John Dennis wrote:
On 10/08/2009 05:22 PM, Rob Crittenden wrote:
John Dennis wrote:
Thanks Rob. BTW, I was going to add a try/except block around that
code in selfsign and return a non-zero status if it fails. Do we have
predefined status codes I should be using?
I'm assuming you mean around the certs.next_serial() call?
yes
Not really sure. This is really a "server blew up" sort of error, I'm
not sure what the best thing to return to the client is in this case. I
think something that says "the server is hosed, you can't fix it from
there" sort of error would be nice. AFAIK we don't currently define such
a beastie.
Well, looking at errors.py it looks like it should be an
ExecutionError in the 4000-4999 range. How about adding
UnableToCompleteCertificateOperation as a generic error for any
certificate operation we can't run to completion,
It would also be nice to reference the log, as in "Please see mylog.log
for details."
then do a log.error message with the specific failure. The errno
associated with UnableToCompleteCertificateOperation can be returned
whenever we hit some unexpected error related to certificate
operations, it will be generic enough to cover a range of cases
without exposing the reason for the fault and the server log file will
contain the detail. How does that sound?
--
Jenny Galipeau <[email protected]>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
