diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2015-08-13 02:32:54 -0400 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2015-08-18 19:44:43 +0200 |
| commit | 27988f1b836874d6b1df0659bc95390636caeb78 (patch) | |
| tree | c9c6ed912e953e77533fa422f4afd526d663c7e8 /ipapython | |
| parent | 65b8c622070f61ad01a2a1706564911620b022bc (diff) | |
| download | freeipa-27988f1b836874d6b1df0659bc95390636caeb78.tar.gz freeipa-27988f1b836874d6b1df0659bc95390636caeb78.tar.xz freeipa-27988f1b836874d6b1df0659bc95390636caeb78.zip | |
Prohibit deletion of predefined profiles
Deletion of predefined profiles, including the default profile,
should not be allowed. Detect this case and raise an error.
Also update the predefined profiles collection to use namedtuple,
making it easier to access the various components.
Fixes: https://fedorahosted.org/freeipa/ticket/5198
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipapython')
| -rw-r--r-- | ipapython/dogtag.py | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 99bdf066d..fc4154719 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -17,6 +17,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # +import collections import os import httplib import xml.dom.minidom @@ -42,10 +43,11 @@ from ipapython.ipa_log_manager import * # the configured version. +Profile = collections.namedtuple('Profile', ['profile_id', 'description', 'store_issued']) + INCLUDED_PROFILES = { - # ( profile_id , description , store_issued) - (u'caIPAserviceCert', u'Standard profile for network services', True), - (u'IECUserRoles', u'User profile that includes IECUserRoles extension from request', True), + Profile(u'caIPAserviceCert', u'Standard profile for network services', True), + Profile(u'IECUserRoles', u'User profile that includes IECUserRoles extension from request', True), } DEFAULT_PROFILE = u'caIPAserviceCert' |