[Freeipa-devel] [PATCH] 0101 Add ca-disable and ca-enable commands
Martin Babinsky
mbabinsk at redhat.com
Tue Aug 30 07:56:19 UTC 2016
On 08/25/2016 10:25 AM, Fraser Tweedale wrote:
> Hi team,
>
> The attached patch fixes
> https://fedorahosted.org/freeipa/ticket/6257.
>
> The behaviour of cert-request when the CA is disabled is not very
> nice (it reports a server error from Dogtag). The Dogtag REST
> interface gives much better errors so I plan to move to it in a
> later change (which will also address
> https://fedorahosted.org/freeipa/ticket/3473, in part).
>
> Thanks,
> Fraser
>
>
>
HI Fraser,
I have a couple of comments below:
1.)
@@ -25,6 +33,10 @@ EXAMPLES:
ipa ca-add puppet --desc "Puppet" \\
--subject "CN=Puppet CA,O=EXAMPLE.COM"
+ Disable a CA.
+
+ ipa ca-disable puppet
+
""")
You missed an example of `ca-enable` command in the doc string.
2.)
Regarding implementation of ca_enable/disable, I think you can reduce
the amount of code duplication by employing a base class which will look
up the required sub-CA and call the RA backend method required by the
subclass. See the attached untested diff (passes lint) for details.
--
Martin^3 Babinsky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: example.patch
Type: text/x-patch
Size: 2239 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160830/17b58cf6/attachment.bin>
More information about the Freeipa-devel
mailing list