mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-26 08:06:30 -06:00
Reuse self.api when executing ca_enabled_check
The ca_enabled_check function is a wrapper around api.Command.ca_is_enabled. When using remote_api (e.g. during installer), ca_enabled_check invokes the *global* api instead of the remote_api. Update ca_enabled_check to explicitly receive an api object from the caller and invoke Command.ca_is_enabled through it. Part of: https://fedorahosted.org/freeipa/ticket/2614 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
parent
f54df62aba
commit
09a65df684
@ -193,7 +193,7 @@ class ca_find(LDAPSearch):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def execute(self, *keys, **options):
|
def execute(self, *keys, **options):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
result = super(ca_find, self).execute(*keys, **options)
|
result = super(ca_find, self).execute(*keys, **options)
|
||||||
if not options.get('pkey_only', False):
|
if not options.get('pkey_only', False):
|
||||||
for entry in result['result']:
|
for entry in result['result']:
|
||||||
@ -217,7 +217,7 @@ class ca_show(LDAPRetrieve):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def execute(self, *keys, **options):
|
def execute(self, *keys, **options):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
result = super(ca_show, self).execute(*keys, **options)
|
result = super(ca_show, self).execute(*keys, **options)
|
||||||
set_certificate_attrs(result['result'], options)
|
set_certificate_attrs(result['result'], options)
|
||||||
return result
|
return result
|
||||||
@ -233,7 +233,7 @@ class ca_add(LDAPCreate):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options):
|
def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
if not ldap.can_add(dn[1:]):
|
if not ldap.can_add(dn[1:]):
|
||||||
raise errors.ACIError(
|
raise errors.ACIError(
|
||||||
info=_("Insufficient 'add' privilege for entry '%s'.") % dn)
|
info=_("Insufficient 'add' privilege for entry '%s'.") % dn)
|
||||||
@ -276,7 +276,7 @@ class ca_del(LDAPDelete):
|
|||||||
msg_summary = _('Deleted CA "%(value)s"')
|
msg_summary = _('Deleted CA "%(value)s"')
|
||||||
|
|
||||||
def pre_callback(self, ldap, dn, *keys, **options):
|
def pre_callback(self, ldap, dn, *keys, **options):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
|
|
||||||
if keys[0] == IPA_CA_CN:
|
if keys[0] == IPA_CA_CN:
|
||||||
raise errors.ProtectedEntryError(
|
raise errors.ProtectedEntryError(
|
||||||
@ -298,7 +298,7 @@ class ca_mod(LDAPUpdate):
|
|||||||
msg_summary = _('Modified CA "%(value)s"')
|
msg_summary = _('Modified CA "%(value)s"')
|
||||||
|
|
||||||
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
|
|
||||||
if 'rename' in options or 'cn' in entry_attrs:
|
if 'rename' in options or 'cn' in entry_attrs:
|
||||||
if keys[0] == IPA_CA_CN:
|
if keys[0] == IPA_CA_CN:
|
||||||
@ -314,7 +314,7 @@ class CAQuery(LDAPQuery):
|
|||||||
has_output = output.standard_value
|
has_output = output.standard_value
|
||||||
|
|
||||||
def execute(self, cn, **options):
|
def execute(self, cn, **options):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
|
|
||||||
ca_id = self.api.Command.ca_show(cn)['result']['ipacaid'][0]
|
ca_id = self.api.Command.ca_show(cn)['result']['ipacaid'][0]
|
||||||
with self.api.Backend.ra_lightweight_ca as ca_api:
|
with self.api.Backend.ra_lightweight_ca as ca_api:
|
||||||
|
@ -196,8 +196,8 @@ def normalize_serial_number(num):
|
|||||||
return unicode(num)
|
return unicode(num)
|
||||||
|
|
||||||
|
|
||||||
def ca_enabled_check():
|
def ca_enabled_check(_api):
|
||||||
if not api.Command.ca_is_enabled()['result']:
|
if not _api.Command.ca_is_enabled()['result']:
|
||||||
raise errors.NotFound(reason=_('CA is not configured'))
|
raise errors.NotFound(reason=_('CA is not configured'))
|
||||||
|
|
||||||
def caacl_check(principal_type, principal, ca, profile_id):
|
def caacl_check(principal_type, principal, ca, profile_id):
|
||||||
@ -538,7 +538,7 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
|
|||||||
yield arg
|
yield arg
|
||||||
|
|
||||||
def execute(self, csr, all=False, raw=False, **kw):
|
def execute(self, csr, all=False, raw=False, **kw):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
|
|
||||||
ldap = self.api.Backend.ldap2
|
ldap = self.api.Backend.ldap2
|
||||||
realm = unicode(self.api.env.realm)
|
realm = unicode(self.api.env.realm)
|
||||||
@ -898,7 +898,7 @@ class cert_status(Retrieve, BaseCertMethod, VirtualCommand):
|
|||||||
operation = "certificate status"
|
operation = "certificate status"
|
||||||
|
|
||||||
def execute(self, request_id, **kw):
|
def execute(self, request_id, **kw):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
self.check_access()
|
self.check_access()
|
||||||
|
|
||||||
# Dogtag requests are uniquely identified by their number;
|
# Dogtag requests are uniquely identified by their number;
|
||||||
@ -1006,7 +1006,7 @@ class cert_show(Retrieve, CertMethod, VirtualCommand):
|
|||||||
|
|
||||||
def execute(self, serial_number, all=False, raw=False, no_members=False,
|
def execute(self, serial_number, all=False, raw=False, no_members=False,
|
||||||
**options):
|
**options):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
|
|
||||||
# Dogtag lightweight CAs have shared serial number domain, so
|
# Dogtag lightweight CAs have shared serial number domain, so
|
||||||
# we don't tell Dogtag the issuer (but we check the cert after).
|
# we don't tell Dogtag the issuer (but we check the cert after).
|
||||||
@ -1069,7 +1069,7 @@ class cert_revoke(PKQuery, CertMethod, VirtualCommand):
|
|||||||
yield option
|
yield option
|
||||||
|
|
||||||
def execute(self, serial_number, **kw):
|
def execute(self, serial_number, **kw):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
|
|
||||||
# Make sure that the cert specified by issuer+serial exists.
|
# Make sure that the cert specified by issuer+serial exists.
|
||||||
# Will raise NotFound if it does not.
|
# Will raise NotFound if it does not.
|
||||||
@ -1105,7 +1105,7 @@ class cert_remove_hold(PKQuery, CertMethod, VirtualCommand):
|
|||||||
operation = "certificate remove hold"
|
operation = "certificate remove hold"
|
||||||
|
|
||||||
def execute(self, serial_number, **kw):
|
def execute(self, serial_number, **kw):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
|
|
||||||
# Make sure that the cert specified by issuer+serial exists.
|
# Make sure that the cert specified by issuer+serial exists.
|
||||||
# Will raise NotFound if it does not.
|
# Will raise NotFound if it does not.
|
||||||
@ -1312,7 +1312,7 @@ class cert_find(Search, CertMethod):
|
|||||||
complete = bool(ra_options)
|
complete = bool(ra_options)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
except errors.NotFound:
|
except errors.NotFound:
|
||||||
if ra_options:
|
if ra_options:
|
||||||
raise
|
raise
|
||||||
|
@ -75,14 +75,14 @@ The following restrictions apply to profiles managed by FreeIPA:
|
|||||||
register = Registry()
|
register = Registry()
|
||||||
|
|
||||||
|
|
||||||
def ca_enabled_check():
|
def ca_enabled_check(_api):
|
||||||
"""Raise NotFound if CA is not enabled.
|
"""Raise NotFound if CA is not enabled.
|
||||||
|
|
||||||
This function is defined in multiple plugins to avoid circular imports
|
This function is defined in multiple plugins to avoid circular imports
|
||||||
(cert depends on certprofile, so we cannot import cert here).
|
(cert depends on certprofile, so we cannot import cert here).
|
||||||
|
|
||||||
"""
|
"""
|
||||||
if not api.Command.ca_is_enabled()['result']:
|
if not _api.Command.ca_is_enabled()['result']:
|
||||||
raise errors.NotFound(reason=_('CA is not configured'))
|
raise errors.NotFound(reason=_('CA is not configured'))
|
||||||
|
|
||||||
|
|
||||||
@ -191,7 +191,7 @@ class certprofile_find(LDAPSearch):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def execute(self, *args, **kwargs):
|
def execute(self, *args, **kwargs):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
return super(certprofile_find, self).execute(*args, **kwargs)
|
return super(certprofile_find, self).execute(*args, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
@ -206,7 +206,7 @@ class certprofile_show(LDAPRetrieve):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def execute(self, *keys, **options):
|
def execute(self, *keys, **options):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
result = super(certprofile_show, self).execute(*keys, **options)
|
result = super(certprofile_show, self).execute(*keys, **options)
|
||||||
|
|
||||||
if 'out' in options:
|
if 'out' in options:
|
||||||
@ -233,7 +233,7 @@ class certprofile_import(LDAPCreate):
|
|||||||
PROFILE_ID_PATTERN = re.compile('^profileId=([a-zA-Z]\w*)', re.MULTILINE)
|
PROFILE_ID_PATTERN = re.compile('^profileId=([a-zA-Z]\w*)', re.MULTILINE)
|
||||||
|
|
||||||
def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options):
|
def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
context.profile = options['file']
|
context.profile = options['file']
|
||||||
|
|
||||||
match = self.PROFILE_ID_PATTERN.search(options['file'])
|
match = self.PROFILE_ID_PATTERN.search(options['file'])
|
||||||
@ -271,7 +271,7 @@ class certprofile_del(LDAPDelete):
|
|||||||
msg_summary = _('Deleted profile "%(value)s"')
|
msg_summary = _('Deleted profile "%(value)s"')
|
||||||
|
|
||||||
def pre_callback(self, ldap, dn, *keys, **options):
|
def pre_callback(self, ldap, dn, *keys, **options):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
|
|
||||||
if keys[0] in [p.profile_id for p in INCLUDED_PROFILES]:
|
if keys[0] in [p.profile_id for p in INCLUDED_PROFILES]:
|
||||||
raise errors.ValidationError(name='profile_id',
|
raise errors.ValidationError(name='profile_id',
|
||||||
@ -304,7 +304,7 @@ class certprofile_mod(LDAPUpdate):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
||||||
ca_enabled_check()
|
ca_enabled_check(self.api)
|
||||||
# Once a profile id is set it cannot be changed
|
# Once a profile id is set it cannot be changed
|
||||||
if 'cn' in entry_attrs:
|
if 'cn' in entry_attrs:
|
||||||
raise errors.ProtectedEntryError(label='certprofile', key=keys[0],
|
raise errors.ProtectedEntryError(label='certprofile', key=keys[0],
|
||||||
|
Loading…
Reference in New Issue
Block a user