freeipa.git/ipatests, branch ccachesess FreeIPA patches Store session cookie in a ccache option 2017-03-09T13:43:49+00:00 Simo Sorce simo@redhat.com 2017-03-06T23:47:56+00:00 c1ae93acad645c7725041cc10bf14b10fb94533c Instead of using the kernel keyring, store the session cookie within the ccache. This way kdestroy will really wipe away all credentials. Ticket: https://pagure.io/freeipa/issue/6661 Signed-off-by: Simo Sorce <simo@redhat.com> 
Instead of using the kernel keyring, store the session cookie within the
ccache. This way kdestroy will really wipe away all credentials.

Ticket: https://pagure.io/freeipa/issue/6661

Signed-off-by: Simo Sorce <simo@redhat.com>
tests: use --setup-kra in tests 2017-03-08T14:50:30+00:00 Martin Basti mbasti@redhat.com 2017-03-07T16:44:17+00:00 25fa2bb6c9fa1b498330b13c9a6116b646eb75ba This will allow to test --setup-kra option together with ipa-server-install in install tests Separate installation using ipa-kra-install is already covered. https://pagure.io/freeipa/issue/6731 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Tomas Krizek <tkrizek@redhat.com> 
This will allow to test --setup-kra option together with
ipa-server-install in install tests

Separate installation using ipa-kra-install is already covered.

https://pagure.io/freeipa/issue/6731

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Add SHA256 fingerprints for certs 2017-03-07T18:52:43+00:00 Tomas Krizek tkrizek@redhat.com 2017-02-23T16:03:01+00:00 a06c71b1268850e485e89049ed3654f893edff0b https://fedorahosted.org/freeipa/ticket/6701 Reviewed-By: Pavel Vomacka <pvomacka@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
https://fedorahosted.org/freeipa/ticket/6701

Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
test_csrgen: adjusted comparison test scripts for CSRGenerator 2017-03-07T12:18:14+00:00 Michal Reznik mreznik@redhat.com 2017-03-03T10:17:17+00:00 83e2c2b65eeb5a3aa4a59c0535e9177aac5e4637 Commit ada91c2 introduced changes in "csrgen/templates/openssl_base.tmpl" which broke the following 2 tests: test_CSRGenerator.test_userCert_OpenSSL test_CSRGenerator.test_caIPAserviceCert_OpenSSL The tests use files caIPAserviceCert_openssl.sh and userCert_openssl.sh as expected scripts in order to compare scripts generated by CSRGenerator. E.g. as other parameter was introduced we are now not checking with "if [[ $# -ne 2 ]]" but rather with if "[[ $# -lt 2 ]]". https://pagure.io/freeipa/issue/6724 Reviewed-By: Milan Kubik <mkubik@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> 
Commit ada91c2 introduced changes in "csrgen/templates/openssl_base.tmpl"
which broke the following 2 tests:

    test_CSRGenerator.test_userCert_OpenSSL
    test_CSRGenerator.test_caIPAserviceCert_OpenSSL

The tests use files caIPAserviceCert_openssl.sh and userCert_openssl.sh
as expected scripts in order to compare scripts generated by CSRGenerator.
E.g. as other parameter was introduced we are now not checking with
"if [[ $# -ne 2 ]]" but rather with if "[[ $# -lt 2 ]]".

https://pagure.io/freeipa/issue/6724

Reviewed-By: Milan Kubik <mkubik@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Support for Certificate Identity Mapping 2017-03-02T14:09:42+00:00 Florence Blanc-Renaud flo@redhat.com 2016-12-20T15:21:58+00:00 9e24918c89f30a6d7064844dc0dd848bb35140df See design http://www.freeipa.org/page/V4/Certificate_Identity_Mapping https://fedorahosted.org/freeipa/ticket/6542 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com> 
See design http://www.freeipa.org/page/V4/Certificate_Identity_Mapping

https://fedorahosted.org/freeipa/ticket/6542

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
Provide basic integration tests for built-in AD trust installer 2017-03-01T14:55:45+00:00 Martin Babinsky mbabinsk@redhat.com 2017-02-20T14:17:11+00:00 612ea7f66e102c57c2b213eff99ad8f1c91e59a5 A couple of tests were added to server/replica install integration suite to test AD trust install w/ various combinations of other optional components. https://fedorahosted.org/freeipa/ticket/6630 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
A couple of tests were added to server/replica install integration
suite to test AD trust install w/ various combinations of other optional
components.

https://fedorahosted.org/freeipa/ticket/6630

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Remove import nss from test_ldap 2017-03-01T12:55:22+00:00 Christian Heimes cheimes@redhat.com 2017-03-01T10:33:00+00:00 79c0e6d355c9e7bcc7cacc37faaba8e999d56400 test_ldap just imported nss.nss to call nss_init_nodb(). It should be safe to remove the call. Let's see what CI has to say. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
test_ldap just imported nss.nss to call nss_init_nodb(). It should be
safe to remove the call. Let's see what CI has to say.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
test_config: fix fips_mode key in Env 2017-03-01T11:59:21+00:00 Tomas Krizek tkrizek@redhat.com 2017-02-27T12:17:17+00:00 5055b34cefd6e3f9b707aed076a49ae97b38aa3c Setting fips_mode to object would fail if ipaplatform.tasks module wasn't present. https://fedorahosted.org/freeipa/ticket/5695 Reviewed-By: Christian Heimes <cheimes@redhat.com> 
Setting fips_mode to object would fail if ipaplatform.tasks module
wasn't present.

https://fedorahosted.org/freeipa/ticket/5695

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Finish port to PyCA cryptography 2017-03-01T11:51:50+00:00 Christian Heimes cheimes@redhat.com 2017-02-25T10:06:04+00:00 135d0b5dd111d40632e2cd5be8f5315684b45fc6 * add missing default_backend * unpad encrypted data * use cryptography's hashes and HMAC construct * remove hard dependency on python-nss from setup.py Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
* add missing default_backend
* unpad encrypted data
* use cryptography's hashes and HMAC construct
* remove hard dependency on python-nss from setup.py

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Migrate OTP import script to python-cryptography 2017-03-01T11:51:50+00:00 Nathaniel McCallum npmccallum@redhat.com 2015-08-31T14:46:19+00:00 d00ae870dda2889545c9d93e82e44526bfd4f431 https://fedorahosted.org/freeipa/ticket/5192 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
https://fedorahosted.org/freeipa/ticket/5192

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>