#5981 Unhandled PKI error in ca-add
Closed: Fixed None Opened 2 years ago by mkubik.

When adding a new CA that uses Subject that already exists, the error from PKI is propagated to the client

self = <ipalib.rpc.JSONServerProxy object at 0x7fdd5e76f850>, name = 'ca_add'
args = (('crud-subca-2',), {'description': 'Test generated CA', 'ipacasubjectdn': ipapython.dn.DN('CN=crud subca test,O=crud testing inc'), 'version': '2.188'})

    def __request(self, name, args):
        payload = {'method': unicode(name), 'params': args, 'id': 0}
        version = args[1].get('version', VERSION_WITHOUT_CAPABILITIES)
        payload = json_encode_binary(payload, version)

        if self.__verbose >= 2:
            root_logger.info('Request: %s',
                             json.dumps(payload, sort_keys=True, indent=4))

        response = self.__transport.request(
            self.__host,
            self.__handler,
            json.dumps(payload).encode('utf-8'),
            verbose=self.__verbose >= 3,
        )

        try:
            response = json_decode_binary(json.loads(response.decode('ascii')))
        except ValueError as e:
            raise JSONError(error=str(e))

        if self.__verbose >= 2:
            root_logger.info(
                'Response: %s',
                json.dumps(json_encode_binary(response, version),
                           sort_keys=True, indent=4)
            )
        error = response.get('error')
        if error:
            try:
                error_class = errors_by_code[error['code']]
            except KeyError:
                raise UnknownError(
                    code=error.get('code'),
                    error=error.get('message'),
                    server=self.__host,
                )
            else:
                kw = error.get('data', {})
                kw['message'] = error['message']
>               raise error_class(**kw)
E               RemoteRetrieveError: Non-2xx response from CA REST API: 409. DN 'CN=crud subca test,O=crud testing inc' is used by an existing authority

ipalib/rpc.py:1105: RemoteRetrieveError

master:

  • 16f33dd Check for CA subject name collision before attempting creation

Metadata Update from @mkubik:
- Issue assigned to ftweedal
- Issue set to the milestone: FreeIPA 4.4

2 years ago

Login to comment on this ticket.

Metadata