[Freeipa-devel] [PATCHES 0001-0005] Profile management commands
Martin Basti
mbasti at redhat.com
Mon May 4 16:35:45 UTC 2015
On 04/05/15 15:36, Fraser Tweedale wrote:
> Hello,
>
> Please review the first cut of the 'certprofile' command and other
> changes associated with the Certificate Profiles feature[1].
>
> Custom profiles can't be used yet because 'cert-request' has not
> been updated, but you can manage the profiles (find, show, import,
> modify, delete). There's a bit more work to do on profile
> management and a lot more to do for using profiles and sub-CAs. I
> am tracking my progress on etherpad[2] so if you are reviewing check
> there for the TODO list and some commentary.
>
> If you want to test: for f21, please use Dogtag from my copr[2].
> For f22 the required version is in updates-testing (or my copr).
>
> In summary: this is not the whole feature, just the first functional
> part. Since it is my first experience developing in the IPA
> framework I want to get patches out so you can point out all the
> things I did wrong or overlooked, and I can fix them. Don't hold
> back :)
>
> [1] http://www.freeipa.org/page/V4/Certificate_Profiles
> [2] http://idm.etherpad.corp.redhat.com/rhel72-cert-mgmt-progress
> [3] http://copr.fedoraproject.org/coprs/ftweedal/freeipa/
>
>
Thank you for patches, I have no idea what kind of dogtag magic is
happening there, but I have a few comments related to IPA:
Upgrade:
1)
+ config.set("CA", "pki_profiles_in_ldap", "True")
IMO this will work only for new installations. For upgrade you may need
to add this to ipa-upgradeconfig
2)
+dn: cn=certprofiles,cn=etc,$SUFFIX
+changetype: add
+objectClass: nsContainer
+objectClass: top
+cn: certprofiles
IMO this will work only for new installations. For upgrade you may need
to add it into update file as well, with the 'default' keyword
3)
Your patch 0004 will work on new installations only. You may need to add
that new step into ipa-upgradeconfig.
Must be that step there during installation?
If not you can create just one update file, which will be applied at the
end of installation and during upgrade.
Other issues:
1)
I do not see modifications in API.txt file
2)
We use new shorter license header
#
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
#
3)
+from ipalib.plugins.baseldap import \
+ LDAPObject, LDAPSearch, LDAPCreate, LDAPDelete, LDAPUpdate,
LDAPRetrieve
please use 'import ( modules, .. )' instead of '\'
4)
+ if method == 'POST' \
+ and 'content-type' not in (str(k).lower() for k in
headers.viewkeys()):
again, please use if ( ... ): instead \
5)
+import ipalib.errors as errors
in dogtag.py
Can you use from ipalib import errors, instead?
6)
+ def __exit__(self, exc_type, exc_value, traceback):
+ """Log out of the REST API"""
+ # TODO logout
+ self.cookie = None
This is forgotten, or will be this fixed later?
7)
+ if not explanation: print resp_body # NOCOMMIT
Martin^2
--
Martin Basti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150504/67ddc0d8/attachment.htm>
More information about the Freeipa-devel
mailing list