[Freeipa-devel] [PATCH 0327] KRA: fix check if CA is installed on replica

[Martin Basti]

https://fedorahosted.org/freeipa/ticket/5345

Patch attached.

From 5538700dba81cbc4bc64485f7790dfc72148b4f8 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Thu, 15 Oct 2015 16:43:59 +0200
Subject: [PATCH] KRA: fix check that CA is installed

https://fedorahosted.org/freeipa/ticket/5345
---
 ipaserver/install/ipa_kra_install.py | 30 +++++++++++-------------------
 ipaserver/install/kra.py             |  5 +++++
 2 files changed, 16 insertions(+), 19 deletions(-)

diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
index ef2b2f9857c313f68bdc58bf8d3d15bf42a0debd..b07d1ffcf471189ce373ec630ee9f93a1c995077 100644
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -31,7 +31,6 @@ from ipapython.dn import DN
 from ipaserver.install import krainstance
 from ipaserver.install import installutils
 from ipaserver.install.installutils import create_replica_config
-from ipaserver.install import dogtaginstance
 from ipaserver.install import kra
 
 
@@ -122,28 +121,21 @@ class KRAInstaller(KRAInstall):
     def validate_options(self, needs_root=True):
         super(KRAInstaller, self).validate_options(needs_root=True)
 
-        if self.options.unattended and self.options.password is None:
-            self.option_parser.error(
-                "Directory Manager password must be specified using -p"
-                " in unattended mode"
-            )
-
-        self.installing_replica = dogtaginstance.is_installing_replica("KRA")
-
-        if self.installing_replica:
-            if not self.args:
-                self.option_parser.error("A replica file is required.")
-            if len(self.args) > 1:
-                self.option_parser.error("Too many arguments provided")
-
+        self.installing_replica = False
+        if len(self.args) > 1:
+            self.option_parser.error("Too many arguments provided")
+        elif len(self.args) == 1:
+            self.installing_replica = True
             self.replica_file = self.args[0]
             if not ipautil.file_exists(self.replica_file):
                 self.option_parser.error(
                     "Replica file %s does not exist" % self.replica_file)
-        else:
-            if self.args:
-                self.option_parser.error("Too many parameters provided.  "
-                                         "No replica file is required.")
+
+        if self.options.unattended and self.options.password is None:
+            self.option_parser.error(
+                "Directory Manager password must be specified using -p"
+                " in unattended mode"
+            )
 
     def ask_for_options(self):
         super(KRAInstaller, self).ask_for_options()
diff --git a/ipaserver/install/kra.py b/ipaserver/install/kra.py
index f3a0fe5c6945039315839af53c7b6f5649f67cd7..c78cd287262b13fc687b7dce038e4e482ccd65fe 100644
--- a/ipaserver/install/kra.py
+++ b/ipaserver/install/kra.py
@@ -49,6 +49,11 @@ def install_check(api, replica_config, options):
                        for nickname in kra_cert_nicknames):
                 raise RuntimeError("Missing KRA certificates, please create a "
                                    "new replica file.")
+    else:
+        if api.Command.kra_is_enabled()['result']:
+            raise RuntimeError(
+                "KRA is already installed on the master system. A replica "
+                "file is required.")
 
 
 def install(api, replica_config, options):
-- 
2.4.3


-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code