[Pki-devel] [PATCH 0010] Added instance and subsystem validation for pki-server subsystem-* commands.
Hi All, Please review the patch. Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295 -- Thanks, Abhijeet Kasurde IRC: akasurde http://akasurde.github.io From 4660a338745020cf773e8e22d6da3552cb014cc2 Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde <akasu...@redhat.com> Date: Sat, 2 Jul 2016 11:03:53 +0530 Subject: [PATCH] Added instance and subsystem validation for pki-server subsystem-* commands. The pki-server subsystem-* commands have been updated to validate the instance and subsystem before proceeding with the operation. Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295 Signed-off-by: Abhijeet Kasurde <akasu...@redhat.com> --- base/server/python/pki/server/cli/subsystem.py | 66 +- 1 file changed, 53 insertions(+), 13 deletions(-) diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py index 49215cf46a56ac984bdd5b8ad54e618a7b04393e..a44243a6788fc21d705055ec6bf4f1bc9e372475 100644 --- a/base/server/python/pki/server/cli/subsystem.py +++ b/base/server/python/pki/server/cli/subsystem.py @@ -177,6 +177,10 @@ class SubsystemShowCLI(pki.cli.CLI): instance.load() subsystem = instance.get_subsystem(subsystem_name) +if not subsystem: +print('ERROR: No %s subsystem in instance ' + '%s.' % (subsystem_name, instance_name)) +sys.exit(1) SubsystemCLI.print_subsystem(subsystem) @@ -240,9 +244,17 @@ class SubsystemEnableCLI(pki.cli.CLI): instance.load() subsystem = instance.get_subsystem(subsystem_name) -subsystem.enable() +if not subsystem: +print('ERROR: No %s subsystem in instance ' + '%s.' % (subsystem_name, instance_name)) +sys.exit(1) -self.print_message('Enabled "%s" subsystem' % subsystem_name) +if subsystem.is_enabled(): +self.print_message('Subsystem "%s" is already ' + 'enabled' % subsystem_name) +else: +subsystem.enable() +self.print_message('Enabled "%s" subsystem' % subsystem_name) SubsystemCLI.print_subsystem(subsystem) @@ -308,9 +320,17 @@ class SubsystemDisableCLI(pki.cli.CLI): instance.load() subsystem = instance.get_subsystem(subsystem_name) -subsystem.disable() +if not subsystem: +print('ERROR: No %s subsystem in instance ' + '%s.' % (subsystem_name, instance_name)) +sys.exit(1) -self.print_message('Disabled "%s" subsystem' % subsystem_name) +if not subsystem.is_enabled(): +self.print_message('Subsystem "%s" is already ' + 'disabled' % subsystem_name) +else: +subsystem.disable() +self.print_message('Disabled "%s" subsystem' % subsystem_name) SubsystemCLI.print_subsystem(subsystem) @@ -403,6 +423,10 @@ class SubsystemCertFindCLI(pki.cli.CLI): instance.load() subsystem = instance.get_subsystem(subsystem_name) +if not subsystem: +print('ERROR: No %s subsystem in instance ' + '%s.' % (subsystem_name, instance_name)) +sys.exit(1) results = subsystem.find_system_certs() self.print_message('%s entries matched' % len(results)) @@ -436,7 +460,7 @@ class SubsystemCertShowCLI(pki.cli.CLI): try: opts, args = getopt.gnu_getopt(argv, 'i:v', [ -'instance=', 'show-all', +'instance=', 'show-all', 'verbose', 'help']) except getopt.GetoptError as e: @@ -471,7 +495,6 @@ class SubsystemCertShowCLI(pki.cli.CLI): self.usage() sys.exit(1) - if len(args) < 2: print('ERROR: missing cert ID') self.usage() @@ -489,6 +512,10 @@ class SubsystemCertShowCLI(pki.cli.CLI): instance.load() subsystem = instance.get_subsystem(subsystem_name) +if not subsystem: +print('ERROR: No %s subsystem in instance ' + '%s.' % (subsystem_name, instance_name)) +sys.exit(1) cert = subsystem.get_subsystem_cert(cert_id) SubsystemCertCLI.print_subsystem_cert(cert, show_all) @@ -611,6 +638,10 @@ class SubsystemCertExportCLI(pki.cli.CLI): instance.load() subsystem = instance.get_subsystem(subsystem_name) +if not subsystem: +print('ERROR: No %s subsystem in instance ' + '%s.' % (subsystem_name, instance_name)) +sys.exit(1) subsystem_cert = None if len(args) >= 2: @@ -732,6 +763,10 @@ class SubsystemCertUpdateCLI(pki.cli.CLI): instance.load() subsystem = instance.get_subsystem(subsyst
[Pki-devel] [PATCH 0009] More misc. fixes for pki-server commands
Hi All, Please find the patch for review. Partially fixes : https://bugzilla.redhat.com/show_bug.cgi?id=1351295 -- Thanks, Abhijeet Kasurde IRC: akasurde http://akasurde.github.io From e26d2115863d394c16bd5d1d4f53bc5cc8d4a4f4 Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde <akasu...@redhat.com> Date: Fri, 1 Jul 2016 15:08:09 +0530 Subject: [PATCH] Updated notification message for DB subsystem command Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295 Signed-off-by: Abhijeet Kasurde <akasu...@redhat.com> --- base/server/python/pki/server/cli/db.py | 20 +++- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/base/server/python/pki/server/cli/db.py b/base/server/python/pki/server/cli/db.py index 6555e4078af1a1e85c5e972a0247115ebd52e6f1..4ed885053f2e994ab0fb08c41a079b0d7faf23e2 100644 --- a/base/server/python/pki/server/cli/db.py +++ b/base/server/python/pki/server/cli/db.py @@ -25,6 +25,7 @@ import ldap import nss.nss as nss import subprocess import sys +import getpass import pki.cli @@ -94,24 +95,30 @@ class DBSchemaUpgrade(pki.cli.CLI): self.usage() sys.exit(1) +if not bind_password: +bind_password = getpass.getpass(prompt='Enter password : ') + instance = pki.server.PKIInstance(instance_name) if not instance.is_valid(): -print("ERROR: Instance name '%s' not found" % instance) +print("ERROR: Instance name '%s' not found" % instance_name) sys.exit(1) instance.load() +subsystem = instance.subsystems[0] +if not subsystem: +print("ERROR: No subsystem found.") +sys.exit(1) + try: -self.update_schema(instance, bind_dn, bind_password) - +self.update_schema(subsystem, bind_dn, bind_password) except subprocess.CalledProcessError as e: print("ERROR: " + e.output) sys.exit(e.returncode) self.print_message('Upgrade complete') -def update_schema(self, instance, bind_dn, bind_password): +def update_schema(self, subsystem, bind_dn, bind_password): # TODO(alee) re-implement this using open_database -subsystem = instance.subsystems[0] host = subsystem.config['internaldb.ldapconn.host'] port = subsystem.config['internaldb.ldapconn.port'] secure = subsystem.config['internaldb.ldapconn.secureConn'] @@ -174,6 +181,9 @@ class DBUpgrade(pki.cli.CLI): nss.nss_init_nodb() instance = pki.server.PKIInstance(instance_name) +if not instance.is_valid(): +print("ERROR: Instance name '%s' not found" % instance_name) +sys.exit(1) instance.load() subsystem = instance.get_subsystem('ca') -- 2.7.4 ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
Re: [Pki-devel] [PATCH 0005-0008] Misc. fixes for pki-server commands
Hi All, Please find the updated PATCH 0005. On 07/01/2016 11:02 AM, Abhijeet Kasurde wrote: Hi All, Please review these patches. Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295 -- Thanks, Abhijeet Kasurde IRC: akasurde http://akasurde.github.io ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel -- Thanks, Abhijeet Kasurde IRC: akasurde http://akasurde.github.io From 8b36e0a63c2c960e4fc399e1d611ad8774501a09 Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde <akasu...@redhat.com> Date: Fri, 1 Jul 2016 10:05:05 +0530 Subject: [PATCH 5/5] Updated notification message for kra-db-vlv* command Partially Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295 Signed-off-by: Abhijeet Kasurde <akasu...@redhat.com> --- base/server/python/pki/server/cli/kra.py | 32 ++-- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/base/server/python/pki/server/cli/kra.py b/base/server/python/pki/server/cli/kra.py index 17611a82b0e6c5eff910c2b4556e783da348d32f..10e2eb4bcb500d4486633190119e113997d09877 100644 --- a/base/server/python/pki/server/cli/kra.py +++ b/base/server/python/pki/server/cli/kra.py @@ -361,14 +361,15 @@ class KRADBVLVAddCLI(pki.cli.CLI): print('ERROR: Invalid instance %s.' % instance_name) sys.exit(1) instance.load() -self.add_vlv(instance, bind_dn, bind_password) -def add_vlv(self, instance, bind_dn, bind_password): subsystem = instance.get_subsystem('kra') if not subsystem: -print('No KRA subsystem available.') -return +print('ERROR: No KRA subsystem in instance %s.' % instance_name) +sys.exit(1) +self.add_vlv(subsystem, bind_dn, bind_password) + +def add_vlv(self, subsystem, bind_dn, bind_password): if self.out_file: subsystem.customize_file(KRA_VLV_PATH, self.out_file) print('KRA VLVs written to ' + self.out_file) @@ -386,11 +387,15 @@ class KRADBVLVAddCLI(pki.cli.CLI): for dn, entry in parser.all_records: add_modlist = ldap.modlist.addModlist(entry) conn.ldap.add_s(dn, add_modlist) +except ldap.ALREADY_EXISTS as e:# pylint: disable=W0612 +print("KRA VLVs already exists in the database " + "for " + subsystem.instance.name) +return finally: os.unlink(ldif_file.name) conn.close() -print('KRA VLVs added to the database for ' + instance.name) +print('KRA VLVs added to the database for ' + subsystem.instance.name) class KRADBVLVDeleteCLI(pki.cli.CLI): @@ -581,16 +586,17 @@ class KRADBVLVReindexCLI(pki.cli.CLI): print('ERROR: Invalid instance %s.' % instance_name) sys.exit(1) instance.load() -self.reindex_vlv(instance, bind_dn, bind_password) -def reindex_vlv(self, instance, bind_dn, bind_password): subsystem = instance.get_subsystem('kra') if not subsystem: -if self.verbose: -print('reindex_vlv: No KRA subsystem available. ' - 'Skipping ...') -return +print('ERROR: No KRA subsystem in instance %s.' % instance_name) +sys.exit(1) +self.reindex_vlv(subsystem, bind_dn, bind_password) + +print('KRA VLV reindex completed for ' + instance_name) + +def reindex_vlv(self, subsystem, bind_dn, bind_password): if self.out_file: subsystem.customize_file(KRA_VLV_TASKS_PATH, self.out_file) print('KRA VLV reindex task written to ' + self.out_file) @@ -602,7 +608,7 @@ class KRADBVLVReindexCLI(pki.cli.CLI): conn = subsystem.open_database(bind_dn=bind_dn, bind_password=bind_password) -print('Initiating KRA VLV reindex for ' + instance.name) +print('Initiating KRA VLV reindex for ' + subsystem.instance.name) try: parser = ldif.LDIFRecordList(open(ldif_file.name, "rb")) @@ -630,5 +636,3 @@ class KRADBVLVReindexCLI(pki.cli.CLI): finally: os.unlink(ldif_file.name) conn.close() - -print('KRA VLV reindex completed for ' + instance.name) -- 2.7.4 ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
[Pki-devel] [PATCH 0005-0008] Misc. fixes for pki-server commands
Hi All, Please review these patches. Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295 -- Thanks, Abhijeet Kasurde IRC: akasurde http://akasurde.github.io From c97514152a50e34936a465963d41965a33caa2a7 Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde <akasu...@redhat.com> Date: Fri, 1 Jul 2016 10:35:21 +0530 Subject: [PATCH 8/8] Updated notification message for TPS subsystem command Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295 Signed-off-by: Abhijeet Kasurde <akasu...@redhat.com> --- base/server/python/pki/server/cli/tps.py | 34 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/base/server/python/pki/server/cli/tps.py b/base/server/python/pki/server/cli/tps.py index 63da3414ea2ac9caf5101ce3b51f198b42712eeb..1f71b8ece1431426d865d7e98fa87e5417beb36c 100644 --- a/base/server/python/pki/server/cli/tps.py +++ b/base/server/python/pki/server/cli/tps.py @@ -127,9 +127,15 @@ class TPSClonePrepareCLI(pki.cli.CLI): sys.exit(1) instance = pki.server.PKIInstance(instance_name) +if not instance.is_valid(): +print('ERROR: Invalid instance %s.' % instance_name) +sys.exit(1) instance.load() subsystem = instance.get_subsystem('tps') +if not subsystem: +print("ERROR: No TPS subsystem in instance %s." % instance_name) +sys.exit(1) tmpdir = tempfile.mkdtemp() @@ -228,12 +234,15 @@ class TPSDBVLVFindCLI(pki.cli.CLI): sys.exit(1) instance = pki.server.PKIInstance(instance_name) +if not instance.is_valid(): +print('ERROR: Invalid instance %s.' % instance_name) +sys.exit(1) instance.load() subsystem = instance.get_subsystem('tps') - if not subsystem: -raise Exception('Subsystem not found') +print("ERROR: No TPS subsystem in instance %s." % instance_name) +sys.exit(1) self.find_vlv(subsystem, bind_dn, bind_password) @@ -340,12 +349,15 @@ class TPSDBVLVAddCLI(pki.cli.CLI): sys.exit(1) instance = pki.server.PKIInstance(instance_name) +if not instance.is_valid(): +print('ERROR: Invalid instance %s.' % instance_name) +sys.exit(1) instance.load() subsystem = instance.get_subsystem('tps') - if not subsystem: -raise Exception('Subsystem not found') +print("ERROR: No TPS subsystem in instance %s." % instance_name) +sys.exit(1) if out_file: self.generate_ldif(subsystem, out_file) @@ -450,12 +462,15 @@ class TPSDBVLVDeleteCLI(pki.cli.CLI): sys.exit(1) instance = pki.server.PKIInstance(instance_name) +if not instance.is_valid(): +print('ERROR: Invalid instance %s.' % instance_name) +sys.exit(1) instance.load() subsystem = instance.get_subsystem('tps') - if not subsystem: -raise Exception('Subsystem not found') +print("ERROR: No TPS subsystem in instance %s." % instance_name) +sys.exit(1) if out_file: self.generate_ldif(subsystem, out_file) @@ -582,12 +597,15 @@ class TPSDBVLVReindexCLI(pki.cli.CLI): sys.exit(1) instance = pki.server.PKIInstance(instance_name) +if not instance.is_valid(): +print('ERROR: Invalid instance %s.' % instance_name) +sys.exit(1) instance.load() subsystem = instance.get_subsystem('tps') - if not subsystem: -raise Exception('Subsystem not found') +print("ERROR: No TPS subsystem in instance %s." % instance_name) +sys.exit(1) if out_file: self.generate_ldif(subsystem, out_file) -- 2.7.4 From d248b6c3abcac5be9bea9311741d493e20561b85 Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde <akasu...@redhat.com> Date: Fri, 1 Jul 2016 10:31:32 +0530 Subject: [PATCH 7/8] Updated notification message for TKS subsystem command Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295 Signed-off-by: Abhijeet Kasurde <akasu...@redhat.com> --- base/server/python/pki/server/cli/tks.py | 7 +++ 1 file changed, 7 insertions(+) diff --git a/base/server/python/pki/server/cli/tks.py b/base/server/python/pki/server/cli/tks.py index 0bcf748c3ca65980a888946d807536d62bfdf894..2c4157a03bc601c36141f67880fe7624aa1febee 100644 --- a/base/server/python/pki/server/cli/tks.py +++ b/base/server/python/pki/server/cli/tks.py @@ -118,9 +118,16 @@ class TKSClonePrepareCLI(pki.cli.CLI): sys.exit(1) instance = pki.server.PKIInstance(instance_name) +if not instance.is_valid(): +print('ERROR: Invalid instance %s.' % instance_name
Re: [Pki-devel] [PATCH] 781 Added instance and subsystem validation for pki-server ca-* commands.
Hi Fraser, All, I am working on some of the error messages in pki-* , you can track this under this BZ - https://bugzilla.redhat.com/show_bug.cgi?id=1351295 On 07/01/2016 09:43 AM, Fraser Tweedale wrote: On Thu, Jun 30, 2016 at 08:38:57PM -0500, Endi Sukma Dewata wrote: The pki-server ca-* commands have been modified to validate the instance and the CA subsystem before proceeding with the operation. The usage() methods and invocations have been renamed into print_help() for consistency. https://fedorahosted.org/pki/ticket/2364 -- Endi S. Dewata ACK; pushed to master (f8310a4ff306d28cf25ec71693a2e89c5323564d). There are still lots of pki-server commands that fail if invalid subsystem given, e.g.: # pki-server subsystem-cert-find kra AttributeError: 'NoneType' object has no attribute 'find_system_certs' But that can be addressed separately in future patch. Thanks, Fraser ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel -- Thanks, Abhijeet Kasurde IRC: akasurde http://akasurde.github.io ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel