diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-01-13 14:29:16 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2011-01-14 14:26:22 -0500 |
commit | c69d8084c17c5d94240bda9447ed9546159608a5 (patch) | |
tree | cbb69cb18d98ddea93c0bd1ea1c706026d0fe94e /ipalib/frontend.py | |
parent | c94d20cfd8cc1bd8cd8152b19d6807b654286197 (diff) | |
download | freeipa-c69d8084c17c5d94240bda9447ed9546159608a5.tar.gz freeipa-c69d8084c17c5d94240bda9447ed9546159608a5.tar.xz freeipa-c69d8084c17c5d94240bda9447ed9546159608a5.zip |
Add API version and have server reject incompatible clients.
This patch contains 2 parts.
The first part is a small utility to create and validate the current
API. To do this it needs to load ipalib which on a fresh system
introduces a few problems, namely that it relies on a python plugin
to set the default encoding to utf8. For our purposes we can skip that.
It is also important that any optional plugins be loadable so the
API can be examined.
The second part is a version exchange between the client and server.
The version has a major and a minor version. The major verion is
updated whenever existing API changes. The minor version is updated when
new API is added. A request will be rejected if either the major versions
don't match or if the client major version is higher than then server
major version (though by implication new API would return a command not
found if allowed to proceed).
To determine the API version of the server from a client use the ping
command.
ticket 584
Diffstat (limited to 'ipalib/frontend.py')
-rw-r--r-- | ipalib/frontend.py | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/ipalib/frontend.py b/ipalib/frontend.py index 7177bd18..eeed3980 100644 --- a/ipalib/frontend.py +++ b/ipalib/frontend.py @@ -30,9 +30,11 @@ from util import make_repr from output import Output, Entry, ListOfEntries from text import _, ngettext -from errors import ZeroArgumentError, MaxArgumentError, OverlapError, RequiresRoot +from errors import ZeroArgumentError, MaxArgumentError, OverlapError, RequiresRoot, VersionError, RequirementError from errors import InvocationError from constants import TYPE_ERROR +from ipapython.version import API_VERSION +from distutils import version RULE_FLAG = 'validation_rule' @@ -412,6 +414,8 @@ class Command(HasParam): self.info( '%s(%s)', self.name, ', '.join(self._repr_iter(**params)) ) + if not self.api.env.in_server and 'version' not in params: + params['version'] = API_VERSION self.validate(**params) (args, options) = self.params_2_args_options(**params) ret = self.run(*args, **options) @@ -680,6 +684,30 @@ class Command(HasParam): value = kw.get(param.name, None) param.validate(value, self.env.context) + def verify_client_version(self, client_version): + """ + Compare the version the client provided to the version of the + server. + + If the client major version does not match then return an error. + If the client minor version is less than or equal to the server + then let the request proceed. + """ + ver = version.LooseVersion(client_version) + if len(ver.version) < 2: + raise VersionError(cver=ver.version, sver=server_ver.version, server= self.env.xmlrpc_uri) + client_major = ver.version[0] + client_minor = ver.version[1] + + server_ver = version.LooseVersion(API_VERSION) + server_major = server_ver.version[0] + server_minor = server_ver.version[1] + + if server_major != client_major: + raise VersionError(cver=client_version, sver=API_VERSION, server=self.env.xmlrpc_uri) + if client_minor > server_minor: + raise VersionError(cver=client_version, sver=API_VERSION, server=self.env.xmlrpc_uri) + def run(self, *args, **options): """ Dispatch to `Command.execute` or `Command.forward`. @@ -693,6 +721,9 @@ class Command(HasParam): performs is executed remotely. """ if self.api.env.in_server: + if 'version' in options: + self.verify_client_version(options['version']) + del options['version'] return self.execute(*args, **options) return self.forward(*args, **options) @@ -826,6 +857,11 @@ class Command(HasParam): exclude='webui', flags=['no_output'], ) + yield Str('version?', + doc=_('Client version. Used to determine if server will accept request.'), + exclude='webui', + flags=['no_option', 'no_output'], + ) return def validate_output(self, output): |