On 09/06/2016 04:49 PM, Fraser Tweedale wrote:
On Tue, Aug 30, 2016 at 10:23:10AM +0200, Martin Babinsky wrote:
On 08/30/2016 10:09 AM, Jan Cholasta wrote:
On 30.8.2016 09:56, Martin Babinsky wrote:
On 08/25/2016 10:25 AM, Fraser Tweedale wrote:
The attached patch fixes
The behaviour of cert-request when the CA is disabled is not very
nice (it reports a server error from Dogtag). The Dogtag REST
interface gives much better errors so I plan to move to it in a
later change (which will also address
https://fedorahosted.org/freeipa/ticket/3473, in part).
I have a couple of comments below:
@@ -25,6 +33,10 @@ EXAMPLES:
ipa ca-add puppet --desc "Puppet" \\
--subject "CN=Puppet CA,O=EXAMPLE.COM"
+ Disable a CA.
+ ipa ca-disable puppet
You missed an example of `ca-enable` command in the doc string.
Regarding implementation of ca_enable/disable, I think you can reduce
the amount of code duplication by employing a base class which will look
up the required sub-CA and call the RA backend method required by the
subclass. See the attached untested diff (passes lint) for details.
Looks like I forgot how to OOP while on PTO :) Honza is right, of course,
see the example code in the attached diff (again not tested, just a quick
Updated patch attached, implemented inheritance suggestion and
expanding plugin help.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code