Yair Zaslavsky has posted comments on this change. Change subject: engine: Import single certificate ......................................................................
Patch Set 2: (6 comments) http://gerrit.ovirt.org/#/c/35485/2/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateQuery.java File backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetProviderCertificateQuery.java: > stupid question, can't this be in the "test" sequence? Test is about testing connectivity to provider. What interests you is the approval, to my understanding. Line 1: package org.ovirt.engine.core.bll; Line 2: Line 3: import java.security.cert.Certificate; Line 4: import java.security.cert.CertificateEncodingException; Line 28: ProviderProxy proxy = ProviderProxyFactory.getInstance().create(provider); Line 29: List<? extends Certificate> chain = proxy.getCertificateChain(); Line 30: if (!chain.isEmpty()) { Line 31: try { Line 32: getQueryReturnValue().setReturnValue(new Base64().encodeToString(chain.get(chain.size() - 1) > can we have here a class instead of single string, so I will be able to lat a. you can put anything you want in setReturnValue b. You probably mean Collection<String> c. Yes I will rename to GetProviderCertificatesQuery Line 33: .getEncoded())); Line 34: } catch (CertificateEncodingException e) { Line 35: getQueryReturnValue().setSucceeded(false); Line 36: log.error("Error in encoding certificate. Error is {} " + e.getMessage()); http://gerrit.ovirt.org/#/c/35485/2/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java File backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ExternalTrustStoreInitializer.java: Line 49: throw new RuntimeException(e); Line 50: } Line 51: } Line 52: Line 53: @Deprecated > I do not understand how it can be depreciated if we should not use it. it is still used by rest-api, I'm not going to change this currently. Line 54: public static void addCertificateChain(List<? extends Certificate> chain) throws CertificateEncodingException, Line 55: KeyStoreException { Line 56: KeyStore ks = getTrustStore(); Line 57: Certificate certificate = chain.get(chain.size() - 1); http://gerrit.ovirt.org/#/c/35485/2/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ImportProviderCetificateCommand.java File backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ImportProviderCetificateCommand.java: > stupid question: there should be "apply" settings that saves the provider a You probably mean the update provider operation, I think we can do that, but what's wrong in using the current flow with the approve dialog? Line 1: package org.ovirt.engine.core.bll.provider; Line 2: Line 3: import java.io.ByteArrayInputStream; Line 4: import java.io.IOException; Line 69: // Currently it requires what's required for adding a new Provider Line 70: // Need to revisit that when designing the permission scheme for providers Line 71: return Collections.singletonList(new PermissionSubject(Guid.SYSTEM, Line 72: VdcObjectType.System, Line 73: ActionGroup.CREATE_STORAGE_POOL)); > storage? Copy paste from ImportProviderCertificateChainCommand. I now see we have no PROVIDERS action groups (i.e - permission for CRUD operations on providers), I will email about this. Adding these permisions should be first patch in series. Line 74: } Line 75: Line 76: private void saveCertificateToTrustStore(final Certificate cert) { Line 77: if (cert != null) { Line 99: private void handleException(Throwable e) { Line 100: throw new VdcBLLException(VdcBllErrors.PROVIDER_IMPORT_CERTIFICATE_CHAIN_ERROR, e.getMessage()); Line 101: } Line 102: Line 103: private static final Logger log = LoggerFactory.getLogger(ImportProviderCetificateCommand.class); > on top please Done -- To view, visit http://gerrit.ovirt.org/35485 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ic9adb21ded6e6d9fb09fc68331872c1cd88f88a9 Gerrit-PatchSet: 2 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
