diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-07-02 04:09:31 -0400 |
---|---|---|
committer | Tomas Babej <tbabej@redhat.com> | 2015-07-08 00:25:46 +0200 |
commit | 462e0b9eb16f52b66b723744c4b42c19ef4782c3 (patch) | |
tree | e62ec87c148e94dba80cf5ecd04a8b2b0519f3dc /ipalib/plugins | |
parent | bed6f402e2d5587c35ff7e84ba3b80026c6db73d (diff) | |
download | freeipa-462e0b9eb16f52b66b723744c4b42c19ef4782c3.tar.gz freeipa-462e0b9eb16f52b66b723744c4b42c19ef4782c3.tar.xz freeipa-462e0b9eb16f52b66b723744c4b42c19ef4782c3.zip |
certprofile: add ability to update profile config in Dogtag
Add the `--file=FILENAME' option to `certprofile-mod' which, when
given, will update the profile configuration in Dogtag to the
contents of the file.
Fixes: https://fedorahosted.org/freeipa/ticket/5093
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipalib/plugins')
-rw-r--r-- | ipalib/plugins/certprofile.py | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py index abb62434e..6f9a41875 100644 --- a/ipalib/plugins/certprofile.py +++ b/ipalib/plugins/certprofile.py @@ -13,6 +13,7 @@ from ipalib.plugins.baseldap import ( LDAPDelete, LDAPUpdate, LDAPRetrieve) from ipalib import ngettext from ipalib.text import _ +from ipapython.version import API_VERSION from ipalib import errors @@ -245,7 +246,6 @@ class certprofile_import(LDAPCreate): def post_callback(self, ldap, dn, entry_attrs, *keys, **options): """Import the profile into Dogtag and enable it. - If the operation succeeds, update the LDAP entry to 'enabled'. If the operation fails, remove the LDAP entry. """ try: @@ -281,6 +281,35 @@ class certprofile_mod(LDAPUpdate): __doc__ = _("Modify Certificate Profile configuration.") msg_summary = _('Modified Certificate Profile "%(value)s"') - def execute(self, *args, **kwargs): + takes_options = LDAPUpdate.takes_options + ( + File('file?', + label=_('File containing profile configuration'), + cli_name='file', + flags=('virtual_attribute',), + ), + ) + + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): ca_enabled_check() - return super(certprofile_mod, self).execute(*args, **kwargs) + if 'file' in options: + with self.api.Backend.ra_certprofile as profile_api: + profile_api.disable_profile(keys[0]) + try: + profile_api.update_profile(keys[0], options['file']) + finally: + profile_api.enable_profile(keys[0]) + + return dn + + def execute(self, *keys, **options): + try: + return super(certprofile_mod, self).execute(*keys, **options) + except errors.EmptyModlist: + if 'file' in options: + # The profile data in Dogtag was updated. + # Do not fail; return result of certprofile-show instead + return self.api.Command.certprofile_show(keys[0], + version=API_VERSION) + else: + # This case is actually an error; re-raise + raise |