summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-11-14 11:11:13 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-11-27 14:02:34 -0500
commit998913c5b5a9c65b9153f381ae684937cd7e33bf (patch)
tree0b27e87ef5d667ef8ab6b072085c43c939eaa48f
parent066667d374226e1ed9da5b2c5ba71ae41a3ffa25 (diff)
downloadpki-998913c5b5a9c65b9153f381ae684937cd7e33bf.tar.gz
pki-998913c5b5a9c65b9153f381ae684937cd7e33bf.tar.xz
pki-998913c5b5a9c65b9153f381ae684937cd7e33bf.zip
Fixed default security domain user.
The deployment code has been modified such that if the security domain user is not specified it will use the CA admin uid, or Common uid, if it is defined. Otherwise it will use the default "caadmin". Ticket #399
-rw-r--r--base/deploy/src/scriptlets/pkiparser.py57
1 files changed, 39 insertions, 18 deletions
diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py
index 4d996091b..e9d348840 100644
--- a/base/deploy/src/scriptlets/pkiparser.py
+++ b/base/deploy/src/scriptlets/pkiparser.py
@@ -40,6 +40,9 @@ class PKIConfigParser:
COMMENT_CHAR = '#'
OPTION_CHAR = '='
+ def __init__(self):
+ self.pki_config = None
+
# PKI Deployment Helper Functions
def process_command_line_arguments(self, argv):
"Read and process command-line options"
@@ -208,30 +211,30 @@ class PKIConfigParser:
"Read configuration file sections into dictionaries"
rv = 0
try:
- parser = ConfigParser.ConfigParser()
+ self.pki_config = ConfigParser.ConfigParser()
# Make keys case-sensitive!
- parser.optionxform = str
- parser.read(config.pkideployment_cfg)
- config.pki_sensitive_dict = dict(parser._sections['Sensitive'])
- config.pki_common_dict = dict(parser._sections['Common'])
+ self.pki_config.optionxform = str
+ self.pki_config.read(config.pkideployment_cfg)
+ config.pki_sensitive_dict = dict(self.pki_config._sections['Sensitive'])
+ config.pki_common_dict = dict(self.pki_config._sections['Common'])
if config.pki_subsystem == "CA":
- config.pki_web_server_dict = dict(parser._sections['Tomcat'])
- config.pki_subsystem_dict = dict(parser._sections['CA'])
+ config.pki_web_server_dict = dict(self.pki_config._sections['Tomcat'])
+ config.pki_subsystem_dict = dict(self.pki_config._sections['CA'])
elif config.pki_subsystem == "KRA":
- config.pki_web_server_dict = dict(parser._sections['Tomcat'])
- config.pki_subsystem_dict = dict(parser._sections['KRA'])
+ config.pki_web_server_dict = dict(self.pki_config._sections['Tomcat'])
+ config.pki_subsystem_dict = dict(self.pki_config._sections['KRA'])
elif config.pki_subsystem == "OCSP":
- config.pki_web_server_dict = dict(parser._sections['Tomcat'])
- config.pki_subsystem_dict = dict(parser._sections['OCSP'])
+ config.pki_web_server_dict = dict(self.pki_config._sections['Tomcat'])
+ config.pki_subsystem_dict = dict(self.pki_config._sections['OCSP'])
elif config.pki_subsystem == "RA":
- config.pki_web_server_dict = dict(parser._sections['Apache'])
- config.pki_subsystem_dict = dict(parser._sections['RA'])
+ config.pki_web_server_dict = dict(self.pki_config._sections['Apache'])
+ config.pki_subsystem_dict = dict(self.pki_config._sections['RA'])
elif config.pki_subsystem == "TKS":
- config.pki_web_server_dict = dict(parser._sections['Tomcat'])
- config.pki_subsystem_dict = dict(parser._sections['TKS'])
+ config.pki_web_server_dict = dict(self.pki_config._sections['Tomcat'])
+ config.pki_subsystem_dict = dict(self.pki_config._sections['TKS'])
elif config.pki_subsystem == "TPS":
- config.pki_web_server_dict = dict(parser._sections['Apache'])
- config.pki_subsystem_dict = dict(parser._sections['TPS'])
+ config.pki_web_server_dict = dict(self.pki_config._sections['Apache'])
+ config.pki_subsystem_dict = dict(self.pki_config._sections['TPS'])
# Insert empty record into dictionaries for "pretty print" statements
# NEVER print "sensitive" key value pairs!!!
config.pki_common_dict[0] = None
@@ -1441,8 +1444,26 @@ class PKIConfigParser:
# config.pki_master_dict['pki_security_domain_name']
# config.pki_master_dict['pki_subsystem_name']
#
+
+ # if security domain user is not defined
if not len(config.pki_master_dict['pki_security_domain_user']):
- config.pki_master_dict['pki_security_domain_user'] = "caadmin"
+
+ # use the CA admin uid if it's defined
+ if self.pki_config.has_option('CA', 'pki_admin_uid') and\
+ len(self.pki_config.get('CA', 'pki_admin_uid')) > 0:
+ config.pki_master_dict['pki_security_domain_user'] =\
+ self.pki_config.get('CA', 'pki_admin_uid')
+
+ # or use the Common admin uid if it's defined
+ elif self.pki_config.has_option('Common', 'pki_admin_uid') and\
+ len(self.pki_config.get('Common', 'pki_admin_uid')) > 0:
+ config.pki_master_dict['pki_security_domain_user'] =\
+ self.pki_config.get('Common', 'pki_admin_uid')
+
+ # otherwise use the default CA admin uid
+ else:
+ config.pki_master_dict['pki_security_domain_user'] = "caadmin"
+
if not len(config.pki_master_dict['pki_subsystem_name']):
if config.pki_master_dict['pki_subsystem'] in\
config.PKI_TOMCAT_SUBSYSTEMS and \