On 02/06/2013 12:44 AM, Rob Crittenden wrote:
This adds a cert-find command for the dogtag backend.

Searches can be done by serial number, by subject, revocation reason,
issue date, notbefore, notafter and revocation dates.

I added some basic tests for this. I made it a separate test file
because the cert plugin tests do not use the declarative format and rely
on the selfsign backend by default.


Thanks! The code works well, but I found a few issues.

These tests don't work when the full test suite is run: test_cert adds and revokes additional certs that throw the code off. Perhaps have the tests only query valid certs? I don't see that option but I think it would be helpful to support.

The API.txt check fails:
Option sizelimit? of command cert_find in ipalib, not in API file:

Int('sizelimit?', default=100, minvalue=0)

What are --all and --raw for? Is the plan to implement --all if/when Dogtag supports requesting additional data?

The format of --validnotbefore-to and friends should be mentioned in --help text; the following is confusing:
$ ipa cert-show 1
  Not Before: Wed Feb 06 09:32:17 2013 UTC
$ ipa cert-find -h
                        Valid not before to this date
$ ipa cert-find --validnotbefore-to='Wed Feb 06 09:32:17 2013 UTC'
ipa: ERROR: invalid 'validnotbefore_to': time data u'Wed Feb 06 09:32:17 2013 UTC' does not match format '%Y-%m-%d'

Could you make the help text for --exactly more specific?

Please remove the extra whitespace at the end of dogtag.py

I'd welcome a link to the design page in the commit message.


Freeipa-devel mailing list

Reply via email to