diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-12-14 00:22:56 +1000 |
---|---|---|
committer | Martin Babinsky <mbabinsk@redhat.com> | 2016-12-13 17:25:59 +0100 |
commit | 74b8cf2c4a8dd36577d76c35a9ef08352ef025b7 (patch) | |
tree | a49292de0510c97f0b058bfd9a421b72d72c0a57 /ipaserver/plugins | |
parent | 9c87c39e65547004031284080749bc66dab1a8f9 (diff) | |
download | freeipa-74b8cf2c4a8dd36577d76c35a9ef08352ef025b7.tar.gz freeipa-74b8cf2c4a8dd36577d76c35a9ef08352ef025b7.tar.xz freeipa-74b8cf2c4a8dd36577d76c35a9ef08352ef025b7.zip |
Fix regression in test suite
32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d introduced a regression in
test_serverroles.py, caused by ca_find attempting to log into the
Dogtag REST API. (ca_find is called by cert_find which is called by
server_del during cleanup).
Avoid logging into Dogtag in cert_find unless something actually
needs to be retrieved.
Fixes: https://fedorahosted.org/freeipa/ticket/6178
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipaserver/plugins')
-rw-r--r-- | ipaserver/plugins/ca.py | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py index ef1d68c3a..2510a7998 100644 --- a/ipaserver/plugins/ca.py +++ b/ipaserver/plugins/ca.py @@ -161,15 +161,21 @@ class ca(LDAPObject): } -def set_certificate_attrs(entry, options, always_include_cert=True): +def set_certificate_attrs(entry, options, want_cert=True): ca_id = entry['ipacaid'][0] full = options.get('all', False) + want_chain = options.get('chain', False) + + want_data = want_cert or want_chain or full + if not want_data: + return + with api.Backend.ra_lightweight_ca as ca_api: - if always_include_cert or full: + if want_cert or full: der = ca_api.read_ca_cert(ca_id) entry['certificate'] = six.text_type(base64.b64encode(der)) - if options.get('chain', False) or full: + if want_chain or full: pkcs7_der = ca_api.read_ca_chain(ca_id) pems = x509.pkcs7_to_pems(pkcs7_der, x509.DER) ders = [x509.normalize_certificate(pem) for pem in pems] @@ -187,7 +193,7 @@ class ca_find(LDAPSearch): ca_enabled_check() result = super(ca_find, self).execute(*keys, **options) for entry in result['result']: - set_certificate_attrs(entry, options, always_include_cert=False) + set_certificate_attrs(entry, options, want_cert=False) return result |