From b24fe0eb733c68af4042cdd78fca6f609efe843b Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Mon, 11 May 2015 21:17:48 -0400
Subject: Import included profiles during install or upgrade

Add a default service profile template as part of FreeIPA and format
and import it as part of installation or upgrade process.

Also remove the code that modifies the old (file-based)
`caIPAserviceCert' profile.

Fixes https://fedorahosted.org/freeipa/ticket/4002

Reviewed-By: Martin Basti <mbasti@redhat.com>
---
 ipapython/dogtag.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'ipapython')

diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 11311cf7b..2b4d23335 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -42,6 +42,11 @@ from ipapython.ipa_log_manager import *
 # the configured version.
 
 
+INCLUDED_PROFILES = {
+    # ( profile_id    ,         description      ,      store_issued)
+    (u'caIPAserviceCert', u'Standard profile for network services', True),
+    }
+
 class Dogtag10Constants(object):
     DOGTAG_VERSION = 10
     UNSECURE_PORT = 8080
@@ -71,7 +76,6 @@ class Dogtag10Constants(object):
 
     RACERT_LINE_SEP = '\n'
 
-    IPA_SERVICE_PROFILE = '%s/caIPAserviceCert.cfg' % SERVICE_PROFILE_DIR
     SIGN_PROFILE = '%s/caJarSigningCert.cfg' % SERVICE_PROFILE_DIR
     SHARED_DB = True
     DS_USER = "dirsrv"
@@ -110,7 +114,6 @@ class Dogtag9Constants(object):
     EE_CLIENT_AUTH_PORT = 9446
     TOMCAT_SERVER_PORT = 9701
 
-    IPA_SERVICE_PROFILE = '%s/caIPAserviceCert.cfg' % SERVICE_PROFILE_DIR
     SIGN_PROFILE = '%s/caJarSigningCert.cfg' % SERVICE_PROFILE_DIR
     SHARED_DB = False
     DS_USER = "pkisrv"
-- 
cgit