From 75a2eda85d7e9769f612733a6ade5719b1511c09 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Oct 04 2017 08:09:18 +0000
Subject: ipa-cacert-manage: avoid some duplicate string definitions


Part of: https://pagure.io/freeipa/issue/6858

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>

---

diff --git a/ipalib/constants.py b/ipalib/constants.py
index bc511d9..dce0b15 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -286,6 +286,7 @@ IPA_CA_CN = u'ipa'
 IPA_CA_RECORD = "ipa-ca"
 IPA_CA_NICKNAME = 'caSigningCert cert-pki-ca'
 RENEWAL_CA_NAME = 'dogtag-ipa-ca-renew-agent'
+RENEWAL_REUSE_CA_NAME = 'dogtag-ipa-ca-renew-agent-reuse'
 
 # regexp definitions
 PATTERN_GROUPUSER_NAME = '^[a-zA-Z0-9_.][a-zA-Z0-9_.-]*[a-zA-Z0-9_.$-]?$'
diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py
index f764638..0ac0c5c 100644
--- a/ipaserver/install/ipa_cacert_manage.py
+++ b/ipaserver/install/ipa_cacert_manage.py
@@ -24,6 +24,7 @@ import os
 from optparse import OptionGroup  # pylint: disable=deprecated-module
 import gssapi
 
+from ipalib.constants import RENEWAL_CA_NAME, RENEWAL_REUSE_CA_NAME
 from ipalib.install import certmonger, certstore
 from ipapython import admintool, ipautil
 from ipapython.certdb import (EMPTY_TRUST_FLAGS,
@@ -162,13 +163,12 @@ class CACertManage(admintool.AdminTool):
         if not ca.is_configured():
             raise admintool.ScriptError("CA is not configured on this system")
 
-        self.request_id = self._get_ca_request_id('dogtag-ipa-ca-renew-agent')
+        self.request_id = self._get_ca_request_id(RENEWAL_CA_NAME)
         if self.request_id is None:
             # if external CA renewal was interrupted, the request may have
             # been left with the "dogtag-ipa-ca-renew-agent-reuse" CA;
             # look for it too
-            self.request_id = \
-                self._get_ca_request_id('dogtag-ipa-ca-renew-agent-reuse')
+            self.request_id = self._get_ca_request_id(RENEWAL_REUSE_CA_NAME)
             if self.request_id is None:
                 raise admintool.ScriptError(
                     "CA certificate is not tracked by certmonger")
@@ -235,7 +235,7 @@ class CACertManage(admintool.AdminTool):
                     )
 
         self.resubmit_request(
-            'dogtag-ipa-ca-renew-agent-reuse',
+            RENEWAL_REUSE_CA_NAME,
             profile=options.external_ca_profile)
 
         print(("The next step is to get %s signed by your CA and re-run "
@@ -334,11 +334,11 @@ class CACertManage(admintool.AdminTool):
         except errors.NotFound:
             raise admintool.ScriptError("CA renewal master not found")
 
-        self.resubmit_request('dogtag-ipa-ca-renew-agent-reuse')
+        self.resubmit_request(RENEWAL_REUSE_CA_NAME)
 
         print("CA certificate successfully renewed")
 
-    def resubmit_request(self, ca='dogtag-ipa-ca-renew-agent', profile=None):
+    def resubmit_request(self, ca=RENEWAL_CA_NAME, profile=None):
         timeout = api.env.startup_timeout + 60
 
         cm_profile = None
@@ -366,7 +366,7 @@ class CACertManage(admintool.AdminTool):
 
         logger.debug("modifying certmonger request '%s'", self.request_id)
         certmonger.modify(self.request_id,
-                          ca='dogtag-ipa-ca-renew-agent',
+                          ca=RENEWAL_CA_NAME,
                           profile='', template_v2='')
 
     def install(self):