Add warning when the same admin in project.yml has different role

holgerroth · Apr 4, 2024 · f5d1d03 · f5d1d03
1 parent d152605
commit f5d1d03
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/nvflare/lighter/impl/cert.py b/nvflare/lighter/impl/cert.py
@@ -87,6 +87,17 @@ def _build_write_cert_pair(self, participant, base_name, ctx):
             pri_key = serialization.load_pem_private_key(
                 self.persistent_state[subject]["pri_key"].encode("ascii"), password=None, backend=default_backend()
             )
+            if participant.type == "admin":
+                cn_list = cert.subject.get_attributes_for_oid(NameOID.UNSTRUCTURED_NAME)
+                for cn in cn_list:
+                    role = cn.value
+                    new_role = participant.props.get("role")
+                    if role != new_role:
+                        err_msg = (
+                            f"{participant.name}'s previous role is {role} but is now {new_role}.\n"
+                            + "Please delete existing workspace and provision from scratch."
+                        )
+                        raise RuntimeError(err_msg)
         else:
             pri_key, cert = self.get_pri_key_cert(participant)
             self.persistent_state[subject] = dict(