The attached patch fixes regression in cert-request: https://fedorahosted.org/freeipa/ticket/6309
Thanks, Fraser
From b27eef53ee36b7cae70206c37dea6aaa3bcfc940 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Thu, 8 Sep 2016 11:56:16 +1000 Subject: [PATCH] cert-request: raise error when request fails Fix a regression in recent change to request cert via Dogtag REST API. 'ra.request_certificate' was no longer raising CertificateOperationError when the cert request failed. Inspect the request result to determine if the request completed, and raise if it did not. Fixes: https://fedorahosted.org/freeipa/ticket/6309 --- ipaserver/plugins/dogtag.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 77d24731bbc102ace3123a6fe41a631ea7c24f3b..644b41e90f2d377ae9b70cf4719ab8789fdfc649 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1678,6 +1678,10 @@ class ra(rabase.rabase, RestClient): return cmd_result certinfo = entries[0] + if certinfo['requestStatus'] != 'complete': + raise errors.CertificateOperationError( + error=certinfo.get('errorMessage')) + if 'certId' in certinfo: cmd_result = self.get_certificate(certinfo['certId']) cert = ''.join(cmd_result['certificate'].splitlines()) -- 2.5.5
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code