realmdomains: Issue a warning when automated management of realmdomains failed

https://fedorahosted.org/freeipa/ticket/5278 Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-09-03 14:00:09 +02:00 · 2015-09-03 14:00:09 +02:00 · 1e1d6d15c6
commit 1e1d6d15c6
parent 6a2f47acbe
2 changed files with 54 additions and 5 deletions
--- a/ipalib/messages.py
+++ b/ipalib/messages.py
@ -246,6 +246,37 @@ class DNSSECValidationFailingWarning(PublicMessage):
               u"validation on all IPA servers.")


+class KerberosTXTRecordCreationFailure(PublicMessage):
+    """
+    **13011** Used when a _kerberos TXT record could not be added to
+    a DNS zone.
+    """
+
+    errno = 13011
+    type = "warning"
+    format = _(
+        "The _kerberos TXT record from domain %(domain)s could not be created "
+        "(%(error)s).\nThis can happen if the zone is not managed by IPA. "
+        "Please create the record manually, containing the following "
+        "value: '%(realm)s'"
+    )
+
+
+class KerberosTXTRecordDeletionFailure(PublicMessage):
+    """
+    **13012** Used when a _kerberos TXT record could not be removed from
+    a DNS zone.
+    """
+
+    errno = 13012
+    type = "warning"
+    format = _(
+        "The _kerberos TXT record from domain %(domain)s could not be removed "
+        "(%(error)s).\nThis can happen if the zone is not managed by IPA. "
+        "Please remove the record manually."
+    )
+
+
 def iter_messages(variables, base):
    """Return a tuple with all subclasses
    """
--- a/ipalib/plugins/realmdomains.py
+++ b/ipalib/plugins/realmdomains.py
@ -19,7 +19,7 @@

 import six

-from ipalib import api, errors
+from ipalib import api, errors, messages
 from ipalib import Str, Flag
 from ipalib import _
 from ipalib.plugable import Registry
@ -289,8 +289,18 @@ class realmdomains_mod(LDAPUpdate):
                    u'_kerberos',
                    txtrecord=api.env.realm
                )
-            except (errors.EmptyModlist, errors.NotFound):
-                pass
+            except (errors.EmptyModlist, errors.NotFound) as error:
+                # If creation of the _kerberos TXT record failed, prompt
+                # for manual intervention
+                messages.add_message(
+                    options['version'],
+                    result,
+                    messages.KerberosTXTRecordCreationFailure(
+                        domain=domain,
+                        error=unicode(error),
+                        realm=self.api.env.realm
+                    )
+                )

        # Delete _kerberos TXT record from zones that correspond with
        # domains which were deleted
@ -306,8 +316,16 @@ class realmdomains_mod(LDAPUpdate):
                    u'_kerberos',
                    txtrecord=api.env.realm
                )
-            except (errors.AttrValueNotFound, errors.NotFound):
-                pass
+            except (errors.AttrValueNotFound, errors.NotFound) as error:
+                # If deletion of the _kerberos TXT record failed, prompt
+                # for manual intervention
+                messages.add_message(
+                    options['version'],
+                    result,
+                    messages.KerberosTXTRecordDeletionFailure(
+                        domain=domain, error=unicode(error)
+                    )
+                )

        return result