summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* batch: do not crash when no argument is specifiedJan Cholasta2016-05-251-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* frontend: perform argument value validation only on serverJan Cholasta2016-05-253-5/+16
| | | | | | | | | | | | | | | | Do not validate values of command arguments on the client and let the server handle validation. This will make the client more lightweight by not having it to carry validation code and metadata with itself for the price of increasing network traffic in case the validation fails. Types of the arguments are still validated on both the client and the server. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* frontend: remove the unused Command.soft_validate methodJan Cholasta2016-05-252-43/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* frontend: re-raise remote RequirementError using CLI name in CLIJan Cholasta2016-05-259-46/+34
| | | | | | https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* rpc: include structured error information in responsesJan Cholasta2016-05-2510-28/+246
| | | | | | | | | | | | | | Include keyword arguments of exceptions in RPC responses. This is limited to JSON-RPC, as XML-RPC does not support additional data in error responses. Include keyword arguments of messages in RPC responses. Include keyword arguments of exceptions in batch command result. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* parameters: remove unused ConversionError and ValidationError argumentsJan Cholasta2016-05-255-84/+37
| | | | | | | | | | Do not set the `value`, `index` and `rule` arguments when raising ConversionError and ValidationError. The arguments are unused and are not specified consistently accross the framework and plugins. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* rpc: do not crash when unable to parse JSONJan Cholasta2016-05-251-1/+1
| | | | | | | | | When unable to parse JSON response from the server, properly raise JSONError not to cause a crash. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* replica install: do not set CA renewal master flagJan Cholasta2016-05-243-4/+28
| | | | | | | | | | | | | The CA renewal master flag was uncoditionally set on every replica during replica install. This causes the Dogtag certificates initially shared among all replicas to differ after renewal. Do not set the CA renewal master flag in replica install anymore. On upgrade, remove the flag from all but one IPA masters. https://fedorahosted.org/freeipa/ticket/5902 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Test: Maximum username length higher than 255 cannot be setLenka Doudova2016-05-241-1/+30
| | | | | | https://fedorahosted.org/freeipa/ticket/5774 Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
* ipa-nis-manage: add status optionPetr Spacek2016-05-242-6/+24
| | | | | | | https://fedorahosted.org/freeipa/ticket/5856 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com>
* Incorrect message when KRA already installedPatrice Duc-Jacquet2016-05-201-0/+5
| | | | | | | | | | | | | | | | | When trying to install a second time KRA, in case domain-level=0 the error lessage is not correct. It mentions : "ipa-kra-install: error: A replica file is required." Note that this behavior is not observed if domain-level=1 The subject of the fix consist in checking that KRA is not already installed before going ahead in the installation process. Tests done: I have made the following tests in bot domain-level=0 and domain-level=1 : - Install KRA (check it is correctly installed), - Install KRA a second time (check that the correct error message is raised) - uninstall KRA (check that it is correctly uninstalled) - Install KRA again (check that it is correctly installed) Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix referenced before assigment variables in except statementsMartin Basti2016-05-201-2/+2
| | | | | | | Variable msg may not exists in the last except context, and even it contains improper value because it is not related to catched exception Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* pylint: replace Refactor category with individual check namesPetr Spacek2016-05-201-1/+18
| | | | | | This eases enabling/disabling individual tests like cyclic-import. Reviewed-By: Martin Basti <mbasti@redhat.com>
* makeapi: use the same formatting for `int` and `long` valuesJan Cholasta2016-05-191-0/+2
| | | | | | | | | This prevents validation failures on architectures where integer is less than 32 bits. https://fedorahosted.org/freeipa/ticket/5894 Reviewed-By: Martin Basti <mbasti@redhat.com>
* build: fix client-only buildJan Cholasta2016-05-194-4/+13
| | | | | | https://fedorahosted.org/freeipa/ticket/5889 Reviewed-By: Martin Basti <mbasti@redhat.com>
* spec file: bump minimum required pki-core versionJan Cholasta2016-05-191-2/+2
| | | | | | | | | | | | Require pki-core >= 10.2.6-19, which contains fixes for the following PKI tickets: * https://fedorahosted.org/pki/ticket/2022 * https://fedorahosted.org/pki/ticket/2247 * https://fedorahosted.org/pki/ticket/2255 https://fedorahosted.org/freeipa/ticket/5602 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Detect and repair incorrect caIPAserviceCert configFraser Tweedale2016-05-192-3/+49
| | | | | | | | | | | A regression caused replica installation to replace the FreeIPA version of caIPAserviceCert with the version shipped by Dogtag. During upgrade, detect and repair occurrences of this problem. Part of: https://fedorahosted.org/freeipa/ticket/5881 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Prevent replica install from overwriting cert profilesFraser Tweedale2016-05-191-6/+12
| | | | | | | | | | | | | | An earlier change that unconditionally triggers import of file-based profiles to LDAP during server or replica install results in replicas overwriting FreeIPA-managed profiles with profiles of the same name shipped with Dogtag. ('caIPAserviceCert' is the affected profile). Avoid this situation by never overwriting existing profiles during the LDAP import. Fixes: https://fedorahosted.org/freeipa/ticket/5881 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Ping module tests.Peter Lacko2016-05-181-28/+27
| | | | | | | Test for ping module rewritten using non-declarative way. No new functionality has been added. Reviewed-By: Martin Basti <mbasti@redhat.com>
* Batch command: avoid accessing potentially undefined context.principalPetr Spacek2016-05-121-1/+4
| | | | | | | | | | | This might happen when the command is called directly in Python, e.g. in installers and so on. Pylint pylint-1.5.5-1.fc24.noarch caught this. https://fedorahosted.org/freeipa/ticket/5838 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove unused variable and finally block in SchemaCacheMartin Basti2016-05-121-5/+0
| | | | | | | Handling exceptions in python is expensive operation, removing of uneeded finally block is good for performance. Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* ipactl: advertise --ignore-service-failure optionMartin Basti2016-05-121-0/+10
| | | | | | | | | | | For non-critical services which are failing may be beneficial for users to ignore them and let IPA critical services start. For this a hint to use --ignore-service-failue option should be shown. https://fedorahosted.org/freeipa/ticket/5820 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Added exception handling for mal-formatted XML ParsingAbhijeet Kasurde2016-05-111-2/+7
| | | | | | | | | | In order to handle mal-formatted XML returned from Dogtag, added exception handling around etree.fromstring function. https://fedorahosted.org/freeipa/ticket/5885 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Added necessary A record for the replica to root zoneOleg Fayans2016-05-111-0/+5
| | | | | | | | | A master can only be delegated a zone authority, if this zone contains A records of the master and ALL replicas https://fedorahosted.org/freeipa/ticket/5848 Reviewed-By: Martin Basti <mbasti@redhat.com>
* A workaround for ticket N 5348Oleg Fayans2016-05-111-7/+90
| | | | | | | | | | A freshly created dnssec-enabled zone does not always display the signature until you restart named-pkcs11. Added restarting of this service after each dnssec-enabled zone. https://fedorahosted.org/freeipa/ticket/5348 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove unused file install/share/fedora-ds.init.patchPetr Spacek2016-05-111-12/+0
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNS installer: accept --auto-forwarders option in unattended modePetr Spacek2016-05-111-2/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/5869 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix to clean-dangling-ruv for single CA topologiesStanislav Laznicka2016-05-101-21/+33
| | | | | | | | | clean-dangling-ruv would fail in topologies with only one CA or when only one IPA server is present https://fedorahosted.org/freeipa/ticket/5840 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-nis-manage enable: change service name from 'portmap' to 'rpcbind'Gabe2016-05-101-11/+10
| | | | | | | https://fedorahosted.org/freeipa/ticket/5857 Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Replaced find_hostname with api.env.hostAbhijeet Kasurde2016-05-101-21/+1
| | | | | | | Fixes: https://fedorahosted.org/freeipa/ticket/5841 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* test_cert_plugin: Encode 'certificate' for comparison with 'usercertificate'Petr Viktorin2016-05-101-2/+2
| | | | | | | | | The 'certificate' option is Str, but 'usercertificate' is Bytes. Decode before comparing one with the other. Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipalib.cli: Improve reporting of binary values in the CLIPetr Viktorin2016-05-101-2/+3
| | | | | | | | | Make sure the base64-encoded value is a string, so it is printed without the b'' markers. Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix remaining relative import and enable Pylint checkPetr Viktorin2016-05-102-2/+1
| | | | | | | | Relative imports are not supported in Python 3. Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNS: Fix upgrade - master to forward zone transformationPetr Spacek2016-05-101-1/+3
| | | | | | | | | | | | | | | This happens when upgrading from IPA <= 4.0 to versions 4.3+. DNS caching might cause false positive in code which replaces master zone with forward zone. This will effectivelly delete the master zone without adding a replacement forward zone. Solution is to use skip_overlap_check option for dnsforwardzone_add command so zone existence check is skipped and the upgrade can proceed. https://fedorahosted.org/freeipa/ticket/5851 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Removed custom implementation of CalledProcessErrorAbhijeet Kasurde2016-05-101-15/+2
| | | | | | | | | | Removed custom class of CalledProcessError which was required for Python versions prior to 2.5 Fixes: https://fedorahosted.org/freeipa/ticket/5717 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* make: fail when ACI.txt or API.txt differs from values in source codeMartin Basti2016-05-061-1/+1
| | | | | | | | This regression was caused by commit 6acaf73b0c6f7301d5a5d4292a4f9926cc370867 before this commit make rpms failed when API.txt did not match api https://fedorahosted.org/freeipa/ticket/5865 Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* Switch /usr/bin/ipa to Python 3Petr Viktorin2016-05-062-1/+12
| | | | | | | | | | | | | When building RPMs with Python 3 support, /usr/bin/ipa will now use Python 3. The in-tree ipa command will also run on Python 3. When building with make install, $(PYTHON) is honored and it will still default to Python 2. Part of the work for https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* idviews: Add user certificate attribute to user ID overridesTomas Babej2016-05-065-8/+109
| | | | | | https://fedorahosted.org/freeipa/ticket/4955 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix added to ipa-compat-manage command line helpAbhijeet Kasurde2016-05-051-3/+3
| | | | | | | Minor fix in ipa-compat-manage command help message. Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* test_add_remove_cert_cmd: Use bytes for base64.b64encode()Petr Viktorin2016-05-051-1/+1
| | | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* certprofile plugin: Use binary mode for file with binary dataPetr Viktorin2016-05-051-1/+1
| | | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* radiusproxy plugin tests: Expect bytes, not text, for ipatokenradiussecretPetr Viktorin2016-05-051-2/+3
| | | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* range plugin tests: Use bytes with MockLDAP under Python 3Petr Viktorin2016-05-051-20/+28
| | | | | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipalib.rpc: Send base64-encoded data as string under Python 3Petr Viktorin2016-05-051-1/+4
| | | | | | | | | | Python 3's JSON library cannot deal with bytes, so decode base64-encoded data to string. Part of the work for https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* xmlrpc_test: Expect bytes rather than strings for binary attributesPetr Viktorin2016-05-053-8/+8
| | | | | | | | | | The attributes krbextradata, krbprincipalkey, and userpassword contain binary data. Part of the work for: https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* radiusproxy plugin: Use str(error) rather than error.messagePetr Viktorin2016-05-051-1/+1
| | | | | | | | | | In Python 3, the "message" attribute has been removed in favor of calling str() on the error. Part of the work for https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* xmlrpc_test: Rename exception instance before working with itPetr Viktorin2016-05-051-8/+9
| | | | | | | | | | | | Python 3 unsets the exception variable at the end of an "except" block to prevent reference cycles and speed up garbage collection. Store the exception under a different name in order to use it later. Part of the work for https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* test_xmlrpc: Use absolute importsPetr Viktorin2016-05-052-6/+6
| | | | | | | | | | In Python 3, a module from the current package can be imported either with the absolute name or by using an explicit relative import. Part of the work for https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* fix stageuser tests (removal of has_keytab and has_password from find)Martin Basti2016-05-051-2/+5
| | | | | | | | | User tests has been fixed, but stageuser tests was forgotten, this commit fixes it. https://fedorahosted.org/freeipa/ticket/5281 Reviewed-By: David Kupka <dkupka@redhat.com>
* Updated ipa command man pageAbhijeet Kasurde2016-05-031-7/+3
| | | | | | | | | Updated references and ipa command example in IPA man page https://fedorahosted.org/freeipa/ticket/5871 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
generated by cgit (git 2.34.1) at 2024-11-17 22:19:51 +0000