<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en" style="--code-editor-font: GitLab Mono, JetBrains Mono, Menlo, DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style data-premailer="ignore" type="text/css">
a { color: #1068bf; }
</style>
<style>img {
max-width: 100%; height: auto;
}
body {
font-size: 0.875rem;
}
body {
-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;
}
body {
font-family: "GitLab Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; font-size: inherit;
}
</style>
</head>
<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: "GitLab Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";'>
<div class="content">
<h3 style="margin-top: 20px; margin-bottom: 10px;">
Timo Aaltonen pushed to branch master at <a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck">FreeIPA packaging / freeipa-healthcheck</a>
</h3>
<h4 style="margin-top: 10px; margin-bottom: 10px;">
Commits:
</h4>
<ul>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/c9feb33f7cbd315f303af2556ab20eabe9bb7b77">c9feb33f</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-06-06T09:30:59-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>kdc: Don't return a WARNING if there are no ARGS and cpus == 1
If there is only a single CPU at installation time then
KRB5KDC_ARGS is nnot set and it may contain an empty value like:
KRB5KDC_ARSG=
Treat this as a successful execution.
Related: https://github.com/freeipa/freeipa-healthcheck/issues/258
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/0ca6bb307005051557871d92530d920a08a2592a">0ca6bb30</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-07-06T11:12:09-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Add /run/ipa to the list of files/directories to check
/run/ipa/ccaches is the main target, to ensure it retains the
right owner/group/permissions for privilege separation to work
by setting setuid and setgid so the underlying ccaches are
only readable by the ipaapi user/group.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/232
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/f7577fb4f5a3d31b17971499937dcf7d900488cf">f7577fb4</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-07-06T11:12:29-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Use DN to compare agent cert issuer and subjects
The comparison was doing a string compare of the expected
description value. This worked most of the time but if there
were simple case differents in the attributes that would
cause a false failure.
Instead compare them separately using the DN class to do
the comparison.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/93
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/fac00619db830eefd5060f1342497aea05241164">fac00619</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-10-10T09:29:05-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Clarify in the README that healthcheck is only for servers
I also mentioned that it only checks the local server, not others
currently.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/278
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/cf1cacabc4405089983d5771bf3f4f00b133450b">cf1cacab</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-10-10T09:29:05-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix E275 missing whitespace after keyword reported by flake8
Related: https://github.com/freeipa/freeipa-healthcheck/issues/278
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/51e582aeb82c5c5ccff7410dd148f8b34d545048">51e582ae</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-10-17T16:13:54-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Use exceptions to indicate parsing errors, not a return value
The validation in parse_options() retured a 1 on failure.
Raise an exception instead and expect the caller to handle it.
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/a00e0293f937faa5a927361baf3a9a951d746466">a00e0293</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-10-17T16:13:54-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Use new approach to validate whether the ipa-ca DNS record is complete
The previous method counted the number of servers with CA's and
expected an identical count of servers in ipa-ca, for each of the
A and AAAA types.
If one server had only A or AAAA records then this count could be
off and issue a spurious warning.
Instead get the list of A and AAAA records for servers with a CA
and compare the IP addresses to those of the A and AAAA records
of ipa-ca. Return a warning if any are missing or not expected
(e.g. a server was removed but remains in ipa-ca).
https://github.com/freeipa/freeipa-healthcheck/issues/270
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/f1a131b9743fd16d6c6eba656bb2616adc3f8ec3">f1a131b9</a></strong>
<div>
<span> by Peter Keresztes Schmidt </span> <i> at 2022-11-19T19:42:45-05:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix a typo in the ipa-healthcheck help message
Signed-off-by: Peter Keresztes Schmidt <carbenium@outlook.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/cc87413e136f906203f3be44c724cba2edd98bf6">cc87413e</a></strong>
<div>
<span> by Sam Morris </span> <i> at 2022-11-22T11:26:40-05:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: remove redundant example
Signed-off-by: Sam Morris <sam@robots.org.uk>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/af5434777f2cfd03bdf24722f3dce960f55258c6">af543477</a></strong>
<div>
<span> by Sam Morris </span> <i> at 2022-11-22T11:26:40-05:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: grammar
Signed-off-by: Sam Morris <sam@robots.org.uk>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/be13ac1fab1720a27ee680d62e973fea2c2d30e6">be13ac1f</a></strong>
<div>
<span> by Sam Morris </span> <i> at 2022-11-22T11:26:40-05:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: fix missing new paragraph directive
Signed-off-by: Sam Morris <sam@robots.org.uk>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/38b3ddfe28bb11426ad2a5acdaa2cb71f543fcb2">38b3ddfe</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-12-01T10:13:22-05:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Add limited support for CA certificates on a hardware token (HSM)
dogtagpki supports storing its subsystem and CA certificates on
an HSM. Look up the token name and password in the NSS db
password file. If a token exists then include that in the lookup
and expect (require) the CA, audit, ocsp and subsystem
certificates to be there. If a KRA is also configured then those
certificates will be in the HSM as well.
PKI supports mixing and matching but for now this only supports
a simplistic one HSM or no HSM.
This supports the existing IPA CertDB and NSSDatabase APIs
as well as IPA 4.9.x.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/276
Signed-off-by: Rob Crittenden <rcritten@redhat.com
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/db7831c77ca46a9226190c0301b41b5590914b9e">db7831c7</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-12-01T10:13:22-05:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Add tests for token support
This required changes to the mock CAInstance to support
the HSM properties in DogtagInstance.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/276
Signed-off-by: Rob Crittenden <rcritten@redhat.com
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/f8cbe6d59481379d6032645d98de1499c244df8e">f8cbe6d5</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2022-12-01T10:13:22-05:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Address some newer pylint issues related to API changes
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/c1091f525be536ee85f92c2d9fa20216cad2b187">c1091f52</a></strong>
<div>
<span> by Antonio Torres </span> <i> at 2022-12-01T16:58:02+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Become 0.12
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/31be12b8b7adebea92e31b6265e450ae361e48b7">31be12b8</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-03-28T15:24:52-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Add more services to check the status, switch to using roles
Some services aren't included in ipaplaform.knownservices
like smb and winbind. It is possible to discover the
service name using the same method used by ipactl, via roles.
Switch some services to the roles method.
The services added:
* ods_enforcerd
* ipa_ods_exporter
* ipa_dnskeysyncd
* chronyd
* smb
* winbind
Add option to skip disabled services. This is currently only
for chronyd which is not required but we'll check it if its
enabled.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/219
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/196
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/fa6b7caa6aa6520bc1b23dfb498568ebfd171f28">fa6b7caa</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-04-06T09:09:42-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Require root to run ipa-healthcheck
The vast majority of checks require root access so enforce
it at run time.
This won't affect other runtimes that use healthcheck-core.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/148
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/4185976472cd144e5e1abab235305da6e93ead86">41859764</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-04-07T07:59:51-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>If there are KRAs, ensure the renewal server is one
If there are KRAs in the topology and there isn't one on
the renewal server then the KRA certificates will not be
renewed because they expect another server to do it for them.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/125
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/6642a1ad142581429bbc6e29298f535f9e45462a">6642a1ad</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-04-07T08:49:50-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Report certmonger requests that are in the stuck state
These may be caught already by other checks if the tracking
is configured incorrectly but it's a belt-and-suspenders
approach to ensure that the certificates have been issued
properly.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/123
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/30471ebdc9fe5871c115ca06f78a415275a320e6">30471ebd</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-04-07T08:50:26-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Skip AD domains with posix ranges in the catalog check
The catalog check is intended to ensure that the trust is
working by looking up a user. For a non-posix range we can use
the Administrator user because it has a predicible SID.
With a posix range the UID/GID may not be set so the lookup
can fail (with an empty return value).
So skip domain which have a posix range associated with it.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1775199
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/8ca85127b97b1379e36794c19fe38d372ed07f76">8ca85127</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-04-11T10:05:48-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Report when all ipa-ca records are missing in IPADNSSystemRecordsCheck
If no DNS records were returned at all then the check for mismatches
was missed. Add a special case for this scenario by using a placeholder
for the IP address for a given CA server. If no records are returned
at all this case will catch it. If any exist at all then the
current code will handle it.
This is is easily reproduced using a non-IPA DNS server like
Google or Cloudflare where all lookups will fail.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/284
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/9124c5c6ad83a254177dc998e16e2ecbe7d72912">9124c5c6</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-05-09T11:47:17-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Restrict the length of JSON output indent to 32
Too big a value and the system will exhause memory. Normally I
trust users not to do things like but it doesn't hurt to constrain
sometimes.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/197
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/d398f4589c4e711a2f6d4e7782ab52ce46a680bc">d398f458</a></strong>
<div>
<span> by Gordon Bleux </span> <i> at 2023-05-31T15:15:58-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>output: fix prometheus output pluging to comply with format specification
use comment syntax for HELP and TYPE annotations, as specified
by the prometheus test-base exposition format [1].
this change also introduces a output sub-class to reduce code
duplication.
closes #292
[1] https://prometheus.io/docs/instrumenting/exposition_formats/#text-based-format
Signed-off-by: Gordon Bleux <33967640+UiP9AV6Y@users.noreply.github.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/4906c52b629bfce275558d4701c083f4c020ef32">4906c52b</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-07-05T11:44:05-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Catch exceptions during user/group name lookup in FileCheck
It's possible that one or more of the allowed users/groups
in a file check do not exist on the system. Catch this
exception and try to proceed as best as possible.
https://github.com/freeipa/freeipa-healthcheck/issues/296
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/2e3028ed1cd08b780e73bd5de9c1dd46abcbaac1">2e3028ed</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-07-12T09:59:30-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>gha: Replace F35/36 with F37/38, add python 3.11 to lint
F35 and F36 are not both obsolete. Switch to current
releases.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/295
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/183b2f8526620b966a2e673559f87c87187fe1fa">183b2f85</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-07-12T09:59:30-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pylint: Sync pylint plugin to FreeIPA
This is backport of
freeipa/freeipa@10e18c3dc732a52d173e803970f6eb53dd9b6087
and
freeipa/freeipa@232b5a9ddeb222035a9393bfc495b2ffba557801
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/295
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/18178ba09b221eef7f0bb869980e1c043a8e764f">18178ba0</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-07-12T09:59:30-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Address issues uncovered by pylint 2.15.5
Two variables used before assignment
Three Useless suppression of 'unexpected-keyword-arg'
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/295
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/29855ec76bcb445543e1f2b16b13e5bcfeb67723">29855ec7</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-07-19T10:34:16-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Don't error in DogtagCertsConnectivityCheck with external CAs
The purpose of the check is to validate that communication
with the CA works. In the past we looked up serial number 1
for this check. The problem is that if the server was
installed with RSNv3 so had no predictable CA serial number.
It also was broken with externally-issued CA certificate which
cannot be looked up in IPA.
Instead use the IPA RA agent certificate which should definitely
have a serial number in the IPA CA if one is configured.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/285
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/11c77a199304fba4f430e9386593477f37652f23">11c77a19</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-07-19T10:35:58-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Become 0.13
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/e05903dc95be0182eac310f5a9d593d93fc43fa8">e05903dc</a></strong>
<div>
<span> by Florence Blanc-Renaud </span> <i> at 2023-08-16T13:24:51-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Python 3.12: utcnow function is deprecated
ipa-healthcheck on python 3.12 uses datetime.utcnow() which
is deprecated and produces warnings.
Replace with datetime.now(tz=UTC)
When a datetime object is returned through IPACertificate API,
always set the timezone to UTC (this makes the new code compatible
with old IPA and new IPA versions).
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/298
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/04c109a7e57ecc7d772634b8ad89f98137a91e09">04c109a7</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-08-21T09:57:13-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Become 0.14
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/9603491e20d6670b8b05ea4349f141a5eec1bd07">9603491e</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-09-28T22:20:27-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Change the github runners to conform with new requirements
The older style runner is being deprecreated per
https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
The documntation is rather confusing what needed to be changed but
one of the examples included this change and it's now passing CI so...
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/cef7d57e2d4d1fbb13facb7629c7b8c6811e0fc7">cef7d57e</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-10-03T09:12:14-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Add a dirsrv requires to services that look up their names in LDAP
Some services aren't included in ipaplaform.knownservices
like smb and winbind. It is possible to discover the
service name using the same method used by ipactl, via roles.
If dirsrv isn't started then this will blow up spectacularly
so use requires as a guard against it.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/301
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/a826ae844b8e8bef497b327b1d3cba00d6b0d5bf">a826ae84</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-10-16T10:09:12-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Convert DBus objects into native python objects
There were cases where values were taken directly from DBus
objects. This worked in some cases but not in the case of the
token name.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/305
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/02211dd4b5e7559da2159e0e712e4d3f845baf4a">02211dd4</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-10-16T10:09:12-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Disable the pylint github workflow
Ubuntu has pylint 3.0.1 which is apparently incompatible with
pylint_plugins.py. Disable this temporarily. Chances are good
that once this is addressed in freeipa it can be ported back
here as well.
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/fd0b2ce794f56ed970ecf06c808a530bd2e065f9">fd0b2ce7</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-10-16T10:24:43-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Use timezone.utc instead of datetime.UTC for backwards compatibility
We switched to datetime.UTC because datetime.utcnow() was deprecated.
This is only available in python 3.11+. Use datetime.timezone.utc
instead which is available from python 3.2+
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/302
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/e69589d507aaa1b837fc4c31cce534d246a535aa">e69589d5</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-10-16T10:24:59-04:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Validate service keytabs other than just /etc/krb5.keytab
There are quite a few other keytabs in use in IPA other than
just the host keytab. Validate that kinit in that keytab
works if the service is configured.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/175
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/4a9ebb37cb296a41fefcd5898a3b1a69e6539720">4a9ebb37</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-11-07T09:39:43-05:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Support validating LWCA certmonger requests
The LWCA ids are UUID4 format and are stored in LDAP so
we can retrieve the list (ignoring the ipa entry) and
construct what the request should look like.
Add a cache for the get_expected_requests() function. The
certificates aren't going to change (or shouldn't) in the
middle of a run and there is no point in duplicating several
LDAP requests for each call.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/307
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/bbffe5fc81b2fd13e4345b03416e5056ec9d1998">bbffe5fc</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-11-07T09:39:43-05:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Drop all=True in IPACertRevocation cert_show call
This was causing a cache miss in the LDAPCache class. The
'*' + all default attributes was confusing the cache. We in fact
do not need all attributes so this is fine. This increases the
cache hits in cert.py from 7 to 24, reducing the number of
duplicate LDAP searches.
Related: https://github.com/freeipa/freeipa-healthcheck/issues/307
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/25bbaab9ab98a3a0198db0788b3e35d68d80922c">25bbaab9</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-11-07T09:39:43-05:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Disable failing not installed and not configured tests
These pass locally for me but fail in the github workflow. Marking
as xfail for now.
A deprecation warning is being spit out now on stderr instead out
stdout which includes the underlying message. Check both stdout
and stderr to be on the safe side.
Note: these tests only run as root.
Related: https://github.com/freeipa/freeipa-healthcheck/issues/309
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/f2eb911a72eed7c290c031f6df9b4fd4800e8e89">f2eb911a</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-11-07T10:12:15-05:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Become 0.15
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/a56f1f8007bb27ebbf2d0caf70986b24f827c331">a56f1f80</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-11-09T10:37:34-05:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Remove call to api.Backend.ldap2.disconnect()
This was added while I was testing the IPA LDAP client
cache performance. By disconnecting a summary of the cache is
logged. I never intended it remain in the code.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/310
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/a6b89d4823de1a3459f1189a7c9eb4fb1a9931b7">a6b89d48</a></strong>
<div>
<span> by Rob Crittenden </span> <i> at 2023-11-09T10:44:11-05:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Become 0.16
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/93bcc26584971f6b1e18720b204ee0454e433925">93bcc265</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2023-11-22T12:49:10+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Merge branch 'upstream'
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/b944038d2a3fbfc92106afabc290ae19ac84767d">b944038d</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2023-11-22T12:49:56+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>version bump
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/commit/8e38c563b9a2fd349db99035e5ed4d24f41100e3">8e38c563</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2023-11-22T12:50:22+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #333238; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>releasing package freeipa-healthcheck version 0.16-1
</pre>
</li>
</ul>
<h4 style="margin-top: 10px; margin-bottom: 10px;">
30 changed files:
</h4>
<ul>
<li class="file-stats">
<a href="#54965971a37d92f14b048a71531e0e2b2819421c">
.github/workflows/pipelines.yml
</a>
</li>
<li class="file-stats">
<a href="#8ec9a00bfd09b3190ac6b22251dbb1aa95a0579d">
README.md
</a>
</li>
<li class="file-stats">
<a href="#9c96da0e9f91d7d8937b69b524702c106258f0d1">
debian/changelog
</a>
</li>
<li class="file-stats">
<a href="#ff41455272b21d0e7ff5aa70d6a8c0fea800c887">
man/man5/ipahealthcheck.conf.5
</a>
</li>
<li class="file-stats">
<a href="#cf39bdc2d6ab11da033ac0ee99031dafffc6aea4">
man/man8/ipa-healthcheck.8
</a>
</li>
<li class="file-stats">
<a href="#fb159141c98dfc6dc91d2cf922e7b89142c624a0">
pylint_plugins.py
</a>
</li>
<li class="file-stats">
<a href="#8e2edce0d507e1297474f25c00cae94258db38d8">
setup.py
</a>
</li>
<li class="file-stats">
<a href="#58eb99f10f18aaea73d5adadbe927df0afe71093">
src/ipahealthcheck/core/core.py
</a>
</li>
<li class="file-stats">
<a href="#fe5062106a80753c1dc4be24b19380351ed6e727">
src/ipahealthcheck/core/files.py
</a>
</li>
<li class="file-stats">
<a href="#65242a1add8c2a7aa3f9418950cd2bf29ee96259">
src/ipahealthcheck/core/main.py
</a>
</li>
<li class="file-stats">
<a href="#6e305c948848b8333d4e083847aecf5d3efb5d41">
src/ipahealthcheck/core/output.py
</a>
</li>
<li class="file-stats">
<a href="#498253ceab8a07a1c7b4e37fb74a63e47322a522">
src/ipahealthcheck/core/plugin.py
</a>
</li>
<li class="file-stats">
<a href="#ec7c3d0e9261d29f34f895d1182fc7170df53fc5">
src/ipahealthcheck/dogtag/ca.py
</a>
</li>
<li class="file-stats">
<a href="#e731a9de6a41ccf7bdfbbef5ab2f2dd4b4c07dd3">
src/ipahealthcheck/ipa/certs.py
</a>
</li>
<li class="file-stats">
<a href="#9209ccbeebb00cbe65a80dbe72b5998276c7e07b">
src/ipahealthcheck/ipa/files.py
</a>
</li>
<li class="file-stats">
<a href="#65669322dcc9729777519ddce6870c4fd1cd44d4">
src/ipahealthcheck/ipa/host.py
</a>
</li>
<li class="file-stats">
<a href="#e4cf93f8516ef19917e23e1cfafa1bf5c6436f77">
src/ipahealthcheck/ipa/idns.py
</a>
</li>
<li class="file-stats">
<a href="#e1bcfe567610d499f55e6f2628ca9fe22fc2d9b7">
src/ipahealthcheck/ipa/kdc.py
</a>
</li>
<li class="file-stats">
<a href="#10a9651fa54ebc8d79d96ebaf48150e2cf02e3d0">
src/ipahealthcheck/ipa/roles.py
</a>
</li>
<li class="file-stats">
<a href="#2e66ac95e2f4880baf88375b2d4a63c18bca9f0d">
src/ipahealthcheck/ipa/trust.py
</a>
</li>
<li class="file-stats">
<a href="#1c45199cebcbc8e1c8a54f03e0ed5bb4cca0e29e">
src/ipahealthcheck/meta/services.py
</a>
</li>
<li class="file-stats">
<a href="#de93b9c0aeeaefafdd509a3fb042b765b3a2fabc">
<span class="new-file">
+
tests/fixtures/output/prometheus/all.prom
</span>
</a>
</li>
<li class="file-stats">
<a href="#06c40582f46cbc98ba550a19989a93a286dcd40e">
tests/test_commands.py
</a>
</li>
<li class="file-stats">
<a href="#8ef774410af19c9f2bf9a293c3f7c6540cf26311">
tests/test_core_files.py
</a>
</li>
<li class="file-stats">
<a href="#732f55d7b07f63a1d522155e50c8acf1db436712">
tests/test_dogtag_connectivity.py
</a>
</li>
<li class="file-stats">
<a href="#6771b982eea527535b6f84587daeef19b6837bff">
tests/test_ipa_agent.py
</a>
</li>
<li class="file-stats">
<a href="#0b1a89b101ea683d5bba69b940cdd081ba0e96d6">
tests/test_ipa_certfile_expiration.py
</a>
</li>
<li class="file-stats">
<a href="#d7f32f897718d99f36128aa626effe4c16699d22">
tests/test_ipa_dns.py
</a>
</li>
<li class="file-stats">
<a href="#3f9d9bcdad3613706d740170bc240586936c3307">
tests/test_ipa_kdc.py
</a>
</li>
<li class="file-stats">
<a href="#002975346a094e48e8fb293c5ffdd0e2e24cab64">
tests/test_ipa_nssdb.py
</a>
</li>
</ul>
<h5 style="margin-top: 10px; margin-bottom: 10px; font-size: 0.875rem;">
The diff was not included because it is too large.
</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #737278;">
—
<br>
<a href="https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/compare/8838639468f38a9a7f3bba0cf44bbbe33f042f54...8e38c563b9a2fd349db99035e5ed4d24f41100e3">View it on GitLab</a>.
<br>
You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://salsa.debian.org">salsa.debian.org</a>. <a href="https://salsa.debian.org/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://salsa.debian.org/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>
</p>
</div>
</body>
</html>