summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFraser Tweedale <ftweedal@redhat.com>2016-06-29 15:02:51 +1000
committerMartin Basti <mbasti@redhat.com>2016-06-30 15:42:06 +0200
commit3fab1b63502c3206d792b7aeaa12d486612f0137 (patch)
treed56b9226b122db022e1a0343e09986498975a51b
parent025cfd911bce6214ef2b4311b16c5b6df6ad173a (diff)
downloadfreeipa-3fab1b63502c3206d792b7aeaa12d486612f0137.tar.gz
freeipa-3fab1b63502c3206d792b7aeaa12d486612f0137.tar.xz
freeipa-3fab1b63502c3206d792b7aeaa12d486612f0137.zip
cert-request: better error msg when 'add' not supported
cert-request supports adding service principals that don't exist. If add is requested for other principal types, the error message just says "the principal doesn't exist". Add a new error type with better error message to explain that 'add' is not supported for host or user principals. Fixes: https://fedorahosted.org/freeipa/ticket/5991 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
-rw-r--r--ipalib/errors.py10
-rw-r--r--ipaserver/plugins/cert.py21
2 files changed, 28 insertions, 3 deletions
diff --git a/ipalib/errors.py b/ipalib/errors.py
index 10491a942..7b4f15dd6 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1397,6 +1397,16 @@ class ServerRemovalError(ExecutionError):
format = _('Server removal aborted: %(reason)s.')
+class OperationNotSupportedForPrincipalType(ExecutionError):
+ """
+ **4034** Raised when an operation is not supported for a principal type
+ """
+
+ errno = 4034
+ format = _(
+ '%(operation)s is not supported for %(principal_type)s principals')
+
+
class BuiltinError(ExecutionError):
"""
**4100** Base class for builtin execution errors (*4100 - 4199*).
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index 63351c54c..526360bb6 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -145,6 +145,12 @@ http://www.ietf.org/rfc/rfc5280.txt
USER, HOST, SERVICE = range(3)
+PRINCIPAL_TYPE_STRING_MAP = {
+ USER: _('user'),
+ HOST: _('host'),
+ SERVICE: _('service'),
+}
+
register = Registry()
PKIDATE_FORMAT = '%Y-%m-%d'
@@ -385,7 +391,9 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
),
Flag(
'add',
- doc=_("automatically add the principal if it doesn't exist"),
+ doc=_(
+ "automatically add the principal if it doesn't exist "
+ "(service principals only)"),
),
)
@@ -480,8 +488,15 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
elif principal_type == USER:
principal_obj = api.Command['user_show'](principal_name, all=True)
except errors.NotFound as e:
- if principal_type == SERVICE and add:
- principal_obj = api.Command['service_add'](principal_string, force=True)
+ if add:
+ if principal_type == SERVICE:
+ principal_obj = api.Command['service_add'](
+ principal_string, force=True)
+ else:
+ princtype_str = PRINCIPAL_TYPE_STRING_MAP[principal_type]
+ raise errors.OperationNotSupportedForPrincipalType(
+ operation=_("'add' option"),
+ principal_type=princtype_str)
else:
raise errors.NotFound(
reason=_("The principal for this request doesn't exist."))