installer: rename --subject to --subject-base

The --subject option is actually used to provide the "subject base". We are also going to add an option for fully specifying the IPA CA subject DN in a subsequent commit. So to avoid confusion, rename --subject to --subject-base, retaining --subject as a deprecated alias. Part of: https://fedorahosted.org/freeipa/ticket/2614 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Fraser Tweedale <ftweedal@redhat.com> 2016-11-16 19:59:58 +1000
committer: Jan Cholasta <jcholast@redhat.com> 2017-01-11 15:26:20 +0100
commit: c6db493b06320455a2366945911939a605df2a73 (patch)
tree: 044bceb5630e6e5b41f1f791b19a35abf2b4a0e4 /ipaserver
parent: db6674096c598918ea6b12ca33a96cf5e617a434 (diff)
download: freeipa-c6db493b06320455a2366945911939a605df2a73.tar.gz
freeipa-c6db493b06320455a2366945911939a605df2a73.tar.xz
freeipa-c6db493b06320455a2366945911939a605df2a73.zip
3 files changed, 19 insertions, 18 deletions
diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index 56f6692c8..b5b2f2aaf 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -66,7 +66,7 @@ def install_check(standalone, replica_config, options):
 
     realm_name = options.realm_name
     host_name = options.host_name
-    subject_base = options.subject
+    subject_base = options.subject_base
 
     if replica_config is not None:
         if standalone and api.env.ra_plugin == 'selfsign':
@@ -110,7 +110,7 @@ def install_check(standalone, replica_config, options):
 
         external_cert_file, external_ca_file = installutils.load_external_cert(
             options.external_cert_files,
-            DN(('CN', 'Certificate Authority'), options.subject)
+            DN(('CN', 'Certificate Authority'), options.subject_base)
         )
     elif options.external_ca:
         if cainstance.is_step_one_done():
@@ -164,7 +164,7 @@ def install_step_0(standalone, replica_config, options):
     host_name = options.host_name
 
     if replica_config is None:
-        subject_base = options.subject
+        subject_base = options.subject_base
 
         ca_signing_algorithm = options.ca_signing_algorithm
         if options.external_ca:
@@ -236,7 +236,7 @@ def install_step_1(standalone, replica_config, options):
 
     realm_name = options.realm_name
     host_name = options.host_name
-    subject_base = options.subject
+    subject_base = options.subject_base
 
     basedn = ipautil.realm_to_suffix(realm_name)
 
@@ -379,14 +379,15 @@ class CAInstallInterface(dogtag.DogtagInstallInterface,
         if any(not os.path.isabs(path) for path in value):
             raise ValueError("must use an absolute path")
 
-    subject = knob(
+    subject_base = knob(
         str, None,
         description="The certificate subject base (default O=<realm-name>)",
+        cli_deprecated_names=['--subject'],
     )
-    subject = master_install_only(subject)
+    subject_base = master_install_only(subject_base)
 
-    @subject.validator
-    def subject(self, value):
+    @subject_base.validator
+    def subject_base(self, value):
         v = unicode(value, 'utf-8')
         if any(ord(c) < 0x20 for c in v):
             raise ValueError("must not contain control characters")
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 36bbb4b49..6b13bec6c 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -464,8 +464,8 @@ def install_check(installer):
     else:
         realm_name = options.realm_name.upper()
 
-    if not options.subject:
-        options.subject = DN(('O', realm_name))
+    if not options.subject_base:
+        options.subject_base = DN(('O', realm_name))
 
     if options.http_cert_files:
         if options.http_pin is None:
@@ -725,7 +725,7 @@ def install(installer):
             ds.create_instance(realm_name, host_name, domain_name,
                                dm_password, dirsrv_pkcs12_info,
                                idstart=options.idstart, idmax=options.idmax,
-                               subject_base=options.subject,
+                               subject_base=options.subject_base,
                                hbac_allow=not options.no_hbac_allow)
         else:
             ds = dsinstance.DsInstance(fstore=fstore,
@@ -735,7 +735,7 @@ def install(installer):
             ds.create_instance(realm_name, host_name, domain_name,
                                dm_password,
                                idstart=options.idstart, idmax=options.idmax,
-                               subject_base=options.subject,
+                               subject_base=options.subject_base,
                                hbac_allow=not options.no_hbac_allow)
 
         ntpinstance.ntp_ldap_enable(host_name, ds.suffix, realm_name)
@@ -747,7 +747,7 @@ def install(installer):
         installer._ds = ds
         ds.init_info(
             realm_name, host_name, domain_name, dm_password,
-            options.subject, 1101, 1100, None)
+            options.subject_base, 1101, 1100, None)
 
     if setup_ca:
         if not options.external_cert_files and options.external_ca:
@@ -781,7 +781,7 @@ def install(installer):
                         dm_password, master_password,
                         setup_pkinit=not options.no_pkinit,
                         pkcs12_info=pkinit_pkcs12_info,
-                        subject_base=options.subject)
+                        subject_base=options.subject_base)
 
     # restart DS to enable ipa-pwd-extop plugin
     print("Restarting directory server to enable password extension plugin")
@@ -811,13 +811,13 @@ def install(installer):
     if options.http_cert_files:
         http.create_instance(
             realm_name, host_name, domain_name,
-            pkcs12_info=http_pkcs12_info, subject_base=options.subject,
+            pkcs12_info=http_pkcs12_info, subject_base=options.subject_base,
             auto_redirect=not options.no_ui_redirect,
             ca_is_configured=setup_ca)
     else:
         http.create_instance(
             realm_name, host_name, domain_name,
-            subject_base=options.subject,
+            subject_base=options.subject_base,
             auto_redirect=not options.no_ui_redirect,
             ca_is_configured=setup_ca)
     tasks.restore_context(paths.CACHE_IPA_SESSIONS)
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 212616908..915281d78 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -796,7 +796,7 @@ def install_check(installer):
         if ca_enabled:
             options.realm_name = config.realm_name
             options.host_name = config.host_name
-            options.subject = config.subject_base
+            options.subject_base = config.subject_base
             ca.install_check(False, config, options)
 
         if kra_enabled:
@@ -1203,7 +1203,7 @@ def promote_check(installer):
         if ca_enabled:
             options.realm_name = config.realm_name
             options.host_name = config.host_name
-            options.subject = config.subject_base
+            options.subject_base = config.subject_base
             ca.install_check(False, config, options)
 
         if kra_enabled:
author	Fraser Tweedale <ftweedal@redhat.com>	2016-11-16 19:59:58 +1000
committer	Jan Cholasta <jcholast@redhat.com>	2017-01-11 15:26:20 +0100
commit	c6db493b06320455a2366945911939a605df2a73 (patch)
tree	044bceb5630e6e5b41f1f791b19a35abf2b4a0e4 /ipaserver
parent	db6674096c598918ea6b12ca33a96cf5e617a434 (diff)
download	freeipa-c6db493b06320455a2366945911939a605df2a73.tar.gz freeipa-c6db493b06320455a2366945911939a605df2a73.tar.xz freeipa-c6db493b06320455a2366945911939a605df2a73.zip