Re: [Freeipa-devel] [PATCH] 0108 cert-request: raise error when request fails
On 09/09/2016 11:30 AM, Lenka Doudova wrote: On 09/09/2016 01:53 AM, Fraser Tweedale wrote: On Thu, Sep 08, 2016 at 01:15:03PM +0200, Martin Babinsky wrote: On 09/08/2016 04:00 AM, Fraser Tweedale wrote: The attached patch fixes regression in cert-request: https://fedorahosted.org/freeipa/ticket/6309 Thanks, Fraser ACK. Does this patch also fix the (reopened) https://fedorahosted.org/freeipa/ticket/3473 ? It does not. There's much more work to do on #3473. It has only been a little bit done because I needed to switch ra.request_certificate to REST API so we can properly detect failure due to CA-disabled condition. Thanks, Fraser Hi, just a note - this needs to be pushed to both master and ipa-4-4 branches. Thanks, Lenka Pushed to: master: 1f1c93d2b5023f8d491252c605dbcf05c8ecc7e3 ipa-4-4: a7de75808c79186f72c4a32bd04434639fa947fd -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0108 cert-request: raise error when request fails
On 09/09/2016 01:53 AM, Fraser Tweedale wrote: On Thu, Sep 08, 2016 at 01:15:03PM +0200, Martin Babinsky wrote: On 09/08/2016 04:00 AM, Fraser Tweedale wrote: The attached patch fixes regression in cert-request: https://fedorahosted.org/freeipa/ticket/6309 Thanks, Fraser ACK. Does this patch also fix the (reopened) https://fedorahosted.org/freeipa/ticket/3473 ? It does not. There's much more work to do on #3473. It has only been a little bit done because I needed to switch ra.request_certificate to REST API so we can properly detect failure due to CA-disabled condition. Thanks, Fraser Hi, just a note - this needs to be pushed to both master and ipa-4-4 branches. Thanks, Lenka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0108 cert-request: raise error when request fails
On Thu, Sep 08, 2016 at 01:15:03PM +0200, Martin Babinsky wrote: > On 09/08/2016 04:00 AM, Fraser Tweedale wrote: > > The attached patch fixes regression in cert-request: > > https://fedorahosted.org/freeipa/ticket/6309 > > > > Thanks, > > Fraser > > > > ACK. Does this patch also fix the (reopened) > https://fedorahosted.org/freeipa/ticket/3473 ? > It does not. There's much more work to do on #3473. It has only been a little bit done because I needed to switch ra.request_certificate to REST API so we can properly detect failure due to CA-disabled condition. Thanks, Fraser -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0108 cert-request: raise error when request fails
On 09/08/2016 04:00 AM, Fraser Tweedale wrote: The attached patch fixes regression in cert-request: https://fedorahosted.org/freeipa/ticket/6309 Thanks, Fraser ACK. Does this patch also fix the (reopened) https://fedorahosted.org/freeipa/ticket/3473 ? -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH] 0108 cert-request: raise error when request fails
The attached patch fixes regression in cert-request: https://fedorahosted.org/freeipa/ticket/6309 Thanks, Fraser From b27eef53ee36b7cae70206c37dea6aaa3bcfc940 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Thu, 8 Sep 2016 11:56:16 +1000 Subject: [PATCH] cert-request: raise error when request fails Fix a regression in recent change to request cert via Dogtag REST API. 'ra.request_certificate' was no longer raising CertificateOperationError when the cert request failed. Inspect the request result to determine if the request completed, and raise if it did not. Fixes: https://fedorahosted.org/freeipa/ticket/6309 --- ipaserver/plugins/dogtag.py | 4 1 file changed, 4 insertions(+) diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 77d24731bbc102ace3123a6fe41a631ea7c24f3b..644b41e90f2d377ae9b70cf4719ab8789fdfc649 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1678,6 +1678,10 @@ class ra(rabase.rabase, RestClient): return cmd_result certinfo = entries[0] +if certinfo['requestStatus'] != 'complete': +raise errors.CertificateOperationError( +error=certinfo.get('errorMessage')) + if 'certId' in certinfo: cmd_result = self.get_certificate(certinfo['certId']) cert = ''.join(cmd_result['certificate'].splitlines()) -- 2.5.5 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code