diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-04-30 23:50:41 -0400 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-06-04 08:27:33 +0000 |
commit | 35af0d6d66e623012755acca44bd77186067d156 (patch) | |
tree | 527b6f3108d83773c7913c949fee02a47d740392 /ipaserver/install/server/upgrade.py | |
parent | 273a297e97f157fb596cd9be0dc75a1382b94cfc (diff) | |
download | freeipa-35af0d6d66e623012755acca44bd77186067d156.tar.gz freeipa-35af0d6d66e623012755acca44bd77186067d156.tar.xz freeipa-35af0d6d66e623012755acca44bd77186067d156.zip |
Add ACL to allow CA agent to modify profiles
Part of: https://fedorahosted.org/freeipa/ticket/57
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipaserver/install/server/upgrade.py')
-rw-r--r-- | ipaserver/install/server/upgrade.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 9d1fd92b7..0ea6bd7b4 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -289,6 +289,16 @@ def setup_firefox_extension(fstore): http.setup_firefox_extension(realm, domain) +def ca_configure_profiles_acl(ca): + root_logger.info('[Authorizing RA Agent to modify profiles]') + + if not ca.is_configured(): + root_logger.info('CA is not configured') + return False + + return cainstance.configure_profiles_acl() + + def upgrade_ipa_profile(ca, domain, fqdn): """ Update the IPA Profile provided by dogtag @@ -1370,6 +1380,7 @@ def upgrade_configuration(): upgrade_ipa_profile(ca, api.env.domain, fqdn), certificate_renewal_update(ca), ca_enable_pkix(ca), + ca_configure_profiles_acl(ca), ]) if ca_restart: |