[Freeipa-devel] [freeipa PR#332][synchronized] Fix regression in test suite

Tue, 13 Dec 2016 06:50:14 -0800 

   URL: https://github.com/freeipa/freeipa/pull/332
Author: frasertweedale
 Title: #332: Fix regression in test suite
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/332/head:pr332
git checkout pr332

From caf1836023fe8128d54e781a949d752516164402 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Wed, 14 Dec 2016 00:22:56 +1000
Subject: [PATCH] Fix regression in test suite

32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d introduced a regression in
test_serverroles.py, caused by ca_find attempting to log into the
Dogtag REST API.  (ca_find is called by cert_find which is called by
server_del during cleanup).

Avoid logging into Dogtag in cert_find unless something actually
needs to be retrieved.

Fixes: https://fedorahosted.org/freeipa/ticket/6178
---
 ipaserver/plugins/ca.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py
index ef1d68c..2510a79 100644
--- a/ipaserver/plugins/ca.py
+++ b/ipaserver/plugins/ca.py
@@ -161,15 +161,21 @@ class ca(LDAPObject):
     }
 
 
-def set_certificate_attrs(entry, options, always_include_cert=True):
+def set_certificate_attrs(entry, options, want_cert=True):
     ca_id = entry['ipacaid'][0]
     full = options.get('all', False)
+    want_chain = options.get('chain', False)
+
+    want_data = want_cert or want_chain or full
+    if not want_data:
+        return
+
     with api.Backend.ra_lightweight_ca as ca_api:
-        if always_include_cert or full:
+        if want_cert or full:
             der = ca_api.read_ca_cert(ca_id)
             entry['certificate'] = six.text_type(base64.b64encode(der))
 
-        if options.get('chain', False) or full:
+        if want_chain or full:
             pkcs7_der = ca_api.read_ca_chain(ca_id)
             pems = x509.pkcs7_to_pems(pkcs7_der, x509.DER)
             ders = [x509.normalize_certificate(pem) for pem in pems]
@@ -187,7 +193,7 @@ def execute(self, *keys, **options):
         ca_enabled_check()
         result = super(ca_find, self).execute(*keys, **options)
         for entry in result['result']:
-            set_certificate_attrs(entry, options, always_include_cert=False)
+            set_certificate_attrs(entry, options, want_cert=False)
         return result
 
 

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to