The attached patch fixes https://fedorahosted.org/freeipa/ticket/5991.
Thanks, Fraser
From 2363a1fe3486a00c69df781cc9bd43f5916a1733 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Wed, 29 Jun 2016 15:02:51 +1000 Subject: [PATCH] cert-request: better error msg when 'add' not supported cert-request supports adding service principals that don't exist. If add is requested for other principal types, the error message just says "the principal doesn't exist". Add a new error type with better error message to explain that 'add' is not supported for host or user principals. Fixes: https://fedorahosted.org/freeipa/ticket/5991 --- ipalib/errors.py | 9 +++++++++ ipaserver/plugins/cert.py | 18 +++++++++++++++--- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/ipalib/errors.py b/ipalib/errors.py index 10491a94211648df8bda60f3dbc9e52d19e83d10..70d17d64f53c75aabf7ae99c56bebd136230c7a3 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -1396,6 +1396,15 @@ class ServerRemovalError(ExecutionError): errno = 4033 format = _('Server removal aborted: %(reason)s.') +class OperationNotSupportedForPrincipalType(ExecutionError): + """ + **4034** Raised when an operation is not supported for a principal type + """ + + errno = 4034 + format = _( + '%(operation)s is not supported for %(principal_type)s principals') + class BuiltinError(ExecutionError): """ diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 564d582c77ef63e780604fd7fc55e6cc7889a351..f9fd3ef4b1a1a5cb370fd7876a88c5ecbb69e4e2 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -145,6 +145,12 @@ http://www.ietf.org/rfc/rfc5280.txt USER, HOST, SERVICE = range(3) +PRINCIPAL_TYPE_STRING_MAP = { + USER: _('user'), + HOST: _('host'), + SERVICE: _('service'), +} + register = Registry() PKIDATE_FORMAT = '%Y-%m-%d' @@ -385,7 +391,7 @@ class cert_request(Create, BaseCertMethod, VirtualCommand): ), Flag( 'add', - doc=_("automatically add the principal if it doesn't exist"), + doc=_("automatically add the principal if it doesn't exist (service princpals only)"), ), ) @@ -480,8 +486,14 @@ class cert_request(Create, BaseCertMethod, VirtualCommand): elif principal_type == USER: principal_obj = api.Command['user_show'](principal_name, all=True) except errors.NotFound as e: - if principal_type == SERVICE and add: - principal_obj = api.Command['service_add'](principal_string, force=True) + if add: + if principal_type == SERVICE: + principal_obj = api.Command['service_add']( + principal_string, force=True) + else: + raise errors.OperationNotSupportedForPrincipalType( + operation="'add'", + principal_type=PRINCIPAL_TYPE_STRING_MAP[principal_type]) else: raise errors.NotFound( reason=_("The principal for this request doesn't exist.")) -- 2.5.5
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code