In ipatests/test_xmlrpc/test_idviews_plugin several variables are declared
twice, while never using the first declaration. The duplicate declaration is
hereby removed.
https://fedorahosted.org/freeipa/ticket/6246
Reviewed-By: Martin Basti <mbasti@redhat.com>
The new module contains utility functions and a context manager to
make the mocking of an existing AD trust relation in the XMLRPC tests.
The module provides with two functions that create and delete the
containers for trusts and cifs domains. A context manager using these
is provided as well.
The user of the context manager is responsible for deleting all the
LDAP entries created during the test within the context. If there are
some entries left at the time of exiting the context manager, making
the container entries non-leaf entries, the tests will fail.
The context manager will not work when used on a server that already
has trust established.
https://fedorahosted.org/freeipa/ticket/6142
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
The commit implements a mixin class providing capability
to track and modify kerberos principal aliases on supported
types of entries.
The class using the mixin must inherit from the Tracker class
and must provide the implementation of two methods:
* _make_add_alias_cmd
* _make_remove_alias_cmd
These are used to get the type specific command for the particular
entry class. The methods provided will not work on entries that
do not have 'krbprincipalname' attribute.
The service, host and user trackers are being extended to use this
new mixin class.
https://fedorahosted.org/freeipa/ticket/6142
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Fix conflict between "got" and "expected" values when testing "dnsconfig_mod:
Update global DNS settings"
Reviewed-By: Martin Basti <mbasti@redhat.com>
Improving handling of rename operation by user tracker, together with
fixes for user tests, that failed as consequence.
Failures were caused by RFE Kerberos principal alias.
Some tests were rewritten, since they used "--setattr" option instead of
"--rename", and hence didn't reflect proper behaviour of the principal
aliases feature.
https://fedorahosted.org/freeipa/ticket/6024
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Provides basic service tracker, so far for purposes of [1].
Tracker is not complete, some methods will need to be added in case of service test refactoring.
[1] https://fedorahosted.org/freeipa/ticket/433
Reviewed-By: Milan Kubik <mkubik@redhat.com>
Test the Sub CA feature by signing a CSR with custom
certificate profile.
The test also covers 'cert-request' fallback behaviour
for missing 'cacn' and 'profile-id' options by reusing
the fixtures from the module.
https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Since now users, hosts, and service all support assigning multiple principal
aliases to them, the display of kerberos principal names should be consistent
across all these objects. Principal aliases and canonical names will now be
displayed in all add, mod, show, and find operations.
https://fedorahosted.org/freeipa/ticket/3864
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
All plugins will now use this parameter and common code for all operations on
Kerberos principals. Additional semantic validators and normalizers were
added to determine or append a correct realm so that the previous behavior is
kept intact.
https://fedorahosted.org/freeipa/ticket/3864
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
The LDAP*ReverseMember methods would always return the whole LDAP
object even though --all is not specified.
Also had to fix some tests as objectClass will not be returned by
default now.
https://fedorahosted.org/freeipa/ticket/5892
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
When adding certifiates to a host or service entry, we currently
check that the issuer matches the issuer DN of the IPA CA. Now that
sub-CAs have been implemented, this check is no longer valid and
will cause false negatives. Remove it and update call sites.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
In all *-find commands, member attributes shouldn't be processed due
high amount fo ldpaserches cause serious performance issues. For this
reason --no-members option is set by default in CLI and API.
To get members in *-find command option --all in CLI is rquired or
'no_members=False' or 'all=True' must be set in API call.
For other commands processing of members stays unchanged. WebUI is not
affected by this change.
https://fedorahosted.org/freeipa/ticket/4995
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
The code was duplicate and less generic anyway.
As a side-effect I had to re-wrap dns.exception.DNSException into a
PublicError so it can be displayed to the user.
DNSError is now a super class for other DNS-related errors. Errors from
DNS resolver are re-raised as DNSResolverError.
https://fedorahosted.org/freeipa/ticket/5710
Reviewed-By: Martin Basti <mbasti@redhat.com>
Forwarding policy "first" or "none" may conflicts with some automatic empty
zones. Queries for zones specified by RFC 6303 will ignore
forwarding and recursion and always result in NXDOMAIN answers.
This is not detected and warned about. Global forwarding is equivalent
to forward zone ".".
Example:
Forward zone 1.10.in-addr.arpa with policy "first"
will not forward anything because BIND will automatically prefer
automatic empty zone "10.in-addr.arpa." which is authoritative.
https://fedorahosted.org/freeipa/ticket/5710
Reviewed-By: Martin Basti <mbasti@redhat.com>
Include keyword arguments of exceptions in RPC responses. This is limited
to JSON-RPC, as XML-RPC does not support additional data in error
responses.
Include keyword arguments of messages in RPC responses.
Include keyword arguments of exceptions in batch command result.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
