From: Andreas Schneider <asn@samba.org>
Date: Mon, 22 Jan 2024 14:04:36 +0000 (+0100)
Subject: python:gp: Do not print an error, if CA already exists
X-Git-Tag: talloc-2.4.2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=728757cd1ff0465967fcbda100254c9312e87c93;p=thirdparty%2Fsamba.git

python:gp: Do not print an error, if CA already exists

We will get an exit status for duplicate in future:
https://www.pagure.io/certmonger/issue/269
We can't really fix that right now, as older version of certmonger
don't support the `-v` option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
---

diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py
index e07f4276b84..1547e9db983 100644
--- a/python/samba/gp/gp_cert_auto_enroll_ext.py
+++ b/python/samba/gp/gp_cert_auto_enroll_ext.py
@@ -318,8 +318,12 @@ def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'):
         out, err = p.communicate()
         log.debug(out.decode())
         if p.returncode != 0:
-            data = { 'Error': err.decode(), 'CA': ca['name'] }
-            log.error('Failed to add Certificate Authority', data)
+            if p.returncode == 2:
+                log.info('The CA [%s] already exists' % ca['name'])
+            else:
+                data = {'Error': err.decode(), 'CA': ca['name']}
+                log.error('Failed to add Certificate Authority', data)
+
         supported_templates = get_supported_templates(ca['hostname'])
         for template in supported_templates:
             attrs = fetch_template_attrs(ldb, template)