This is an initial implementation of certificate management for
services. It addresses the mechanism required to view and update
certificates. The complete UI implementation will be addressed in
subsequent patches.
On the server side, the service.py has been modified to define
usercertificate in the service object's takes_params. This is
needed to generate the proper JSON metadata which is needed by
the UI. It also has been modified to accept null certificate for
deletion.
On the client side, the service details page has been modified to
display the base64-encoded certificate in a text area. When the
page is saved, the action handler will store the base64-encoded
certificate in the proper JSON structure. Also the service name
and service hostname are now displayed in separate fields.
The details configuration has been modified to support displaying
and updating certificates. The structure is changed to use maps
to define sections and fields. A section contains name, label,
and an array of fields. A field contains name, label, setup
function, load function, and save function. This is used to
implement custom interface and behavior for certificates.
All other entities, test cases, and test data have been updated
accordingly. Some functions and variables have been renamed to
improve clarity and consistency.
Population of the policy and entites tabs.
DNS and ACI are broken due to PLugin issues
Fix for entities without search
Added new files to Makefile.am
used rolegroup.js file as the start point, renamed to serverconfig.js
When we uninstall we wipe out the entire LDAP database, so it doesn't really
make mush sense to try to also remove single entries from it.
This avoids the --uninstall procedure to fail because the DM password is not
available or the LDAP server is down, and we are just trying to cleanup
everything.
The ipa_error_handler() has been modified to display the AJAX URL
that is having a problem. The ipa_cmd() error handler is now invoked
using call() to pass 'this' object which contains the URL.
Helps when you need to add random snippets of config that really do not deserve
a full atttribute, but are still something you want to put in LDAP and have
replicated.
1) Added new attribute memberDenyCommand
2) Renamed memberCmd to memberAllowCmd
3) Changed the object class:
* removed type
* reflected the rename change
* added the new attribute
4) Renumbered the attributes (while we still can) for consistency.
The ipa_entity_set_association_definition() has been added to configure
the association between 2 entitites. By default the associator is
BulkAssociator and the method is add_member. The entities have been
updated to use the right configurations.
The ipa_cmd() has been modified to detect IPA errors and invoke the
error handler.
A bug in refresh_on_success() has been fixed as well.
ipa_entity_quick_links() has been added to generate quick links
automatically from object's attribute_members, the same logic used
for generating facet list. The search definition for each entity
has been updated to use the new function. A unit test has been
added for this function.
The navigation.js has been modified to make it more abstract, i.e.
unaware of entity facets. The nav_update_tabs() has been modified
such that it activates and updates the tabs based on the current
state stored in the URL.
The facets are now handled in entity.js. The ipa_entity_setup() has
been modified to update the facets based on the current state and
cached state.
The navigation.js also has been modified to be more class-like. The
nav_create() has been modified to store the tab configuration and
the tab container in internal variables nav_tabs_lists and
nav_container. The nav_update_tabs() now can be called without any
parameters.
Functions nav_push_state(), nav_get_state(), and nav_remove_state()
have been added to wrap BBQ API. This is to allow unit tests to
replace them with mockup functions to remove dependency on BBQ.
Some errors (e.g. server down) are reported as AJAX success with
empty data. The ipa_cmd() has been modified so that it will detect
such errors and invoke the error handler.
The ipa_cmd() has been modified such that when an error occurs a
dialog box will appear showing the error message with 2 buttons:
Retry and Cancel. If Retry is clicked, it will attempt to execute
the same operation again. If Cancel is clicked, the operation will
be canceled and the control is returned to the caller.
New unit tests have been added to test ipa_cmd() on successfull
and unsuccessfull cases.
The associate.js, details.js, entity.js, search.js, and webui.js
have been modified to display the error message inside the page.
This behavior can be changed in the future (e.g. redirect to error
page).
The navigation.js and webui.js have been modified to render only
the visible tabs. This improves the performance and reduce hidden
errors. The navigation unit test has been modified to reflect this
behavior.
Some variables/functions also have been renamed for consistency.
Convert the tab lists to arrays of objects with four potential fields:
tab[0] -> tab.name
tab[1] -> tab.label
tab[2] -> tab.setup or tab.children
Added unit tests for nav_setup and nav_select_tab
jQuery tabs by default will display the first tab, so reloading a page
or opening a page from bookmark may not show the active tab correctly.
The nav_select_tabs() has been added to get the list of active tabs from
the hash values in the URL and then activate the appropriate tabs. It
will be called during page initialization and whenever the hash values
change.
The navigation.js and webui.js has been cleaned up to better utilize
jQuery API. jQuery selectors are used to create DOM objects that can
be used by subsequent codes. Tab selection handler is now added to the
tabs object instead of anchors. The change event no longer needs to be
triggered manually.
THe Add button was located using the DOm, and the scheme used to find it was fragile enough to be broken by the I18N approach. This is a little more robust, using a JQuery selector based on the class of the controls, and the entity name.
Also remove Makefile, which should be autogenerated
New test cases have been added to test SerialAssociator and
BulkAssociator using mockup objects. Also fixed a bug in BulkAssociator.
Moved switch_view() out of ipa_entity_generate_views() in entity.js
to allow unit testing using mockup objects. Updated the test case
to validate click event on facets.
Performing I18N completely on the server, to leverage the
existing gettext architecture.
Also, the browser does not have access to the Language header.
Added the additional po files for a set of required languages
conflict with install/static/ipa.js was resolved.
Note that the addition of the .po files in this patch is necessary.
In order to get Transifex support, we need to update the LINGUAS
file with the languages for which we want support. If we don't
add the .po files in, they get automatically generated by the rpmbuild
process. Our implementation of gettext has a bug in it (It might
be F13 thing) where the the Plurals line is not getting correctly
transformed, which causes a build failure. However, since the
RPM would have the .po files anyway, we should revision control
the ones we have, even if they are empty.
Fixed the Bug reporting url to the original value.
Corrected the Chartype encoding for UK
The 'logged in as' message in the header into an active hypoerlink that loads the details page for the current user.
Also fixed a bug where, when reloading, the search page would fail due to scl being undefined.
Fixed a typo
replaced {'user-facet':'details', 'pkey':whoami_pkey},2);
with {'user-facet':'details', 'user-pkey':whoami_pkey},2);
Test framework for Web UI has been created using qUnit. The test files
are located in install/static/test. The main page is index.html which
contains links to all test suites (xxx_tests.html). The test cases are
stored in xxx_tests.js. All test suites can be executed at once using
all_tests.html. The test data is stored in data folder. This patch
includes test suites for ipa.js and entity.js.
Some variables and functions in ipa.js have been modified to accomodate
testing (e.g. JSON URL, error handler, synchronous operation). The
sampledata has been moved to test/data. The develop.js and webui.js also
have been modified accordingly.
This was meant to catch the case where the client wasn't configured and
it missed the most obvious one: the client was installed and is now
uninstalled.
The enroll facet has been converted into a dialog box. This dialog
box will appear when the user clicks the enroll button above the
association list. When the user clicks the enroll button in the
dialog box, the new associations will be created, then the list will
be refreshed to show the changes.
The SerialAssociator and BulkAssociator have been modified to accept
an on_success function which will be called when the whole operation
is completed successfully. This is used to refresh the list and close
the dialog box appropriately.
Some other changes were also made to improve code clarity.
Selects the site map based on the presence or absense of rolegroups for
the current user. If the user has no rolegroups, UI defaults to the Details page for that user.
Corrected to leave two levels of tabs
The Makefile.am and index.xhtml has been modified to include
rolegroup.js. The webui.js has been modified to register the
rolegroup tab.
The rolegroup.js defines the rolegroup's search, add, and details
pages. Sample data for some rolegroup operations have been added.
Unenrollment means that the host keytab is disabled on the server making
it possible to re-install on the client. This host principal is how we
distinguish an enrolled vs an unenrolled client machine on the server.
I added a --unroll option to ipa-join that binds using the host credentials
and disables its own keytab.
I fixed a couple of other unrelated problems in ipa-join at the same time.
I also documented all the possible return values of ipa-getkeytab and
ipa-join. There is so much overlap because ipa-join calls ipa-getkeytab
and it returns whatever value ipa-getkeytab returned on failure.
ticket 242
