On 1.7.2016 06:54, Jan Cholasta wrote:
On 1.7.2016 06:47, Fraser Tweedale wrote:
On Fri, Jul 01, 2016 at 05:55:35AM +0200, Jan Cholasta wrote:
On 29.6.2016 12:18, Jan Cholasta wrote:
On 29.6.2016 10:47, Fraser Tweedale wrote:
On Wed, Jun 29, 2016 at 10:04:05AM +0200, Jan Cholasta wrote:
Hi,

On 29.6.2016 06:11, Fraser Tweedale wrote:
Dear team,

The attached patch implements the --ca option for the rest of the
cert-blah commands (https://fedorahosted.org/freeipa/ticket/5999).

1) I don't think cert-status should be treated specially. The
operation to
check status of a certificate request is not specific to Dogtag.

I'm happy to add the option, with the caveat that because (of top of
head) there is not (yet) a way in Dogtag to distinguish/filter
requests by target CA, value may go unused.

IMO that's OK, since it's a safe non-descructive operation.



2) cert-show is called twice in cert-revoke. Can we call it just
once?

I'll address this in next patchset.

OK.

ACK on the first version of the patch, since it's better than
nothing. The
ticket remains open, please fix the rest ASAP.

Added VERSION bump and pushed to master:
ffb1f5b1f24f0de30529d50f8c8dfb9a896c149e

Honza

New patch 0086 attached, adding the option to cert-status command.

Thanks. We could at least check if the specified CA exists, couldn't we?

To speed things up, I have updated your patch with this, see the attachment.

If the change looks good to you, we can push the patch.



(2) will be addressed later due to conflicts with other patches (or
maybe as part of those other patches).

OK.


Thanks,
Fraser





--
Jan Cholasta
From 7352084f62c1aba097e6a3a34c4835861cc27d6c Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Fri, 1 Jul 2016 14:42:37 +1000
Subject: [PATCH] Add --cn option to cert-status

Add the 'cacn' option to the cert-status command.  Right now there
is nothing we need to (or can) do with it, but we add it anyway for
future use.

Fixes: https://fedorahosted.org/freeipa/ticket/5999
---
 API.txt                   |  3 ++-
 VERSION                   |  4 ++--
 ipaserver/plugins/cert.py | 16 ++++++++--------
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/API.txt b/API.txt
index c01692e..9f9456d 100644
--- a/API.txt
+++ b/API.txt
@@ -799,9 +799,10 @@ output: Entry('result')
 output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
 output: PrimaryKey('value')
 command: cert_status/1
-args: 1,3,3
+args: 1,4,3
 arg: Int('request_id')
 option: Flag('all', autofill=True, cli_name='all', default=False)
+option: Str('cacn?', autofill=True, cli_name='ca', default=u'ipa')
 option: Flag('raw', autofill=True, cli_name='raw', default=False)
 option: Str('version?')
 output: Entry('result')
diff --git a/VERSION b/VERSION
index 23ceecc..212b7d7 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=205
-# Last change: Add --ca option to cert-revoke and cert-remove-hold
+IPA_API_VERSION_MINOR=206
+# Last change: Add --ca option to cert-status
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index 817bdc2..86db6ce 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -638,17 +638,17 @@ class cert_status(Retrieve, BaseCertMethod, VirtualCommand):
 
     operation = "certificate status"
 
-    def get_options(self):
-        for option in super(cert_status, self).get_options():
-            if option.name == 'cacn':
-                # Dogtag requests are uniquely identified by their
-                # number; there is no need to distinguish by CA.
-                continue
-            yield option
-
     def execute(self, request_id, **kw):
         ca_enabled_check()
         self.check_access()
+
+        # Dogtag requests are uniquely identified by their number;
+        # furthermore, Dogtag (as at v10.3.4) does not report the
+        # target CA in request data, so we cannot check.  So for
+        # now, there is nothing we can do with the 'cacn' option
+        # but check if the specified CA exists.
+        self.api.Command.ca_show(kw['cacn'])
+
         return dict(
             result=self.Backend.ra.check_request_status(str(request_id)),
             value=pkey_to_value(request_id, kw),
-- 
2.7.4

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to