Re: [Freeipa-devel] [PATCH] 0024..0025 Add missing certprofile features
On 04/07/15 16:58, Fraser Tweedale wrote: On Fri, Jul 03, 2015 at 10:34:07PM +1000, Fraser Tweedale wrote: On Thu, Jul 02, 2015 at 08:12:12PM +1000, Fraser Tweedale wrote: On Thu, Jul 02, 2015 at 11:23:49AM +0200, Jan Cholasta wrote: Hi, Dne 2.7.2015 v 11:15 Fraser Tweedale napsal(a): Attached patches fix a couple of important gaps in certprofile plugin: - Add --out option to export Dogtag profile data to file https://fedorahosted.org/freeipa/ticket/5091 - Add --file option to update existing profile in Dogtag https://fedorahosted.org/freeipa/ticket/5093 NACK on patchset v2; does not work (even after makeapi, which I forgot to include in updated patchset). I keep getting error ``ipa: ERROR: Unknown option: file''. Need to investigate why, but other patches are taking priority right now. Here is patchset v3, which is just v1 rebased on latest master. Thanks, Fraser Updated patch 0025 (v4). Profile now gets re-enabled if profile update fails. Patch 0024 remains at v3. Thanks, Fraser ACK -- Martin Basti -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0024..0025 Add missing certprofile features
On 07/07/2015 07:30 PM, Martin Basti wrote: On 04/07/15 16:58, Fraser Tweedale wrote: On Fri, Jul 03, 2015 at 10:34:07PM +1000, Fraser Tweedale wrote: On Thu, Jul 02, 2015 at 08:12:12PM +1000, Fraser Tweedale wrote: On Thu, Jul 02, 2015 at 11:23:49AM +0200, Jan Cholasta wrote: Hi, Dne 2.7.2015 v 11:15 Fraser Tweedale napsal(a): Attached patches fix a couple of important gaps in certprofile plugin: - Add --out option to export Dogtag profile data to file https://fedorahosted.org/freeipa/ticket/5091 - Add --file option to update existing profile in Dogtag https://fedorahosted.org/freeipa/ticket/5093 NACK on patchset v2; does not work (even after makeapi, which I forgot to include in updated patchset). I keep getting error ``ipa: ERROR: Unknown option: file''. Need to investigate why, but other patches are taking priority right now. Here is patchset v3, which is just v1 rebased on latest master. Thanks, Fraser Updated patch 0025 (v4). Profile now gets re-enabled if profile update fails. Patch 0024 remains at v3. Thanks, Fraser ACK -- Martin Basti Patches required a little API rebase due to stale minor API number reference. Pushed to master: 462e0b9eb16f52b66b723744c4b42c19ef4782c3 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0024..0025 Add missing certprofile features
On Fri, Jul 03, 2015 at 10:34:07PM +1000, Fraser Tweedale wrote: On Thu, Jul 02, 2015 at 08:12:12PM +1000, Fraser Tweedale wrote: On Thu, Jul 02, 2015 at 11:23:49AM +0200, Jan Cholasta wrote: Hi, Dne 2.7.2015 v 11:15 Fraser Tweedale napsal(a): Attached patches fix a couple of important gaps in certprofile plugin: - Add --out option to export Dogtag profile data to file https://fedorahosted.org/freeipa/ticket/5091 - Add --file option to update existing profile in Dogtag https://fedorahosted.org/freeipa/ticket/5093 NACK on patchset v2; does not work (even after makeapi, which I forgot to include in updated patchset). I keep getting error ``ipa: ERROR: Unknown option: file''. Need to investigate why, but other patches are taking priority right now. Here is patchset v3, which is just v1 rebased on latest master. Thanks, Fraser Updated patch 0025 (v4). Profile now gets re-enabled if profile update fails. Patch 0024 remains at v3. Thanks, Fraser From e2a8c92c73e4b2d119475fc2a93026df2ac60947 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale ftwee...@redhat.com Date: Thu, 2 Jul 2015 04:09:31 -0400 Subject: [PATCH] certprofile: add ability to update profile config in Dogtag Add the `--file=FILENAME' option to `certprofile-mod' which, when given, will update the profile configuration in Dogtag to the contents of the file. Fixes: https://fedorahosted.org/freeipa/ticket/5093 --- API.txt | 3 ++- VERSION | 4 ++-- ipalib/plugins/certprofile.py | 35 --- ipaserver/plugins/dogtag.py | 12 4 files changed, 48 insertions(+), 6 deletions(-) diff --git a/API.txt b/API.txt index 22ae9bb88710366736ee915e6fe6f2f1c09f2449..e03b8fb54f7ba128227f37179f5715de86dffdef 100644 --- a/API.txt +++ b/API.txt @@ -731,12 +731,13 @@ output: Entry('result', type 'dict', Gettext('A dictionary representing an LDA output: Output('summary', (type 'unicode', type 'NoneType'), None) output: PrimaryKey('value', None, None) command: certprofile_mod -args: 1,10,3 +args: 1,11,3 arg: Str('cn', attribute=True, cli_name='id', multivalue=False, primary_key=True, query=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Str('delattr*', cli_name='delattr', exclude='webui') option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False) +option: File('file?', cli_name='file') option: Bool('ipacertprofilestoreissued', attribute=True, autofill=False, cli_name='store', default=True, multivalue=False, required=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Str('rename', cli_name='rename', multivalue=False, primary_key=True, required=False) diff --git a/VERSION b/VERSION index 5827f05a4b6b07afb91bd193ff8d7bdecdcc5f9a..5956d3dbf629c61d485d84524960a3f298a9da11 100644 --- a/VERSION +++ b/VERSION @@ -90,5 +90,5 @@ IPA_DATA_VERSION=2010061412 # # IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=138 -# Last change: ftweedal: add certprofile-show --out option +IPA_API_VERSION_MINOR=139 +# Last change: ftweedal: add certprofile-mod --file option diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py index abb62434eee4cb87356da5568b8a1bb12b762f67..6f9a41875b2a276b521219156e630817a9c41fdc 100644 --- a/ipalib/plugins/certprofile.py +++ b/ipalib/plugins/certprofile.py @@ -13,6 +13,7 @@ from ipalib.plugins.baseldap import ( LDAPDelete, LDAPUpdate, LDAPRetrieve) from ipalib import ngettext from ipalib.text import _ +from ipapython.version import API_VERSION from ipalib import errors @@ -245,7 +246,6 @@ class certprofile_import(LDAPCreate): def post_callback(self, ldap, dn, entry_attrs, *keys, **options): Import the profile into Dogtag and enable it. -If the operation succeeds, update the LDAP entry to 'enabled'. If the operation fails, remove the LDAP entry. try: @@ -281,6 +281,35 @@ class certprofile_mod(LDAPUpdate): __doc__ = _(Modify Certificate Profile configuration.) msg_summary = _('Modified Certificate Profile %(value)s') -def execute(self, *args, **kwargs): +takes_options = LDAPUpdate.takes_options + ( +File('file?', +label=_('File containing profile configuration'), +cli_name='file', +flags=('virtual_attribute',), +), +) + +def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): ca_enabled_check() -return super(certprofile_mod, self).execute(*args, **kwargs) +if 'file' in options: +with self.api.Backend.ra_certprofile as profile_api: +
Re: [Freeipa-devel] [PATCH] 0024..0025 Add missing certprofile features
On Thu, Jul 02, 2015 at 08:12:12PM +1000, Fraser Tweedale wrote: On Thu, Jul 02, 2015 at 11:23:49AM +0200, Jan Cholasta wrote: Hi, Dne 2.7.2015 v 11:15 Fraser Tweedale napsal(a): Attached patches fix a couple of important gaps in certprofile plugin: - Add --out option to export Dogtag profile data to file https://fedorahosted.org/freeipa/ticket/5091 - Add --file option to update existing profile in Dogtag https://fedorahosted.org/freeipa/ticket/5093 Just a couple nitpicks: +takes_options = LDAPUpdate.takes_options + ( +File('file?', +label=_('File containing profile configuration'), +cli_name='file', +flags=('virtual_attribute',), +), +) 1) Don't set cli_name if it's the same as name. 2) The virtual_attribute flag is meaningless in Commands. 3) Add include='cli' to denote that the option is specific to CLI (applies to --out as well). Honza -- Jan Cholasta Thanks, updated patches attached. Interdiff below. diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py index 7323565..08a0d1c 100644 --- a/ipalib/plugins/certprofile.py +++ b/ipalib/plugins/certprofile.py @@ -185,6 +185,7 @@ class certprofile_show(LDAPRetrieve): takes_options = LDAPRetrieve.takes_options + ( Str('out?', doc=_('Write profile configuration to file'), +include='cli', ), ) @@ -284,8 +285,7 @@ class certprofile_mod(LDAPUpdate): takes_options = LDAPUpdate.takes_options + ( File('file?', label=_('File containing profile configuration'), -cli_name='file', -flags=('virtual_attribute',), +include='cli', ), ) NACK on patchset v2; does not work (even after makeapi, which I forgot to include in updated patchset). I keep getting error ``ipa: ERROR: Unknown option: file''. Need to investigate why, but other patches are taking priority right now. Here is patchset v3, which is just v1 rebased on latest master. Thanks, Fraser From 258f0cbea42b482871d360c33c252ad173c2b0e0 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale ftwee...@redhat.com Date: Thu, 2 Jul 2015 03:31:31 -0400 Subject: [PATCH 24/25] certprofile: add option to export profile config Add the `--out=FILENAME' option to `certprofile-show'. When given, it exports the profile configuration from Dogtag and writes it to the named file. Fixes: https://fedorahosted.org/freeipa/ticket/5091 --- API.txt | 3 ++- VERSION | 4 ++-- ipalib/plugins/certprofile.py | 39 --- ipaserver/plugins/dogtag.py | 8 4 files changed, 48 insertions(+), 6 deletions(-) diff --git a/API.txt b/API.txt index e226712d3b8f8eda721a906927cd7fac01eac39f..22ae9bb88710366736ee915e6fe6f2f1c09f2449 100644 --- a/API.txt +++ b/API.txt @@ -747,9 +747,10 @@ output: Entry('result', type 'dict', Gettext('A dictionary representing an LDA output: Output('summary', (type 'unicode', type 'NoneType'), None) output: PrimaryKey('value', None, None) command: certprofile_show -args: 1,4,3 +args: 1,5,3 arg: Str('cn', attribute=True, cli_name='id', multivalue=False, primary_key=True, query=True, required=True) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Str('out?') option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Flag('rights', autofill=True, default=False) option: Str('version?', exclude='webui') diff --git a/VERSION b/VERSION index 266a04af1a61132637112611b7e86649ff818c2a..5827f05a4b6b07afb91bd193ff8d7bdecdcc5f9a 100644 --- a/VERSION +++ b/VERSION @@ -90,5 +90,5 @@ IPA_DATA_VERSION=2010061412 # # IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=137 -# Last change: mbabinsk: Commands to manage user/host/service certificates +IPA_API_VERSION_MINOR=138 +# Last change: ftweedal: add certprofile-show --out option diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py index 9e1e47e943f5c14a7e7ce418d3fc2d095331a38a..abb62434eee4cb87356da5568b8a1bb12b762f67 100644 --- a/ipalib/plugins/certprofile.py +++ b/ipalib/plugins/certprofile.py @@ -5,7 +5,7 @@ import re from ipalib import api, Bool, File, Str -from ipalib import output +from ipalib import output, util from ipalib.plugable import Registry from ipalib.plugins.virtual import VirtualCommand from ipalib.plugins.baseldap import ( @@ -175,9 +175,42 @@ class certprofile_find(LDAPSearch): class certprofile_show(LDAPRetrieve): __doc__ = _(Display the properties of a Certificate Profile.) -def execute(self, *args, **kwargs): +has_output_params = LDAPRetrieve.has_output_params + ( +Str('config', +
Re: [Freeipa-devel] [PATCH] 0024..0025 Add missing certprofile features
Hi, Dne 2.7.2015 v 11:15 Fraser Tweedale napsal(a): Attached patches fix a couple of important gaps in certprofile plugin: - Add --out option to export Dogtag profile data to file https://fedorahosted.org/freeipa/ticket/5091 - Add --file option to update existing profile in Dogtag https://fedorahosted.org/freeipa/ticket/5093 Just a couple nitpicks: +takes_options = LDAPUpdate.takes_options + ( +File('file?', +label=_('File containing profile configuration'), +cli_name='file', +flags=('virtual_attribute',), +), +) 1) Don't set cli_name if it's the same as name. 2) The virtual_attribute flag is meaningless in Commands. 3) Add include='cli' to denote that the option is specific to CLI (applies to --out as well). Honza -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0024..0025 Add missing certprofile features
On Thu, Jul 02, 2015 at 11:23:49AM +0200, Jan Cholasta wrote: Hi, Dne 2.7.2015 v 11:15 Fraser Tweedale napsal(a): Attached patches fix a couple of important gaps in certprofile plugin: - Add --out option to export Dogtag profile data to file https://fedorahosted.org/freeipa/ticket/5091 - Add --file option to update existing profile in Dogtag https://fedorahosted.org/freeipa/ticket/5093 Just a couple nitpicks: +takes_options = LDAPUpdate.takes_options + ( +File('file?', +label=_('File containing profile configuration'), +cli_name='file', +flags=('virtual_attribute',), +), +) 1) Don't set cli_name if it's the same as name. 2) The virtual_attribute flag is meaningless in Commands. 3) Add include='cli' to denote that the option is specific to CLI (applies to --out as well). Honza -- Jan Cholasta Thanks, updated patches attached. Interdiff below. diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py index 7323565..08a0d1c 100644 --- a/ipalib/plugins/certprofile.py +++ b/ipalib/plugins/certprofile.py @@ -185,6 +185,7 @@ class certprofile_show(LDAPRetrieve): takes_options = LDAPRetrieve.takes_options + ( Str('out?', doc=_('Write profile configuration to file'), +include='cli', ), ) @@ -284,8 +285,7 @@ class certprofile_mod(LDAPUpdate): takes_options = LDAPUpdate.takes_options + ( File('file?', label=_('File containing profile configuration'), -cli_name='file', -flags=('virtual_attribute',), +include='cli', ), ) From 92aafc1602154dee886c9197ad976cc03ee1bc65 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale ftwee...@redhat.com Date: Thu, 2 Jul 2015 03:31:31 -0400 Subject: [PATCH 24/25] certprofile: add option to export profile config Add the `--out=FILENAME' option to `certprofile-show'. When given, it exports the profile configuration from Dogtag and writes it to the named file. Fixes: https://fedorahosted.org/freeipa/ticket/5091 --- API.txt | 3 ++- VERSION | 4 ++-- ipalib/plugins/certprofile.py | 40 +--- ipaserver/plugins/dogtag.py | 8 4 files changed, 49 insertions(+), 6 deletions(-) diff --git a/API.txt b/API.txt index bccebe55da8a785cbb6ca782904d7523c4a9322f..13977ac74fe1831ebb86c7fb9fd97910e0dde238 100644 --- a/API.txt +++ b/API.txt @@ -747,9 +747,10 @@ output: Entry('result', type 'dict', Gettext('A dictionary representing an LDA output: Output('summary', (type 'unicode', type 'NoneType'), None) output: PrimaryKey('value', None, None) command: certprofile_show -args: 1,4,3 +args: 1,5,3 arg: Str('cn', attribute=True, cli_name='id', multivalue=False, primary_key=True, query=True, required=True) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Str('out?') option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Flag('rights', autofill=True, default=False) option: Str('version?', exclude='webui') diff --git a/VERSION b/VERSION index 2f884ff73afad57f35f06ce279add5c078073353..1cadaf4057f2a2d1b882b2df5e84687d6dc989a3 100644 --- a/VERSION +++ b/VERSION @@ -90,5 +90,5 @@ IPA_DATA_VERSION=2010061412 # # IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=136 -# Last change: pvoborni: add topologysuffix-verify command +IPA_API_VERSION_MINOR=137 +# Last change: ftweedal: add certprofile-show --out option diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py index 9e1e47e943f5c14a7e7ce418d3fc2d095331a38a..1a6621815f9aa36974ed08c776d9ad2d09682988 100644 --- a/ipalib/plugins/certprofile.py +++ b/ipalib/plugins/certprofile.py @@ -5,7 +5,7 @@ import re from ipalib import api, Bool, File, Str -from ipalib import output +from ipalib import output, util from ipalib.plugable import Registry from ipalib.plugins.virtual import VirtualCommand from ipalib.plugins.baseldap import ( @@ -175,9 +175,43 @@ class certprofile_find(LDAPSearch): class certprofile_show(LDAPRetrieve): __doc__ = _(Display the properties of a Certificate Profile.) -def execute(self, *args, **kwargs): +has_output_params = LDAPRetrieve.has_output_params + ( +Str('config', +label=_('Profile configuration'), +), +) + +takes_options = LDAPRetrieve.takes_options + ( +Str('out?', +doc=_('Write profile configuration to file'), +include='cli', +), +) + +def execute(self, *keys, **options): ca_enabled_check() -return super(certprofile_show, self).execute(*args, **kwargs) +result = super(certprofile_show, self).execute(*keys, **options) + +if 'out'