Re: [Freeipa-devel] [PATCH] 0024..0025 Add missing certprofile features

2015-07-07 Thread Martin Basti

On 04/07/15 16:58, Fraser Tweedale wrote:

On Fri, Jul 03, 2015 at 10:34:07PM +1000, Fraser Tweedale wrote:

On Thu, Jul 02, 2015 at 08:12:12PM +1000, Fraser Tweedale wrote:

On Thu, Jul 02, 2015 at 11:23:49AM +0200, Jan Cholasta wrote:

Hi,

Dne 2.7.2015 v 11:15 Fraser Tweedale napsal(a):

Attached patches fix a couple of important gaps in certprofile
plugin:

- Add --out option to export Dogtag profile data to file
   https://fedorahosted.org/freeipa/ticket/5091

- Add --file option to update existing profile in Dogtag
   https://fedorahosted.org/freeipa/ticket/5093


NACK on patchset v2; does not work (even after makeapi, which I
forgot to include in updated patchset).  I keep getting error
``ipa: ERROR: Unknown option: file''.  Need to investigate why,
but other patches are taking priority right now.

Here is patchset v3, which is just v1 rebased on latest master.

Thanks,
Fraser


Updated patch 0025 (v4).  Profile now gets re-enabled if profile
update fails.  Patch 0024 remains at v3.

Thanks,
Fraser



ACK

--
Martin Basti

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0024..0025 Add missing certprofile features

2015-07-07 Thread Tomas Babej


On 07/07/2015 07:30 PM, Martin Basti wrote:
 On 04/07/15 16:58, Fraser Tweedale wrote:
 On Fri, Jul 03, 2015 at 10:34:07PM +1000, Fraser Tweedale wrote:
 On Thu, Jul 02, 2015 at 08:12:12PM +1000, Fraser Tweedale wrote:
 On Thu, Jul 02, 2015 at 11:23:49AM +0200, Jan Cholasta wrote:
 Hi,

 Dne 2.7.2015 v 11:15 Fraser Tweedale napsal(a):
 Attached patches fix a couple of important gaps in certprofile
 plugin:

 - Add --out option to export Dogtag profile data to file
   https://fedorahosted.org/freeipa/ticket/5091

 - Add --file option to update existing profile in Dogtag
   https://fedorahosted.org/freeipa/ticket/5093

 NACK on patchset v2; does not work (even after makeapi, which I
 forgot to include in updated patchset).  I keep getting error
 ``ipa: ERROR: Unknown option: file''.  Need to investigate why,
 but other patches are taking priority right now.

 Here is patchset v3, which is just v1 rebased on latest master.

 Thanks,
 Fraser

 Updated patch 0025 (v4).  Profile now gets re-enabled if profile
 update fails.  Patch 0024 remains at v3.

 Thanks,
 Fraser


 ACK
 
 -- 
 Martin Basti
 
 
 

Patches required a little API rebase due to stale minor API number
reference.

Pushed to master: 462e0b9eb16f52b66b723744c4b42c19ef4782c3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


Re: [Freeipa-devel] [PATCH] 0024..0025 Add missing certprofile features

2015-07-04 Thread Fraser Tweedale
On Fri, Jul 03, 2015 at 10:34:07PM +1000, Fraser Tweedale wrote:
 On Thu, Jul 02, 2015 at 08:12:12PM +1000, Fraser Tweedale wrote:
  On Thu, Jul 02, 2015 at 11:23:49AM +0200, Jan Cholasta wrote:
   Hi,
   
   Dne 2.7.2015 v 11:15 Fraser Tweedale napsal(a):
   Attached patches fix a couple of important gaps in certprofile
   plugin:
   
   - Add --out option to export Dogtag profile data to file
  https://fedorahosted.org/freeipa/ticket/5091
   
   - Add --file option to update existing profile in Dogtag
  https://fedorahosted.org/freeipa/ticket/5093
   
 NACK on patchset v2; does not work (even after makeapi, which I
 forgot to include in updated patchset).  I keep getting error
 ``ipa: ERROR: Unknown option: file''.  Need to investigate why,
 but other patches are taking priority right now.
 
 Here is patchset v3, which is just v1 rebased on latest master.
 
 Thanks,
 Fraser

Updated patch 0025 (v4).  Profile now gets re-enabled if profile
update fails.  Patch 0024 remains at v3.

Thanks,
Fraser
From e2a8c92c73e4b2d119475fc2a93026df2ac60947 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale ftwee...@redhat.com
Date: Thu, 2 Jul 2015 04:09:31 -0400
Subject: [PATCH] certprofile: add ability to update profile config in Dogtag

Add the `--file=FILENAME' option to `certprofile-mod' which, when
given, will update the profile configuration in Dogtag to the
contents of the file.

Fixes: https://fedorahosted.org/freeipa/ticket/5093
---
 API.txt   |  3 ++-
 VERSION   |  4 ++--
 ipalib/plugins/certprofile.py | 35 ---
 ipaserver/plugins/dogtag.py   | 12 
 4 files changed, 48 insertions(+), 6 deletions(-)

diff --git a/API.txt b/API.txt
index 
22ae9bb88710366736ee915e6fe6f2f1c09f2449..e03b8fb54f7ba128227f37179f5715de86dffdef
 100644
--- a/API.txt
+++ b/API.txt
@@ -731,12 +731,13 @@ output: Entry('result', type 'dict', Gettext('A 
dictionary representing an LDA
 output: Output('summary', (type 'unicode', type 'NoneType'), None)
 output: PrimaryKey('value', None, None)
 command: certprofile_mod
-args: 1,10,3
+args: 1,11,3
 arg: Str('cn', attribute=True, cli_name='id', multivalue=False, 
primary_key=True, query=True, required=True)
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Flag('all', autofill=True, cli_name='all', default=False, 
exclude='webui')
 option: Str('delattr*', cli_name='delattr', exclude='webui')
 option: Str('description', attribute=True, autofill=False, cli_name='desc', 
multivalue=False, required=False)
+option: File('file?', cli_name='file')
 option: Bool('ipacertprofilestoreissued', attribute=True, autofill=False, 
cli_name='store', default=True, multivalue=False, required=False)
 option: Flag('raw', autofill=True, cli_name='raw', default=False, 
exclude='webui')
 option: Str('rename', cli_name='rename', multivalue=False, primary_key=True, 
required=False)
diff --git a/VERSION b/VERSION
index 
5827f05a4b6b07afb91bd193ff8d7bdecdcc5f9a..5956d3dbf629c61d485d84524960a3f298a9da11
 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=2010061412
 #  #
 
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=138
-# Last change: ftweedal: add certprofile-show --out option
+IPA_API_VERSION_MINOR=139
+# Last change: ftweedal: add certprofile-mod --file option
diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py
index 
abb62434eee4cb87356da5568b8a1bb12b762f67..6f9a41875b2a276b521219156e630817a9c41fdc
 100644
--- a/ipalib/plugins/certprofile.py
+++ b/ipalib/plugins/certprofile.py
@@ -13,6 +13,7 @@ from ipalib.plugins.baseldap import (
 LDAPDelete, LDAPUpdate, LDAPRetrieve)
 from ipalib import ngettext
 from ipalib.text import _
+from ipapython.version import API_VERSION
 
 from ipalib import errors
 
@@ -245,7 +246,6 @@ class certprofile_import(LDAPCreate):
 def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
 Import the profile into Dogtag and enable it.
 
-If the operation succeeds, update the LDAP entry to 'enabled'.
 If the operation fails, remove the LDAP entry.
 
 try:
@@ -281,6 +281,35 @@ class certprofile_mod(LDAPUpdate):
 __doc__ = _(Modify Certificate Profile configuration.)
 msg_summary = _('Modified Certificate Profile %(value)s')
 
-def execute(self, *args, **kwargs):
+takes_options = LDAPUpdate.takes_options + (
+File('file?',
+label=_('File containing profile configuration'),
+cli_name='file',
+flags=('virtual_attribute',),
+),
+)
+
+def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, 
**options):
 ca_enabled_check()
-return super(certprofile_mod, self).execute(*args, **kwargs)
+if 'file' in options:
+with self.api.Backend.ra_certprofile as profile_api:
+ 

Re: [Freeipa-devel] [PATCH] 0024..0025 Add missing certprofile features

2015-07-03 Thread Fraser Tweedale
On Thu, Jul 02, 2015 at 08:12:12PM +1000, Fraser Tweedale wrote:
 On Thu, Jul 02, 2015 at 11:23:49AM +0200, Jan Cholasta wrote:
  Hi,
  
  Dne 2.7.2015 v 11:15 Fraser Tweedale napsal(a):
  Attached patches fix a couple of important gaps in certprofile
  plugin:
  
  - Add --out option to export Dogtag profile data to file
 https://fedorahosted.org/freeipa/ticket/5091
  
  - Add --file option to update existing profile in Dogtag
 https://fedorahosted.org/freeipa/ticket/5093
  
  
  Just a couple nitpicks:
  
  +takes_options = LDAPUpdate.takes_options + (
  +File('file?',
  +label=_('File containing profile configuration'),
  +cli_name='file',
  +flags=('virtual_attribute',),
  +),
  +)
  
  1) Don't set cli_name if it's the same as name.
  
  2) The virtual_attribute flag is meaningless in Commands.
  
  3) Add include='cli' to denote that the option is specific to CLI (applies
  to --out as well).
  
  Honza
  
  -- 
  Jan Cholasta
 
 Thanks, updated patches attached.  Interdiff below.
 
 diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py
 index 7323565..08a0d1c 100644
 --- a/ipalib/plugins/certprofile.py
 +++ b/ipalib/plugins/certprofile.py
 @@ -185,6 +185,7 @@ class certprofile_show(LDAPRetrieve):
  takes_options = LDAPRetrieve.takes_options + (
  Str('out?',
  doc=_('Write profile configuration to file'),
 +include='cli',
  ),
  )
  
 @@ -284,8 +285,7 @@ class certprofile_mod(LDAPUpdate):
  takes_options = LDAPUpdate.takes_options + (
  File('file?',
  label=_('File containing profile configuration'),
 -cli_name='file',
 -flags=('virtual_attribute',),
 +include='cli',
  ),
  )
  
NACK on patchset v2; does not work (even after makeapi, which I
forgot to include in updated patchset).  I keep getting error
``ipa: ERROR: Unknown option: file''.  Need to investigate why,
but other patches are taking priority right now.

Here is patchset v3, which is just v1 rebased on latest master.

Thanks,
Fraser
From 258f0cbea42b482871d360c33c252ad173c2b0e0 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale ftwee...@redhat.com
Date: Thu, 2 Jul 2015 03:31:31 -0400
Subject: [PATCH 24/25] certprofile: add option to export profile config

Add the `--out=FILENAME' option to `certprofile-show'.  When given,
it exports the profile configuration from Dogtag and writes it to
the named file.

Fixes: https://fedorahosted.org/freeipa/ticket/5091
---
 API.txt   |  3 ++-
 VERSION   |  4 ++--
 ipalib/plugins/certprofile.py | 39 ---
 ipaserver/plugins/dogtag.py   |  8 
 4 files changed, 48 insertions(+), 6 deletions(-)

diff --git a/API.txt b/API.txt
index 
e226712d3b8f8eda721a906927cd7fac01eac39f..22ae9bb88710366736ee915e6fe6f2f1c09f2449
 100644
--- a/API.txt
+++ b/API.txt
@@ -747,9 +747,10 @@ output: Entry('result', type 'dict', Gettext('A 
dictionary representing an LDA
 output: Output('summary', (type 'unicode', type 'NoneType'), None)
 output: PrimaryKey('value', None, None)
 command: certprofile_show
-args: 1,4,3
+args: 1,5,3
 arg: Str('cn', attribute=True, cli_name='id', multivalue=False, 
primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, 
exclude='webui')
+option: Str('out?')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, 
exclude='webui')
 option: Flag('rights', autofill=True, default=False)
 option: Str('version?', exclude='webui')
diff --git a/VERSION b/VERSION
index 
266a04af1a61132637112611b7e86649ff818c2a..5827f05a4b6b07afb91bd193ff8d7bdecdcc5f9a
 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=2010061412
 #  #
 
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=137
-# Last change: mbabinsk: Commands to manage user/host/service certificates
+IPA_API_VERSION_MINOR=138
+# Last change: ftweedal: add certprofile-show --out option
diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py
index 
9e1e47e943f5c14a7e7ce418d3fc2d095331a38a..abb62434eee4cb87356da5568b8a1bb12b762f67
 100644
--- a/ipalib/plugins/certprofile.py
+++ b/ipalib/plugins/certprofile.py
@@ -5,7 +5,7 @@
 import re
 
 from ipalib import api, Bool, File, Str
-from ipalib import output
+from ipalib import output, util
 from ipalib.plugable import Registry
 from ipalib.plugins.virtual import VirtualCommand
 from ipalib.plugins.baseldap import (
@@ -175,9 +175,42 @@ class certprofile_find(LDAPSearch):
 class certprofile_show(LDAPRetrieve):
 __doc__ = _(Display the properties of a Certificate Profile.)
 
-def execute(self, *args, **kwargs):
+has_output_params = LDAPRetrieve.has_output_params + (
+Str('config',
+

Re: [Freeipa-devel] [PATCH] 0024..0025 Add missing certprofile features

2015-07-02 Thread Jan Cholasta

Hi,

Dne 2.7.2015 v 11:15 Fraser Tweedale napsal(a):

Attached patches fix a couple of important gaps in certprofile
plugin:

- Add --out option to export Dogtag profile data to file
   https://fedorahosted.org/freeipa/ticket/5091

- Add --file option to update existing profile in Dogtag
   https://fedorahosted.org/freeipa/ticket/5093



Just a couple nitpicks:

+takes_options = LDAPUpdate.takes_options + (
+File('file?',
+label=_('File containing profile configuration'),
+cli_name='file',
+flags=('virtual_attribute',),
+),
+)

1) Don't set cli_name if it's the same as name.

2) The virtual_attribute flag is meaningless in Commands.

3) Add include='cli' to denote that the option is specific to CLI 
(applies to --out as well).


Honza

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code


Re: [Freeipa-devel] [PATCH] 0024..0025 Add missing certprofile features

2015-07-02 Thread Fraser Tweedale
On Thu, Jul 02, 2015 at 11:23:49AM +0200, Jan Cholasta wrote:
 Hi,
 
 Dne 2.7.2015 v 11:15 Fraser Tweedale napsal(a):
 Attached patches fix a couple of important gaps in certprofile
 plugin:
 
 - Add --out option to export Dogtag profile data to file
https://fedorahosted.org/freeipa/ticket/5091
 
 - Add --file option to update existing profile in Dogtag
https://fedorahosted.org/freeipa/ticket/5093
 
 
 Just a couple nitpicks:
 
 +takes_options = LDAPUpdate.takes_options + (
 +File('file?',
 +label=_('File containing profile configuration'),
 +cli_name='file',
 +flags=('virtual_attribute',),
 +),
 +)
 
 1) Don't set cli_name if it's the same as name.
 
 2) The virtual_attribute flag is meaningless in Commands.
 
 3) Add include='cli' to denote that the option is specific to CLI (applies
 to --out as well).
 
 Honza
 
 -- 
 Jan Cholasta

Thanks, updated patches attached.  Interdiff below.

diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py
index 7323565..08a0d1c 100644
--- a/ipalib/plugins/certprofile.py
+++ b/ipalib/plugins/certprofile.py
@@ -185,6 +185,7 @@ class certprofile_show(LDAPRetrieve):
 takes_options = LDAPRetrieve.takes_options + (
 Str('out?',
 doc=_('Write profile configuration to file'),
+include='cli',
 ),
 )
 
@@ -284,8 +285,7 @@ class certprofile_mod(LDAPUpdate):
 takes_options = LDAPUpdate.takes_options + (
 File('file?',
 label=_('File containing profile configuration'),
-cli_name='file',
-flags=('virtual_attribute',),
+include='cli',
 ),
 )
 
From 92aafc1602154dee886c9197ad976cc03ee1bc65 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale ftwee...@redhat.com
Date: Thu, 2 Jul 2015 03:31:31 -0400
Subject: [PATCH 24/25] certprofile: add option to export profile config

Add the `--out=FILENAME' option to `certprofile-show'.  When given,
it exports the profile configuration from Dogtag and writes it to
the named file.

Fixes: https://fedorahosted.org/freeipa/ticket/5091
---
 API.txt   |  3 ++-
 VERSION   |  4 ++--
 ipalib/plugins/certprofile.py | 40 +---
 ipaserver/plugins/dogtag.py   |  8 
 4 files changed, 49 insertions(+), 6 deletions(-)

diff --git a/API.txt b/API.txt
index 
bccebe55da8a785cbb6ca782904d7523c4a9322f..13977ac74fe1831ebb86c7fb9fd97910e0dde238
 100644
--- a/API.txt
+++ b/API.txt
@@ -747,9 +747,10 @@ output: Entry('result', type 'dict', Gettext('A 
dictionary representing an LDA
 output: Output('summary', (type 'unicode', type 'NoneType'), None)
 output: PrimaryKey('value', None, None)
 command: certprofile_show
-args: 1,4,3
+args: 1,5,3
 arg: Str('cn', attribute=True, cli_name='id', multivalue=False, 
primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, 
exclude='webui')
+option: Str('out?')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, 
exclude='webui')
 option: Flag('rights', autofill=True, default=False)
 option: Str('version?', exclude='webui')
diff --git a/VERSION b/VERSION
index 
2f884ff73afad57f35f06ce279add5c078073353..1cadaf4057f2a2d1b882b2df5e84687d6dc989a3
 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=2010061412
 #  #
 
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=136
-# Last change: pvoborni: add topologysuffix-verify command
+IPA_API_VERSION_MINOR=137
+# Last change: ftweedal: add certprofile-show --out option
diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py
index 
9e1e47e943f5c14a7e7ce418d3fc2d095331a38a..1a6621815f9aa36974ed08c776d9ad2d09682988
 100644
--- a/ipalib/plugins/certprofile.py
+++ b/ipalib/plugins/certprofile.py
@@ -5,7 +5,7 @@
 import re
 
 from ipalib import api, Bool, File, Str
-from ipalib import output
+from ipalib import output, util
 from ipalib.plugable import Registry
 from ipalib.plugins.virtual import VirtualCommand
 from ipalib.plugins.baseldap import (
@@ -175,9 +175,43 @@ class certprofile_find(LDAPSearch):
 class certprofile_show(LDAPRetrieve):
 __doc__ = _(Display the properties of a Certificate Profile.)
 
-def execute(self, *args, **kwargs):
+has_output_params = LDAPRetrieve.has_output_params + (
+Str('config',
+label=_('Profile configuration'),
+),
+)
+
+takes_options = LDAPRetrieve.takes_options + (
+Str('out?',
+doc=_('Write profile configuration to file'),
+include='cli',
+),
+)
+
+def execute(self, *keys, **options):
 ca_enabled_check()
-return super(certprofile_show, self).execute(*args, **kwargs)
+result = super(certprofile_show, self).execute(*keys, **options)
+
+if 'out'