ipaclient/action_plugins/ipaclient_get_otp: Enhanced error reporting

If kinit_password call failed because of wrong password or even because kinit was not found, there was a very unspecific error message. Now these errors will be properly reported. Fixes: RHBZ#1727277
2026-05-06 13:23:14 +00:00 · 2019-07-05 13:05:04 +02:00
parent 45b2648af2
commit 7a5fadfc8d
1 changed files with 9 additions and 6 deletions
--- a/roles/ipaclient/action_plugins/ipaclient_get_otp.py
+++ b/roles/ipaclient/action_plugins/ipaclient_get_otp.py
@@ -52,7 +52,8 @@ def run_cmd(args, stdin=None):
                         close_fds=True)
    stdout, stderr = p.communicate(stdin)

-    return p.returncode
+    if p.returncode != 0:
+        raise RuntimeError(stderr)


 def kinit_password(principal, password, ccache_name, config):
@@ -197,12 +198,14 @@ class ActionModule(ActionBase):
            f.write(content)

        if password:
-            # perform kinit -c ccache_name -l 1h principal
-            res = kinit_password(principal, password, ccache_name,
-                                 krb5conf_name)
-            if res:
+            try:
+                # perform kinit -c ccache_name -l 1h principal
+                kinit_password(principal, password, ccache_name,
+                               krb5conf_name)
+            except Exception as e:
                result['failed'] = True
-                result['msg'] = 'kinit %s with password failed' % principal
+                result['msg'] = 'kinit %s with password failed: %s' % \
+                    (principal, to_native(e))
                return result

        else: