Commit Graph

18 Commits

Author SHA1 Message Date
Stanislav Laznicka
f31797c70a Have all the scripts run in python 3 by default
The Python 3 refactoring effort is finishing, it should be safe
to turn all scripts to run in Python 3 by default.

https://pagure.io/freeipa/issue/4985

Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-02-15 18:43:12 +01:00
Christian Heimes
1ed4461f33 LGTM: Use of exit() or quit()
Replace exit() with sys.exit(). exit() or quit() may fail if the interpreter
is run with the -S option.

https://pagure.io/freeipa/issue/7344

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2018-01-09 07:53:28 +01:00
Christian Heimes
48d6302008 Remove ignore_import_errors
ignore_import_errors was added in 9b534238 to build FreeIPA ACI/API with
some dependencies missing. It turns out that the import hook doesn't
play nice with other meta importers or Cython-generated code like lxml:

./makeaci: ipaserver/plugins/dogtag.py:246: ignoring ImportError: No module named lxml.re
Traceback (most recent call last):
  File "./makeaci", line 134, in <module>
    main(options)
  File "./makeaci", line 107, in main
    api.finalize()
  File "ipalib/plugable.py", line 733, in finalize
    self.__do_if_not_done('load_plugins')
  File "ipalib/plugable.py", line 425, in __do_if_not_done
    getattr(self, name)()
  File "ipalib/plugable.py", line 614, in load_plugins
    self.add_package(package)
  File "ipalib/plugable.py", line 641, in add_package
    module = importlib.import_module(name)
  File "/usr/lib64/python2.7/importlib/__init__.py", line 37, in import_module
    __import__(name)
  File "ipaserver/plugins/dogtag.py", line 246, in <module>
    from lxml import etree
  File "src/lxml/etree.pyx", line 93, in init lxml.etree
  File "src/lxml/_elementpath.py", line 58, in init lxml._elementpath
AttributeError: 'FailedImport' object has no attribute 'compile'

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2017-11-15 11:06:53 +01:00
Jan Cholasta
ba3963b4dc config: provide defaults for xmlrpc_uri, ldap_uri and basedn
Derive the default value of `xmlrpc_uri` and `ldap_uri` from `server`.
Derive the default value of `basedn` from `domain`.

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-07-04 12:06:33 +02:00
Petr Spacek
3f6411a49c ipalib.constants: Remove default domain, realm, basedn, xmlrpc_uri, ldap_uri
Domain, realm, basedn, xmlrpc_uri, ldap_uri do not have any reasonable default.
This patch removes hardcoded default so the so the code which depends
on these values blows up early and does not do crazy stuff
with default values instead of real ones.

This should help to uncover issues caused by improper ipalib
initialization.

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2017-07-04 12:06:33 +02:00
Jan Cholasta
9b53423815 makeapi, makeaci: do not fail on missing imports
Add import hook to makeapi and makeaci which makes them ignore import
errors in modules in our source tree and instead print a warning.

This makes it possible to build IPA without having to have most of our
runtime dependencies installed.

https://fedorahosted.org/freeipa/ticket/6418

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-10-24 14:11:08 +02:00
Jan Cholasta
2615103c68 makeaci, makeapi, oddjob: use the default API context
Use the default context rather the server context for code not running
inside the server.

This prevents the affected code from attempting to initialize the session
manager.

https://fedorahosted.org/freeipa/ticket/5988

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-06-30 14:09:24 +02:00
Jan Cholasta
db13494045 makeaci, makeapi: use in-server API
Capture the server API rather than client API in API.txt. Client API may be
affected by client-side plugins and thus may not correspond to what is
transmitted over the wire.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-20 16:39:12 +02:00
Jan Cholasta
ec841e5d7a ipaclient: implement thin client
Dynamically create plugin package for the remote server with modules and
commands based on the API schema when client API is finalizes. For in-tree
API instances, use ipalib.plugins directly.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-03 09:00:34 +02:00
Jan Cholasta
3f5091b55a makeaci: load additional plugins using API.add_module
Load the ldap2 and update_managed_permissions modules using API.add_module
rather than API.import_plugins.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-05-25 16:06:26 +02:00
Martin Basti
e4075b1fe2 Remove unused imports
This patch removes unused imports, alse pylint has been configured to
check unused imports.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-12-23 07:59:22 +01:00
Petr Viktorin
8de13bd7dd Use the print function
In Python 3, `print` is no longer a statement. Call it as a function
everywhere, and include the future import to remove the statement
in Python 2 code as well.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-09-01 11:42:01 +02:00
Jan Cholasta
2d1515323a plugable: Load plugins only from modules imported by API
Previously all plugin modules imported from anywhere were added to the API.

https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
fe2accf776 ipalib: Load ipaserver plugins when api.env.in_server is True
https://fedorahosted.org/freeipa/ticket/3090
https://fedorahosted.org/freeipa/ticket/5073

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
964e7e906a makeaci: Use LDAPClient instead of IPASimpleLDAPObject
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2015-04-16 06:58:31 +00:00
Petr Viktorin
afe067b1ab makeaci: Use the DN where the ACI is stored, not the permission's DN
Reviewed-By: Martin Basti <mbasti@redhat.com>
2014-07-07 14:42:52 +02:00
Petr Viktorin
b6258d08d6 Make sure member* attrs are always granted together in read permissions
Memberofindirect processing of an entry doesn't work if the user doesn't
have rights to any one of these attributes:
- member
- memberuser
- memberhost

Add all of these to any read permission that specifies any of them.

Add a check to makeaci that will enforce this for any future permissions.

Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-06-11 13:21:30 +02:00
Petr Viktorin
6acaf73b0c Add ACI.txt
The ACI.txt file is a list all managed permissions in ACI form.
Similarly to API.txt, it ensures that changes are not made lightly,
since modifications must be reflected in ACI.txt and committed to Git.

Add a script, makeaci, which parallels makeapi: it recreates or
validates ACI.txt.

Call makeaci --validate before the build, just after API.txt is validated.

Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-06-11 13:21:29 +02:00