Remove workaround for CA running check

A workaround was introduced for ticket #4676 that used wget to perform an (unauthenticated) https request to check the CA status. Later, wget was changed to curl (the request remained unauthenticated). Remove the workaround and use an http request (no TLS) to check the CA status. Also remove the now-unused unauthenticated_http_request method, and update specfile to remove ipalib dependency on curl. Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-01-20 18:35:15 +11:00 · 2016-01-20 18:35:15 +11:00 · fd7ea2c939
commit fd7ea2c939
parent c152e10075
3 changed files with 4 additions and 48 deletions
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@ -464,7 +464,6 @@ Requires: python-pyasn1
 Requires: python-dateutil
 Requires: python-yubico >= 1.2.3
 Requires: python-sss-murmur
-Requires: curl
 Requires: dbus-python
 Requires: python-setuptools
 Requires: python-six
@ -509,7 +508,6 @@ Requires: python3-pyasn1
 Requires: python3-dateutil
 Requires: python3-yubico >= 1.2.3
 Requires: python3-sss-murmur
-Requires: curl
 Requires: python3-dbus
 Requires: python3-setuptools
 Requires: python3-six
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@ -199,30 +199,7 @@ class RedHatCAService(RedHatService):
        op_timeout = time.time() + timeout
        while time.time() < op_timeout:
            try:
-                # FIXME https://fedorahosted.org/freeipa/ticket/4716
-                # workaround
-                #
-                # status = dogtag.ca_status(use_proxy=use_proxy)
-                #
-                port = 8443
-
-                url = "https://%(host_port)s%(path)s" % {
-                    "host_port": ipautil.format_netloc(api.env.ca_host, port),
-                    "path": "/ca/admin/ca/getStatus"
-                }
-
-                args = [
-                    paths.BIN_CURL,
-                    '-o', '-',
-                    '--connect-timeout', '30',
-                    '-k',
-                    url
-                ]
-
-                result = ipautil.run(args, capture_output=True)
-
-                status = dogtag._parse_ca_status(result.output)
-                # end of workaround
+                status = dogtag.ca_status()
            except Exception as e:
                status = 'check interrupted due to error: %s' % e
            root_logger.debug('The CA status is: %s' % status)
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@ -103,7 +103,7 @@ def _parse_ca_status(body):
        raise error_from_xml(doc, _("Retrieving CA status failed: %s"))


-def ca_status(ca_host=None, use_proxy=True):
+def ca_status(ca_host=None):
    """Return the status of the CA, and the httpd proxy in front of it

    The returned status can be:
@ -113,13 +113,8 @@ def ca_status(ca_host=None, use_proxy=True):
    """
    if ca_host is None:
        ca_host = api.env.ca_host
-    if use_proxy:
-        # Use port 443 to test the proxy as well
-        ca_port = 443
-    else:
-        ca_port = 8443
-    status, headers, body = unauthenticated_https_request(
-        ca_host, ca_port, '/ca/admin/ca/getStatus')
+    status, headers, body = http_request(
+        ca_host, 8080, '/ca/admin/ca/getStatus')
    if status == 503:
        # Service temporarily unavailable
        return status
@ -175,20 +170,6 @@ def http_request(host, port, url, **kw):
        'http', host, port, url, httplib.HTTPConnection, body)


-def unauthenticated_https_request(host, port, url, **kw):
-    """
-    :param url: The path (not complete URL!) to post to.
-    :param kw: Keyword arguments to encode into POST body.
-    :return:   (http_status, http_headers, http_body)
-                as (integer, dict, str)
-
-    Perform an unauthenticated HTTPS request.
-    """
-    body = urlencode(kw)
-    return _httplib_request(
-        'https', host, port, url, httplib.HTTPSConnection, body)
-
-
 def _httplib_request(
        protocol, host, port, path, connection_factory, request_body,
        method='POST', headers=None):