Server Roles: provide an API for setting CA renewal master

`ipa config-mod` gained '--ca-renewal-master' options which can be used to
set CA renewal master to a different server. Obviously, this server has to
have CA role enabled.

https://fedorahosted.org/freeipa/ticket/5689
http://www.freeipa.org/page/V4/Server_Roles

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
This commit is contained in:
Martin Babinsky 2016-05-30 18:51:48 +02:00 committed by Martin Basti
parent 5f7086e718
commit 21def4fde0
3 changed files with 26 additions and 4 deletions

View File

@ -789,9 +789,10 @@ args: 0,1,1
option: Str('version?')
output: Output('result')
command: config_mod
args: 0,25,3
args: 0,26,3
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('ca_renewal_master_server?', autofill=False)
option: Str('delattr*', cli_name='delattr')
option: StrEnum('ipaconfigstring*', autofill=False, cli_name='ipaconfigstring', values=[u'AllowNThash', u'KDC:Disable Last Success', u'KDC:Disable Lockout', u'KDC:Disable Default Preauth for SPNs'])
option: Str('ipadefaultemaildomain?', autofill=False, cli_name='emaildomain')

View File

@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=179
# Last change: mbabinsk - Server Roles: make server-{show,find} utilize role information
IPA_API_VERSION_MINOR=180
# Last change: mbabink - Server Roles: provide an API for setting CA renewal master

View File

@ -243,7 +243,7 @@ class config(LDAPObject):
'ca_renewal_master_server?',
label=_('IPA CA renewal master'),
doc=_('Renewal master for IPA certificate authority'),
flags={'virtual_attribute', 'no_create', 'no_update'}
flags={'virtual_attribute', 'no_create'}
)
)
@ -377,8 +377,29 @@ class config_mod(LDAPUpdate):
raise errors.ValidationError(name=failedattr,
error=_('SELinux user map default user not in order list'))
if 'ca_renewal_master_server' in options:
new_master = options['ca_renewal_master_server']
try:
self.api.Object.server.get_dn_if_exists(new_master)
except errors.NotFound:
self.api.Object.server.handle_not_found(new_master)
backend = self.api.Backend.serverroles
backend.config_update(ca_renewal_master_server=new_master)
return dn
def exc_callback(self, keys, options, exc, call_func,
*call_args, **call_kwargs):
if (isinstance(exc, errors.EmptyModlist) and
call_func.__name__ == 'update_entry' and
'ca_renewal_master_server' in options):
return
super(config_mod, self).exc_callback(
keys, options, exc, call_func, *call_args, **call_kwargs)
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
self.obj.show_servroles_attributes(entry_attrs, **options)
return dn