mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Reuse self.api when executing ca_enabled_check
The ca_enabled_check function is a wrapper around api.Command.ca_is_enabled. When using remote_api (e.g. during installer), ca_enabled_check invokes the *global* api instead of the remote_api. Update ca_enabled_check to explicitly receive an api object from the caller and invoke Command.ca_is_enabled through it. Part of: https://fedorahosted.org/freeipa/ticket/2614 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
parent
f54df62aba
commit
09a65df684
@ -193,7 +193,7 @@ class ca_find(LDAPSearch):
|
||||
)
|
||||
|
||||
def execute(self, *keys, **options):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
result = super(ca_find, self).execute(*keys, **options)
|
||||
if not options.get('pkey_only', False):
|
||||
for entry in result['result']:
|
||||
@ -217,7 +217,7 @@ class ca_show(LDAPRetrieve):
|
||||
)
|
||||
|
||||
def execute(self, *keys, **options):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
result = super(ca_show, self).execute(*keys, **options)
|
||||
set_certificate_attrs(result['result'], options)
|
||||
return result
|
||||
@ -233,7 +233,7 @@ class ca_add(LDAPCreate):
|
||||
)
|
||||
|
||||
def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
if not ldap.can_add(dn[1:]):
|
||||
raise errors.ACIError(
|
||||
info=_("Insufficient 'add' privilege for entry '%s'.") % dn)
|
||||
@ -276,7 +276,7 @@ class ca_del(LDAPDelete):
|
||||
msg_summary = _('Deleted CA "%(value)s"')
|
||||
|
||||
def pre_callback(self, ldap, dn, *keys, **options):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
|
||||
if keys[0] == IPA_CA_CN:
|
||||
raise errors.ProtectedEntryError(
|
||||
@ -298,7 +298,7 @@ class ca_mod(LDAPUpdate):
|
||||
msg_summary = _('Modified CA "%(value)s"')
|
||||
|
||||
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
|
||||
if 'rename' in options or 'cn' in entry_attrs:
|
||||
if keys[0] == IPA_CA_CN:
|
||||
@ -314,7 +314,7 @@ class CAQuery(LDAPQuery):
|
||||
has_output = output.standard_value
|
||||
|
||||
def execute(self, cn, **options):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
|
||||
ca_id = self.api.Command.ca_show(cn)['result']['ipacaid'][0]
|
||||
with self.api.Backend.ra_lightweight_ca as ca_api:
|
||||
|
@ -196,8 +196,8 @@ def normalize_serial_number(num):
|
||||
return unicode(num)
|
||||
|
||||
|
||||
def ca_enabled_check():
|
||||
if not api.Command.ca_is_enabled()['result']:
|
||||
def ca_enabled_check(_api):
|
||||
if not _api.Command.ca_is_enabled()['result']:
|
||||
raise errors.NotFound(reason=_('CA is not configured'))
|
||||
|
||||
def caacl_check(principal_type, principal, ca, profile_id):
|
||||
@ -538,7 +538,7 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
|
||||
yield arg
|
||||
|
||||
def execute(self, csr, all=False, raw=False, **kw):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
|
||||
ldap = self.api.Backend.ldap2
|
||||
realm = unicode(self.api.env.realm)
|
||||
@ -898,7 +898,7 @@ class cert_status(Retrieve, BaseCertMethod, VirtualCommand):
|
||||
operation = "certificate status"
|
||||
|
||||
def execute(self, request_id, **kw):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
self.check_access()
|
||||
|
||||
# Dogtag requests are uniquely identified by their number;
|
||||
@ -1006,7 +1006,7 @@ class cert_show(Retrieve, CertMethod, VirtualCommand):
|
||||
|
||||
def execute(self, serial_number, all=False, raw=False, no_members=False,
|
||||
**options):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
|
||||
# Dogtag lightweight CAs have shared serial number domain, so
|
||||
# we don't tell Dogtag the issuer (but we check the cert after).
|
||||
@ -1069,7 +1069,7 @@ class cert_revoke(PKQuery, CertMethod, VirtualCommand):
|
||||
yield option
|
||||
|
||||
def execute(self, serial_number, **kw):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
|
||||
# Make sure that the cert specified by issuer+serial exists.
|
||||
# Will raise NotFound if it does not.
|
||||
@ -1105,7 +1105,7 @@ class cert_remove_hold(PKQuery, CertMethod, VirtualCommand):
|
||||
operation = "certificate remove hold"
|
||||
|
||||
def execute(self, serial_number, **kw):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
|
||||
# Make sure that the cert specified by issuer+serial exists.
|
||||
# Will raise NotFound if it does not.
|
||||
@ -1312,7 +1312,7 @@ class cert_find(Search, CertMethod):
|
||||
complete = bool(ra_options)
|
||||
|
||||
try:
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
except errors.NotFound:
|
||||
if ra_options:
|
||||
raise
|
||||
|
@ -75,14 +75,14 @@ The following restrictions apply to profiles managed by FreeIPA:
|
||||
register = Registry()
|
||||
|
||||
|
||||
def ca_enabled_check():
|
||||
def ca_enabled_check(_api):
|
||||
"""Raise NotFound if CA is not enabled.
|
||||
|
||||
This function is defined in multiple plugins to avoid circular imports
|
||||
(cert depends on certprofile, so we cannot import cert here).
|
||||
|
||||
"""
|
||||
if not api.Command.ca_is_enabled()['result']:
|
||||
if not _api.Command.ca_is_enabled()['result']:
|
||||
raise errors.NotFound(reason=_('CA is not configured'))
|
||||
|
||||
|
||||
@ -191,7 +191,7 @@ class certprofile_find(LDAPSearch):
|
||||
)
|
||||
|
||||
def execute(self, *args, **kwargs):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
return super(certprofile_find, self).execute(*args, **kwargs)
|
||||
|
||||
|
||||
@ -206,7 +206,7 @@ class certprofile_show(LDAPRetrieve):
|
||||
)
|
||||
|
||||
def execute(self, *keys, **options):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
result = super(certprofile_show, self).execute(*keys, **options)
|
||||
|
||||
if 'out' in options:
|
||||
@ -233,7 +233,7 @@ class certprofile_import(LDAPCreate):
|
||||
PROFILE_ID_PATTERN = re.compile('^profileId=([a-zA-Z]\w*)', re.MULTILINE)
|
||||
|
||||
def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
context.profile = options['file']
|
||||
|
||||
match = self.PROFILE_ID_PATTERN.search(options['file'])
|
||||
@ -271,7 +271,7 @@ class certprofile_del(LDAPDelete):
|
||||
msg_summary = _('Deleted profile "%(value)s"')
|
||||
|
||||
def pre_callback(self, ldap, dn, *keys, **options):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
|
||||
if keys[0] in [p.profile_id for p in INCLUDED_PROFILES]:
|
||||
raise errors.ValidationError(name='profile_id',
|
||||
@ -304,7 +304,7 @@ class certprofile_mod(LDAPUpdate):
|
||||
)
|
||||
|
||||
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
||||
ca_enabled_check()
|
||||
ca_enabled_check(self.api)
|
||||
# Once a profile id is set it cannot be changed
|
||||
if 'cn' in entry_attrs:
|
||||
raise errors.ProtectedEntryError(label='certprofile', key=keys[0],
|
||||
|
Loading…
Reference in New Issue
Block a user