Re: [Freeipa-devel] [PATCH 017] certprofile-import: do not require profileId in profile data
On 30/07/15 12:44, Christian Heimes wrote: On 2015-07-24 12:41, Martin Basti wrote: On 24/07/15 05:15, Fraser Tweedale wrote: diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py index 5550ed942521dbab2e783fba1570520268f9b378..fe8934690fe09499f0bacb6610d9815a2b4367a4 100644 --- a/ipalib/plugins/certprofile.py +++ b/ipalib/plugins/certprofile.py @@ -233,8 +233,8 @@ class certprofile_import(LDAPCreate): match = self.PROFILE_ID_PATTERN.search(options['file']) if match is None: -raise errors.ValidationError(name='file', -error=_("Profile ID is not present in profile data")) +# no profileId found, use CLI value as profileId. +options['file'] = u'profileId=%s\n%s' % (keys[0], options['file']) NACK This assignment has no external effect; `post_callback' is called with original `options['file']' and dogtag profile import can fail due to missing profileId. The solution is to do the same thing in post_callback; updated patch attached. Thanks, Fraser I dont like to have the same code twice in pre and post callback. Can you use contexmanager to store the right value in pre callback and then use it in post callback? (can find it in dns plugin, search for context) Sounds good to me! Christian PS: Context is a fancy name for a TLS dict. ;) ACK Pushed to: master: a4ade199aa594307cdd6bc43d1729cc42e92fd1e ipa-4-2: d80e90fa5c5ad41f5f29a02c11bca7c7da269938 -- Martin Basti -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 017] certprofile-import: do not require profileId in profile data
On 2015-07-24 12:41, Martin Basti wrote: > On 24/07/15 05:15, Fraser Tweedale wrote: >>> diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py >>> index >>> 5550ed942521dbab2e783fba1570520268f9b378..fe8934690fe09499f0bacb6610d9815a2b4367a4 >>> 100644 >>> --- a/ipalib/plugins/certprofile.py >>> +++ b/ipalib/plugins/certprofile.py >>> @@ -233,8 +233,8 @@ class certprofile_import(LDAPCreate): >>> >>> match = self.PROFILE_ID_PATTERN.search(options['file']) >>> if match is None: >>> -raise errors.ValidationError(name='file', >>> -error=_("Profile ID is not present in profile data")) >>> +# no profileId found, use CLI value as profileId. >>> +options['file'] = u'profileId=%s\n%s' % (keys[0], >>> options['file']) >> NACK >> >> This assignment has no external effect; `post_callback' is called >> with original `options['file']' and dogtag profile import can fail >> due to missing profileId. >> >> The solution is to do the same thing in post_callback; updated patch >> attached. >> >> Thanks, >> Fraser >> >> > > I dont like to have the same code twice in pre and post callback. > > Can you use contexmanager to store the right value in pre callback and > then use it in post callback? > (can find it in dns plugin, search for context) Sounds good to me! Christian PS: Context is a fancy name for a TLS dict. ;) From 1c7a67f331fb7d07f1e306e292e97b1df810958c Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Thu, 23 Jul 2015 17:48:56 +0200 Subject: [PATCH] certprofile-import: do not require profileId in profile data certprofile-import no longer requires profileId in profile data. Instead the profile ID from the command line is taken and added to the profile data internally. If profileId is set in the profile, then it still has to match the CLI option. https://fedorahosted.org/freeipa/ticket/5090 --- ipalib/plugins/certprofile.py | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py index ae75d43d7412d0df7c09a33c16c833995d9a3fe4..658fbca3b4eb851eb5a22190c443044f6ceb8491 100644 --- a/ipalib/plugins/certprofile.py +++ b/ipalib/plugins/certprofile.py @@ -11,6 +11,7 @@ from ipalib.plugins.virtual import VirtualCommand from ipalib.plugins.baseldap import ( LDAPObject, LDAPSearch, LDAPCreate, LDAPDelete, LDAPUpdate, LDAPRetrieve) +from ipalib.request import context from ipalib import ngettext from ipalib.text import _ from ipapython.version import API_VERSION @@ -230,11 +231,12 @@ class certprofile_import(LDAPCreate): def pre_callback(self, ldap, dn, entry, entry_attrs, *keys, **options): ca_enabled_check() +context.profile = options['file'] match = self.PROFILE_ID_PATTERN.search(options['file']) if match is None: -raise errors.ValidationError(name='file', -error=_("Profile ID is not present in profile data")) +# no profileId found, use CLI value as profileId. +context.profile = u'profileId=%s\n%s' % (keys[0], context.profile) elif keys[0] != match.group(1): raise errors.ValidationError(name='file', error=_("Profile ID '%(cli_value)s' does not match profile data '%(file_value)s'") @@ -250,7 +252,7 @@ class certprofile_import(LDAPCreate): """ try: with self.api.Backend.ra_certprofile as profile_api: -profile_api.create_profile(options['file']) +profile_api.create_profile(context.profile) profile_api.enable_profile(keys[0]) except: # something went wrong ; delete entry -- 2.4.3 signature.asc Description: OpenPGP digital signature -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 017] certprofile-import: do not require profileId in profile data
On 24/07/15 05:15, Fraser Tweedale wrote: diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py index 5550ed942521dbab2e783fba1570520268f9b378..fe8934690fe09499f0bacb6610d9815a2b4367a4 100644 --- a/ipalib/plugins/certprofile.py +++ b/ipalib/plugins/certprofile.py @@ -233,8 +233,8 @@ class certprofile_import(LDAPCreate): match = self.PROFILE_ID_PATTERN.search(options['file']) if match is None: -raise errors.ValidationError(name='file', -error=_("Profile ID is not present in profile data")) +# no profileId found, use CLI value as profileId. +options['file'] = u'profileId=%s\n%s' % (keys[0], options['file']) NACK This assignment has no external effect; `post_callback' is called with original `options['file']' and dogtag profile import can fail due to missing profileId. The solution is to do the same thing in post_callback; updated patch attached. Thanks, Fraser I dont like to have the same code twice in pre and post callback. Can you use contexmanager to store the right value in pre callback and then use it in post callback? (can find it in dns plugin, search for context) Martin^2 -- Martin Basti -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 017] certprofile-import: do not require profileId in profile data
On 2015-07-24 05:15, Fraser Tweedale wrote: >> diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py >> index >> 5550ed942521dbab2e783fba1570520268f9b378..fe8934690fe09499f0bacb6610d9815a2b4367a4 >> 100644 >> --- a/ipalib/plugins/certprofile.py >> +++ b/ipalib/plugins/certprofile.py >> @@ -233,8 +233,8 @@ class certprofile_import(LDAPCreate): >> >> match = self.PROFILE_ID_PATTERN.search(options['file']) >> if match is None: >> -raise errors.ValidationError(name='file', >> -error=_("Profile ID is not present in profile data")) >> +# no profileId found, use CLI value as profileId. >> +options['file'] = u'profileId=%s\n%s' % (keys[0], >> options['file']) > > NACK > > This assignment has no external effect; `post_callback' is called > with original `options['file']' and dogtag profile import can fail > due to missing profileId. > > The solution is to do the same thing in post_callback; updated patch > attached. Oh, I should have noticed that myself. The options parameter is passed in as **kwargs. The keyword arguments dict is always a flat copy. Thanks! Christian signature.asc Description: OpenPGP digital signature -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 017] certprofile-import: do not require profileId in profile data
> diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py > index > 5550ed942521dbab2e783fba1570520268f9b378..fe8934690fe09499f0bacb6610d9815a2b4367a4 > 100644 > --- a/ipalib/plugins/certprofile.py > +++ b/ipalib/plugins/certprofile.py > @@ -233,8 +233,8 @@ class certprofile_import(LDAPCreate): > > match = self.PROFILE_ID_PATTERN.search(options['file']) > if match is None: > -raise errors.ValidationError(name='file', > -error=_("Profile ID is not present in profile data")) > +# no profileId found, use CLI value as profileId. > +options['file'] = u'profileId=%s\n%s' % (keys[0], > options['file']) NACK This assignment has no external effect; `post_callback' is called with original `options['file']' and dogtag profile import can fail due to missing profileId. The solution is to do the same thing in post_callback; updated patch attached. Thanks, Fraser From 98b422098ace7d8a405facf17b7399b07ed9362c Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Thu, 23 Jul 2015 17:48:56 +0200 Subject: [PATCH] certprofile-import: do not require profileId in profile data certprofile-import no longer requires profileId in profile data. Instead the profile ID from the command line is taken and added to the profile data internally. If profileId is set in the profile, then it still has to match the CLI option. https://fedorahosted.org/freeipa/ticket/5090 --- ipalib/plugins/certprofile.py | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py index 5550ed942521dbab2e783fba1570520268f9b378..8c24192fc9204a412c5357571eb5a274074bad39 100644 --- a/ipalib/plugins/certprofile.py +++ b/ipalib/plugins/certprofile.py @@ -233,8 +233,8 @@ class certprofile_import(LDAPCreate): match = self.PROFILE_ID_PATTERN.search(options['file']) if match is None: -raise errors.ValidationError(name='file', -error=_("Profile ID is not present in profile data")) +# no profileId found, use CLI value as profileId. +options['file'] = u'profileId=%s\n%s' % (keys[0], options['file']) elif keys[0] != match.group(1): raise errors.ValidationError(name='file', error=_("Profile ID '%(cli_value)s' does not match profile data '%(file_value)s'") @@ -248,6 +248,11 @@ class certprofile_import(LDAPCreate): If the operation fails, remove the LDAP entry. """ +match = self.PROFILE_ID_PATTERN.search(options['file']) +if match is None: +# no profileId found, use CLI value as profileId. +options['file'] = u'profileId=%s\n%s' % (keys[0], options['file']) + try: with self.api.Backend.ra_certprofile as profile_api: profile_api.create_profile(options['file']) -- 2.4.3 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH 017] certprofile-import: do not require profileId in profile data
certprofile-import no longer requires profileId in profile data. Instead the profile ID from the command line is taken and added to the profile data internally. If profileId is set in the profile, then it still has to match the CLI option. https://fedorahosted.org/freeipa/ticket/5090 From 44212c91336f2dfbfdc1b6cefea3f928ba9074e9 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Thu, 23 Jul 2015 17:48:56 +0200 Subject: [PATCH] certprofile-import: do not require profileId in profile data certprofile-import no longer requires profileId in profile data. Instead the profile ID from the command line is taken and added to the profile data internally. If profileId is set in the profile, then it still has to match the CLI option. https://fedorahosted.org/freeipa/ticket/5090 --- ipalib/plugins/certprofile.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py index 5550ed942521dbab2e783fba1570520268f9b378..fe8934690fe09499f0bacb6610d9815a2b4367a4 100644 --- a/ipalib/plugins/certprofile.py +++ b/ipalib/plugins/certprofile.py @@ -233,8 +233,8 @@ class certprofile_import(LDAPCreate): match = self.PROFILE_ID_PATTERN.search(options['file']) if match is None: -raise errors.ValidationError(name='file', -error=_("Profile ID is not present in profile data")) +# no profileId found, use CLI value as profileId. +options['file'] = u'profileId=%s\n%s' % (keys[0], options['file']) elif keys[0] != match.group(1): raise errors.ValidationError(name='file', error=_("Profile ID '%(cli_value)s' does not match profile data '%(file_value)s'") -- 2.4.3 signature.asc Description: OpenPGP digital signature -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code