URL: https://github.com/freeipa/freeipa/pull/920
Author: tduehr
Title: #920: fix ods-ksmutil for 2.0.x
Action: opened
PR body:
"""
It became ods-enforcer and its behavior changed.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/920/head:pr920
git checkout pr920
Hi,
Thought I should introduce myself and post a link to some recent work which
might be relevant for some of you.
My name is Antonia Stevens and I'm a DevOps Engineer and long time FreeIPA
user.
We recently had a need to get proper certs for IPA servers in AWS which
means they have multiple IPs/DNS Names/Principals, since I could not find
anything I hacked together a couple of bash scripts to make it a bit easier.
https://github.com/antevens/letsencrypt-freeipa
Thanks for all the great work and depending on my schedule I might try to
contribute a bit more going forward.
Antonia Stevens
@antevens
a(a)antevens.com
https://github.com/antevens/
URL: https://github.com/freeipa/freeipa/pull/953
Author: pvomacka
Title: #953: [master] WebUI: Turn on pagination on certificate page
Action: opened
PR body:
"""
Almost all other search tables use pagination. Only this one does not.
This change makes WebUI more consistent.
https://pagure.io/freeipa/issue/6079
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/953/head:pr953
git checkout pr953
URL: https://github.com/freeipa/freeipa/pull/1024
Author: stlaz
Title: #1024: py3: turn all shebangs to python3
Action: opened
PR body:
"""
This patchset turns all shebangs in IPA scripts to Python 3. Note that this may seem like going against what we agreed on some two months ago but the outcome to turn everything to `/usr/bin/python` to use default python version would be a setback in the Fedora planning: https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 and there is no reason not to use the up-till-now long running Python 3 effort.
This also required to regenerate the `API.txt` file so that our checks don't fail to validate for python2/3 type discrepancies.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1024/head:pr1024
git checkout pr1024
URL: https://github.com/freeipa/freeipa/pull/973
Author: tomaskrizek
Title: #973: test_dnssec: re-add named-pkcs11 workarounds
Action: opened
PR body:
"""
DNSSEC tests starrted to fail again, probably due to a bug in
some underlaying component.
This reverts commit 8bc677512296a7e94c29edd0c1a96aa7273f352a
and makes the xfail test check less strict - it will no longer
mark the test suite red if it passes.
Related https://pagure.io/freeipa/issue/5348
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/973/head:pr973
git checkout pr973
URL: https://github.com/freeipa/freeipa/pull/927
Author: pvomacka
Title: #927: WebUI: Cockpit integration
Action: opened
PR body:
"""
Link to the cockpit is placed to each host details page in case
the Cockpit is installed on the server.
Showing or hiding cockpit link is possible because of Cockpit's API
which provides public URL for check whether Cockpit is the software
which listen on given port.
https://pagure.io/freeipa/issue/4891
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/927/head:pr927
git checkout pr927
URL: https://github.com/freeipa/freeipa/pull/837
Author: frasertweedale
Title: #837: ca-add: fix permission issue
Action: opened
PR body:
"""
The ca-add command pre_callback uses ldap.can_add() to check whether
the user has permission to add CAs. Alas, the GetEffectiveRights
control used by ldap.can_add() doesn't correctly interpret ACIs with
'targetfilter' constraints, and returns a false-negative for
non-admin users, even when they have the 'System: Add CA'
permission.
To work around this, add the CA object to FreeIPA before attempting
to create the CA in Dogtag. If the CA creation in Dogtag succeds,
the user then updates the FreeIPA object with the Authority ID and
other authoritative data returned by Dogtag. If the CA creation in
Dogtag fails, the user cleans up by deleting the newly-created CA
object from FreeIPA.
This modified procedure ensures that the user certainly has the
'System: Add CA' permission before the CA creation in Dogtag is
attempted. But it also means that the user must have 'write' and
'delete' permission on 'ipaca' objects in FreeIPA, so that it can
complete the object after CA creation in Dogtag, or clean up if that
step fails. Therefore, update the 'System: Add CA' permission to
confer 'write' and 'delete' access on 'ipaca' objects, as well as
'add' access.
Fixes: https://pagure.io/freeipa/issue/6609
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/837/head:pr837
git checkout pr837
URL: https://github.com/freeipa/freeipa/pull/1135
Author: stlaz
Title: #1135: [Backport][ipa-4-6] tests_py3: decode get_file_contents() result
Action: opened
PR body:
"""
This PR was opened automatically because PR #1118 was pushed to master and backport to ipa-4-6 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1135/head:pr1135
git checkout pr1135