From: Andreas Schneider <asn@samba.org>
Date: Mon, 22 Jan 2024 14:05:02 +0000 (+0100)
Subject: python:gp: Do not print an error if template already exists
X-Git-Tag: talloc-2.4.2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=98dc44286ea102ef7701ccdea26bbde32b523a7e;p=thirdparty%2Fsamba.git

python:gp: Do not print an error if template already exists

We will get an exit status for duplicate in future:
https://www.pagure.io/certmonger/issue/269
We can't really fix that right now, as older version of certmonger
don't support the `-v` option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
---

diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py
index 1547e9db983..b55a0ce3bd0 100644
--- a/python/samba/gp/gp_cert_auto_enroll_ext.py
+++ b/python/samba/gp/gp_cert_auto_enroll_ext.py
@@ -338,8 +338,12 @@ def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'):
             out, err = p.communicate()
             log.debug(out.decode())
             if p.returncode != 0:
-                data = { 'Error': err.decode(), 'Certificate': nickname }
-                log.error('Failed to request certificate', data)
+                if p.returncode == 2:
+                    log.info('The template [%s] already exists' % (nickname))
+                else:
+                    data = {'Error': err.decode(), 'Certificate': nickname}
+                    log.error('Failed to request certificate', data)
+
             data['files'].extend([keyfile, certfile])
             data['templates'].append(nickname)
         if update is not None: