URL: https://github.com/freeipa/freeipa/pull/332 Author: frasertweedale Title: #332: Fix regression in test suite Action: opened
PR body: """ 32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d introduced a regression in test_serverroles.py, caused by ca_find attempting to log into the Dogtag REST API. (ca_find is called by cert_find which is caused by server_del during cleanup). Avoid logging into Dogtag in cert_find unless something actually needs to be retrieved. Fixes: https://fedorahosted.org/freeipa/ticket/6178 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/332/head:pr332 git checkout pr332
From 19a63ecd713b5133dbd5ee6ba65d4351799cebaa Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Wed, 14 Dec 2016 00:22:56 +1000 Subject: [PATCH] Fix regression in test suite 32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d introduced a regression in test_serverroles.py, caused by ca_find attempting to log into the Dogtag REST API. (ca_find is called by cert_find which is caused by server_del during cleanup). Avoid logging into Dogtag in cert_find unless something actually needs to be retrieved. Fixes: https://fedorahosted.org/freeipa/ticket/6178 --- ipaserver/plugins/ca.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py index ef1d68c..86bec0f 100644 --- a/ipaserver/plugins/ca.py +++ b/ipaserver/plugins/ca.py @@ -161,15 +161,21 @@ class ca(LDAPObject): } -def set_certificate_attrs(entry, options, always_include_cert=True): +def set_certificate_attrs(entry, options, want_cert=True): ca_id = entry['ipacaid'][0] full = options.get('all', False) + want_chain = options.get('chain', False) + + want_data = want_cert or want_chain or full + if not want_data: + return + with api.Backend.ra_lightweight_ca as ca_api: if always_include_cert or full: der = ca_api.read_ca_cert(ca_id) entry['certificate'] = six.text_type(base64.b64encode(der)) - if options.get('chain', False) or full: + if want_chain or full: pkcs7_der = ca_api.read_ca_chain(ca_id) pems = x509.pkcs7_to_pems(pkcs7_der, x509.DER) ders = [x509.normalize_certificate(pem) for pem in pems] @@ -187,7 +193,7 @@ def execute(self, *keys, **options): ca_enabled_check() result = super(ca_find, self).execute(*keys, **options) for entry in result['result']: - set_certificate_attrs(entry, options, always_include_cert=False) + set_certificate_attrs(entry, options, want_cert=False) return result
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code