On Thu, Jul 02, 2015 at 08:12:12PM +1000, Fraser Tweedale wrote: > On Thu, Jul 02, 2015 at 11:23:49AM +0200, Jan Cholasta wrote: > > Hi, > > > > Dne 2.7.2015 v 11:15 Fraser Tweedale napsal(a): > > >Attached patches fix a couple of important gaps in certprofile > > >plugin: > > > > > >- Add --out option to export Dogtag profile data to file > > > https://fedorahosted.org/freeipa/ticket/5091 > > > > > >- Add --file option to update existing profile in Dogtag > > > https://fedorahosted.org/freeipa/ticket/5093 > > > > > > > Just a couple nitpicks: > > > > + takes_options = LDAPUpdate.takes_options + ( > > + File('file?', > > + label=_('File containing profile configuration'), > > + cli_name='file', > > + flags=('virtual_attribute',), > > + ), > > + ) > > > > 1) Don't set cli_name if it's the same as name. > > > > 2) The virtual_attribute flag is meaningless in Commands. > > > > 3) Add "include='cli'" to denote that the option is specific to CLI (applies > > to --out as well). > > > > Honza > > > > -- > > Jan Cholasta > > > Thanks, updated patches attached. Interdiff below. > > diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py > index 7323565..08a0d1c 100644 > --- a/ipalib/plugins/certprofile.py > +++ b/ipalib/plugins/certprofile.py > @@ -185,6 +185,7 @@ class certprofile_show(LDAPRetrieve): > takes_options = LDAPRetrieve.takes_options + ( > Str('out?', > doc=_('Write profile configuration to file'), > + include='cli', > ), > ) > > @@ -284,8 +285,7 @@ class certprofile_mod(LDAPUpdate): > takes_options = LDAPUpdate.takes_options + ( > File('file?', > label=_('File containing profile configuration'), > - cli_name='file', > - flags=('virtual_attribute',), > + include='cli', > ), > ) > NACK on patchset v2; does not work (even after makeapi, which I forgot to include in updated patchset). I keep getting error ``ipa: ERROR: Unknown option: file''. Need to investigate why, but other patches are taking priority right now.
Here is patchset v3, which is just v1 rebased on latest master. Thanks, Fraser
From 258f0cbea42b482871d360c33c252ad173c2b0e0 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Thu, 2 Jul 2015 03:31:31 -0400 Subject: [PATCH 24/25] certprofile: add option to export profile config Add the `--out=FILENAME' option to `certprofile-show'. When given, it exports the profile configuration from Dogtag and writes it to the named file. Fixes: https://fedorahosted.org/freeipa/ticket/5091 --- API.txt | 3 ++- VERSION | 4 ++-- ipalib/plugins/certprofile.py | 39 ++++++++++++++++++++++++++++++++++++--- ipaserver/plugins/dogtag.py | 8 ++++++++ 4 files changed, 48 insertions(+), 6 deletions(-) diff --git a/API.txt b/API.txt index e226712d3b8f8eda721a906927cd7fac01eac39f..22ae9bb88710366736ee915e6fe6f2f1c09f2449 100644 --- a/API.txt +++ b/API.txt @@ -747,9 +747,10 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: PrimaryKey('value', None, None) command: certprofile_show -args: 1,4,3 +args: 1,5,3 arg: Str('cn', attribute=True, cli_name='id', multivalue=False, primary_key=True, query=True, required=True) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Str('out?') option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Flag('rights', autofill=True, default=False) option: Str('version?', exclude='webui') diff --git a/VERSION b/VERSION index 266a04af1a61132637112611b7e86649ff818c2a..5827f05a4b6b07afb91bd193ff8d7bdecdcc5f9a 100644 --- a/VERSION +++ b/VERSION @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=137 -# Last change: mbabinsk: Commands to manage user/host/service certificates +IPA_API_VERSION_MINOR=138 +# Last change: ftweedal: add certprofile-show --out option diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py index 9e1e47e943f5c14a7e7ce418d3fc2d095331a38a..abb62434eee4cb87356da5568b8a1bb12b762f67 100644 --- a/ipalib/plugins/certprofile.py +++ b/ipalib/plugins/certprofile.py @@ -5,7 +5,7 @@ import re from ipalib import api, Bool, File, Str -from ipalib import output +from ipalib import output, util from ipalib.plugable import Registry from ipalib.plugins.virtual import VirtualCommand from ipalib.plugins.baseldap import ( @@ -175,9 +175,42 @@ class certprofile_find(LDAPSearch): class certprofile_show(LDAPRetrieve): __doc__ = _("Display the properties of a Certificate Profile.") - def execute(self, *args, **kwargs): + has_output_params = LDAPRetrieve.has_output_params + ( + Str('config', + label=_('Profile configuration'), + ), + ) + + takes_options = LDAPRetrieve.takes_options + ( + Str('out?', + doc=_('Write profile configuration to file'), + ), + ) + + def execute(self, *keys, **options): ca_enabled_check() - return super(certprofile_show, self).execute(*args, **kwargs) + result = super(certprofile_show, self).execute(*keys, **options) + + if 'out' in options: + with self.api.Backend.ra_certprofile as profile_api: + result['result']['config'] = profile_api.read_profile(keys[0]) + + return result + + def forward(self, *keys, **options): + if 'out' in options: + util.check_writable_file(options['out']) + + result = super(certprofile_show, self).forward(*keys, **options) + if 'out' in options and 'config' in result['result']: + with open(options['out'], 'w') as f: + f.write(result['result'].pop('config')) + result['summary'] = ( + _("Profile configuration stored in file '%(file)s'") + % dict(file=options['out']) + ) + + return result @register() diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 3dc8f5c93a85a8035921af9ec622c2bcbcc498e0..eb2a6ae8413362ae2a443c672f806ff97356448f 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -2081,6 +2081,14 @@ class ra_certprofile(RestClient): body=profile_data ) + def read_profile(self, profile_id): + """ + Read the profile configuration from Dogtag + """ + status, status_text, resp_headers, resp_body = self._ssldo( + 'GET', profile_id + '/raw') + return resp_body + def enable_profile(self, profile_id): """ Enable the profile in Dogtag -- 2.1.0
From 120f18b55ec3f348065b3e293b43dc69a960dff2 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Thu, 2 Jul 2015 04:09:31 -0400 Subject: [PATCH 25/25] certprofile: add ability to update profile config in Dogtag Add the `--file=FILENAME' option to `certprofile-mod' which, when given, will update the profile configuration in Dogtag to the contents of the file. Fixes: https://fedorahosted.org/freeipa/ticket/5093 --- API.txt | 3 ++- VERSION | 4 ++-- ipalib/plugins/certprofile.py | 33 ++++++++++++++++++++++++++++++--- ipaserver/plugins/dogtag.py | 12 ++++++++++++ 4 files changed, 46 insertions(+), 6 deletions(-) diff --git a/API.txt b/API.txt index 22ae9bb88710366736ee915e6fe6f2f1c09f2449..e03b8fb54f7ba128227f37179f5715de86dffdef 100644 --- a/API.txt +++ b/API.txt @@ -731,12 +731,13 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: PrimaryKey('value', None, None) command: certprofile_mod -args: 1,10,3 +args: 1,11,3 arg: Str('cn', attribute=True, cli_name='id', multivalue=False, primary_key=True, query=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Str('delattr*', cli_name='delattr', exclude='webui') option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False) +option: File('file?', cli_name='file') option: Bool('ipacertprofilestoreissued', attribute=True, autofill=False, cli_name='store', default=True, multivalue=False, required=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Str('rename', cli_name='rename', multivalue=False, primary_key=True, required=False) diff --git a/VERSION b/VERSION index 5827f05a4b6b07afb91bd193ff8d7bdecdcc5f9a..5956d3dbf629c61d485d84524960a3f298a9da11 100644 --- a/VERSION +++ b/VERSION @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=138 -# Last change: ftweedal: add certprofile-show --out option +IPA_API_VERSION_MINOR=139 +# Last change: ftweedal: add certprofile-mod --file option diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py index abb62434eee4cb87356da5568b8a1bb12b762f67..7323565da6783b5300333a5eb2dac6c8dd9f9da6 100644 --- a/ipalib/plugins/certprofile.py +++ b/ipalib/plugins/certprofile.py @@ -13,6 +13,7 @@ from ipalib.plugins.baseldap import ( LDAPDelete, LDAPUpdate, LDAPRetrieve) from ipalib import ngettext from ipalib.text import _ +from ipapython.version import API_VERSION from ipalib import errors @@ -245,7 +246,6 @@ class certprofile_import(LDAPCreate): def post_callback(self, ldap, dn, entry_attrs, *keys, **options): """Import the profile into Dogtag and enable it. - If the operation succeeds, update the LDAP entry to 'enabled'. If the operation fails, remove the LDAP entry. """ try: @@ -281,6 +281,33 @@ class certprofile_mod(LDAPUpdate): __doc__ = _("Modify Certificate Profile configuration.") msg_summary = _('Modified Certificate Profile "%(value)s"') - def execute(self, *args, **kwargs): + takes_options = LDAPUpdate.takes_options + ( + File('file?', + label=_('File containing profile configuration'), + cli_name='file', + flags=('virtual_attribute',), + ), + ) + + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): ca_enabled_check() - return super(certprofile_mod, self).execute(*args, **kwargs) + if 'file' in options: + with self.api.Backend.ra_certprofile as profile_api: + profile_api.disable_profile(keys[0]) + profile_api.update_profile(keys[0], options['file']) + profile_api.enable_profile(keys[0]) + + return dn + + def execute(self, *keys, **options): + try: + return super(certprofile_mod, self).execute(*keys, **options) + except errors.EmptyModlist: + if 'file' in options: + # The profile data in Dogtag was updated. + # Do not fail; return result of certprofile-show instead + return self.api.Command.certprofile_show(keys[0], + version=API_VERSION) + else: + # This case is actually an error; re-raise + raise diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index eb2a6ae8413362ae2a443c672f806ff97356448f..47279921a5428f388f84967b7bbe05d758e475bd 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -2089,6 +2089,18 @@ class ra_certprofile(RestClient): 'GET', profile_id + '/raw') return resp_body + def update_profile(self, profile_id, profile_data): + """ + Update the profile configuration in Dogtag + """ + self._ssldo('PUT', profile_id + '/raw', + headers={ + 'Content-type': 'application/xml', + 'Accept': 'application/json', + }, + body=profile_data + ) + def enable_profile(self, profile_id): """ Enable the profile in Dogtag -- 2.1.0
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
