Changelog |
* Sat Aug 10 2024 Fraser Tweedale <frase@frase.id.au> 0.18-1
- test: use RHEL with golang 1.21 for backend vm
- test: fix idm-domains-backend-deploy after RBAC changes
- chore: supress mypy errors in generated stubs
- fix(HMS-4323): print hcc reponse headers in debug
- fix(HMS-4323): print request-id header on auto_enrollment error
- fix(HMS-4128): build container
- fix: Generic proxy case, formatting
- test: explicitely disable ipa-hcc-auto-enrollment in hmsidm-rhel93
- test: print enrollment logs before tests
- ci: fix artifacts upload
- ci: make job metadata collect/teardown more robust
- feat(HMS-4049): enable ipa-hcc-auto-enrollment.service via preset
- fix: proxy mapping for stage
- Use sysusers to create system users
- Tests: Fix eslint and RHEL 8 enrollment problems
* Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.17-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jun 10 2024 Python Maint <python-maint@redhat.com> - 0.17-3
- Rebuilt for Python 3.13
* Sun Apr 07 2024 Christian Heimes <cheimes@redhat.com> 0.17-2
- ipa-hcc-client depends on ipa-client again
* Sat Apr 06 2024 Christian Heimes <cheimes@redhat.com> 0.17-1
- Don't install /etc/ipa/hcc.conf by default
- Refactor: Client scripts now use hccplatform
- refactor: Move all server code to ipahcc.server
- Feat: Server features detect Console from rhsm.conf
- feat: SELinux policy for ipa-hcc-server
- Fix EPEL 8 build
* Wed Mar 27 2024 Christian Heimes <cheimes@redhat.com> 0.16-1
- HMS-3840 feat: Detect configuration from rhsm.conf
- ipahcc-stage-console now configures proxy
- HMS-3821 feat: auto enrollment can set DNS resolver
- More Fedora packaging fixes
- Implement testing with Stage Console APIs
- Implement console proxy settings
* Wed Mar 20 2024 Christian Heimes <cheimes@redhat.com> 0.15-1
- add CONTRIBUTING.md guidelines
- Fedora packaging fixes
* Tue Mar 19 2024 Christian Heimes <cheimes@redhat.com> 0.14-1
- Prepare ipa-hcc for Fedora packaging
- infra: Add helper for stage console testing
- Fix: pylint warning R1737
- Fix: Typo in ipa-hcc-auto-enrollment sysconfig
- Fix various infra issues
- fix HMS-2066: Add timeout to confirmation prompt
- test: Test on RHEL 9.3 / 8.9
* Tue Dec 05 2023 Christian Heimes <cheimes@redhat.com> 0.13-1
- feat: Enhance reporting and logging
- feat: Check remote status with HCC
- refactor: Use context="hcc" in IPA API
- infra: Log JSON error information
- infra: Refresh cache and config file
- fix: Use LDAP for public JWKs
- refactor: Run ipa-client-automount
- fix: Replace legacy with modern Insights API
- fix: Limit hostname to 63 characters
- fix: Use UEP CA to access prod cert-api
- fix: Don't create global DNSResolver
- feat: Add ipahcc-client-prepare
- fix: Fake headers can use org_id/cn from RHSM cert
- refactor: Change to --idmsvc-api-url
- HMS-2348 feat: Add ephemeral fake header to auto-enrollment
- test: Run CI on Fedora 39, drop 37
- fix: Better error reporting for missing RHSM cert
- fix: Fix typo fdqn -> fqdn
- Fix: Keycloak SSO provider requires openid scope
- doc: Add test instructions and hcc.conf info
- HMS-2814 feat: IPA client installer and automount
- test: idm-ci now requires local cloud auth
- feat: Add sso.rh.c IdP provider definitions
- HMS-2694 fix: Update JWST issuer and docs
- HMS-2595 feat: Extend ipa-hcc to retrieve+store JWKs
- test: Fix and improve coverage
- fix: Update spec file URL
- fix: Update git repo URL
- HMS-2594: IPA plugin for HCC JWKs
- test: Do not install KRA
- HMS-2532 fix: attach to api commit
- HMS-2491 test: Enable backend tests again
- HMS-2491 test: Allow backend test to fail
- HMS-2491 refactor: Separate GET signing keys
- HMS-2491 test: Update test infra for DRT
- HMS-2491 feat: Remove old domain registration
- HMS-2491 feat: Update for domain token workflow
- refactor: Remove env patching
- HMS-2446 feat: New domain reg token
- fix: Use gssproxy client keytab
- HMS-2446 refactor: Move IPA API to WSGI framework
- tests: Add test for deserialize()
- tests: Check that serializing compact form gives a ValueError
- feat: Add additional check json deserialization and update docs
- feat: Rename deserialize_json to deserialize
- feat: Do not allow compact serialization for MultiJWST
- test: Enable mypy checker for tests
- feat: Add domain token to mockapi
- test: Run CI with Fedora 37 and 38
- HMS-2070 feat: Remove D-Bus service
* Mon Aug 14 2023 Christian Heimes <cheimes@redhat.com> 0.12-1
- fix: use new Quay org for CI images
- HMS-1789 tests: use @podengo/ipa-hcc COPR
- fix: Support latest tox on Fedora 38
- fix: Allow non-compact JWT serialization
- fix: use OpenAPI from public GitHub repo
- test: Build SRPM and RPMs on GHA
- test: update packages in containers
- fix: Don't hard-code inventory url
- doc: Add documentation for developers
- HMS-2195: fix: Use idmsvc as API slug
- feat: update locations
- fix: Fix typo in automember rule
- HMS-2147 fix: use HostConfIpa schema in HostConfResponse
- refactor: Use setuptools to install Python code
- fix: store public JWK in separate file
- HMS-1857 feat: signed assertion for host registration
- HMS-1857 feat: Add multi-sig and host token
- HMS-1289 fix: Remove inventory_id from HostConfResponse
- HMS-1857 feat: Add JWK abstraction and helpers
- feat: Update JSON schema from latest OpenAPI
- HMS-2038 test: Smoke tests with idm-domains-backend
- HMS-2068: Drop support for RHEL without PKINIT
* Mon Jul 03 2023 Christian Heimes <cheimes@redhat.com> 0.11-1
- HMS-2052 build: Use OpenAPI schema from idm-domains-api
- HMS-2038 test: catch metadata misconfiguration early
- fix: Move rpkg output out of .tox directory
- HMS-2041 fix: Represent org id as string, not int
- HMS-2038 test: Improve testing with backend compose
- HMS-1991 fix: Tighten OpenAPI schema
- HMS-2008 feat: Adopt JSON API error objects
- Add definitions for missing JSON schemas
- HMS-1991 feat: Generate schema JSON files from OpenAPI
- HMS-1991: Refactor JSON schema
- Add project and build definitions to pyproject.toml
- HMS-1898: Fix and validate error response
- HMS-1975: Remove check-host API endpoint
- Improve CI and test with Python 3.9 (RHEL 9)
- register: prompt for confirmation
- HMS-1926: Friendly D-Bus error message
- ipa-hcc CLI: print human-readable messages
- Document how to configure for ephemeral
- logging: pretty print API response
- Reconcile JSON schema with idm-domains-backend OpenAPI
- Add verbose logging to ipa-hcc
- Prepare release 0.11
- Ephemeral env support with fake headers
- Improve Makefile and tox runner
- yamllint: don't apply truthy test to map keys
- Rename field 'cacerts' to 'ca_certs'
- Reconcile domain response schema
- Reconcile register/update domain schema
- Document how to install build and test deps
- HMS-1898 Reconcile error result schema
- Ruff: silence F811 redefined-while-unused
* Wed May 17 2023 Christian Heimes <cheimes@redhat.com> 0.10-1
- [HMS-1788] Add simple GH CI workflow
- [HMS-1779] Move secrets and settings to CI/CD variables
- [HMS-1645] Replace bandit/flake8 with ruff linter
- Add infrastructure for mypy type checks
- [HMS-1645] Drop IPA 4.6 compatibility workarounds
- [HMS-1645] Drop Python 2 compatibility
- Run integration tests in FIPS mode
- [HMS-1645] Drop support for RHEL 7
* Wed Apr 19 2023 Christian Heimes <cheimes@redhat.com> 0.9-1
- Last version with RHEL 7 / Python 2.7 support
- [HMS-1607] Use inventory_id in API routes
- [HMS-1607] Move common WSGI code into module
- Include os-release id and version in HTTP header
- [HMS-1479] Implement status check
- Drop bundle file, add more ipaserver tests
- Detect and block auto-enrollment with FQDN localhost
- [HMS-1472] Switch from admintool to D-Bus CLI
- Add tests for dbus service, fix hccapi
- Move cert parsing into common function
- Validate insights registration state
* Wed Mar 29 2023 Christian Heimes <cheimes@redhat.com> 0.8-1
- Fold common and registration-service into ipa-hcc-server
- Default to stage
- Add title and description to JSON schema
- Use D-Bus service and simplify config
- Download PKINIT chain from registration service
- Add mock tests for mockapi service, refactor code
- [HMS-1485] Add --location to auto-enrollment script
- Verify with pylint and fix violations
- Use server role to indicate presence of ipa-hcc plugin
- [HMS-1485] Add IPA location information to domain
- Add D-Bus service for checking host in HBI
- [HMS-1475] Add tests for registration WSGI server
- [HMS-1475] Refactor and test auto enrollment client
- Test with RHEL 7.9 server
- Remove dependency on requests
- Rename smid -> rhsm_id, drop redundant rhsm_id from body
- Move API handler in separate module, add JSON schema
* Wed Mar 15 2023 Christian Heimes <cheimes@redhat.com> 0.7-1
- Fix config_mod(hcc_update_server_server) API call
- Improve idm-ci
- Refactor project structure
- Add timeout option
- Remove unused cert info and detect_environment
- Split ipa_hcc_cli into CLI interface and logic
- Add systemd timer service
- Add global hccDomainId, use domain_id in PUT request
- Add HCC update role and register/update subcommands
- Add ipa-hcc to register/update domain with HCC
- Update rhsm_id in server's host entry
- - Add server role for HCC enrollment service
- Fix deployment and rhc connect in stage environment
- Test on RHEL 9.2, 8.8
- Add mockapi with test API endpoints
* Tue Feb 21 2023 Christian Heimes <cheimes@redhat.com> 0.6-1
- Add metadata to deploy with local builds
- build and deploy RPMs from current checkout
- Add QEW test and metadata file
- Add idm-ci playbook and metadata
- Add tox CI with custom image
- Fix stage env support
- Add 1minutetip and virt-builder scripts
- More validation of PKINIT options
- Write custom krb5.conf, handle missing domain better, more arg checks
- Drop 'not krbprincipalkey' check for testing
- Mention SHA-1 PKINIT issue on old RHEL 7 and 8.6 servers
* Mon Feb 06 2023 Christian Heimes <cheimes@redhat.com> 0.5-1
- Fallback to kinit with PKINIT + ipa-getkeytab on systems without PKINIT
support ipa-client-install
- Add support for IPA 4.6 on RHEL 7 with Python 2.7 and mod_nss
- Handle platform-python on RHEL 8
- Sleep longer
- Relax dependency on SELinux
- Move keytab installation into auto enrollment
- Basic tests for WSGI
- Move /etc/ipa/hcc dir to registration-service RPM
- Move scripts into ipaclient.hcc package
* Thu Feb 02 2023 Christian Heimes <cheimes@redhat.com> 0.4-1
- Detect stage/prod from rhsm.conf
- Move refresh_token to /etc/ipa/hcc/refresh_token
- Move more configuration into hccplatform
- Remove keytab file on error
- Add service with force=True option
- Update permissions before adding privileges
- Use ipa-ldap-updater instead of slow ipa-server-upgrade
- Split server plugin and registration service updates
* Tue Jan 31 2023 Christian Heimes <cheimes@redhat.com> 0.3-1
- Rename package to ipa-hcc
- Replace term 'consoleDot' with 'Hybrid Cloud Console'
* Tue Jan 31 2023 Christian Heimes <cheimes@redhat.com> 0.2-1
- Update CA chain to official RH certs with new SHA-256 Candlepin cert
- Wait until host appears in ConsoleDot inventory
- Always disconnect to get a fresh Kerberos ticket and connection
- Add ipa-consoledot-consoledot.service
- Remove old test data
* Tue Jan 31 2023 Christian Heimes <cheimes@redhat.com> 0.1-1
- Handle outdated keytab, autoconfig org id
- Remove pkinit_anchors line on uninstall
- Workaround for missing IdM features
- Fix spec file dependencies
- Automate ipa-getkeytab with update plugin
- Move some files around, automate service and keytab
- Update spec, add KRB5 snippet with anchors
- Use more persistent connections
- Add caching and logging to WSGI app
- Add link from search facet to consoleDot inventory
- Lookup host in consoleDot inventory
- Regenerate certs with C=US instead of CN=US
- Return shell script with certs
- Add cross-signed certs
- Add script to generate cross-signed Candlepin CA
- Update README with more instructions
- Require known CA issuer
- Add WSGI service, roles, and cert mapping
- Add test scripts
- Add notes about cache and certmap-match
- Add test data and instructions
- Fix error reporting when global org id is missing
- Use lower number for updates/schema so we can use 89 for test data
- explain unique index
- Add write permission
- Add enrolled hosts to a hostgroup
|