Re: [Freeipa-devel] [PATCH] 0014

Fri, 02 Sep 2016 00:07:18 -0700 

On 09/02/2016 08:08 AM, Jan Cholasta wrote:

On 1.9.2016 19:37, Tomas Krizek wrote:

On 09/01/2016 03:58 PM, Florence Blanc-Renaud wrote:

Hi,

please find attached a patch for ipa-certupdate in CA-less deployment.
https://fedorahosted.org/freeipa/ticket/6288

Flo.




The patch is malformed, but you can simply delete the very first
character to fix it.

Other than that, patch works as expected -> ACK.


Nitpick: please avoid C-isms such as "if (ca_enabled):".


Hi all,
thanks for the review. Please find an updated patch version. Quite difficult to get rid of typing habits... 

Flo


From 55a39c48cb52265a1c3192d721be43f514366eec Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <f...@redhat.com>
Date: Thu, 1 Sep 2016 15:53:38 +0200
Subject: [PATCH] Fix ipa-certupdate for CA-less installation

In a CA-less installation, ipa-certupdate fails with the error message:
  $ ipa-certupdate
  trying https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json
  Forwarding 'ca_is_enabled' to json server 'https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json'
  Forwarding 'ca_find/1' to json server 'https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json'
  CA is not configured
  The ipa-certupdate command failed.

The issue happens because ipa-certupdate tries to call ca_find even on a
CA_less deployment. The fix skips the call to ca_find in this case.

https://fedorahosted.org/freeipa/ticket/6288
---
 ipaclient/ipa_certupdate.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ipaclient/ipa_certupdate.py b/ipaclient/ipa_certupdate.py
index e59047a2705eb8ccb98b5213c4c8771f55a29bc5..f340f32bcdca5f5d98177f7aa9af366b67d8dd80 100644
--- a/ipaclient/ipa_certupdate.py
+++ b/ipaclient/ipa_certupdate.py
@@ -87,9 +87,10 @@ class CertUpdate(admintool.AdminTool):
 
             # find lightweight CAs (on renewal master only)
             lwcas = []
-            for ca_obj in api.Command.ca_find()['result']:
-                if IPA_CA_CN not in ca_obj['cn']:
-                    lwcas.append(ca_obj)
+            if ca_enabled:
+                for ca_obj in api.Command.ca_find()['result']:
+                    if IPA_CA_CN not in ca_obj['cn']:
+                        lwcas.append(ca_obj)
 
             api.Backend.rpcclient.disconnect()
         finally:
-- 
2.7.4


-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to