[Freeipa-devel] [PATCH] dogtag clean-up
John Dennis
jdennis at redhat.com
Tue Dec 8 22:06:06 UTC 2009
On 12/02/2009 07:01 PM, John Dennis wrote:
> The essence of this patch is to return the correct types from
> certificate plugins and avoid scraping Javascript from dogtag (CMS)
> html responses with better error handling. Instead we ask CMS to
> always return our data as XML documents which can be much more
> robustly parsed (including properly handling issues such as character
> encoding, escapes, etc.).
>
> Fundamentally the process is split into two parts. A parsing routine
> which returns a dict with all the values from CMS in the correct
> Python types for IPA. The possible values returned from CMS are fully
> documented and can easily be read via the documentation link in HTML
> posted at the bottom (plus in the code of course). The command plugin
> invokes the parsing routine and picks out from the parse result dict
> the values it wants to return (and may optionaly convert the type as
> needed for XMLRPC, this is fully documented, in particular serial
> numbers need special handling in XMLRPC). This model allows us to use
> different parsing methods without disturbing the logic in the command
> plugin should that ever be necessary (i.e. clear separation of
> responsibilities).
>
> Status results are never returned in the command result. Instead we
> use the defined exception handling logic for IPA XMLRPC. If the
> command fails in some fashion we return a CertificateOperationError
> exception. On the receiving end if no exception has been thrown it
> knows the values returned are valid.
>
> Careful attention has been paid to the types being used. Strings are
> always unicode, integral values are represented as either int or long
> objects. No longer are integral values represented as strings with
> confusion as to thier radix representation (with the notable exception
> of serial numbers which must be passed through XMLRPC as decimal
> strings, the rules for this are fully documented).
>
> The logic in the selfsign and dogtag plugins have been brought into
> alignment.
>
> Much more extensive error checking has been added to selfsign to
> handle issues concering serial number operations.
>
> A new error exception has been added (CertificateOperationError).
>
> Error messages have been localized.
>
> The check_ra.py test was updated (unfortunately this test requires a
> configured server so I used my test server).
>
> Extensive documentation has been added to many of the routines.
>
> Easy to browse HTML documentation for the dogtag plugin can be found
> here (for the time being)
>
> http://jdennis.fedorapeople.org/ipa/dogtag
>
> I've noticed we have a bit of code duplication going on with CMS
> interactions. In the future we shold consolodate all CMS code in one
> library (module).
>
> This patch has been lingering in my private repo too long. I no longer
> want to keep merging as others modify the same code :-) So here it
> is. Other components of the fixes have already been posted as patches.
The rebased patch is attached. May the gods of patchdom shine upon my
face and we'll celebrate it's successful application :-)
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-rebase-dogtag-clean-up-patch.patch
Type: text/x-patch
Size: 105064 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20091208/853e1a35/attachment.bin>
More information about the Freeipa-devel
mailing list