As the group type has been changed from 'normal' to 'nonposix' we need to update
this information also in tests.
https://fedorahosted.org/freeipa/ticket/6334
Reviewed-By: Martin Basti <mbasti@redhat.com>
Providing cleanup of trust information from AD machines for legacy client tests.
https://fedorahosted.org/freeipa/ticket/6396
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
- Temporary modify certmonger dogtag-ipa-ca-renew helper to request the IPA RA
agent cert, using the temp cert created during pkispawn. The cert request
is now processed through certmonger, and the helper arguments are restored
once the agent cert is obtained.
- Modify the installer code creating HTTP and LDAP certificates to use
certmonger's IPA helper with temporary parameters (calling dogtag-submit
instead of ipa-submit)
- Clean-up for the integration tests: sometimes ipa renewal.lock is not
released during ipa-server-uninstall. Make sure that the file is removed
to allow future installations.
https://fedorahosted.org/freeipa/ticket/6433
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Update x509.load_certificate and related functions to return
python-cryptography ``Certificate`` objects. Update the call sites
accordingly, including removal of NSS initialisation code.
Also update GeneralName parsing code to return python-cryptography
GeneralName values, for consistency with other code that processes
GeneralNames. The new function, `get_san_general_names`, and
associated helper functions, can be removed when python-cryptography
provides a way to deal with unrecognised critical extensions.
Part of: https://fedorahosted.org/freeipa/ticket/6398
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Update ``ipalib.pkcs10`` module to use python-cryptography for CSR
processing instead of NSS.
Part of: https://fedorahosted.org/freeipa/ticket/6398
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
The upcoming change to using python-cryptography for certificate
process will require a way to convert
``cryptography.x509.name.Name`` values to ``ipapython.dn.DN``.
Update the ``DN`` constructor to accept a ``Name``.
Part of: https://fedorahosted.org/freeipa/ticket/6398
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Since /etc/ipa/ca.crt should be always present on the test runner, we should
use it in bind method tests and not rely on its presence in user conf dir.
https://fedorahosted.org/freeipa/ticket/6409
Reviewed-By: Petr Spacek <pspacek@redhat.com>
At the time of this writting
https://fedoraproject.org/wiki/Packaging:Guidelines#Manpages
says this:
When installing man pages, note that they should be installed uncompressed
as the build system will compress them as needed. The compression method
may change, so it is important to reference the pages in the %files section
with a pattern that takes this into account:
%{_mandir}/man1/foo.1*
Removing the compression also allows to remove several install-data-hook
targets from Makefile.am files.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Static files from Git which are not touched by the build system
have to be explicitly listed in Makefile.am so they get into tarball.
EXTRA_DIST lists whole sub-directories with static files.
This is not ideal but we do not have enough time to fix it properly.
Dojo builder patch files were renames to shorten their name.
The original names were exceeding autotools length limit.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
By default automake does not distribute man pages. This marks then with
dist_ prefix to force their distribution in tarball.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
This version builds only one version of Python packages. If you want to
build for Python 2 & 3 call configure twice using different --with-python
or specify PYTHON variable when calling make.
dist-hook is using SOURCES.txt file from egg-info.
According to Petr Viktorin this should be enough for our purposes
and avoids need to create plugins for setuptools.
Currently VPATH builds do not work for various reasons.
This should be fixed later on.
Most credit goes to these guys:
Christian Heimes <cheimes@redhat.com>
Petr Viktorin <pviktori@redhat.com>
Kevin Brown <kevin@kevin-brown.com>
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
All new retrieval methods are covered including testing for excluded option
combinations.
https://fedorahosted.org/freeipa/ticket/6409
Reviewed-By: Simo Sorce <ssorce@redhat.com>
The test suite is now leveraging host/service tracker objects as test case
fixture, removing much of ad-hoc setup/teardown.
https://fedorahosted.org/freeipa/ticket/6409
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Tests with sudorules using only RunAsGroups attributes with empty RunAsUsers
attribute fail due to different expected value than is really returned. This is
caused by improper behaviour of sudo in versions before 1.8.18 (see [1]), to
which the tests were originally fitted. Changing the expected value to proper
one.
[1] - https://www.sudo.ws/pipermail/sudo-workers/2016-November/001025.htmlhttps://fedorahosted.org/freeipa/ticket/6378
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* move IPAdmin methods to LDAPClient
* add extra arguments (cacert, sasl_nocanon) to LDAPClient.__init__()
* add host, port, _protocol to LDAPClient (parsed from ldap_uri)
* create get_ldap_uri() method to create ldap_uri from former
IPAdmin.__init__() arguments
* replace IPAdmin with LDAPClient + get_ldap_uri()
* remove ununsed function argument hostname from
enable_replication_version_checking()
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use LDAPClient.simple_bind instead of extra call to IPAdmin.do_simple_bind
* Rename binddn to bind_dn
* Rename bindpw to bind_password
* Explicitly specify bind_dn in all calls
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Verify that command cert-find, cert-show and cert-request show CA even without
--all.
https://fedorahosted.org/freeipa/ticket/6410
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
When master is without KRA installed, on domain level0 we cannot install
KRA replicas, thus this tests must be skipped on DL0
https://fedorahosted.org/freeipa/ticket/6088
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
Currently tests were not testing one-step installation of KRA together
with replica. Adding --setup-kra to replica installation instead of
calling ipa-kra-install after.
https://fedorahosted.org/freeipa/ticket/6088
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
KRA should be tested with warious replication topologies as well, mainly
in domain level 0
https://fedorahosted.org/freeipa/ticket/6088
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
In tracker, 'self.attrs' variable is created and filled in track_create method.
Some objects are not created but still require access to this variable.
Created 'self.attrs' variable in init
https://fedorahosted.org/freeipa/ticket/6125
Reviewed-By: Milan Kubik <mkubik@redhat.com>
Check for import errors with pylint to make sure new python package
dependencies are not overlooked.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Translations are need for client as well. This move is done to remove
dependency between client and install subdirectories.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
At the same time, I removed unnecessary checks for mkdir etc. and added
missing check for gzip.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
All setup.py files are now using setuptools through a common file
ipasetup.py. The file is auto-generated and contain all common
settings.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
As the issue with ipa installer always returning 0 returncode was addressed,
the test needs to be made aware of this change.
https://fedorahosted.org/freeipa/ticket/6401
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
In domain level 0 ipa-replica-prepare fails because dogtag is not ready
so soon after final restart during installation (tests are too fast).
Wait 30 seconds before ipa-replica-prepare is executed, to make sure
that dogtag is ready. Remove this workaround when ticket is fixed.
https://fedorahosted.org/freeipa/ticket/6274
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Providing tests for certificate revocation to replace deleted tests from
test_cert_find.
https://fedorahosted.org/freeipa/ticket/6349
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
A bunch of certplugin tests were testing number of revoked certificates with
various revocation reasons. Since existence of revoked certificates often
depends on other parts of IdM than IPA, it is not really valid to check their
presence unless creation of revoked certificate is intentionally tested.
https://fedorahosted.org/freeipa/ticket/6349
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
pylint-1.6.4-1.fc26.noarch reports these, hence they should be fixed in order
to build FreeIPA with this version
https://fedorahosted.org/freeipa/ticket/6391
Reviewed-By: Martin Basti <mbasti@redhat.com>
The patch implements several test cases testing the enforcement
of CA ACLs on certificate requests with subject alternative names.
https://fedorahosted.org/freeipa/ticket/6366
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
The test would be failing because recent pretty-print changes
that caused the inner members of a dictionary to be printed
in a different order.
https://fedorahosted.org/freeipa/ticket/6373
Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
By default, ipa-run-tests will now pretty-print structures
compared in the assert_deepequal function. This behaviour
can be turned off by the --no-pretty-print option.
https://fedorahosted.org/freeipa/ticket/6212
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Unused variables may:
* make code less readable
* create dead code
* potentialy hide issues/errors
Enabled check should prevent to leave unused variable in code
Check is locally disabled for modules that fix is not clear or easy or have too many occurences of
unused variables
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
