upgrade: always add profile to tracking requests

The profile for every Dogtag system cert tracking request is now explicitly specified. So remove the code that handled unspecified profiles. Part of: https://pagure.io/freeipa/issue/7991 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2019-06-26 13:52:20 +10:00
parent 588f1ddce2
commit 4f4e2f96b0
2 changed files with 3 additions and 5 deletions
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -97,7 +97,7 @@ class DogtagInstance(service.Service):

    # Mapping of nicknames for tracking requests, and the profile to
    # use for that certificate.  'configure_renewal()' reads this
-    # dict and adds the profile if configured.
+    # dict.  The profile MUST be specified.
    tracking_reqs = dict()

    # token for CA and subsystem certificates. For now, only internal token
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -974,7 +974,7 @@ def certificate_renewal_update(ca, ds, http):

    requests = []

-    for nick in cainstance.CAInstance.tracking_reqs:
+    for nick, profile in cainstance.CAInstance.tracking_reqs.items():
        req = {
            'cert-database': paths.PKI_TOMCAT_ALIAS_DIR,
            'cert-nickname': nick,
@@ -982,10 +982,8 @@ def certificate_renewal_update(ca, ds, http):
            'cert-presave-command': template % 'stop_pkicad',
            'cert-postsave-command':
                (template % 'renew_ca_cert "{}"'.format(nick)),
+            'template-profile': profile,
        }
-        profile = cainstance.CAInstance.tracking_reqs.get(nick)
-        if profile:
-            req['template-profile'] = profile
        requests.append(req)

    requests.append(