-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move to v2 APIs #4837
base: master
Are you sure you want to change the base?
Move to v2 APIs #4837
Conversation
@rcritten @flo-renaud after we merge this PR, IPA should modify the file as in the description, or the httpd proxy configuration, to continue with current API, which will be available until you have switched to the new API. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@fmarco76 The changes look fine, but does it mean that IPA tests (in PKI CI and IPA CI) will fail until IPA is updated to use /v1
instead of /rest
? Or should IPA be updated first before merging this PR?
Yes, we have to wait IPA to modify the deploy in order to continue using the current API version. |
6651479
to
546af88
Compare
@fmarco76 Could you rebase this PR? The latest IPA tests will show the access logs so we can find out which operation in IPA is actually failing. Note that the basic CA tests might fail because of the API tests we just added, but we can ignore that for now. |
546af88
to
916c75c
Compare
Quality Gate passedIssues Measures |
Yes, there are also some new failures because we added enrollment using XML and it is not supported. |
Thanks for the rebase! Unfortunately the Tomcat & HTTPD access logs don't show the failed operation, maybe because it's buffered so it's not written yet, or maybe because IPA was expecting an XML response but it got a JSON response. We need to find out which code is failing so we can figure out the most efficient way to fix it. @rcritten @flo-renaud Any suggestion how to find the failing code in IPA? |
Basic IPA test There should be a traceback in the Apache log for this. IPA KRA This error is returned by the API so it originated in PKI. Did the allowed algorithms change? IPA with Sub-CA The ca/debug log should have information on this. Apache doesn't buffer its logs so I don't know why you aren't seeing output there. I don't know whether PKI/tomcat does log buffering or not. |
I saw failures in the IPA xmlrpc tests which are not being executed here. The issue is in the ca retrieval tests if we ask for the full chain it fails that application/pkcs7-mime is not an acceptable type. |
With this PR the default API (with
/rest
path) will be v2 and all the pki CLI will use this version.Current API are still available but the path will be
/<pki_subsystem>/v1/<path>
.In order to revert default to v1 it is possible to modify the file
/usr/share/pki/server/conf/Catalina/localhost/rewrite.config
linked from all the instances or the file link/etc/pki/<pki-instance>/Catalina/localhost/rewrite.config
for a single instance.