[Freeipa-devel] [PATCHES] 0014, 0016 [RFE] ipa migrate-ds should have an argument to specify cert to use for DS connection

Martin Basti mbasti at redhat.com
Mon Oct 21 08:29:12 UTC 2013 

On Mon, 2013-10-21 at 09:29 +0200, Martin Kosek wrote:

> On 10/18/2013 05:00 PM, Martin Basti wrote:
> > Patch attached.
> > 
> > Ticket:
> > https://fedorahosted.org/freeipa/ticket/3243
> > 
> 
> I did not test the patch, just looked at the code and I have few comments:
> 
> 1) Please put the ipalib/cli.py change to a sepparate change, we may want to
> backport it separately some day and this will make it easier.
> 

Separated. 
Patch 0014-2 -- CLI
Patch 0016 -- migration


> 2) When possible, please try to keep the lines up to 80 characters

Sorry. I will to try keep length.



> 3) This part is redundant and may hide the real exception source as you are
> re-raising it:
> 
> +            except Exception as e:
> +                raise e
> 
> 
> I would rather do it like that, to keep it simple:
> 
> +        cacert = None
> +        if options.get('cacertfile') is not None:
> +            #store CA cert into file
> +            with(tempfile.NamedTemporaryFile(prefix='ipa-', suffix='.crt',
> delete=False)) as tmp_ca_cert_f:
> +                tmp_ca_cert_f.write(options['cacertfile'])
> +                cacert = tmp_ca_cert_f.name
> +
> +        #start connection
> +        try:
> +             ds_ldap.connect(bind_dn=options['binddn'], bind_pw=bindpw,
> tls_cacertfile=cacert)
> +        finally:
> +            #Cert file is no longer required
> +            try:
> +                os.remove(tmp_ca_cert_f.name)
> +            except OSError:
> +                pass

Fixed



> HTH,
> Martin


NOTE: Patch 0016 also changes help description of --ca-cert-file param

Thank you for review and advice.


-- 
Martin Basti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20131021/430da0e7/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0014-2-Changed-CLI-to-allow-to-use-FILE-as-optional-param.patch
Type: text/x-patch
Size: 1130 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20131021/430da0e7/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbasti-0016-migrate-ds-added-ca-cert-file-FILE-option.patch
Type: text/x-patch
Size: 3073 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20131021/430da0e7/attachment-0001.bin>

More information about the Freeipa-devel mailing list