diff --git a/.github/workflows/ocsp-basic-test.yml b/.github/workflows/ocsp-basic-test.yml index 8632383321f..95edd7279f9 100644 --- a/.github/workflows/ocsp-basic-test.yml +++ b/.github/workflows/ocsp-basic-test.yml @@ -56,7 +56,23 @@ jobs: -D pki_ds_url=ldap://ds.example.com:3389 \ -v + - name: Check PKI system certs + run: | docker exec pki pki-server cert-find + docker exec pki pki-server cert-show ca_signing + docker exec pki pki-server cert-show ca_ocsp_signing + docker exec pki pki-server cert-show sslserver + docker exec pki pki-server cert-show subsystem + docker exec pki pki-server cert-show ca_audit_signing + + - name: Check CA system certs + run: | + docker exec pki pki-server subsystem-cert-find ca + docker exec pki pki-server subsystem-cert-show ca signing + docker exec pki pki-server subsystem-cert-show ca ocsp_signing + docker exec pki pki-server subsystem-cert-show ca sslserver + docker exec pki pki-server subsystem-cert-show ca subsystem + docker exec pki pki-server subsystem-cert-show ca audit_signing - name: Check security domain config in CA run: | @@ -107,6 +123,25 @@ jobs: -D pki_ds_url=ldap://ds.example.com:3389 \ -v + - name: Check PKI system certs + run: | + docker exec pki pki-server cert-find + docker exec pki pki-server cert-show ca_signing + docker exec pki pki-server cert-show ca_ocsp_signing + docker exec pki pki-server cert-show sslserver + docker exec pki pki-server cert-show subsystem + docker exec pki pki-server cert-show ca_audit_signing + docker exec pki pki-server cert-show ocsp_signing + docker exec pki pki-server cert-show ocsp_audit_signing + + - name: Check OCSP system certs + run: | + docker exec pki pki-server subsystem-cert-find ocsp + docker exec pki pki-server subsystem-cert-show ocsp signing + docker exec pki pki-server subsystem-cert-show ocsp sslserver + docker exec pki pki-server subsystem-cert-show ocsp subsystem + docker exec pki pki-server subsystem-cert-show ocsp audit_signing + - name: Check PKI server base dir after installation run: | # check file types, owners, and permissions diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py index 4bd23b7bf58..830833075d4 100644 --- a/base/server/python/pki/server/cli/subsystem.py +++ b/base/server/python/pki/server/cli/subsystem.py @@ -814,7 +814,7 @@ def print_subsystem_cert(cert, show_all=False): class SubsystemCertFindCLI(pki.cli.CLI): def __init__(self): - super().__init__('find', 'Find subsystem certificates') + super().__init__('find', 'Find subsystem certificates', deprecated=True) def create_parser(self, subparsers=None): @@ -852,6 +852,10 @@ def print_help(self): def execute(self, argv, args=None): + logger.warning( + 'The pki-server subsystem-cert-find has been deprecated. ' + 'Use pki-server cert-find instead.') + if not args: args = self.parser.parse_args(args=argv) @@ -905,7 +909,7 @@ def execute(self, argv, args=None): class SubsystemCertShowCLI(pki.cli.CLI): def __init__(self): - super().__init__('show', 'Show subsystem certificate') + super().__init__('show', 'Show subsystem certificate', deprecated=True) def create_parser(self, subparsers=None): @@ -944,6 +948,10 @@ def usage(self): def execute(self, argv, args=None): + logger.warning( + 'The pki-server subsystem-cert-show has been deprecated. ' + 'Use pki-server cert-show instead.') + if not args: args = self.parser.parse_args(args=argv) diff --git a/base/server/python/pki/server/subsystem.py b/base/server/python/pki/server/subsystem.py index 9f5e73528f4..5430286cb74 100644 --- a/base/server/python/pki/server/subsystem.py +++ b/base/server/python/pki/server/subsystem.py @@ -355,12 +355,16 @@ def find_system_certs(self): def get_cert_infos(self): + cert_infos = [] + cert_list = self.config.get('%s.cert.list' % self.name) if not cert_list: - return [] + return cert_infos for cert_tag in cert_list.split(','): - yield self.get_cert_info(cert_tag) + cert_infos.append(self.get_cert_info(cert_tag)) + + return cert_infos def get_subsystem_certs(self): certs = self.config.get('%s.cert.list' % self.name) diff --git a/docs/changes/v11.6.0/Tools-Changes.adoc b/docs/changes/v11.6.0/Tools-Changes.adoc index c77dbf921de..02ea124ccd0 100644 --- a/docs/changes/v11.6.0/Tools-Changes.adoc +++ b/docs/changes/v11.6.0/Tools-Changes.adoc @@ -66,9 +66,14 @@ The `pkispawn` command has been updated to include ACME and EST subsystem deploy The `pkidestroy` command has been updated to include ACME and EST subsystem removal. -== Add pki-server pki-server password-set/unset == +== Add pki-server password-set/unset == The `pki-server password-set/unset` commands have been added to replace `pki-server password-add/del`. The `pki-server password-add/del` commands have been deprecated. + +== Deprecate pki-server subsystem-cert-find/show == + +The `pki-server subsystem-cert-find/show` commands have been deprecated. +Use `pki-server cert-find/show` commands instead.