[Freeipa-devel] [freeipa PR#948][opened] Test script for ipa-custodia

Tue, 01 Aug 2017 02:38:02 -0700 

   URL: https://github.com/freeipa/freeipa/pull/948
Author: tiran
 Title: #948: Test script for ipa-custodia
Action: opened

PR body:
"""
You may find my test script for ipa-custodia useful for testing and debugging 
issues like https://bugzilla.redhat.com/show_bug.cgi?id=1476150

Signed-off-by: Christian Heimes <chei...@redhat.com>
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/948/head:pr948
git checkout pr948

From d29a69a9d3c0f7d2e81a1c5931a4bfaa72073fd9 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Tue, 1 Aug 2017 11:33:32 +0200
Subject: [PATCH] Test script for ipa-custodia

Signed-off-by: Christian Heimes <chei...@redhat.com>
---
 contrib/ipa-custodia-tester | 50 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100755 contrib/ipa-custodia-tester

diff --git a/contrib/ipa-custodia-tester b/contrib/ipa-custodia-tester
new file mode 100755
index 0000000000..b44679dd65
--- /dev/null
+++ b/contrib/ipa-custodia-tester
@@ -0,0 +1,50 @@
+#!/usr/bin/env python3
+"""Test client for ipa-custodia
+
+The test script is expected to be executed on an IPA server with existing
+Custodia server keys.
+"""
+from __future__ import print_function
+import argparse
+import os
+
+from ipalib import api
+from ipaplatform.paths import paths
+from ipaserver.secrets.client import CustodiaClient
+
+KEYS = [
+    'dm/DMHash', 'ra/ipaCert', 'ca/caSigningCert cert-pki-ca',
+    'ca/ocspSigningCert cert-pki-ca', 'ca/auditSigningCert cert-pki-ca',
+    'ca/subsystemCert cert-pki-ca',
+]
+
+
+def main():
+    parser = argparse.ArgumentParser("IPA Custodia test")
+    parser.add_argument(
+        "--print", action='store_false', dest='store',
+        help="Print secret instead of storing it."
+    )
+    parser.add_argument("server")
+    parser.add_argument('keys', nargs='*', default=KEYS)
+    args = parser.parse_args()
+
+    api.bootstrap()  # bootstrap to initialize api.env
+
+    client = CustodiaClient(
+        server=args.server,
+        client_service='host@{}'.format(api.env.host),
+        keyfile=os.path.join(paths.IPA_CUSTODIA_CONF_DIR, 'server.keys'),
+        keytab=paths.KRB5_KEYTAB,
+        realm=api.env.realm,
+    )
+    for key in args.keys:
+        result = client.fetch_key(key, store=args.store)
+        if args.store:
+            print(key)
+        else:
+            print(key, result)
+
+
+if __name__ == '__main__':
+    main()

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to