Commit Graph

452 Commits

Author SHA1 Message Date
Christian Heimes
235f685247 Wheel bundles fixes
* make wheel_bundle no longer bundles ipaplatform
* ipaclient and ipalib use a consistent extra tag for the install
  subpackage. `pip install ipalib[ipalib.install]` looks a bit silly.

https://fedorahosted.org/freeipa/ticket/6474

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
2016-11-30 16:44:38 +01:00
Christian Heimes
ed9645b2ac Adjustments for setup requirements
* Fix some typos, missing or surplus dependencies.
* Remove setup requirement on wheel since it triggers download.

ipatests is now installable. Tests need further changes to be runable.

https://fedorahosted.org/freeipa/ticket/6468

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-11-30 13:32:30 +01:00
Jan Cholasta
a260fd8058 ipaclient: remove hard dependency on ipaplatform
Hard-code the user cache directory path in ipaclient.remote_plugins.schema.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-29 14:50:51 +01:00
Jan Cholasta
70c3cd7f48 ipaclient: move install modules to the install subpackage
The ipa_certupdate, ipachangeconf, ipadiscovery and ntpconf modules depend
on ipaplatform.

Move them to ipaclient.install as they are used only from the client
installer.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-29 14:50:51 +01:00
Jan Cholasta
d43b57d2ce ipalib: remove hard dependency on ipapython
Hard-code the path to /bin/false in SubprocessError doc string.

Remove ipaplatform dependency from ipalib's setup.py and add it as optional
installer dependency to ipalib's and ipaclient's setup.py.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-29 14:50:51 +01:00
Jan Cholasta
977050c66b constants: remove CACERT
CACERT depends on ipaplatform.

Replace all uses of CACERT with paths.IPA_CA_CRT and remove CACERT.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-29 14:50:51 +01:00
Jan Cholasta
a2c5888973 ipalib: move certstore to the install subpackage
The certstore module depends on ipaplatform.

Move it to ipalib.install, as it is used only from installers.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-29 14:50:51 +01:00
Jan Cholasta
7d5c680ace ipautil: move kinit functions to ipalib.install
kinit_password() depends on ipaplatform.

Move kinit_password() as well as kinit_keytab() to a new
ipalib.install.kinit module, as they are used only from installers.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-29 14:50:51 +01:00
Jan Cholasta
75b70e3f0d ipautil: move is_fips_enabled() to ipaplatform.tasks
The FIPS setting is platform-specific.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-29 14:50:51 +01:00
Jan Cholasta
d911f49348 ipautil: remove the timeout argument of run()
The argument depends on the platform-specific timeout binary and is used
only in ipaclient.ntpconf.

Call the timeout binary explicitly in ipaclient.ntpconf and remove the
argument.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-29 14:50:51 +01:00
Jan Cholasta
fba6c21da3 certdb: move IPA NSS DB install functions to ipaclient.install
The create_ipa_nssdb() and update_ipa_nssdb() depend on ipaplatform.

Move them to ipaclient.install.client as they are used only from the client
installer and ipa-restore.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-29 14:50:51 +01:00
Jan Cholasta
26c46a447f ipapython: move certmonger and sysrestore to ipalib.install
The certmonger and sysrestore modules depend on ipaplatform.

Move them to ipalib.install as they are used only from installers.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-29 14:50:51 +01:00
Jan Cholasta
9117a5d5a6 paths: remove DEV_NULL
The platform-specific path to /dev/null is provided by the Python standard
library in os.devnull.

Replace all uses of paths.DEV_NULL with os.devnull and remove DEV_NULL.

https://fedorahosted.org/freeipa/ticket/6474

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-29 14:50:51 +01:00
Christian Heimes
38e8719f72 Python3 pylint fixes
Sprinkle 'pylint disable' comments over the code base to silence a bunch
of pylint warnings on Python 3. All silenced warnings are harmless and
not bugs.

https://fedorahosted.org/freeipa/ticket/4985

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-11-25 16:18:22 +01:00
Christian Heimes
6409abf1a6 Break ipaplatform / ipalib import cycle of hell
Here is an attempt to break the import cycle of hell between ipaplatform
and ipalib. All services now pass an ipalib.api object to
services.service(). RedHatServices.__init__() still needs to do a local
import because it initializes its wellknown service dict with service
instances.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-11-24 16:30:32 +01:00
Christian Heimes
2cbaf15604 Replace LooseVersion
pylint is having a hard time with distutils.version in tox's virtual
envs. virtualenv uses some tricks to provide a virtual distutils
package, pylint can't cope with.

https://github.com/PyCQA/pylint/issues/73 suggests to use pkg_resources
instead. pkg_resources' version parser has some more benefits, e.g. PEP
440 conformity. But pkg_resources.parse_version() is a heavy weight solution
with reduced functionality, e.g. no access to major version.

For API_VERSION and plugin version we can use a much simpler and faster
approach.

https://fedorahosted.org/freeipa/ticket/6468

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-11-24 15:46:40 +01:00
Christian Heimes
8346e1b067 Add install requirements to Python packages
https://fedorahosted.org/freeipa/ticket/6468

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-11-16 22:58:39 +01:00
Christian Heimes
a22a5dd676 Use api.env.nss_dir instead of paths.IPA_NSSDB_DIR
ipaclient plugins are now using nss_dir from api.env instead of
hard-coded paths.IPA_NSSDB_DIR.

Closes: https://fedorahosted.org/freeipa/ticket/6386
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-11-14 13:57:26 +01:00
Jan Cholasta
09423acb65 install: migrate client install to the new class hierarchy
Migrate ipa-client-install from the custom script to the new installer
class hierarchy classes.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-11-11 12:17:25 +01:00
Jan Cholasta
a8fdb8de82 install: introduce installer class hierarchy
Add class hierarchy which allows inherting knob definitions between the
various client and server install scripts.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-11-11 12:17:25 +01:00
Stanislav Laznicka
b068d3336a Added file permissions option to IPAChangeConf.newConf()
Also added information about why os.chmod is called sometimes
after newConf() calls.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-11-11 12:13:56 +01:00
Stanislav Laznicka
990e1acb1a Fix to ipachangeconf docstrings
https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
847b6eddab client: use correct code for failed uninstall
Hardcoded value 1 means CLIENT_INSTALL_ERROR, but this part belongs to
uninstallation so it should be CLIENT_UNINSTALL_ERROR

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
5249eb817e client: use exceptions instead of return states
Python has builtin exceptions which can be used very well to handling
errors in python instead of returning error states (C style)

Exception will allow better client-server integration in future

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
b3786730e5 client: move install cleanup from ipa-client-install to module
Cleanup should be part of installation function

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
bbad08900b client: move clean CCACHE to module
According 04b8575c52 cleaning CCACHE is
needed after installation. This commit moves this cleanup from
ipa-client-install to client.install() function

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
83fe6b626f client: move custom env variable into client module
There is no need to have env as parameter because this is used only
once, so it can eb safely moved to client.py module

NOTE: PATH should be overwritten to safe values before we execute any
command
https://www.securecoding.cert.org/confluence/display/c/ENV03-C.+Sanitize+the+environment+when+invoking+external+programs

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
fcea3b3fb8 client: extract checks from uninstall to uninstall_check
Checks if uninstallation is possible should be moved to uninstall_check

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
3f690a0a3a client: extract checks from install to install_check
client install contained installation check that have been moved to
install_check function

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
2c226ebc27 client: move checks to client.install_check
Move checks from ipa-client-install to clien.install_check

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
33537f5556 client: make statestore and fstore consistent with server
There should not be mixed statestore as global variable and as local
function parameter. This commit fixes usage of sysrestore and statestore
as local variables only. In future we may need to change default
statestore and fstore depending on where the functions are called and
this change makes it easier and less error prone.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Babinsky
3d5161d7e9 Separate function to purge IPA host principals from keytab
This functionality will be reused in the DL0 host enrollment

https://fedorahosted.org/freeipa/ticket/6434

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-11-11 12:13:56 +01:00
Stanislav Laznicka
bddd4fac46 Replaced EMPTY_LINE constant with a function call
https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-11-11 12:13:56 +01:00
Stanislav Laznicka
cf1c4e84e7 client: Making the configure functions more readable
https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
31a9ef4f8b IPAChangeConf: use constant for empty line
Instead of copy&paste is better to use constant. It makes code shorter
and improves readability, saves resources.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
1c9267803c client: import IPAChangeConf directly instead the module
We should use as specific import as possible, better for python memory
consumption and speed, and looks better in code.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
c30b45ab15 client: remove extra return from hardcode_ldap_server
https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
cc6efb9798 client: install function: return constant not hardcoded number
https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
49f201e2b2 client: remove unneded return from configure_ipa_conf
Function always returns return code 0, and this code is even not used
elsewehere.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
5c16608a0d client: remove unneded return configure_krb5_conf
Function configure_krb5_conf always returns 0 as return state. Remove
the 'return' statement and let exceptions work

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Martin Basti
f98faec478 ipa-client-install: move client install to module
This commit only moves the code from ipa-client-install to module
ipaclient/install/client.py and fixes PEP8.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-11-11 12:13:56 +01:00
Petr Spacek
8de11b091f Build: Makefiles for Python packages
This version builds only one version of Python packages. If you want to
build for Python 2 & 3 call configure twice using different --with-python
or specify PYTHON variable when calling make.

dist-hook is using SOURCES.txt file from egg-info.
According to Petr Viktorin this should be enough for our purposes
and avoids need to create plugins for setuptools.

Currently VPATH builds do not work for various reasons.
This should be fixed later on.

Most credit goes to these guys:
 Christian Heimes <cheimes@redhat.com>
 Petr Viktorin <pviktori@redhat.com>
 Kevin Brown <kevin@kevin-brown.com>

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2016-11-09 13:08:32 +01:00
Tomas Krizek
5b81dbfda1 ipaldap: merge IPAdmin to LDAPClient
* move IPAdmin methods to LDAPClient
* add extra arguments (cacert, sasl_nocanon) to LDAPClient.__init__()
* add host, port, _protocol to LDAPClient (parsed from ldap_uri)
* create get_ldap_uri() method to create ldap_uri from former
    IPAdmin.__init__() arguments
* replace IPAdmin with LDAPClient + get_ldap_uri()
* remove ununsed function argument hostname from
    enable_replication_version_checking()

https://fedorahosted.org/freeipa/ticket/6461

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-11-07 11:34:03 +01:00
Tomas Krizek
4f1a6a1776 ipaldap: merge gssapi_bind to LDAPClient
* Rename do_sasl_gssapi_bind to gssapi_bind

https://fedorahosted.org/freeipa/ticket/6461

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-11-07 11:34:03 +01:00
Tomas Krizek
de58a5c605 ipaldap: merge simple_bind into LDAPClient
* Use LDAPClient.simple_bind instead of extra call to IPAdmin.do_simple_bind
* Rename binddn to bind_dn
* Rename bindpw to bind_password
* Explicitly specify bind_dn in all calls

https://fedorahosted.org/freeipa/ticket/6461

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-11-07 11:34:03 +01:00
Christian Heimes
91920e7cb4 Add __name__ == __main__ guards to setup.pys
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
2016-10-25 18:11:31 +02:00
Jan Cholasta
0d370a959b pylint: enable the import-error check
Check for import errors with pylint to make sure new python package
dependencies are not overlooked.

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-10-24 14:11:08 +02:00
Christian Heimes
4cd83fb51c Port all setup.py to setuptools
All setup.py files are now using setuptools through a common file
ipasetup.py. The file is auto-generated and contain all common
settings.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-10-20 18:43:37 +02:00
Christian Heimes
b9d68b5c35 Move ipa.1 man file
setuptools does not support data_files any more. The ipa(1) man page is
now handled like the remaining man pages.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-10-17 17:21:49 +02:00
Martin Basti
4628522c53 Pylint: fix the rest of unused local variables
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
2016-10-11 16:50:32 +02:00
Martin Basti
d937588146 Pylint: remove unused variables from installers and scripts
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-10-06 10:43:36 +02:00
Martin Basti
45e3aee352 Pylint: enable check for unused-variables
Unused variables may:
* make code less readable
* create dead code
* potentialy hide issues/errors

Enabled check should prevent to leave unused variable in code

Check is locally disabled for modules that fix is not clear or easy or have too many occurences of
unused variables

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-09-27 13:35:58 +02:00
Martin Basti
0f88f8fe88 Remove unused variables in the code
This commit removes unused variables or rename variables as "expected to
be unused" by using "_" prefix.

This covers only cases where fix was easy or only one unused variable
was in a module

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-09-27 13:35:58 +02:00
Tomas Krizek
ef9c718e3a Prompt for forwarder in dnsforwardzone-add
When the command ipa dnsforwardzone-add is invoked without
specifying the forwarder as an argument and the forward
policy is not set to none, prompt for DNS forwarder.

https://fedorahosted.org/freeipa/ticket/6169

Reviewed-By: Petr Spacek <pspacek@redhat.com>
2016-09-26 18:45:49 +02:00
Jan Barta
9bc57a01e1 pylint: fix old-style-class
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2016-09-22 16:52:57 +02:00
Florence Blanc-Renaud
cd75eb3b25 Fix regression introduced in ipa-certupdate
The fix for 6288 was overwritten by commit 08b7683130.

https://fedorahosted.org/freeipa/ticket/6288

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-09-09 16:21:09 +02:00
David Kupka
ec24019174 schema cache: Store and check info for pre-schema servers
Cache CommandError answer to schema command to avoid sending the command
to pre-schema servers every time. This information expires after some
time (1 hour) in order to start using schema as soon as the server is
upgraded.

https://fedorahosted.org/freeipa/ticket/6095

Signed-off-by: Jan Cholasta <jcholast@redhat.com>
Signed-off-by: David Kupka <dkupka@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
2016-09-06 16:25:23 +02:00
Jan Cholasta
38a51fa984 dns: fix crash in interactive mode against old servers
Add a client-side fallback of the dnsrecord_split_parts command for old
servers to avoid CommandError in dnsrecord_add and dnsrecord_mod CLI
interactive mode.

https://fedorahosted.org/freeipa/ticket/6203

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-09-06 12:54:38 +02:00
Jan Cholasta
dce95a1459 dns: prompt for missing record parts in CLI
Fix the code which determines if a record part is required and thus should
be prompted not to wrongfully consider all record parts to be optional.

https://fedorahosted.org/freeipa/ticket/6203

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-09-06 12:54:38 +02:00
Jan Cholasta
afea961631 dns: normalize record type read interactively in dnsrecord_add
When dnsrecord_add is called without options in interactive mode, it
prompts the user to enter a record type. The record type is expected to be
upper case further in the code, which causes non-upper case values not to
work correctly.

Fix this issue by upper casing the value after it is read.

https://fedorahosted.org/freeipa/ticket/6203

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-09-06 12:54:38 +02:00
Fraser Tweedale
08b7683130 Track lightweight CAs on replica installation
Add Certmonger tracking requests for lightweight CAs on replica
installation.  As part of this change, extract most of the
lightweight CA tracking code out of ipa-certupdate and into
cainstance.

Fixes: https://fedorahosted.org/freeipa/ticket/6019
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-09-06 12:11:53 +02:00
Florence Blanc-Renaud
b36ee723b7 Fix ipa-certupdate for CA-less installation
In a CA-less installation, ipa-certupdate fails with the error message:
  $ ipa-certupdate
  trying https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json
  Forwarding 'ca_is_enabled' to json server 'https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json'
  Forwarding 'ca_find/1' to json server 'https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json'
  CA is not configured
  The ipa-certupdate command failed.

The issue happens because ipa-certupdate tries to call ca_find even on a
CA_less deployment. The fix skips the call to ca_find in this case.

https://fedorahosted.org/freeipa/ticket/6288

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
2016-09-06 07:50:55 +02:00
Abhijeet Kasurde
95a594af4c Handled empty hostname in server-del command
Fixes: https://fedorahosted.org/freeipa/ticket/6248

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-08-24 15:50:25 +02:00
Petr Spacek
0f4df2f03d migrate-ds: Mention --enable-migration in error message about migration mode
https://fedorahosted.org/freeipa/ticket/6234

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-22 17:59:38 +02:00
Abhijeet Kasurde
c9419411c9 Corrected minor spell check in AD Trust information doc messages
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2016-08-22 17:15:11 +02:00
David Kupka
b6d5ed139b schema cache: Fallback to 'en_us' when locale is not available
https://fedorahosted.org/freeipa/ticket/6204

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-18 12:12:51 +02:00
David Kupka
6e6cbda036 compat: Fix ping command call
Remove extra argument from client.forward call.

https://fedorahosted.org/freeipa/ticket/6095

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-17 14:16:04 +02:00
David Kupka
4b43558b1c schema check: Check current client language against cached one
https://fedorahosted.org/freeipa/ticket/6204

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-17 14:16:04 +02:00
David Kupka
f2c26119f5 schema cache: Read schema instead of rewriting it when SchemaUpToDate
https://fedorahosted.org/freeipa/ticket/6048

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-17 14:16:04 +02:00
David Kupka
1b79ac67d7 client: Do not create instance just to check isinstance
Checking that classes are idenical gives the same result and
avoids unnecessary instantiation.

https://fedorahosted.org/freeipa/ticket/6048

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-17 14:16:04 +02:00
David Kupka
87a6f746bc schema cache: Store API schema cache in memory
Read whole cache into memory and keep it there for lifetime of api
object. This removes the need to repetitively open/close the cache and
speeds up every access to it.

https://fedorahosted.org/freeipa/ticket/6048

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-17 14:16:04 +02:00
David Kupka
6716aaedc8 schema cache: Read server info only once
Do not open/close the file with every access to plugins. Extensive
access to filesystem may cause significant slowdown.

https://fedorahosted.org/freeipa/ticket/6048

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-17 14:16:04 +02:00
David Kupka
83b46238e7 frontent: Add summary class property to CommandOverride
Avoid creating instance of overriden command to get its summary.

https://fedorahosted.org/freeipa/ticket/6048

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-17 14:16:04 +02:00
David Kupka
e45e29f337 Access data for help separately
To avoid the need to read all data for a plugin from cache and actualy
use the separately stored help data it must be requested and returned
separately.

https://fedorahosted.org/freeipa/ticket/6048

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-17 14:16:04 +02:00
David Kupka
134fd235a2 schema cache: Do not read fingerprint and format from cache
Fingerprint can be obtained from schema filename of from ServerInfo
instance. Use FORMAT in path to avoid openening schema just to read its
format.

https://fedorahosted.org/freeipa/ticket/6048

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-17 14:16:04 +02:00
David Kupka
ba16d99f37 schema cache: Do not reset ServerInfo dirty flag
Once dirty flag is set to True it must not be set back to False.
Otherwise changes are not written back to file.

https://fedorahosted.org/freeipa/ticket/6048

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-17 14:16:04 +02:00
Jan Cholasta
20ee4a73e7 client: add missing output params to client-side commands
Add output params for the otptoken-add-yubikey, vault-add, vault-mod,
vault-archive and vault-retrieve commands.

This fixes the commands not having any output in CLI.

https://fedorahosted.org/freeipa/ticket/6182

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-08-10 10:27:00 +02:00
Jan Cholasta
e9c1d21b9f parameters: move the confirm kwarg to Param
Whether a parameter is treated like password is determined by the
`password` class attribute defined in the Param class. Whether the CLI will
asks for confirmation of a password parameter depends on the value of the
`confirm` kwarg of the Password class.

Move the `confirm` kwarg from the Password class to the Param class, so
that it can be used by any Param subclass which has the `password` class
attribute set to True.

This fixes confirmation of the --key option of otptoken-add, which is a
Bytes subclass with `password` set to True.

https://fedorahosted.org/freeipa/ticket/6174

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-08-10 08:51:39 +02:00
Florence Blanc-Renaud
cad6a551d6 Fix ipa hbactest output
ipa hbactest command produces a Traceback (TypeError: cannot concatenate
'str' and 'bool' objects)
This happens because hbactest overrides output_for_cli but does not
properly handle the output for 'value' field. 'value' contains a boolean
but it should not be displayed (refer to ipalib/frontend.py,
Command.output_for_cli()).

Note that the issue did not appear before because the 'value' field
had a flag no_display.

https://fedorahosted.org/freeipa/ticket/6157

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-08-04 17:13:16 +02:00
Jan Cholasta
1a73477e15 vault: add missing salt option to vault_mod
The option was accidentally removed in commit
4b119e21a2.

https://fedorahosted.org/freeipa/ticket/6154

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-04 14:20:06 +02:00
David Kupka
229e2a1ed9 compat: Save server's API version in for pre-schema servers
When client comunicates with server that doesn't support 'schema'
command it needs to determine its api version to be able to use the
right compat code. Storing information about server version reduces the
need to call 'env' or 'ping' command only to first time the server is
contacted.

https://fedorahosted.org/freeipa/ticket/6069

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-03 16:32:39 +02:00
David Kupka
23609d5955 schema: Generate bits for help load them on request
Store name, summary, topic_topic and exclude in single entry in cache
for all commands. These data are needed for help and storing and
loading them together allows fast help response.

https://fedorahosted.org/freeipa/ticket/6048

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-03 16:32:39 +02:00
David Kupka
86977070e1 schema: Introduce schema cache format
Information about schema cache format is stored in every cache item.
When schema cache format changes in incompatible way format will be
increased. When format stored in cache doesn't match currently used
format the entry in cache is ignored.

https://fedorahosted.org/freeipa/ticket/6048

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-03 16:32:39 +02:00
David Kupka
29f7f822ab frontend: Change doc, summary, topic and NO_CLI to class properties
Avoid need to instantiate all commands just to get information for
displaying help.

https://fedorahosted.org/freeipa/ticket/6048

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-03 16:32:39 +02:00
David Kupka
47a693d174 schema: Speed up schema cache
Check presence of schema in cache (and download it if necessary) on
__init__ instead of with each __getitem__ call. Prefill internal
dictionary with empty record for each command to be able to quickly
determine if requested command exist in schema or not. Rest of schema
data are read from cache on first attempt to retrive them.

https://fedorahosted.org/freeipa/ticket/6048
https://fedorahosted.org/freeipa/ticket/6069

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-08-03 16:32:39 +02:00
David Kupka
8ab0ad5b9e vault: Catch correct exception in decrypt
ValueError is raised when decryption fails.

https://fedorahosted.org/freeipa/ticket/6160

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-08-03 13:40:34 +02:00
Jan Cholasta
b8b7b9bf8e compat: fix ping call
Copy & paste accident caused the ping command to be called with an unwanted
argument, which results in an exception.

Remove the argument to fix it.

https://fedorahosted.org/freeipa/ticket/6129
2016-07-28 15:25:19 +02:00
Jan Cholasta
f563d982f2 client: fix hiding of commands which lack server support
Rather than checking the server counterpart's NO_CLI, which may be False
even for commands supported on the server, check wheter the server
counterpart is a command defined on the server or a local placeholder.

https://fedorahosted.org/freeipa/ticket/6089

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2016-07-28 10:24:45 +02:00
Jan Cholasta
ea62f2745d Revert "Enable vault-* commands on client"
This reverts commit 9feeaca9fb.

https://fedorahosted.org/freeipa/ticket/6089

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2016-07-28 10:24:45 +02:00
Jan Cholasta
cdf8b668e7 frontend: copy command arguments to output params on client
In commit f554078291 we stopped copying
command arguments to output params in order to remove redundancies and
reduce API schema in size. Since then, output params were removed from
API schema completely and are reconstructed on the client.

Not including arguments in output params hides failed members from member
commands' CLI output. To fix this, copy arguments to output params again,
but only on the client side.

https://fedorahosted.org/freeipa/ticket/6026

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2016-07-20 13:12:37 +02:00
Martin Babinsky
a1a7ecdc7b vault-add: set the default vault type on the client side if none was given
`vault-add` commands does much processing depending on the vault type even
before the request is forwarded to remote server. Since default values for
parameters are now filled only on server side, the client-side logic would
fail if the vault type was not explicitly given. In this case we have to
retrieve and use the default vault type from schema.

https://fedorahosted.org/freeipa/ticket/6047

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2016-07-13 18:46:31 +02:00
Stanislav Laznicka
6c74bd2bcc Removed unused method parameter from migrate-ds
An extra parameter on client side command override of migrate-ds output
was causing errors.

https://fedorahosted.org/freeipa/ticket/6034

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-13 18:40:22 +02:00
Martin Basti
9feeaca9fb Enable vault-* commands on client
Client plugins fot vault commands were disabled by NO_CLI=True,
inherited from vault_add_interal, that is always NO_CLI=True.
Introduced by this commit 8278da6967

Removed NO_CLI=True from client side plugins for vault.

https://fedorahosted.org/freeipa/ticket/6035

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2016-07-12 16:03:07 +02:00
David Kupka
cea1f33606 schema: Perform the check for schema update when force_schema_check is True
https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-07-01 10:12:34 +02:00
Martin Babinsky
974eb7b5ef ipalib: introduce Principal parameter
This patch introduces a separate Principal parameter that allows the framework
to syntactically validate incoming/outcoming principals by using a single
shared codebase.

https://fedorahosted.org/freeipa/ticket/3864

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-07-01 09:37:25 +02:00
Jan Cholasta
2cf7c7b4ac client: add support for pre-schema servers
Bundle remote plugin interface definitions for servers which lack API
schema support. These server API versions are included:
* 2.49: IPA 3.1.0 on RHEL/CentOS 6.5+,
* 2.114: IPA 4.1.4 on Fedora 22,
* 2.156: IPA 4.2.0 on RHEL/CentOS 7.2 and IPA 4.2.4 on Fedora 23,
* 2.164: IPA 4.3.1 on Fedora 23.

For servers with other API versions, the closest lower API version is used.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-07-01 09:40:04 +02:00
Jan Cholasta
cf713ac283 client: do not crash when overriding remote command as method
Do not crash during API initialization when overriding remote command that
is not a method with MethodOverride.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-07-01 09:40:04 +02:00
Jan Cholasta
8278da6967 client: add placeholders for required remote plugins
Add placeholders for remote plugins which are required by client-side
commands. They are used when the remote plugins are not available.

This fixes API initialization error when the remote server does not have
the plugins.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-30 16:32:20 +02:00
Jan Cholasta
c1d8c710e7 client: ignore override errors in command overrides
This fixes API initialization errors when the remote server does not have
the overriden command.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-30 16:32:20 +02:00
Jan Cholasta
1a03bd322d cert: fix CLI output of cert_remove_hold
cert_remove_hold uses output params instead of exceptions to convey
unsuccessful result. Move the output params to the client side before
the command is fixed to use exceptions.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-30 16:32:20 +02:00
Jan Cholasta
e4ec4796a3 frontend: do not ignore client-side output params
Do not ignore output params defined in client-side overrides.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-30 16:32:20 +02:00
Jan Cholasta
8d5272e687 schema: properly fix Flag arguments on the client
The previous fix in commit a77e21cbca made
some Bool arguments appear as Flag on the client. This change fixes that.

https://fedorahosted.org/freeipa/ticket/6009

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-30 11:02:20 +02:00
Jan Cholasta
a77e21cbca schema: fix Flag arguments on the client
Fix Flag arguments appearing as Bool on the client.

https://fedorahosted.org/freeipa/ticket/6009

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-29 10:20:00 +02:00
Fraser Tweedale
0078e7a919 ipa-certupdate: track lightweight CA certificates
Enhance the ipa-certupdate program to add Certmonger tracking
requests for lightweight CA certificates.

Also update the dogtag-ipa-ca-renew-agent-submit to not store or
retrieve lightweight CA certificates, becaues Dogtag clones observe
renewals and update their NSSDBs on their own, and allow the helper
to request non-self-signed certificates.

Part of: https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-06-29 08:52:29 +02:00
David Kupka
a636842889 schema: Caching on schema on client
Store schema in per user cache. Together with schemas also information
about mapping between server and fingerprint is stored to reduce traffic.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-06-28 15:03:42 +02:00
Jan Cholasta
8466e94440 schema: support plugin versioning
Update API schema server and client code to support plugin versioning.

https://fedorahosted.org/freeipa/ticket/4427

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-28 13:30:49 +02:00
Jan Cholasta
4284d4fb4d plugable: support plugin versioning
Allow multiple incompatible versions of a plugin using the same name. The
current plugins are assumed to be version '1'.

The unique identifier of plugins was changed from plugin name to plugin
name and version. By default, the highest version available at build time
is used. If the plugin is an unknown remote plugin, version of '1' is used
by default.

https://fedorahosted.org/freeipa/ticket/4427

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-28 13:30:49 +02:00
Jan Cholasta
f7cc15f099 schema: client-side code cleanup
Move client-side code scattered in global functions into neat classes.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-27 16:42:42 +02:00
Jan Cholasta
ac8e8ecdd3 schema: fix param default value handling
Advertise param's default value even when `autofill` is False. When
`autofill` is False, set `alwaysask` to True in the schema, as it is
semantically equivallent and removes redundancy.

This fixes default value disappearing in CLI for some params.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-27 16:42:42 +02:00
Jan Barta
94909d21db pylint: fix: multiple-statements
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2016-06-21 13:51:28 +02:00
Jan Cholasta
894be1bd50 dns: fix dns_update_system_records to work with thin client
https://fedorahosted.org/freeipa/ticket/2008
https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-06-21 13:03:14 +02:00
Jan Cholasta
b00dbca98f cert: allow search by certificate
Allow search by certificate data or file in cert-find.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
2016-06-21 09:45:20 +02:00
Jan Cholasta
d44ffdad42 cert: add object plugin
Implement cert as an object with methods rather than a bunch of loosely
related commands.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
2016-06-21 09:45:20 +02:00
Jan Cholasta
8cc8b6fb10 schema: remove no_cli from command schema
Instead, support excluding commands from specified contexts and exclude
commands with NO_CLI set from the 'cli' context.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-20 16:39:12 +02:00
Jan Cholasta
cbe73c6d28 schema: remove redundant information
Remove the `autofill` kwarg from param schema. On the server, include
default value only if autofill is set. On the client, set autofill if param
has a default value.

Remove the `deprecated_cli_aliases`, `hint` and `sortorder` kwargs, and the
`dnsrecord_extra`, `dnsrecord_part` and `suppress_empty` flags from param
schema, as they are now handled exclusively on the client.

Replace the `no_option` and `no_output` flags in param schema with
exclusion of the param in 'cli' and 'webui' contexts.

Remove the `no_display` flag from output schema, as it is now handled
exclusively on the client.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-20 16:39:12 +02:00
Jan Cholasta
d0cfe37a7e schema: merge command args and options
Rather than having args and options separately in command schema, merge
them together and use new `positional` param flag to differentiate between
them.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-20 16:39:12 +02:00
Jan Cholasta
91faf3ecd7 schema: remove output_params
Since output params are copied from object plugins, remove them from
command schema and include object name instead.

One exception to this are the output params used for failed members in
member add/remove commands. Move these to the client side, as they will
be replaced by warnings.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-20 16:39:12 +02:00
Jan Cholasta
ec1b3e71b2 schema: add object class schema
Support object classes defined by object plugins in API schema.

Added new commands `class-show` and `class-find` to retrieve information
about object classes. `param-show` and `param-find` now support both
commands and classes.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-20 16:39:12 +02:00
Jan Cholasta
3ec7a52aea permission: handle ipapermright deprecated CLI alias on the client
https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-20 16:39:12 +02:00
Jan Cholasta
71de8878bd passwd: handle sort order of passwd argument on the client
https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-20 16:39:12 +02:00
Jan Cholasta
5382864909 misc: skip count and total output in env.output_for_cli
Do not include the `count` and `total` output values in CLI output in
env.output_for_cli by default.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-20 16:39:12 +02:00
Jan Cholasta
234270dc75 dns: do not rely on custom param fields in record attributes
Obtain the information provided by the `hint` kwarg and `dnsrecord_part`
and `dnsrecord_extra` flags by other means.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-20 16:39:12 +02:00
Jan Cholasta
f554078291 frontend: don't copy command arguments to output params
Use only object params and params defined in has_output_params as output
params. This removes unnecessary duplication of params defined both in
object plugins and as command arguments.

This requires all command output params to be properly defined in either
the object plugins or the command's has_output_params. Fix the plugins
where this wasn't true.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-20 16:39:12 +02:00
Martin Babinsky
a6eb87bd68 server-del: perform full master removal in managed topology
This patch implements most of the del_master_managed() functionality as a part
of `server-del` command.

`server-del` nows performs these actions:
  * check topology connectivity
  * check that at least one CA/DNS server and DNSSec masters are left
    after removal
  * cleanup all LDAP entries/attributes exposing information about the master
  * cleanup master DNS records
  * remove master and service principals
  * remove master entry from LDAP
  * check that all segments pointing to the master were removed

  `server-del` now accepts the following options:
  * `--force`: force master removal even if it doesn't exist
  * `--ignore-topology-disconnect`: ignore errors arising from disconnected
    topology before and after master removal
  * `--ignore-last-of-role`: remove master even if it is last DNS server,
    and DNSSec key master. The last CA will *not* be removed regardless of
    this option.

https://fedorahosted.org/freeipa/ticket/5588

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-06-17 18:55:19 +02:00
Martin Basti
e23159596e DNS Locations: command dns-update-system-records
command dns-update-system-records updates/fixes DNS records for IPA
services:
* updating A, AAAA records for CA
* updating SRV records for LDAP, kerberos and AD trust
* updating TXT record in _kerberos with proper realm
* updating dns locations if used

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-06-17 15:22:24 +02:00
Abhijeet Kasurde
6873ac5b03 Added missing translation to automount.py method
Fixes: https://fedorahosted.org/freeipa/ticket/5920

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-06-16 08:57:55 +02:00
Jan Cholasta
d26e42ffb0 schema: fix client-side dynamic defaults
Call command_defaults with properly typed arguments.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-15 14:03:51 +02:00
Jan Cholasta
365d973763 misc: fix empty CLI output of env and plugins commands
https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-15 14:03:51 +02:00
Jan Cholasta
e2a8290af1 batch, schema: use Dict instead of Any
Add new Dict parameter class and use it in the batch and command_defaults
plugins.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-15 14:03:51 +02:00
Jan Cholasta
3ac2215ddb schema: generate client-side commands on demand
Instead of pre-generating all command classes from API schema on API
initialization and using them as plugins, use placeholder objects which
generate the classes on demand.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-15 14:03:51 +02:00
Jan Cholasta
64aa4496e2 schema: fix typo
This fixes summary lines for commands in the help command.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-09 09:11:28 +02:00
Jan Cholasta
585e0d1b8c schema: fix topic command output
Return topic names as text instead of binary blob.

This fixes ipa help topic display.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-09 09:11:28 +02:00
Alexander Bokovoy
29d669fec1 otptoken: support Python 3 for the qr code
When IPA client is using Python 3, there is no str.decode() method
anymore.

ipa: ERROR: AttributeError: 'str' object has no attribute 'decode'
Traceback (most recent call last):
 File "/usr/lib/python3.5/site-packages/ipalib/cli.py", line 1345, in run
   sys.exit(api.Backend.cli.run(argv))
 File "/usr/lib/python3.5/site-packages/ipalib/cli.py", line 1110, in run
   rv = cmd.output_for_cli(self.api.Backend.textui, result, *args, **options)
 File "/usr/lib/python3.5/site-packages/ipaclient/plugins/otptoken.py", line 103, in output_for_cli
   qr = self._get_qrcode(output, uri, options['version'])
 File "/usr/lib/python3.5/site-packages/ipaclient/plugins/otptoken.py", line 61, in _get_qrcode
   qr_code = qr_output.getvalue().decode(encoding)
AttributeError: 'str' object has no attribute 'decode' ipa: ERROR: an internal error has occurred

Fixes https://fedorahosted.org/freeipa/ticket/5938

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-06-09 08:09:33 +02:00
Florence Blanc-Renaud
c4a8e64cdf Add the culprit line when a configuration file has an incorrect format
For instance if /etc/nsswitch.conf contains an incorrect line
sudoers		file sss
(Note the missing : after sudoers)
ipa-client-install exits with a SyntaxError traceback but does not state
which line caused the issue.
With the fix, the filename and the line are displayed in the SyntaxError
message.

https://fedorahosted.org/freeipa/ticket/5811

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-06-06 19:06:32 +02:00
Martin Basti
79544aa51a DNS Location: location-show: return list of servers in location
location-show returns list of servers curently assigned to the location

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-06-03 15:58:21 +02:00
Yuri Chornoivan
fd4386d5c9 Fix minor typo
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-06-03 15:25:15 +02:00
Jan Cholasta
6e44557b60 ipalib: move server-side plugins to ipaserver
Move the remaining plugin code from ipalib.plugins to ipaserver.plugins.

Remove the now unused ipalib.plugins package.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-03 09:00:34 +02:00
Jan Cholasta
ec841e5d7a ipaclient: implement thin client
Dynamically create plugin package for the remote server with modules and
commands based on the API schema when client API is finalizes. For in-tree
API instances, use ipalib.plugins directly.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-03 09:00:34 +02:00
Jan Cholasta
2f7df393fd ipalib: move File command arguments to ipaclient
File arguments are relevant only on the client, on the server they are the
same as Str. Specify the arguments as Str in ipalib.plugins and override
them with File in ipaclient.plugins.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-03 09:00:34 +02:00
Jan Cholasta
4c7be74526 ipalib: split off client-side plugin code into ipaclient
Provide client-side overrides for command plugins which implement any of
the client-side `interactive_prompt_callback`, `forward` or
`output_for_cli` methods and move the methods from the original plugins to
the overrides.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-03 09:00:34 +02:00
Jan Cholasta
b8988da096 ipaclient: add client-side command override class
This adds a new ipaclient.frontend module with two classes, CommandOverride
and MethodOverride, which can be used to implement additional client-side
functionality on top of server-side Command and Method plugins.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-03 09:00:34 +02:00
Jan Cholasta
cd5ecdbaee help, makeapi: specify module topic by name
Specify module topic by name rather than by name and summary. A topic
module of the topic name must exist. Summary is extracted from the
docstring of the topic module.

This changes makes topic handling more generic and consistent between
modules and commands.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-03 09:00:34 +02:00
Jan Cholasta
327d95296a ipalib: move client-side plugins to ipaclient
Move the rpcclient backend and commands which are executed on the client
to ipaclient.plugins.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-03 09:00:34 +02:00
Jan Cholasta
f1ad3e67ae ipaclient: introduce ipaclient.plugins
Load plugins from ipaclient.plugins in client API instances.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-03 09:00:34 +02:00
Jan Cholasta
5452006498 build: fix client-only build
https://fedorahosted.org/freeipa/ticket/5889

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-05-19 15:52:06 +02:00
Martin Basti
491447cc5a pylint: remove bare except
Bare except should not be used.

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
2016-03-22 10:20:51 +01:00
Martin Babinsky
8290d4b4cb only search for Kerberos SRV records when autodiscovery was requested
When a list of servers is passed to ipa-client-{install,automount} the search
of Kerberos and LDAP SRV records should be suppressed and the specified
hostnames used directly as LDAP servers/KDCs. We thus should not performed
search for KDCs when the autodiscovery was actually not requested.

https://fedorahosted.org/freeipa/ticket/4305

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-03-14 13:43:50 +01:00
Petr Viktorin
cec7df5c54 ipadiscovery: Decode to unicode in ipacheckldap(), get_ipa_basedn()
ipacheckldap uses a schema-less connection with decode_attrs=False,
so bytes need to be decoded manually.
This was not a problem in Python2 where bytes and unicode could
be mixed freely.

Part of the work for https://fedorahosted.org/freeipa/ticket/5638

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-03-03 10:31:55 +01:00
Petr Viktorin
8df86d5bff Move get_ipa_basedn from ipautil to ipadiscovery
The function wasn't used anywhere else.

Part of the work for https://fedorahosted.org/freeipa/ticket/5638

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-03-03 10:31:55 +01:00
Jan Cholasta
11592dde1b client: stop using /etc/pki/nssdb
Don't put any IPA certificates to /etc/pki/nssdb - IPA itself uses
/etc/ipa/nssdb and IPA CA certificates are provided to the system using
p11-kit. Remove leftovers on upgrade.

https://fedorahosted.org/freeipa/ticket/5592

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-02-24 10:53:28 +01:00
Stanislav Laznicka
9757384c7c Cosmetic changes to the code
Fixes some Coverity issues

ipadiscovery.py:          added assert should universe break
plugins/dns.py:           removed dead code
dnssec/ldapkeydb.py:      attribute assert in the proper object
test_automount_plugin.py: fixed possible close() on None
xmlrpc_test.py:           Coverity does not like accessing None.__class__

https://fedorahosted.org/freeipa/ticket/5661

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-02-24 09:21:30 +01:00
Petr Viktorin
840de9bb48 Split ipa-client/ into ipaclient/ (Python library) and client/ (C, scripts)
Make ipaclient a Python library like ipapython, ipalib, etc.
Use setup.py instead of autotools for installing it.

Move C client tools, Python scripts, and man pages, to client/.

Remove old, empty or outdated, boilerplate files (NEWS, README, AUTHORS).
Remove /setup-client.py (ipalib/setup.py should be used instead).

Update Makefiles and the spec file accordingly.

https://fedorahosted.org/freeipa/ticket/5638

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-01-27 12:09:02 +01:00