[Freeipa-devel] Reasons for not using certmonger DBus API

Jan Cholasta jcholast at redhat.com
Wed Jul 30 14:28:50 UTC 2014 

Dne 30.7.2014 v 15:51 David Kupka napsal(a):
> On 07/23/2014 03:45 PM, Nalin Dahyabhai wrote:
>> On Wed, Jul 23, 2014 at 10:12:39AM +0200, Martin Kosek wrote:
>>> Certmonger API looked complete enough to pull this off:
>>> https://git.fedorahosted.org/cgit/certmonger.git/tree/doc/api.txt
>>>
>>> If I am wrong, please tell me.
>>
>> No, it's meant to be complete -- the getcert command only uses the APIs
>> to talk to the daemon, so they provide at least what it needs.
>>
>> Two words of caution:
>> * That file's manually maintained, so it might not completely reflect
>>    what's available.  The introspection data's generated at runtime, so
>>    if you poke the service with an introspection request, or using
>>    d-feet, which does so under the covers, you might spot discrepancies.
>>    It probably goes without saying, but please report any that you find.
>> * The majority of properties are currently marked read-only, and you
>>    currently have to use the 'modify' API request to change them.  Mostly
>>    this is a result of 'getcert' not having needed anything more than
>>    that, and properties having been added after the initial versions, so
>>    it's not set in stone.
>>
>> HTH,
>>
>> Nalin
>>
> In fact it is almost enough complete for us. The only operation I can't
> find is 'write ca_external_helper'.
> add_principal_to_cas and remove_principal_from_cas are modifying this
> entry in ca file. Certmonger provide 'get_location' DBus method that
> returns value of this entry but I can't find any 'set_location' method,
> writable property or other way to modify it over DBus.
> Am I searching wrong? If not I looked in certmonger code and think that
> I will be able to add the missing functionality. But I'm unsure what is
> the preferred way, I can think of two:
> 1. set_location method
> 2. read-write location/ca_external_helper property
>

These two functions are used to force local hostname in certmonger. IMO 
the right thing to do here would be to drop these two functions and fix 
ipa-submit so that it reads the required configuration from 
/etc/ipa/default.conf.

-- 
Jan Cholasta

More information about the Freeipa-devel mailing list