diff options
author | Jan Cholasta <jcholast@redhat.com> | 2015-09-30 09:05:33 +0200 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-10-08 13:42:58 +0200 |
commit | 4b381b1503d8c282b4d4680beed2a9439f5b61cc (patch) | |
tree | b93a984be00e9efa23e24f50177f6bd4b6843e1f /ipaserver/plugins/dogtag.py | |
parent | b035a2a11442c190dc68d9e653b98ef396332c8e (diff) | |
download | freeipa-4b381b1503d8c282b4d4680beed2a9439f5b61cc.tar.gz freeipa-4b381b1503d8c282b4d4680beed2a9439f5b61cc.tar.xz freeipa-4b381b1503d8c282b4d4680beed2a9439f5b61cc.zip |
vault: select a server with KRA for vault operations
This uses the same mechanism which is used for the CA.
https://fedorahosted.org/freeipa/ticket/5302
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipaserver/plugins/dogtag.py')
-rw-r--r-- | ipaserver/plugins/dogtag.py | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 6758b9077..7b8416996 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1906,6 +1906,26 @@ class kra(Backend): super(kra, self).__init__(api) + @property + def kra_host(self): + """ + :return: host + as str + + Select our KRA host. + """ + ldap2 = self.api.Backend.ldap2 + if host_has_service(api.env.ca_host, ldap2, "KRA"): + return api.env.ca_host + if api.env.host != api.env.ca_host: + if host_has_service(api.env.host, ldap2, "KRA"): + return api.env.host + host = select_any_master(ldap2, "KRA") + if host: + return host + else: + return api.env.ca_host + def get_client(self): """ Returns an authenticated KRA client to access KRA services. @@ -1925,7 +1945,7 @@ class kra(Backend): # https://fedorahosted.org/freeipa/ticket/4557 connection = PKIConnection( 'https', - api.env.kra_host, + self.kra_host, str(self.kra_port), 'kra') |