IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-acme-manage: user a cookie created for the communication with dogtag REST endpoints

Browse Source 
The cookie in ACME processing was supposed to be passed as a part of the
REST request but we did not pass those additional headers. Pylint on
Rawhide noticed that headers objects were left unused.

2020-11-13T11:26:46.1038078Z Please wait ...
2020-11-13T11:26:46.1038385Z
2020-11-13T11:28:02.8563776Z ************* Module ipaserver.install.ipa_acme_manage
2020-11-13T11:28:02.8565974Z ipaserver/install/ipa_acme_manage.py:50: [W0612(unused-variable), acme_state.__exit__] Unused variable 'headers')
2020-11-13T11:28:02.8567071Z ipaserver/install/ipa_acme_manage.py:57: [W0612(unused-variable), acme_state.enable] Unused variable 'headers')
2020-11-13T11:28:02.8568031Z ipaserver/install/ipa_acme_manage.py:63: [W0612(unused-variable), acme_state.disable] Unused variable 'headers')

Fixes: https://pagure.io/freeipa/issue/8584
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Alexander Bokovoy 2020-11-13 14:44:00 +02:00
parent b36f224892
commit 935a461582
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ipaserver/install/ipa_acme_manage.py
View File

@ -25,13 +25,15 @@ from ipaserver.plugins.dogtag import RestClient
class acme_state(RestClient): class acme_state(RestClient):
def _request(self, url): def _request(self, url, headers=None):
headers = headers or {}
return dogtag.https_request( return dogtag.https_request(
self.ca_host, 8443, self.ca_host, 8443,
url=url, url=url,
cafile=self.ca_cert, cafile=self.ca_cert,
client_certfile=paths.RA_AGENT_PEM, client_certfile=paths.RA_AGENT_PEM,
client_keyfile=paths.RA_AGENT_KEY, client_keyfile=paths.RA_AGENT_KEY,
headers=headers,
method='POST' method='POST'
) )
@ -48,20 +50,21 @@ class acme_state(RestClient):
def __exit__(self, exc_type, exc_value, traceback): def __exit__(self, exc_type, exc_value, traceback):
"""Log out of the REST API""" """Log out of the REST API"""
headers = dict(Cookie=self.cookie) headers = dict(Cookie=self.cookie)
status, unused, _unused = self._request('/acme/logout') status, unused, _unused = self._request('/acme/logout', headers=headers)
object.__setattr__(self, 'cookie', None) object.__setattr__(self, 'cookie', None)
if status != 204: if status != 204:
raise RuntimeError('Failed to logout') raise RuntimeError('Failed to logout')
def enable(self): def enable(self):
headers = dict(Cookie=self.cookie) headers = dict(Cookie=self.cookie)
status, unused, _unused = self._request('/acme/enable') status, unused, _unused = self._request('/acme/enable', headers=headers)
if status != 200: if status != 200:
raise RuntimeError('Failed to enable ACME') raise RuntimeError('Failed to enable ACME')
def disable(self): def disable(self):
headers = dict(Cookie=self.cookie) headers = dict(Cookie=self.cookie)
status, unused, _unused = self._request('/acme/disable') status, unused, _unused = self._request('/acme/disable',
headers=headers)
if status != 200: if status != 200:
raise RuntimeError('Failed to disble ACME') raise RuntimeError('Failed to disble ACME')