Fix tests in pkispawn to use legacy URLs as fallback

When setting up clones or non-CA subsystems, pkispawn checks if
the security domain is accessible and if the user can log in.
These calls invoke REST URIs, which are not available on older
subsystems.  To support these subsystems, we need to attempt the
older legacy servlets if the REST APIs are not available.

Ticket #604

3 files changed, 36 insertions, 4 deletions

diff --git a/base/common/python/pki/system.py b/base/common/python/pki/system.py
index 3c54e0015..5b4caf7f3 100644
--- a/base/common/python/pki/system.py
+++ b/base/common/python/pki/system.py
@@ -20,6 +20,7 @@
 #
 
 import pki.encoder as encoder
+import xml.etree.ElementTree as ET
 
 class SecurityDomainInfo:
 
@@ -40,6 +41,15 @@ class SecurityDomainClient:
 
         return info
 
+    def getOldSecurityDomainInfo(self):
+        r = self.connection.get('/admin/ca/getDomainXML')
+        root = ET.fromstring(r.text)
+        domaininfo = ET.fromstring(root.find("DomainInfo").text)
+        info = SecurityDomainInfo()
+        info.name = domaininfo.find("Name").text
+
+        return info
+
 class ConfigurationRequest:
 
     def __init__(self):
diff --git a/base/server/src/engine/pkiparser.py b/base/server/src/engine/pkiparser.py
index 8918eb8a6..f10706ac6 100644
--- a/base/server/src/engine/pkiparser.py
+++ b/base/server/src/engine/pkiparser.py
@@ -27,6 +27,7 @@ import ldap
 import logging
 import os
 import random
+import requests
 import string
 import subprocess
 import sys
@@ -396,7 +397,15 @@ class PKIConfigParser:
 
     def sd_get_info(self):
         sd = pki.system.SecurityDomainClient(self.sd_connection)
-        return sd.getSecurityDomainInfo()
+        try:
+            info = sd.getSecurityDomainInfo()
+        except requests.exceptions.HTTPError as e:
+            config.pki_log.info(
+                "unable to access security domain through REST interface.  " +\
+                "Trying old interface. " + str(e),
+                 extra=config.PKI_INDENTATION_LEVEL_2)
+            info = sd.getOldSecurityDomainInfo()
+        return info
 
     def sd_authenticate(self):
         self.sd_connection.authenticate(
@@ -404,8 +413,18 @@ class PKIConfigParser:
             config.pki_master_dict['pki_security_domain_password'])
 
         account = pki.account.AccountClient(self.sd_connection)
-        account.login()
-        account.logout()
+        try:
+            account.login()
+            account.logout()
+        except requests.exceptions.HTTPError as e:
+            code = e.response.status_code
+            if code == 404 or code == 501:
+                config.pki_log.warning(
+                    "unable to validate security domain user/password " +\
+                    "through REST interface. Interface not available",
+                     extra=config.PKI_INDENTATION_LEVEL_2)
+            else:
+                raise
 
     def compose_pki_master_dictionary(self):
         "Create a single master PKI dictionary from the sectional dictionaries"
diff --git a/specs/pki-core.spec b/specs/pki-core.spec
index 616f0b258..05c6850bb 100644
--- a/specs/pki-core.spec
+++ b/specs/pki-core.spec
@@ -5,7 +5,7 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
 
 Name:             pki-core
 Version:          10.0.2
-Release:          2%{?dist}
+Release:          3%{?dist}
 Summary:          Certificate System - PKI Core Components
 URL:              http://pki.fedoraproject.org/
 License:          GPLv2
@@ -1071,6 +1071,9 @@ fi
 
 
 %changelog
+* Sat May 4 2013 Ade Lee <alee@redhat.com> 10.0.2-3
+- TRAC Ticket 604 Added fallback methods for pkispawn tests
+
 * Mon Apr 29 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-2
 - Added default pki.conf in /usr/share/pki/etc
 - Create upgrade tracker on install and remove it on uninstall