mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
Server Roles: provide an API for setting CA renewal master
`ipa config-mod` gained '--ca-renewal-master' options which can be used to set CA renewal master to a different server. Obviously, this server has to have CA role enabled. https://fedorahosted.org/freeipa/ticket/5689 http://www.freeipa.org/page/V4/Server_Roles Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
This commit is contained in:
parent
5f7086e718
commit
21def4fde0
3
API.txt
3
API.txt
@ -789,9 +789,10 @@ args: 0,1,1
|
||||
option: Str('version?')
|
||||
output: Output('result')
|
||||
command: config_mod
|
||||
args: 0,25,3
|
||||
args: 0,26,3
|
||||
option: Str('addattr*', cli_name='addattr')
|
||||
option: Flag('all', autofill=True, cli_name='all', default=False)
|
||||
option: Str('ca_renewal_master_server?', autofill=False)
|
||||
option: Str('delattr*', cli_name='delattr')
|
||||
option: StrEnum('ipaconfigstring*', autofill=False, cli_name='ipaconfigstring', values=[u'AllowNThash', u'KDC:Disable Last Success', u'KDC:Disable Lockout', u'KDC:Disable Default Preauth for SPNs'])
|
||||
option: Str('ipadefaultemaildomain?', autofill=False, cli_name='emaildomain')
|
||||
|
4
VERSION
4
VERSION
@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
|
||||
# #
|
||||
########################################################
|
||||
IPA_API_VERSION_MAJOR=2
|
||||
IPA_API_VERSION_MINOR=179
|
||||
# Last change: mbabinsk - Server Roles: make server-{show,find} utilize role information
|
||||
IPA_API_VERSION_MINOR=180
|
||||
# Last change: mbabink - Server Roles: provide an API for setting CA renewal master
|
||||
|
@ -243,7 +243,7 @@ class config(LDAPObject):
|
||||
'ca_renewal_master_server?',
|
||||
label=_('IPA CA renewal master'),
|
||||
doc=_('Renewal master for IPA certificate authority'),
|
||||
flags={'virtual_attribute', 'no_create', 'no_update'}
|
||||
flags={'virtual_attribute', 'no_create'}
|
||||
)
|
||||
)
|
||||
|
||||
@ -377,8 +377,29 @@ class config_mod(LDAPUpdate):
|
||||
raise errors.ValidationError(name=failedattr,
|
||||
error=_('SELinux user map default user not in order list'))
|
||||
|
||||
if 'ca_renewal_master_server' in options:
|
||||
new_master = options['ca_renewal_master_server']
|
||||
|
||||
try:
|
||||
self.api.Object.server.get_dn_if_exists(new_master)
|
||||
except errors.NotFound:
|
||||
self.api.Object.server.handle_not_found(new_master)
|
||||
|
||||
backend = self.api.Backend.serverroles
|
||||
backend.config_update(ca_renewal_master_server=new_master)
|
||||
|
||||
return dn
|
||||
|
||||
def exc_callback(self, keys, options, exc, call_func,
|
||||
*call_args, **call_kwargs):
|
||||
if (isinstance(exc, errors.EmptyModlist) and
|
||||
call_func.__name__ == 'update_entry' and
|
||||
'ca_renewal_master_server' in options):
|
||||
return
|
||||
|
||||
super(config_mod, self).exc_callback(
|
||||
keys, options, exc, call_func, *call_args, **call_kwargs)
|
||||
|
||||
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
|
||||
self.obj.show_servroles_attributes(entry_attrs, **options)
|
||||
return dn
|
||||
|
Loading…
Reference in New Issue
Block a user