[Freeipa-devel] [PATCH] dogtag clean-up

Thu Dec 3 17:37:33 UTC 2009

Patch looks great, thanks for including such detailed documentation.

But it's not applying to the current master:

Falling back to patching base and 3-way merge...
Auto-merging ipalib/plugins/service.py
CONFLICT (content): Merge conflict in ipalib/plugins/service.py
Auto-merging ipalib/x509.py
Failed to merge in the changes.
Patch failed at 0001 dogtag clean-up

Can you take a look?

On Wed, 2009-12-02 at 19:01 -0500, John Dennis wrote:
> The essence of this patch is to return the correct types from
> certificate plugins and avoid scraping Javascript from dogtag (CMS)
> html responses with better error handling. Instead we ask CMS to
> always return our data as XML documents which can be much more
> robustly parsed (including properly handling issues such as character
> encoding, escapes, etc.).
> 
> Fundamentally the process is split into two parts. A parsing routine
> which returns a dict with all the values from CMS in the correct
> Python types for IPA. The possible values returned from CMS are fully
> documented and can easily be read via the documentation link in HTML
> posted at the bottom (plus in the code of course). The command plugin
> invokes the parsing routine and picks out from the parse result dict
> the values it wants to return (and may optionaly convert the type as
> needed for XMLRPC, this is fully documented, in particular serial
> numbers need special handling in XMLRPC). This model allows us to use
> different parsing methods without disturbing the logic in the command
> plugin should that ever be necessary (i.e. clear separation of
> responsibilities).
> 
> Status results are never returned in the command result. Instead we
> use the defined exception handling logic for IPA XMLRPC. If the
> command fails in some fashion we return a CertificateOperationError
> exception. On the receiving end if no exception has been thrown it
> knows the values returned are valid.
> 
> Careful attention has been paid to the types being used. Strings are
> always unicode, integral values are represented as either int or long
> objects. No longer are integral values represented as strings with
> confusion as to thier radix representation (with the notable exception
> of serial numbers which must be passed through XMLRPC as decimal
> strings, the rules for this are fully documented).
> 
> The logic in the selfsign and dogtag plugins have been brought into
> alignment.
> 
> Much more extensive error checking has been added to selfsign to
> handle issues concering serial number operations.
> 
> A new error exception has been added (CertificateOperationError).
> 
> Error messages have been localized.
> 
> The check_ra.py test was updated (unfortunately this test requires a
> configured server so I used my test server).
> 
> Extensive documentation has been added to many of the routines.
> 
> Easy to browse HTML documentation for the dogtag plugin can be found
> here (for the time being)
> 
> http://jdennis.fedorapeople.org/ipa/dogtag
> 
> I've noticed we have a bit of code duplication going on with CMS
> interactions. In the future we shold consolodate all CMS code in one
> library (module).
> 
> This patch has been lingering in my private repo too long. I no longer
> want to keep merging as others modify the same code :-) So here it
> is. Other components of the fixes have already been posted as patches.
> 
> 
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel