4 files changed, 79 insertions, 73 deletions

diff --git a/ipalib/__init__.py b/ipalib/__init__.py
index 860ead6c..870c9c18 100644
--- a/ipalib/__init__.py
+++ b/ipalib/__init__.py
@@ -701,7 +701,7 @@ plugin (or plugins) is imported.  For example:
 1
 >>> api.bootstrap(in_server=True) # We want to execute, not forward
 >>> len(api.env)
-38
+39
 
 `Env._bootstrap()`, which is called by `API.bootstrap()`, will create several
 run-time variables that connot be overriden in configuration files or through
diff --git a/ipalib/constants.py b/ipalib/constants.py
index c3555bae..ab35eb4b 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -115,6 +115,9 @@ DEFAULT_CONFIG = (
     ('prompt_all', False),
     ('interactive', True),
 
+    # Enable certain optional plugins:
+    ('enable_ra', False),
+
     # ********************************************************
     #  The remaining keys are never set from the values here!
     # ********************************************************
diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py
index 9854830a..22ec4c6a 100644
--- a/ipalib/plugins/cert.py
+++ b/ipalib/plugins/cert.py
@@ -22,108 +22,110 @@
 Command plugins for IPA-RA certificate operations.
 """
 
-from ipalib import api, Command, Str, Int
+from ipalib import api
 
+if api.env.enable_ra:
+    from ipalib import Command, Str, Int
 
-class cert_request(Command):
-    """
-    Submit a certificate singing request.
-    """
+    class cert_request(Command):
+        """
+        Submit a certificate singing request.
+        """
 
-    takes_args = ('csr',)
+        takes_args = ('csr',)
 
-    takes_options = (
-        Str('request_type', default=u'pkcs10', autofill=True),
-    )
+        takes_options = (
+            Str('request_type', default=u'pkcs10', autofill=True),
+        )
 
-    def execute(self, csr, **options):
-        return self.Backend.ra.request_certificate(csr, **options)
+        def execute(self, csr, **options):
+            return self.Backend.ra.request_certificate(csr, **options)
 
-    def output_for_cli(self, textui, result, *args, **options):
-        if isinstance(result, dict) and len(result) > 0:
-            textui.print_entry(result, 0)
-        else:
-            textui.print_plain('Failed to submit a certificate request.')
+        def output_for_cli(self, textui, result, *args, **options):
+            if isinstance(result, dict) and len(result) > 0:
+                textui.print_entry(result, 0)
+            else:
+                textui.print_plain('Failed to submit a certificate request.')
 
-api.register(cert_request)
+    api.register(cert_request)
 
 
-class cert_status(Command):
-    """
-    Check status of a certificate signing request.
-    """
+    class cert_status(Command):
+        """
+        Check status of a certificate signing request.
+        """
 
-    takes_args = ['request_id']
+        takes_args = ['request_id']
 
 
-    def execute(self, request_id, **options):
-        return self.Backend.ra.check_request_status(request_id)
+        def execute(self, request_id, **options):
+            return self.Backend.ra.check_request_status(request_id)
 
-    def output_for_cli(self, textui, result, *args, **options):
-        if isinstance(result, dict) and len(result) > 0:
-            textui.print_entry(result, 0)
-        else:
-            textui.print_plain('Failed to retrieve a request status.')
+        def output_for_cli(self, textui, result, *args, **options):
+            if isinstance(result, dict) and len(result) > 0:
+                textui.print_entry(result, 0)
+            else:
+                textui.print_plain('Failed to retrieve a request status.')
 
-api.register(cert_status)
+    api.register(cert_status)
 
 
-class cert_get(Command):
-    """
-    Retrieve an existing certificate.
-    """
+    class cert_get(Command):
+        """
+        Retrieve an existing certificate.
+        """
 
-    takes_args = ['serial_number']
+        takes_args = ['serial_number']
 
-    def execute(self, serial_number):
-        return self.Backend.ra.get_certificate(serial_number)
+        def execute(self, serial_number):
+            return self.Backend.ra.get_certificate(serial_number)
 
-    def output_for_cli(self, textui, result, *args, **options):
-        if isinstance(result, dict) and len(result) > 0:
-            textui.print_entry(result, 0)
-        else:
-            textui.print_plain('Failed to obtain a certificate.')
+        def output_for_cli(self, textui, result, *args, **options):
+            if isinstance(result, dict) and len(result) > 0:
+                textui.print_entry(result, 0)
+            else:
+                textui.print_plain('Failed to obtain a certificate.')
 
-api.register(cert_get)
+    api.register(cert_get)
 
 
-class cert_revoke(Command):
-    """
-    Revoke a certificate.
-    """
+    class cert_revoke(Command):
+        """
+        Revoke a certificate.
+        """
 
-    takes_args = ['serial_number']
+        takes_args = ['serial_number']
 
-    # FIXME: The default is 0.  Is this really an Int param?
-    takes_options = [Int('revocation_reason?', default=0)]
+        # FIXME: The default is 0.  Is this really an Int param?
+        takes_options = [Int('revocation_reason?', default=0)]
 
 
-    def execute(self, serial_number, **options):
-        return self.Backend.ra.revoke_certificate(serial_number, **options)
+        def execute(self, serial_number, **options):
+            return self.Backend.ra.revoke_certificate(serial_number, **options)
 
-    def output_for_cli(self, textui, result, *args, **options):
-        if isinstance(result, dict) and len(result) > 0:
-            textui.print_entry(result, 0)
-        else:
-            textui.print_plain('Failed to revoke a certificate.')
+        def output_for_cli(self, textui, result, *args, **options):
+            if isinstance(result, dict) and len(result) > 0:
+                textui.print_entry(result, 0)
+            else:
+                textui.print_plain('Failed to revoke a certificate.')
 
-api.register(cert_revoke)
+    api.register(cert_revoke)
 
 
-class cert_remove_hold(Command):
-    """
-    Take a revoked certificate off hold.
-    """
+    class cert_remove_hold(Command):
+        """
+        Take a revoked certificate off hold.
+        """
 
-    takes_args = ['serial_number']
+        takes_args = ['serial_number']
 
-    def execute(self, serial_number, **options):
-        return self.Backend.ra.take_certificate_off_hold(serial_number)
+        def execute(self, serial_number, **options):
+            return self.Backend.ra.take_certificate_off_hold(serial_number)
 
-    def output_for_cli(self, textui, result, *args, **options):
-        if isinstance(result, dict) and len(result) > 0:
-            textui.print_entry(result, 0)
-        else:
-            textui.print_plain('Failed to take a revoked certificate off hold.')
+        def output_for_cli(self, textui, result, *args, **options):
+            if isinstance(result, dict) and len(result) > 0:
+                textui.print_entry(result, 0)
+            else:
+                textui.print_plain('Failed to take a revoked certificate off hold.')
 
-api.register(cert_remove_hold)
+    api.register(cert_remove_hold)
diff --git a/ipaserver/plugins/ra.py b/ipaserver/plugins/ra.py
index 9932e09c..622e4d9f 100644
--- a/ipaserver/plugins/ra.py
+++ b/ipaserver/plugins/ra.py
@@ -418,4 +418,5 @@ class ra(Backend):
         # self.debug("IPA-RA: stderr: '%s'" % stderr)
         return (p.returncode, stdout, stderr)
 
-api.register(ra)
+if api.env.enable_ra:
+    api.register(ra)