diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-06-29 15:02:51 +1000 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-06-30 15:42:06 +0200 |
commit | 3fab1b63502c3206d792b7aeaa12d486612f0137 (patch) | |
tree | d56b9226b122db022e1a0343e09986498975a51b /ipaserver/plugins/cert.py | |
parent | 025cfd911bce6214ef2b4311b16c5b6df6ad173a (diff) | |
download | freeipa-3fab1b63502c3206d792b7aeaa12d486612f0137.tar.gz freeipa-3fab1b63502c3206d792b7aeaa12d486612f0137.tar.xz freeipa-3fab1b63502c3206d792b7aeaa12d486612f0137.zip |
cert-request: better error msg when 'add' not supported
cert-request supports adding service principals that don't exist.
If add is requested for other principal types, the error message
just says "the principal doesn't exist".
Add a new error type with better error message to explain that 'add'
is not supported for host or user principals.
Fixes: https://fedorahosted.org/freeipa/ticket/5991
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Diffstat (limited to 'ipaserver/plugins/cert.py')
-rw-r--r-- | ipaserver/plugins/cert.py | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 63351c54c..526360bb6 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -145,6 +145,12 @@ http://www.ietf.org/rfc/rfc5280.txt USER, HOST, SERVICE = range(3) +PRINCIPAL_TYPE_STRING_MAP = { + USER: _('user'), + HOST: _('host'), + SERVICE: _('service'), +} + register = Registry() PKIDATE_FORMAT = '%Y-%m-%d' @@ -385,7 +391,9 @@ class cert_request(Create, BaseCertMethod, VirtualCommand): ), Flag( 'add', - doc=_("automatically add the principal if it doesn't exist"), + doc=_( + "automatically add the principal if it doesn't exist " + "(service principals only)"), ), ) @@ -480,8 +488,15 @@ class cert_request(Create, BaseCertMethod, VirtualCommand): elif principal_type == USER: principal_obj = api.Command['user_show'](principal_name, all=True) except errors.NotFound as e: - if principal_type == SERVICE and add: - principal_obj = api.Command['service_add'](principal_string, force=True) + if add: + if principal_type == SERVICE: + principal_obj = api.Command['service_add']( + principal_string, force=True) + else: + princtype_str = PRINCIPAL_TYPE_STRING_MAP[principal_type] + raise errors.OperationNotSupportedForPrincipalType( + operation=_("'add' option"), + principal_type=princtype_str) else: raise errors.NotFound( reason=_("The principal for this request doesn't exist.")) |