Server Roles: provide an API for setting CA renewal master

`ipa config-mod` gained '--ca-renewal-master' options which can be used to set CA renewal master to a different server. Obviously, this server has to have CA role enabled. https://fedorahosted.org/freeipa/ticket/5689 http://www.freeipa.org/page/V4/Server_Roles Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
2025-01-13 01:31:56 -06:00 · 2016-05-30 18:51:48 +02:00 · 2016-05-30 18:51:48 +02:00 · 21def4fde0
commit 21def4fde0
parent 5f7086e718
3 changed files with 26 additions and 4 deletions
--- a/API.txt
+++ b/API.txt
@ -789,9 +789,10 @@ args: 0,1,1
 option: Str('version?')
 output: Output('result')
 command: config_mod
-args: 0,25,3
+args: 0,26,3
 option: Str('addattr*', cli_name='addattr')
 option: Flag('all', autofill=True, cli_name='all', default=False)
 option: Str('ca_renewal_master_server?', autofill=False)
 option: Str('delattr*', cli_name='delattr')
 option: StrEnum('ipaconfigstring*', autofill=False, cli_name='ipaconfigstring', values=[u'AllowNThash', u'KDC:Disable Last Success', u'KDC:Disable Lockout', u'KDC:Disable Default Preauth for SPNs'])
 option: Str('ipadefaultemaildomain?', autofill=False, cli_name='emaildomain')
--- a/4
+++ b/4
@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=179
+IPA_API_VERSION_MINOR=180
-# Last change: mbabinsk - Server Roles: make server-{show,find} utilize role information
+# Last change: mbabink - Server Roles: provide an API for setting CA renewal master
--- a/ipaserver/plugins/config.py
+++ b/ipaserver/plugins/config.py
@ -243,7 +243,7 @@ class config(LDAPObject):
            'ca_renewal_master_server?',
            label=_('IPA CA renewal master'),
            doc=_('Renewal master for IPA certificate authority'),
-            flags={'virtual_attribute', 'no_create', 'no_update'}
+            flags={'virtual_attribute', 'no_create'}
        )
    )
@ -377,8 +377,29 @@ class config_mod(LDAPUpdate):
                raise errors.ValidationError(name=failedattr,
                    error=_('SELinux user map default user not in order list'))
        if 'ca_renewal_master_server' in options:
            new_master = options['ca_renewal_master_server']
            try:
                self.api.Object.server.get_dn_if_exists(new_master)
            except errors.NotFound:
                self.api.Object.server.handle_not_found(new_master)
            backend = self.api.Backend.serverroles
            backend.config_update(ca_renewal_master_server=new_master)
        return dn
    def exc_callback(self, keys, options, exc, call_func,
                     *call_args, **call_kwargs):
        if (isinstance(exc, errors.EmptyModlist) and
                call_func.__name__ == 'update_entry' and
                'ca_renewal_master_server' in options):
            return
        super(config_mod, self).exc_callback(
            keys, options, exc, call_func, *call_args, **call_kwargs)
    def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
        self.obj.show_servroles_attributes(entry_attrs, **options)
        return dn