diff options
| author | Stanislav Laznicka <slaznick@redhat.com> | 2016-06-23 16:04:04 +0200 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2016-06-24 13:32:02 +0200 |
| commit | 13328bc7518a9e536d26562a738b4591c0494b75 (patch) | |
| tree | 19f341f1f2153ee1d7712c496ad5b8f293481a0c | |
| parent | 5b5258b01081aa9ad4bf83907941c1c2d8a47722 (diff) | |
| download | freeipa-13328bc7518a9e536d26562a738b4591c0494b75.tar.gz freeipa-13328bc7518a9e536d26562a738b4591c0494b75.tar.xz freeipa-13328bc7518a9e536d26562a738b4591c0494b75.zip | |
topo segment-add: validate that both masters support target suffix
This patch removes the ability to add segment between hosts where
either does not support the requested suffix.
https://fedorahosted.org/freeipa/ticket/5967
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
| -rw-r--r-- | ipaserver/plugins/topology.py | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/ipaserver/plugins/topology.py b/ipaserver/plugins/topology.py index 0d0b3c084..0cccf902f 100644 --- a/ipaserver/plugins/topology.py +++ b/ipaserver/plugins/topology.py @@ -204,7 +204,7 @@ class topologysegment(LDAPObject): ), ) - def validate_nodes(self, ldap, dn, entry_attrs): + def validate_nodes(self, ldap, dn, entry_attrs, suffix): leftnode = entry_attrs.get('iparepltoposegmentleftnode') rightnode = entry_attrs.get('iparepltoposegmentrightnode') @@ -246,6 +246,27 @@ class topologysegment(LDAPObject): error=_('left node and right node must not be the same') ) + # don't allow segment between nodes where both don't have the suffix + masters_to_suffix = map_masters_to_suffixes(masters) + suffix_masters = masters_to_suffix.get(suffix, []) + suffix_m_hostnames = [m['cn'][0].lower() for m in suffix_masters] + + if leftnode not in suffix_m_hostnames: + raise errors.ValidationError( + name='leftnode', + error=_("left node ({host}) does not support " + "suffix '{suff}'" + .format(host=leftnode, suff=suffix)) + ) + + if rightnode not in suffix_m_hostnames: + raise errors.ValidationError( + name='rightnode', + error=_("right node ({host}) does not support " + "suffix '{suff}'" + .format(host=rightnode, suff=suffix)) + ) + @register() class topologysegment_find(LDAPSearch): @@ -266,7 +287,7 @@ class topologysegment_add(LDAPCreate): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) validate_domain_level(self.api) - self.obj.validate_nodes(ldap, dn, entry_attrs) + self.obj.validate_nodes(ldap, dn, entry_attrs, keys[0]) return dn @@ -291,7 +312,7 @@ class topologysegment_mod(LDAPUpdate): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) validate_domain_level(self.api) - self.obj.validate_nodes(ldap, dn, entry_attrs) + self.obj.validate_nodes(ldap, dn, entry_attrs, keys[0]) return dn |