forked from TrueCloudLab/certificates
Merge pull request #1278 from smallstep/policy-help
Clarify policy lockout error message
This commit is contained in:
commit
ca9f8dc576
2 changed files with 2 additions and 2 deletions
|
@ -248,7 +248,7 @@ func isAllowed(engine authPolicy.X509Policy, sans []string) error {
|
||||||
if isNamePolicyError && policyErr.Reason == policy.NotAllowed {
|
if isNamePolicyError && policyErr.Reason == policy.NotAllowed {
|
||||||
return &PolicyError{
|
return &PolicyError{
|
||||||
Typ: AdminLockOut,
|
Typ: AdminLockOut,
|
||||||
Err: fmt.Errorf("the provided policy would lock out %s from the CA. Please update your policy to include %s as an allowed name", sans, sans),
|
Err: fmt.Errorf("the provided policy would lock out %s from the CA. Please create an x509 policy to include %s as an allowed DNS name.", sans, sans),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return &PolicyError{
|
return &PolicyError{
|
||||||
|
|
|
@ -80,7 +80,7 @@ func TestAuthority_checkPolicy(t *testing.T) {
|
||||||
},
|
},
|
||||||
err: &PolicyError{
|
err: &PolicyError{
|
||||||
Typ: AdminLockOut,
|
Typ: AdminLockOut,
|
||||||
Err: errors.New("the provided policy would lock out [step] from the CA. Please update your policy to include [step] as an allowed name"),
|
Err: errors.New("the provided policy would lock out [step] from the CA. Please create an x509 policy to include [step] as an allowed DNS name"),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in a new issue