From 97f52ad53a6284b20e275e8ae28c599d96fc0b30 Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvoborni@redhat.com>
Date: Wed, 12 Aug 2015 11:07:22 +0200
Subject: [PATCH] validate mutually exclusive options in vault-add

https://fedorahosted.org/freeipa/ticket/5195

Reviewed-By: Tomas Babej <tbabej@redhat.com>
---
 ipalib/plugins/vault.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ipalib/plugins/vault.py b/ipalib/plugins/vault.py
index fe4eec325dde4a9ecd8a7ce5af1a124fc5c6a9ae..055e8d00f1616c15b217e7570eeedd46efba7c81 100644
--- a/ipalib/plugins/vault.py
+++ b/ipalib/plugins/vault.py
@@ -597,6 +597,18 @@ class vault_add(PKQuery, Local):
         if 'public_key_file' in options:
             del options['public_key_file']
 
+        if vault_type != u'symmetric' and (password or password_file):
+            raise errors.MutuallyExclusiveError(
+                reason=_('Password can be specified only for '
+                         'symmetric vault')
+            )
+
+        if vault_type != u'asymmetric' and (public_key or public_key_file):
+            raise errors.MutuallyExclusiveError(
+                reason=_('Public key can be specified only for '
+                         'asymmetric vault')
+            )
+
         if self.api.env.in_server:
             backend = self.api.Backend.ldap2
         else:
-- 
2.4.3