instance of KRA system should be allowed to install only by ipa-kra-install. This commit removes TODO and unneeded parts in code. Reviewed-By: David Kupka <dkupka@redhat.com>
* installer: Fix logic of reading option values from cache.David Kupka2015-12-211-4/+3
| | | | | | | | | | Only options explicitly set must be stored before installer exits first step of external CA setup. When installer continues all stored option values must be restored. https://fedorahosted.org/freeipa/ticket/5556 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* installer: Propagate option values from components instead of copying them.David Kupka2015-12-212-34/+18
| | | | | | https://fedorahosted.org/freeipa/ticket/5556 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* CI tests: Added domain realm as a parameter to master installation in ↵Oleg Fayans2015-12-211-1/+2
| | | | | | | | | | integration tests Without realm provided explicitly, installation calculates it automatically from the current hostname which may be inconsistent with the configured domain name. Which, in turn, causes failures in integration tests in the lab. Reviewed-By: Martin Basti <mbasti@redhat.com>
* CI tests: Enabled automatic creation of reverse zone during master installationOleg Fayans2015-12-211-1/+2
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipatests: Roll back the forwarder config after a test caseMilan Kubik2015-12-211-0/+9
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix DNS tests: dns-resolve returns warningMartin Basti2015-12-211-0/+18
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* harden domain level 1 topology connectivity checksMartin Babinsky2015-12-212-12/+35
| | | | | | | | | this patch makes the check_last_link_managed() function more resistant to both orphaned topology suffixes and also to cases when there are IPA masters do not seem to manage any suffix. The function will now only complain loudly about these cases and not cause crashes. Reviewed-By: Martin Basti <mbasti@redhat.com>
* raise more descriptive Backend connection-related exceptionsMartin Babinsky2015-12-212-13/+23
| | | | | | https://fedorahosted.org/freeipa/ticket/5473 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipatests: replace the test-example.com domain in testsMilan Kubík2015-12-172-27/+33
| | | | | | | | | | Latest DNS patches introduced checks for the added zones. If a zone exists, the add fails if not forced. The domain test-example.com is resolvable thus causing errors in the test. Also adds missing __init__.py to the ipatests.test_cmdline package. Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* Package ipapython, ipalib, ipaplatform, ipatests for Python 3Petr Viktorin2015-12-1710-32/+289
| | | | | | | | | | Running make with PYTHON=/usr/bin/python3 will build/install the bits for Python 3. Executable scripts in ipatests have symlinks Python version suffixes as per Fedora guidelines. Suffix-less names point to the Python 2 versions. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* dns: Handle SERVFAIL in check if domain already exists.Petr Spacek2015-12-163-9/+10
| | | | | | | | In cases where domain is already delegated to IPA prior installation we might get timeout or SERVFAIL. The answer depends on the recursive server we are using for the check. Reviewed-By: David Kupka <dkupka@redhat.com>
* ipautil: remove unused import causing cyclic import in testsJan Cholasta2015-12-151-1/+0
| | | | https://fedorahosted.org/freeipa/ticket/5551
* Bump 4.4 development version to 4.3.90Petr Vobornik2015-12-141-1/+1
|
* Become IPA 4.3.0Petr Vobornik2015-12-141-2/+2
|
* dns: Add --auto-reverse option.David Kupka2015-12-145-1/+28
| | | | | | | | Introducing '--auto-reverse' option. When specified reverse records for all server's IP addresses are checked and when record nor reverse zone does not exist reverse zone is created. Reviewed-By: Petr Spacek <pspacek@redhat.com>
* dns: Check if domain already exists.David Kupka2015-12-147-60/+190
| | | | | | | | | Raise an error when the domain already exists. This can be overriden using --force or --allow-zone-overlap options. https://fedorahosted.org/freeipa/ticket/3681 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* dns: do not add (forward)zone if it is already resolvable.David Kupka2015-12-144-10/+124
| | | | | | | | | Check if the zone user wants to add is already resolvable and refuse to create it if yes. --skip-overlap-check and --force options suppress this check. https://fedorahosted.org/freeipa/ticket/5087 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipa-client-install: create a temporary directory for ccache filesMartin Babinsky2015-12-141-3/+3
| | | | | | | | | | | gssapi.Credentials instantiation in ipautil.kinit_keytab() raises 'Bad format in credential cache' error when a name of an existing zero-length file is passed as a ccache parameter. Use temporary directory instead and let GSSAPI to create file-based ccache on demand. https://fedorahosted.org/freeipa/ticket/5528 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* CI tests: remove '-p' option from ipa-dns-install callsMartin Babinsky2015-12-143-8/+1
| | | | | | | | | fix for https://fedorahosted.org/freeipa/ticket/4933 made ipa-dns-install to use LDAPI and deprecated -p option for directory manager password. This patche remove the option from calls to ipa-dns-install in CI tests so that deprecation warning does not clutter the logs. Reviewed-By: Milan Kubik <mkubik@redhat.com>
* replica promotion: let ipa-client-install validate enrollment optionsJan Cholasta2015-12-141-9/+0
| | | | | | | | | ipa-client-install output is redirected to standard output, so let it print its own error message for missing options. https://fedorahosted.org/freeipa/ticket/5542 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Explicitly call chmod on newly created directoriesMartin Basti2015-12-145-8/+14
| | | | | | | | | Without calling os.chmod(), umask is effective and may cause that directory is created with permission that causes failure. This can be related to https://fedorahosted.org/freeipa/ticket/5520 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* DNS: fix file permissionsMartin Basti2015-12-141-1/+3
| | | | | | | | With non default umask named-pkcs11 cannot access the softhsm token storage https://fedorahosted.org/freeipa/ticket/5520 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* server install: redirect ipa-client-install output to standard outputJan Cholasta2015-12-142-16/+15
| | | | | | https://fedorahosted.org/freeipa/ticket/5527 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipautil: allow redirecting command output to standard output in run()Jan Cholasta2015-12-141-2/+13
| | | | | | https://fedorahosted.org/freeipa/ticket/5527 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ca install: use host credentials in domain level 1Jan Cholasta2015-12-141-25/+51
| | | | | | https://fedorahosted.org/freeipa/ticket/5399 Reviewed-By: Martin Basti <mbasti@redhat.com>
* aci: merge domain and CA suffix replication agreement ACIsJan Cholasta2015-12-143-9/+13
| | | | | | | | | | | | | Merge the two identical sets of replication agreement permission ACIs for the domain and CA suffixes into a single set suitable for replication agreements for both suffixes. This makes the replication agreement permissions behave correctly during CA replica install, so that any non-admin user with the proper permissions (such as members of the ipaservers host group) can set up replication for the CA suffix. https://fedorahosted.org/freeipa/ticket/5399 Reviewed-By: Martin Basti <mbasti@redhat.com>
* dogtaginstance: remove unused function 'check_inst'Fraser Tweedale2015-12-142-18/+0
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* replica promotion: notify user about ignoring client enrollment optionsJan Cholasta2015-12-141-0/+6
| | | | | | | | | When IPA client is already installed, notify the user that the enrollment options are ignored in ipa-replica-install. https://fedorahosted.org/freeipa/ticket/5530 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Tests: test_ipagetkeytab: fix assert that is always trueMartin Basti2015-12-141-2/+2
| | | | | | | Fixes: /usr/lib/python2.7/site-packages/ipatests/test_cmdline/test_ipagetkeytab.py:116: SyntaxWarning: assertion is always true, perhaps remove parentheses? Reviewed-By: Tomas Babej <tbabej@redhat.com>
* spec file: Add dbus-python to BuildRequiresDavid Kupka2015-12-141-0/+1
| | | | | | Commit 8d7f67e introduced the need for dbus-python during build time. https://fedorahosted.org/freeipa/ticket/5497
* Makefile: disable parallel buildPetr Spacek2015-12-141-0/+3
| | | | | | | | IPA build system cannot cope with parallel build anyway, so this patch disables parallel build explicitly so it does not blow up when user has -j specified in default MAKEOPTS. Reviewed-By: Tomas Babej <tbabej@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-29 09:14:25 +0000