[Freeipa-devel] [PATCH] 0024..0025 Add missing certprofile features
Fraser Tweedale
ftweedal at redhat.com
Thu Jul 2 09:15:46 UTC 2015
Attached patches fix a couple of important gaps in certprofile
plugin:
- Add --out option to export Dogtag profile data to file
https://fedorahosted.org/freeipa/ticket/5091
- Add --file option to update existing profile in Dogtag
https://fedorahosted.org/freeipa/ticket/5093
Thanks,
Fraser
-------------- next part --------------
From 095331fdc2f41ea544c4ab0b1247b7c1d1969393 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal at redhat.com>
Date: Thu, 2 Jul 2015 03:31:31 -0400
Subject: [PATCH 24/25] certprofile: add option to export profile config
Add the `--out=FILENAME' option to `certprofile-show'. When given,
it exports the profile configuration from Dogtag and writes it to
the named file.
Fixes: https://fedorahosted.org/freeipa/ticket/5091
---
API.txt | 3 ++-
VERSION | 4 ++--
ipalib/plugins/certprofile.py | 39 ++++++++++++++++++++++++++++++++++++---
ipaserver/plugins/dogtag.py | 8 ++++++++
4 files changed, 48 insertions(+), 6 deletions(-)
diff --git a/API.txt b/API.txt
index bccebe55da8a785cbb6ca782904d7523c4a9322f..13977ac74fe1831ebb86c7fb9fd97910e0dde238 100644
--- a/API.txt
+++ b/API.txt
@@ -747,9 +747,10 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: PrimaryKey('value', None, None)
command: certprofile_show
-args: 1,4,3
+args: 1,5,3
arg: Str('cn', attribute=True, cli_name='id', multivalue=False, primary_key=True, query=True, required=True)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('out?')
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Flag('rights', autofill=True, default=False)
option: Str('version?', exclude='webui')
diff --git a/VERSION b/VERSION
index 2f884ff73afad57f35f06ce279add5c078073353..1cadaf4057f2a2d1b882b2df5e84687d6dc989a3 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=136
-# Last change: pvoborni: add topologysuffix-verify command
+IPA_API_VERSION_MINOR=137
+# Last change: ftweedal: add certprofile-show --out option
diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py
index 9e1e47e943f5c14a7e7ce418d3fc2d095331a38a..abb62434eee4cb87356da5568b8a1bb12b762f67 100644
--- a/ipalib/plugins/certprofile.py
+++ b/ipalib/plugins/certprofile.py
@@ -5,7 +5,7 @@
import re
from ipalib import api, Bool, File, Str
-from ipalib import output
+from ipalib import output, util
from ipalib.plugable import Registry
from ipalib.plugins.virtual import VirtualCommand
from ipalib.plugins.baseldap import (
@@ -175,9 +175,42 @@ class certprofile_find(LDAPSearch):
class certprofile_show(LDAPRetrieve):
__doc__ = _("Display the properties of a Certificate Profile.")
- def execute(self, *args, **kwargs):
+ has_output_params = LDAPRetrieve.has_output_params + (
+ Str('config',
+ label=_('Profile configuration'),
+ ),
+ )
+
+ takes_options = LDAPRetrieve.takes_options + (
+ Str('out?',
+ doc=_('Write profile configuration to file'),
+ ),
+ )
+
+ def execute(self, *keys, **options):
ca_enabled_check()
- return super(certprofile_show, self).execute(*args, **kwargs)
+ result = super(certprofile_show, self).execute(*keys, **options)
+
+ if 'out' in options:
+ with self.api.Backend.ra_certprofile as profile_api:
+ result['result']['config'] = profile_api.read_profile(keys[0])
+
+ return result
+
+ def forward(self, *keys, **options):
+ if 'out' in options:
+ util.check_writable_file(options['out'])
+
+ result = super(certprofile_show, self).forward(*keys, **options)
+ if 'out' in options and 'config' in result['result']:
+ with open(options['out'], 'w') as f:
+ f.write(result['result'].pop('config'))
+ result['summary'] = (
+ _("Profile configuration stored in file '%(file)s'")
+ % dict(file=options['out'])
+ )
+
+ return result
@register()
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index 3dc8f5c93a85a8035921af9ec622c2bcbcc498e0..eb2a6ae8413362ae2a443c672f806ff97356448f 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -2081,6 +2081,14 @@ class ra_certprofile(RestClient):
body=profile_data
)
+ def read_profile(self, profile_id):
+ """
+ Read the profile configuration from Dogtag
+ """
+ status, status_text, resp_headers, resp_body = self._ssldo(
+ 'GET', profile_id + '/raw')
+ return resp_body
+
def enable_profile(self, profile_id):
"""
Enable the profile in Dogtag
--
2.1.0
-------------- next part --------------
From 5a3a5177aea18c490637d74dfab41947501399f1 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal at redhat.com>
Date: Thu, 2 Jul 2015 04:09:31 -0400
Subject: [PATCH 25/25] certprofile: add ability to update profile config in
Dogtag
Add the `--file=FILENAME' option to `certprofile-mod' which, when
given, will update the profile configuration in Dogtag to the
contents of the file.
Fixes: https://fedorahosted.org/freeipa/ticket/5093
---
API.txt | 3 ++-
VERSION | 4 ++--
ipalib/plugins/certprofile.py | 33 ++++++++++++++++++++++++++++++---
ipaserver/plugins/dogtag.py | 12 ++++++++++++
4 files changed, 46 insertions(+), 6 deletions(-)
diff --git a/API.txt b/API.txt
index 13977ac74fe1831ebb86c7fb9fd97910e0dde238..5c2c8e43cc158373f0b0f11be7652b891a435836 100644
--- a/API.txt
+++ b/API.txt
@@ -731,12 +731,13 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: PrimaryKey('value', None, None)
command: certprofile_mod
-args: 1,10,3
+args: 1,11,3
arg: Str('cn', attribute=True, cli_name='id', multivalue=False, primary_key=True, query=True, required=True)
option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('delattr*', cli_name='delattr', exclude='webui')
option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False)
+option: File('file?', cli_name='file')
option: Bool('ipacertprofilestoreissued', attribute=True, autofill=False, cli_name='store', default=True, multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Str('rename', cli_name='rename', multivalue=False, primary_key=True, required=False)
diff --git a/VERSION b/VERSION
index 1cadaf4057f2a2d1b882b2df5e84687d6dc989a3..086c3a892ea1ceec56d9e6f427f9c48ec30e9571 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=137
-# Last change: ftweedal: add certprofile-show --out option
+IPA_API_VERSION_MINOR=138
+# Last change: ftweedal: add certprofile-mod --file option
diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py
index abb62434eee4cb87356da5568b8a1bb12b762f67..7323565da6783b5300333a5eb2dac6c8dd9f9da6 100644
--- a/ipalib/plugins/certprofile.py
+++ b/ipalib/plugins/certprofile.py
@@ -13,6 +13,7 @@ from ipalib.plugins.baseldap import (
LDAPDelete, LDAPUpdate, LDAPRetrieve)
from ipalib import ngettext
from ipalib.text import _
+from ipapython.version import API_VERSION
from ipalib import errors
@@ -245,7 +246,6 @@ class certprofile_import(LDAPCreate):
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
"""Import the profile into Dogtag and enable it.
- If the operation succeeds, update the LDAP entry to 'enabled'.
If the operation fails, remove the LDAP entry.
"""
try:
@@ -281,6 +281,33 @@ class certprofile_mod(LDAPUpdate):
__doc__ = _("Modify Certificate Profile configuration.")
msg_summary = _('Modified Certificate Profile "%(value)s"')
- def execute(self, *args, **kwargs):
+ takes_options = LDAPUpdate.takes_options + (
+ File('file?',
+ label=_('File containing profile configuration'),
+ cli_name='file',
+ flags=('virtual_attribute',),
+ ),
+ )
+
+ def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
ca_enabled_check()
- return super(certprofile_mod, self).execute(*args, **kwargs)
+ if 'file' in options:
+ with self.api.Backend.ra_certprofile as profile_api:
+ profile_api.disable_profile(keys[0])
+ profile_api.update_profile(keys[0], options['file'])
+ profile_api.enable_profile(keys[0])
+
+ return dn
+
+ def execute(self, *keys, **options):
+ try:
+ return super(certprofile_mod, self).execute(*keys, **options)
+ except errors.EmptyModlist:
+ if 'file' in options:
+ # The profile data in Dogtag was updated.
+ # Do not fail; return result of certprofile-show instead
+ return self.api.Command.certprofile_show(keys[0],
+ version=API_VERSION)
+ else:
+ # This case is actually an error; re-raise
+ raise
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index eb2a6ae8413362ae2a443c672f806ff97356448f..47279921a5428f388f84967b7bbe05d758e475bd 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -2089,6 +2089,18 @@ class ra_certprofile(RestClient):
'GET', profile_id + '/raw')
return resp_body
+ def update_profile(self, profile_id, profile_data):
+ """
+ Update the profile configuration in Dogtag
+ """
+ self._ssldo('PUT', profile_id + '/raw',
+ headers={
+ 'Content-type': 'application/xml',
+ 'Accept': 'application/json',
+ },
+ body=profile_data
+ )
+
def enable_profile(self, profile_id):
"""
Enable the profile in Dogtag
--
2.1.0
More information about the Freeipa-devel
mailing list