URL: https://github.com/freeipa/freeipa/pull/948 Author: tiran Title: #948: Test script for ipa-custodia Action: opened
PR body: """ You may find my test script for ipa-custodia useful for testing and debugging issues like https://bugzilla.redhat.com/show_bug.cgi?id=1476150 Signed-off-by: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/948/head:pr948 git checkout pr948
From d29a69a9d3c0f7d2e81a1c5931a4bfaa72073fd9 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Tue, 1 Aug 2017 11:33:32 +0200 Subject: [PATCH] Test script for ipa-custodia Signed-off-by: Christian Heimes <chei...@redhat.com> --- contrib/ipa-custodia-tester | 50 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100755 contrib/ipa-custodia-tester diff --git a/contrib/ipa-custodia-tester b/contrib/ipa-custodia-tester new file mode 100755 index 0000000000..b44679dd65 --- /dev/null +++ b/contrib/ipa-custodia-tester @@ -0,0 +1,50 @@ +#!/usr/bin/env python3 +"""Test client for ipa-custodia + +The test script is expected to be executed on an IPA server with existing +Custodia server keys. +""" +from __future__ import print_function +import argparse +import os + +from ipalib import api +from ipaplatform.paths import paths +from ipaserver.secrets.client import CustodiaClient + +KEYS = [ + 'dm/DMHash', 'ra/ipaCert', 'ca/caSigningCert cert-pki-ca', + 'ca/ocspSigningCert cert-pki-ca', 'ca/auditSigningCert cert-pki-ca', + 'ca/subsystemCert cert-pki-ca', +] + + +def main(): + parser = argparse.ArgumentParser("IPA Custodia test") + parser.add_argument( + "--print", action='store_false', dest='store', + help="Print secret instead of storing it." + ) + parser.add_argument("server") + parser.add_argument('keys', nargs='*', default=KEYS) + args = parser.parse_args() + + api.bootstrap() # bootstrap to initialize api.env + + client = CustodiaClient( + server=args.server, + client_service='host@{}'.format(api.env.host), + keyfile=os.path.join(paths.IPA_CUSTODIA_CONF_DIR, 'server.keys'), + keytab=paths.KRB5_KEYTAB, + realm=api.env.realm, + ) + for key in args.keys: + result = client.fetch_key(key, store=args.store) + if args.store: + print(key) + else: + print(key, result) + + +if __name__ == '__main__': + main()
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org