ipa-hcc-server-0.17-2.el8 RPM for noarch

From EPEL 8 for x86_64 / Packages / i

This package contains IPA server plugins, LDAP schema extension, WebUI
extension, and registration agent for Hybrid Cloud Console integration. The
extensions require an account on https://console.redhat.com/ and registration
with subscription manager.

Provides

• ipa-hcc-server
• config(ipa-hcc-server)

Requires

• /bin/sh
• /bin/sh
• /bin/sh
• /bin/sh
• /bin/sh
• /usr/bin/python3.6
• config(ipa-hcc-server) = 0.17-2.el8
• httpd
• ipa-server >= 4.9.11
• ipa-server >= 4.9.11
• mod_ssl
• python(abi) = 3.6
• python3-cryptography
• python3-ipahcc = 0.17-2.el8
• python3-jsonschema
• python3-jwcrypto
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PartialHardlinkSets) <= 4.0.4-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsXz) <= 5.2-1
• rpmlib(RichDependencies) <= 4.12.0-1
• selinux-policy >= 3.14.3-107
• selinux-policy-base >= 3.14.3-107
• systemd
• systemd
• systemd

License

GPL-3.0-or-later

Changelog

* Sun Apr 07 2024 Christian Heimes <cheimes@redhat.com> 0.17-2
  - ipa-hcc-client depends on ipa-client again
* Sat Apr 06 2024 Christian Heimes <cheimes@redhat.com> 0.17-1
  - Don't install /etc/ipa/hcc.conf by default
  - Refactor: Client scripts now use hccplatform
  - refactor: Move all server code to ipahcc.server
  - Feat: Server features detect Console from rhsm.conf
  - feat: SELinux policy for ipa-hcc-server
  - Fix EPEL 8 build
* Thu Mar 28 2024 Christian Heimes <cheimes@redhat.com> - 0.16-2
  - Allow build without idm:DL1 module
* Wed Mar 27 2024 Christian Heimes <cheimes@redhat.com> 0.16-1
  - HMS-3840 feat: Detect configuration from rhsm.conf
  - ipahcc-stage-console now configures proxy
  - HMS-3821 feat: auto enrollment can set DNS resolver
  - More Fedora packaging fixes
  - Implement testing with Stage Console APIs
  - Implement console proxy settings
* Wed Mar 20 2024 Christian Heimes <cheimes@redhat.com> 0.15-1
  - add CONTRIBUTING.md guidelines
  - Fedora packaging fixes
* Tue Mar 19 2024 Christian Heimes <cheimes@redhat.com> 0.14-1
  - Prepare ipa-hcc for Fedora packaging
  - infra: Add helper for stage console testing
  - Fix: pylint warning R1737
  - Fix: Typo in ipa-hcc-auto-enrollment sysconfig
  - Fix various infra issues
  - fix HMS-2066: Add timeout to confirmation prompt
  - test: Test on RHEL 9.3 / 8.9
* Tue Dec 05 2023 Christian Heimes <cheimes@redhat.com> 0.13-1
  - feat: Enhance reporting and logging
  - feat: Check remote status with HCC
  - refactor: Use context="hcc" in IPA API
  - infra: Log JSON error information
  - infra: Refresh cache and config file
  - fix: Use LDAP for public JWKs
  - refactor: Run ipa-client-automount
  - fix: Replace legacy with modern Insights API
  - fix: Limit hostname to 63 characters
  - fix: Use UEP CA to access prod cert-api
  - fix: Don't create global DNSResolver
  - feat: Add ipahcc-client-prepare
  - fix: Fake headers can use org_id/cn from RHSM cert
  - refactor: Change to --idmsvc-api-url
  - HMS-2348 feat: Add ephemeral fake header to auto-enrollment
  - test: Run CI on Fedora 39, drop 37
  - fix: Better error reporting for missing RHSM cert
  - fix: Fix typo fdqn -> fqdn
  - Fix: Keycloak SSO provider requires openid scope
  - doc: Add test instructions and hcc.conf info
  - HMS-2814 feat: IPA client installer and automount
  - test: idm-ci now requires local cloud auth
  - feat: Add sso.rh.c IdP provider definitions
  - HMS-2694 fix: Update JWST issuer and docs
  - HMS-2595 feat: Extend ipa-hcc to retrieve+store JWKs
  - test: Fix and improve coverage
  - fix: Update spec file URL
  - fix: Update git repo URL
  - HMS-2594: IPA plugin for HCC JWKs
  - test: Do not install KRA
  - HMS-2532 fix: attach to api commit
  - HMS-2491 test: Enable backend tests again
  - HMS-2491 test: Allow backend test to fail
  - HMS-2491 refactor: Separate GET signing keys
  - HMS-2491 test: Update test infra for DRT
  - HMS-2491 feat: Remove old domain registration
  - HMS-2491 feat: Update for domain token workflow
  - refactor: Remove env patching
  - HMS-2446 feat: New domain reg token
  - fix: Use gssproxy client keytab
  - HMS-2446 refactor: Move IPA API to WSGI framework
  - tests: Add test for deserialize()
  - tests: Check that serializing compact form gives a ValueError
  - feat: Add additional check json deserialization and update docs
  - feat: Rename deserialize_json to deserialize
  - feat: Do not allow compact serialization for MultiJWST
  - test: Enable mypy checker for tests
  - feat: Add domain token to mockapi
  - test: Run CI with Fedora 37 and 38
  - HMS-2070 feat: Remove D-Bus service
* Mon Aug 14 2023 Christian Heimes <cheimes@redhat.com> 0.12-1
  - fix: use new Quay org for CI images
  - HMS-1789 tests: use @podengo/ipa-hcc COPR
  - fix: Support latest tox on Fedora 38
  - fix: Allow non-compact JWT serialization
  - fix: use OpenAPI from public GitHub repo
  - test: Build SRPM and RPMs on GHA
  - test: update packages in containers
  - fix: Don't hard-code inventory url
  - doc: Add documentation for developers
  - HMS-2195: fix: Use idmsvc as API slug
  - feat: update locations
  - fix: Fix typo in automember rule
  - HMS-2147 fix: use HostConfIpa schema in HostConfResponse
  - refactor: Use setuptools to install Python code
  - fix: store public JWK in separate file
  - HMS-1857 feat: signed assertion for host registration
  - HMS-1857 feat: Add multi-sig and host token
  - HMS-1289 fix: Remove inventory_id from HostConfResponse
  - HMS-1857 feat: Add JWK abstraction and helpers
  - feat: Update JSON schema from latest OpenAPI
  - HMS-2038 test: Smoke tests with idm-domains-backend
  - HMS-2068: Drop support for RHEL without PKINIT
* Mon Jul 03 2023 Christian Heimes <cheimes@redhat.com> 0.11-1
  - HMS-2052 build: Use OpenAPI schema from idm-domains-api
  - HMS-2038 test: catch metadata misconfiguration early
  - fix: Move rpkg output out of .tox directory
  - HMS-2041 fix: Represent org id as string, not int
  - HMS-2038 test: Improve testing with backend compose
  - HMS-1991 fix: Tighten OpenAPI schema
  - HMS-2008 feat: Adopt JSON API error objects
  - Add definitions for missing JSON schemas
  - HMS-1991 feat: Generate schema JSON files from OpenAPI
  - HMS-1991: Refactor JSON schema
  - Add project and build definitions to pyproject.toml
  - HMS-1898: Fix and validate error response
  - HMS-1975: Remove check-host API endpoint
  - Improve CI and test with Python 3.9 (RHEL 9)
  - register: prompt for confirmation
  - HMS-1926: Friendly D-Bus error message
  - ipa-hcc CLI: print human-readable messages
  - Document how to configure for ephemeral
  - logging: pretty print API response
  - Reconcile JSON schema with idm-domains-backend OpenAPI
  - Add verbose logging to ipa-hcc
  - Prepare release 0.11
  - Ephemeral env support with fake headers
  - Improve Makefile and tox runner
  - yamllint: don't apply truthy test to map keys
  - Rename field 'cacerts' to 'ca_certs'
  - Reconcile domain response schema
  - Reconcile register/update domain schema
  - Document how to install build and test deps
  - HMS-1898 Reconcile error result schema
  - Ruff: silence F811 redefined-while-unused
* Wed May 17 2023 Christian Heimes <cheimes@redhat.com> 0.10-1
  - [HMS-1788] Add simple GH CI workflow
  - [HMS-1779] Move secrets and settings to CI/CD variables
  - [HMS-1645] Replace bandit/flake8 with ruff linter
  - Add infrastructure for mypy type checks
  - [HMS-1645] Drop IPA 4.6 compatibility workarounds
  - [HMS-1645] Drop Python 2 compatibility
  - Run integration tests in FIPS mode
  - [HMS-1645] Drop support for RHEL 7
* Wed Apr 19 2023 Christian Heimes <cheimes@redhat.com> 0.9-1
  - Last version with RHEL 7 / Python 2.7 support
  - [HMS-1607] Use inventory_id in API routes
  - [HMS-1607] Move common WSGI code into module
  - Include os-release id and version in HTTP header
  - [HMS-1479] Implement status check
  - Drop bundle file, add more ipaserver tests
  - Detect and block auto-enrollment with FQDN localhost
  - [HMS-1472] Switch from admintool to D-Bus CLI
  - Add tests for dbus service, fix hccapi
  - Move cert parsing into common function
  - Validate insights registration state
* Wed Mar 29 2023 Christian Heimes <cheimes@redhat.com> 0.8-1
  - Fold common and registration-service into ipa-hcc-server
  - Default to stage
  - Add title and description to JSON schema
  - Use D-Bus service and simplify config
  - Download PKINIT chain from registration service
  - Add mock tests for mockapi service, refactor code
  - [HMS-1485] Add --location to auto-enrollment script
  - Verify with pylint and fix violations
  - Use server role to indicate presence of ipa-hcc plugin
  - [HMS-1485] Add IPA location information to domain
  - Add D-Bus service for checking host in HBI
  - [HMS-1475] Add tests for registration WSGI server
  - [HMS-1475] Refactor and test auto enrollment client
  - Test with RHEL 7.9 server
  - Remove dependency on requests
  - Rename smid -> rhsm_id, drop redundant rhsm_id from body
  - Move API handler in separate module, add JSON schema
* Wed Mar 15 2023 Christian Heimes <cheimes@redhat.com> 0.7-1
  - Fix config_mod(hcc_update_server_server) API call
  - Improve idm-ci
  - Refactor project structure
  - Add timeout option
  - Remove unused cert info and detect_environment
  - Split ipa_hcc_cli into CLI interface and logic
  - Add systemd timer service
  - Add global hccDomainId, use domain_id in PUT request
  - Add HCC update role and register/update subcommands
  - Add ipa-hcc to register/update domain with HCC
  - Update rhsm_id in server's host entry
  - - Add server role for HCC enrollment service
  - Fix deployment and rhc connect in stage environment
  - Test on RHEL 9.2, 8.8
  - Add mockapi with test API endpoints
* Tue Feb 21 2023 Christian Heimes <cheimes@redhat.com> 0.6-1
  - Add metadata to deploy with local builds
  - build and deploy RPMs from current checkout
  - Add QEW test and metadata file
  - Add idm-ci playbook and metadata
  - Add tox CI with custom image
  - Fix stage env support
  - Add 1minutetip and virt-builder scripts
  - More validation of PKINIT options
  - Write custom krb5.conf, handle missing domain better, more arg checks
  - Drop 'not krbprincipalkey' check for testing
  - Mention SHA-1 PKINIT issue on old RHEL 7 and 8.6 servers
* Mon Feb 06 2023 Christian Heimes <cheimes@redhat.com> 0.5-1
  - Fallback to kinit with PKINIT + ipa-getkeytab on systems without PKINIT
    support ipa-client-install
  - Add support for IPA 4.6 on RHEL 7 with Python 2.7 and mod_nss
  - Handle platform-python on RHEL 8
  - Sleep longer
  - Relax dependency on SELinux
  - Move keytab installation into auto enrollment
  - Basic tests for WSGI
  - Move /etc/ipa/hcc dir to registration-service RPM
  - Move scripts into ipaclient.hcc package
* Thu Feb 02 2023 Christian Heimes <cheimes@redhat.com> 0.4-1
  - Detect stage/prod from rhsm.conf
  - Move refresh_token to /etc/ipa/hcc/refresh_token
  - Move more configuration into hccplatform
  - Remove keytab file on error
  - Add service with force=True option
  - Update permissions before adding privileges
  - Use ipa-ldap-updater instead of slow ipa-server-upgrade
  - Split server plugin and registration service updates
* Tue Jan 31 2023 Christian Heimes <cheimes@redhat.com> 0.3-1
  - Rename package to ipa-hcc
  - Replace term 'consoleDot' with 'Hybrid Cloud Console'
* Tue Jan 31 2023 Christian Heimes <cheimes@redhat.com> 0.2-1
  - Update CA chain to official RH certs with new SHA-256 Candlepin cert
  - Wait until host appears in ConsoleDot inventory
  - Always disconnect to get a fresh Kerberos ticket and connection
  - Add ipa-consoledot-consoledot.service
  - Remove old test data
* Tue Jan 31 2023 Christian Heimes <cheimes@redhat.com> 0.1-1
  - Handle outdated keytab, autoconfig org id
  - Remove pkinit_anchors line on uninstall
  - Workaround for missing IdM features
  - Fix spec file dependencies
  - Automate ipa-getkeytab with update plugin
  - Move some files around, automate service and keytab
  - Update spec, add KRB5 snippet with anchors
  - Use more persistent connections
  - Add caching and logging to WSGI app
  - Add link from search facet to consoleDot inventory
  - Lookup host in consoleDot inventory
  - Regenerate certs with C=US instead of CN=US
  - Return shell script with certs
  - Add cross-signed certs
  - Add script to generate cross-signed Candlepin CA
  - Update README with more instructions
  - Require known CA issuer
  - Add WSGI service, roles, and cert mapping
  - Add test scripts
  - Add notes about cache and certmap-match
  - Add test data and instructions
  - Fix error reporting when global org id is missing
  - Use lower number for updates/schema so we can use 89 for test data
  - explain unique index
  - Add write permission
  - Add enrolled hosts to a hostgroup

Files

/etc/gssproxy/85-ipa-hcc.conf
/etc/httpd/conf.d/ipa-hcc.conf
/etc/ipa/hcc.conf
/usr/lib/python3.6/site-packages/ipaserver/install/plugins/__pycache__/update_hcc.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/ipaserver/install/plugins/__pycache__/update_hcc.cpython-36.pyc
/usr/lib/python3.6/site-packages/ipaserver/install/plugins/__pycache__/update_hcc_enrollment_service.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/ipaserver/install/plugins/__pycache__/update_hcc_enrollment_service.cpython-36.pyc
/usr/lib/python3.6/site-packages/ipaserver/install/plugins/update_hcc.py
/usr/lib/python3.6/site-packages/ipaserver/install/plugins/update_hcc_enrollment_service.py
/usr/lib/python3.6/site-packages/ipaserver/plugins/__pycache__/hccconfig.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/ipaserver/plugins/__pycache__/hccconfig.cpython-36.pyc
/usr/lib/python3.6/site-packages/ipaserver/plugins/__pycache__/hcchost.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/ipaserver/plugins/__pycache__/hcchost.cpython-36.pyc
/usr/lib/python3.6/site-packages/ipaserver/plugins/__pycache__/hccidp.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/ipaserver/plugins/__pycache__/hccidp.cpython-36.pyc
/usr/lib/python3.6/site-packages/ipaserver/plugins/__pycache__/hccjwk.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/ipaserver/plugins/__pycache__/hccjwk.cpython-36.pyc
/usr/lib/python3.6/site-packages/ipaserver/plugins/__pycache__/hccserverroles.cpython-36.opt-1.pyc
/usr/lib/python3.6/site-packages/ipaserver/plugins/__pycache__/hccserverroles.cpython-36.pyc
/usr/lib/python3.6/site-packages/ipaserver/plugins/hccconfig.py
/usr/lib/python3.6/site-packages/ipaserver/plugins/hcchost.py
/usr/lib/python3.6/site-packages/ipaserver/plugins/hccidp.py
/usr/lib/python3.6/site-packages/ipaserver/plugins/hccjwk.py
/usr/lib/python3.6/site-packages/ipaserver/plugins/hccserverroles.py
/usr/lib/systemd/system/ipa-hcc-update.service
/usr/lib/systemd/system/ipa-hcc-update.timer
/usr/sbin/ipa-hcc
/usr/share/doc/ipa-hcc-server
/usr/share/doc/ipa-hcc-server/CONTRIBUTORS.txt
/usr/share/doc/ipa-hcc-server/README.md
/usr/share/ipa-hcc
/usr/share/ipa-hcc/cacerts
/usr/share/ipa-hcc/cacerts/00-candlepin-redhat-ca-sha256.pem
/usr/share/ipa-hcc/cacerts/01-redhat-entitlement-authority-2022.pem
/usr/share/ipa-hcc/cacerts/02-redhat-entitlement-master-ca.pem
/usr/share/ipa-hcc/cacerts/3bba0b9d.0
/usr/share/ipa-hcc/cacerts/49f9274f.0
/usr/share/ipa-hcc/cacerts/fa9a18d6.0
/usr/share/ipa-hcc/hcc.conf.example
/usr/share/ipa-hcc/hcc_registration_service.py
/usr/share/ipa/schema.d/85-hcc.ldif
/usr/share/ipa/ui/js/plugins/hccconfig
/usr/share/ipa/ui/js/plugins/hccconfig/hccconfig.js
/usr/share/ipa/ui/js/plugins/hcchost
/usr/share/ipa/ui/js/plugins/hcchost/hcchost.js
/usr/share/ipa/ui/js/plugins/hccidp
/usr/share/ipa/ui/js/plugins/hccidp/hccidp.js
/usr/share/ipa/updates/85-hcc.update
/usr/share/ipa/updates/86-hcc-registration-service.update
/usr/share/licenses/ipa-hcc-server
/usr/share/licenses/ipa-hcc-server/COPYING
/usr/share/man/man1/ipa-hcc.1.gz
/var/cache/ipa-hcc
/var/lib/gssproxy/hcc-enrollment.keytab

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Apr 30 02:59:30 2024