IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

certprofile: add ability to update profile config in Dogtag

Browse Source 
Add the `--file=FILENAME' option to `certprofile-mod' which, when
given, will update the profile configuration in Dogtag to the
contents of the file.

Fixes: https://fedorahosted.org/freeipa/ticket/5093
Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Fraser Tweedale 2015-07-02 04:09:31 -04:00 committed by Tomas Babej
parent bed6f402e2
commit 462e0b9eb1
4 changed files with 48 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
API.txt
View File

@ -731,12 +731,13 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: PrimaryKey('value', None, None) output: PrimaryKey('value', None, None)
command: certprofile_mod command: certprofile_mod
args: 1,10,3 args: 1,11,3
arg: Str('cn', attribute=True, cli_name='id', multivalue=False, primary_key=True, query=True, required=True) arg: Str('cn', attribute=True, cli_name='id', multivalue=False, primary_key=True, query=True, required=True)
option: Str('addattr*', cli_name='addattr', exclude='webui') option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('delattr*', cli_name='delattr', exclude='webui') option: Str('delattr*', cli_name='delattr', exclude='webui')
option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False) option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False)
option: File('file?', cli_name='file')
option: Bool('ipacertprofilestoreissued', attribute=True, autofill=False, cli_name='store', default=True, multivalue=False, required=False) option: Bool('ipacertprofilestoreissued', attribute=True, autofill=False, cli_name='store', default=True, multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Str('rename', cli_name='rename', multivalue=False, primary_key=True, required=False) option: Str('rename', cli_name='rename', multivalue=False, primary_key=True, required=False)

4
VERSION
View File

@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# # # #
######################################################## ########################################################
IPA_API_VERSION_MAJOR=2 IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=140 IPA_API_VERSION_MINOR=141
# Last change: ftweedal: add certprofile-show --out option # Last change: ftweedal: add certprofile-mod --file option

35
ipalib/plugins/certprofile.py
View File

@ -13,6 +13,7 @@ from ipalib.plugins.baseldap import (
LDAPDelete, LDAPUpdate, LDAPRetrieve) LDAPDelete, LDAPUpdate, LDAPRetrieve)
from ipalib import ngettext from ipalib import ngettext
from ipalib.text import _ from ipalib.text import _
from ipapython.version import API_VERSION
from ipalib import errors from ipalib import errors
@ -245,7 +246,6 @@ class certprofile_import(LDAPCreate):
def post_callback(self, ldap, dn, entry_attrs, *keys, **options): def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
"""Import the profile into Dogtag and enable it. """Import the profile into Dogtag and enable it.
If the operation succeeds, update the LDAP entry to 'enabled'.
If the operation fails, remove the LDAP entry. If the operation fails, remove the LDAP entry.
""" """
try: try:
@ -281,6 +281,35 @@ class certprofile_mod(LDAPUpdate):
__doc__ = _("Modify Certificate Profile configuration.") __doc__ = _("Modify Certificate Profile configuration.")
msg_summary = _('Modified Certificate Profile "%(value)s"') msg_summary = _('Modified Certificate Profile "%(value)s"')
def execute(self, *args, **kwargs): takes_options = LDAPUpdate.takes_options + (
File('file?',
label=_('File containing profile configuration'),
cli_name='file',
flags=('virtual_attribute',),
),
)
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
ca_enabled_check() ca_enabled_check()
return super(certprofile_mod, self).execute(*args, **kwargs) if 'file' in options:
with self.api.Backend.ra_certprofile as profile_api:
profile_api.disable_profile(keys[0])
try:
profile_api.update_profile(keys[0], options['file'])
finally:
profile_api.enable_profile(keys[0])
return dn
def execute(self, *keys, **options):
try:
return super(certprofile_mod, self).execute(*keys, **options)
except errors.EmptyModlist:
if 'file' in options:
# The profile data in Dogtag was updated.
# Do not fail; return result of certprofile-show instead
return self.api.Command.certprofile_show(keys[0],
version=API_VERSION)
else:
# This case is actually an error; re-raise
raise

12
ipaserver/plugins/dogtag.py
View File

@ -2089,6 +2089,18 @@ class ra_certprofile(RestClient):
'GET', profile_id + '/raw') 'GET', profile_id + '/raw')
return resp_body return resp_body
def update_profile(self, profile_id, profile_data):
"""
Update the profile configuration in Dogtag
"""
self._ssldo('PUT', profile_id + '/raw',
headers={
'Content-type': 'application/xml',
'Accept': 'application/json',
},
body=profile_data
)
def enable_profile(self, profile_id): def enable_profile(self, profile_id):
""" """
Enable the profile in Dogtag Enable the profile in Dogtag