On 02/06/2013 12:44 AM, Rob Crittenden wrote:
This adds a cert-find command for the dogtag backend.

Searches can be done by serial number, by subject, revocation reason,
issue date, notbefore, notafter and revocation dates.

I added some basic tests for this. I made it a separate test file
because the cert plugin tests do not use the declarative format and rely
on the selfsign backend by default.

rob

Thanks! The code works well, but I found a few issues.


These tests don't work when the full test suite is run: test_cert adds and revokes additional certs that throw the code off. Perhaps have the tests only query valid certs? I don't see that option but I think it would be helpful to support.


The API.txt check fails:
Option sizelimit? of command cert_find in ipalib, not in API file:


Int('sizelimit?', default=100, minvalue=0)




What are --all and --raw for? Is the plan to implement --all if/when Dogtag supports requesting additional data?


The format of --validnotbefore-to and friends should be mentioned in --help text; the following is confusing:
$ ipa cert-show 1
[...]
  Not Before: Wed Feb 06 09:32:17 2013 UTC
[...]
$ ipa cert-find -h
[...]
  --validnotbefore-to=STR
                        Valid not before to this date
[...]
$ ipa cert-find --validnotbefore-to='Wed Feb 06 09:32:17 2013 UTC'
ipa: ERROR: invalid 'validnotbefore_to': time data u'Wed Feb 06 09:32:17 2013 UTC' does not match format '%Y-%m-%d'

Could you make the help text for --exactly more specific?


Please remove the extra whitespace at the end of dogtag.py

I'd welcome a link to the design page in the commit message.

--
Petr³

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to