ipa-replica-install --kra-install can fail when the topology already has
a KRA, but replica is installed from a master with just CA. In that
case, Custodia may pick a machine that doesn't have the KRA auditing and
signing certs in its NSSDB.
Example:
* master with CA
* replica1 with CA and KRA
* new replica gets installed from master
The replica installer now always picks a KRA peer.
The change fixes test scenario TestInstallWithCA1::()::test_replica2_ipa_dns_install
Fixes: https://pagure.io/freeipa/issue/7518
See: https://pagure.io/freeipa/issue/7008
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
The pytest multihost plugin skips tests, when there is a problem with a
test configuration. Configuration bugs like missing resources are not
considered a problem.
The IPA pytest multihost config object now turns FilterError into a
fatal error, so make_multihost_fixture() fails a test instead of
skipping.
Fixes: https://pagure.io/freeipa/issue/7638
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
This module is used to get translated messages via JSON
request in a synchronous manner. To ensure translatability
i18n messages should be initialized before any other JS code
interacted with user is run.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
For now JSON service is not available without authentication
to IPA. But some of Web UI pages expect translations before
or without Login process. This endpoint serves i18n requests
only.
Fixes: https://pagure.io/freeipa/issue/7559
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
- Handle name / alt name for Fedora and RHEL. On Fedora, the packages
are named "freeipa-*" with alternative names "ipa-*". On RHEL it is
the other way around.
- Don't build ipatests on RHEL.
- Use latest versions of KRB5 on RHEL
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
It's no longer necessary to specify "with_python3" to get Python 3
dependencies.
python3-tox pulls in Python 2.6, 3.3, 3.4, 3.5, and pypy as weak
dependency. Use --setopt=install_weak_deps=False to make a build
environment leaner.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
%{python_sitelib} has been deprecated in favor of %{python2_sitelib}.
F29 rawhide no longer defines %{python_sitelib}.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Globally disabling the following violations:
- `assignment-from-no-return` (E1111):
Assigning to function call which doesn't return. Used when an
assignment is done on a function call but the inferred function
doesn't return anything.
- `keyword-arg-before-vararg` (W1113):
Keyword argument before variable positional arguments list in the
definition of %s function When defining a keyword argument before
variable positional arguments, one can end up in having multiple
values passed for the aforementioned parameter in case the method is
called with keyword arguments.
Locally disabling the following:
- `subprocess-popen-preexec-fn` (W1509):
Using preexec_fn keyword which may be unsafe in the presence of
threads The preexec_fn parameter is not safe to use in the presence
of threads in your application. The child process could deadlock
before exec is called. If you must use it, keep it trivial! Minimize
the number of libraries you call into.
https://docs.python.org/3/library/subprocess.html#popen-constructor
Fixed violations:
- `bad-mcs-classmethod-argument` (C0204):
Metaclass class method %s should have %s as first argument Used when
a metaclass class method has a first argument named differently than
the value specified in valid-metaclass-classmethod-first-arg option
(default to "mcs"), recommended to easily differentiate them from
regular instance methods.
- Note: Actually `cls` is the default first arg for `__new__`.
- `consider-using-get` (R1715):
Consider using dict.get for getting values from a dict if a key is
present or a default if not Using the builtin dict.get for getting a
value from a dictionary if a key is present or a default if not, is
simpler and considered more idiomatic, although sometimes a bit slower
Issue: https://pagure.io/freeipa/issue/7614
Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Some Python 2 dependencies such as python2-pki are no longer available
on Fedora 29. The pki package is a required dependency of
python2-ipaserver. It's not yet feasible to remove all Python 2
packages, since fleetcommander is not fully ported to Python 3 yet.
On Fedora 29, python2-ipaserver and python2-ipatests are no longer
built. The Python 3 packages replace the Python 2 packages.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
