New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Test external namesipatests: check that external names are resolvable by IPA namesever #38
Commits on Feb 12, 2021
-
cert plugin: propagate the error for non-existent cert
ipa cert-show, ipa cert-revoke and ipa cert-remove-hold do not print meaningful info when called on a non-existent cert id: Certificate operation cannot be completed: Unable to communicate with CMS Propagate the reason from the HTTP message in order to print 'Certificate ID 0x.. not found' Fixes: https://pagure.io/freeipa/issue/8704 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for ec6698f - Browse repository at this point
Copy the full SHA ec6698fView commit details -
xmlrpc tests: add a test for cert-remove-hold
Add tests for the ipa cert-remove-hold command. Scenario 1: add host entry, request cert, revoke cert with "hold" reason, remove hold Scenario 2: call ipa cert-move-hold with a non-existent cert ID and ensure that the exception mentions 'Certificate ID .. not found' Related: https://pagure.io/freeipa/issue/8704 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 4672d61 - Browse repository at this point
Copy the full SHA 4672d61View commit details -
WebUI: change FreeIPA naming to IPA in About dialog
As part of the effort for reducing differences between upstream and downstream releases, product naming in WebUI About dialog is changed from FreeIPA to IPA. Related: https://pagure.io/freeipa/issue/8669 Signed-off-by: Antonio Torres <antorres@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 9b8810c - Browse repository at this point
Copy the full SHA 9b8810cView commit details -
ipa-cacert-manage: add prune option
Add prune option to ipa-cacert-manage, allowing to remove all expired certificates from the certificate store. Related: https://pagure.io/freeipa/issue/7404 Signed-off-by: Antonio Torres <antorres@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 5d8cb1d - Browse repository at this point
Copy the full SHA 5d8cb1dView commit details -
ipatests: add test for ipa-cacert-manage prune
Add test for prune option of ipa-cacert-manage. After a certificate is installed, a jump in time is performed to a date where the certificate is expired, and then it is pruned. Related: https://pagure.io/freeipa/issue/7404 Signed-off-by: Antonio Torres <antorres@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 8a2e6ec - Browse repository at this point
Copy the full SHA 8a2e6ecView commit details
Commits on Feb 15, 2021
-
Azure: Populate containers with self-AAAA records
IPA server's AAAA records at embedded DNS mode depend on result of `get_server_ip_address` function(`ipaserver.install.installutils`), which in turn, relies on NSS. In case of Azure Pipelines, there are neither IPv6 records in '/etc/hosts' nor external DNS, which may provide such. This leads to the missing AAAA records for master and missing AAAA records for `ipa-ca` pointing to master in embedded DNS. In particular, tests `test_ipa_healthcheck_no_errors`, `test_ipa_dns_systemrecords_check` fail with: ``` [ { "source": "ipahealthcheck.ipa.idns", "check": "IPADNSSystemRecordsCheck", "result": "WARNING", "uuid": "b979a88a-6373-4990-bc83-ce724e9730b4", "when": "20210120055054Z", "duration": "0.032740", "kw": { "msg": "Got {count} ipa-ca AAAA records, expected {expected}", "count": 1, "expected": 2 } } ] ``` where `ipa-ca` record exists only for replica. Note: since the most of the code in setup_containers was touched it has been reformatted. Fixes: https://pagure.io/freeipa/issue/8683 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 3e33e54 - Browse repository at this point
Copy the full SHA 3e33e54View commit details -
ipatests: Handle AAAA records in test_ipa_dns_systemrecords_check
This test assumes that the current environment has only IPv4, but for example, Azure Pipelines provides both IPv4 and IPv6. Fixes: https://pagure.io/freeipa/issue/8683 Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 596bb32 - Browse repository at this point
Copy the full SHA 596bb32View commit details -
rpm-spec: Require crypto-policies-scripts
`update-crypto-policies` tool from RPM package `crypto-policies-scripts` is required for tests. Signed-off-by: Stanislav Levin <slev@altlinux.org> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 778ef95 - Browse repository at this point
Copy the full SHA 778ef95View commit details -
Set the ACME baseURL in order to pin a client to a single IPA server
ACME uses nonce values to prevent replay attacks. Since the ipa-ca name can go to any of the IPA servers in order to verify the nonce the servers need to know the value that was set which relies on replication. Sometimes the client is faster than replication so a request can fail. This change returns the baseURL to the client as the name of the ACME server during discovery which should pin all requests to this one IPA server and alleviate the replication issue. Signed-off-by: Rob Crittenden <rcritten@redhat.com> https://pagure.io/freeipa/issue/8712 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for d2d487b - Browse repository at this point
Copy the full SHA d2d487bView commit details -
Add versions to the ACME config templates and update on upgrade
Put the ACME config files under normal IPA versioning so we can more seamlessly do updates to them. Signed-off-by: Rob Crittenden <rcritten@redhat.com> https://pagure.io/freeipa/issue/8712 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for b1e72cb - Browse repository at this point
Copy the full SHA b1e72cbView commit details -
Add some logging around initial ACME deployment
From the upgrade log it was not possible to see the current state of ACME which makes troubleshooting difficult. Signed-off-by: Rob Crittenden <rcritten@redhat.com> Related: https://pagure.io/freeipa/issue/8712 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 3d2d067 - Browse repository at this point
Copy the full SHA 3d2d067View commit details -
sudocmd: ensure command doesn't contain trailing dot before adding it
Trailing dots aren't permitted in sudo commands, as enforced explicitly in `get_dn`. Performing this check before adding the command prevents the user from entering invalid commands, which would otherwise trigger errors when accessing them afterwards. RN: ipa sudocmd-* commands now validate SUDO command name to not end with a dot. RN: Previously a trailing dot was stripped away in when addressing a SUDO command's LDAP object. RN: As a result, a SUDO command was created but it was not possible to refer to it in other IPA commands. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1925410 Signed-off-by: Antonio Torres <antorres@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for d6c5a92 - Browse repository at this point
Copy the full SHA d6c5a92View commit details -
ipatests: test addition of invalid sudo command
Check that sudocmd-add fails when trying to add a command containing a trailing dot. Signed-off-by: Antonio Torres <antorres@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 8913583 - Browse repository at this point
Copy the full SHA 8913583View commit details -
ipatests: Update PR-CI templates
Update "previous" and "latest" templates with updated dependencies. Signed-off-by: Armando Neto <abiagion@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 7d691f0 - Browse repository at this point
Copy the full SHA 7d691f0View commit details -
man: fix ipa-client-samba.1 typos
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 84f52ea - Browse repository at this point
Copy the full SHA 84f52eaView commit details -
ipatests: update expected error message
With commit ec6698f , the error message has changed from Unable to communicate with CMS (503) to Request failed with status 503: Non-2xx response from CA REST API: 503. (503) Related: https://pagure.io/freeipa/issue/8704 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 137b39c - Browse repository at this point
Copy the full SHA 137b39cView commit details -
Remove the option stop_certmonger from stop_tracking_*
This option was inconsistent between invocations and there is no need to stop certmonger after stopping tracking. It was also apparently causing dbus timeout errors, probably due to the amount of work that certmonger does at startup. https://pagure.io/freeipa/issue/8506 https://pagure.io/freeipa/issue/8533 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 71047f6 - Browse repository at this point
Copy the full SHA 71047f6View commit details -
po: update translations template
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for f2f8d46 - Browse repository at this point
Copy the full SHA f2f8d46View commit details
Commits on Feb 16, 2021
-
ipatests: check that external names are resolvable by IPA namesever
Related to https://pagure.io/freeipa/issue/8710
Configuration menu - View commit details
-
Copy full SHA for 6a836cc - Browse repository at this point
Copy the full SHA 6a836ccView commit details -
Configuration menu - View commit details
-
Copy full SHA for d41e0eb - Browse repository at this point
Copy the full SHA d41e0ebView commit details