[Pki-devel] [PATCH 0010] Added instance and subsystem validation for pki-server subsystem-* commands.
Hi All,
Please review the patch.
Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295
--
Thanks,
Abhijeet Kasurde
IRC: akasurde
http://akasurde.github.io
From 4660a338745020cf773e8e22d6da3552cb014cc2 Mon Sep 17 00:00:00 2001
From: Abhijeet Kasurde <akasu...@redhat.com>
Date: Sat, 2 Jul 2016 11:03:53 +0530
Subject: [PATCH] Added instance and subsystem validation for pki-server
subsystem-* commands.
The pki-server subsystem-* commands have been updated to validate
the instance and subsystem before proceeding with the operation.
Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295
Signed-off-by: Abhijeet Kasurde <akasu...@redhat.com>
---
base/server/python/pki/server/cli/subsystem.py | 66 +-
1 file changed, 53 insertions(+), 13 deletions(-)
diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py
index 49215cf46a56ac984bdd5b8ad54e618a7b04393e..a44243a6788fc21d705055ec6bf4f1bc9e372475 100644
--- a/base/server/python/pki/server/cli/subsystem.py
+++ b/base/server/python/pki/server/cli/subsystem.py
@@ -177,6 +177,10 @@ class SubsystemShowCLI(pki.cli.CLI):
instance.load()
subsystem = instance.get_subsystem(subsystem_name)
+if not subsystem:
+print('ERROR: No %s subsystem in instance '
+ '%s.' % (subsystem_name, instance_name))
+sys.exit(1)
SubsystemCLI.print_subsystem(subsystem)
@@ -240,9 +244,17 @@ class SubsystemEnableCLI(pki.cli.CLI):
instance.load()
subsystem = instance.get_subsystem(subsystem_name)
-subsystem.enable()
+if not subsystem:
+print('ERROR: No %s subsystem in instance '
+ '%s.' % (subsystem_name, instance_name))
+sys.exit(1)
-self.print_message('Enabled "%s" subsystem' % subsystem_name)
+if subsystem.is_enabled():
+self.print_message('Subsystem "%s" is already '
+ 'enabled' % subsystem_name)
+else:
+subsystem.enable()
+self.print_message('Enabled "%s" subsystem' % subsystem_name)
SubsystemCLI.print_subsystem(subsystem)
@@ -308,9 +320,17 @@ class SubsystemDisableCLI(pki.cli.CLI):
instance.load()
subsystem = instance.get_subsystem(subsystem_name)
-subsystem.disable()
+if not subsystem:
+print('ERROR: No %s subsystem in instance '
+ '%s.' % (subsystem_name, instance_name))
+sys.exit(1)
-self.print_message('Disabled "%s" subsystem' % subsystem_name)
+if not subsystem.is_enabled():
+self.print_message('Subsystem "%s" is already '
+ 'disabled' % subsystem_name)
+else:
+subsystem.disable()
+self.print_message('Disabled "%s" subsystem' % subsystem_name)
SubsystemCLI.print_subsystem(subsystem)
@@ -403,6 +423,10 @@ class SubsystemCertFindCLI(pki.cli.CLI):
instance.load()
subsystem = instance.get_subsystem(subsystem_name)
+if not subsystem:
+print('ERROR: No %s subsystem in instance '
+ '%s.' % (subsystem_name, instance_name))
+sys.exit(1)
results = subsystem.find_system_certs()
self.print_message('%s entries matched' % len(results))
@@ -436,7 +460,7 @@ class SubsystemCertShowCLI(pki.cli.CLI):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
-'instance=', 'show-all',
+'instance=', 'show-all',
'verbose', 'help'])
except getopt.GetoptError as e:
@@ -471,7 +495,6 @@ class SubsystemCertShowCLI(pki.cli.CLI):
self.usage()
sys.exit(1)
-
if len(args) < 2:
print('ERROR: missing cert ID')
self.usage()
@@ -489,6 +512,10 @@ class SubsystemCertShowCLI(pki.cli.CLI):
instance.load()
subsystem = instance.get_subsystem(subsystem_name)
+if not subsystem:
+print('ERROR: No %s subsystem in instance '
+ '%s.' % (subsystem_name, instance_name))
+sys.exit(1)
cert = subsystem.get_subsystem_cert(cert_id)
SubsystemCertCLI.print_subsystem_cert(cert, show_all)
@@ -611,6 +638,10 @@ class SubsystemCertExportCLI(pki.cli.CLI):
instance.load()
subsystem = instance.get_subsystem(subsystem_name)
+if not subsystem:
+print('ERROR: No %s subsystem in instance '
+ '%s.' % (subsystem_name, instance_name))
+sys.exit(1)
subsystem_cert = None
if len(args) >= 2:
@@ -732,6 +763,10 @@ class SubsystemCertUpdateCLI(pki.cli.CLI):
instance.load()
subsystem = instance.get_subsystem(subsyst
[Pki-devel] [PATCH 0009] More misc. fixes for pki-server commands
Hi All,
Please find the patch for review.
Partially fixes : https://bugzilla.redhat.com/show_bug.cgi?id=1351295
--
Thanks,
Abhijeet Kasurde
IRC: akasurde
http://akasurde.github.io
From e26d2115863d394c16bd5d1d4f53bc5cc8d4a4f4 Mon Sep 17 00:00:00 2001
From: Abhijeet Kasurde <akasu...@redhat.com>
Date: Fri, 1 Jul 2016 15:08:09 +0530
Subject: [PATCH] Updated notification message for DB subsystem command
Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295
Signed-off-by: Abhijeet Kasurde <akasu...@redhat.com>
---
base/server/python/pki/server/cli/db.py | 20 +++-
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/base/server/python/pki/server/cli/db.py b/base/server/python/pki/server/cli/db.py
index 6555e4078af1a1e85c5e972a0247115ebd52e6f1..4ed885053f2e994ab0fb08c41a079b0d7faf23e2 100644
--- a/base/server/python/pki/server/cli/db.py
+++ b/base/server/python/pki/server/cli/db.py
@@ -25,6 +25,7 @@ import ldap
import nss.nss as nss
import subprocess
import sys
+import getpass
import pki.cli
@@ -94,24 +95,30 @@ class DBSchemaUpgrade(pki.cli.CLI):
self.usage()
sys.exit(1)
+if not bind_password:
+bind_password = getpass.getpass(prompt='Enter password : ')
+
instance = pki.server.PKIInstance(instance_name)
if not instance.is_valid():
-print("ERROR: Instance name '%s' not found" % instance)
+print("ERROR: Instance name '%s' not found" % instance_name)
sys.exit(1)
instance.load()
+subsystem = instance.subsystems[0]
+if not subsystem:
+print("ERROR: No subsystem found.")
+sys.exit(1)
+
try:
-self.update_schema(instance, bind_dn, bind_password)
-
+self.update_schema(subsystem, bind_dn, bind_password)
except subprocess.CalledProcessError as e:
print("ERROR: " + e.output)
sys.exit(e.returncode)
self.print_message('Upgrade complete')
-def update_schema(self, instance, bind_dn, bind_password):
+def update_schema(self, subsystem, bind_dn, bind_password):
# TODO(alee) re-implement this using open_database
-subsystem = instance.subsystems[0]
host = subsystem.config['internaldb.ldapconn.host']
port = subsystem.config['internaldb.ldapconn.port']
secure = subsystem.config['internaldb.ldapconn.secureConn']
@@ -174,6 +181,9 @@ class DBUpgrade(pki.cli.CLI):
nss.nss_init_nodb()
instance = pki.server.PKIInstance(instance_name)
+if not instance.is_valid():
+print("ERROR: Instance name '%s' not found" % instance_name)
+sys.exit(1)
instance.load()
subsystem = instance.get_subsystem('ca')
--
2.7.4
___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
Re: [Pki-devel] [PATCH 0005-0008] Misc. fixes for pki-server commands
Hi All,
Please find the updated PATCH 0005.
On 07/01/2016 11:02 AM, Abhijeet Kasurde wrote:
Hi All,
Please review these patches.
Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295
--
Thanks,
Abhijeet Kasurde
IRC: akasurde
http://akasurde.github.io
___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
--
Thanks,
Abhijeet Kasurde
IRC: akasurde
http://akasurde.github.io
From 8b36e0a63c2c960e4fc399e1d611ad8774501a09 Mon Sep 17 00:00:00 2001
From: Abhijeet Kasurde <akasu...@redhat.com>
Date: Fri, 1 Jul 2016 10:05:05 +0530
Subject: [PATCH 5/5] Updated notification message for kra-db-vlv* command
Partially Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295
Signed-off-by: Abhijeet Kasurde <akasu...@redhat.com>
---
base/server/python/pki/server/cli/kra.py | 32 ++--
1 file changed, 18 insertions(+), 14 deletions(-)
diff --git a/base/server/python/pki/server/cli/kra.py b/base/server/python/pki/server/cli/kra.py
index 17611a82b0e6c5eff910c2b4556e783da348d32f..10e2eb4bcb500d4486633190119e113997d09877 100644
--- a/base/server/python/pki/server/cli/kra.py
+++ b/base/server/python/pki/server/cli/kra.py
@@ -361,14 +361,15 @@ class KRADBVLVAddCLI(pki.cli.CLI):
print('ERROR: Invalid instance %s.' % instance_name)
sys.exit(1)
instance.load()
-self.add_vlv(instance, bind_dn, bind_password)
-def add_vlv(self, instance, bind_dn, bind_password):
subsystem = instance.get_subsystem('kra')
if not subsystem:
-print('No KRA subsystem available.')
-return
+print('ERROR: No KRA subsystem in instance %s.' % instance_name)
+sys.exit(1)
+self.add_vlv(subsystem, bind_dn, bind_password)
+
+def add_vlv(self, subsystem, bind_dn, bind_password):
if self.out_file:
subsystem.customize_file(KRA_VLV_PATH, self.out_file)
print('KRA VLVs written to ' + self.out_file)
@@ -386,11 +387,15 @@ class KRADBVLVAddCLI(pki.cli.CLI):
for dn, entry in parser.all_records:
add_modlist = ldap.modlist.addModlist(entry)
conn.ldap.add_s(dn, add_modlist)
+except ldap.ALREADY_EXISTS as e:# pylint: disable=W0612
+print("KRA VLVs already exists in the database "
+ "for " + subsystem.instance.name)
+return
finally:
os.unlink(ldif_file.name)
conn.close()
-print('KRA VLVs added to the database for ' + instance.name)
+print('KRA VLVs added to the database for ' + subsystem.instance.name)
class KRADBVLVDeleteCLI(pki.cli.CLI):
@@ -581,16 +586,17 @@ class KRADBVLVReindexCLI(pki.cli.CLI):
print('ERROR: Invalid instance %s.' % instance_name)
sys.exit(1)
instance.load()
-self.reindex_vlv(instance, bind_dn, bind_password)
-def reindex_vlv(self, instance, bind_dn, bind_password):
subsystem = instance.get_subsystem('kra')
if not subsystem:
-if self.verbose:
-print('reindex_vlv: No KRA subsystem available. '
- 'Skipping ...')
-return
+print('ERROR: No KRA subsystem in instance %s.' % instance_name)
+sys.exit(1)
+self.reindex_vlv(subsystem, bind_dn, bind_password)
+
+print('KRA VLV reindex completed for ' + instance_name)
+
+def reindex_vlv(self, subsystem, bind_dn, bind_password):
if self.out_file:
subsystem.customize_file(KRA_VLV_TASKS_PATH, self.out_file)
print('KRA VLV reindex task written to ' + self.out_file)
@@ -602,7 +608,7 @@ class KRADBVLVReindexCLI(pki.cli.CLI):
conn = subsystem.open_database(bind_dn=bind_dn,
bind_password=bind_password)
-print('Initiating KRA VLV reindex for ' + instance.name)
+print('Initiating KRA VLV reindex for ' + subsystem.instance.name)
try:
parser = ldif.LDIFRecordList(open(ldif_file.name, "rb"))
@@ -630,5 +636,3 @@ class KRADBVLVReindexCLI(pki.cli.CLI):
finally:
os.unlink(ldif_file.name)
conn.close()
-
-print('KRA VLV reindex completed for ' + instance.name)
--
2.7.4
___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
[Pki-devel] [PATCH 0005-0008] Misc. fixes for pki-server commands
Hi All,
Please review these patches.
Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295
--
Thanks,
Abhijeet Kasurde
IRC: akasurde
http://akasurde.github.io
From c97514152a50e34936a465963d41965a33caa2a7 Mon Sep 17 00:00:00 2001
From: Abhijeet Kasurde <akasu...@redhat.com>
Date: Fri, 1 Jul 2016 10:35:21 +0530
Subject: [PATCH 8/8] Updated notification message for TPS subsystem command
Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295
Signed-off-by: Abhijeet Kasurde <akasu...@redhat.com>
---
base/server/python/pki/server/cli/tps.py | 34
1 file changed, 26 insertions(+), 8 deletions(-)
diff --git a/base/server/python/pki/server/cli/tps.py b/base/server/python/pki/server/cli/tps.py
index 63da3414ea2ac9caf5101ce3b51f198b42712eeb..1f71b8ece1431426d865d7e98fa87e5417beb36c 100644
--- a/base/server/python/pki/server/cli/tps.py
+++ b/base/server/python/pki/server/cli/tps.py
@@ -127,9 +127,15 @@ class TPSClonePrepareCLI(pki.cli.CLI):
sys.exit(1)
instance = pki.server.PKIInstance(instance_name)
+if not instance.is_valid():
+print('ERROR: Invalid instance %s.' % instance_name)
+sys.exit(1)
instance.load()
subsystem = instance.get_subsystem('tps')
+if not subsystem:
+print("ERROR: No TPS subsystem in instance %s." % instance_name)
+sys.exit(1)
tmpdir = tempfile.mkdtemp()
@@ -228,12 +234,15 @@ class TPSDBVLVFindCLI(pki.cli.CLI):
sys.exit(1)
instance = pki.server.PKIInstance(instance_name)
+if not instance.is_valid():
+print('ERROR: Invalid instance %s.' % instance_name)
+sys.exit(1)
instance.load()
subsystem = instance.get_subsystem('tps')
-
if not subsystem:
-raise Exception('Subsystem not found')
+print("ERROR: No TPS subsystem in instance %s." % instance_name)
+sys.exit(1)
self.find_vlv(subsystem, bind_dn, bind_password)
@@ -340,12 +349,15 @@ class TPSDBVLVAddCLI(pki.cli.CLI):
sys.exit(1)
instance = pki.server.PKIInstance(instance_name)
+if not instance.is_valid():
+print('ERROR: Invalid instance %s.' % instance_name)
+sys.exit(1)
instance.load()
subsystem = instance.get_subsystem('tps')
-
if not subsystem:
-raise Exception('Subsystem not found')
+print("ERROR: No TPS subsystem in instance %s." % instance_name)
+sys.exit(1)
if out_file:
self.generate_ldif(subsystem, out_file)
@@ -450,12 +462,15 @@ class TPSDBVLVDeleteCLI(pki.cli.CLI):
sys.exit(1)
instance = pki.server.PKIInstance(instance_name)
+if not instance.is_valid():
+print('ERROR: Invalid instance %s.' % instance_name)
+sys.exit(1)
instance.load()
subsystem = instance.get_subsystem('tps')
-
if not subsystem:
-raise Exception('Subsystem not found')
+print("ERROR: No TPS subsystem in instance %s." % instance_name)
+sys.exit(1)
if out_file:
self.generate_ldif(subsystem, out_file)
@@ -582,12 +597,15 @@ class TPSDBVLVReindexCLI(pki.cli.CLI):
sys.exit(1)
instance = pki.server.PKIInstance(instance_name)
+if not instance.is_valid():
+print('ERROR: Invalid instance %s.' % instance_name)
+sys.exit(1)
instance.load()
subsystem = instance.get_subsystem('tps')
-
if not subsystem:
-raise Exception('Subsystem not found')
+print("ERROR: No TPS subsystem in instance %s." % instance_name)
+sys.exit(1)
if out_file:
self.generate_ldif(subsystem, out_file)
--
2.7.4
From d248b6c3abcac5be9bea9311741d493e20561b85 Mon Sep 17 00:00:00 2001
From: Abhijeet Kasurde <akasu...@redhat.com>
Date: Fri, 1 Jul 2016 10:31:32 +0530
Subject: [PATCH 7/8] Updated notification message for TKS subsystem command
Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295
Signed-off-by: Abhijeet Kasurde <akasu...@redhat.com>
---
base/server/python/pki/server/cli/tks.py | 7 +++
1 file changed, 7 insertions(+)
diff --git a/base/server/python/pki/server/cli/tks.py b/base/server/python/pki/server/cli/tks.py
index 0bcf748c3ca65980a888946d807536d62bfdf894..2c4157a03bc601c36141f67880fe7624aa1febee 100644
--- a/base/server/python/pki/server/cli/tks.py
+++ b/base/server/python/pki/server/cli/tks.py
@@ -118,9 +118,16 @@ class TKSClonePrepareCLI(pki.cli.CLI):
sys.exit(1)
instance = pki.server.PKIInstance(instance_name)
+if not instance.is_valid():
+print('ERROR: Invalid instance %s.' % instance_name
Re: [Pki-devel] [PATCH] 781 Added instance and subsystem validation for pki-server ca-* commands.
Hi Fraser, All, I am working on some of the error messages in pki-* , you can track this under this BZ - https://bugzilla.redhat.com/show_bug.cgi?id=1351295 On 07/01/2016 09:43 AM, Fraser Tweedale wrote: On Thu, Jun 30, 2016 at 08:38:57PM -0500, Endi Sukma Dewata wrote: The pki-server ca-* commands have been modified to validate the instance and the CA subsystem before proceeding with the operation. The usage() methods and invocations have been renamed into print_help() for consistency. https://fedorahosted.org/pki/ticket/2364 -- Endi S. Dewata ACK; pushed to master (f8310a4ff306d28cf25ec71693a2e89c5323564d). There are still lots of pki-server commands that fail if invalid subsystem given, e.g.: # pki-server subsystem-cert-find kra AttributeError: 'NoneType' object has no attribute 'find_system_certs' But that can be addressed separately in future patch. Thanks, Fraser ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel -- Thanks, Abhijeet Kasurde IRC: akasurde http://akasurde.github.io ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
