Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

certprofile: reject config with multiple profileIds #1830

Closed
wants to merge 2 commits into from
Closed

certprofile: reject config with multiple profileIds #1830

wants to merge 2 commits into from

Conversation

frasertweedale
Copy link
Contributor

@frasertweedale frasertweedale commented Apr 18, 2018
edited by rcritten

In certprofile-import if the config file contains two profileId directives
with different values, with the first matching the profile ID CLI argument
and the second differing, the profile gets imported under the second ID.
This leads to:

  • failure to enable the profile
  • failure to add the IPA "tracking" certprofile object
  • inability to delete the misnamed profile from Dogtag (via ipa CLI)

To avert this scenario, detect and reject profile configurations where
profileId is specified multiple times (whether or not the values differ).

https://pagure.io/freeipa/issue/7503

@frasertweedale
certprofile: reject config with multiple profileIds
3af5489 
In certprofile-import if the config file contains two profileId
directives with different values, with the first matching the
profile ID CLI argument and the second differing, the profile gets
imported under the second ID.  This leads to:

- failure to enable the profile
- failure to add the IPA "tracking" certprofile object
- inability to delete the misnamed profile from Dogtag (via ipa CLI)

To avert this scenario, detect and reject profile configurations
where profileId is specified multiple times (whether or not the
values differ).

https://pagure.io/freeipa/issue/7503
@frasertweedale
certprofile: add tests for config profileId scenarios
9c9b4c1 
Update the certprofile tests to cover the various scenarios
concerning the profileId property in the profile configuration.
The scenarios now explicitly tested are:

- profileId not specified (should succeed)
- mismatched profileId property (should fail)
- multiple profileId properties (should fail)
- one profileId property, matching given ID (should succeed)

https://pagure.io/freeipa/issue/7503
@rcritten rcritten self-assigned this Apr 18, 2018
@rcritten rcritten added ack Pull Request approved, can be merged pushed Pull Request has already been pushed labels Apr 18, 2018
@rcritten
Copy link
Contributor

master:

  • a7b1837 certprofile: reject config with multiple profileIds
  • 0f85933 certprofile: add tests for config profileId scenarios

@rcritten rcritten closed this Apr 19, 2018
@rcritten rcritten mentioned this pull request Apr 19, 2018
Closed
@frasertweedale frasertweedale deleted the fix/7503-certprofile-multiple-id branch April 23, 2018 04:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rcritten rcritten Awaiting requested review from rcritten

Assignees

@rcritten rcritten

Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
2 participants
@frasertweedale @rcritten