[Freeipa-devel] [PATCH] 0086 Add --ca option to cert-status

Fraser Tweedale ftweedal at redhat.com
Fri Jul 1 04:47:36 UTC 2016 

On Fri, Jul 01, 2016 at 05:55:35AM +0200, Jan Cholasta wrote:
> On 29.6.2016 12:18, Jan Cholasta wrote:
> > On 29.6.2016 10:47, Fraser Tweedale wrote:
> > > On Wed, Jun 29, 2016 at 10:04:05AM +0200, Jan Cholasta wrote:
> > > > Hi,
> > > > 
> > > > On 29.6.2016 06:11, Fraser Tweedale wrote:
> > > > > Dear team,
> > > > > 
> > > > > The attached patch implements the --ca option for the rest of the
> > > > > cert-blah commands (https://fedorahosted.org/freeipa/ticket/5999).
> > > > 
> > > > 1) I don't think cert-status should be treated specially. The
> > > > operation to
> > > > check status of a certificate request is not specific to Dogtag.
> > > > 
> > > I'm happy to add the option, with the caveat that because (of top of
> > > head) there is not (yet) a way in Dogtag to distinguish/filter
> > > requests by target CA, value may go unused.
> > 
> > IMO that's OK, since it's a safe non-descructive operation.
> > 
> > > 
> > > > 
> > > > 2) cert-show is called twice in cert-revoke. Can we call it just once?
> > > > 
> > > I'll address this in next patchset.
> > 
> > OK.
> 
> ACK on the first version of the patch, since it's better than nothing. The
> ticket remains open, please fix the rest ASAP.
> 
> Added VERSION bump and pushed to master:
> ffb1f5b1f24f0de30529d50f8c8dfb9a896c149e
> 
> Honza
> 
New patch 0086 attached, adding the option to cert-status command.

(2) will be addressed later due to conflicts with other patches (or
maybe as part of those other patches).

Thanks,
Fraser
-------------- next part --------------
From b4d49da637035cdd8b4504b09b9790b3fc68c144 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal at redhat.com>
Date: Fri, 1 Jul 2016 14:42:37 +1000
Subject: [PATCH] Add --cn option to cert-status

Add the 'cacn' option to the cert-status command.  Right now there
is nothing we need to (or can) do with it, but we add it anyway for
future use.

Fixes: https://fedorahosted.org/freeipa/ticket/5999
---
 API.txt                   |  3 ++-
 VERSION                   |  4 ++--
 ipaserver/plugins/cert.py | 14 ++++++--------
 3 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/API.txt b/API.txt
index c01692e17dc1ed368c14e32ab7e3fc09bc4d1ffc..9f9456d2cefac9c31ff89f3812a862a80e7ad307 100644
--- a/API.txt
+++ b/API.txt
@@ -799,9 +799,10 @@ output: Entry('result')
 output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
 output: PrimaryKey('value')
 command: cert_status/1
-args: 1,3,3
+args: 1,4,3
 arg: Int('request_id')
 option: Flag('all', autofill=True, cli_name='all', default=False)
+option: Str('cacn?', autofill=True, cli_name='ca', default=u'ipa')
 option: Flag('raw', autofill=True, cli_name='raw', default=False)
 option: Str('version?')
 output: Entry('result')
diff --git a/VERSION b/VERSION
index 23ceecc98e6ecf9adc21016508ba9feaa1454e6f..212b7d740a12a313395faf3bcdefaf09c41651f9 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=205
-# Last change: Add --ca option to cert-revoke and cert-remove-hold
+IPA_API_VERSION_MINOR=206
+# Last change: Add --ca option to cert-status
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index 817bdc26f1d8b53a323802079d19e367404528bd..70add0bb38a08ec030969dce6369cde85a33a5fb 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -638,17 +638,15 @@ class cert_status(Retrieve, BaseCertMethod, VirtualCommand):
 
     operation = "certificate status"
 
-    def get_options(self):
-        for option in super(cert_status, self).get_options():
-            if option.name == 'cacn':
-                # Dogtag requests are uniquely identified by their
-                # number; there is no need to distinguish by CA.
-                continue
-            yield option
-
     def execute(self, request_id, **kw):
         ca_enabled_check()
         self.check_access()
+
+        # Dogtag requests are uniquely identified by their number;
+        # furthermore, Dogtag (as at v10.3.4) does not report the
+        # target CA in request data, so we cannot check.  So for
+        # now, there is nothing we can do with the 'cacn' option.
+
         return dict(
             result=self.Backend.ra.check_request_status(str(request_id)),
             value=pkey_to_value(request_id, kw),
-- 
2.5.5

More information about the Freeipa-devel mailing list