From 5089dde2cdbe22cabdbf74f325711ea5dcc22490 Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvoborni@redhat.com>
Date: Wed, 10 Jun 2015 15:03:44 +0200
Subject: disallow mod of topology segment nodes

Mod of segment end will be disallowed in topology plugin.

Reasoning (by Ludwig):  if we want to properly allow mods to change
connectivity and endpoints, then we would need to check if the mod
disconnects the topology, delete existing agreements, check if the new
would be a duplicate and create new agmts. There could be some difficult
scenarios, like having
  A <--> B <--> C <--> D,
if you modify the segment B-C to A-D topology breaks and is then
reconnected.

part of: https://fedorahosted.org/freeipa/ticket/4302

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
---
 ipalib/plugins/topology.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'ipalib/plugins')

diff --git a/ipalib/plugins/topology.py b/ipalib/plugins/topology.py
index d055602a8..9574b78f6 100644
--- a/ipalib/plugins/topology.py
+++ b/ipalib/plugins/topology.py
@@ -81,6 +81,7 @@ class topologysegment(LDAPObject):
             label=_('Left node'),
             normalizer=lambda value: value.lower(),
             doc=_('Left replication node - an IPA server'),
+            flags={'no_update'},
         ),
         Str(
             'iparepltoposegmentrightnode',
@@ -91,6 +92,7 @@ class topologysegment(LDAPObject):
             label=_('Right node'),
             normalizer=lambda value: value.lower(),
             doc=_('Right replication node - an IPA server'),
+            flags={'no_update'},
         ),
         StrEnum(
             'iparepltoposegmentdirection',
-- 
cgit