PEP8 fix for teat_webui/test_user.py. Errors involved:
- line > 79 character
- 2 blank line needed before class
- single space was needed between # and comment
Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
Notification used to intercept the click on page for some element.
This test ensures that element is clickable.
related: https://pagure.io/freeipa/issue/8120
Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
Chrony daemon tries to use adjtimex() which doesn't work in the
container we run in Docker environment on Azure Pipelines.
nis-domainname also tries to modify kernel-specific parameter that
doesn't really work in runc-based containers.
Use systemd container detection to avoid starting these services in the
containers.
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
A new test case was not picking up ``ipa-run-tests`` script.
Fixes: https://pagure.io/freeipa/issue/8307
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
ipa service-del <Principal name> did not display proper principal
name which is being deleted in error message.
This test check if it throws error having proper principal name.
related: https://pagure.io/freeipa/issue/7695
Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Fix is to display the proper principal in error message
while attempting to delete required principal.
related: https://pagure.io/freeipa/issue/7695
Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
when ipa-advise generates a script to configure a client for smart card
auth, the script calls python3 to configure SSSD. The issue happens
if the server (when ipa-advise is run) and the client do not have
the same path for python3 command.
By default, try to use python3 but if the command is not found, fallback
to /usr/libexec/platform-python (which is the python3 path on RHEL8).
Fixes: https://pagure.io/freeipa/issue/8311
Reviewed-By: Christian Heimes <cheimes@redhat.com>
``pkispawn`` is being modified to use PKI CLI for installation.
Add ``/pki/rest`` to proxied routes and simplify location matching with
a prefix regular expression.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
service-del deletes services by DN and LDAP DNs are compared
case-insensitive. Make check_required_principal() compare the
service name case insensitive.
Fixes: https://pagure.io/freeipa/issue/8308
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
ipaplatform was made a namespace package so that 3rd party OS
distributors can easily define their own distribution subpackage. Since
major distributions have contributed to FreeIPA project and no 3rd party
ipaplatform subpackage was uploaded to PyPI, it doesn't make much sense
to keep ipaplatform a namespace package.
The ipaplatform-*-nspkg.pth file for namespace package definition is
causing trouble with local testing on developer boxes.
Fixes: https://pagure.io/freeipa/issue/8309
See: https://pagure.io/freeipa/issue/6474
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Disable some warnings that are not PEP-8 compatible.
Disable warnings E731 and E741. IPA code uses ``l`` as variable names
and assignment of lambda expressions a lot.
Ignore auto-generated remote plugins and build directories.
Related: https://pagure.io/freeipa/issue/8306
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Add whitespaces around assignment operator and use consistent double
quotes.
https://pagure.io/freeipa/issue/8306
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
The value of the first character in target* keywords
is expected to be a double quote.
Fixes: https://pagure.io/freeipa/issue/8301
Signed-off-by: Viktor Ashirov <vashirov@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
This worked for now, but is SyntaxError in Python 3.9.0a6:
File "/usr/lib/python3.9/site-packages/ipapython/cookie.py", line 222
return'/'
^
SyntaxError: invalid string prefix
(The Python change might actually be reverted before 3.9 final,
but this can be fixed anyway.)
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Test cases:
- admin can add member manager for user/host group
- admin can add member manager group to user/host group
- member manager can add user to group
- member manager can remove user from group
- member manager can add host to host group
- member manager can remove host from host group
Ticket: https://pagure.io/freeipa/issue/8298
Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com>
Reviewed-By: Michal Polovka <mpolovka@redhat.com>
"previous" updated to Fedora 31
"latest" updated to Fedora 32
"rawhide" based on Fedora 33
389ds, testing and pki definitions updated to Fedora 32
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
RTD comes with Sphinx 1.8 that is missing some APIs.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Something went wrong with git subtree merge of the external
freeipa-workshop repository. A couple of files accidently ended up
in / instead of /doc/workshop/.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Sphinx is extensible with plugins that can add new syntax, roles,
directives, domains, and more.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Azure host has 6 GB of physical memory + 7 GB of swap.
FreeIPA CI runs at least 5 masters on each Azure's host.
Thus, swap is intensively used.
Based on the available *physical* memory 389-ds performs db tweaks
and in future may fail to start in case of memory shortage.
Current memory limit for Azure Docker containers(master/replica):
- Physical
$ cat /sys/fs/cgroup/memory/memory.limit_in_bytes
1610612736
- Physical + swap:
$ cat /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes
3221225472
In the meantime, installation of master + ca + kra + dnssec requires:
$ cat /sys/fs/cgroup/memory/memory.max_usage_in_bytes
1856929792
Some test environments require more memory.
For example, 'ipatests.test_integration.test_commands.TestIPACommand':
$ cat /sys/fs/cgroup/memory/memory.memsw.max_usage_in_bytes
2232246272
$ cat /sys/fs/cgroup/memory/memory.max_usage_in_bytes
2232246272
Fixes: https://pagure.io/freeipa/issue/8264
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Each integration test entity sets up its own list of logfiles.
This is made by calling the callback of host's 'collect_log',
which knows nothing about the context of execution: whether it's
the test class scope or the test method one. Of course, in this
case one-time collection of test method log is not supported
because the logs tracker collects only test class logs.
In the meantime, almost all the entities (except 'client')
collect identical logs. Besides, due to the IPA roles
transformation an each IPA host can become master, replica or
client, all of these, in turn, can have subroles. So, the
most common case is the collection of all the possible logs from
all the IPA (Unix) hosts. However, the customization of a logfiles
collection is possible.
The collection is performed with the help of 'integration_logs'
fixture. For example, to add a logfile to list of logs on a test
completion one should add the dependency on this fixture and call
its 'collect_method_log' method.
```
class TestFoo(IntegrationTest):
def test_foo(self):
pass
def test_bar(self, integration_logs):
integration_logs.collect_method_log(self.master, '/logfile')
```
Collected logs:
1) 'test_foo' - default logs
2) 'test_bar' - default logs + /logfile
3) 'TestFoo' - default logs
Fixes: https://pagure.io/freeipa/issue/8265
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
The last usage of 'collect_logs' decorator has been removed
in 1d70ce850e. So, it could be safely removed.
Fixes: https://pagure.io/freeipa/issue/8265
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Make it easier to skip tests based on platform ID and platform LIKE_ID.
Skip some tests that are not working on Debian-like platforms
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
The design draft lists the user stories, implementation choices,
implementation details, limitations, and changes for the new
Expired Password Notifications (EPN) feature.
Fixes: https://pagure.io/freeipa/issue/3687
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
cn=sysaccounts,cn=etc now has a default password policy to permit system
accounts with krbPrincipalAux object class. This allows system accounts
to have a keytab that does not expire.
The "Default System Accounts Password Policy" has a minimum password
length in case the password is directly modified with LDAP.
Fixes: https://pagure.io/freeipa/issue/8276
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Refactor code to use api.env.container_sysaccounts instead of
('cn', 'sysaccounts'), ('cn', 'etc')
Related: https://pagure.io/freeipa/issue/8276
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
W1661(exception-escape), RPCClient.forward]
Using an exception object that was bound by an except handler)
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
``__getnewargs__()`` must return a tuple.
Fixes ``E0312(invalid-getnewargs-returned), APIVersion.__getnewargs__]
__getnewargs__ does not return a tuple)``.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This testcase checks that when trust isn't setup
between IPA server and Windows AD, IPADomainCheck
displays key value as domain-check and result is SUCCESS
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Test checks that HostKeyAlgorithms is not present in
/etc/ssh/ssh_config after client install with option
-ssh-trust-dns.
https://pagure.io/freeipa/issue/8082
Signed-off-by: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
The definition of servrole.takes_params was missing a comma.
Related: https://pagure.io/freeipa/issue/8290
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This test ensures that RUVCheck for ipahealthcheck.ds.ruv
source displays correct result
Signed-off-by: sumenon <sumenon@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
