On 12/10/2012 05:32 PM, Lynn Root wrote: > On 12/10/2012 05:01 PM, Martin Kosek wrote: >> On 12/10/2012 03:53 PM, Lynn Root wrote: >>> Raise ACI error when CSR does not have a subject hostname. >>> >>> Ticket:https://fedorahosted.org/freeipa/ticket/3123 >>> >> Why an ACIError? I know there are are a lot of ACIErrors thrown in >> cert-request >> command processing, but they are all related to authorization of the request. >> In this case, this is rather a missing required field of the CSR, so >> ValidationError may be a better choice. >> >> Martin >> > I elected ACIError simply because the immediately following ACIError raises > the > issue that hostname of principal doesn't match the subject hostname of the CSR > - seemed a similar case of "doesn't match" with "doesn't exists." But right - > it's not related to Auth. > > Would ValidationError be appropriate, or would RequirementError or NotFound be > more so? >
The following raises ACIError because of failed authorization check, I think its ok. RequirementError is only thrown when a command option that is required is not passed by the user. I am not fond of expanding its use to the validation of user content, like CSR file. NotFound error is used when an _entry_ is not found - so not an ideal candidate either for this case. IMHO, ValidationError is fine for this situation - but maybe somebody else may have other opinion... Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel