Pylint 2.9 introduced new check:
> New checker consider-using-dict-items. Emitted when iterating over
dictionary keys and then indexing the same dictionary with the key
within loop body.
Fixes: https://pagure.io/freeipa/issue/9117
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Related: https://pagure.io/freeipa/issue/8605
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
If nsds5replicalastupdateend is not yet present,
ipa-replica-manage will backtrace as it tries to retrieve that
attribute unconditionally.
Gracefully handle that situation.
Fixes: https://pagure.io/freeipa/issue/8605
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
If nsds5replicalastinitstatus is none, the status is not displayed.
Always displaying the last init status is more useful to the end-user.
Related: https://pagure.io/freeipa/issue/8605
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
FreeIPA's Python and C code used different approaches to get the FQDN of
the host. Some places assumed that gethostname() returns a FQDN. Other
code paths used glibc's resolver to resolve the current node name to a
FQDN.
Python code now uses the ipalib.constants.FQDN where a fully qualified
domain name is expected. The variable is initialized only once and avoids
potential DNS lookups.
C code uses a new helper function ipa_gethostfqdn() in util package. The
function implements similar logic as gethostfqdn() except it uses more
modern getaddrinfo(). The result is cached as well.
Fixes: https://pagure.io/freeipa/issue/8501
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
If ipa-replica-manage is unable to retrieve e.g. due to certificate
validity problem. An UnboundLocalError is thrown for `type1`. This fixes
the issue with a clean exit.
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Replace the @PYTHONSHEBANG@ substitution with a valid #!/usr/bin/python3
shebang. This turns Python .in files into valid Python files. The files
can now be checked with pylint and IDEs recognize the files as Python
files.
The shebang is still replaced with "#!$(PYTHON) -E" to support
platform-python.
Related: https://pagure.io/freeipa/issue/7984
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
we remove the "last init status" section in the output of
ipa-replica-manage to avoid confusion and show epoch date
when status is None
Fixes: https://pagure.io/freeipa/issue/7716
Signed-off-by: German Parente <gparente@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
ipa-replica-manage force-sync --from <server> is performing a wrong check
that may result in the tool looping on "No status yet".
force-sync is adding a nsds5replicaupdateschedule attribute to the
replication agreement in order to force replication to wake up. Note that
this is not a re-initialization (re init drops the current db and reloads
the entire db).
In a second step, force-sync is checking the replication agreement by reading
nsds5BeginReplicaRefresh, nsds5ReplicaLastInitStatus,
nsds5ReplicaLastInitStart and nsds5ReplicaLastInitEnd. This is a wrong
test as force-sync is not an init operation and does not touch these
attributes.
The tool should call wait_for_repl_update rather than wait_for_repl_init.
This way, the check is done on the replication agreement attributes
nsds5replicaUpdateInProgress, nsds5ReplicaLastUpdateStatus,
nsds5ReplicaLastUpdateStart and nsds5ReplicaLastUpdateEnd.
Fixes: https://pagure.io/freeipa/issue/7886
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Add LDAPClient.from_realm(), LDAPClient.from_hostname_secure(), and
LDAPClient.from_hostname_plain() constructors.
The simple_bind() method now also refuses to transmit a password over a
plain, unencrypted line.
LDAPClient.from_hostname_secure() uses start_tls and FreeIPA's CA cert
by default. The constructor also automatically disables start_tls for
ldaps and ldapi connections.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
The CLI script files have additional pylint issues that were not noticed
before. The violations include using dict.keys() without directly
iterating of the result, inconsistent return statements and set([])
instead of set literals.
* dict-keys-not-iterating
* inconsistent-return-statements
* onsider-using-set-comprehensio
See: https://pagure.io/freeipa/issue/7772
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
Replace six.moves and six.StringIO/BytesIO imports with cannonical
Python 3 packages.
Note: six.moves.input behaves differently than builtin input function.
Therefore I left six.moves.input for now.
See: https://pagure.io/freeipa/issue/7715
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
All Python scripts are now generated from a template with a dynamic
shebang.
ipatests/i18n.py is no longer an executable script with shebang. The
module is not executed as script directly, but rather as
$(PYTHON) ipatests/i18n.py
Fixes: https://pagure.io/freeipa/issue/7680
All Python scripts are now template files with a dynamic shebang line.
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
