[Pkg-freeipa-devel] [Git][freeipa-team/custodia][upstream] 42 commits: Post release bump to 0.6.dev1
Timo Aaltonen
gitlab at salsa.debian.org
Sat Aug 4 13:52:34 BST 2018
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / custodia
Commits:
d12f7618 by Christian Heimes at 2017-05-10T16:00:22Z
Post release bump to 0.6.dev1
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
95fde208 by Fraser Tweedale at 2017-05-11T11:34:41Z
doc: update quickstart guide to create log dir
With the current quickstart guide, starting the server fails because
the /var/log/custodia directory does not exist (or is not writable
by regular user). Update the example quick.conf to specify 'log' as
the logdir, and instruct the reader to create it.
Signed-off-by: Fraser Tweedale <ftweedal at redhat.com>
Reviewed-by: Simo Sorce <simo at redhat.com>
Closes #196
- - - - -
b1504129 by Christian Heimes at 2017-05-12T08:57:15Z
Move quick guide configs to separate files
The configuration from the quick start guide is currently hard to test.
Move all config sniplets into separate files and include them with
`literalinclude`.
Use the new conf.d feature to include additional config files.
Make all files relative to ${configdir}
Use autogen_master_key to create the master key for encrypted overlay.
Replaces PR #196.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
cfedf43e by Raildo Mascena at 2017-06-19T18:03:27Z
Fixing pylint issue
Skipping an import error in the client.py
Signed-off-by: Raildo Mascena <rmascena at redhat.com>
- - - - -
92b9e07d by Raildo Mascena at 2017-06-19T18:03:27Z
Fixing doc issue
Missing two words "doesn" and "ve" int he spelling wordlist
Signed-off-by: Raildo Mascena <rmascena at redhat.com>
- - - - -
1384a36e by Raildo Mascena at 2017-06-19T18:03:27Z
Make key container creation idempotent
Container creation returns a 409 Conflict if the container
already exists, but since the request doesn't take any
additional parameters, there's really no conflict.
Update the API return, if the container exists, to 200 OK.
Users could still distinguish whether the container
already existed by checking for 200 OK vs 201 Created.
Signed-off-by: Raildo Mascena <rmascena at redhat.com>
Closes: #206
- - - - -
4dfb7e4e by Christian Heimes at 2017-06-29T16:25:05Z
Document requests 2.18 behavor change
Also enable pylint's import-error checker after the block.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
11f5d200 by Raildo Mascena at 2017-06-29T16:39:59Z
Adding tests for Authenticators
In the auth session in the configuration file
we have header funcions to point to the authentication
path on Custodia. We should test that Custodia
can handle with valid and invalid headers.
Signed-off-by: Raildo Mascena <rmascena at redhat.com>
Reviewed-by: Christian Heimes <cheimes at redhat.com>
- - - - -
a1bfd5e5 by Christian Heimes at 2017-06-29T16:40:40Z
coverage report of cli and server execution
- - - - -
753f3d01 by Christian Heimes at 2017-06-30T14:05:05Z
Tests: lifeness probe of process and socket
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
d32113a8 by Christian Heimes at 2017-06-30T14:05:05Z
Disable coverage for CUSTODIAPYTHON
Commit a1bfd5e5 causes tests on Travis CI to become unstable. Tests are
failing randomly without any pattern.
- - - - -
36243d0d by Petr Čech at 2017-07-24T14:16:39Z
Fix of container documentation
In #206 was changed of return code for case when user requests
creation of existing container. It was changed from 409 to 200.
This patch propagates this change to the documentation.
Resolves #216
Signed-off-by: Petr Čech <pcech at redhat.com>
- - - - -
ea9e9450 by Simo Sorce at 2017-07-25T14:50:43Z
Add secret_pinning option to encgen driver
This option adds the key name into the protected header of the JWE token
used to encryp secrets. This allows Custodia to verify that the database
was not tampered with (e.g. secrets swapped between keys).
If enabled this option will cause exception when pre-exsiting keys
generated without the protected header are looked up.
however turning off this option will not cause failures.
Signed-off-by: Simo Sorce <simo at redhat.com>
- - - - -
df62abbc by Raildo Mascena at 2017-07-25T14:50:43Z
Adding tests to secret_protection option to encgen driver
Signed-off-by: Raildo Mascena <rmascena at redhat.com>
- - - - -
e461798c by Christian Heimes at 2017-08-02T13:54:29Z
Add temporary workaround for issue with latest urllib3
The problem is addressed in requests dev:
See https://github.com/requests/requests/blob/master/HISTORY.rst
Fixed issue where Requests would raise ConnectionError instead of
SSLError when encoutering SSL problems when using urllib3 v1.22.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
63821d3b by Christian Heimes at 2017-08-02T13:54:29Z
Add client auth EKU to CA
OpenSSL 1.1.0 is more strict and validates EKU of CA. Our test CA has
only EKU "TLS Web Server Authentication" set. Add "TLS Web Client
Authentication" to fix tests on Fedora 26.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
cf0b4ab4 by Christian Heimes at 2017-08-02T17:15:14Z
Update Dockerfile to use Fedora 26
Also replace old MAINTAINER by new LABEL syntax.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
2afba904 by Christian Heimes at 2017-08-02T17:15:14Z
Use latest custodia.spec from fedpkg
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
d81cdb98 by Christian Heimes at 2017-08-03T19:16:45Z
Add connection timeout to Custodia client
Custodia client classes have grown a default timeout instance attribute.
The forwarder plugin and CLI have a new timeout option. The default
timeout for both is 10 seconds.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Closes: #208
- - - - -
c500b98b by Christian Heimes at 2017-08-03T19:17:21Z
Merge custodia.ipa v0.4.2
Merge and integrate custodia.ipa v0.4.2 into custodia main line.
https://github.com/latchset/custodia.ipa/tree/v0.4.2
custodia.ipa commit 76a4b6fb984e257fadfa3ef39df2f4b9733712a7
- - - - -
3dff1215 by Christian Heimes at 2017-08-03T19:17:21Z
Finalize integration of custodia.ipa
- Merge READMEs
- Add documentation
- Add plugins and dependencies to setup.py
- Travis CI: install new dependencies
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
987afad1 by Christian Heimes at 2017-08-03T19:17:21Z
Add workaround for pyasn1 0.3.1 issue with FreeIPA
pyasn1 0.3.1 broke FreeIPA because ASN1 types no longer take positional
arguments in __init__. It broke univ.SequenceOf(char.GeneralString()).
https://pagure.io/freeipa/issue/7082
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
684692a9 by Christian Heimes at 2017-08-03T19:17:21Z
Latest pytest injects PYTEST_CURRENT_TEST env var
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
c3687d5c by Christian Heimes at 2017-08-10T15:55:06Z
Log SSLContext parameters for TLS server
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Closes: #200
- - - - -
0dccc811 by Christian Heimes at 2017-08-10T17:57:39Z
Check more tests with pylint
Closes: #224
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
a1aeade5 by Petr Čech at 2017-08-11T07:18:02Z
Add functional tests
There are set of simple functional tests.
It is neccesary to run it on box with Custodia installed.
Signed-off-by: Petr Čech <pcech at redhat.com>
- - - - -
a76747b2 by Christian Heimes at 2017-08-11T12:41:07Z
Document systemd override for custodia.ipa
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
d8cf727f by Christian Heimes at 2017-08-22T12:48:28Z
Support comma and space separated options
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
08515e86 by Christian Heimes at 2017-12-13T11:13:10Z
Drop pyasn1 workaround for IPA
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
e430804e by Christian Heimes at 2018-01-10T13:48:48Z
Disable pytest's logging capture
The new feature is breaking tests.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
1e370553 by Christian Heimes at 2018-01-10T13:48:48Z
Drop support for Python 3.4
Tests are failing under 3.4 because IPA packages no longer support 3.4.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
bdab654e by Christian Heimes at 2018-01-10T13:48:48Z
Fix ValueError formatting in server
Issue was found by pylint.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
835303ac by Christian Heimes at 2018-01-10T13:48:48Z
Reformat code to address pep8 warnings
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
58c5de0a by Christian Heimes at 2018-01-10T13:48:48Z
Ignore pylint warning for LoggingAdapter.exception
In Python 3, the exception method has the function signature
def exception(self, msg, *args, exc_info=True, **kwargs):
but Python 2 does not allow that syntax.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
64168498 by Christian Heimes at 2018-01-10T13:48:48Z
Use requests.exceptions
In Python 3, ConnectionError is also a builtin exception. Import and use
the exceptions package from requests to avoid name collision.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
f3b6ff55 by Christian Heimes at 2018-01-10T13:48:48Z
Run pylint under Python 3
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
511bf2a1 by Christian Heimes at 2018-01-10T15:11:51Z
Upgrade Dockerfile
- use Fedora 27
- include dependencies for custodia.ipa
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
90a1660f by Jan Pazdziora at 2018-01-17T17:00:22Z
Add support for GSSAPI authentication.
- - - - -
95967d3d by Christian Heimes at 2018-01-17T17:00:22Z
Update GSSAPI code
- Make dependency on requests_gssapi optional
- Add requests_gssapi to setup.py
- Add simple test case
- Move auth options to mutually exclusive groups
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
c9463ad6 by Christian Heimes at 2018-06-25T11:11:44Z
Remove etcd storage plugin
The etcd storage plugin was added as a tech demo and proof of concept
to show, how an external database could be used to store secrets. It
hasn't been evolved into a production-ready storage plugin. Further more
it is limited to etcd2 API and not etcd3's new gPRC.
Since it's not usable and causes additional overhead in testing and
downstream packaging, we decided to remove the plugin from the core
distribution.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
bb92dee8 by Christian Heimes at 2018-06-25T12:13:08Z
Allow testing without gssapi and ipaclient
Make tests pass without presence of requests_gssapi or ipaclient
package.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
16bb360c by Christian Heimes at 2018-06-25T12:55:48Z
Release v0.6.0
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
30 changed files:
- .gitignore
- .travis.yml
- API.md
- MANIFEST.in
- Makefile
- README
- README.md
- + contrib/config/custodia/ipa.conf
- contrib/docker/Dockerfile
- custodia.spec
- docs/docs_requirements.txt
- docs/source/api.rst
- docs/source/plugins/index.rst
- + docs/source/plugins/ipa.rst
- docs/source/plugins/stores.rst
- docs/source/quick.rst
- + docs/source/quick/quick.conf
- + docs/source/quick/quick.conf.d/00-sak.conf
- + docs/source/quick/quick.conf.d/10-namespace.conf
- + docs/source/quick/quick.conf.d/20-encrypted.conf
- docs/source/readme.rst
- docs/source/spelling_wordlist.txt
- setup.py
- src/custodia/__about__.py
- src/custodia/cli/__init__.py
- src/custodia/client.py
- src/custodia/forwarder.py
- src/custodia/httpd/server.py
- + src/custodia/ipa/__init__.py
- + src/custodia/ipa/certrequest.py
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/custodia/compare/6019cd361df693b963f16a6e7e8aad8d2be50be0...16bb360c8d87defaea62f4a52b2d2d6f3b435411
--
View it on GitLab: https://salsa.debian.org/freeipa-team/custodia/compare/6019cd361df693b963f16a6e7e8aad8d2be50be0...16bb360c8d87defaea62f4a52b2d2d6f3b435411
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20180804/9fc2ebf0/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list