[Freeipa-devel] [PATCH] 0082 cert-request: better error msg when 'add' not supported
Fraser Tweedale
ftweedal at redhat.com
Wed Jun 29 05:25:39 UTC 2016
The attached patch fixes
https://fedorahosted.org/freeipa/ticket/5991.
Thanks,
Fraser
-------------- next part --------------
From 2363a1fe3486a00c69df781cc9bd43f5916a1733 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal at redhat.com>
Date: Wed, 29 Jun 2016 15:02:51 +1000
Subject: [PATCH] cert-request: better error msg when 'add' not supported
cert-request supports adding service principals that don't exist.
If add is requested for other principal types, the error message
just says "the principal doesn't exist".
Add a new error type with better error message to explain that 'add'
is not supported for host or user principals.
Fixes: https://fedorahosted.org/freeipa/ticket/5991
---
ipalib/errors.py | 9 +++++++++
ipaserver/plugins/cert.py | 18 +++++++++++++++---
2 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/ipalib/errors.py b/ipalib/errors.py
index 10491a94211648df8bda60f3dbc9e52d19e83d10..70d17d64f53c75aabf7ae99c56bebd136230c7a3 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1396,6 +1396,15 @@ class ServerRemovalError(ExecutionError):
errno = 4033
format = _('Server removal aborted: %(reason)s.')
+class OperationNotSupportedForPrincipalType(ExecutionError):
+ """
+ **4034** Raised when an operation is not supported for a principal type
+ """
+
+ errno = 4034
+ format = _(
+ '%(operation)s is not supported for %(principal_type)s principals')
+
class BuiltinError(ExecutionError):
"""
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index 564d582c77ef63e780604fd7fc55e6cc7889a351..f9fd3ef4b1a1a5cb370fd7876a88c5ecbb69e4e2 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -145,6 +145,12 @@ http://www.ietf.org/rfc/rfc5280.txt
USER, HOST, SERVICE = range(3)
+PRINCIPAL_TYPE_STRING_MAP = {
+ USER: _('user'),
+ HOST: _('host'),
+ SERVICE: _('service'),
+}
+
register = Registry()
PKIDATE_FORMAT = '%Y-%m-%d'
@@ -385,7 +391,7 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
),
Flag(
'add',
- doc=_("automatically add the principal if it doesn't exist"),
+ doc=_("automatically add the principal if it doesn't exist (service princpals only)"),
),
)
@@ -480,8 +486,14 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
elif principal_type == USER:
principal_obj = api.Command['user_show'](principal_name, all=True)
except errors.NotFound as e:
- if principal_type == SERVICE and add:
- principal_obj = api.Command['service_add'](principal_string, force=True)
+ if add:
+ if principal_type == SERVICE:
+ principal_obj = api.Command['service_add'](
+ principal_string, force=True)
+ else:
+ raise errors.OperationNotSupportedForPrincipalType(
+ operation="'add'",
+ principal_type=PRINCIPAL_TYPE_STRING_MAP[principal_type])
else:
raise errors.NotFound(
reason=_("The principal for this request doesn't exist."))
--
2.5.5
More information about the Freeipa-devel
mailing list