summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2011-10-17 14:26:13 +0200
committerMartin Kosek <mkosek@redhat.com>2011-10-17 17:09:46 +0200
commit99d938152fbef41f2d48d4088e5ba39bc820e9de (patch)
tree260586fa0fc76cd040b07296530ed7b053e878fb
parentb607c5cc5ab34c007640011f299f358f190f6652 (diff)
downloadfreeipa-99d938152fbef41f2d48d4088e5ba39bc820e9de.zip
freeipa-99d938152fbef41f2d48d4088e5ba39bc820e9de.tar.gz
freeipa-99d938152fbef41f2d48d4088e5ba39bc820e9de.tar.xz
Improve hostgroup/netgroup collision checks
When the NGP plugin is enabled, a managed netgroup is created for every hostgroup. We already check that netgroup with the same name does not exist and provide a meaningful error message. However, this error message was also printed when a duplicate hostgroup existed. This patch checks for duplicate hostgroup existence first and netgroup on the second place. It also makes sure that when NGP plugin is (temporarily) disabled, a colliding netgroup cannot be created. https://fedorahosted.org/freeipa/ticket/1914
-rw-r--r--ipalib/plugins/hostgroup.py14
-rw-r--r--ipalib/plugins/netgroup.py20
2 files changed, 32 insertions, 2 deletions
diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py
index 0560bd7..4e6dbbd 100644
--- a/ipalib/plugins/hostgroup.py
+++ b/ipalib/plugins/hostgroup.py
@@ -117,10 +117,20 @@ class hostgroup_add(LDAPCreate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
try:
+ # check duplicity with hostgroups first to provide proper error
+ netgroup = api.Command['hostgroup_show'](keys[-1])
+ self.obj.handle_duplicate_entry(*keys)
+ except errors.NotFound:
+ pass
+
+ try:
+ # when enabled, a managed netgroup is created for every hostgroup
+ # make sure that the netgroup can be created
netgroup = api.Command['netgroup_show'](keys[-1])
raise errors.DuplicateEntry(message=unicode(_(\
- u'netgroup with name "%s" already exists' % keys[-1]\
- )))
+ u'netgroup with name "%s" already exists. ' \
+ u'Hostgroups and netgroups share a common namespace'\
+ ) % keys[-1]))
except errors.NotFound:
pass
diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py
index 8901ac9..d8c3c47 100644
--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@@ -145,6 +145,26 @@ class netgroup_add(LDAPCreate):
msg_summary = _('Added netgroup "%(value)s"')
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
entry_attrs.setdefault('nisdomainname', self.api.env.domain)
+
+ try:
+ # check duplicity with netgroups first to provide proper error
+ netgroup = api.Command['netgroup_show'](keys[-1])
+ self.obj.handle_duplicate_entry(*keys)
+ except errors.NotFound:
+ pass
+
+ try:
+ # when enabled, a managed netgroup is created for every hostgroup
+ # make sure that we don't create a collision if the plugin is
+ # (temporarily) disabled
+ netgroup = api.Command['hostgroup_show'](keys[-1])
+ raise errors.DuplicateEntry(message=unicode(_(\
+ u'hostgroup with name "%s" already exists. ' \
+ u'Hostgroups and netgroups share a common namespace'\
+ ) % keys[-1]))
+ except errors.NotFound:
+ pass
+
return dn
api.register(netgroup_add)