mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
6d02eddd3e
Replace the @PYTHONSHEBANG@ substitution with a valid #!/usr/bin/python3 shebang. This turns Python .in files into valid Python files. The files can now be checked with pylint and IDEs recognize the files as Python files. The shebang is still replaced with "#!$(PYTHON) -E" to support platform-python. Related: https://pagure.io/freeipa/issue/7984 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Francois Cami <fcami@redhat.com>
52 lines
1.4 KiB
Python
52 lines
1.4 KiB
Python
#!/usr/bin/python3
|
|
|
|
from __future__ import print_function
|
|
|
|
import argparse
|
|
import os
|
|
|
|
from ipalib import constants
|
|
from ipalib.config import Env
|
|
from ipaplatform.paths import paths
|
|
from ipaserver.secrets.client import CustodiaClient
|
|
|
|
|
|
def main():
|
|
env = Env()
|
|
env._finalize()
|
|
|
|
parser = argparse.ArgumentParser("ipa-pki-retrieve-key")
|
|
parser.add_argument("keyname", type=str)
|
|
parser.add_argument("servername", type=str)
|
|
|
|
args = parser.parse_args()
|
|
keyname = "ca_wrapped/{}".format(args.keyname)
|
|
|
|
service = constants.PKI_GSSAPI_SERVICE_NAME
|
|
client_keyfile = os.path.join(paths.PKI_TOMCAT, service + '.keys')
|
|
client_keytab = os.path.join(paths.PKI_TOMCAT, service + '.keytab')
|
|
|
|
for filename in [client_keyfile, client_keytab]:
|
|
if not os.access(filename, os.R_OK):
|
|
parser.error(
|
|
"File '{}' missing or not readable.\n".format(filename)
|
|
)
|
|
|
|
# pylint: disable=no-member
|
|
client = CustodiaClient(
|
|
client_service="{}@{}".format(service, env.host),
|
|
server=args.servername,
|
|
realm=env.realm,
|
|
ldap_uri="ldaps://" + env.host,
|
|
keyfile=client_keyfile,
|
|
keytab=client_keytab,
|
|
)
|
|
|
|
# Print the response JSON to stdout; it is already in the format
|
|
# that Dogtag's ExternalProcessKeyRetriever expects
|
|
print(client.fetch_key(keyname, store=False))
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|