Reuse self.api when executing ca_enabled_check

The ca_enabled_check function is a wrapper around
api.Command.ca_is_enabled.  When using remote_api (e.g. during
installer), ca_enabled_check invokes the *global* api instead of the
remote_api.

Update ca_enabled_check to explicitly receive an api object from the
caller and invoke Command.ca_is_enabled through it.

Part of: https://fedorahosted.org/freeipa/ticket/2614

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Fraser Tweedale 2016-12-19 14:31:14 +10:00 committed by Jan Cholasta
parent f54df62aba
commit 09a65df684
3 changed files with 21 additions and 21 deletions

View File

@ -193,7 +193,7 @@ class ca_find(LDAPSearch):
)
def execute(self, *keys, **options):
ca_enabled_check()
ca_enabled_check(self.api)
result = super(ca_find, self).execute(*keys, **options)
if not options.get('pkey_only', False):
for entry in result['result']:
@ -217,7 +217,7 @@ class ca_show(LDAPRetrieve):
)
def execute(self, *keys, **options):
ca_enabled_check()
ca_enabled_check(self.api)
result = super(ca_show, self).execute(*keys, **options)
set_certificate_attrs(result['result'], options)
return result
@ -233,7 +233,7 @@ class ca_add(LDAPCreate):
)
def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options):
ca_enabled_check()
ca_enabled_check(self.api)
if not ldap.can_add(dn[1:]):
raise errors.ACIError(
info=_("Insufficient 'add' privilege for entry '%s'.") % dn)
@ -276,7 +276,7 @@ class ca_del(LDAPDelete):
msg_summary = _('Deleted CA "%(value)s"')
def pre_callback(self, ldap, dn, *keys, **options):
ca_enabled_check()
ca_enabled_check(self.api)
if keys[0] == IPA_CA_CN:
raise errors.ProtectedEntryError(
@ -298,7 +298,7 @@ class ca_mod(LDAPUpdate):
msg_summary = _('Modified CA "%(value)s"')
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
ca_enabled_check()
ca_enabled_check(self.api)
if 'rename' in options or 'cn' in entry_attrs:
if keys[0] == IPA_CA_CN:
@ -314,7 +314,7 @@ class CAQuery(LDAPQuery):
has_output = output.standard_value
def execute(self, cn, **options):
ca_enabled_check()
ca_enabled_check(self.api)
ca_id = self.api.Command.ca_show(cn)['result']['ipacaid'][0]
with self.api.Backend.ra_lightweight_ca as ca_api:

View File

@ -196,8 +196,8 @@ def normalize_serial_number(num):
return unicode(num)
def ca_enabled_check():
if not api.Command.ca_is_enabled()['result']:
def ca_enabled_check(_api):
if not _api.Command.ca_is_enabled()['result']:
raise errors.NotFound(reason=_('CA is not configured'))
def caacl_check(principal_type, principal, ca, profile_id):
@ -538,7 +538,7 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
yield arg
def execute(self, csr, all=False, raw=False, **kw):
ca_enabled_check()
ca_enabled_check(self.api)
ldap = self.api.Backend.ldap2
realm = unicode(self.api.env.realm)
@ -898,7 +898,7 @@ class cert_status(Retrieve, BaseCertMethod, VirtualCommand):
operation = "certificate status"
def execute(self, request_id, **kw):
ca_enabled_check()
ca_enabled_check(self.api)
self.check_access()
# Dogtag requests are uniquely identified by their number;
@ -1006,7 +1006,7 @@ class cert_show(Retrieve, CertMethod, VirtualCommand):
def execute(self, serial_number, all=False, raw=False, no_members=False,
**options):
ca_enabled_check()
ca_enabled_check(self.api)
# Dogtag lightweight CAs have shared serial number domain, so
# we don't tell Dogtag the issuer (but we check the cert after).
@ -1069,7 +1069,7 @@ class cert_revoke(PKQuery, CertMethod, VirtualCommand):
yield option
def execute(self, serial_number, **kw):
ca_enabled_check()
ca_enabled_check(self.api)
# Make sure that the cert specified by issuer+serial exists.
# Will raise NotFound if it does not.
@ -1105,7 +1105,7 @@ class cert_remove_hold(PKQuery, CertMethod, VirtualCommand):
operation = "certificate remove hold"
def execute(self, serial_number, **kw):
ca_enabled_check()
ca_enabled_check(self.api)
# Make sure that the cert specified by issuer+serial exists.
# Will raise NotFound if it does not.
@ -1312,7 +1312,7 @@ class cert_find(Search, CertMethod):
complete = bool(ra_options)
try:
ca_enabled_check()
ca_enabled_check(self.api)
except errors.NotFound:
if ra_options:
raise

View File

@ -75,14 +75,14 @@ The following restrictions apply to profiles managed by FreeIPA:
register = Registry()
def ca_enabled_check():
def ca_enabled_check(_api):
"""Raise NotFound if CA is not enabled.
This function is defined in multiple plugins to avoid circular imports
(cert depends on certprofile, so we cannot import cert here).
"""
if not api.Command.ca_is_enabled()['result']:
if not _api.Command.ca_is_enabled()['result']:
raise errors.NotFound(reason=_('CA is not configured'))
@ -191,7 +191,7 @@ class certprofile_find(LDAPSearch):
)
def execute(self, *args, **kwargs):
ca_enabled_check()
ca_enabled_check(self.api)
return super(certprofile_find, self).execute(*args, **kwargs)
@ -206,7 +206,7 @@ class certprofile_show(LDAPRetrieve):
)
def execute(self, *keys, **options):
ca_enabled_check()
ca_enabled_check(self.api)
result = super(certprofile_show, self).execute(*keys, **options)
if 'out' in options:
@ -233,7 +233,7 @@ class certprofile_import(LDAPCreate):
PROFILE_ID_PATTERN = re.compile('^profileId=([a-zA-Z]\w*)', re.MULTILINE)
def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options):
ca_enabled_check()
ca_enabled_check(self.api)
context.profile = options['file']
match = self.PROFILE_ID_PATTERN.search(options['file'])
@ -271,7 +271,7 @@ class certprofile_del(LDAPDelete):
msg_summary = _('Deleted profile "%(value)s"')
def pre_callback(self, ldap, dn, *keys, **options):
ca_enabled_check()
ca_enabled_check(self.api)
if keys[0] in [p.profile_id for p in INCLUDED_PROFILES]:
raise errors.ValidationError(name='profile_id',
@ -304,7 +304,7 @@ class certprofile_mod(LDAPUpdate):
)
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
ca_enabled_check()
ca_enabled_check(self.api)
# Once a profile id is set it cannot be changed
if 'cn' in entry_attrs:
raise errors.ProtectedEntryError(label='certprofile', key=keys[0],