summaryrefslogtreecommitdiffstats
path: root/ipalib
Commit message (Collapse)AuthorAgeFilesLines
...
* Add `message` property to IPA's errors and warnings under Python 3Petr Viktorin2015-10-131-0/+12
| | | | | | | | Python 3 removes the "message" attribute from exceptions, in favor of just calling str(). Add it back for IPA's own exception types. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipalib.aci: Port to Python 3Petr Viktorin2015-10-131-6/+8
| | | | | | | | | - Don't encode under Python 3, where shlex would choke on bytes - Sort the attrs dictionary in export_to_string, so the tests are deterministic. (The iteration order of dicts was always unspecified, but was always the same in practice under CPython 2.) Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Rename caught exception for use outside the except: block.Petr Viktorin2015-10-131-1/+2
| | | | | | | | | | | | | | In Python 3, the variable with the currently handled exception is unset at the end of the except block. (This is done to break reference cycles, since exception instances now carry tracebacks, which contain all locals.) Fix this in baseldap's error handler. Use a simpler structure for the ipatests.raises utility that only uses the exception inside the except block. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* x509: Port to Python 3Petr Viktorin2015-10-131-1/+8
| | | | | | | | | | | | In python 3 , `bytes` has the buffer interface, and `buffer` was removed. Also, invalid padding in base64-encoded data raises a ValueError rather than TypeError. In tests, use pytest.assert_raises for more correct exception assertions. Also, get rid of unused imports in the tests Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Do not compare types that are not comparable in Python 3Petr Viktorin2015-10-131-3/+3
| | | | | | | | | | In Python 3, different types are generally not comparable (except for equality), and None can't be compared to None. Fix cases of these comparisons. In ipatest.util, give up on sorting lists if the sorting raises a TypeError. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* realmdomains: Do not fail due the ValidationError when adding _kerberos TXT ↵Tomas Babej2015-10-121-2/+5
| | | | | | | | record https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* realmdomains: Issue a warning when automated management of realmdomains failedTomas Babej2015-10-122-5/+54
| | | | | | https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* realmdomains: Add validation that realmdomain being added is indeed from our ↵Tomas Babej2015-10-121-24/+76
| | | | | | | | realm https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* realmdomains: Minor style and wording improvementsTomas Babej2015-10-121-15/+60
| | | | | | https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* util: Add detect_dns_zone_realm_type helperTomas Babej2015-10-121-0/+55
| | | | | | https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
* vault: select a server with KRA for vault operationsJan Cholasta2015-10-081-3/+0
| | | | | | | | This uses the same mechanism which is used for the CA. https://fedorahosted.org/freeipa/ticket/5302 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove uses of the `types` modulePetr Viktorin2015-10-076-17/+12
| | | | | | | | | | | In Python 3, the types module no longer provide alternate names for built-in types, e.g. `types.StringType` can just be spelled `str`. NoneType is also removed; it needs to be replaced with type(None) Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.configparser instead of ConfigParserPetr Viktorin2015-10-071-1/+1
| | | | | | | | The module name was lowercased in Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.xmlrpc.client instead of xmlrpclibPetr Viktorin2015-10-072-23/+31
| | | | | | | | The module is renamed to xmlrpc.client in Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.moves.urllib instead of urllib/urllib2/urlparsePetr Viktorin2015-10-074-23/+25
| | | | | | | | In Python 3, these modules are reorganized. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* rpc: Don't use undocumented urllib functionsPetr Viktorin2015-10-071-3/+4
| | | | | | | | | | | | The "splittype" and "splithost" functions in urllib.parse are undocumented and reserved for internal use, see http://bugs.python.org/issue11009 Use urlsplit instead. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Replace StandardError with ExceptionRobert Kuska2015-09-308-17/+17
| | | | | | | | StandardError was removed in Python3 and instead Exception should be used. Signed-off-by: Robert Kuska <rkuska@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Rewrap errors in get_principal to CCacheErrorMichael Simacek2015-09-222-6/+14
| | | | | | | | | Causes nicer error message when kerberos credentials are not available. https://fedorahosted.org/freeipa/ticket/5272 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Standardize minvalue for ipasearchrecordlimit and ipasesarchsizelimit for ↵Gabe2015-09-222-10/+15
| | | | | | | | unlimited minvalue https://fedorahosted.org/freeipa/ticket/4023 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* vault: add permissions and administrator privilegeJan Cholasta2015-09-171-0/+98
| | | | | | https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: set owner to current user on container creationJan Cholasta2015-09-171-20/+1
| | | | | | | | This reverts commit 419754b1c11139435ae5b5082a51026da0d5e730. https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: add vault container commandsPetr Vobornik2015-09-171-21/+222
| | | | | | | | | | | | | | | | adds commands: * vaultcontainer-show [--service <service>|--user <user>|--shared ] * vaultcontainer-del [--service <service>|--user <user>|--shared ] * vaultcontainer-add-owner [--service <service>|--user <user>|--shared ] [--users <users>] [--groups <groups>] [--services <services>] * vaultcontainer-remove-owner [--service <service>|--user <user>|--shared ] [--users <users>] [--groups <groups>] [--services <services>] https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* baseldap: make subtree deletion optional in LDAPDeleteJan Cholasta2015-09-171-0/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Use bytes instead of str where appropriateJan Cholasta2015-09-174-11/+11
| | | | | | Under Python 2, "str" and "bytes" are synonyms. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Alias "unicode" to "str" under Python 3Jan Cholasta2015-09-1740-0/+165
| | | | | | | | | The six way of doing this is to replace all occurences of "unicode" with "six.text_type". However, "unicode" is non-ambiguous and (arguably) easier to read. Also, using it makes the patches smaller, which should help with backporting. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* config: allow user/host attributes with tagging optionsJan Cholasta2015-09-161-0/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/5295 Reviewed-By: David Kupka <dkupka@redhat.com>
* Use six.python_2_unicode_compatibleJan Cholasta2015-09-071-5/+10
| | | | | | | | | | | Rename __unicode__ to __str__ in classes which define it and use the six.python_2_unicode_compatible decorator on them to make them compatible with both Python 2 and 3. Additional changes were required for the ipapython.dnsutil.DNSName class, because it defined both __str__ and __unicode__. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* certprofile: remove 'rename' optionFraser Tweedale2015-09-021-2/+1
| | | | | | | | | The initial fix of ticket 5247 rejected renames, but left the option behind for API compatibility. Remove the option now, according to the consensus that because it never worked, it is fine to remove it. Fixes: https://fedorahosted.org/freeipa/ticket/5247 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* DNSSEC: remove "DNSSEC is experimental" warningsMartin Basti2015-09-021-18/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/5265 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Modernize use of range()Petr Viktorin2015-09-016-21/+19
| | | | | | | | | | | | In Python 3, range() behaves like the old xrange(). The difference between range() and xrange() is usually not significant, especially if the whole result is iterated over. Convert xrange() usage to range() for small ranges. Use modern idioms in a few other uses of range(). Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use new-style raise syntaxPetr Viktorin2015-09-011-11/+11
| | | | | | | | | The form`raise Error, value` is deprecated in favor of `raise Error(value)`, and will be removed in Python 3. Use the new syntax. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use the print functionPetr Viktorin2015-09-018-28/+40
| | | | | | | | | In Python 3, `print` is no longer a statement. Call it as a function everywhere, and include the future import to remove the statement in Python 2 code as well. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use next() function on iteratorsPetr Viktorin2015-09-011-5/+5
| | | | | | | In Python 3, next() for iterators is a function rather than method. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Replace uses of map()Petr Viktorin2015-09-0113-26/+29
| | | | | | | | | | In Python 2, map() returns a list; in Python 3 it returns an iterator. Replace all uses by list comprehensions, generators, or for loops, as required. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.integer_types instead of (long, int)Petr Viktorin2015-09-013-11/+11
| | | | | Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.moves.input instead of raw_inputPetr Viktorin2015-09-011-1/+2
| | | | | | | | In Python 3, raw_input() was renamed to input(). Import the function from six.moves to get the right version. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Replace filter() calls with list comprehensionsPetr Viktorin2015-09-012-5/+4
| | | | | | | | In Python 3, filter() returns an iterator. Use list comprehensions instead. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use Python3-compatible dict method namesPetr Viktorin2015-09-0118-62/+62
| | | | | | | | | | | | | | | | | | | | | | Python 2 has keys()/values()/items(), which return lists, iterkeys()/itervalues()/iteritems(), which return iterators, and viewkeys()/viewvalues()/viewitems() which return views. Python 3 has only keys()/values()/items(), which return views. To get iterators, one can use iter() or a for loop/comprehension; for lists there's the list() constructor. When iterating through the entire dict, without modifying the dict, the difference between Python 2's items() and iteritems() is negligible, especially on small dicts (the main overhead is extra memory, not CPU time). In the interest of simpler code, this patch changes many instances of iteritems() to items(), iterkeys() to keys() etc. In other cases, helpers like six.itervalues are used. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.string_types instead of "basestring"Petr Viktorin2015-09-0113-30/+56
| | | | | Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* vault: Limit size of data stored in vaultDavid Kupka2015-08-261-1/+20
| | | | | | https://fedorahosted.org/freeipa/ticket/5231 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* certprofile: prevent rename (modrdn)Fraser Tweedale2015-08-261-2/+3
| | | | | Fixes: https://fedorahosted.org/freeipa/ticket/5247 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* fix missing information in object metadataPetr Vobornik2015-08-261-3/+14
| | | | | | | | | | | Missing 'required' values in takes_params causes Web UI to treat required fields as optional. Regression caused by ba0a1c6b33e2519a48754602413c8379fb1f0ff1 https://fedorahosted.org/freeipa/ticket/5258 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix: Remove leftover krbV referenceMartin Basti2015-08-261-1/+1
| | | | Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* vault: change default vault type to symmetricPetr Vobornik2015-08-261-3/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/5251 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Port from python-krbV to python-gssapiMichael Simacek2015-08-266-415/+77
| | | | | | | | | | | | | | | | | | python-krbV library is deprecated and doesn't work with python 3. Replacing all it's usages with python-gssapi. - Removed Backend.krb and KRB5_CCache classes They were wrappers around krbV classes that cannot really work without them - Added few utility functions for querying GSSAPI credentials in krb_utils module. They provide replacements for KRB5_CCache. - Merged two kinit_keytab functions - Changed ldap plugin connection defaults to match ipaldap - Unified getting default realm Using api.env.realm instead of krbV call Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Added support for changing vault encryption.Endi S. Dewata2015-08-251-12/+221
| | | | | | | | | | | | The vault-mod command has been modified to support changing vault encryption attributes (i.e. type, password, public/private keys) in addition to normal attributes (i.e. description). Changing the encryption requires retrieving the stored secret with the old attributes and rearchiving it with the new attributes. https://fedorahosted.org/freeipa/ticket/5176 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSSEC: fix forward zone forwarders checksMartin Basti2015-08-251-6/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/5179 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* improve the usability of `ipa user-del --preserve` commandMartin Babinsky2015-08-251-57/+66
| | | | | | | | | | | | | | | `ipa user-del` with `--preserve` option will now process multiple entries and handle `--continue` option in a manner analogous to `ipa user-del` in normal mode. In addition, it is now no longer possible to permanently delete a user by accidentally running `ipa user-del --preserve` twice. https://fedorahosted.org/freeipa/ticket/5234 https://fedorahosted.org/freeipa/ticket/5236 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Change internal rsa_(public|private)_key variable namesChristian Heimes2015-08-241-4/+4
| | | | | | | | | | In two places the vault plugin refers to rsa public or rsa private key although the code can handle just any kind of asymmetric algorithms, e.g. ECDSA. The patch just renames the occurences to avoid more confusion in the future. Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* trusts: format Kerberos principal properly when fetching trust topologyAlexander Bokovoy2015-08-241-1/+6
| | | | | | | | | | | | | | | | | | For bidirectional trust if we have AD administrator credentials, we should be using them with Kerberos authentication. If we don't have AD administrator credentials, we should be using HTTP/ipa.master@IPA.REALM credentials. This means we should ask formatting 'creds' object in Kerberos style. For one-way trust we'll be fetching trust topology as TDO object, authenticating with pre-created Kerberos credentials cache, so in all cases we do use Kerberos authentication to talk to Active Directory domain controllers over cross-forest trust link. Part of trust refactoring series. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1250190 Fixes: https://fedorahosted.org/freeipa/ticket/5182 Reviewed-By: Tomas Babej <tbabej@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-01 10:39:36 +0000