49c0a7b ipa-cacert-manage: handle alternative tracking request CA name

1 file Authored by ftweedal 2 years ago , Committed by pvomacka 2 years ago ,
    ipa-cacert-manage: handle alternative tracking request CA name
    
    For an externally-signed CA, if an earlier run of ipa-cacert-manage
    was interrupted, the CA name in the IPA CA tracking request may have
    been left as "dogtag-ipa-ca-renew-agent-reuse" (it gets reverted to
    "dogtag-ipa-ca-renew-agent" at the end of the CSR generation
    procedure).  `ipa-cacert-manage renew` currently only looks for a
    tracking request with the "dogtag-ipa-ca-renew-agent" CA, so in this
    scenario the program fails with message "CA certificate is not
    tracked by certmonger".
    
    To handle this scenario, if the IPA CA tracking request is not
    found, try once again but with the "dogtag-ipa-ca-renew-agent-renew"
    CA name.
    
    Part of: https://pagure.io/freeipa/issue/6858
    
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>