ipsilon.git, branch ticket-8 The Ipsilon project Add expiration to Idp metadata 2015-01-29T15:58:06+00:00 Simo Sorce simo@redhat.com 2015-01-19T22:47:56+00:00 a03df64ecc7f23ca9a78839fbcf243e23c10f840 Also regenerate it frequently, so that any change in configuration can be automatically reflected in the metadata downloaded my clients over time. Signed-off-by: Simo Sorce <simo@redhat.com> 
Also regenerate it frequently, so that any change in configuration can be
automatically reflected in the metadata downloaded my clients over time.

Signed-off-by: Simo Sorce <simo@redhat.com>
Add Metadata Generator helper class 2015-01-29T15:58:06+00:00 Simo Sorce simo@redhat.com 2015-01-19T22:02:41+00:00 963a764f9c310d8cf068dbec7f8dfe8ee666abaa Signed-off-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Simo Sorce <simo@redhat.com>
Add support for expiration in Metadata 2015-01-29T15:58:06+00:00 Simo Sorce simo@redhat.com 2015-01-19T20:15:03+00:00 c9634b76395ec44f36cddc883a523f90d9360971 Signed-off-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Simo Sorce <simo@redhat.com>
Add function to import a cert from a file 2015-01-29T15:54:56+00:00 Simo Sorce simo@redhat.com 2015-01-19T20:14:43+00:00 79c201e2d5f22b36e870d7649ba75b65d0adc061 Signed-off-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Simo Sorce <simo@redhat.com>
Update spec file after Fedora review 2015-01-28T20:55:12+00:00 Patrick Uiterwijk puiterwijk@redhat.com 2015-01-28T19:37:24+00:00 9638603f4ca04e8836164f7aa5255666226df9e3 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Fix request multipart logging when only 1 part is present 2015-01-27T21:40:46+00:00 John Dennis jdennis@redhat.com 2015-01-27T16:53:31+00:00 335ba5558a13ca7214a48a8829e673771f8954df Test to see if the request parameter value is a cherrypy Part class. This was already being done for the case where the value was a list, but it was omitted for single values. Logic was combined into new local function print_param(). Changed the test for the class back to using if isinstance(item, cherrypy._cpreqbody.Part): instead of: if getattr(item, "part_class", None): because using isinstance() clearly indicates what is being done. The use of getattr() was introduced to prevent a pylint warning concering use of protected values. The getattr() hack is confusing and proably not robust if the class implementation changes. The patch now disables this warning. I cannot explain why cherrypy marks these modules as protected when clearly one has to utilize them and they are documented in the cherrypy API doc. Disabling the warning seems the cleanest and most robust approach. Signed-off-by: John Dennis <jdennis@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Test to see if the request parameter value is a cherrypy Part
class. This was already being done for the case where the value was a
list, but it was omitted for single values. Logic was combined into new
local function print_param().

Changed the test for the class back to using

    if isinstance(item, cherrypy._cpreqbody.Part):

instead of:

    if getattr(item, "part_class", None):

because using isinstance() clearly indicates what is being done. The
use of getattr() was introduced to prevent a pylint warning concering
use of protected values. The getattr() hack is confusing and proably
not robust if the class implementation changes. The patch now disables
this warning. I cannot explain why cherrypy marks these modules as
protected when clearly one has to utilize them and they are documented
in the cherrypy API doc. Disabling the warning seems the cleanest and
most robust approach.

Signed-off-by: John Dennis <jdennis@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Fix int/pep8 errors in latest patches 2015-01-26T22:42:48+00:00 Simo Sorce simo@redhat.com 2015-01-26T22:10:20+00:00 034fd7a63e5582e18f1436388a2abc2b23567396 Mea culpa for not checking before pushing Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: John Dennis <jdennis@redhat.com> 
Mea culpa for not checking before pushing

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: John Dennis <jdennis@redhat.com>
Add source code context information to debug logs 2015-01-26T19:01:03+00:00 John Dennis jdennis@redhat.com 2015-01-12T15:47:37+00:00 74194d5d36cfc1be67e92924585731e9b3894605 The log.debug() function helpfully adds the name of the function invoking it but in a complicated software package there are many functions/methods which share the same name. Thus a debug message like this: DEBUG(__init__): xxx does not give you much context, there are probably hundreds of __init__ methods. It would help to qualify the method name which it's class name, that gives a lot more context when reading the log. Sometimes it's also helpful to know the file and line number. This patch adds the class name to the function and included the filename and line number as well. The file path is trimmed to the last 3 components, sufficient to give context but not too verbose. Now the debug message might look like this instead: DEBUG(ipsilon/providers/common.py:129 LoadProviders.__init__()): xxx Also included is a config option 'stacktrace_on_error' which will include a stacktrace when the log.error function is called. It can be very useful to see a stacktrace when logging an error, it defaults to off. Signed-off-by: John Dennis <jdennis@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
The log.debug() function helpfully adds the name of the function
invoking it but in a complicated software package there are many
functions/methods which share the same name. Thus a debug message
like this:

DEBUG(__init__): xxx

does not give you much context, there are probably hundreds of
__init__ methods. It would help to qualify the method name which it's
class name, that gives a lot more context when reading the
log. Sometimes it's also helpful to know the file and line number.

This patch adds the class name to the function and included the
filename and line number as well. The file path is trimmed to the last
3 components, sufficient to give context but not too verbose. Now the
debug message might look like this instead:

DEBUG(ipsilon/providers/common.py:129 LoadProviders.__init__()): xxx

Also included is a config option 'stacktrace_on_error' which will
include a stacktrace when the log.error function is called. It can be
very useful to see a stacktrace when logging an error, it defaults to
off.

Signed-off-by: John Dennis <jdennis@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Add request/response logging via cherrypy tool hooks 2015-01-26T18:34:06+00:00 John Dennis jdennis@redhat.com 2015-01-20T22:13:34+00:00 e85f190d8e081fbbfeadca24781266d1c3e1bba1 The ability to easily review the HTTP Ipsilon request and response is boon for development and issue debugging. Normally these HTTP conversations occur on SSL/TLS encrypted connections making it difficult to use other tools to view the traffic. Client side tools have known pitfalls (e.g. Firebug) and not all conversations are browser initiated (e.g. SAML ECP). Logging performed by the server hosting Ipsilon makes logging at the server level server specific (e.g. Apache's dumpio requires post-processing the log file to extract and reassamble the HTTP conversation). The best place to log requests and responses is within Ipsilon using the cherrypy framework Ipsilon is embedded in. Cherrypy provides user defined hooks that can be invoked at specific places in the request pipeline. We establish a hook at the last stage just before the response is written to the client, it logs the incoming request and outgoing response. Resolves: https://fedorahosted.org/ipsilon/ticket/44 Signed-off-by: John Dennis <jdennis@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
The ability to easily review the HTTP Ipsilon request and response is
boon for development and issue debugging. Normally these HTTP
conversations occur on SSL/TLS encrypted connections making it
difficult to use other tools to view the traffic. Client side tools
have known pitfalls (e.g. Firebug) and not all conversations are
browser initiated (e.g. SAML ECP). Logging performed by the server
hosting Ipsilon makes logging at the server level server specific
(e.g. Apache's dumpio requires post-processing the log file to extract
and reassamble the HTTP conversation). The best place to log requests
and responses is within Ipsilon using the cherrypy framework
Ipsilon is embedded in. Cherrypy provides user defined hooks that can
be invoked at specific places in the request pipeline. We establish a
hook at the last stage just before the response is written to the
client, it logs the incoming request and outgoing response.

Resolves: https://fedorahosted.org/ipsilon/ticket/44

Signed-off-by: John Dennis <jdennis@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Fix a copy-paste error 2015-01-22T14:03:55+00:00 Patrick Uiterwijk puiterwijk@redhat.com 2015-01-22T14:03:55+00:00 9a941b4aa2e39723d93a37fcb31475c6e9038943 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>