areguera / rpms / ipa

Forked from rpms/ipa 5 years ago
Clone
Blob Blame History Raw
From c702bb6ca3742cf7ea156e062840623f95a001b7 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Thu, 22 Jun 2017 15:08:08 +0200
Subject: [PATCH] Use the compound statement formatting API for configuring
 PKINIT

Use `if_branch` and `else_branch` context managers instead of raw
`command` calls in the method that generates Bash snippet that
configures PKINIT on the master.

https://pagure.io/freeipa/issue/7036

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 ipaserver/advise/plugins/smart_card_auth.py | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/ipaserver/advise/plugins/smart_card_auth.py b/ipaserver/advise/plugins/smart_card_auth.py
index 138a44316473f6b504a44a1b68d01fa4d5a58308..2dc9ddb25ce41a8c85aab827a92a1143784d9457 100644
--- a/ipaserver/advise/plugins/smart_card_auth.py
+++ b/ipaserver/advise/plugins/smart_card_auth.py
@@ -214,15 +214,13 @@ class config_server_for_smart_card_auth(common_smart_card_auth_config):
 
     def check_and_enable_pkinit(self):
         self.log.comment('check whether PKINIT is configured on the master')
-        self.log.command(
-            "if ipa-pkinit-manage status | grep -q 'enabled'")
-        self.log.command('then')
-        self.log.command('  echo "PKINIT already enabled"')
-        self.log.command('else')
-        self.log.exit_on_failed_command(
-            'ipa-pkinit-manage enable',
-            ['Failed to issue PKINIT certificates to local KDC'])
-        self.log.command('fi')
+        with self.log.if_branch(
+                "ipa-pkinit-manage status | grep -q 'enabled'"):
+            self.log.command('echo "PKINIT already enabled"')
+        with self.log.else_branch():
+            self.log.exit_on_failed_command(
+                'ipa-pkinit-manage enable',
+                ['Failed to issue PKINIT certificates to local KDC'])
 
     def enable_ok_to_auth_as_delegate_on_http_principal(self):
         self.log.comment('Enable OK-AS-DELEGATE flag on the HTTP principal')
-- 
2.9.4