IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-28 09:06:44 -06:00
Code Issues Packages Projects Releases Wiki Activity

cert-request: better error msg when 'add' not supported

Browse Source 
cert-request supports adding service principals that don't exist.
If add is requested for other principal types, the error message
just says "the principal doesn't exist".

Add a new error type with better error message to explain that 'add'
is not supported for host or user principals.

Fixes: https://fedorahosted.org/freeipa/ticket/5991
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
This commit is contained in:
Fraser Tweedale 2016-06-29 15:02:51 +10:00 committed by Martin Basti
parent 025cfd911b
commit 3fab1b6350
2 changed files with 28 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ipalib/errors.py
View File

@ -1397,6 +1397,16 @@ class ServerRemovalError(ExecutionError):
format = _('Server removal aborted: %(reason)s.') format = _('Server removal aborted: %(reason)s.')
class OperationNotSupportedForPrincipalType(ExecutionError):
"""
**4034** Raised when an operation is not supported for a principal type
"""
errno = 4034
format = _(
'%(operation)s is not supported for %(principal_type)s principals')
class BuiltinError(ExecutionError): class BuiltinError(ExecutionError):
""" """
**4100** Base class for builtin execution errors (*4100 - 4199*). **4100** Base class for builtin execution errors (*4100 - 4199*).

21
ipaserver/plugins/cert.py
View File

@ -145,6 +145,12 @@ http://www.ietf.org/rfc/rfc5280.txt
USER, HOST, SERVICE = range(3) USER, HOST, SERVICE = range(3)
PRINCIPAL_TYPE_STRING_MAP = {
USER: _('user'),
HOST: _('host'),
SERVICE: _('service'),
}
register = Registry() register = Registry()
PKIDATE_FORMAT = '%Y-%m-%d' PKIDATE_FORMAT = '%Y-%m-%d'
@ -385,7 +391,9 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
), ),
Flag( Flag(
'add', 'add',
doc=_("automatically add the principal if it doesn't exist"), doc=_(
"automatically add the principal if it doesn't exist "
"(service principals only)"),
), ),
) )
@ -480,8 +488,15 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
elif principal_type == USER: elif principal_type == USER:
principal_obj = api.Command['user_show'](principal_name, all=True) principal_obj = api.Command['user_show'](principal_name, all=True)
except errors.NotFound as e: except errors.NotFound as e:
if principal_type == SERVICE and add: if add:
principal_obj = api.Command['service_add'](principal_string, force=True) if principal_type == SERVICE:
principal_obj = api.Command['service_add'](
principal_string, force=True)
else:
princtype_str = PRINCIPAL_TYPE_STRING_MAP[principal_type]
raise errors.OperationNotSupportedForPrincipalType(
operation=_("'add' option"),
principal_type=princtype_str)
else: else:
raise errors.NotFound( raise errors.NotFound(
reason=_("The principal for this request doesn't exist.")) reason=_("The principal for this request doesn't exist."))