The PKI CLI has been modified to support cascading configuration files: default, system-wide, and user-specific configuration.
The existing Python-based PKI CLI was moved into pki.cli.main module. A new shell script was added as a replacement which will read the configuration files and invoke the Python module. Pushed to master under trivial rule. -- Endi S. Dewata
>From 07135b5906f97a8c68148a07484e63d6896f410b Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <edew...@redhat.com> Date: Wed, 15 Mar 2017 08:13:35 +0100 Subject: [PATCH] Added cascading configuration for PKI CLI. The PKI CLI has been modified to support cascading configuration files: default, system-wide, and user-specific configuration. The existing Python-based PKI CLI was moved into pki.cli.main module. A new shell script was added as a replacement which will read the configuration files and invoke the Python module. --- .../bin/pki => common/python/pki/cli/main.py} | 0 base/java-tools/bin/pki | 233 ++------------------- pylint-build-scan.py | 13 +- tox.ini | 2 +- 4 files changed, 20 insertions(+), 228 deletions(-) copy base/{java-tools/bin/pki => common/python/pki/cli/main.py} (100%) diff --git a/base/java-tools/bin/pki b/base/common/python/pki/cli/main.py similarity index 100% copy from base/java-tools/bin/pki copy to base/common/python/pki/cli/main.py diff --git a/base/java-tools/bin/pki b/base/java-tools/bin/pki index 53e1b893a7e7a5f80c309039e08507b1ddf9c85e..6060a6e112ea22645a1023e55543cd85dbfda1f8 100644 --- a/base/java-tools/bin/pki +++ b/base/java-tools/bin/pki @@ -1,7 +1,6 @@ -#!/usr/bin/python -# Authors: -# Endi S. Dewata <edew...@redhat.com> +#!/bin/sh # +# --- BEGIN COPYRIGHT BLOCK --- # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; version 2 of the License. @@ -15,222 +14,26 @@ # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# Copyright (C) 2014 Red Hat, Inc. +# Copyright (C) 2017 Red Hat, Inc. # All rights reserved. +# --- END COPYRIGHT BLOCK --- # -from __future__ import absolute_import -from __future__ import print_function -import shlex -import subprocess -import sys -import traceback +# default PKI configuration +. /usr/share/pki/etc/pki.conf -import pki.cli -import pki.cli.pkcs12 +# system-wide PKI configuration +if [ -f /etc/pki/pki.conf ] +then + . /etc/pki/pki.conf +fi +# user-specific PKI configuration +if [ -f $HOME/.dogtag/pki.conf ] +then + . $HOME/.dogtag/pki.conf +fi -PYTHON_COMMANDS = ['pkcs12-import'] +python -m pki.cli.main "$@" - -class PKICLI(pki.cli.CLI): - - def __init__(self): - super(PKICLI, self).__init__( - 'pki', 'PKI command-line interface') - - self.database = None - self.password = None - self.password_file = None - self.token = None - - self.add_module(pki.cli.pkcs12.PKCS12CLI()) - - def get_full_module_name(self, module_name): - return module_name - - def print_help(self): - print('Usage: pki [OPTIONS]') - print() - print(' --client-type <type> PKI client type (default: java)') - print(' -d <path> Client security database location ' + - '(default: ~/.dogtag/nssdb)') - print(' -c <password> Client security database password ' + - '(mutually exclusive to the -C option)') - print(' -C <path> Client-side password file ' + - '(mutually exclusive to the -c option)') - print(' --token <name> Security token name') - print() - print(' -v, --verbose Run in verbose mode.') - print(' --debug Show debug messages.') - print(' --help Show help message.') - print() - - super(PKICLI, self).print_help() - - def execute_java(self, args, stdout=sys.stdout): - - # read Java home - value = subprocess.check_output( - '. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $JAVA_HOME', - shell=True) - java_home = value.decode(sys.getfilesystemencoding()).strip() - - # read PKI library - value = subprocess.check_output( - '. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $PKI_LIB', - shell=True) - pki_lib = value.decode(sys.getfilesystemencoding()).strip() - - # read logging configuration path - value = subprocess.check_output( - '. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $LOGGING_CONFIG', - shell=True) - logging_config = value.decode(sys.getfilesystemencoding()).strip() - - cmd = [ - java_home + '/bin/java', - '-Djava.ext.dirs=' + pki_lib, - '-Djava.util.logging.config.file=' + logging_config, - 'com.netscape.cmstools.cli.MainCLI' - ] - - # restore options for Java commands - - if self.database: - cmd.extend(['-d', self.database]) - - if self.password: - cmd.extend(['-c', self.password]) - - if self.password_file: - cmd.extend(['-C', self.password_file]) - - if self.token and self.token != 'internal': - cmd.extend(['--token', self.token]) - - if self.verbose: - cmd.extend(['--verbose']) - - cmd.extend(args) - - if self.verbose: - print('Java command: %s' % ' '.join(cmd)) - - subprocess.check_call(cmd, stdout=stdout) - - def execute(self, argv): - - # append global options - value = subprocess.check_output( - '. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $PKI_CLI_OPTIONS', - shell=True) - value = value.decode(sys.getfilesystemencoding()).strip() - args = shlex.split(value) - args.extend(argv[1:]) - - client_type = 'java' - - pki_options = [] - command = None - cmd_args = [] - - # read pki options before the command - # remove options for Python module - - i = 0 - while i < len(args): - # if arg is a command, stop - if args[i][0] != '-': - command = args[i] - break - - # get database path - if args[i] == '-d': - self.database = args[i + 1] - pki_options.append(args[i]) - pki_options.append(args[i + 1]) - i = i + 2 - - # get database password - elif args[i] == '-c': - self.password = args[i + 1] - pki_options.append(args[i]) - pki_options.append(args[i + 1]) - i = i + 2 - - # get database password file path - elif args[i] == '-C': - self.password_file = args[i + 1] - pki_options.append(args[i]) - pki_options.append(args[i + 1]) - i = i + 2 - - # get token name - elif args[i] == '--token': - self.token = args[i + 1] - pki_options.append(args[i]) - pki_options.append(args[i + 1]) - i = i + 2 - - # check verbose option - elif args[i] == '-v' or args[i] == '--verbose': - self.set_verbose(True) - pki_options.append(args[i]) - i = i + 1 - - # check debug option - elif args[i] == '--debug': - self.set_verbose(True) - self.set_debug(True) - pki_options.append(args[i]) - i = i + 1 - - # get client type - elif args[i] == '--client-type': - client_type = args[i + 1] - pki_options.append(args[i]) - pki_options.append(args[i + 1]) - i = i + 2 - - else: # otherwise, save the arg for the next module - cmd_args.append(args[i]) - i = i + 1 - - # save the rest of the args - while i < len(args): - cmd_args.append(args[i]) - i = i + 1 - - if self.verbose: - print('PKI options: %s' % ' '.join(pki_options)) - print('PKI command: %s %s' % (command, ' '.join(cmd_args))) - - if client_type == 'python' or command in PYTHON_COMMANDS: - (module, module_args) = self.parse_args(cmd_args) - module.execute(module_args) - - elif client_type == 'java': - self.execute_java(cmd_args) - - else: - raise Exception('Unsupported client type: ' + client_type) - - -if __name__ == '__main__': - - cli = PKICLI() - - try: - cli.execute(sys.argv) - - except subprocess.CalledProcessError as e: - if cli.verbose: - print('ERROR: %s' % e) - elif cli.debug: - traceback.print_exc() - sys.exit(e.returncode) - - except KeyboardInterrupt: - print() - sys.exit(-1) +exit $? diff --git a/pylint-build-scan.py b/pylint-build-scan.py index d4156e87bdcd67d7aaac4b7053c77109d5b6e59c..3a7b4732137c4f1e20b1b7be21a49a8ea11f2013 100755 --- a/pylint-build-scan.py +++ b/pylint-build-scan.py @@ -38,7 +38,6 @@ PYLINTRC = os.path.join(SCRIPTPATH, 'dogtag.pylintrc') FILENAMES = [ os.path.abspath(__file__), '{sitepackages}/pki', - '{bin}/pki-cmd', # see HACK '{sbin}/pkispawn', '{sbin}/pkidestroy', '{sbin}/pki-upgrade', @@ -130,17 +129,7 @@ def main(): if args.verbose: pprint.pprint(pylint) - # HACK: - # pylint confuses the pki command with the pki package. We create a - # symlink from bin/pki to bin/pki-cmd and test bin/pki-cmd instead. - pki_bin = '{bin}/pki'.format(**env) - pki_cmd = '{bin}/pki-cmd'.format(**env) - os.symlink(pki_bin, pki_cmd) - - try: - return subprocess.call(pylint, cwd=env['sitepackages']) - finally: - os.unlink(pki_cmd) + return subprocess.call(pylint, cwd=env['sitepackages']) if __name__ == '__main__': sys.exit(main()) diff --git a/tox.ini b/tox.ini index 2430a95ee3ac13d1a4035081a4b2c1c08fc52d0d..f73818d9cd531db3b04014a3f07a4040c2c61370 100644 --- a/tox.ini +++ b/tox.ini @@ -92,7 +92,7 @@ python_files = tests/python/*.py [flake8] ignore = N802,N806,N812 exclude = .tox,*.egg,dist,build,conf.py,tests/dogtag/*,.git -filename = *.py,pki,pkidestroy,pki-upgrade,pki-server,pki-server-upgrade,pkispawn,[0-9][0-9]-* +filename = *.py,pkidestroy,pki-upgrade,pki-server,pki-server-upgrade,pkispawn,[0-9][0-9]-* show-source = true max-line-length = 99 # application-import-names = pki -- 2.9.3
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel