From d885339f1cbf208b06c1eb26c49c60d11d62f1c3 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 22 Jul 2010 14:16:22 -0400 Subject: Require that hosts be resolvable in DNS. Use --force to ignore warnings. This also requires a resolvable hostname on services as well. I want people to think long and hard about adding things that aren't resolvable. The cert plugin can automatically create services on the user's behalf when issuing a cert. It will always set the force flag to True. We use a lot of made-up host names in the test system, all of which require the force flag now. ticket #25 --- ipalib/plugins/service.py | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) (limited to 'ipalib/plugins/service.py') diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 392ae60e..ac949b78 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -60,7 +60,7 @@ EXAMPLES: """ import base64 -from ipalib import api, errors +from ipalib import api, errors, util from ipalib import Str, Flag, Bytes from ipalib.plugins.baseldap import * from ipalib import x509 @@ -183,19 +183,11 @@ class service_add(LDAPCreate): entry_attrs['usercertificate'] = base64.b64decode(cert) # FIXME: shouldn't we request signing at this point? - # TODO: once DNS client is done (code below for reference only!) - # if not kw['force']: - # fqdn = hostname + '.' - # rs = dnsclient.query(fqdn, dnsclient.DNS_C_IN, dnsclient.DNS_T_A) - # if len(rs) == 0: - # self.log.debug( - # 'IPA: DNS A record lookup failed for '%s'" % hostname - # ) - # raise ipaerror.gen_exception(ipaerror.INPUT_NOT_DNS_A_RECORD) - # else: - # self.log.debug( - # 'IPA: found %d records for '%s'" % (len(rs), hostname) - # ) + if not options.get('force', False): + # We know the host exists if we've gotten this far but we + # really want to discourage creating services for hosts that + # don't exist in DNS. + util.validate_host_dns(self.log, hostname) return dn -- cgit