freeipa

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments.  |  http://www.freeipa.org/

Commit 4350dcd csrgen: Allow overriding the CSR generation profile

1 file Authored by benlipton a year ago , Committed by jcholast a year ago ,
csrgen: Allow overriding the CSR generation profile

In case users want multiple CSR generation profiles that work with the
same dogtag profile, or in case the profiles are not named the same,
this flag allows specifying an alternative CSR generation profile.

https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>

    
 1 @@ -51,6 +51,11 @@
 2               label=_('Path to private key file'),
 3               doc=_('Path to PEM file containing a private key'),
 4           ),
 5 +         Str(
 6 +             'csr_profile_id?',
 7 +             label=_('Name of CSR generation profile (if not the same as'
 8 +                     ' profile_id)'),
 9 +         ),
10       )
11   
12       def get_args(self):
13 @@ -62,6 +67,7 @@
14       def forward(self, csr=None, **options):
15           database = options.pop('database', None)
16           private_key = options.pop('private_key', None)
17 +         csr_profile_id = options.pop('csr_profile_id', None)
18   
19           if csr is None:
20               if database:
21 @@ -75,7 +81,12 @@
22                       message=u"One of 'database' or 'private_key' is required")
23   
24               with NTF() as scriptfile, NTF() as csrfile:
25 -                 profile_id = options.get('profile_id')
26 +                 # If csr_profile_id is passed, that takes precedence.
27 +                 # Otherwise, use profile_id. If neither are passed, the default
28 +                 # in cert_get_requestdata will be used.
29 +                 profile_id = csr_profile_id
30 +                 if profile_id is None:
31 +                     profile_id = options.get('profile_id')
32   
33                   self.api.Command.cert_get_requestdata(
34                       profile_id=profile_id,