Internationalization for public errors

Currently, we throw many public exceptions without proper i18n.
Wrap natural-language error messages in _() so they can be translated.

In the service plugin, raise NotFound errors using handle_not_found helper
so the error message contains the offending service.

Use ScriptError instead of NotFoundError in bindinstance install.

https://fedorahosted.org/freeipa/ticket/1953

5 files changed, 29 insertions, 27 deletions

diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 2e00f70b1..8284f3eaa 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -35,6 +35,7 @@ from ipalib.parameters import IA5Str
 from ipalib.util import (validate_zonemgr, normalize_zonemgr,
         get_dns_forward_zone_update_policy, get_dns_reverse_zone_update_policy)
 from ipapython.ipa_log_manager import *
+from ipalib.text import _
 
 import ipalib
 from ipalib import api, util, errors
@@ -277,7 +278,8 @@ def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_addres
         # automatically retrieve list of DNS masters
         dns_masters = api.Object.dnsrecord.get_dns_masters()
         if not dns_masters:
-            raise errors.NotFound("No IPA server with DNS support found!")
+            raise installutils.ScriptError(
+                "No IPA server with DNS support found!")
         ns_main = dns_masters.pop(0)
         ns_replicas = dns_masters
         addresses = resolve_host(ns_main)
@@ -321,7 +323,8 @@ def add_reverse_zone(zone, ns_hostname=None, ns_ip_address=None,
         # automatically retrieve list of DNS masters
         dns_masters = api.Object.dnsrecord.get_dns_masters()
         if not dns_masters:
-            raise errors.NotFound("No IPA server with DNS support found!")
+            raise installutils.ScriptError(
+                "No IPA server with DNS support found!")
         ns_main = dns_masters.pop(0)
         ns_replicas = dns_masters
         addresses = resolve_host(ns_main)
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index eebaa48c4..f0f0f1dfd 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -41,6 +41,7 @@ from ipapython import services as ipaservices
 from ipalib import x509
 from ipapython.dn import DN
 from ipalib.errors import CertificateOperationError
+from ipalib.text import _
 
 from nss.error import NSPRError
 import nss.nss as nss
@@ -663,8 +664,9 @@ class CertDB(object):
                 dogtag.https_request(self.host_name, api.env.ca_ee_install_port, "/ca/ee/ca/profileSubmitSSLClient", self.secdir, password, "ipaCert", **params)
 
             if http_status != 200:
-                raise CertificateOperationError(error='Unable to communicate with CMS (%s)' % \
-                      http_reason_phrase)
+                raise CertificateOperationError(
+                    error=_('Unable to communicate with CMS (%s)') %
+                        http_reason_phrase)
 
             # The result is an XML blob. Pull the certificate out of that
             doc = xml.dom.minidom.parseString(http_body)
diff --git a/ipaserver/plugins/join.py b/ipaserver/plugins/join.py
index e7713dc06..6ea02b2e1 100644
--- a/ipaserver/plugins/join.py
+++ b/ipaserver/plugins/join.py
@@ -106,7 +106,7 @@ class join(Command):
             # It exists, can we write the password attributes?
             allowed = ldap.can_write(dn, 'krblastpwdchange')
             if not allowed:
-                raise errors.ACIError(info="Insufficient 'write' privilege to the 'krbLastPwdChange' attribute of entry '%s'." % dn)
+                raise errors.ACIError(info=_("Insufficient 'write' privilege to the 'krbLastPwdChange' attribute of entry '%s'.") % dn)
 
             kw = {'fqdn': hostname, 'all': True}
             attrs_list = api.Command['host_show'](**kw)['result']
diff --git a/ipaserver/plugins/selfsign.py b/ipaserver/plugins/selfsign.py
index bd79f7186..8118d88c5 100644
--- a/ipaserver/plugins/selfsign.py
+++ b/ipaserver/plugins/selfsign.py
@@ -208,7 +208,8 @@ class ra(rabase.rabase):
             serial = x509.get_serial_number(cert)
         except NSPRError, e:
             self.log.error('Unable to decode certificate in entry: %s' % str(e))
-            raise errors.CertificateOperationError(error='Unable to decode certificate in entry: %s' % str(e))
+            raise errors.CertificateOperationError(
+                error=_('Unable to decode certificate in entry: %s') % str(e))
 
         # To make it look like dogtag return just the base64 data.
         cert = cert.replace('\n','')
diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py
index f7b71b32f..0856c25ce 100644
--- a/ipaserver/rpcserver.py
+++ b/ipaserver/rpcserver.py
@@ -26,6 +26,15 @@ Also see the `ipalib.rpc` module.
 from cgi import parse_qs
 from xml.sax.saxutils import escape
 from xmlrpclib import Fault
+from wsgiref.util import shift_path_info
+import base64
+import os
+import string
+import datetime
+from decimal import Decimal
+import urlparse
+import time
+
 from ipalib import plugable
 from ipalib.backend import Executioner
 from ipalib.errors import PublicError, InternalError, CommandError, JSONError, ConversionError, CCacheError, RefererError, InvalidSessionPassword, NotFound, ACIError, ExecutionError
@@ -39,15 +48,8 @@ from ipalib.session import session_mgr, AuthManager, get_ipa_ccache_name, load_c
 from ipalib.backend import Backend
 from ipalib.krb_utils import krb5_parse_ccache, KRB5_CCache, krb_ticket_expiration_threshold, krb5_format_principal_name
 from ipapython import ipautil
-from wsgiref.util import shift_path_info
 from ipapython.version import VERSION
-import base64
-import os
-import string
-import datetime
-from decimal import Decimal
-import urlparse
-import time
+from ipalib.text import _
 
 HTTP_STATUS_SUCCESS = '200 Success'
 HTTP_STATUS_SERVER_ERROR = '500 Internal Server Error'
@@ -533,31 +535,25 @@ class jsonserver(WSGIExecutioner, HTTP_Status):
         except ValueError, e:
             raise JSONError(error=e)
         if not isinstance(d, dict):
-            raise JSONError(error='Request must be a dict')
+            raise JSONError(error=_('Request must be a dict'))
         if 'method' not in d:
-            raise JSONError(error='Request is missing "method"')
+            raise JSONError(error=_('Request is missing "method"'))
         if 'params' not in d:
-            raise JSONError(error='Request is missing "params"')
+            raise JSONError(error=_('Request is missing "params"'))
         d = json_decode_binary(d)
         method = d['method']
         params = d['params']
         _id = d.get('id')
         if not isinstance(params, (list, tuple)):
-            raise JSONError(error='params must be a list')
+            raise JSONError(error=_('params must be a list'))
         if len(params) != 2:
-            raise JSONError(
-                error='params must contain [args, options]'
-            )
+            raise JSONError(error=_('params must contain [args, options]'))
         args = params[0]
         if not isinstance(args, (list, tuple)):
-            raise JSONError(
-                error='params[0] (aka args) must be a list'
-            )
+            raise JSONError(error=_('params[0] (aka args) must be a list'))
         options = params[1]
         if not isinstance(options, dict):
-            raise JSONError(
-                error='params[1] (aka options) must be a dict'
-            )
+            raise JSONError(error=_('params[1] (aka options) must be a dict'))
         options = dict((str(k), v) for (k, v) in options.iteritems())
         return (method, args, options, _id)