Commit Graph

14961 Commits

Author SHA1 Message Date
Sergey Orlov
bcb8d4d4a6 ipatests: temporary disable execution of test_nfs.py::TestNFS in nightly runs
During test run on Fedora 34 and 35 sssd produces multi-gigabyte log file
which causes test runners to run out of disk space.

Related to https://pagure.io/freeipa/issue/8877

Reviewed-By: Francois Cami <fcami@redhat.com>
2021-06-08 15:10:08 -04:00
Florence Blanc-Renaud
6f49cc0656 ipatests: delete the replica before uninstallation
The test
test_installation.py::TestInstallWithCA1::test_install_with_bad_ldap_conf
is uninstalling a replica by calling ipa-server-install --uninstall
directly, instead of deleting the replica first.

Use tasks.uninstall_replica instead of tasks.uninstall_master
to perform a proper uninstallation.

Fixes: https://pagure.io/freeipa/issue/8876
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-06-08 08:36:09 +02:00
Florence Blanc-Renaud
5c83ec06fa ipatests: set selinux context for fips mode
In order to test FIPS mode, the test is faking a user-space
FIPS environment by creating a file /var/tmp/userspace-fips
and bind-mounting this file as /proc/sys/crypto/fips_enabled

The security context needs to be properly set otherwise
/proc/sys/crypto/fips_enabled inherits the security context
unconfined_u:object_r:user_tmp_t:s0 and cannot be read,
resulting in the test seeing fips_mode=false.

Fixes: https://pagure.io/freeipa/issue/8868
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-06-07 16:33:15 -04:00
Armando Neto
584952babf workshop: Update docs and support default cloud image
Update instructions on how to build images starting with Fedora 34 using
kickstart files used by Fedora to build its cloud images.

Change vagrant provisioning steps to support both prebuilt and default
cloud images, removing the burden of maintaining boxes up-to-date, but
also providing a way to build fresh images without external packer
templates.

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-06-07 10:49:57 +02:00
Alexander Bokovoy
33327b2e21 get_credentials: return ValueError for missing creds
Related: https://pagure.io/freeipa/issue/8873

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 15:38:08 +03:00
Alexander Bokovoy
be929b7470 po/zh_CN.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:48 +03:00
Alexander Bokovoy
943e93b0b1 po/uk.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:48 +03:00
Alexander Bokovoy
ab33f80c25 po/tr.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:48 +03:00
Alexander Bokovoy
44d1396233 po/tg.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:48 +03:00
Alexander Bokovoy
fbccd931cf po/sk.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:48 +03:00
Alexander Bokovoy
c0b0b390be po/ru.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:48 +03:00
Alexander Bokovoy
ed69ee14ff po/pt_BR.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:48 +03:00
Alexander Bokovoy
d9803f27d4 po/pt.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:48 +03:00
Alexander Bokovoy
b78368b466 po/pl.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:48 +03:00
Alexander Bokovoy
6f1c7cbfa0 po/pa.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:48 +03:00
Alexander Bokovoy
0b94425e69 po/nl.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:48 +03:00
Alexander Bokovoy
7db1704727 po/mr.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:48 +03:00
Alexander Bokovoy
d2b50e527b po/kn.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:48 +03:00
Alexander Bokovoy
526bad7778 po/ja.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:48 +03:00
Alexander Bokovoy
2b543bb0d1 po/ipa.pot: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:47 +03:00
Alexander Bokovoy
f2f08f66d2 po/id.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:47 +03:00
Alexander Bokovoy
1de9cb502e po/hu.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:47 +03:00
Alexander Bokovoy
371d5f67f1 po/hi.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:47 +03:00
Alexander Bokovoy
cbf7bf6312 po/fr.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:47 +03:00
Alexander Bokovoy
ab624d2972 po/fi.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:47 +03:00
Alexander Bokovoy
9c7d02016c po/eu.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:47 +03:00
Alexander Bokovoy
7edcf72ead po/es.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:47 +03:00
Alexander Bokovoy
5ac08a229e po/en_GB.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:47 +03:00
Alexander Bokovoy
8c388aea25 po/de.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:47 +03:00
Alexander Bokovoy
f637189b54 po/cs.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:47 +03:00
Alexander Bokovoy
6ee9f47f6e po/ca.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:47 +03:00
Alexander Bokovoy
71bf78dd16 po/bn_IN.po: Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:29:47 +03:00
Alexander Bokovoy
26fc0bcadd Depend on system-logos-ipa on RHEL/CentOS Stream
Fedora ELN represents itself as a RHEL but it does not have
redhat-logos-ipa package. CentOS Stream does not have redhat-logos-ipa
but has centos-logos-ipa package. Both RHEL and CentOS Stream provide
system-logos-ipa so we can depend on it instead.

This allows to make IPA packages installable on CentOS Stream and on
Fedora ELN.

Fixes: https://pagure.io/freeipa/issue/8874

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 12:11:35 +03:00
Alexander Bokovoy
bef78d16e7 Contributors: add new contributors to the list
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 09:12:54 +03:00
Armando Neto
ba5b9c565d ipatests: Bump PR-CI boxes
Update Fedora 34 and 33 boxes to include new packages

Signed-off-by: Armando Neto <abiagion@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
2021-06-04 08:51:01 +03:00
Rob Crittenden
51fb9d61bb Catch ValueError when trying to retrieve existing credentials
get_credentials() was changed to raise ValueError instead of
gssapi.exceptions.GSSError as part of the sweeper to clean up
expired credentials caches.

For WebUI users, this will prevent a 500 error if their
associated credentials cache is expired or missing.

https://pagure.io/freeipa/issue/8873

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-04 08:49:53 +03:00
Serhii Tsymbaliuk
d8b8f54bce WebUI tests: Add test for 'ipaautoprivategroups' field on 'ID Ranges' page
Add test_range_auto_private_groups test case to test_trust WebUI test suite to cover the field.

Ticket: https://pagure.io/freeipa/issue/8837

Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2021-06-03 14:55:56 +02:00
Serhii Tsymbaliuk
6395d23947 WebUI: Add support of 'ipaautoprivategroups' LDAP attribute on 'ID Ranges' page
Add 'Auto private groups' field on 'Add ID range' form with the following options: true, false, hybrid.
The field is optional and can be omitted.
Its value can be also modified on 'Range Settings' page after the range is added.

Ticket: https://pagure.io/freeipa/issue/8837

Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Armando Neto <abiagion@redhat.com>
2021-06-03 14:55:56 +02:00
Alexander Bokovoy
208b9b4c7c service: enforce keytab user when retrieving the keytab
HTTP service uses different user for keytab ownership than the service
user. On Fedora this leads to http.keytab being owned by 'apache' user
after IPA deployment while it should be owned by 'root' to allow
GSSPROXY configuration to work correctly.

The situation is fixed during upgrade (ipa-server-upgrade) but it means
for new deployments there might be a period of unexplained Web UI
authentication failures.

Fixes: https://pagure.io/freeipa/issue/8872

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2021-06-03 13:34:13 +03:00
Stanislav Levin
c82ed2eb33 ipatests: Fetch sudo rules without time offset
As of 2.5.0 SSSD introduces a random timeout for the refresh
of the SUDO rules [0]. With that change it's no longer possible
to immediate fetch of SUDO rules unless the feature is disabled
[1].

[0]: https://github.com/SSSD/sssd/issues/5609
[1]: https://github.com/SSSD/sssd/issues/5635

Related: https://pagure.io/freeipa/issue/8844
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-03 09:21:45 +03:00
Alexander Bokovoy
6b21c91896 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
3064933295 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
5453399888 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
4d2bca847e Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
54b9d2d376 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
aa5d520841 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
3f760c2fea Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
b77859f5ac Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
e8128e2db7 Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00
Alexander Bokovoy
addd5e80ba Update translations to FreeIPA master state
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2021-06-02 11:30:28 +03:00