diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2016-05-30 18:51:48 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-06-13 17:50:54 +0200 |
| commit | 21def4fde0b09a256fad3231a9042219f707fc8a (patch) | |
| tree | 1bec0900ae62b96dfc9d046ba8994e852f820bca /ipaserver | |
| parent | 5f7086e7183f0fcfece2bdd5be3d1ea17384717b (diff) | |
| download | freeipa-21def4fde0b09a256fad3231a9042219f707fc8a.tar.gz freeipa-21def4fde0b09a256fad3231a9042219f707fc8a.tar.xz freeipa-21def4fde0b09a256fad3231a9042219f707fc8a.zip | |
Server Roles: provide an API for setting CA renewal master
`ipa config-mod` gained '--ca-renewal-master' options which can be used to
set CA renewal master to a different server. Obviously, this server has to
have CA role enabled.
https://fedorahosted.org/freeipa/ticket/5689
http://www.freeipa.org/page/V4/Server_Roles
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/plugins/config.py | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/ipaserver/plugins/config.py b/ipaserver/plugins/config.py index 95d1d6409..94a48a27d 100644 --- a/ipaserver/plugins/config.py +++ b/ipaserver/plugins/config.py @@ -243,7 +243,7 @@ class config(LDAPObject): 'ca_renewal_master_server?', label=_('IPA CA renewal master'), doc=_('Renewal master for IPA certificate authority'), - flags={'virtual_attribute', 'no_create', 'no_update'} + flags={'virtual_attribute', 'no_create'} ) ) @@ -377,8 +377,29 @@ class config_mod(LDAPUpdate): raise errors.ValidationError(name=failedattr, error=_('SELinux user map default user not in order list')) + if 'ca_renewal_master_server' in options: + new_master = options['ca_renewal_master_server'] + + try: + self.api.Object.server.get_dn_if_exists(new_master) + except errors.NotFound: + self.api.Object.server.handle_not_found(new_master) + + backend = self.api.Backend.serverroles + backend.config_update(ca_renewal_master_server=new_master) + return dn + def exc_callback(self, keys, options, exc, call_func, + *call_args, **call_kwargs): + if (isinstance(exc, errors.EmptyModlist) and + call_func.__name__ == 'update_entry' and + 'ca_renewal_master_server' in options): + return + + super(config_mod, self).exc_callback( + keys, options, exc, call_func, *call_args, **call_kwargs) + def post_callback(self, ldap, dn, entry_attrs, *keys, **options): self.obj.show_servroles_attributes(entry_attrs, **options) return dn |