[Freeipa-devel] [PATCH] 0002 Incorrect message when KRA already installed
Hi everyone
Please see attached candidate patch for ticket
https://fedorahosted.org/freeipa/ticket/5315
Thanks and regards
Pat
From b87f48165361199d140be7bea96f07390d7d500f Mon Sep 17 00:00:00 2001
From: Patrice Duc-Jacquet
Date: Tue, 17 May 2016 10:35:42 +0200
Subject: [PATCH] Incorrect message when KRA already installed
When trying to install a second time KRA, in case domain-level=0 the error lessage is not correct. It mentions :
"ipa-kra-install: error: A replica file is required."
Note that this behavior is not observed if domain-level=1
The subject of the fix consist in checking that KRA is not already installed before going ahead in the installation process.
Tests done: I have made the following tests in bot domain-level=0 and domain-level=1 :
- Install KRA (check it is correctly installed),
- Install KRA a second time (check that the correct error message is raised)
- uninstall KRA (check that it is correctly uninstalled)
- Install KRA again (check that it is correctly installed)
---
ipaserver/install/ipa_kra_install.py | 5 +
1 file changed, 5 insertions(+)
diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
index 33c1072db87d0f93a9acc59a88272e56332cbc04..9cb5f0fcc45d0c6ddb68456ee0b6d9a1fb2a2de1 100644
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -158,6 +158,11 @@ class KRAInstaller(KRAInstall):
raise RuntimeError("Dogtag CA is not installed. "
"Please install the CA first")
+# check if KRA is not already installed
+_kra = krainstance.KRAInstance(api)
+if _kra.is_installed():
+raise admintool.ScriptError("KRA already installed")
+
# this check can be done only when CA is installed
self.installing_replica = dogtaginstance.is_installing_replica("KRA")
self.options.promote = False
--
2.5.0
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH] 0001 (update 2) provide more information for "ipa cert-revoke -h"
Hi everyone
this is a second update that take into account review feedback.
In case the proposal fix is K what are the next step to commit this
change. I'm not sure to really understand the process. Thanks and regards
Pat
>From 0a2b0da4a1f2c517fae392ae3314796c0ebeee9a Mon Sep 17 00:00:00 2001
From: Patrice Duc-Jacquet
Date: Wed, 4 May 2016 09:25:57 +0200
Subject: [PATCH] Add more information regarding where to find revocation
reason in "ipa cert_revoke -h" and "ipa cert_find -h". According to review
feedback, I changed the help message as follow
$ ipa cert_revoke -h
Usage: ipa [global-options] cert-revoke SERIAL-NUMBER [options]
Revoke a certificate.
Options:
-h, --helpshow this help message and exit
--revocation-reason=INT
Reason for revoking the certificate (0-10). Type "ipa
help cert" for revocation reason details.
https://fedorahosted.org/freeipa/ticket/5819
---
ipalib/plugins/cert.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py
index 4dc51c2bf81546766193c0d28f0dc47239a3910c..820069cb06407565c3593201dfe49452e6588a2e 100644
--- a/ipalib/plugins/cert.py
+++ b/ipalib/plugins/cert.py
@@ -665,7 +665,7 @@ class cert_revoke(VirtualCommand):
takes_options = (
Int('revocation_reason',
label=_('Reason'),
-doc=_('Reason for revoking the certificate (0-10). See RFC 5280 (paragraph 5.3.1) for reason details'),
+doc=_('Reason for revoking the certificate (0-10). Type "ipa help cert" for revocation reason details.'),
minvalue=0,
maxvalue=10,
default=0,
@@ -733,7 +733,7 @@ class cert_find(Command):
),
Int('revocation_reason?',
label=_('Reason'),
-doc=_('Reason for revoking the certificate (0-10). See RFC 5280 (paragraph 5.3.1) for reason details'),
+doc=_('Reason for revoking the certificate (0-10). Type "ipa help cert" for revocation reason details.'),
minvalue=0,
maxvalue=10,
autofill=False,
--
2.5.0
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0001 provide more information for "ipa cert-revoke -h"
On 05/03/2016 04:41 PM, Rob Crittenden wrote:
Gabe Alford wrote:
Hello,
Thank you for your patch as well.
>-doc=_('Reason for revoking the certificate (0-10)'),
>+doc=_('Reason for revoking the certificate (0-10). See
RFC 5280 (paragraph 5.3.1) for reason details'),
Rather than just specifying the RFC with the paragraph to go look up,
can you either add the revocation options or say something like:
+doc=_('Reason for revoking the certificate (0-10). See
\'ipa help cert\' for revocation reason details.'),
IMO, it is a little annoying to go look up revocation reasons when those
reasons can either be added to the help output or exist already in `ipa
help cert`.
FTR I added it to the top level help because the reasons are used in
multiple places and didn't want to duplicate them, and adding them to
a specific option help would overload it big time IMHO.
rob
Hi everyone
thanks for your valuable comments. I fully agree that it is not
recommended to duplicate this information. So as Rob suggested, I should
avoid to add this information to cert_revoke option and thus I plan to
modify the help message as follow:
doc=_('Reason for revoking the certificate (0-10). Type "ipa help cert"
for reason details'),
Do you agree with that modification? Thanks in advance and regards
Pat
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH] 0001 provide more information for "ipa cert-revoke -h"
Hi everyone this is my first patch. So I may have done thhings nor in a proper way. Please let me know if something is wrong in the proceess I followed. With regards Pat >From bb06bd55c9f68af1a3aa01b671757abfbb45c822 Mon Sep 17 00:00:00 2001 From: Patrice Duc-Jacquet Date: Tue, 3 May 2016 15:17:16 +0200 Subject: [PATCH] Add more information regarding where to find revocation reason in "ipa cert_revoke -h" and "ipa cert_find -h" commands. More precisely a pointer to RFC 5280 (paragraph 5.3.1) which contain the definition of the revocation code. So basically "ipa cert_revoke -h command" now returns : $ ipa cert_revoke -h Usage: ipa [global-options] cert-revoke SERIAL-NUMBER [options] Revoke a certificate. Options: -h, --helpshow this help message and exit --revocation-reason=INT Reason for revoking the certificate (0-10). See RFC 5280 (paragraph 5.3.1) for reason details ipa.pot and correspondig .po files have also been modified to take into account this new string. https://fedorahosted.org/freeipa/ticket/5819 --- install/po/de.po | 2 +- install/po/es.po | 2 +- install/po/fr.po | 2 +- install/po/ipa.pot | 2 +- install/po/kn.po | 2 +- install/po/pl.po | 2 +- install/po/ru.po | 2 +- install/po/uk.po | 2 +- install/po/zh_CN.po| 2 +- ipalib/plugins/cert.py | 4 ++-- 10 files changed, 11 insertions(+), 11 deletions(-) diff --git a/install/po/de.po b/install/po/de.po index 35d20932060ea8865aa8cb7b19a57e4e0e3d8469..52509711c3bdb881d28e85f5da1326f4b606d453 100644 --- a/install/po/de.po +++ b/install/po/de.po @@ -1343,7 +1343,7 @@ msgstr "Widerrufen" msgid "Reason" msgstr "Grund" -msgid "Reason for revoking the certificate (0-10)" +msgid "Reason for revoking the certificate (0-10). See RFC 5280 (paragraph 5.3.1) for reason details" msgstr "Grund für den Widerruf des Zertifikats (0-10)" msgid "7 is not a valid revocation reason" diff --git a/install/po/es.po b/install/po/es.po index 48f4284e6d0ba1650dc77a97e7c67532411dd392..3e76f419403381c675dc0b461746488a00d7e84a 100644 --- a/install/po/es.po +++ b/install/po/es.po @@ -1402,7 +1402,7 @@ msgstr "Revocado" msgid "Reason" msgstr "Motivo" -msgid "Reason for revoking the certificate (0-10)" +msgid "Reason for revoking the certificate (0-10). See RFC 5280 (paragraph 5.3.1) for reason details" msgstr "Motivo por el cual el certificado ha sido revocado (0-10)" msgid "7 is not a valid revocation reason" diff --git a/install/po/fr.po b/install/po/fr.po index cefe28797ba0d89e7361980e3f851577738d8b63..f250b228678706f8908bc6a6e29972f975df5786 100644 --- a/install/po/fr.po +++ b/install/po/fr.po @@ -2896,7 +2896,7 @@ msgstr "Révoqué" msgid "Reason" msgstr "Raison" -msgid "Reason for revoking the certificate (0-10)" +msgid "Reason for revoking the certificate (0-10). See RFC 5280 (paragraph 5.3.1) for reason details" msgstr "Raison de révocation du certificat (0-10)" msgid "7 is not a valid revocation reason" diff --git a/install/po/ipa.pot b/install/po/ipa.pot index 8256bb77da282d6c327a761ffd07c31b8fc7bf28..e89f035b20cac28034ba36accf7ffeba4306815d 100644 --- a/install/po/ipa.pot +++ b/install/po/ipa.pot @@ -3114,7 +3114,7 @@ msgid "Reason" msgstr "" #: ipalib/plugins/cert.py:669 ipalib/plugins/cert.py:737 -msgid "Reason for revoking the certificate (0-10)" +msgid "Reason for revoking the certificate (0-10). See RFC 5280 (paragraph 5.3.1) for reason details" msgstr "" #: ipalib/plugins/cert.py:692 diff --git a/install/po/kn.po b/install/po/kn.po index e3b6f67092e30b4684a3b665966082c79ad26e59..b2551c726ab4fded523830d6b8f6f86a1b756463 100644 --- a/install/po/kn.po +++ b/install/po/kn.po @@ -414,7 +414,7 @@ msgstr "ರದà³à²¦à³ ಮಾಡಲಾà²à²¿à²¦à³" msgid "Reason" msgstr "à²à²¾à²°à²£" -msgid "Reason for revoking the certificate (0-10)" +msgid "Reason for revoking the certificate (0-10). See RFC 5280 (paragraph 5.3.1) for reason details" msgstr "ಪà³à²°à²®à²¾à²£à²ªà²¤à³à²°à²µà²¨à³à²¨à³ (0-10) ರದà³à²¦à³ ಮಾಡಲೠà²à²¾à²°à²£" msgid "Unrevoked" diff --git a/install/po/pl.po b/install/po/pl.po index 2f98114435081cd3b4da676608fb804292c0cff5..cc0b2fc9a1e32bf076387bf2449f5101d302dade 100644 --- a/install/po/pl.po +++ b/install/po/pl.po @@ -587,7 +587,7 @@ msgstr "Unieważniono" msgid "Reason" msgstr "Przyczyna" -msgid "Reason for revoking the certificate (0-10)" +msgid "Reason for revoking the certificate (0-10). See RFC 5280 (paragraph 5.3.1) for reason details" msgstr
