On 02/06/2013 12:44 AM, Rob Crittenden wrote:
This adds a cert-find command for the dogtag backend.
Searches can be done by serial number, by subject, revocation reason,
issue date, notbefore, notafter and revocation dates.
I added some basic tests for this. I made it a separate test file
because the cert plugin tests do not use the declarative format and rely
on the selfsign backend by default.
Thanks! The code works well, but I found a few issues.
These tests don't work when the full test suite is run: test_cert adds
and revokes additional certs that throw the code off.
Perhaps have the tests only query valid certs? I don't see that option
but I think it would be helpful to support.
The API.txt check fails:
Option sizelimit? of command cert_find in ipalib, not in API file:
Int('sizelimit?', default=100, minvalue=0)
What are --all and --raw for? Is the plan to implement --all if/when
Dogtag supports requesting additional data?
The format of --validnotbefore-to and friends should be mentioned in
--help text; the following is confusing:
$ ipa cert-show 1
Not Before: Wed Feb 06 09:32:17 2013 UTC
$ ipa cert-find -h
Valid not before to this date
$ ipa cert-find --validnotbefore-to='Wed Feb 06 09:32:17 2013 UTC'
ipa: ERROR: invalid 'validnotbefore_to': time data u'Wed Feb 06 09:32:17
2013 UTC' does not match format '%Y-%m-%d'
Could you make the help text for --exactly more specific?
Please remove the extra whitespace at the end of dogtag.py
I'd welcome a link to the design page in the commit message.
Freeipa-devel mailing list