DNSSEC: warn user if DNSSEC key master is not installed

Warning user that DNSSEC key master is not installed when commands dnszone-add, dnszone-mod, dnszone-show when option dnssec=true https://fedorahosted.org/freeipa/ticket/5290 Reviewed-By: Petr Spacek <pspacek@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2015-10-13 10:48:10 +0200
committer: Martin Basti <mbasti@redhat.com> 2015-10-22 18:29:44 +0200
commit: 92a4b18fc282ab7b40899c4885617fc080e9e955 (patch)
tree: 7fdba4317bd96df4b29486f90fa40500001448c7 /ipaserver
parent: 179d86b5f6d4f3297d20a553f4aa723e4f949fce (diff)
download: freeipa-92a4b18fc282ab7b40899c4885617fc080e9e955.tar.gz
freeipa-92a4b18fc282ab7b40899c4885617fc080e9e955.tar.xz
freeipa-92a4b18fc282ab7b40899c4885617fc080e9e955.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index edd35df7a..34dce0f32 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -27,10 +27,15 @@ softhsm_slot = 0
 
 def get_dnssec_key_masters(conn):
     """
+    This method can be used only for admin connections, common users do not
+    have permission to access content of service containers.
     :return: list of active dnssec key masters
     """
     assert conn is not None
 
+    # please check ipalib/dns.py:dnssec_installed() method too, if you do
+    # any modifications here
+
     dn = DN(api.env.container_masters, api.env.basedn)
 
     filter_attrs = {
author	Martin Basti <mbasti@redhat.com>	2015-10-13 10:48:10 +0200
committer	Martin Basti <mbasti@redhat.com>	2015-10-22 18:29:44 +0200
commit	92a4b18fc282ab7b40899c4885617fc080e9e955 (patch)
tree	7fdba4317bd96df4b29486f90fa40500001448c7 /ipaserver
parent	179d86b5f6d4f3297d20a553f4aa723e4f949fce (diff)
download	freeipa-92a4b18fc282ab7b40899c4885617fc080e9e955.tar.gz freeipa-92a4b18fc282ab7b40899c4885617fc080e9e955.tar.xz freeipa-92a4b18fc282ab7b40899c4885617fc080e9e955.zip