diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-06-29 15:02:51 +1000 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-06-30 15:42:06 +0200 |
commit | 3fab1b63502c3206d792b7aeaa12d486612f0137 (patch) | |
tree | d56b9226b122db022e1a0343e09986498975a51b | |
parent | 025cfd911bce6214ef2b4311b16c5b6df6ad173a (diff) | |
download | freeipa-3fab1b63502c3206d792b7aeaa12d486612f0137.tar.gz freeipa-3fab1b63502c3206d792b7aeaa12d486612f0137.tar.xz freeipa-3fab1b63502c3206d792b7aeaa12d486612f0137.zip |
cert-request: better error msg when 'add' not supported
cert-request supports adding service principals that don't exist.
If add is requested for other principal types, the error message
just says "the principal doesn't exist".
Add a new error type with better error message to explain that 'add'
is not supported for host or user principals.
Fixes: https://fedorahosted.org/freeipa/ticket/5991
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
-rw-r--r-- | ipalib/errors.py | 10 | ||||
-rw-r--r-- | ipaserver/plugins/cert.py | 21 |
2 files changed, 28 insertions, 3 deletions
diff --git a/ipalib/errors.py b/ipalib/errors.py index 10491a942..7b4f15dd6 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -1397,6 +1397,16 @@ class ServerRemovalError(ExecutionError): format = _('Server removal aborted: %(reason)s.') +class OperationNotSupportedForPrincipalType(ExecutionError): + """ + **4034** Raised when an operation is not supported for a principal type + """ + + errno = 4034 + format = _( + '%(operation)s is not supported for %(principal_type)s principals') + + class BuiltinError(ExecutionError): """ **4100** Base class for builtin execution errors (*4100 - 4199*). diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 63351c54c..526360bb6 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -145,6 +145,12 @@ http://www.ietf.org/rfc/rfc5280.txt USER, HOST, SERVICE = range(3) +PRINCIPAL_TYPE_STRING_MAP = { + USER: _('user'), + HOST: _('host'), + SERVICE: _('service'), +} + register = Registry() PKIDATE_FORMAT = '%Y-%m-%d' @@ -385,7 +391,9 @@ class cert_request(Create, BaseCertMethod, VirtualCommand): ), Flag( 'add', - doc=_("automatically add the principal if it doesn't exist"), + doc=_( + "automatically add the principal if it doesn't exist " + "(service principals only)"), ), ) @@ -480,8 +488,15 @@ class cert_request(Create, BaseCertMethod, VirtualCommand): elif principal_type == USER: principal_obj = api.Command['user_show'](principal_name, all=True) except errors.NotFound as e: - if principal_type == SERVICE and add: - principal_obj = api.Command['service_add'](principal_string, force=True) + if add: + if principal_type == SERVICE: + principal_obj = api.Command['service_add']( + principal_string, force=True) + else: + princtype_str = PRINCIPAL_TYPE_STRING_MAP[principal_type] + raise errors.OperationNotSupportedForPrincipalType( + operation=_("'add' option"), + principal_type=princtype_str) else: raise errors.NotFound( reason=_("The principal for this request doesn't exist.")) |