[Freeipa-devel] [PATCH] dogtag clean-up

Wed Dec 9 09:52:14 UTC 2009

On Tue, 2009-12-08 at 17:06 -0500, John Dennis wrote:
> On 12/02/2009 07:01 PM, John Dennis wrote:
> > The essence of this patch is to return the correct types from
> > certificate plugins and avoid scraping Javascript from dogtag (CMS)
> > html responses with better error handling. Instead we ask CMS to
> > always return our data as XML documents which can be much more
> > robustly parsed (including properly handling issues such as character
> > encoding, escapes, etc.).
> >
> > Fundamentally the process is split into two parts. A parsing routine
> > which returns a dict with all the values from CMS in the correct
> > Python types for IPA. The possible values returned from CMS are fully
> > documented and can easily be read via the documentation link in HTML
> > posted at the bottom (plus in the code of course). The command plugin
> > invokes the parsing routine and picks out from the parse result dict
> > the values it wants to return (and may optionaly convert the type as
> > needed for XMLRPC, this is fully documented, in particular serial
> > numbers need special handling in XMLRPC). This model allows us to use
> > different parsing methods without disturbing the logic in the command
> > plugin should that ever be necessary (i.e. clear separation of
> > responsibilities).
> >
> > Status results are never returned in the command result. Instead we
> > use the defined exception handling logic for IPA XMLRPC. If the
> > command fails in some fashion we return a CertificateOperationError
> > exception. On the receiving end if no exception has been thrown it
> > knows the values returned are valid.
> >
> > Careful attention has been paid to the types being used. Strings are
> > always unicode, integral values are represented as either int or long
> > objects. No longer are integral values represented as strings with
> > confusion as to thier radix representation (with the notable exception
> > of serial numbers which must be passed through XMLRPC as decimal
> > strings, the rules for this are fully documented).
> >
> > The logic in the selfsign and dogtag plugins have been brought into
> > alignment.
> >
> > Much more extensive error checking has been added to selfsign to
> > handle issues concering serial number operations.
> >
> > A new error exception has been added (CertificateOperationError).
> >
> > Error messages have been localized.
> >
> > The check_ra.py test was updated (unfortunately this test requires a
> > configured server so I used my test server).
> >
> > Extensive documentation has been added to many of the routines.
> >
> > Easy to browse HTML documentation for the dogtag plugin can be found
> > here (for the time being)
> >
> > http://jdennis.fedorapeople.org/ipa/dogtag
> >
> > I've noticed we have a bit of code duplication going on with CMS
> > interactions. In the future we shold consolodate all CMS code in one
> > library (module).
> >
> > This patch has been lingering in my private repo too long. I no longer
> > want to keep merging as others modify the same code :-) So here it
> > is. Other components of the fixes have already been posted as patches.
> 
> The rebased patch is attached. May the gods of patchdom shine upon my 
> face and we'll celebrate it's successful application :-)

ack.  pushed to master.

Very high quality patch, thanks John!