Changelog for
ipa-hcc-selinux-0.18-1.fc40.noarch.rpm :
* Sat Aug 10 2024 Fraser Tweedale
0.18-1- test: use RHEL with golang 1.21 for backend vm- test: fix idm-domains-backend-deploy after RBAC changes- chore: supress mypy errors in generated stubs- fix(HMS-4323): print hcc reponse headers in debug- fix(HMS-4323): print request-id header on auto_enrollment error- fix(HMS-4128): build container- fix: Generic proxy case, formatting- test: explicitely disable ipa-hcc-auto-enrollment in hmsidm-rhel93- test: print enrollment logs before tests- ci: fix artifacts upload- ci: make job metadata collect/teardown more robust- feat(HMS-4049): enable ipa-hcc-auto-enrollment.service via preset- fix: proxy mapping for stage- Use sysusers to create system users- Tests: Fix eslint and RHEL 8 enrollment problems
* Sun Apr 07 2024 Christian Heimes 0.17-2- ipa-hcc-client depends on ipa-client again
* Sat Apr 06 2024 Christian Heimes 0.17-1- Don\'t install /etc/ipa/hcc.conf by default- Refactor: Client scripts now use hccplatform- refactor: Move all server code to ipahcc.server- Feat: Server features detect Console from rhsm.conf- feat: SELinux policy for ipa-hcc-server- Fix EPEL 8 build
* Wed Mar 27 2024 Christian Heimes 0.16-1- HMS-3840 feat: Detect configuration from rhsm.conf- ipahcc-stage-console now configures proxy- HMS-3821 feat: auto enrollment can set DNS resolver- More Fedora packaging fixes- Implement testing with Stage Console APIs- Implement console proxy settings
* Wed Mar 20 2024 Christian Heimes 0.15-1- add CONTRIBUTING.md guidelines- Fedora packaging fixes
* Tue Mar 19 2024 Christian Heimes 0.14-1- Prepare ipa-hcc for Fedora packaging- infra: Add helper for stage console testing- Fix: pylint warning R1737- Fix: Typo in ipa-hcc-auto-enrollment sysconfig- Fix various infra issues- fix HMS-2066: Add timeout to confirmation prompt- test: Test on RHEL 9.3 / 8.9
* Tue Dec 05 2023 Christian Heimes 0.13-1- feat: Enhance reporting and logging- feat: Check remote status with HCC- refactor: Use context=\"hcc\" in IPA API- infra: Log JSON error information- infra: Refresh cache and config file- fix: Use LDAP for public JWKs- refactor: Run ipa-client-automount- fix: Replace legacy with modern Insights API- fix: Limit hostname to 63 characters- fix: Use UEP CA to access prod cert-api- fix: Don\'t create global DNSResolver- feat: Add ipahcc-client-prepare- fix: Fake headers can use org_id/cn from RHSM cert- refactor: Change to --idmsvc-api-url- HMS-2348 feat: Add ephemeral fake header to auto-enrollment- test: Run CI on Fedora 39, drop 37- fix: Better error reporting for missing RHSM cert- fix: Fix typo fdqn -> fqdn- Fix: Keycloak SSO provider requires openid scope- doc: Add test instructions and hcc.conf info- HMS-2814 feat: IPA client installer and automount- test: idm-ci now requires local cloud auth- feat: Add sso.rh.c IdP provider definitions- HMS-2694 fix: Update JWST issuer and docs- HMS-2595 feat: Extend ipa-hcc to retrieve+store JWKs- test: Fix and improve coverage- fix: Update spec file URL- fix: Update git repo URL- HMS-2594: IPA plugin for HCC JWKs- test: Do not install KRA- HMS-2532 fix: attach to api commit- HMS-2491 test: Enable backend tests again- HMS-2491 test: Allow backend test to fail- HMS-2491 refactor: Separate GET signing keys- HMS-2491 test: Update test infra for DRT- HMS-2491 feat: Remove old domain registration- HMS-2491 feat: Update for domain token workflow- refactor: Remove env patching- HMS-2446 feat: New domain reg token- fix: Use gssproxy client keytab- HMS-2446 refactor: Move IPA API to WSGI framework- tests: Add test for deserialize()- tests: Check that serializing compact form gives a ValueError- feat: Add additional check json deserialization and update docs- feat: Rename deserialize_json to deserialize- feat: Do not allow compact serialization for MultiJWST- test: Enable mypy checker for tests- feat: Add domain token to mockapi- test: Run CI with Fedora 37 and 38- HMS-2070 feat: Remove D-Bus service
* Mon Aug 14 2023 Christian Heimes 0.12-1- fix: use new Quay org for CI images- HMS-1789 tests: use AATTpodengo/ipa-hcc COPR- fix: Support latest tox on Fedora 38- fix: Allow non-compact JWT serialization- fix: use OpenAPI from public GitHub repo- test: Build SRPM and RPMs on GHA- test: update packages in containers- fix: Don\'t hard-code inventory url- doc: Add documentation for developers- HMS-2195: fix: Use idmsvc as API slug- feat: update locations- fix: Fix typo in automember rule- HMS-2147 fix: use HostConfIpa schema in HostConfResponse- refactor: Use setuptools to install Python code- fix: store public JWK in separate file- HMS-1857 feat: signed assertion for host registration- HMS-1857 feat: Add multi-sig and host token- HMS-1289 fix: Remove inventory_id from HostConfResponse- HMS-1857 feat: Add JWK abstraction and helpers- feat: Update JSON schema from latest OpenAPI- HMS-2038 test: Smoke tests with idm-domains-backend- HMS-2068: Drop support for RHEL without PKINIT
* Mon Jul 03 2023 Christian Heimes 0.11-1- HMS-2052 build: Use OpenAPI schema from idm-domains-api- HMS-2038 test: catch metadata misconfiguration early- fix: Move rpkg output out of .tox directory- HMS-2041 fix: Represent org id as string, not int- HMS-2038 test: Improve testing with backend compose- HMS-1991 fix: Tighten OpenAPI schema- HMS-2008 feat: Adopt JSON API error objects- Add definitions for missing JSON schemas- HMS-1991 feat: Generate schema JSON files from OpenAPI- HMS-1991: Refactor JSON schema- Add project and build definitions to pyproject.toml- HMS-1898: Fix and validate error response- HMS-1975: Remove check-host API endpoint- Improve CI and test with Python 3.9 (RHEL 9)- register: prompt for confirmation- HMS-1926: Friendly D-Bus error message- ipa-hcc CLI: print human-readable messages- Document how to configure for ephemeral- logging: pretty print API response- Reconcile JSON schema with idm-domains-backend OpenAPI- Add verbose logging to ipa-hcc- Prepare release 0.11- Ephemeral env support with fake headers- Improve Makefile and tox runner- yamllint: don\'t apply truthy test to map keys- Rename field \'cacerts\' to \'ca_certs\'- Reconcile domain response schema- Reconcile register/update domain schema- Document how to install build and test deps- HMS-1898 Reconcile error result schema- Ruff: silence F811 redefined-while-unused
* Wed May 17 2023 Christian Heimes 0.10-1- [HMS-1788] Add simple GH CI workflow- [HMS-1779] Move secrets and settings to CI/CD variables- [HMS-1645] Replace bandit/flake8 with ruff linter- Add infrastructure for mypy type checks- [HMS-1645] Drop IPA 4.6 compatibility workarounds- [HMS-1645] Drop Python 2 compatibility- Run integration tests in FIPS mode- [HMS-1645] Drop support for RHEL 7
* Wed Apr 19 2023 Christian Heimes 0.9-1- Last version with RHEL 7 / Python 2.7 support- [HMS-1607] Use inventory_id in API routes- [HMS-1607] Move common WSGI code into module- Include os-release id and version in HTTP header- [HMS-1479] Implement status check- Drop bundle file, add more ipaserver tests- Detect and block auto-enrollment with FQDN localhost- [HMS-1472] Switch from admintool to D-Bus CLI- Add tests for dbus service, fix hccapi- Move cert parsing into common function- Validate insights registration state
* Wed Mar 29 2023 Christian Heimes 0.8-1- Fold common and registration-service into ipa-hcc-server- Default to stage- Add title and description to JSON schema- Use D-Bus service and simplify config- Download PKINIT chain from registration service- Add mock tests for mockapi service, refactor code- [HMS-1485] Add --location to auto-enrollment script- Verify with pylint and fix violations- Use server role to indicate presence of ipa-hcc plugin- [HMS-1485] Add IPA location information to domain- Add D-Bus service for checking host in HBI- [HMS-1475] Add tests for registration WSGI server- [HMS-1475] Refactor and test auto enrollment client- Test with RHEL 7.9 server- Remove dependency on requests- Rename smid -> rhsm_id, drop redundant rhsm_id from body- Move API handler in separate module, add JSON schema
* Wed Mar 15 2023 Christian Heimes 0.7-1- Fix config_mod(hcc_update_server_server) API call- Improve idm-ci- Refactor project structure- Add timeout option- Remove unused cert info and detect_environment- Split ipa_hcc_cli into CLI interface and logic- Add systemd timer service- Add global hccDomainId, use domain_id in PUT request- Add HCC update role and register/update subcommands- Add ipa-hcc to register/update domain with HCC- Update rhsm_id in server\'s host entry- - Add server role for HCC enrollment service- Fix deployment and rhc connect in stage environment- Test on RHEL 9.2, 8.8- Add mockapi with test API endpoints
* Tue Feb 21 2023 Christian Heimes 0.6-1- Add metadata to deploy with local builds- build and deploy RPMs from current checkout- Add QEW test and metadata file- Add idm-ci playbook and metadata- Add tox CI with custom image- Fix stage env support- Add 1minutetip and virt-builder scripts- More validation of PKINIT options- Write custom krb5.conf, handle missing domain better, more arg checks- Drop \'not krbprincipalkey\' check for testing- Mention SHA-1 PKINIT issue on old RHEL 7 and 8.6 servers
* Mon Feb 06 2023 Christian Heimes 0.5-1- Fallback to kinit with PKINIT + ipa-getkeytab on systems without PKINIT support ipa-client-install- Add support for IPA 4.6 on RHEL 7 with Python 2.7 and mod_nss- Handle platform-python on RHEL 8- Sleep longer- Relax dependency on SELinux- Move keytab installation into auto enrollment- Basic tests for WSGI- Move /etc/ipa/hcc dir to registration-service RPM- Move scripts into ipaclient.hcc package
* Thu Feb 02 2023 Christian Heimes 0.4-1- Detect stage/prod from rhsm.conf- Move refresh_token to /etc/ipa/hcc/refresh_token- Move more configuration into hccplatform- Remove keytab file on error- Add service with force=True option- Update permissions before adding privileges- Use ipa-ldap-updater instead of slow ipa-server-upgrade- Split server plugin and registration service updates
* Tue Jan 31 2023 Christian Heimes 0.3-1- Rename package to ipa-hcc- Replace term \'consoleDot\' with \'Hybrid Cloud Console\'
* Tue Jan 31 2023 Christian Heimes 0.2-1- Update CA chain to official RH certs with new SHA-256 Candlepin cert- Wait until host appears in ConsoleDot inventory- Always disconnect to get a fresh Kerberos ticket and connection- Add ipa-consoledot-consoledot.service- Remove old test data
* Tue Jan 31 2023 Christian Heimes 0.1-1- Handle outdated keytab, autoconfig org id- Remove pkinit_anchors line on uninstall- Workaround for missing IdM features- Fix spec file dependencies- Automate ipa-getkeytab with update plugin- Move some files around, automate service and keytab- Update spec, add KRB5 snippet with anchors- Use more persistent connections- Add caching and logging to WSGI app- Add link from search facet to consoleDot inventory- Lookup host in consoleDot inventory- Regenerate certs with C=US instead of CN=US- Return shell script with certs- Add cross-signed certs- Add script to generate cross-signed Candlepin CA- Update README with more instructions- Require known CA issuer- Add WSGI service, roles, and cert mapping- Add test scripts- Add notes about cache and certmap-match- Add test data and instructions- Fix error reporting when global org id is missing- Use lower number for updates/schema so we can use 89 for test data- explain unique index- Add write permission- Add enrolled hosts to a hostgroup