The vault plugin has been modified to support symmetric and asymmetric
vaults to provide additional security over the standard vault by
encrypting the data before it's sent to the server. The encryption
functionality is implemented using the python-cryptography library.
https://fedorahosted.org/freeipa/ticket/3872
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
With added support for multiple certificates for hosts, services, and even
users, IPA testing framework will need a more flexible way to generate
temporary testing certificates for these entities. This patch modifies the
currently used `testcert` module to support these requirements.
Related to work on http://www.freeipa.org/page/V4/User_Certificates
Reviewed-By: Milan Kubík <mkubik@redhat.com>
Implements a base class to help test LDAP based plugins.
The class has been decoupled from the original host plugin test
and moved to separate module ipatests.test_xmlrpc.ldaptracker.
https://fedorahosted.org/freeipa/ticket/5032
Reviewed-By: David Kupka <dkupka@redhat.com>
Add regression test to check whether a post detach group has a full set of objectclass.
Add regression test to check whether group-add-member is successfull for a post detach group.
https://fedorahosted.org/freeipa/ticket/4909
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Make all DNs, RDNs and AVAs immutable.
Immutability makes reasoning about DN-handling code easier,
as value objects can't be changed once created.
Instead of mutable DNs, one can use a list (or even a generator)
of RDNs that's converted to a DN on output.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
The patch fixes bug in the construction of ipa-replica-install arguments in
test_integration/tasks.install_replica. Due to this bug the replica
installation during certain integration tests involved CA setup even when
setup_ca was set to False.
Reviewed-By: Milan Kubik <mkubik@redhat.com>
Replace setUp()/tearDown() methods with a pytest.fixture for proper client
setup/teardown during test_forced_client_reenrollment
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
DN code was optimized to be faster if DNs are created from string. This is
the major use case, since most DNs come from LDAP.
With this patch, DN creation is almost 8-10x faster (with 30K-100K DNs).
Second mojor use case - deepcopy in LDAPEntry is about 20x faster - done by
custom __deepcopy__ function.
The major change is that DN is no longer internally composed of RDNs and
AVAs but it rather keeps the data in open ldap format - the same as output
of str2dn function. Therefore, for immutable DNs, no other transformations
are required on instantiation.
The format is:
DN: [RDN, RDN,...]
RDN: [AVA, AVA,...]
AVA: ['utf-8 encoded str - attr', 'utf-8 encode str -value', FLAG]
FLAG: int
Further indexing of DN object constructs an RDN which is just an encapsulation
of the RDN part of open ldap representation. Indexing of RDN constructs AVA in
the same fashion.
Obtained EditableAVA, EditableRDN from EditableDN shares the respected lists
of the open ldap repr. so that the change of value or attr is reflected in
parent object.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Tests:
* install master, replica, then instal DNSSEC on master
* test if zone is signed (added on master)
* test if zone is signed (added on replica)
* install master with DNSSEC, then install replica
* test if root zone is signed
* add zone, verify signatures using our root zone
https://fedorahosted.org/freeipa/ticket/4657
Reviewed-By: Milan Kubik <mkubik@redhat.com>
Merged the Registrar class into the Registry class. Plugins are now
registered globally instead of in ipalib.api and are instantiated per-API
instance. Different set of plugin base classes can be used in each API
instance.
https://fedorahosted.org/freeipa/ticket/3090
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Adds xmlrpc tests for:
- Adding a user ID override with sshpubkey
- Modifying a user ID override to contain sshpubkey
- Removing a sshpubkey value from a user ID override
https://fedorahosted.org/freeipa/ticket/4868
Reviewed-By: Martin Kosek <mkosek@redhat.com>
This adds a test case which makes sure that referential integrity
plugin does not leave any trailing references for ipaAssignedIDView
attribute on hosts, if the ID view being referenced has been deleted.
https://fedorahosted.org/freeipa/ticket/4839
Reviewed-By: David Kupka <dkupka@redhat.com>
The racker object "remembers" expected state across several tests,
so only changes (rather than all expected state) need to be specified
in each test. Also, the tracker fixture will make it easy to use hosts
in other test modules.
This change makes the tests independent; any permutation of any subset
of these tests should now pass.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
This has several advantages:
- Tests other than run-command/check-response can be added easily
- Tracebacks are meaningful (which means we'll be able to remove a lot of
test name/description/location tracking code)
- Individual tests can be selected/deselected using normal pytest mechanisms
(but for isolated tests, more changes will be needed)
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Drop support for pylint < 1.0
Enable ignoring unknown attributes on modules (both nose and pytest
use advanced techniques, support for which only made it to pylint
recently)
Fix some bugs revealed by pylint
Do minor refactoring or add pylint:disable directives where the
linter complains.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
The plugin to run tests within a class in the order they're defined
in the source was split into a separate project.
Use this project instead of a FreeIPA-specific copy.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
The plugin for BeakerLib integration was split into a separate project.
If BeakerLib integration is desired, python-pytest-beakerlib shoule be
installed separately.
The IPA-specific beakerlib integration only sets up logging to BeakerLib,
if the plugin is active.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
