Skip to content
Commits on Source (843)
743 additional commits have been omitted to prevent performance issues.
Show whitespace changes
Inline Side-by-side
.freeipa-pr-ci.yaml
View file @ 71b402b5
......@@ -13,7 +13,7 @@ topologies:
memory: 6700
jobs:
fedora-27/build:
fedora-28/build:
requires: []
priority: 100
job:
......@@ -21,44 +21,224 @@ jobs:
args:
git_repo: '{git_repo}'
git_refspec: '{git_refspec}'
template: &ci-master-f27
name: freeipa/ci-master-f27
version: 1.0.2
template: &ci-master-f28
name: freeipa/ci-master-f28
version: 0.1.5
timeout: 1800
topology: *build
fedora-27/simple_replication:
requires: [fedora-27/build]
fedora-28/simple_replication:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_simple_replication.py
template: *ci-master-f27
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-27/caless:
requires: [fedora-27/build]
fedora-28/caless:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_caless.py::TestServerReplicaCALessToCAFull
template: *ci-master-f27
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-27/external_ca:
requires: [fedora-27/build]
fedora-28/external_ca_1:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-27/build_url}'
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_external_ca.py::TestExternalCA
template: *ci-master-f27
template: *ci-master-f28
timeout: 3600
topology: *master_1repl_1client
fedora-28/external_ca_2:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_external_ca.py::TestSelfExternalSelf test_integration/test_external_ca.py::TestExternalCAInstall
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-28/test_topologies:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_topologies.py
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-28/test_sudo:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_sudo.py
template: *ci-master-f28
timeout: 3600
topology: *master_1repl_1client
fedora-28/test_commands:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_commands.py
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-28/test_kerberos_flags:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_kerberos_flags.py
template: *ci-master-f28
timeout: 3600
topology: *master_1repl_1client
fedora-28/test_http_kdc_proxy:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_http_kdc_proxy.py
template: *ci-master-f28
timeout: 3600
topology: *master_1repl_1client
fedora-28/test_forced_client_enrolment:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_forced_client_reenrollment.py
template: *ci-master-f28
timeout: 3600
topology: *master_1repl_1client
fedora-28/test_advise:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_advise.py
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-28/test_testconfig:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_testconfig.py
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-28/test_service_permissions:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_service_permissions.py
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-28/test_netgroup:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_netgroup.py
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-28/test_vault:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_vault.py
template: *ci-master-f28
timeout: 4500
topology: *master_1repl
fedora-28/test_authconfig:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_authselect.py
template: *ci-master-f28
timeout: 3600
topology: *master_1repl_1client
fedora-28/replica_promotion:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_replica_promotion.py::TestSubCAkeyReplication
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
fedora-28/dnssec:
requires: [fedora-28/build]
priority: 50
job:
class: RunPytest
args:
build_url: '{fedora-28/build_url}'
test_suite: test_integration/test_dnssec.py::TestInstallDNSSECFirst
template: *ci-master-f28
timeout: 3600
topology: *master_1repl
.gitignore
View file @ 71b402b5
......@@ -96,6 +96,12 @@ freeipa2-dev-doc
/init/tmpfilesd/ipa.conf
!/install/ui/doc/Makefile.in
/install/ui/node_modules/
/install/ui/package-lock.json
# package-lock file can be commited, but it makes sense for npm packages.
# It stores informations about changes in node_modules. For now it is not
# very useful
# More info: https://docs.npmjs.com/files/package-lock.json
/install/ui/release
/install/ui/css/ipa.css
/install/ui/src/dojo
......
.test_runner_config.yaml
View file @ 71b402b5
......@@ -28,7 +28,7 @@ steps:
builddep:
- rm -rf /var/cache/dnf/*
- "dnf makecache || :"
- dnf builddep -y ${builddep_opts} -D "with_wheels 1" --spec freeipa.spec.in --best --allowerasing
- dnf builddep -y ${builddep_opts} -D "with_wheels 1" --spec freeipa.spec.in --best --allowerasing --setopt=install_weak_deps=False
- dnf install -y gdb
cleanup:
- chown -R ${uid}:${gid} ${container_working_dir}
......@@ -43,9 +43,11 @@ steps:
systemd_journal.log
`find daemons -name '*.log' -print`
- chown ${uid}:${gid} ${container_working_dir}/var_log.tar
- ls -laZ /etc/dirsrv/slapd-*/ /etc/httpd/alias/ /etc/pki/pki-tomcat/alias/ || true
configure:
- ./autogen.sh
install_packages:
- sed -i 's/%_install_langs \(.*\)/\0:fr/g' /etc/rpm/macros.image-language-conf
- dnf install -y ${container_working_dir}/dist/rpms/*.rpm --best --allowerasing
install_server:
- ipa-server-install -U --domain ${server_domain} --realm ${server_realm} -p ${server_password}
......@@ -55,6 +57,11 @@ steps:
lint:
- make PYTHON=/usr/bin/python2 V=0 lint
- make PYTHON=/usr/bin/python3 V=0 pylint
webui_unit:
- dnf install -y npm
- cd ${container_working_dir}/install/ui/js/libs && make
- cd ${container_working_dir}/install/ui && npm install
- cd ${container_working_dir}/install/ui && node_modules/grunt/bin/grunt --verbose test
tox:
# just run one pylint and one Python 3 target (time/coverage trade-off)
- tox -e py27,py36,pypi,pylint3
......@@ -69,6 +76,8 @@ steps:
- ipa-run-tests ${tests_ignore} -k-test_dns_soa ${tests_verbose} ${path}
- '! grep -n -C5 BytesWarning /var/log/httpd/error_log'
- ipa-server-install --uninstall -U
# second uninstall to verify that --uninstall without installation works
- ipa-server-install --uninstall -U
tests:
ignore:
- test_integration
......
.test_runner_config_py3_temp.yaml
View file @ 71b402b5
......@@ -30,7 +30,7 @@ steps:
builddep:
- rm -rf /var/cache/dnf/*
- "dnf makecache || :"
- dnf builddep -y ${builddep_opts} --spec freeipa.spec.in --best --allowerasing
- dnf builddep -y ${builddep_opts} --spec freeipa.spec.in --best --allowerasing --setopt=install_weak_deps=False
- dnf install -y gdb
cleanup:
- chown -R ${uid}:${gid} ${container_working_dir}
......@@ -47,6 +47,7 @@ steps:
configure:
- ./autogen.sh
install_packages:
- sed -i 's/%_install_langs \(.*\)/\0:fr/g' /etc/rpm/macros.image-language-conf
- dnf install -y ${container_working_dir}/dist/rpms/*.rpm --best --allowerasing
- dnf install -y python3-mod_wsgi --best --allowerasing # Py3 temporary
install_server:
......
.travis.yml
View file @ 71b402b5
......@@ -22,6 +22,8 @@ env:
matrix:
- TASK_TO_RUN="lint"
TEST_RUNNER_CONFIG=".test_runner_config.yaml"
- TASK_TO_RUN="webui-unit"
TEST_RUNNER_CONFIG=".test_runner_config.yaml"
- TASK_TO_RUN="run-tests"
PYTHON=/usr/bin/python2
TEST_RUNNER_CONFIG=".test_runner_config.yaml"
......@@ -66,7 +68,7 @@ install:
- pip3 install pycodestyle
- >
pip3 install
git+https://github.com/freeipa/ipa-docker-test-runner@release-0-2-2
git+https://github.com/freeipa/ipa-docker-test-runner@release-0-3-1
script:
- mkdir -p $CI_RUNNER_LOGS_DIR
......
.travis_run_task.sh
View file @ 71b402b5
......@@ -38,7 +38,8 @@ if [[ "$TASK_TO_RUN" == "lint" ]]
then
if [[ "$TRAVIS_EVENT_TYPE" == "pull_request" ]]
then
git diff origin/$TRAVIS_BRANCH -U0 | pycodestyle --diff &> $PEP8_ERROR_LOG ||:
git diff origin/$TRAVIS_BRANCH -U0 | \
pycodestyle --ignore=W504 --diff &> $PEP8_ERROR_LOG ||:
fi
fi
......
.wheelconstraints.in
View file @ 71b402b5
......@@ -9,5 +9,5 @@ ipapython == @VERSION@
ipaserver == @VERSION@
ipatests == @VERSION@
# we include some checks available only in pylint-1.7 and on
pylint >= 1.7
# upstream pylint 1.7.5 fixed bad python3 import of stat module
pylint >= 1.7.5
ACI.txt
View file @ 71b402b5
......@@ -361,7 +361,7 @@ aci: (targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(obje
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "ipasshpubkey")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Manage User SSH Public Keys";allow (write) groupdn = "ldap:///cn=System: Manage User SSH Public Keys,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "businesscategory || carlicense || cn || departmentnumber || description || displayname || employeenumber || employeetype || facsimiletelephonenumber || gecos || givenname || homephone || inetuserhttpurl || initials || l || labeleduri || loginshell || mail || manager || mepmanagedentry || mobile || objectclass || ou || pager || postalcode || preferredlanguage || roomnumber || secretary || seealso || sn || st || street || telephonenumber || title || userclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify Users";allow (write) groupdn = "ldap:///cn=System: Modify Users,cn=permissions,cn=pbac,dc=ipa,dc=example";)
aci: (targetattr = "businesscategory || carlicense || cn || departmentnumber || description || displayname || employeenumber || employeetype || facsimiletelephonenumber || gecos || givenname || homedirectory || homephone || inetuserhttpurl || initials || l || labeleduri || loginshell || mail || manager || mepmanagedentry || mobile || objectclass || ou || pager || postalcode || preferredlanguage || roomnumber || secretary || seealso || sn || st || street || telephonenumber || title || userclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify Users";allow (write) groupdn = "ldap:///cn=System: Modify Users,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=example
aci: (targetattr = "*")(target = "ldap:///cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read UPG Definition";allow (compare,read,search) groupdn = "ldap:///cn=System: Read UPG Definition,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
......
API.txt
View file @ 71b402b5
......@@ -1944,13 +1944,14 @@ output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: group_add_member/1
args: 1,7,3
args: 1,8,3
arg: Str('cn', cli_name='group_name')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('group*', alwaysask=True, cli_name='groups')
option: Str('ipaexternalmember*', cli_name='external')
option: Flag('no_members', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('service*', alwaysask=True, cli_name='services')
option: Str('user*', alwaysask=True, cli_name='users')
option: Str('version?')
output: Output('completed', type=[<type 'int'>])
......@@ -1972,7 +1973,7 @@ output: Output('result', type=[<type 'bool'>])
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: group_find/1
args: 1,28,4
args: 1,30,4
arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('cn?', autofill=False, cli_name='group_name')
......@@ -1987,6 +1988,7 @@ option: Str('in_role*', cli_name='in_roles')
option: Str('in_sudorule*', cli_name='in_sudorules')
option: Str('no_group*', cli_name='no_groups')
option: Flag('no_members', autofill=True, default=True)
option: Principal('no_service*', cli_name='no_services')
option: Str('no_user*', cli_name='no_users')
option: Flag('nonposix', autofill=True, cli_name='nonposix', default=False)
option: Str('not_in_group*', cli_name='not_in_groups')
......@@ -1998,6 +2000,7 @@ option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('posix', autofill=True, cli_name='posix', default=False)
option: Flag('private', autofill=True, cli_name='private', default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Principal('service*', cli_name='services')
option: Int('sizelimit?', autofill=False)
option: Int('timelimit?', autofill=False)
option: Str('user*', cli_name='users')
......@@ -2026,13 +2029,14 @@ output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: group_remove_member/1
args: 1,7,3
args: 1,8,3
arg: Str('cn', cli_name='group_name')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('group*', alwaysask=True, cli_name='groups')
option: Str('ipaexternalmember*', cli_name='external')
option: Flag('no_members', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('service*', alwaysask=True, cli_name='services')
option: Str('user*', alwaysask=True, cli_name='users')
option: Str('version?')
output: Output('completed', type=[<type 'int'>])
......@@ -2973,7 +2977,7 @@ option: Int('ipabaserid?', cli_name='rid_base')
option: Int('ipaidrangesize', cli_name='range_size')
option: Str('ipanttrusteddomainname?', cli_name='dom_name')
option: Str('ipanttrusteddomainsid?', cli_name='dom_sid')
option: StrEnum('iparangetype?', cli_name='type', values=[u'ipa-ad-trust-posix', u'ipa-ad-trust', u'ipa-local'])
option: StrEnum('iparangetype?', cli_name='type', values=[u'ipa-ad-trust', u'ipa-ad-trust-posix', u'ipa-local'])
option: Int('ipasecondarybaserid?', cli_name='secondary_rid_base')
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('setattr*', cli_name='setattr')
......@@ -2998,7 +3002,7 @@ option: Int('ipabaseid?', autofill=False, cli_name='base_id')
option: Int('ipabaserid?', autofill=False, cli_name='rid_base')
option: Int('ipaidrangesize?', autofill=False, cli_name='range_size')
option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='dom_sid')
option: StrEnum('iparangetype?', autofill=False, cli_name='type', values=[u'ipa-ad-trust-posix', u'ipa-ad-trust', u'ipa-local'])
option: StrEnum('iparangetype?', autofill=False, cli_name='type', values=[u'ipa-ad-trust', u'ipa-ad-trust-posix', u'ipa-local'])
option: Int('ipasecondarybaserid?', autofill=False, cli_name='secondary_rid_base')
option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
......@@ -3255,7 +3259,7 @@ option: Str('groupignoreobjectclass*', autofill=True, cli_name='group_ignore_obj
option: Str('groupobjectclass+', autofill=True, cli_name='group_objectclass', default=[u'groupOfUniqueNames', u'groupOfNames'])
option: Flag('groupoverwritegid', autofill=True, cli_name='group_overwrite_gid', default=False)
option: StrEnum('schema?', autofill=True, cli_name='schema', default=u'RFC2307bis', values=[u'RFC2307bis', u'RFC2307'])
option: StrEnum('scope', autofill=True, cli_name='scope', default=u'onelevel', values=[u'base', u'subtree', u'onelevel'])
option: StrEnum('scope', autofill=True, cli_name='scope', default=u'onelevel', values=[u'base', u'onelevel', u'subtree'])
option: Bool('use_def_group?', autofill=True, cli_name='use_default_group', default=True)
option: DNParam('usercontainer', autofill=True, cli_name='user_container', default=ipapython.dn.DN('ou=people'))
option: Str('userignoreattribute*', autofill=True, cli_name='user_ignore_attribute', default=[])
......@@ -3958,7 +3962,7 @@ option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('description?', cli_name='desc')
option: Int('ipatokenradiusretries?', cli_name='retries')
option: Password('ipatokenradiussecret', cli_name='secret', confirm=True)
option: Str('ipatokenradiusserver+', cli_name='server')
option: Str('ipatokenradiusserver', cli_name='server')
option: Int('ipatokenradiustimeout?', cli_name='timeout')
option: Str('ipatokenusermapattribute?', cli_name='userattr')
option: Flag('raw', autofill=True, cli_name='raw', default=False)
......@@ -3983,7 +3987,7 @@ option: Str('cn?', autofill=False, cli_name='name')
option: Str('description?', autofill=False, cli_name='desc')
option: Int('ipatokenradiusretries?', autofill=False, cli_name='retries')
option: Password('ipatokenradiussecret?', autofill=False, cli_name='secret', confirm=True)
option: Str('ipatokenradiusserver*', autofill=False, cli_name='server')
option: Str('ipatokenradiusserver?', autofill=False, cli_name='server')
option: Int('ipatokenradiustimeout?', autofill=False, cli_name='timeout')
option: Str('ipatokenusermapattribute?', autofill=False, cli_name='userattr')
option: Flag('pkey_only?', autofill=True, default=False)
......@@ -4004,7 +4008,7 @@ option: Str('delattr*', cli_name='delattr')
option: Str('description?', autofill=False, cli_name='desc')
option: Int('ipatokenradiusretries?', autofill=False, cli_name='retries')
option: Password('ipatokenradiussecret?', autofill=False, cli_name='secret', confirm=True)
option: Str('ipatokenradiusserver*', autofill=False, cli_name='server')
option: Str('ipatokenradiusserver?', autofill=False, cli_name='server')
option: Int('ipatokenradiustimeout?', autofill=False, cli_name='timeout')
option: Str('ipatokenusermapattribute?', autofill=False, cli_name='userattr')
option: Flag('raw', autofill=True, cli_name='raw', default=False)
......@@ -4421,9 +4425,10 @@ output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: server_role_find/1
args: 1,8,4
args: 1,9,4
arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Flag('include_master', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('role_servrole?', autofill=False, cli_name='role')
option: Str('server_server?', autofill=False, cli_name='server')
......@@ -4457,7 +4462,7 @@ output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: service_add/1
args: 1,13,3
args: 1,14,3
arg: Principal('krbcanonicalname', cli_name='canonical_principal')
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
......@@ -4470,6 +4475,7 @@ option: Str('krbprincipalauthind*', cli_name='auth_ind')
option: Flag('no_members', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('setattr*', cli_name='setattr')
option: Flag('skip_host_check', autofill=True, default=False)
option: Certificate('usercertificate*', cli_name='certificate')
option: Str('version?')
output: Entry('result')
......@@ -5721,7 +5727,7 @@ option: Int('base_id?', cli_name='base_id')
option: Bool('bidirectional?', cli_name='two_way', default=False)
option: Bool('external?', cli_name='external', default=False)
option: Int('range_size?', cli_name='range_size')
option: StrEnum('range_type?', cli_name='range_type', values=[u'ipa-ad-trust-posix', u'ipa-ad-trust'])
option: StrEnum('range_type?', cli_name='range_type', values=[u'ipa-ad-trust', u'ipa-ad-trust-posix'])
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('realm_admin?', cli_name='admin')
option: Password('realm_passwd?', cli_name='password', confirm=False)
......
BUILD.txt
View file @ 71b402b5
......@@ -7,7 +7,7 @@ For more information, see http://www.freeipa.org/page/Build
The quickest way to get the dependencies needed for building is:
# dnf builddep -b -D "with_python3 1" -D "with_wheels 1" -D "with_lint 1" --spec freeipa.spec.in --best --allowerasing
# dnf builddep -b -D "with_wheels 1" -D "with_lint 1" --spec freeipa.spec.in --best --allowerasing --setopt=install_weak_deps=False
TIP: For building with latest dependencies for freeipa master enable copr repo:
......
CODE_OF_CONDUCT.md 0 → 100644
View file @ 71b402b5
# FreeIPA Code of Conduct
Our community is made up of a mixture of contributors from all over the world.
We are diverse in our background, expertise or opinions and it is our strength,
but diversity can also lead to communication issues and unhappiness. To that
end, we have a few ground rules that we ask people to adhere to when operating
in our space.
If you believe someone is violating the code of conduct, we ask that you report
it by emailing conduct@mg.freeipa.org.
This isn’t an exhaustive list of things that you can’t do. Rather, take it in
the spirit in which it’s intended - a guide to make it easier to be excellent to
each other:
### Be friendly and patient.
### Be welcoming.
We strive to be a community that welcomes and supports people of all backgrounds
and identities. This includes, but is not limited to members of any race,
ethnicity, culture, national origin, colour, immigration status, social and
economic class, educational level, sex, sexual orientation, gender identity and
expression, age, size, family status, political belief, religion, and mental and
physical ability.
### Be considerate.
Your work will be used by other people, and you in turn will depend on the work
of others. Any decision you take will affect users and colleagues, and you
should take those consequences into account when making decisions. Remember that
we're a world-wide community, so you might not be communicating in someone
else's primary language.
### Be respectful.
Not all of us will agree all the time, but disagreement is no excuse for poor
behavior and poor manners. We might all experience some frustration now and
then, but we cannot allow that frustration to turn into a personal attack. It’s
important to remember that a community where people feel uncomfortable or
threatened is not a productive one. Members of the community should be
respectful when dealing with other members as well as with people outside the
community. Success comes from the team and the ability of team members to work
together. Members have differents skills, talents and roles but each of them is
important to the team and the final success. Think of the team first.
### Be careful in the words that you choose.
We are a community of professionals, and we conduct ourselves professionally. Be
kind to others. Do not insult or put down other participants. Harassment and
other exclusionary behavior aren't acceptable. This includes, but is not limited
to:
* Violent threats or language directed against another person.
* Discriminatory jokes and language.
* Posting sexually explicit or violent material.
* Posting (or threatening to post) other people's personally identifying
information ("doxing").
* Personal insults, especially those using racist or sexist terms.
* Unwelcome sexual attention.
* Advocating for, or encouraging, any of the above behavior.
* Repeated harassment of others. In general, if someone asks you to stop,
then stop.
### When we disagree, try to understand why.
Disagreements, both social and technical, happen all the time and our community
is no exception. It is important that we resolve disagreements and differing
views constructively. Remember that we’re different. The strength of community
comes from its diversity, people from a wide range of backgrounds. Different
people have different perspectives on issues. Being unable to understand why
someone holds a viewpoint doesn’t mean that they’re wrong. Don’t forget that it
is human to err and blaming each other doesn’t get us anywhere. Give people the
benefit of the doubt, instead of blaming someone and pointing fingers. Speak
with them and try to understand what happened. Focus on helping to resolve
issues and learning from mistakes.
### Drive your emotions and create a safe place for others.
We aren’t robots, we are people with feelings. Feelings are a great
gift. Unfortunately that gift can betray us sometimes and let our common sense
to be driven by assumptions, expectations, anger, … To prevent and get away from
this situation is always better to start with facts, then mention the personal
story - your story - what are the concerns, objections, experience, and maybe
observations.
### Listen and hear, ask and don’t assume.
There is always something behind. If you are not sure, feel free to ask for more
information like “I don’t fully understand this…, could you help me to
understand that part please?”
* “So you are saying ..., is that right?”
* “I have different opinion here but I would like to know more about the
solution you’re proposing.”
* “I have concerns about this solution because of A, B, C risks. What could be
the prevention in your solution if we get into that situation?”
### You will never be wrong when saying “please” and “thank you”
## Scope
This Code of Conduct applies both within project spaces and in public spaces
when an individual is engaging with the project or its community. Examples of
engagement includes communication on IRC, bugtrackers, social media, and the
like, or official presence as a project representative at an online or offline
event. Representation of a project may be further defined and clarified by
project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team at conduct@mg.freeipa.org. All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project team is
obligated to maintain confidentiality with regard to the reporter of an
incident. Further details of specific enforcement policies may be posted
separately.
Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.
The idea behind the "enforcement" is not throwing it to each other publicly. If
the violation is not severe, it is expected that the people involved in the
situation could have a private and mature talk about the violation itself. Since
it may happen that people violate the Code of Conduct without realizing they are
violating it.
A strategy for such talk could be:
1. Call people up, instead of calling them out. (Shame rarely helps.)
2. Demonstrate good behavior.
3. Provide a positive intention.
4. Focus on the problem, not the person,
5. Point to guidelines or the impact, rather than individual.
Original text courtesy of the [Django project](djangoproject.com/conduct/).
"Scope" and "Enforcement" section courtesy of the [Contributor Covenant](https://www.contributor-covenant.org/).
A strategy for a talk about a violation is based on Rebecca Fernandez DevConf.cz 2018 talk: "Power of One".
Contributors.txt
View file @ 71b402b5
......@@ -29,6 +29,7 @@ Developers:
Nalin Dahyabhai
Rishabh Dave
Don Davis
Nikhil Dehadrai
John Dennis
Jason Gerard DeRose
Günther Deschner
......@@ -40,7 +41,6 @@ Developers:
Lewis Eason
Drew Erny
Oleg Fayans
felipe
Jérôme Fenal
Fabiano Fidêncio
Stephen Gallagher
......@@ -48,6 +48,7 @@ Developers:
James Groffen
Oliver Gutierrez
Ondřej Hamada
Robbie Harwood
Nick Hatch
Christian Heimes
Jakub Hrozek
......@@ -63,12 +64,15 @@ Developers:
Ana Krivokapić
Tomáš Křížek
Milan Kubík
Amit Kumar
Ian Kumlien
David Kupka
Robert Kuska
John L
Peter Lacko
Stanislav Laznicka
Ade Lee
Stanislav Levin
Ben Lipton
Karl MacMillan
Niranjan Mallapadi
......@@ -79,16 +83,23 @@ Developers:
Kevin McCarthy
Mark McLoughlin
Rich Megginson
Sudhir Menon
Jim Meyering
Adam Misnyovszki
Takeshi MIZUTA
Anuja More
John Morris
Niranjan MR
Brian J. Murrell
Varun Mylaraiah
Marko Myllynen
Martin Nagy
Armando Neto
David O'Brien
Dmitri Pal
Jan Pazdziora
W. Michael Petullo
Pavel Picka
Gowrishankar Rajaiyan
realsobek
Michal Reznik
......@@ -99,6 +110,7 @@ Developers:
Lenka Ryznarova
Thorsten Scherf
shanyin
Kaleemullah Siddiqui
Michael Simacek
Lars Sjostrom
Filip Skola
......@@ -107,6 +119,7 @@ Developers:
Simo Sorce
Petr Špaček
David Spångberg
Justin Stephenson
Diane Trout
Fraser Tweedale
Petr Viktorin
......
Makefile.am
View file @ 71b402b5
ACLOCAL_AMFLAGS = -I m4
if ENABLE_SERVER
SERVER_SUBDIRS = daemons init install ipaserver
IPASERVER_SUBDIRS = ipaserver
SERVER_SUBDIRS = daemons init install
endif
if WITH_IPATESTS
......@@ -9,9 +10,9 @@ if WITH_IPATESTS
endif
IPACLIENT_SUBDIRS = ipaclient ipalib ipaplatform ipapython
PYTHON_SUBDIRS = $(IPACLIENT_SUBDIRS) $(IPATESTS_SUBDIRS) $(IPASERVER_SUBDIRS)
IPA_PLACEHOLDERS = freeipa ipa ipaserver ipatests
SUBDIRS = asn1 util client contrib po pypi \
$(IPACLIENT_SUBDIRS) $(IPATESTS_SUBDIRS) $(SERVER_SUBDIRS)
SUBDIRS = asn1 util client contrib po pypi $(PYTHON_SUBDIRS) $(SERVER_SUBDIRS)
GENERATED_PYTHON_FILES = \
$(top_builddir)/ipaplatform/override.py \
......@@ -174,10 +175,10 @@ endif
$(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check
$(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint
if WITH_PYTHON3
@ # just tests and pylint on Python 3
@ # just tests, aci, api and pylint on Python 3
PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON3) ipatests/ipa-run-tests \
--ipaclient-unittests
$(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint
$(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) acilint apilint polint pylint
else
@echo "WARNING: python3 not available"
endif
......@@ -186,10 +187,12 @@ endif
.PHONY: fastcheck fasttest fastlint
fastcheck:
if WITH_PYTHON2
@$(MAKE) -j1 $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) fastlint fasttest
@$(MAKE) -j1 $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) \
fastlint fasttest apilint acilint
endif
if WITH_PYTHON3
@$(MAKE) -j1 $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) fastlint fasttest
@$(MAKE) -j1 $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) \
fastlint fasttest apilint acilint
endif
fasttest: $(GENERATED_PYTHON_FILES) ipasetup.py
......@@ -207,13 +210,13 @@ endif
@echo "Fast linting with $(PYTHON) from branch '$(GIT_BRANCH)'"
@MERGEBASE=$$(git merge-base --fork-point $(GIT_BRANCH)); \
FILES=$$(git diff --name-only $${MERGEBASE} \
FILES=$$(git diff --name-only --diff-filter=d $${MERGEBASE} \
| grep -E '\.py$$'); \
if [ -n "$${FILES}" ]; then \
echo -e "Fast linting files:\n$${FILES}\n"; \
echo "pycodestyle"; \
echo "-----------"; \
git diff $${MERGEBASE} | \
git diff -U0 $${MERGEBASE} | \
$(PYTHON) -m pycodestyle --diff || exit $$?; \
echo -e "\npylint"; \
echo "------"; \
......@@ -236,15 +239,16 @@ $(top_builddir)/ipapython/version.py:
.PHONY: acilint
acilint: $(GENERATED_PYTHON_FILES)
cd $(srcdir); ./makeaci --validate
cd $(srcdir); $(PYTHON) ./makeaci --validate
.PHONY: apilint
apilint: $(GENERATED_PYTHON_FILES)
cd $(srcdir); ./makeapi --validate
cd $(srcdir); $(PYTHON) ./makeapi --validate
.PHONY: polint
polint:
$(MAKE) -C $(srcdir)/po validate-src-strings validate-po test-gettext
$(MAKE) -C $(srcdir)/po PYTHON=$(PYTHON) \
validate-src-strings validate-po test-gettext
# Run pylint for all python files. Finds all python files/packages, skips
# folders rpmbuild, freeipa-* and dist. Skip (match, but don't print) .*,
......@@ -355,6 +359,12 @@ pypi_packages: $(WHEELPYPIDIR) .wheelconstraints
@echo -e "\n\nTo upload packages to PyPI, run:\n"
@echo -e " twine upload $(WHEELPYPIDIR)/*-$(VERSION)-py2.py3-none-any.whl\n"
.PHONY: python_install
python_install:
for dir in $(PYTHON_SUBDIRS); do \
$(MAKE) $(AM_MAKEFLAGS) -C $${dir} install || exit 1; \
done
.PHONY:
strip-po:
$(MAKE) -C po strip-po
README.md
View file @ 71b402b5
......@@ -3,7 +3,7 @@
FreeIPA allows Linux administrators to centrally manage identity,
authentication and access control aspects of Linux and UNIX systems
by providing simple to install and use command line and web based
managment tools.
management tools.
FreeIPA is built on top of well known Open Source components and standard
protocols with a very strong focus on ease of management and automation
......
VERSION.m4
View file @ 71b402b5
......@@ -20,8 +20,8 @@
# -> "1.0.0" #
########################################################
define(IPA_VERSION_MAJOR, 4)
define(IPA_VERSION_MINOR, 6)
define(IPA_VERSION_RELEASE, 3)
define(IPA_VERSION_MINOR, 7)
define(IPA_VERSION_RELEASE, 0)
########################################################
# For 'pre' releases the version will be #
......@@ -55,7 +55,8 @@ define(IPA_VERSION_IS_GIT_SNAPSHOT, no)
# - ipa-X-X: define(IPA_GIT_BRANCH, #
# ipa-IPA_VERSION_MAJOR-IPA_VERSION_MINOR) #
########################################################
define(IPA_GIT_BRANCH, ipa-IPA_VERSION_MAJOR-IPA_VERSION_MINOR)
define(IPA_GIT_BRANCH, master)
dnl define(IPA_GIT_BRANCH, ipa-IPA_VERSION_MAJOR-IPA_VERSION_MINOR)
########################################################
# The version of IPA data. This is used to identify #
......@@ -137,7 +138,7 @@ NEWLINE)) dnl IPA_VERSION end
dnl DEBUG: uncomment following lines and run command m4 VERSION.m4
dnl `IPA_VERSION: ''IPA_VERSION'
dnl `IPA_GIT_VERSION: ''IPA_GIT_VERSION'
dnf `IPA_GIT_BRANCH: ''IPA_GIT_BRANCH'
dnl `IPA_GIT_BRANCH: ''IPA_GIT_BRANCH'
dnl `IPA_API_VERSION: ''IPA_API_VERSION'
dnl `IPA_DATA_VERSION: ''IPA_DATA_VERSION'
dnl `IPA_NUM_VERSION: ''IPA_NUM_VERSION'
client/Makefile.am
View file @ 71b402b5
......@@ -80,6 +80,7 @@ ipa_join_SOURCES = \
$(NULL)
ipa_join_LDADD = \
$(top_builddir)/util/libutil.la \
$(KRB5_LIBS) \
$(LDAP_LIBS) \
$(SASL_LIBS) \
......@@ -89,6 +90,7 @@ ipa_join_LDADD = \
$(NULL)
SUBDIRS = \
share \
man \
$(NULL)
......
client/ipa-certupdate
View file @ 71b402b5
#! /usr/bin/python2 -E
#!/usr/bin/python3 -E
# Authors: Jan Cholasta <jcholast@redhat.com>
#
# Copyright (C) 2014 Red Hat
......
client/ipa-client-automount
View file @ 71b402b5
#!/usr/bin/python2 -E
#!/usr/bin/python3 -E
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
......@@ -43,6 +43,8 @@ from six.moves.urllib.parse import urlsplit
from optparse import OptionParser # pylint: disable=deprecated-module
from ipaclient.install import ipachangeconf, ipadiscovery
from ipaclient.install.client import (CLIENT_NOT_CONFIGURED,
CLIENT_ALREADY_CONFIGURED)
from ipalib import api, errors
from ipalib.install import sysrestore
from ipalib.install.kinit import kinit_keytab
......@@ -92,7 +94,7 @@ def wait_for_sssd():
time.sleep(1)
while n < 10 and not found:
try:
ipautil.run(["getent", "passwd", "admin@%s" % api.env.realm])
ipautil.run([paths.GETENT, "passwd", "admin@%s" % api.env.realm])
found = True
except Exception:
time.sleep(1)
......@@ -189,7 +191,8 @@ def configure_autofs_sssd(fstore, statestore, autodiscover, options):
domain.add_provider('ipa', 'autofs')
try:
domain.get_option('ipa_automount_location')
sys.exit('An automount location is already configured')
print('An automount location is already configured')
sys.exit(CLIENT_ALREADY_CONFIGURED)
except SSSDConfig.NoOptionError:
domain.set_option('ipa_automount_location', options.location)
break
......@@ -252,17 +255,31 @@ def configure_autofs_common(fstore, statestore, options):
autofs.service_name, str(e))
def uninstall(fstore, statestore):
RESTORE_FILES=[
paths.SYSCONFIG_AUTOFS,
paths.NSSWITCH_CONF,
paths.AUTOFS_LDAP_AUTH_CONF,
paths.SYSCONFIG_NFS,
paths.IDMAPD_CONF,
]
STATES=['autofs', 'rpcidmapd', 'rpcgssd']
# automount only touches /etc/nsswitch.conf if LDAP is
# used. Don't restore it otherwise.
if (statestore.get_state('authconfig', 'sssd') or
(statestore.get_state('authselect', 'profile') == 'sssd')):
RESTORE_FILES.remove(paths.NSSWITCH_CONF)
if (not any(fstore.has_file(f) for f in RESTORE_FILES) or
not any(statestore.has_state(s) for s in STATES)):
print("IPA automount is not configured on this system")
return CLIENT_NOT_CONFIGURED
print("Restoring configuration")
if fstore.has_file(paths.SYSCONFIG_AUTOFS):
fstore.restore_file(paths.SYSCONFIG_AUTOFS)
if fstore.has_file(paths.NSSWITCH_CONF):
fstore.restore_file(paths.NSSWITCH_CONF)
if fstore.has_file(paths.AUTOFS_LDAP_AUTH_CONF):
fstore.restore_file(paths.AUTOFS_LDAP_AUTH_CONF)
if fstore.has_file(paths.SYSCONFIG_NFS):
fstore.restore_file(paths.SYSCONFIG_NFS)
if fstore.has_file(paths.IDMAPD_CONF):
fstore.restore_file(paths.IDMAPD_CONF)
for filepath in RESTORE_FILES:
if fstore.has_file(filepath):
fstore.restore_file(filepath)
if statestore.has_state('autofs'):
enabled = statestore.restore_state('autofs', 'enabled')
running = statestore.restore_state('autofs', 'running')
......@@ -382,7 +399,8 @@ def main():
try:
check_client_configuration()
except ScriptError as e:
sys.exit(e)
print(e.msg)
sys.exit(e.rval)
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
......@@ -412,7 +430,8 @@ def main():
ca_cert_path = paths.IPA_CA_CRT
if statestore.has_state('autofs'):
sys.exit('automount is already configured on this system.\n')
print('An automount location is already configured')
sys.exit(CLIENT_ALREADY_CONFIGURED)
autodiscover = False
ds = ipadiscovery.IPADiscovery()
......
client/ipa-client-install
View file @ 71b402b5
#! /usr/bin/python2 -E
#!/usr/bin/python3 -E
# Authors: Simo Sorce <ssorce@redhat.com>
# Karl MacMillan <kmacmillan@mentalrootkit.com>
#
......
client/ipa-getkeytab.c
View file @ 71b402b5
......@@ -43,14 +43,8 @@
#include "ipa_krb5.h"
#include "ipa_asn1.h"
#include "ipa-client-common.h"
#include "ipa_ldap.h"
#define DEFAULT_CA_CERT_FILE "/etc/ipa/ca.crt"
#define LDAP_SASL_EXTERNAL "EXTERNAL"
#define LDAP_SASL_GSSAPI "GSSAPI"
#define SCHEMA_LDAP "ldap://"
#define SCHEMA_LDAPS "ldaps://"
static int check_sasl_mech(const char *mech)
{
......@@ -178,42 +172,6 @@ static int ipa_server_to_uri(const char *servername, const char *mech,
return 0;
}
static int ipa_ldap_init(LDAP **ld, const char *ldap_uri)
{
int rc = 0;
rc = ldap_initialize(ld, ldap_uri);
return rc;
}
static int ipa_tls_ssl_init(LDAP *ld, const char *ldap_uri)
{
int ret = LDAP_SUCCESS;
int tls_hard = LDAP_OPT_X_TLS_HARD;
int tls_demand = LDAP_OPT_X_TLS_DEMAND;
if (strncmp(ldap_uri, SCHEMA_LDAP, sizeof(SCHEMA_LDAP) - 1) == 0) {
ret = ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &tls_demand);
if (ret != LDAP_OPT_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_X_TLS_REQUIRE_CERT\n"));
return ret;
}
ret = ldap_start_tls_s(ld, NULL, NULL);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to initialize STARTTLS session\n"));
return ret;
}
} else if (strncmp(ldap_uri, SCHEMA_LDAPS, sizeof(SCHEMA_LDAPS) - 1) == 0) {
ret = ldap_set_option(ld, LDAP_OPT_X_TLS, &tls_hard);
if (ret != LDAP_OPT_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_X_TLS\n"));
return ret;
}
}
return ret;
}
static int ipa_ldap_bind(const char *ldap_uri, krb5_principal bind_princ,
const char *bind_dn, const char *bind_pw,
const char *mech, const char *ca_cert_file,
......@@ -221,20 +179,12 @@ static int ipa_ldap_bind(const char *ldap_uri, krb5_principal bind_princ,
{
char *msg = NULL;
struct berval bv;
int version;
LDAP *ld;
int ret;
/* TODO: support referrals ? */
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ca_cert_file);
if (ret != LDAP_OPT_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_X_TLS_CERTIFICATE\n"));
return ret;
}
ret = ipa_ldap_init(&ld, ldap_uri);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to init connection to %s\n"), ldap_uri);
return ret;
}
......@@ -243,23 +193,7 @@ static int ipa_ldap_bind(const char *ldap_uri, krb5_principal bind_princ,
return LDAP_OPERATIONS_ERROR;
}
#ifdef LDAP_OPT_X_SASL_NOCANON
/* Don't do DNS canonicalization */
ret = ldap_set_option(ld, LDAP_OPT_X_SASL_NOCANON, LDAP_OPT_ON);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_X_SASL_NOCANON\n"));
goto done;
}
#endif
version = LDAP_VERSION3;
ret = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if (ret != LDAP_SUCCESS) {
fprintf(stderr, _("Unable to set LDAP_OPT_PROTOCOL_VERSION\n"));
goto done;
}
ret = ipa_tls_ssl_init(ld, ldap_uri);
ret = ipa_tls_ssl_init(ld, ldap_uri, ca_cert_file);
if (ret != LDAP_OPT_SUCCESS) {
goto done;
}
......@@ -763,7 +697,8 @@ int main(int argc, const char *argv[])
_("The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)"),
_("Kerberos Service Principal Name") },
{ "keytab", 'k', POPT_ARG_STRING, &keytab, 0,
_("File were to store the keytab information"),
_("The keytab file to append the new key to (will be "
"created if it does not exist)."),
_("Keytab File Name") },
{ "enctypes", 'e', POPT_ARG_STRING, &enctypes_string, 0,
_("Encryption types to request"),
......