Fix: regression in host and service plugin

Test failures: * wrong error message * mod operation always delete usercertificates https://fedorahosted.org/freeipa/ticket/4238 Reviewed-By: Milan Kubik <mkubik@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2015-06-03 13:11:58 +0200
committer: Jan Cholasta <jcholast@redhat.com> 2015-06-03 17:52:30 +0000
commit: b6924c00ab0ebeaeb62a2ebfbf1ba04494713c5e (patch)
tree: c1ad8096462cd84e64845e8ab266721d0a3bb94c /ipalib
parent: 8457edc14dade724b486540800bcdafb7d9a6f76 (diff)
download: freeipa-b6924c00ab0ebeaeb62a2ebfbf1ba04494713c5e.tar.gz
freeipa-b6924c00ab0ebeaeb62a2ebfbf1ba04494713c5e.tar.xz
freeipa-b6924c00ab0ebeaeb62a2ebfbf1ba04494713c5e.zip
2 files changed, 14 insertions, 7 deletions
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 9ad087e26..e81dca94e 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -871,8 +871,11 @@ class host_mod(LDAPUpdate):
             x509.verify_cert_subject(ldap, keys[-1], cert)
 
         # revoke removed certificates
-        if self.api.Command.ca_is_enabled()['result']:
-            entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
+        if certs and self.api.Command.ca_is_enabled()['result']:
+            try:
+                entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
+            except errors.NotFound:
+                self.obj.handle_not_found(*keys)
             old_certs = entry_attrs_old.get('usercertificate', [])
             old_certs_der = map(x509.normalize_certificate, old_certs)
             removed_certs_der = set(old_certs_der) - set(certs_der)
@@ -899,7 +902,8 @@ class host_mod(LDAPUpdate):
                                       nsprerr.args[1])
                     else:
                         raise nsprerr
-        entry_attrs['usercertificate'] = certs_der
+        if certs:
+            entry_attrs['usercertificate'] = certs_der
 
         if options.get('random'):
             entry_attrs['userpassword'] = ipa_generate_password(characters=host_pwd_chars)
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index c290344cf..d8bd03523 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -602,10 +602,12 @@ class service_mod(LDAPUpdate):
         certs_der = map(x509.normalize_certificate, certs)
         for dercert in certs_der:
             x509.verify_cert_subject(ldap, hostname, dercert)
-
         # revoke removed certificates
-        if self.api.Command.ca_is_enabled()['result']:
-            entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
+        if certs and self.api.Command.ca_is_enabled()['result']:
+            try:
+                entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
+            except errors.NotFound:
+                self.obj.handle_not_found(*keys)
             old_certs = entry_attrs_old.get('usercertificate', [])
             old_certs_der = map(x509.normalize_certificate, old_certs)
             removed_certs_der = set(old_certs_der) - set(certs_der)
@@ -632,7 +634,8 @@ class service_mod(LDAPUpdate):
                                       nsprerr.args[1])
                     else:
                         raise nsprerr
-        entry_attrs['usercertificate'] = certs_der
+        if certs:
+            entry_attrs['usercertificate'] = certs_der
 
         update_krbticketflags(ldap, entry_attrs, attrs_list, options, True)
author	Martin Basti <mbasti@redhat.com>	2015-06-03 13:11:58 +0200
committer	Jan Cholasta <jcholast@redhat.com>	2015-06-03 17:52:30 +0000
commit	b6924c00ab0ebeaeb62a2ebfbf1ba04494713c5e (patch)
tree	c1ad8096462cd84e64845e8ab266721d0a3bb94c /ipalib
parent	8457edc14dade724b486540800bcdafb7d9a6f76 (diff)
download	freeipa-b6924c00ab0ebeaeb62a2ebfbf1ba04494713c5e.tar.gz freeipa-b6924c00ab0ebeaeb62a2ebfbf1ba04494713c5e.tar.xz freeipa-b6924c00ab0ebeaeb62a2ebfbf1ba04494713c5e.zip