TESTING only#8696
Draft
justin-stephenson wants to merge 39 commits into
Draft
Conversation
…ider (cherry picked from commit 0f5f3b6)
so it can be directly modified
…can easily pass new fctx
So it can be modified later.
…kup and user authentication
…pec file Add the sssd-minimal provider package to the spec file following the same pattern as other providers (ldap, ipa, ad, etc.). This packages the libsss_minimal.so library that was added in recent commits. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
And also disable codeql for the minimal provider. The provider is for testing only, it does not make sense to fix any issue there.
This crafts and implements the new failover interface, it does not provide complete implementation of the failover mechanism yet. It brings the code to a state were the public and private interfaces are stable, working and testable so the following tasks can be split and work on in parallel. What is missing at this state: - server configuration and discovery (failover_server_group/batch/vtable_op) - server selection mechanism (sss_failover_vtable_op_server_next) - kerberos authentication - sharing servers between IPA/AD LDAP and KDC - online/offline callbacks (resolve callback should not be needed) But especially it is possible to start refactoring SSSD code to start using the new failover implementation.
This crafts and implements the new failover interface, it does not provide complete implementation of the failover mechanism yet. It brings the code to a state were the public and private interfaces are stable, working and testable so the following tasks can be split and work on in parallel. What is missing at this state: - server configuration and discovery (failover_server_group/batch/vtable_op) - server selection mechanism (sss_failover_vtable_op_server_next) - kerberos authentication - sharing servers between IPA/AD LDAP and KDC - online/offline callbacks (resolve callback should not be needed) But especially it is possible to start refactoring SSSD code to start using the new failover implementation.
This crafts and implements the new failover interface, it does not provide complete implementation of the failover mechanism yet. It brings the code to a state were the public and private interfaces are stable, working and testable so the following tasks can be split and work on in parallel. What is missing at this state: - server configuration and discovery (failover_server_group/batch/vtable_op) - server selection mechanism (sss_failover_vtable_op_server_next) - kerberos authentication - sharing servers between IPA/AD LDAP and KDC - online/offline callbacks (resolve callback should not be needed) But especially it is possible to start refactoring SSSD code to start using the new failover implementation.
Assisted by: Claude code (Sonnet 4.6)
In low level ldap search functions
The data provider handler methods now return a single output argument. Remove 'dp_error/dp_err' and 'error_message' usage across provider code. The getAccountDomain method still needs to return 'domain_name' string. Assisted by: Claude code (Sonnet 4.6)
- Servers are hardcoded
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request implements a new transaction-based failover mechanism featuring prioritized server groups and parallel candidate probing. It also adds support for automatic token refreshing in the OIDC child and IdP provider, introduces new release management scripts, and includes extensive translation updates and typo fixes. I have no feedback to provide.
justin-stephenson
force-pushed
the
failover_justin_port_all_providers
branch
10 times, most recently
from
74fdf20 to
0e05c2e
Compare
justin-stephenson
force-pushed
the
failover_justin_port_all_providers
branch
5 times, most recently
from
3a9d0ee to
7eddbc4
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
This will be done differently inside the failover code
To allow system tests to run in upstream PRCI
After switching to new failover code, processing offline gpos function was no longer reached if backend is offline during AD access checks.
justin-stephenson
force-pushed
the
failover_justin_port_all_providers
branch
2 times, most recently
from
8b43c6f to
3e044fc
Compare
Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit 8f170d0)
test_logging__offline_errors_are_written_to_logs_and_syslog: asserted offline logs messages are only part of old failover test_autofs__propagate_offline_status_*: asserted offline log messages are only part of the old failover test_logging__dns_resolution_issue_in_logs: asserted log messages are part of the old failover code test_failover: Needs to be updated for new failover implementation test_ad__user_authentication_when_provider_is_set_to_ldap_with_gss_spnego: 'id_provider = ldap' is hardcoded to go to 'master.ldap.test' but AD server should be used here test_ipa__subids_configured[id_provider=ldap]: 'id_provider = ldap' is hardcoded to go to 'master.ldap.test' but IPA server should be used here test_multithreaded_pac_client: requires re-using cached connection, not yet implemented in new failover
justin-stephenson
force-pushed
the
failover_justin_port_all_providers
branch
from
3e044fc to
0528d2a
Compare
justin-stephenson
force-pushed
the
failover_justin_port_all_providers
branch
from
0528d2a to
65c1793
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.