On 12/10/2012 05:32 PM, Lynn Root wrote:
> On 12/10/2012 05:01 PM, Martin Kosek wrote:
>> On 12/10/2012 03:53 PM, Lynn Root wrote:
>>> Raise ACI error when CSR does not have a subject hostname.
>>> Ticket:https://fedorahosted.org/freeipa/ticket/3123
>> Why an ACIError? I know there are are a lot of ACIErrors thrown in 
>> cert-request
>> command processing, but they are all related to authorization of the request.
>> In this case, this is rather a missing required field of the CSR, so
>> ValidationError may be a better choice.
>> Martin
> I elected ACIError simply because the immediately following ACIError raises 
> the
> issue that hostname of principal doesn't match the subject hostname of the CSR
> - seemed a similar case of "doesn't match" with "doesn't exists." But right -
> it's not related to Auth.
> Would ValidationError be appropriate, or would RequirementError or NotFound be
> more so?

The following raises ACIError because of failed authorization check, I think
its ok.

RequirementError is only thrown when a command option that is required is not
passed by the user. I am not fond of expanding its use to the validation of
user content, like CSR file.

NotFound error is used when an _entry_ is not found - so not an ideal candidate
either for this case.

IMHO, ValidationError is fine for this situation - but maybe somebody else may
have other opinion...


Freeipa-devel mailing list

Reply via email to