diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-11-16 19:59:58 +1000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2017-01-11 15:26:20 +0100 |
commit | c6db493b06320455a2366945911939a605df2a73 (patch) | |
tree | 044bceb5630e6e5b41f1f791b19a35abf2b4a0e4 /ipaserver | |
parent | db6674096c598918ea6b12ca33a96cf5e617a434 (diff) | |
download | freeipa-c6db493b06320455a2366945911939a605df2a73.tar.gz freeipa-c6db493b06320455a2366945911939a605df2a73.tar.xz freeipa-c6db493b06320455a2366945911939a605df2a73.zip |
installer: rename --subject to --subject-base
The --subject option is actually used to provide the "subject base".
We are also going to add an option for fully specifying the IPA CA
subject DN in a subsequent commit. So to avoid confusion, rename
--subject to --subject-base, retaining --subject as a deprecated
alias.
Part of: https://fedorahosted.org/freeipa/ticket/2614
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/ca.py | 17 | ||||
-rw-r--r-- | ipaserver/install/server/install.py | 16 | ||||
-rw-r--r-- | ipaserver/install/server/replicainstall.py | 4 |
3 files changed, 19 insertions, 18 deletions
diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index 56f6692c8..b5b2f2aaf 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -66,7 +66,7 @@ def install_check(standalone, replica_config, options): realm_name = options.realm_name host_name = options.host_name - subject_base = options.subject + subject_base = options.subject_base if replica_config is not None: if standalone and api.env.ra_plugin == 'selfsign': @@ -110,7 +110,7 @@ def install_check(standalone, replica_config, options): external_cert_file, external_ca_file = installutils.load_external_cert( options.external_cert_files, - DN(('CN', 'Certificate Authority'), options.subject) + DN(('CN', 'Certificate Authority'), options.subject_base) ) elif options.external_ca: if cainstance.is_step_one_done(): @@ -164,7 +164,7 @@ def install_step_0(standalone, replica_config, options): host_name = options.host_name if replica_config is None: - subject_base = options.subject + subject_base = options.subject_base ca_signing_algorithm = options.ca_signing_algorithm if options.external_ca: @@ -236,7 +236,7 @@ def install_step_1(standalone, replica_config, options): realm_name = options.realm_name host_name = options.host_name - subject_base = options.subject + subject_base = options.subject_base basedn = ipautil.realm_to_suffix(realm_name) @@ -379,14 +379,15 @@ class CAInstallInterface(dogtag.DogtagInstallInterface, if any(not os.path.isabs(path) for path in value): raise ValueError("must use an absolute path") - subject = knob( + subject_base = knob( str, None, description="The certificate subject base (default O=<realm-name>)", + cli_deprecated_names=['--subject'], ) - subject = master_install_only(subject) + subject_base = master_install_only(subject_base) - @subject.validator - def subject(self, value): + @subject_base.validator + def subject_base(self, value): v = unicode(value, 'utf-8') if any(ord(c) < 0x20 for c in v): raise ValueError("must not contain control characters") diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 36bbb4b49..6b13bec6c 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -464,8 +464,8 @@ def install_check(installer): else: realm_name = options.realm_name.upper() - if not options.subject: - options.subject = DN(('O', realm_name)) + if not options.subject_base: + options.subject_base = DN(('O', realm_name)) if options.http_cert_files: if options.http_pin is None: @@ -725,7 +725,7 @@ def install(installer): ds.create_instance(realm_name, host_name, domain_name, dm_password, dirsrv_pkcs12_info, idstart=options.idstart, idmax=options.idmax, - subject_base=options.subject, + subject_base=options.subject_base, hbac_allow=not options.no_hbac_allow) else: ds = dsinstance.DsInstance(fstore=fstore, @@ -735,7 +735,7 @@ def install(installer): ds.create_instance(realm_name, host_name, domain_name, dm_password, idstart=options.idstart, idmax=options.idmax, - subject_base=options.subject, + subject_base=options.subject_base, hbac_allow=not options.no_hbac_allow) ntpinstance.ntp_ldap_enable(host_name, ds.suffix, realm_name) @@ -747,7 +747,7 @@ def install(installer): installer._ds = ds ds.init_info( realm_name, host_name, domain_name, dm_password, - options.subject, 1101, 1100, None) + options.subject_base, 1101, 1100, None) if setup_ca: if not options.external_cert_files and options.external_ca: @@ -781,7 +781,7 @@ def install(installer): dm_password, master_password, setup_pkinit=not options.no_pkinit, pkcs12_info=pkinit_pkcs12_info, - subject_base=options.subject) + subject_base=options.subject_base) # restart DS to enable ipa-pwd-extop plugin print("Restarting directory server to enable password extension plugin") @@ -811,13 +811,13 @@ def install(installer): if options.http_cert_files: http.create_instance( realm_name, host_name, domain_name, - pkcs12_info=http_pkcs12_info, subject_base=options.subject, + pkcs12_info=http_pkcs12_info, subject_base=options.subject_base, auto_redirect=not options.no_ui_redirect, ca_is_configured=setup_ca) else: http.create_instance( realm_name, host_name, domain_name, - subject_base=options.subject, + subject_base=options.subject_base, auto_redirect=not options.no_ui_redirect, ca_is_configured=setup_ca) tasks.restore_context(paths.CACHE_IPA_SESSIONS) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 212616908..915281d78 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -796,7 +796,7 @@ def install_check(installer): if ca_enabled: options.realm_name = config.realm_name options.host_name = config.host_name - options.subject = config.subject_base + options.subject_base = config.subject_base ca.install_check(False, config, options) if kra_enabled: @@ -1203,7 +1203,7 @@ def promote_check(installer): if ca_enabled: options.realm_name = config.realm_name options.host_name = config.host_name - options.subject = config.subject_base + options.subject_base = config.subject_base ca.install_check(False, config, options) if kra_enabled: |