diff options
Diffstat (limited to 'ipalib/plugins')
| -rw-r--r-- | ipalib/plugins/automount.py | 8 | ||||
| -rw-r--r-- | ipalib/plugins/baseldap.py | 18 | ||||
| -rw-r--r-- | ipalib/plugins/cert.py | 21 | ||||
| -rw-r--r-- | ipalib/plugins/dns.py | 3 | ||||
| -rw-r--r-- | ipalib/plugins/entitle.py | 12 | ||||
| -rw-r--r-- | ipalib/plugins/hbacrule.py | 12 | ||||
| -rw-r--r-- | ipalib/plugins/host.py | 2 | ||||
| -rw-r--r-- | ipalib/plugins/netgroup.py | 4 | ||||
| -rw-r--r-- | ipalib/plugins/passwd.py | 2 | ||||
| -rw-r--r-- | ipalib/plugins/permission.py | 8 | ||||
| -rw-r--r-- | ipalib/plugins/pkinit.py | 2 | ||||
| -rw-r--r-- | ipalib/plugins/selinuxusermap.py | 12 | ||||
| -rw-r--r-- | ipalib/plugins/service.py | 24 | ||||
| -rw-r--r-- | ipalib/plugins/sudorule.py | 4 | ||||
| -rw-r--r-- | ipalib/plugins/user.py | 9 | ||||
| -rw-r--r-- | ipalib/plugins/virtual.py | 8 |
16 files changed, 94 insertions, 55 deletions
diff --git a/ipalib/plugins/automount.py b/ipalib/plugins/automount.py index 8e9eb5745..19b60905d 100644 --- a/ipalib/plugins/automount.py +++ b/ipalib/plugins/automount.py @@ -440,7 +440,9 @@ class automountlocation_import(LDAPQuery): result['duplicatekeys'].append(am[0]) pass else: - raise errors.DuplicateEntry(message=unicode('key %(key)s already exists' % {'key':am[0]})) + raise errors.DuplicateEntry( + message=_('key %(key)s already exists') % dict( + key=am[0])) # Add the new map if not am[1].startswith('-'): try: @@ -454,7 +456,9 @@ class automountlocation_import(LDAPQuery): result['duplicatemaps'].append(am[0]) pass else: - raise errors.DuplicateEntry(message=unicode('map %(map)s already exists' % {'map':am[1]})) + raise errors.DuplicateEntry( + message=_('map %(map)s already exists') % dict( + map=am[1])) except errors.DuplicateEntry: # This means the same map is used on several mount points. pass diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 5805ba9b7..3dcb2d39f 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -194,7 +194,8 @@ def validate_del_attribute(ugettext, attr): def validate_attribute(ugettext, name, attr): m = re.match("\s*(.*?)\s*=\s*(.*?)\s*$", attr) if not m or len(m.groups()) != 2: - raise errors.ValidationError(name=name, error='Invalid format. Should be name=value') + raise errors.ValidationError( + name=name, error=_('Invalid format. Should be name=value')) def get_effective_rights(ldap, dn, attrs=None): assert isinstance(dn, DN) @@ -690,16 +691,22 @@ def _check_limit_object_class(attributes, attrs, allow_only): for (oid, attr) in attributes[0].iteritems(): if attr.names[0].lower() in limitattrs: if not allow_only: - raise errors.ObjectclassViolation(info='attribute "%(attribute)s" not allowed' % dict(attribute=attr.names[0].lower())) + raise errors.ObjectclassViolation( + info=_('attribute "%(attribute)s" not allowed') % dict( + attribute=attr.names[0].lower())) limitattrs.remove(attr.names[0].lower()) # And now the MAY for (oid, attr) in attributes[1].iteritems(): if attr.names[0].lower() in limitattrs: if not allow_only: - raise errors.ObjectclassViolation(info='attribute "%(attribute)s" not allowed' % dict(attribute=attr.names[0].lower())) + raise errors.ObjectclassViolation( + info=_('attribute "%(attribute)s" not allowed') % dict( + attribute=attr.names[0].lower())) limitattrs.remove(attr.names[0].lower()) if len(limitattrs) > 0 and allow_only: - raise errors.ObjectclassViolation(info='attribute "%(attribute)s" not allowed' % dict(attribute=limitattrs[0])) + raise errors.ObjectclassViolation( + info=_('attribute "%(attribute)s" not allowed') % dict( + attribute=limitattrs[0])) class CallbackInterface(Method): @@ -882,8 +889,7 @@ last, after all sets and adds."""), try: entry_attrs[attr].remove(delval) except ValueError: - raise errors.AttrValueNotFound(attr=attr, - value=delval) + raise errors.AttrValueNotFound(attr=attr, value=delval) if needldapattrs: try: diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py index 75eace246..781eeb037 100644 --- a/ipalib/plugins/cert.py +++ b/ipalib/plugins/cert.py @@ -298,7 +298,10 @@ class cert_request(VirtualCommand): subject_host = get_csr_hostname(csr) (servicename, hostname, realm) = split_principal(principal) if subject_host.lower() != hostname.lower(): - raise errors.ACIError(info="hostname in subject of request '%s' does not match principal hostname '%s'" % (subject_host, hostname)) + raise errors.ACIError( + info=_("hostname in subject of request '%(subject_host)s' " + "does not match principal hostname '%(hostname)s'") % dict( + subject_host=subject_host, hostname=hostname)) dn = None service = None @@ -314,16 +317,19 @@ class cert_request(VirtualCommand): dn = service['dn'] except errors.NotFound, e: if not add: - raise errors.NotFound(reason="The service principal for this request doesn't exist.") + raise errors.NotFound(reason=_("The service principal for " + "this request doesn't exist.")) try: service = api.Command['service_add'](principal, **{'force': True})['result'] dn = service['dn'] except errors.ACIError: - raise errors.ACIError(info='You need to be a member of the serviceadmin role to add services') + raise errors.ACIError(info=_('You need to be a member of ' + 'the serviceadmin role to add services')) # We got this far so the service entry exists, can we write it? if not ldap.can_write(dn, "usercertificate"): - raise errors.ACIError(info="Insufficient 'write' privilege to the 'userCertificate' attribute of entry '%s'." % dn) + raise errors.ACIError(info=_("Insufficient 'write' privilege " + "to the 'userCertificate' attribute of entry '%s'.") % dn) # Validate the subject alt name, if any request = pkcs10.load_certificate_request(csr) @@ -337,11 +343,14 @@ class cert_request(VirtualCommand): # We don't want to issue any certificates referencing # machines we don't know about. Nothing is stored in this # host record related to this certificate. - raise errors.NotFound(reason='no host record for subject alt name %s in certificate request' % name) + raise errors.NotFound(reason=_('no host record for ' + 'subject alt name %s in certificate request') % name) authprincipal = getattr(context, 'principal') if authprincipal.startswith("host/"): if not hostdn in service.get('managedby', []): - raise errors.ACIError(info="Insufficient privilege to create a certificate with subject alt name '%s'." % name) + raise errors.ACIError(info=_( + "Insufficient privilege to create a certificate " + "with subject alt name '%s'.") % name) if 'usercertificate' in service: serial = x509.get_serial_number(service['usercertificate'][0], datatype=x509.DER) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index bd637dcd8..3987001f0 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -2617,8 +2617,7 @@ class dnsrecord_del(LDAPUpdate): attr_name = unicode(param.label or param.name) except: attr_name = attr - raise errors.AttrValueNotFound(attr=attr_name, - value=val) + raise errors.AttrValueNotFound(attr=attr_name, value=val) entry_attrs[attr] = list(set(old_entry[attr])) del_all = False diff --git a/ipalib/plugins/entitle.py b/ipalib/plugins/entitle.py index 67e7f959e..1b821053d 100644 --- a/ipalib/plugins/entitle.py +++ b/ipalib/plugins/entitle.py @@ -147,7 +147,8 @@ def get_uuid(ldap): entry_attrs, 'ipaentitlementid', api.env.container_entitlements, ) if not ldap.can_read(dn, 'userpkcs12'): - raise errors.ACIError(info='not allowed to perform this command') + raise errors.ACIError( + info=_('not allowed to perform this command')) if not 'userpkcs12' in result: return (None, uuid, None, None) @@ -338,7 +339,9 @@ class entitle_consume(LDAPUpdate): available = result['quantity'] - result['consumed'] if quantity > available: - raise errors.ValidationError(name='quantity', error='There are only %d entitlements left' % available) + raise errors.ValidationError( + name='quantity', + error=_('There are only %d entitlements left') % available) try: cp = UEPConnection(handler='/candlepin', cert_file=certfile, key_file=keyfile) @@ -508,12 +511,13 @@ class entitle_register(LDAPCreate): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): dn = DN(self.obj.container_dn, self.api.env.basedn) if not ldap.can_add(dn): - raise errors.ACIError(info='No permission to register') + raise errors.ACIError(info=_('No permission to register')) os.environ['LANG'] = 'en_US' locale.setlocale(locale.LC_ALL, '') if 'ipaentitlementid' in options: - raise errors.ValidationError(name='ipaentitlementid', error='Registering to specific UUID is not supported yet.') + raise errors.ValidationError(name='ipaentitlementid', + error=_('Registering to specific UUID is not supported yet.')) try: registrations = api.Command['entitle_find']() diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index 94f0d0e20..0b1e8b83c 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -446,7 +446,8 @@ class hbacrule_add_user(LDAPAddMember): self.obj.handle_not_found(*keys) if 'usercategory' in entry_attrs and \ entry_attrs['usercategory'][0].lower() == 'all': - raise errors.MutuallyExclusiveError(reason="users cannot be added when user category='all'") + raise errors.MutuallyExclusiveError( + reason=_("users cannot be added when user category='all'")) return dn api.register(hbacrule_add_user) @@ -475,7 +476,8 @@ class hbacrule_add_host(LDAPAddMember): self.obj.handle_not_found(*keys) if 'hostcategory' in entry_attrs and \ entry_attrs['hostcategory'][0].lower() == 'all': - raise errors.MutuallyExclusiveError(reason="hosts cannot be added when host category='all'") + raise errors.MutuallyExclusiveError( + reason=_("hosts cannot be added when host category='all'")) return dn api.register(hbacrule_add_host) @@ -504,7 +506,8 @@ class hbacrule_add_sourcehost(LDAPAddMember): self.obj.handle_not_found(*keys) if 'sourcehostcategory' in entry_attrs and \ entry_attrs['sourcehostcategory'][0].lower() == 'all': - raise errors.MutuallyExclusiveError(reason="source hosts cannot be added when sourcehost category='all'") + raise errors.MutuallyExclusiveError(reason=_( + "source hosts cannot be added when sourcehost category='all'")) return add_external_pre_callback('host', ldap, dn, keys, options) def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): @@ -541,7 +544,8 @@ class hbacrule_add_service(LDAPAddMember): self.obj.handle_not_found(*keys) if 'servicecategory' in entry_attrs and \ entry_attrs['servicecategory'][0].lower() == 'all': - raise errors.MutuallyExclusiveError(reason="services cannot be added when service category='all'") + raise errors.MutuallyExclusiveError(reason=_( + "services cannot be added when service category='all'")) return dn api.register(hbacrule_add_service) diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 8f6b5262b..91b3ce677 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -621,7 +621,7 @@ class host_mod(LDAPUpdate): # Once a principal name is set it cannot be changed if 'cn' in entry_attrs: - raise errors.ACIError(info='cn is immutable') + raise errors.ACIError(info=_('cn is immutable')) if 'locality' in entry_attrs: entry_attrs['l'] = entry_attrs['locality'] del entry_attrs['locality'] diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py index 263d66b55..6321aa733 100644 --- a/ipalib/plugins/netgroup.py +++ b/ipalib/plugins/netgroup.py @@ -210,9 +210,9 @@ class netgroup_mod(LDAPUpdate): except errors.NotFound: self.obj.handle_not_found(*keys) if is_all(options, 'usercategory') and 'memberuser' in entry_attrs: - raise errors.MutuallyExclusiveError(reason="user category cannot be set to 'all' while there are allowed users") + raise errors.MutuallyExclusiveError(reason=_("user category cannot be set to 'all' while there are allowed users")) if is_all(options, 'hostcategory') and 'memberhost' in entry_attrs: - raise errors.MutuallyExclusiveError(reason="host category cannot be set to 'all' while there are allowed hosts") + raise errors.MutuallyExclusiveError(reason=_("host category cannot be set to 'all' while there are allowed hosts")) return dn api.register(netgroup_mod) diff --git a/ipalib/plugins/passwd.py b/ipalib/plugins/passwd.py index 2c83560b1..68aa3ebb0 100644 --- a/ipalib/plugins/passwd.py +++ b/ipalib/plugins/passwd.py @@ -112,7 +112,7 @@ class passwd(Command): current_password == MAGIC_VALUE: # No cheating self.log.warn('User attempted to change password using magic value') - raise errors.ACIError(info='Invalid credentials') + raise errors.ACIError(info=_('Invalid credentials')) if current_password == MAGIC_VALUE: ldap.modify_password(dn, password) diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 75b210910..80c6bc068 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -303,7 +303,8 @@ class permission_del(LDAPDelete): def pre_callback(self, ldap, dn, *keys, **options): assert isinstance(dn, DN) if not options.get('force') and not self.obj.check_system(ldap, dn, *keys): - raise errors.ACIError(info='A SYSTEM permission may not be removed') + raise errors.ACIError( + info=_('A SYSTEM permission may not be removed')) # remove permission even when the underlying ACI is missing try: self.api.Command.aci_del(keys[-1], aciprefix=ACI_PREFIX) @@ -323,7 +324,8 @@ class permission_mod(LDAPUpdate): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) if not self.obj.check_system(ldap, dn, *keys): - raise errors.ACIError(info='A SYSTEM permission may not be modified') + raise errors.ACIError( + info=_('A SYSTEM permission may not be modified')) # check if permission is in LDAP try: @@ -350,7 +352,7 @@ class permission_mod(LDAPUpdate): pass # permission may be renamed, continue else: raise errors.ValidationError( - name='rename',error=_('New name can not be empty')) + name='rename', error=_('New name can not be empty')) opts = self.obj.filter_aci_attributes(options) setattr(context, 'aciupdate', False) diff --git a/ipalib/plugins/pkinit.py b/ipalib/plugins/pkinit.py index 2d11f0244..981e411df 100644 --- a/ipalib/plugins/pkinit.py +++ b/ipalib/plugins/pkinit.py @@ -61,7 +61,7 @@ def valid_arg(ugettext, action): if a != 'enable' and a != 'disable': raise errors.ValidationError( name='action', - error='Unknown command %s' % action + error=_('Unknown command %s') % action ) class pkinit_anonymous(Command): diff --git a/ipalib/plugins/selinuxusermap.py b/ipalib/plugins/selinuxusermap.py index d793987aa..13bbb58ec 100644 --- a/ipalib/plugins/selinuxusermap.py +++ b/ipalib/plugins/selinuxusermap.py @@ -283,9 +283,11 @@ class selinuxusermap_mod(LDAPUpdate): raise errors.MutuallyExclusiveError(reason=notboth_err) if is_all(options, 'usercategory') and 'memberuser' in entry_attrs: - raise errors.MutuallyExclusiveError(reason="user category cannot be set to 'all' while there are allowed users") + raise errors.MutuallyExclusiveError(reason=_("user category " + "cannot be set to 'all' while there are allowed users")) if is_all(options, 'hostcategory') and 'memberhost' in entry_attrs: - raise errors.MutuallyExclusiveError(reason="host category cannot be set to 'all' while there are allowed hosts") + raise errors.MutuallyExclusiveError(reason=_("host category " + "cannot be set to 'all' while there are allowed hosts")) if 'ipaselinuxuser' in entry_attrs: validate_selinuxuser_inlist(ldap, entry_attrs['ipaselinuxuser']) @@ -414,7 +416,8 @@ class selinuxusermap_add_user(LDAPAddMember): self.obj.handle_not_found(*keys) if 'usercategory' in entry_attrs and \ entry_attrs['usercategory'][0].lower() == 'all': - raise errors.MutuallyExclusiveError(reason="users cannot be added when user category='all'") + raise errors.MutuallyExclusiveError( + reason=_("users cannot be added when user category='all'")) if 'seealso' in entry_attrs: raise errors.MutuallyExclusiveError(reason=notboth_err) return dn @@ -445,7 +448,8 @@ class selinuxusermap_add_host(LDAPAddMember): self.obj.handle_not_found(*keys) if 'hostcategory' in entry_attrs and \ entry_attrs['hostcategory'][0].lower() == 'all': - raise errors.MutuallyExclusiveError(reason="hosts cannot be added when host category='all'") + raise errors.MutuallyExclusiveError( + reason=_("hosts cannot be added when host category='all'")) if 'seealso' in entry_attrs: raise errors.MutuallyExclusiveError(reason=notboth_err) return dn diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 213711ab3..a7201f525 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -126,18 +126,15 @@ def split_principal(principal): # may not include the realm. sp = principal.split('/') if len(sp) != 2: - raise errors.MalformedServicePrincipal(reason='missing service') + raise errors.MalformedServicePrincipal(reason=_('missing service')) service = sp[0] if len(service) == 0: - raise errors.MalformedServicePrincipal( - reason='blank service' - ) + raise errors.MalformedServicePrincipal(reason=_('blank service')) sr = sp[1].split('@') if len(sr) > 2: raise errors.MalformedServicePrincipal( - reason='unable to determine realm' - ) + reason=_('unable to determine realm')) hostname = sr[0].lower() if len(sr) == 2: @@ -286,7 +283,9 @@ class service_add(LDAPCreate): try: hostresult = api.Command['host_show'](hostname)['result'] except errors.NotFound: - raise errors.NotFound(reason="The host '%s' does not exist to add a service to." % hostname) + raise errors.NotFound( + reason=_("The host '%s' does not exist to add a service to.") % + hostname) cert = options.get('usercertificate') if cert: @@ -330,7 +329,10 @@ class service_del(LDAPDelete): (service, hostname, realm) = split_principal(keys[-1]) check_required_principal(ldap, hostname, service) if self.api.env.enable_ra: - (dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate']) + try: + (dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate']) + except errors.NotFound: + self.obj.handle_not_found(*keys) cert = entry_attrs.get('usercertificate') if cert: cert = cert[0] @@ -376,7 +378,11 @@ class service_mod(LDAPUpdate): if cert: dercert = x509.normalize_certificate(cert) x509.verify_cert_subject(ldap, hostname, dercert) - (dn, entry_attrs_old) = ldap.get_entry(dn, ['usercertificate']) + try: + (dn, entry_attrs_old) = ldap.get_entry( + dn, ['usercertificate']) + except errors.NotFound: + self.obj.handle_not_found(*keys) if 'usercertificate' in entry_attrs_old: # FIXME: what to do here? do we revoke the old cert? fmt = 'entry already has a certificate, serial number: %s' % ( diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index e2937949b..8359c3336 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -286,9 +286,9 @@ class sudorule_mod(LDAPUpdate): self.obj.handle_not_found(*keys) if is_all(options, 'usercategory') and 'memberuser' in _entry_attrs: - raise errors.MutuallyExclusiveError(reason=_("user category cannot be set to 'all' while there are users")) + raise errors.MutuallyExclusiveError(reason=_("user category cannot be set to 'all' while there are allowed users")) if is_all(options, 'hostcategory') and 'memberhost' in _entry_attrs: - raise errors.MutuallyExclusiveError(reason=_("host category cannot be set to 'all' while there are hosts")) + raise errors.MutuallyExclusiveError(reason=_("host category cannot be set to 'all' while there are allowed hosts")) if is_all(options, 'cmdcategory') and ('memberallowcmd' or 'memberdenywcmd') in _entry_attrs: raise errors.MutuallyExclusiveError(reason=_("command category cannot be set to 'all' while there are allow or deny commands")) diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index c024e8555..bf25bc3c3 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -114,8 +114,9 @@ def validate_nsaccountlock(entry_attrs): if not isinstance(nsaccountlock, (bool, Bool)): if not isinstance(nsaccountlock, basestring): raise errors.OnlyOneValueAllowed(attr='nsaccountlock') - if nsaccountlock.lower() not in ('true','false'): - raise errors.ValidationError(name='nsaccountlock', error='must be TRUE or FALSE') + if nsaccountlock.lower() not in ('true', 'false'): + raise errors.ValidationError(name='nsaccountlock', + error=_('must be TRUE or FALSE')) def convert_nsaccountlock(entry_attrs): if not 'nsaccountlock' in entry_attrs: @@ -134,9 +135,7 @@ def split_principal(principal): parts = principal.split('@') user = parts[0].lower() if len(parts) > 2: - raise errors.MalformedUserPrincipal( - principal=principal - ) + raise errors.MalformedUserPrincipal(principal=principal) if len(parts) == 2: realm = parts[1].upper() diff --git a/ipalib/plugins/virtual.py b/ipalib/plugins/virtual.py index 8db1a9653..414de4c00 100644 --- a/ipalib/plugins/virtual.py +++ b/ipalib/plugins/virtual.py @@ -24,6 +24,7 @@ from ipalib import api from ipalib import Command from ipalib import errors from ipapython.dn import DN +from ipalib.text import _ class VirtualCommand(Command): """ @@ -48,7 +49,7 @@ class VirtualCommand(Command): This should be executed before any actual work is done. """ if self.operation is None and operation is None: - raise errors.ACIError(info='operation not defined') + raise errors.ACIError(info=_('operation not defined')) if operation is None: operation = self.operation @@ -60,8 +61,9 @@ class VirtualCommand(Command): try: if not ldap.can_write(operationdn, "objectclass"): - raise errors.ACIError(info='not allowed to perform this command') + raise errors.ACIError( + info=_('not allowed to perform this command')) except errors.NotFound: - raise errors.ACIError(info='No such virtual command') + raise errors.ACIError(info=_('No such virtual command')) return True |