{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":4340318,"defaultBranch":"master","name":"freeipa","ownerLogin":"freeipa","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2012-05-15T20:34:40.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/10979201?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1706113113.0","currentOid":""},"activityList":{"items":[{"before":"84eed2a67fb515f4d5d0af3479c077bf5b788d56","after":"536812080502baa51818d9a33ea6533675800b30","ref":"refs/heads/master","pushedAt":"2024-05-23T19:12:50.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"custodia: do not use deprecated jwcrypto wrappers\n\njwcrypto has turned JWK object into a dict-like structure in 2020 and\nmarked data wrappers as deprecated. The only exception for direct\nfoo['bar'] access is a key ID -- some keys might have no 'kid' property,\nthus it is best to use jwk.get('kid') instead for those.\n\nFixes: https://pagure.io/freeipa/issue/9597\n\nSigned-off-by: Alexander Bokovoy <abokovoy@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"custodia: do not use deprecated jwcrypto wrappers"}},{"before":"805fec082ed532049a5dc10b53e15081183ee8f3","after":"ea93ef9a087ce0a504382e3689e5ee9f1809c082","ref":"refs/heads/ipa-4-9","pushedAt":"2024-05-23T19:12:00.000Z","pushType":"push","commitsCount":6,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Force python 3.10 in tox environments\n\nSigned-off-by: Alexander Bokovoy <abokovoy@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"Force python 3.10 in tox environments"}},{"before":"90631ffc62cbae4b966e3eac56cb09388a446e86","after":"5f5c6542882752daf253b2aa2630c5a2a56fd6e9","ref":"refs/heads/ipa-4-10","pushedAt":"2024-05-23T19:11:23.000Z","pushType":"push","commitsCount":5,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Force python 3.11 in tox environments\n\nSigned-off-by: Alexander Bokovoy <abokovoy@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"Force python 3.11 in tox environments"}},{"before":"3485597cf5baa0422a58c8634c1da41cb79095ed","after":"2e75f569903a8b029ab468657f70e4802002f844","ref":"refs/heads/ipa-4-11","pushedAt":"2024-05-23T17:39:00.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"frontend: add systemd journal audit of executed API commands\n\nFor each executed command in server context, send the information about\nthe command to the systemd journal. The resulting string is similar to\nwhat is recored in httpd's error_log for API requests coming through the\nRPC layer.\n\nIn server mode operations are performed directly on the server over\nLDAPI unix domain socket, so httpd end-point is not used and therefore\noperations aren't recorded in the error_log.\n\nWith this change any IPA API operation is sent as an audit event to the\njournal, alog with additional information collected by the journald\nitself.\n\nTo aid with identification of these messages, an application name is\nreplaced with IPA.API and the actual name from api.env.script is made a\npart of the logged message. The actual application script name is\navailable as part of the journal metadata anyway.\n\nIf no Kerberos authentication was used but rather LDAPI autobind was in\nuse, the name of the authenticated principal will be replaced with\n[autobind].\n\nMessages sent with syslog NOTICE priority.\n\nMore information is available in the design document 'audit-ipa-api.md'\n\nFixes: https://pagure.io/freeipa/issue/9589\n\nSigned-off-by: Alexander Bokovoy <abokovoy@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"frontend: add systemd journal audit of executed API commands"}},{"before":"9e861693fcb79d256af6d0cfe26f27c7f7ff8e13","after":"84eed2a67fb515f4d5d0af3479c077bf5b788d56","ref":"refs/heads/master","pushedAt":"2024-05-22T21:06:49.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"frontend: add systemd journal audit of executed API commands\n\nFor each executed command in server context, send the information about\nthe command to the systemd journal. The resulting string is similar to\nwhat is recored in httpd's error_log for API requests coming through the\nRPC layer.\n\nIn server mode operations are performed directly on the server over\nLDAPI unix domain socket, so httpd end-point is not used and therefore\noperations aren't recorded in the error_log.\n\nWith this change any IPA API operation is sent as an audit event to the\njournal, alog with additional information collected by the journald\nitself.\n\nTo aid with identification of these messages, an application name is\nreplaced with IPA.API and the actual name from api.env.script is made a\npart of the logged message. The actual application script name is\navailable as part of the journal metadata anyway.\n\nIf no Kerberos authentication was used but rather LDAPI autobind was in\nuse, the name of the authenticated principal will be replaced with\n[autobind].\n\nMessages sent with syslog NOTICE priority.\n\nMore information is available in the design document 'audit-ipa-api.md'\n\nFixes: https://pagure.io/freeipa/issue/9589\n\nSigned-off-by: Alexander Bokovoy <abokovoy@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"frontend: add systemd journal audit of executed API commands"}},{"before":"dc9833215327c1bdb58061b61b0ec68c9343ecb9","after":"805fec082ed532049a5dc10b53e15081183ee8f3","ref":"refs/heads/ipa-4-9","pushedAt":"2024-05-22T21:04:38.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"idviews: Use ipaAnchorUUID without DCERPC bindings for SID anchors\n\nSID anchors are only resolvable on servers with DCERPC bindings\ninstalled. On non agent replica these bindings are not installed and\ntherefore group and role management if there are AD user idoverride\nmembers.\n\nIf there is an ipaUserOverride for the anchor, the ipaoriginaluid is\nreturned.\n\nFixes: https://pagure.io/freeipa/issue/9544\n\nSigned-off-by: Thomas Woerner <twoerner@redhat.com>\nReviewed-By: Alexander Bokovoy <abokovoy@redhat.com>","shortMessageHtmlLink":"idviews: Use ipaAnchorUUID without DCERPC bindings for SID anchors"}},{"before":"a51a51f9ecdec2311ce9ded46859638cee7ad33f","after":"90631ffc62cbae4b966e3eac56cb09388a446e86","ref":"refs/heads/ipa-4-10","pushedAt":"2024-05-22T21:03:54.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"idviews: Use ipaAnchorUUID without DCERPC bindings for SID anchors\n\nSID anchors are only resolvable on servers with DCERPC bindings\ninstalled. On non agent replica these bindings are not installed and\ntherefore group and role management if there are AD user idoverride\nmembers.\n\nIf there is an ipaUserOverride for the anchor, the ipaoriginaluid is\nreturned.\n\nFixes: https://pagure.io/freeipa/issue/9544\n\nSigned-off-by: Thomas Woerner <twoerner@redhat.com>\nReviewed-By: Alexander Bokovoy <abokovoy@redhat.com>","shortMessageHtmlLink":"idviews: Use ipaAnchorUUID without DCERPC bindings for SID anchors"}},{"before":"d29eb6dc2a5c1eb7cf3985ed2f06657612f5fa40","after":"3485597cf5baa0422a58c8634c1da41cb79095ed","ref":"refs/heads/ipa-4-11","pushedAt":"2024-05-22T21:03:13.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"idviews: Use ipaAnchorUUID without DCERPC bindings for SID anchors\n\nSID anchors are only resolvable on servers with DCERPC bindings\ninstalled. On non agent replica these bindings are not installed and\ntherefore group and role management if there are AD user idoverride\nmembers.\n\nIf there is an ipaUserOverride for the anchor, the ipaoriginaluid is\nreturned.\n\nFixes: https://pagure.io/freeipa/issue/9544\n\nSigned-off-by: Thomas Woerner <twoerner@redhat.com>\nReviewed-By: Alexander Bokovoy <abokovoy@redhat.com>","shortMessageHtmlLink":"idviews: Use ipaAnchorUUID without DCERPC bindings for SID anchors"}},{"before":"5ff1f59c470e5c4ac7875c58c7bddcea63ee1e0e","after":"dc9833215327c1bdb58061b61b0ec68c9343ecb9","ref":"refs/heads/ipa-4-9","pushedAt":"2024-05-22T21:01:54.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Add permissions for topologysegment\n\nI don't know why these weren't added originally when the\ntopology plugin was created.\n\nAdd them all to the 'Replication Administrators' privilege\n\nFixes: https://pagure.io/freeipa/issue/9594\n\nSigned-off-by: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Alexander Bokovoy <abokovoy@redhat.com>","shortMessageHtmlLink":"Add permissions for topologysegment"}},{"before":"b729d6cbc27f60293054225e0d3d9d02169fd52f","after":"a51a51f9ecdec2311ce9ded46859638cee7ad33f","ref":"refs/heads/ipa-4-10","pushedAt":"2024-05-22T21:01:03.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Add permissions for topologysegment\n\nI don't know why these weren't added originally when the\ntopology plugin was created.\n\nAdd them all to the 'Replication Administrators' privilege\n\nFixes: https://pagure.io/freeipa/issue/9594\n\nSigned-off-by: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Alexander Bokovoy <abokovoy@redhat.com>","shortMessageHtmlLink":"Add permissions for topologysegment"}},{"before":"88abda57d53c25cb9a4d306edd212f44045d6e46","after":"d29eb6dc2a5c1eb7cf3985ed2f06657612f5fa40","ref":"refs/heads/ipa-4-11","pushedAt":"2024-05-22T20:59:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Add permissions for topologysegment\n\nI don't know why these weren't added originally when the\ntopology plugin was created.\n\nAdd them all to the 'Replication Administrators' privilege\n\nFixes: https://pagure.io/freeipa/issue/9594\n\nSigned-off-by: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Alexander Bokovoy <abokovoy@redhat.com>","shortMessageHtmlLink":"Add permissions for topologysegment"}},{"before":"26ceb4efecf4d00b908cbb7f5b408995ca3de52d","after":"88abda57d53c25cb9a4d306edd212f44045d6e46","ref":"refs/heads/ipa-4-11","pushedAt":"2024-05-22T20:55:22.000Z","pushType":"push","commitsCount":11,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"batch: add keeponly option\n\nbatch(methods=Dict(), keeponly=list) will allow to execute batch of\ncommands and remove from the output everything but the attributes which\nnames were passed in the keeponly list.\n\nThis can be useful if you are only interested in getting names and\nassigned random passwords, for example.\n\nFix batch API test in test_integration/test_idm_api.py and use it to\nvalidate keeponly option.\n\nFixes: https://pagure.io/freeipa/issue/9583\n\nSigned-off-by: Alexander Bokovoy <abokovoy@redhat.com>\nReviewed-By: Thomas Woerner <twoerner@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>\nReviewed-By: Thomas Woerner <twoerner@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>","shortMessageHtmlLink":"batch: add keeponly option"}},{"before":"8a007132e26bd36e5f7857fa90045fa35e8c528a","after":"5ff1f59c470e5c4ac7875c58c7bddcea63ee1e0e","ref":"refs/heads/ipa-4-9","pushedAt":"2024-05-22T09:16:57.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Issue 9591 - Allow get_ruv() to handle incomplete RUV elements\n\nSometimes RUV's are missing the LDAP Url and max/min csns. This prevents\ncleanallruv task from running.  However, cleanallruv doesn't need to\nknow the LDAP URL or min/max csns. Added a new paramter to get_run()\ncalled \"strict\", and when set to False it will still process and\ninclude incomplete RUVs.\n\nFixes: https://pagure.io/freeipa/issue/9591\n\nSigned-off-by: Mark Reynolds <mreynolds@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"Issue 9591 - Allow get_ruv() to handle incomplete RUV elements"}},{"before":"74791ea19abf2413e1e65be30912976523141654","after":"8a007132e26bd36e5f7857fa90045fa35e8c528a","ref":"refs/heads/ipa-4-9","pushedAt":"2024-05-22T09:04:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"ipatests: Update ipa-adtrust-install test\n\nupdate after change in implementation of `krb_utils.get_principal()` now using GSSAPI\n\nRelated: https://pagure.io/freeipa/issue/9575\n\nSigned-off-by: Erik Belko <ebelko@redhat.com>\nReviewed-By: Michal Polovka <mpolovka@redhat.com>","shortMessageHtmlLink":"ipatests: Update ipa-adtrust-install test"}},{"before":"888c695d183a7422c596ba632fd695bbe84668a7","after":"b729d6cbc27f60293054225e0d3d9d02169fd52f","ref":"refs/heads/ipa-4-10","pushedAt":"2024-05-22T08:08:02.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"ipatests: Update ipa-adtrust-install test\n\nupdate after change in implementation of `krb_utils.get_principal()` now using GSSAPI\n\nRelated: https://pagure.io/freeipa/issue/9575\n\nSigned-off-by: Erik Belko <ebelko@redhat.com>\nReviewed-By: Michal Polovka <mpolovka@redhat.com>","shortMessageHtmlLink":"ipatests: Update ipa-adtrust-install test"}},{"before":"d5a842da96412687c48d73cbc48a079918863051","after":"26ceb4efecf4d00b908cbb7f5b408995ca3de52d","ref":"refs/heads/ipa-4-11","pushedAt":"2024-05-22T08:07:18.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"ipatests: Update ipa-adtrust-install test\n\nupdate after change in implementation of `krb_utils.get_principal()` now using GSSAPI\n\nRelated: https://pagure.io/freeipa/issue/9575\n\nSigned-off-by: Erik Belko <ebelko@redhat.com>\nReviewed-By: Michal Polovka <mpolovka@redhat.com>","shortMessageHtmlLink":"ipatests: Update ipa-adtrust-install test"}},{"before":"6fc35156d91ce2265f02ed12224bce08c21b99e6","after":"9e861693fcb79d256af6d0cfe26f27c7f7ff8e13","ref":"refs/heads/master","pushedAt":"2024-05-22T08:04:04.000Z","pushType":"push","commitsCount":11,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"batch: add keeponly option\n\nbatch(methods=Dict(), keeponly=list) will allow to execute batch of\ncommands and remove from the output everything but the attributes which\nnames were passed in the keeponly list.\n\nThis can be useful if you are only interested in getting names and\nassigned random passwords, for example.\n\nFix batch API test in test_integration/test_idm_api.py and use it to\nvalidate keeponly option.\n\nFixes: https://pagure.io/freeipa/issue/9583\n\nSigned-off-by: Alexander Bokovoy <abokovoy@redhat.com>\nReviewed-By: Thomas Woerner <twoerner@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>","shortMessageHtmlLink":"batch: add keeponly option"}},{"before":"9dc57ef77e276773b91c567f83498a69d382ba13","after":"6fc35156d91ce2265f02ed12224bce08c21b99e6","ref":"refs/heads/master","pushedAt":"2024-05-22T08:01:17.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Add permissions for topologysegment\n\nI don't know why these weren't added originally when the\ntopology plugin was created.\n\nAdd them all to the 'Replication Administrators' privilege\n\nFixes: https://pagure.io/freeipa/issue/9594\n\nSigned-off-by: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Alexander Bokovoy <abokovoy@redhat.com>","shortMessageHtmlLink":"Add permissions for topologysegment"}},{"before":"47920e78c81380c0a40986e55f05246aac132fbb","after":"9dc57ef77e276773b91c567f83498a69d382ba13","ref":"refs/heads/master","pushedAt":"2024-05-22T07:59:59.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"idviews: Use ipaAnchorUUID without DCERPC bindings for SID anchors\n\nSID anchors are only resolvable on servers with DCERPC bindings\ninstalled. On non agent replica these bindings are not installed and\ntherefore group and role management if there are AD user idoverride\nmembers.\n\nIf there is an ipaUserOverride for the anchor, the ipaoriginaluid is\nreturned.\n\nFixes: https://pagure.io/freeipa/issue/9544\n\nSigned-off-by: Thomas Woerner <twoerner@redhat.com>\nReviewed-By: Alexander Bokovoy <abokovoy@redhat.com>","shortMessageHtmlLink":"idviews: Use ipaAnchorUUID without DCERPC bindings for SID anchors"}},{"before":"d50928f9079f57ffd136fff7e388d387f60ee06a","after":"888c695d183a7422c596ba632fd695bbe84668a7","ref":"refs/heads/ipa-4-10","pushedAt":"2024-05-21T20:46:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Issue 9591 - Allow get_ruv() to handle incomplete RUV elements\n\nSometimes RUV's are missing the LDAP Url and max/min csns. This prevents\ncleanallruv task from running.  However, cleanallruv doesn't need to\nknow the LDAP URL or min/max csns. Added a new paramter to get_run()\ncalled \"strict\", and when set to False it will still process and\ninclude incomplete RUVs.\n\nFixes: https://pagure.io/freeipa/issue/9591\n\nSigned-off-by: Mark Reynolds <mreynolds@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"Issue 9591 - Allow get_ruv() to handle incomplete RUV elements"}},{"before":"a41e5e2a244f8fa2edfd7db1e821d8b0f3bbd997","after":"d5a842da96412687c48d73cbc48a079918863051","ref":"refs/heads/ipa-4-11","pushedAt":"2024-05-21T13:29:16.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Issue 9591 - Allow get_ruv() to handle incomplete RUV elements\n\nSometimes RUV's are missing the LDAP Url and max/min csns. This prevents\ncleanallruv task from running.  However, cleanallruv doesn't need to\nknow the LDAP URL or min/max csns. Added a new paramter to get_run()\ncalled \"strict\", and when set to False it will still process and\ninclude incomplete RUVs.\n\nFixes: https://pagure.io/freeipa/issue/9591\n\nSigned-off-by: Mark Reynolds <mreynolds@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"Issue 9591 - Allow get_ruv() to handle incomplete RUV elements"}},{"before":"544652aae43506ef974fc7331ce8612884a7d01e","after":"47920e78c81380c0a40986e55f05246aac132fbb","ref":"refs/heads/master","pushedAt":"2024-05-21T12:51:18.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"ipatests: Update ipa-adtrust-install test\n\nupdate after change in implementation of `krb_utils.get_principal()` now using GSSAPI\n\nRelated: https://pagure.io/freeipa/issue/9575\n\nSigned-off-by: Erik Belko <ebelko@redhat.com>\nReviewed-By: Michal Polovka <mpolovka@redhat.com>","shortMessageHtmlLink":"ipatests: Update ipa-adtrust-install test"}},{"before":"f225b3df17a4c01e62f659fe70fc5427bab1f387","after":"544652aae43506ef974fc7331ce8612884a7d01e","ref":"refs/heads/master","pushedAt":"2024-05-20T18:52:40.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Issue 9591 - Allow get_ruv() to handle incomplete RUV elements\n\nSometimes RUV's are missing the LDAP Url and max/min csns. This prevents\ncleanallruv task from running.  However, cleanallruv doesn't need to\nknow the LDAP URL or min/max csns. Added a new paramter to get_run()\ncalled \"strict\", and when set to False it will still process and\ninclude incomplete RUVs.\n\nFixes: https://pagure.io/freeipa/issue/9591\n\nSigned-off-by: Mark Reynolds <mreynolds@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"Issue 9591 - Allow get_ruv() to handle incomplete RUV elements"}},{"before":"b34525c76e9f8182950bbbdd6fa3ae62f5301064","after":"f225b3df17a4c01e62f659fe70fc5427bab1f387","ref":"refs/heads/master","pushedAt":"2024-05-20T18:47:25.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Don't try to validate the HSM arguments on a non-HSM installation\n\nIf there is no token name it is safe to assume that an HSM\ninstallation is not requested. The validator assumes that if\nthere is a token name then the library and password are also\nprovided.\n\nFixes: https://pagure.io/freeipa/issue/9593\n\nSigned-off-by: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>","shortMessageHtmlLink":"Don't try to validate the HSM arguments on a non-HSM installation"}},{"before":"42e49c12d1dc2e7899ef4df1223a88ab6c70bed2","after":"a41e5e2a244f8fa2edfd7db1e821d8b0f3bbd997","ref":"refs/heads/ipa-4-11","pushedAt":"2024-05-20T12:19:46.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Spec file: add support for sss_ssh_knownhosts\n\nsss_ssh_knownhostsproxy will be deprecated in favor of sss_ssh_knownhosts. This commit\nimplements a mechanism to apply the change when upgrading from older versions.\n\nFixes: https://pagure.io/freeipa/issue/9536\nSigned-off-by: Francisco Trivino <ftrivino@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Florence Blanc-Renaud <flo@redhat.com>","shortMessageHtmlLink":"Spec file: add support for sss_ssh_knownhosts"}},{"before":"6af8577d58c4b2bed04ec0bd02042ba7122ab518","after":"b34525c76e9f8182950bbbdd6fa3ae62f5301064","ref":"refs/heads/master","pushedAt":"2024-05-17T07:54:26.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Spec file: add support for sss_ssh_knownhosts\n\nsss_ssh_knownhostsproxy will be deprecated in favor of sss_ssh_knownhosts. This commit\nimplements a mechanism to apply the change when upgrading from older versions.\n\nFixes: https://pagure.io/freeipa/issue/9536\nSigned-off-by: Francisco Trivino <ftrivino@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Florence Blanc-Renaud <flo@redhat.com>","shortMessageHtmlLink":"Spec file: add support for sss_ssh_knownhosts"}},{"before":"bb8dd0bfcd42f9221e12f4a675b54432848db441","after":"6af8577d58c4b2bed04ec0bd02042ba7122ab518","ref":"refs/heads/master","pushedAt":"2024-05-16T12:53:15.000Z","pushType":"push","commitsCount":32,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"docs: Add a section on SELinux modules to the HSM design\n\nAdditional SELinux rules are necessary for the HSM to be\nmanaged by IPA and certmonger. Given the infinite possible\nnaming combinations of library paths and modules this is\na best effort. A message is logged if a missing module\nis detected.\n\nRelated: https://pagure.io/freeipa/issue/9273\n\nSigned-off-by: Rob Crittenden <rcritten@redhat.com>\nReviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>","shortMessageHtmlLink":"docs: Add a section on SELinux modules to the HSM design"}},{"before":"ca23c29e0ea1b07f6497c15412c093a47a96bc61","after":"42e49c12d1dc2e7899ef4df1223a88ab6c70bed2","ref":"refs/heads/ipa-4-11","pushedAt":"2024-05-07T13:57:35.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Spec file: depend on nfs-utils or nfsv4-client-utils\n\nThe freeipa-client package currently requires nfs-utils.\nThe requirement can be relaxed and modified into nfs-utils or\nnfsv4-client-utils.\n\nFixes: https://pagure.io/freeipa/issue/9586\n\nSigned-off-by: Florence Blanc-Renaud <flo@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"Spec file: depend on nfs-utils or nfsv4-client-utils"}},{"before":"9e1e22d46b19a4728bf8e67633613fa71bd8acaa","after":"bb8dd0bfcd42f9221e12f4a675b54432848db441","ref":"refs/heads/master","pushedAt":"2024-05-07T12:33:37.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"Spec file: depend on nfs-utils or nfsv4-client-utils\n\nThe freeipa-client package currently requires nfs-utils.\nThe requirement can be relaxed and modified into nfs-utils or\nnfsv4-client-utils.\n\nFixes: https://pagure.io/freeipa/issue/9586\n\nSigned-off-by: Florence Blanc-Renaud <flo@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"Spec file: depend on nfs-utils or nfsv4-client-utils"}},{"before":"671668777ec93442c0047add271be7d13add640e","after":"ca23c29e0ea1b07f6497c15412c093a47a96bc61","ref":"refs/heads/ipa-4-11","pushedAt":"2024-05-07T06:30:45.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"abbra","name":"Alexander Bokovoy","path":"/abbra","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2066?s=80&v=4"},"commit":{"message":"ipaserver: fix incorrect double negative in exception message\n\nSigned-off-by: Pavel Březina <pbrezina@redhat.com>\nReviewed-By: Rob Crittenden <rcritten@redhat.com>","shortMessageHtmlLink":"ipaserver: fix incorrect double negative in exception message"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEUl7VngA","startCursor":null,"endCursor":null}},"title":"Activity · freeipa/freeipa"}