summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'ipalib/plugins')
-rw-r--r--ipalib/plugins/automount.py8
-rw-r--r--ipalib/plugins/baseldap.py18
-rw-r--r--ipalib/plugins/cert.py21
-rw-r--r--ipalib/plugins/dns.py3
-rw-r--r--ipalib/plugins/entitle.py12
-rw-r--r--ipalib/plugins/hbacrule.py12
-rw-r--r--ipalib/plugins/host.py2
-rw-r--r--ipalib/plugins/netgroup.py4
-rw-r--r--ipalib/plugins/passwd.py2
-rw-r--r--ipalib/plugins/permission.py8
-rw-r--r--ipalib/plugins/pkinit.py2
-rw-r--r--ipalib/plugins/selinuxusermap.py12
-rw-r--r--ipalib/plugins/service.py24
-rw-r--r--ipalib/plugins/sudorule.py4
-rw-r--r--ipalib/plugins/user.py9
-rw-r--r--ipalib/plugins/virtual.py8
16 files changed, 94 insertions, 55 deletions
diff --git a/ipalib/plugins/automount.py b/ipalib/plugins/automount.py
index 8e9eb5745..19b60905d 100644
--- a/ipalib/plugins/automount.py
+++ b/ipalib/plugins/automount.py
@@ -440,7 +440,9 @@ class automountlocation_import(LDAPQuery):
result['duplicatekeys'].append(am[0])
pass
else:
- raise errors.DuplicateEntry(message=unicode('key %(key)s already exists' % {'key':am[0]}))
+ raise errors.DuplicateEntry(
+ message=_('key %(key)s already exists') % dict(
+ key=am[0]))
# Add the new map
if not am[1].startswith('-'):
try:
@@ -454,7 +456,9 @@ class automountlocation_import(LDAPQuery):
result['duplicatemaps'].append(am[0])
pass
else:
- raise errors.DuplicateEntry(message=unicode('map %(map)s already exists' % {'map':am[1]}))
+ raise errors.DuplicateEntry(
+ message=_('map %(map)s already exists') % dict(
+ map=am[1]))
except errors.DuplicateEntry:
# This means the same map is used on several mount points.
pass
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 5805ba9b7..3dcb2d39f 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -194,7 +194,8 @@ def validate_del_attribute(ugettext, attr):
def validate_attribute(ugettext, name, attr):
m = re.match("\s*(.*?)\s*=\s*(.*?)\s*$", attr)
if not m or len(m.groups()) != 2:
- raise errors.ValidationError(name=name, error='Invalid format. Should be name=value')
+ raise errors.ValidationError(
+ name=name, error=_('Invalid format. Should be name=value'))
def get_effective_rights(ldap, dn, attrs=None):
assert isinstance(dn, DN)
@@ -690,16 +691,22 @@ def _check_limit_object_class(attributes, attrs, allow_only):
for (oid, attr) in attributes[0].iteritems():
if attr.names[0].lower() in limitattrs:
if not allow_only:
- raise errors.ObjectclassViolation(info='attribute "%(attribute)s" not allowed' % dict(attribute=attr.names[0].lower()))
+ raise errors.ObjectclassViolation(
+ info=_('attribute "%(attribute)s" not allowed') % dict(
+ attribute=attr.names[0].lower()))
limitattrs.remove(attr.names[0].lower())
# And now the MAY
for (oid, attr) in attributes[1].iteritems():
if attr.names[0].lower() in limitattrs:
if not allow_only:
- raise errors.ObjectclassViolation(info='attribute "%(attribute)s" not allowed' % dict(attribute=attr.names[0].lower()))
+ raise errors.ObjectclassViolation(
+ info=_('attribute "%(attribute)s" not allowed') % dict(
+ attribute=attr.names[0].lower()))
limitattrs.remove(attr.names[0].lower())
if len(limitattrs) > 0 and allow_only:
- raise errors.ObjectclassViolation(info='attribute "%(attribute)s" not allowed' % dict(attribute=limitattrs[0]))
+ raise errors.ObjectclassViolation(
+ info=_('attribute "%(attribute)s" not allowed') % dict(
+ attribute=limitattrs[0]))
class CallbackInterface(Method):
@@ -882,8 +889,7 @@ last, after all sets and adds."""),
try:
entry_attrs[attr].remove(delval)
except ValueError:
- raise errors.AttrValueNotFound(attr=attr,
- value=delval)
+ raise errors.AttrValueNotFound(attr=attr, value=delval)
if needldapattrs:
try:
diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py
index 75eace246..781eeb037 100644
--- a/ipalib/plugins/cert.py
+++ b/ipalib/plugins/cert.py
@@ -298,7 +298,10 @@ class cert_request(VirtualCommand):
subject_host = get_csr_hostname(csr)
(servicename, hostname, realm) = split_principal(principal)
if subject_host.lower() != hostname.lower():
- raise errors.ACIError(info="hostname in subject of request '%s' does not match principal hostname '%s'" % (subject_host, hostname))
+ raise errors.ACIError(
+ info=_("hostname in subject of request '%(subject_host)s' "
+ "does not match principal hostname '%(hostname)s'") % dict(
+ subject_host=subject_host, hostname=hostname))
dn = None
service = None
@@ -314,16 +317,19 @@ class cert_request(VirtualCommand):
dn = service['dn']
except errors.NotFound, e:
if not add:
- raise errors.NotFound(reason="The service principal for this request doesn't exist.")
+ raise errors.NotFound(reason=_("The service principal for "
+ "this request doesn't exist."))
try:
service = api.Command['service_add'](principal, **{'force': True})['result']
dn = service['dn']
except errors.ACIError:
- raise errors.ACIError(info='You need to be a member of the serviceadmin role to add services')
+ raise errors.ACIError(info=_('You need to be a member of '
+ 'the serviceadmin role to add services'))
# We got this far so the service entry exists, can we write it?
if not ldap.can_write(dn, "usercertificate"):
- raise errors.ACIError(info="Insufficient 'write' privilege to the 'userCertificate' attribute of entry '%s'." % dn)
+ raise errors.ACIError(info=_("Insufficient 'write' privilege "
+ "to the 'userCertificate' attribute of entry '%s'.") % dn)
# Validate the subject alt name, if any
request = pkcs10.load_certificate_request(csr)
@@ -337,11 +343,14 @@ class cert_request(VirtualCommand):
# We don't want to issue any certificates referencing
# machines we don't know about. Nothing is stored in this
# host record related to this certificate.
- raise errors.NotFound(reason='no host record for subject alt name %s in certificate request' % name)
+ raise errors.NotFound(reason=_('no host record for '
+ 'subject alt name %s in certificate request') % name)
authprincipal = getattr(context, 'principal')
if authprincipal.startswith("host/"):
if not hostdn in service.get('managedby', []):
- raise errors.ACIError(info="Insufficient privilege to create a certificate with subject alt name '%s'." % name)
+ raise errors.ACIError(info=_(
+ "Insufficient privilege to create a certificate "
+ "with subject alt name '%s'.") % name)
if 'usercertificate' in service:
serial = x509.get_serial_number(service['usercertificate'][0], datatype=x509.DER)
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index bd637dcd8..3987001f0 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -2617,8 +2617,7 @@ class dnsrecord_del(LDAPUpdate):
attr_name = unicode(param.label or param.name)
except:
attr_name = attr
- raise errors.AttrValueNotFound(attr=attr_name,
- value=val)
+ raise errors.AttrValueNotFound(attr=attr_name, value=val)
entry_attrs[attr] = list(set(old_entry[attr]))
del_all = False
diff --git a/ipalib/plugins/entitle.py b/ipalib/plugins/entitle.py
index 67e7f959e..1b821053d 100644
--- a/ipalib/plugins/entitle.py
+++ b/ipalib/plugins/entitle.py
@@ -147,7 +147,8 @@ def get_uuid(ldap):
entry_attrs, 'ipaentitlementid', api.env.container_entitlements,
)
if not ldap.can_read(dn, 'userpkcs12'):
- raise errors.ACIError(info='not allowed to perform this command')
+ raise errors.ACIError(
+ info=_('not allowed to perform this command'))
if not 'userpkcs12' in result:
return (None, uuid, None, None)
@@ -338,7 +339,9 @@ class entitle_consume(LDAPUpdate):
available = result['quantity'] - result['consumed']
if quantity > available:
- raise errors.ValidationError(name='quantity', error='There are only %d entitlements left' % available)
+ raise errors.ValidationError(
+ name='quantity',
+ error=_('There are only %d entitlements left') % available)
try:
cp = UEPConnection(handler='/candlepin', cert_file=certfile, key_file=keyfile)
@@ -508,12 +511,13 @@ class entitle_register(LDAPCreate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
dn = DN(self.obj.container_dn, self.api.env.basedn)
if not ldap.can_add(dn):
- raise errors.ACIError(info='No permission to register')
+ raise errors.ACIError(info=_('No permission to register'))
os.environ['LANG'] = 'en_US'
locale.setlocale(locale.LC_ALL, '')
if 'ipaentitlementid' in options:
- raise errors.ValidationError(name='ipaentitlementid', error='Registering to specific UUID is not supported yet.')
+ raise errors.ValidationError(name='ipaentitlementid',
+ error=_('Registering to specific UUID is not supported yet.'))
try:
registrations = api.Command['entitle_find']()
diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py
index 94f0d0e20..0b1e8b83c 100644
--- a/ipalib/plugins/hbacrule.py
+++ b/ipalib/plugins/hbacrule.py
@@ -446,7 +446,8 @@ class hbacrule_add_user(LDAPAddMember):
self.obj.handle_not_found(*keys)
if 'usercategory' in entry_attrs and \
entry_attrs['usercategory'][0].lower() == 'all':
- raise errors.MutuallyExclusiveError(reason="users cannot be added when user category='all'")
+ raise errors.MutuallyExclusiveError(
+ reason=_("users cannot be added when user category='all'"))
return dn
api.register(hbacrule_add_user)
@@ -475,7 +476,8 @@ class hbacrule_add_host(LDAPAddMember):
self.obj.handle_not_found(*keys)
if 'hostcategory' in entry_attrs and \
entry_attrs['hostcategory'][0].lower() == 'all':
- raise errors.MutuallyExclusiveError(reason="hosts cannot be added when host category='all'")
+ raise errors.MutuallyExclusiveError(
+ reason=_("hosts cannot be added when host category='all'"))
return dn
api.register(hbacrule_add_host)
@@ -504,7 +506,8 @@ class hbacrule_add_sourcehost(LDAPAddMember):
self.obj.handle_not_found(*keys)
if 'sourcehostcategory' in entry_attrs and \
entry_attrs['sourcehostcategory'][0].lower() == 'all':
- raise errors.MutuallyExclusiveError(reason="source hosts cannot be added when sourcehost category='all'")
+ raise errors.MutuallyExclusiveError(reason=_(
+ "source hosts cannot be added when sourcehost category='all'"))
return add_external_pre_callback('host', ldap, dn, keys, options)
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
@@ -541,7 +544,8 @@ class hbacrule_add_service(LDAPAddMember):
self.obj.handle_not_found(*keys)
if 'servicecategory' in entry_attrs and \
entry_attrs['servicecategory'][0].lower() == 'all':
- raise errors.MutuallyExclusiveError(reason="services cannot be added when service category='all'")
+ raise errors.MutuallyExclusiveError(reason=_(
+ "services cannot be added when service category='all'"))
return dn
api.register(hbacrule_add_service)
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 8f6b5262b..91b3ce677 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -621,7 +621,7 @@ class host_mod(LDAPUpdate):
# Once a principal name is set it cannot be changed
if 'cn' in entry_attrs:
- raise errors.ACIError(info='cn is immutable')
+ raise errors.ACIError(info=_('cn is immutable'))
if 'locality' in entry_attrs:
entry_attrs['l'] = entry_attrs['locality']
del entry_attrs['locality']
diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py
index 263d66b55..6321aa733 100644
--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@@ -210,9 +210,9 @@ class netgroup_mod(LDAPUpdate):
except errors.NotFound:
self.obj.handle_not_found(*keys)
if is_all(options, 'usercategory') and 'memberuser' in entry_attrs:
- raise errors.MutuallyExclusiveError(reason="user category cannot be set to 'all' while there are allowed users")
+ raise errors.MutuallyExclusiveError(reason=_("user category cannot be set to 'all' while there are allowed users"))
if is_all(options, 'hostcategory') and 'memberhost' in entry_attrs:
- raise errors.MutuallyExclusiveError(reason="host category cannot be set to 'all' while there are allowed hosts")
+ raise errors.MutuallyExclusiveError(reason=_("host category cannot be set to 'all' while there are allowed hosts"))
return dn
api.register(netgroup_mod)
diff --git a/ipalib/plugins/passwd.py b/ipalib/plugins/passwd.py
index 2c83560b1..68aa3ebb0 100644
--- a/ipalib/plugins/passwd.py
+++ b/ipalib/plugins/passwd.py
@@ -112,7 +112,7 @@ class passwd(Command):
current_password == MAGIC_VALUE:
# No cheating
self.log.warn('User attempted to change password using magic value')
- raise errors.ACIError(info='Invalid credentials')
+ raise errors.ACIError(info=_('Invalid credentials'))
if current_password == MAGIC_VALUE:
ldap.modify_password(dn, password)
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 75b210910..80c6bc068 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -303,7 +303,8 @@ class permission_del(LDAPDelete):
def pre_callback(self, ldap, dn, *keys, **options):
assert isinstance(dn, DN)
if not options.get('force') and not self.obj.check_system(ldap, dn, *keys):
- raise errors.ACIError(info='A SYSTEM permission may not be removed')
+ raise errors.ACIError(
+ info=_('A SYSTEM permission may not be removed'))
# remove permission even when the underlying ACI is missing
try:
self.api.Command.aci_del(keys[-1], aciprefix=ACI_PREFIX)
@@ -323,7 +324,8 @@ class permission_mod(LDAPUpdate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
if not self.obj.check_system(ldap, dn, *keys):
- raise errors.ACIError(info='A SYSTEM permission may not be modified')
+ raise errors.ACIError(
+ info=_('A SYSTEM permission may not be modified'))
# check if permission is in LDAP
try:
@@ -350,7 +352,7 @@ class permission_mod(LDAPUpdate):
pass # permission may be renamed, continue
else:
raise errors.ValidationError(
- name='rename',error=_('New name can not be empty'))
+ name='rename', error=_('New name can not be empty'))
opts = self.obj.filter_aci_attributes(options)
setattr(context, 'aciupdate', False)
diff --git a/ipalib/plugins/pkinit.py b/ipalib/plugins/pkinit.py
index 2d11f0244..981e411df 100644
--- a/ipalib/plugins/pkinit.py
+++ b/ipalib/plugins/pkinit.py
@@ -61,7 +61,7 @@ def valid_arg(ugettext, action):
if a != 'enable' and a != 'disable':
raise errors.ValidationError(
name='action',
- error='Unknown command %s' % action
+ error=_('Unknown command %s') % action
)
class pkinit_anonymous(Command):
diff --git a/ipalib/plugins/selinuxusermap.py b/ipalib/plugins/selinuxusermap.py
index d793987aa..13bbb58ec 100644
--- a/ipalib/plugins/selinuxusermap.py
+++ b/ipalib/plugins/selinuxusermap.py
@@ -283,9 +283,11 @@ class selinuxusermap_mod(LDAPUpdate):
raise errors.MutuallyExclusiveError(reason=notboth_err)
if is_all(options, 'usercategory') and 'memberuser' in entry_attrs:
- raise errors.MutuallyExclusiveError(reason="user category cannot be set to 'all' while there are allowed users")
+ raise errors.MutuallyExclusiveError(reason=_("user category "
+ "cannot be set to 'all' while there are allowed users"))
if is_all(options, 'hostcategory') and 'memberhost' in entry_attrs:
- raise errors.MutuallyExclusiveError(reason="host category cannot be set to 'all' while there are allowed hosts")
+ raise errors.MutuallyExclusiveError(reason=_("host category "
+ "cannot be set to 'all' while there are allowed hosts"))
if 'ipaselinuxuser' in entry_attrs:
validate_selinuxuser_inlist(ldap, entry_attrs['ipaselinuxuser'])
@@ -414,7 +416,8 @@ class selinuxusermap_add_user(LDAPAddMember):
self.obj.handle_not_found(*keys)
if 'usercategory' in entry_attrs and \
entry_attrs['usercategory'][0].lower() == 'all':
- raise errors.MutuallyExclusiveError(reason="users cannot be added when user category='all'")
+ raise errors.MutuallyExclusiveError(
+ reason=_("users cannot be added when user category='all'"))
if 'seealso' in entry_attrs:
raise errors.MutuallyExclusiveError(reason=notboth_err)
return dn
@@ -445,7 +448,8 @@ class selinuxusermap_add_host(LDAPAddMember):
self.obj.handle_not_found(*keys)
if 'hostcategory' in entry_attrs and \
entry_attrs['hostcategory'][0].lower() == 'all':
- raise errors.MutuallyExclusiveError(reason="hosts cannot be added when host category='all'")
+ raise errors.MutuallyExclusiveError(
+ reason=_("hosts cannot be added when host category='all'"))
if 'seealso' in entry_attrs:
raise errors.MutuallyExclusiveError(reason=notboth_err)
return dn
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index 213711ab3..a7201f525 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -126,18 +126,15 @@ def split_principal(principal):
# may not include the realm.
sp = principal.split('/')
if len(sp) != 2:
- raise errors.MalformedServicePrincipal(reason='missing service')
+ raise errors.MalformedServicePrincipal(reason=_('missing service'))
service = sp[0]
if len(service) == 0:
- raise errors.MalformedServicePrincipal(
- reason='blank service'
- )
+ raise errors.MalformedServicePrincipal(reason=_('blank service'))
sr = sp[1].split('@')
if len(sr) > 2:
raise errors.MalformedServicePrincipal(
- reason='unable to determine realm'
- )
+ reason=_('unable to determine realm'))
hostname = sr[0].lower()
if len(sr) == 2:
@@ -286,7 +283,9 @@ class service_add(LDAPCreate):
try:
hostresult = api.Command['host_show'](hostname)['result']
except errors.NotFound:
- raise errors.NotFound(reason="The host '%s' does not exist to add a service to." % hostname)
+ raise errors.NotFound(
+ reason=_("The host '%s' does not exist to add a service to.") %
+ hostname)
cert = options.get('usercertificate')
if cert:
@@ -330,7 +329,10 @@ class service_del(LDAPDelete):
(service, hostname, realm) = split_principal(keys[-1])
check_required_principal(ldap, hostname, service)
if self.api.env.enable_ra:
- (dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate'])
+ try:
+ (dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate'])
+ except errors.NotFound:
+ self.obj.handle_not_found(*keys)
cert = entry_attrs.get('usercertificate')
if cert:
cert = cert[0]
@@ -376,7 +378,11 @@ class service_mod(LDAPUpdate):
if cert:
dercert = x509.normalize_certificate(cert)
x509.verify_cert_subject(ldap, hostname, dercert)
- (dn, entry_attrs_old) = ldap.get_entry(dn, ['usercertificate'])
+ try:
+ (dn, entry_attrs_old) = ldap.get_entry(
+ dn, ['usercertificate'])
+ except errors.NotFound:
+ self.obj.handle_not_found(*keys)
if 'usercertificate' in entry_attrs_old:
# FIXME: what to do here? do we revoke the old cert?
fmt = 'entry already has a certificate, serial number: %s' % (
diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py
index e2937949b..8359c3336 100644
--- a/ipalib/plugins/sudorule.py
+++ b/ipalib/plugins/sudorule.py
@@ -286,9 +286,9 @@ class sudorule_mod(LDAPUpdate):
self.obj.handle_not_found(*keys)
if is_all(options, 'usercategory') and 'memberuser' in _entry_attrs:
- raise errors.MutuallyExclusiveError(reason=_("user category cannot be set to 'all' while there are users"))
+ raise errors.MutuallyExclusiveError(reason=_("user category cannot be set to 'all' while there are allowed users"))
if is_all(options, 'hostcategory') and 'memberhost' in _entry_attrs:
- raise errors.MutuallyExclusiveError(reason=_("host category cannot be set to 'all' while there are hosts"))
+ raise errors.MutuallyExclusiveError(reason=_("host category cannot be set to 'all' while there are allowed hosts"))
if is_all(options, 'cmdcategory') and ('memberallowcmd' or
'memberdenywcmd') in _entry_attrs:
raise errors.MutuallyExclusiveError(reason=_("command category cannot be set to 'all' while there are allow or deny commands"))
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index c024e8555..bf25bc3c3 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -114,8 +114,9 @@ def validate_nsaccountlock(entry_attrs):
if not isinstance(nsaccountlock, (bool, Bool)):
if not isinstance(nsaccountlock, basestring):
raise errors.OnlyOneValueAllowed(attr='nsaccountlock')
- if nsaccountlock.lower() not in ('true','false'):
- raise errors.ValidationError(name='nsaccountlock', error='must be TRUE or FALSE')
+ if nsaccountlock.lower() not in ('true', 'false'):
+ raise errors.ValidationError(name='nsaccountlock',
+ error=_('must be TRUE or FALSE'))
def convert_nsaccountlock(entry_attrs):
if not 'nsaccountlock' in entry_attrs:
@@ -134,9 +135,7 @@ def split_principal(principal):
parts = principal.split('@')
user = parts[0].lower()
if len(parts) > 2:
- raise errors.MalformedUserPrincipal(
- principal=principal
- )
+ raise errors.MalformedUserPrincipal(principal=principal)
if len(parts) == 2:
realm = parts[1].upper()
diff --git a/ipalib/plugins/virtual.py b/ipalib/plugins/virtual.py
index 8db1a9653..414de4c00 100644
--- a/ipalib/plugins/virtual.py
+++ b/ipalib/plugins/virtual.py
@@ -24,6 +24,7 @@ from ipalib import api
from ipalib import Command
from ipalib import errors
from ipapython.dn import DN
+from ipalib.text import _
class VirtualCommand(Command):
"""
@@ -48,7 +49,7 @@ class VirtualCommand(Command):
This should be executed before any actual work is done.
"""
if self.operation is None and operation is None:
- raise errors.ACIError(info='operation not defined')
+ raise errors.ACIError(info=_('operation not defined'))
if operation is None:
operation = self.operation
@@ -60,8 +61,9 @@ class VirtualCommand(Command):
try:
if not ldap.can_write(operationdn, "objectclass"):
- raise errors.ACIError(info='not allowed to perform this command')
+ raise errors.ACIError(
+ info=_('not allowed to perform this command'))
except errors.NotFound:
- raise errors.ACIError(info='No such virtual command')
+ raise errors.ACIError(info=_('No such virtual command'))
return True