cert-request: better error msg when 'add' not supported

cert-request supports adding service principals that don't exist. If add is requested for other principal types, the error message just says "the principal doesn't exist". Add a new error type with better error message to explain that 'add' is not supported for host or user principals. Fixes: https://fedorahosted.org/freeipa/ticket/5991 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2025-01-27 00:26:33 -06:00 · 2016-06-29 15:02:51 +10:00 · 2016-06-29 15:02:51 +10:00 · 3fab1b6350
commit 3fab1b6350
parent 025cfd911b
2 changed files with 28 additions and 3 deletions
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@ -1397,6 +1397,16 @@ class ServerRemovalError(ExecutionError):
    format = _('Server removal aborted: %(reason)s.')


+class OperationNotSupportedForPrincipalType(ExecutionError):
+    """
+    **4034** Raised when an operation is not supported for a principal type
+    """
+
+    errno = 4034
+    format = _(
+        '%(operation)s is not supported for %(principal_type)s principals')
+
+
 class BuiltinError(ExecutionError):
    """
    **4100** Base class for builtin execution errors (*4100 - 4199*).
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@ -145,6 +145,12 @@ http://www.ietf.org/rfc/rfc5280.txt

 USER, HOST, SERVICE = range(3)

+PRINCIPAL_TYPE_STRING_MAP = {
+    USER: _('user'),
+    HOST: _('host'),
+    SERVICE: _('service'),
+}
+
 register = Registry()

 PKIDATE_FORMAT = '%Y-%m-%d'
@ -385,7 +391,9 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
        ),
        Flag(
            'add',
-            doc=_("automatically add the principal if it doesn't exist"),
+            doc=_(
+                "automatically add the principal if it doesn't exist "
+                "(service principals only)"),
        ),
    )

@ -480,8 +488,15 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
            elif principal_type == USER:
                principal_obj = api.Command['user_show'](principal_name, all=True)
        except errors.NotFound as e:
-            if principal_type == SERVICE and add:
-                principal_obj = api.Command['service_add'](principal_string, force=True)
+            if add:
+                if principal_type == SERVICE:
+                    principal_obj = api.Command['service_add'](
+                        principal_string, force=True)
+                else:
+                    princtype_str = PRINCIPAL_TYPE_STRING_MAP[principal_type]
+                    raise errors.OperationNotSupportedForPrincipalType(
+                        operation=_("'add' option"),
+                        principal_type=princtype_str)
            else:
                raise errors.NotFound(
                    reason=_("The principal for this request doesn't exist."))