Re: [Freeipa-devel] [PATCH] 0108 cert-request: raise error when request fails
On 09/09/2016 11:30 AM, Lenka Doudova wrote: On 09/09/2016 01:53 AM, Fraser Tweedale wrote: On Thu, Sep 08, 2016 at 01:15:03PM +0200, Martin Babinsky wrote: On 09/08/2016 04:00 AM, Fraser Tweedale wrote: The attached patch fixes regression in cert-request: https://fedorahosted.org/freeipa/ticket/6309 Thanks, Fraser ACK. Does this patch also fix the (reopened) https://fedorahosted.org/freeipa/ticket/3473 ? It does not. There's much more work to do on #3473. It has only been a little bit done because I needed to switch ra.request_certificate to REST API so we can properly detect failure due to CA-disabled condition. Thanks, Fraser Hi, just a note - this needs to be pushed to both master and ipa-4-4 branches. Thanks, Lenka Pushed to: master: 1f1c93d2b5023f8d491252c605dbcf05c8ecc7e3 ipa-4-4: a7de75808c79186f72c4a32bd04434639fa947fd -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0108 cert-request: raise error when request fails
On 09/09/2016 01:53 AM, Fraser Tweedale wrote: On Thu, Sep 08, 2016 at 01:15:03PM +0200, Martin Babinsky wrote: On 09/08/2016 04:00 AM, Fraser Tweedale wrote: The attached patch fixes regression in cert-request: https://fedorahosted.org/freeipa/ticket/6309 Thanks, Fraser ACK. Does this patch also fix the (reopened) https://fedorahosted.org/freeipa/ticket/3473 ? It does not. There's much more work to do on #3473. It has only been a little bit done because I needed to switch ra.request_certificate to REST API so we can properly detect failure due to CA-disabled condition. Thanks, Fraser Hi, just a note - this needs to be pushed to both master and ipa-4-4 branches. Thanks, Lenka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0108 cert-request: raise error when request fails
On Thu, Sep 08, 2016 at 01:15:03PM +0200, Martin Babinsky wrote: > On 09/08/2016 04:00 AM, Fraser Tweedale wrote: > > The attached patch fixes regression in cert-request: > > https://fedorahosted.org/freeipa/ticket/6309 > > > > Thanks, > > Fraser > > > > ACK. Does this patch also fix the (reopened) > https://fedorahosted.org/freeipa/ticket/3473 ? > It does not. There's much more work to do on #3473. It has only been a little bit done because I needed to switch ra.request_certificate to REST API so we can properly detect failure due to CA-disabled condition. Thanks, Fraser -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0108 cert-request: raise error when request fails
On 09/08/2016 04:00 AM, Fraser Tweedale wrote: The attached patch fixes regression in cert-request: https://fedorahosted.org/freeipa/ticket/6309 Thanks, Fraser ACK. Does this patch also fix the (reopened) https://fedorahosted.org/freeipa/ticket/3473 ? -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH] 0108 cert-request: raise error when request fails
The attached patch fixes regression in cert-request:
https://fedorahosted.org/freeipa/ticket/6309
Thanks,
Fraser
From b27eef53ee36b7cae70206c37dea6aaa3bcfc940 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale
Date: Thu, 8 Sep 2016 11:56:16 +1000
Subject: [PATCH] cert-request: raise error when request fails
Fix a regression in recent change to request cert via Dogtag REST
API. 'ra.request_certificate' was no longer raising
CertificateOperationError when the cert request failed. Inspect the
request result to determine if the request completed, and raise if
it did not.
Fixes: https://fedorahosted.org/freeipa/ticket/6309
---
ipaserver/plugins/dogtag.py | 4
1 file changed, 4 insertions(+)
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index
77d24731bbc102ace3123a6fe41a631ea7c24f3b..644b41e90f2d377ae9b70cf4719ab8789fdfc649
100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1678,6 +1678,10 @@ class ra(rabase.rabase, RestClient):
return cmd_result
certinfo = entries[0]
+if certinfo['requestStatus'] != 'complete':
+raise errors.CertificateOperationError(
+error=certinfo.get('errorMessage'))
+
if 'certId' in certinfo:
cmd_result = self.get_certificate(certinfo['certId'])
cert = ''.join(cmd_result['certificate'].splitlines())
--
2.5.5
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
