Add general class for multivalued widget which uses special commands which
are performed immediately.
Part of: https://fedorahosted.org/freeipa/ticket/5108
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
All certificates which are not issued by IPA CA are grey and not clickable. That's
because these certificates are not maintained by IPA CA.
Part of: https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Method calling in actions is moved to another function - these calls may be used
by another functions, not only by actions.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Removed old layout created using html tables. Now table layout is made by div
and modern css styling.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Object adapter changes data to more useful format. Single value is reachable
as single value, property with more values is transformed to array.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
By specifying correct attribute when creating command it turn off showing activity icon
when webui waits for response from the server.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
This widget can be used as notification that some other widget is working.
It shows spinner and cover the other widget by specified color.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Adds methods which are able to enable and disable options according to the name of option
and methods which set or get whole item list.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Every single widget which is in multivalued widget can now have custom action menu
and the delete button is included in this custom action menu.
Part of this ticket:
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Previously we were checking content of DNS before actually adding DNS
records for replicas. This is causing cycle in logic and adds weird
corner cases to the installer which can blow up on DNS timeout or so.
The check was completely unnecessary because the installer knows IP
addresses and name of the machine. Removal of the check makes
the installer more reliable.
https://fedorahosted.org/freeipa/ticket/5962
Reviewed-By: Martin Basti <mbasti@redhat.com>
This fixes scenarios where IPA server is not able to resolve own name
and option --ip-address was not specified by the user.
This partially reverts changes from commit
dc405005f5https://fedorahosted.org/freeipa/ticket/5962
Reviewed-By: Martin Basti <mbasti@redhat.com>
The LDAP*ReverseMember methods would always return the whole LDAP
object even though --all is not specified.
Also had to fix some tests as objectClass will not be returned by
default now.
https://fedorahosted.org/freeipa/ticket/5892
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
The 'issuer' option of cert-find was recently changed from Str to
DNParam, however, 'ra.find' expects a string and throws when it
receives a DN.
When constructing the dict that gets passed to 'ra.find', turn
DNParams into strings.
Part of: https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Enhance the ipa-certupdate program to add Certmonger tracking
requests for lightweight CA certificates.
Also update the dogtag-ipa-ca-renew-agent-submit to not store or
retrieve lightweight CA certificates, becaues Dogtag clones observe
renewals and update their NSSDBs on their own, and allow the helper
to request non-self-signed certificates.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
For CA replicas to pick up renewed lightweight CA signing
certificates, the authoritySerial attribute can be updated with the
new serial number.
Update the renew_ca_cert script, which is executed by Certmonger
after writing a renewed CA certificate to the NSSDB, to update the
authoritySerial attribute if the certificate belongs to a
lightweight CA.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
After CA certificate renewal, the ``renew_ca_cert`` helper updates
certificate data in CS.cfg. An unrecognised nickname will raise
``KeyError``. To allow the helper to be used for arbitrary
certificates (e.g. lightweight CAs), do not fail if the nickname is
unrecognised - just skip the update.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
The LDAP filter utilities do not use any instance attributes, so
collectively turn them into class methods to promote reuse.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Dogtag has been updated to support a default OCSP URI when the
profile includes AuthInfoAccess with URI method but does not specify
the URI (instead of constructing one based on Dogtag's hostname and
port).
Add the pkispawn config to ensure that the OCSP URI is set before
issuing CA and system certificates, and add the config to existing
CA instances on upgrade.
Fixes: https://fedorahosted.org/freeipa/ticket/5956
Reviewed-By: Martin Basti <mbasti@redhat.com>
We don't need anymore:
* sample of zone file - list of all records required by IPa will be
provided
* NTP related params - DNS records will be updated automatically,
based on LDAP values
* CA related params - DNS records will be updated automatically based
* on LDAP values
https://fedorahosted.org/freeipa/ticket/2008
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Store schema in per user cache. Together with schemas also information
about mapping between server and fingerprint is stored to reduce traffic.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Allow multiple incompatible versions of a plugin using the same name. The
current plugins are assumed to be version '1'.
The unique identifier of plugins was changed from plugin name to plugin
name and version. By default, the highest version available at build time
is used. If the plugin is an unknown remote plugin, version of '1' is used
by default.
https://fedorahosted.org/freeipa/ticket/4427
Reviewed-By: David Kupka <dkupka@redhat.com>
When iterating over APINameSpace objects, use plugin class rather than its
name as the key.
https://fedorahosted.org/freeipa/ticket/4427
Reviewed-By: David Kupka <dkupka@redhat.com>
Move the code that generated result of the `plugins` command from API to
the command itself.
https://fedorahosted.org/freeipa/ticket/4427
Reviewed-By: David Kupka <dkupka@redhat.com>
fixes incorrect assertions in tests that create, retrieve, and search for
services
https://fedorahosted.org/freeipa/ticket/3864
Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
This ensures that the serverroles test works also when run together with other
iaserver test suites.
https://fedorahosted.org/freeipa/ticket/6000
Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
Properly mark `cn` as primary key of `automember` object.
This fixes automember crashing on output validation expecting primary key
value of None.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
Advertise param's default value even when `autofill` is False. When
`autofill` is False, set `alwaysask` to True in the schema, as it is
semantically equivallent and removes redundancy.
This fixes default value disappearing in CLI for some params.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
this is required for replica promotion to work, since the ACI allowing hosts
to add their own services uses this objectclass as target filter.
This partially reverts changes from commit
705f66f749https://fedorahosted.org/freeipa/ticket/5996
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Because separated calls for of server-show, getting server data is quite
slow. This commit replaces several server-show with one server-find
command. There are future plans to improve speed of server-find that
will be beneficial for DNS locations.
https://fedorahosted.org/freeipa/ticket/2008
Reviewed-By: Petr Spacek <pspacek@redhat.com>
