Commit Graph

49 Commits

Author SHA1 Message Date
Michael Simacek
aad73fad60 Port from python-krbV to python-gssapi
python-krbV library is deprecated and doesn't work with python 3. Replacing all
it's usages with python-gssapi.

- Removed Backend.krb and KRB5_CCache classes
  They were wrappers around krbV classes that cannot really work without them
- Added few utility functions for querying GSSAPI credentials
  in krb_utils module. They provide replacements for KRB5_CCache.
- Merged two kinit_keytab functions
- Changed ldap plugin connection defaults to match ipaldap
- Unified getting default realm
  Using api.env.realm instead of krbV call

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
2015-08-26 09:41:36 +02:00
Petr Viktorin
5435a8a32a Use absolute imports
In Python 3, implicit relative imports will not be supported.
Use fully-qualified imports everywhere.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-08-12 18:17:23 +02:00
Petr Viktorin
b8c46f2a32 Modernize number literals
Use Python-3 compatible syntax, without breaking compatibility with py 2.7

- Octals literals start with 0o to prevent confusion
- The "L" at the end of large int literals is not required as they use
  long on Python 2 automatically.
- Using 'int' instead of 'long' for small numbers is OK in all cases except
  strict type checking checking, e.g. type(0).

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-07-31 15:22:19 +02:00
Jan Cholasta
e39fe4ed31 plugable: Pass API to plugins on initialization rather than using set_api
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Martin Basti
f8c8c360f1 DNSSEC: validate forward zone forwarders
Show warning messages if DNSSEC validation is failing for particular FW
zone or if the specified forwarders do not work

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2015-06-11 13:12:31 +02:00
Martin Basti
9aa6124b39 DNSSEC: Improve global forwarders validation
Validation now provides more detailed information and less false
positives failures.

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2015-06-11 13:12:31 +02:00
Ales 'alich' Marecek
ca96ecbf40 Ipatests DNS SOA Record Maintenance
https://fedorahosted.org/freeipa/ticket/4746

Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-04-02 08:56:32 +00:00
Martin Basti
9af8fa9dd5 DNS tests: warning if forward zone is inactive
Ticket: https://fedorahosted.org/freeipa/ticket/4721
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2015-01-15 13:21:47 +01:00
Martin Basti
92feba2223 New test cases for Forward_zones
https://fedorahosted.org/freeipa/ticket/4750

Reviewed-By: Martin Kosek <mkosek@redhat.com>
2015-01-13 14:34:47 +01:00
Martin Basti
6a0934f584 DNS tests: separate current forward zone tests
Ticket: https://fedorahosted.org/freeipa/ticket/4750
Reviewed-By: Martin Kosek <mkosek@redhat.com>
2015-01-13 14:34:47 +01:00
Petr Viktorin
375e9f7c4b tests: Use PEP8-compliant setup/teardown method names
The setUp/dearDown names are used in the unittest module, but there is no reason
to use them in non-`unittest` test cases.
Nose supports both styles (but mixing them can cause trouble when
calling super()'s methods).
Pytest only supports the new ones.

https://fedorahosted.org/freeipa/ticket/4610

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-11-21 12:14:44 +01:00
Martin Basti
310e46452c Fix warning message should not contain CLI commands
Message is now universal for both CLI and WebUI

Ticket: https://fedorahosted.org/freeipa/ticket/4647
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2014-11-19 15:20:55 +01:00
Martin Basti
5e1172f560 fix forwarder validation errors
Fix tests, validation in dnsconfig mod, wuser warning

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2014-10-21 15:55:09 +02:00
Martin Basti
41015e6c9c DNS missing tests
* try to remove non-existent permission
* try to remove idnssoamname using dnszone-mod --name-server=

Reviewed-By: David Kupka <dkupka@redhat.com>
2014-10-09 10:02:22 +02:00
Martin Basti
bc2eaa1456 DNS tests: tests update to due to change in options
Affected options --name-server, --ip-address

Part of ticket: https://fedorahosted.org/freeipa/ticket/4149

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2014-09-25 16:38:02 +02:00
Martin Basti
94743a3f26 DNS test: allow '.' as zone name
https://fedorahosted.org/freeipa/ticket/4149

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2014-09-25 16:38:02 +02:00
Martin Basti
028b3d1009 Tests: DNS wildcard records
Ticket: https://fedorahosted.org/freeipa/ticket/4488
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2014-09-05 12:29:29 +02:00
Martin Basti
7e76bba512 Fix DNS record rename test
bind-dyndb-ldap's bug caused test failure
https://fedorahosted.org/bind-dyndb-ldap/ticket/123

Owners with NS record works with the bug

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-09-05 12:11:39 +02:00
Martin Basti
2b3be21b25 Test: DNS NS validation
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-09-05 12:11:39 +02:00
Martin Basti
155126b524 Tests: DNS dsrecord validation
Part of: https://fedorahosted.org/freeipa/ticket/3801

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-09-05 12:11:39 +02:00
Martin Basti
62a2559493 Fix dnsrecord-mod raise error if last record attr is removed
Removing last record attribute causes output type validation error

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2014-09-05 10:34:11 +02:00
Martin Basti
80cb95da36 Test DNS: add zone with consecutive dash characters
Test for ticket: https://fedorahosted.org/freeipa/ticket/4268

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-07-04 18:45:01 +02:00
Martin Basti
2203abfca8 Test DNS: TLSA record
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-07-04 18:45:01 +02:00
Martin Basti
c48cee99a2 Test DNS: test zone normalization
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-07-04 18:45:00 +02:00
Martin Basti
2637116eab Allow to add managed permission for reverse zones
Ticket: https://fedorahosted.org/freeipa/ticket/4422
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2014-07-04 16:10:33 +02:00
Martin Basti
01b95805ab NSEC3PARAM tests
Ticket: https://fedorahosted.org/freeipa/ticket/4413
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2014-07-02 14:54:42 +02:00
Martin Basti
ff7b44e3b0 Remove NSEC3PARAM record
Revert 5b95be802c

Ticket: https://fedorahosted.org/freeipa/ticket/4413
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2014-07-02 14:54:41 +02:00
Martin Basti
152c8f210b Check normalization only for IDNA domains
Backward compability with older IPA versions which allow to use uppper
case. Only IDNA domains will be checked.

https://fedorahosted.org/freeipa/ticket/4382

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2014-07-01 09:58:42 +02:00
Martin Basti
ee6e634c28 DNSSEC: Test: DLV record
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2014-06-20 16:46:03 +02:00
Martin Basti
4c88fdd904 Tests: tests for NSEC3PARAM records
Ticket: https://fedorahosted.org/freeipa/ticket/4328
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2014-06-20 15:41:40 +02:00
Martin Basti
cbc64454b0 Tests: remove unused records from tests
Ticket: https://fedorahosted.org/freeipa/ticket/4328
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2014-06-20 15:41:40 +02:00
Martin Basti
11c250a612 Tests DNS: forward zones
design: http://www.freeipa.org/page/V4/Forward_zones

Ticket: https://fedorahosted.org/freeipa/ticket/3210
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2014-06-20 13:14:45 +02:00
Martin Basti
c123d95084 Test DNS: dnsrecord-* zone.test. zone.test. should work
Old ipa versions allows only "dnsrecord-* zone.test. @"

This issue was fixed in ticket:
https://fedorahosted.org/freeipa/ticket/3169

Ticket: https://fedorahosted.org/freeipa/ticket/4232
Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-06-03 16:43:09 +02:00
Martin Basti
67565d38af Test DNS: wildcard in RR owner
Only test, issue was fixed in
https://fedorahosted.org/freeipa/ticket/3169

Ticket: https://fedorahosted.org/freeipa/ticket/3148
Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-06-03 16:43:09 +02:00
Martin Basti
7860c63fb1 DNS new tests
Added new internationalized DNS tests

Part of ticket:
IPA should allow internationalized domain names
https://fedorahosted.org/freeipa/ticket/3169

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2014-06-03 15:55:32 +02:00
Martin Basti
ef71d88bdf DNS modified tests
* working with absolute zone names
* working with DNSName as returned value

Part of ticket:
IPA should allow internationalized domain names
https://fedorahosted.org/freeipa/ticket/3169

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2014-06-03 15:55:32 +02:00
Jan Cholasta
4314d02fbf Allow primary keys to use different type than unicode.
Also return list of primary keys instead of a single unicode CSV value from
LDAPDelete-based commands.

This introduces a new capability 'primary_key_types' for backward
compatibility with old clients.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2014-04-18 14:59:20 +02:00
Petr Spacek
7e9838042d Modify DNS tests with LOC records to workaround bug in python-dns.
Older versions of dnspython have problems with implicit values for
size and h/v precision so our tests use explicit value.
See https://github.com/rthalley/dnspython/issues/47

This change is necessary because we want to test if data visible
over DNS protocol matches data visible over LDAP.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-02-18 15:51:11 +01:00
Petr Spacek
d6c5c6d8dc tests: Move zone enable/disable tests to end of test_dns_plugin.py
This prevents the test suite from hitting limitations
in bind-dyndb-ldap 4.0.
For details see https://fedorahosted.org/bind-dyndb-ldap/ticket/127

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-02-14 16:05:42 +01:00
Martin Basti
5d65856588 DNS tests for classless reverse domains
Ticket: https://fedorahosted.org/freeipa/ticket/4143
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2014-02-11 17:21:11 +01:00
Petr Spacek
df3fa943ab Use reserved domain names for tests
https://fedorahosted.org/freeipa/ticket/4139
2014-01-30 13:46:11 +01:00
Petr Spacek
558be8e102 Rename variables in test xmlrpc/dns_plugin
https://fedorahosted.org/freeipa/ticket/4139
2014-01-30 13:37:38 +01:00
Petr Spacek
3aa9a8b9be Use private IPv4 addresses for tests
https://fedorahosted.org/freeipa/ticket/4139
2014-01-30 13:32:58 +01:00
Petr Viktorin
d38748d64f Make sure SYSTEM permissions can be retreived with --all --raw
Part of the work for: https://fedorahosted.org/freeipa/ticket/4034
2013-12-13 15:08:52 +01:00
Petr Viktorin
d7ee87cfa1 Rewrite the Permission plugin
Ticket: https://fedorahosted.org/freeipa/ticket/3566
Design: http://www.freeipa.org/page/V3/Permissions_V2
2013-12-13 15:08:52 +01:00
Petr Viktorin
1e836d2d0c Switch client to JSON-RPC
Modify ipalib.rpc to support JSON-RPC in addition to XML-RPC.
This is done by subclassing and extending xmlrpclib, because
our existing code relies on xmlrpclib internals.

The URI to use is given in the new jsonrpc_uri env variable. When
it is not given, it is generated from xmlrpc_uri by replacing
/xml with /json.

The rpc_json_uri env variable existed before, but was unused,
undocumented and not set the install scripts.
This patch removes it in favor of jsonrpc_uri (for consistency
with xmlrpc_uri).

Add the rpc_protocol env variable to control the protocol
IPA uses. rpc_protocol defaults to 'jsonrpc', but may be changed
to 'xmlrpc'.
Make backend.Executioner and tests use the backend specified by
rpc_protocol.

For compatibility with unwrap_xml, decoding JSON now gives tuples
instead of lists.

Design: http://freeipa.org/page/V3/JSON-RPC
Ticket: https://fedorahosted.org/freeipa/ticket/3299
2013-11-26 16:59:59 +01:00
Martin Kosek
b9ec4d1a67 Prevent *.pyo and *.pyc multilib problems
Differences in the python byte code fails in a build validation
(rpmdiff) done on difference architecture of the same package.

This patch:
 1) Ensures that timestamps of generated *.pyo and *.pyc files match
 2) Python integer literals greater or equal 2^32 and lower than 2^64
    are converted to long right away to prevent different type of
    the integer on architectures with different size of int

https://fedorahosted.org/freeipa/ticket/3858
2013-08-13 15:31:46 +02:00
Tomas Babej
69394bab5a Remove support for IPA deployments with no persistent search
Drops the code from ipa-server-install, ipa-dns-install and the
BindInstance itself. Also changed ipa-upgradeconfig script so
that it does not set zone_refresh to 0 on upgrades, as the option
is deprecated.

https://fedorahosted.org/freeipa/ticket/3632
2013-08-09 12:14:42 +02:00
Petr Viktorin
c60142efda Make an ipa-tests package
Rename the 'tests' directory to 'ipa-tests', and create an ipa-tests RPM
containing the test suite

Part of the work for: https://fedorahosted.org/freeipa/ticket/3654
2013-06-17 19:22:50 +02:00