[Freeipa-devel] Reasons for not using certmonger DBus API
David Kupka
dkupka at redhat.com
Wed Jul 30 13:51:08 UTC 2014
On 07/23/2014 03:45 PM, Nalin Dahyabhai wrote:
> On Wed, Jul 23, 2014 at 10:12:39AM +0200, Martin Kosek wrote:
>> Certmonger API looked complete enough to pull this off:
>> https://git.fedorahosted.org/cgit/certmonger.git/tree/doc/api.txt
>>
>> If I am wrong, please tell me.
>
> No, it's meant to be complete -- the getcert command only uses the APIs
> to talk to the daemon, so they provide at least what it needs.
>
> Two words of caution:
> * That file's manually maintained, so it might not completely reflect
> what's available. The introspection data's generated at runtime, so
> if you poke the service with an introspection request, or using
> d-feet, which does so under the covers, you might spot discrepancies.
> It probably goes without saying, but please report any that you find.
> * The majority of properties are currently marked read-only, and you
> currently have to use the 'modify' API request to change them. Mostly
> this is a result of 'getcert' not having needed anything more than
> that, and properties having been added after the initial versions, so
> it's not set in stone.
>
> HTH,
>
> Nalin
>
In fact it is almost enough complete for us. The only operation I can't
find is 'write ca_external_helper'.
add_principal_to_cas and remove_principal_from_cas are modifying this
entry in ca file. Certmonger provide 'get_location' DBus method that
returns value of this entry but I can't find any 'set_location' method,
writable property or other way to modify it over DBus.
Am I searching wrong? If not I looked in certmonger code and think that
I will be able to add the missing functionality. But I'm unsure what is
the preferred way, I can think of two:
1. set_location method
2. read-write location/ca_external_helper property
--
David Kupka
More information about the Freeipa-devel
mailing list