From 51d5ec17570ef6911bded6381c77041f4a5c2182 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Jul 06 2020 16:13:00 +0000
Subject: cainstance.is_crlgen_enabled: handle missing ipa-pki-proxy.conf


A failed ipa-ca-install left my installation in an inconsistent
state.  Then, 'ipa-server-install --uninstall' also failed when
is_crlgen_enabled() tried to read ipa-pki-proxy.conf, which was
missing.

Update is_crlgen_enabled() to handle missing ipa-pki-proxy.conf, by
raising InconsistentCRLGenConfigException instead of RuntimeError.
As a result, missing ipa-pki-proxy.conf is handled gracefully
because the calling code already catches
InconsistentCRLGenConfigException.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>

---

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index a5ad505..706bc28 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1402,7 +1402,7 @@ class CAInstance(DogtagInstance):
                         rewriteRuleDisabled = False
                         break
         except IOError:
-            raise RuntimeError(
+            raise InconsistentCRLGenConfigException(
                 "Unable to read {}".format(paths.HTTPD_IPA_PKI_PROXY_CONF))
 
         # if enableCRLUpdates and rewriteRuleDisabled are different, the config