From 5089dde2cdbe22cabdbf74f325711ea5dcc22490 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Wed, 10 Jun 2015 15:03:44 +0200 Subject: disallow mod of topology segment nodes Mod of segment end will be disallowed in topology plugin. Reasoning (by Ludwig): if we want to properly allow mods to change connectivity and endpoints, then we would need to check if the mod disconnects the topology, delete existing agreements, check if the new would be a duplicate and create new agmts. There could be some difficult scenarios, like having A <--> B <--> C <--> D, if you modify the segment B-C to A-D topology breaks and is then reconnected. part of: https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Martin Babinsky --- API.txt | 4 +--- VERSION | 5 ++--- ipalib/plugins/topology.py | 2 ++ 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/API.txt b/API.txt index ba8227a57..15356f7ee 100644 --- a/API.txt +++ b/API.txt @@ -4804,15 +4804,13 @@ output: ListOfEntries('result', (, ), Gettext('A list output: Output('summary', (, ), None) output: Output('truncated', , None) command: topologysegment_mod -args: 2,15,3 +args: 2,13,3 arg: Str('topologysuffixcn', cli_name='topologysuffix', multivalue=False, primary_key=True, query=True, required=True) arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, primary_key=True, query=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Str('delattr*', cli_name='delattr', exclude='webui') option: StrEnum('iparepltoposegmentdirection', attribute=True, autofill=False, cli_name='direction', default=u'both', multivalue=False, required=False, values=(u'both', u'left-right', u'right-left', u'none')) -option: Str('iparepltoposegmentleftnode', attribute=True, autofill=False, cli_name='leftnode', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9.][a-zA-Z0-9.-]{0,252}[a-zA-Z0-9.$-]?$', required=False) -option: Str('iparepltoposegmentrightnode', attribute=True, autofill=False, cli_name='rightnode', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9.][a-zA-Z0-9.-]{0,252}[a-zA-Z0-9.$-]?$', required=False) option: StrEnum('nsds5replicaenabled', attribute=True, autofill=False, cli_name='enabled', multivalue=False, required=False, values=(u'on', u'off')) option: Str('nsds5replicastripattrs', attribute=True, autofill=False, cli_name='stripattrs', multivalue=False, required=False) option: Str('nsds5replicatedattributelist', attribute=True, autofill=False, cli_name='replattrs', multivalue=False, required=False) diff --git a/VERSION b/VERSION index b31b66b2d..897c34e72 100644 --- a/VERSION +++ b/VERSION @@ -90,6 +90,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=129 -# Last change: pvoborni - rename topologysegment_refresh to -# topologysegment_reinitialize +IPA_API_VERSION_MINOR=130 +# Last change: pvoborni - disallow mod of topologysegment nodes diff --git a/ipalib/plugins/topology.py b/ipalib/plugins/topology.py index d055602a8..9574b78f6 100644 --- a/ipalib/plugins/topology.py +++ b/ipalib/plugins/topology.py @@ -81,6 +81,7 @@ class topologysegment(LDAPObject): label=_('Left node'), normalizer=lambda value: value.lower(), doc=_('Left replication node - an IPA server'), + flags={'no_update'}, ), Str( 'iparepltoposegmentrightnode', @@ -91,6 +92,7 @@ class topologysegment(LDAPObject): label=_('Right node'), normalizer=lambda value: value.lower(), doc=_('Right replication node - an IPA server'), + flags={'no_update'}, ), StrEnum( 'iparepltoposegmentdirection', -- cgit