[pull] master from freeipa:master#1096
Open
pull[bot] wants to merge 9 commits intoRachelmorrell:masterfrom
Open
[pull] master from freeipa:master#1096pull[bot] wants to merge 9 commits intoRachelmorrell:masterfrom
pull[bot] wants to merge 9 commits intoRachelmorrell:masterfrom
Conversation
-Convert Bugzilla regression tests (BZ 772106, 772675, 747730, 747741, 747720, 747722) from bash to Python and add them to the existing selfservice test file as the TestSelfserviceMisc Declarative class. -Tests verify that --raw output, empty permissions/attrs, and invalid attrs do not cause internal errors or accidental ACI deletion. -Use a single selfservice rule (selfservice1) across all BZ tests instead of creating and deleting a separate rule per test case, reducing churn and keeping the tests fast. -Drop BZ 747693 (selfservice-find --raw) as it is already covered by the existing "Search for 'testself' with --raw" test in the main test_selfservice CRUD class (test 0011). Signed-off-by: Jay Gondaliya jgondali@redhat.com Fixes: https://pagure.io/freeipa/issue/9945 Assisted-by: Claude noreply@anthropic.com Continuation of PR #8190 Fixes made: -Fixed lambda expected checkers — replaced defensive .get("result", {}) chains with direct output["result"] key access. -Removed redundant delete test case — dropped explicit selfservice_del test, relying solely on cleanup_commands. -Renamed class TestSelfserviceMisc → test_selfservice_misc. Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: David Hanina <dhanina@redhat.com>
…he standard library Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
The tool gitleaks reports a potential data leak in test_dns.py as it believes KEY_SECRET should not be exposed. This is a test value that can be ignored. Mark as such with the comment # notsecret Same for other tests with passwords. Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: David Hanina <dhanina@redhat.com> Reviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>
We should allow 32bit groups, by setting maxvalue we allow that. Fixes: https://pagure.io/freeipa/issue/9953 Signed-off-by: David Hanina <dhanina@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
freeipa-client package needs to creates directories in /var: /var/lib/ipa-client /var/lib/ipa-client/pki /var/lib/ipa-client/sysrestore Use tmpdfilesd to create the dirs in order to be compatible with bootc images where /var is not updated when bootc switch is called. Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Sudhir Menon <sumenon@redhat.com>
This allows an installation along with an ML-DSA CA to complete an IPA installation where the IPA RA, Apache and 389-ds keys are ML-DSA as requested on the CLI. PKINIT doesn't currently support PQC so that certificate is forced to be RSA-2048. This does not yet pass the key type into the CA installer so an override is still necessary. There are two very simple routines for determining the profile to use which is fine for this limited use case but will need to be replaced or the functions enhanced, or both. This uses the caMLDSAServerCert profile for the IPA certificates. In the future we plan to try to update the caIPAserverCert to support both RSA and ML-DSA. Using a ML-DSA CA is not necessary to use ML-DSA for the IPA certificates. If an ML-DSA CA is desired then a pki-override file needs to be provided to the installer. X-Feature: PQC Related: https://pagure.io/freeipa/issue/9883 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>
The test was failing in environments where IPv6 is disabled at the kernel level because it attempted to add a temporary IPv6 address without first checking if IPv6 is enabled on the interface. This fix restructures the test to: - Check if IPv6 is disabled via sysctl before attempting IPv6 setup - Always run IPv4 allow-query and allow-transfer tests - Only run IPv6-related tests when IPv6 is available This ensures the test passes in IPv4-only environments while still providing full coverage when IPv6 is enabled. Fixes: https://pagure.io/freeipa/issue/9944 Signed-off-by: Pranav Thube pthube@redhat.com Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> Reviewed-By: David Hanina <dhanina@redhat.com>
Tomcat in Fedora previously used some different locations for scripts than upstream tomcat. In Fedora 45 these customizations are being dropped. Instead of being able to call /usr/sbin/tomcat directly the scripts are split between /usr/libexec and /usr/share/tomcat/bin. We used to call /usr/sbin/tomcat to get the version number for backwards compatibility. We can use the script version.sh instead of calling tomcat/catalina.sh directly. Fixes: https://pagure.io/freeipa/issue/9832 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Convert self-service users tests from bash to Python and add them to the existing selfservice test file. Tests verify that users can modify their own allowed attributes under default and custom selfservice rules, that disallowed attributes are rejected with ACIError, and that cross-user modification is blocked. Also covers atomic failure on mixed permissions, self-password-change, and user-find by phone, fax, and manager (BZ 1188195, 781208, 985016, 967509, 985013). Signed-off-by: Jay Gondaliya jgondali@redhat.com Fixes: https://pagure.io/freeipa/issue/9945 Assisted-by: Claude noreply@anthropic.com Reviewed-By: PRANAV THUBE <pthube@redhat.com> Reviewed-By: David Hanina <dhanina@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )