From a7de75808c79186f72c4a32bd04434639fa947fd Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Sep 13 2016 15:22:34 +0000
Subject: cert-request: raise error when request fails


Fix a regression in recent change to request cert via Dogtag REST
API.  'ra.request_certificate' was no longer raising
CertificateOperationError when the cert request failed.  Inspect the
request result to determine if the request completed, and raise if
it did not.

Fixes: https://fedorahosted.org/freeipa/ticket/6309
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>

---

diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index 77d2473..644b41e 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1678,6 +1678,10 @@ class ra(rabase.rabase, RestClient):
             return cmd_result
         certinfo = entries[0]
 
+        if certinfo['requestStatus'] != 'complete':
+            raise errors.CertificateOperationError(
+                    error=certinfo.get('errorMessage'))
+
         if 'certId' in certinfo:
             cmd_result = self.get_certificate(certinfo['certId'])
             cert = ''.join(cmd_result['certificate'].splitlines())