[Freeipa-devel] [PATCH] 869 topology: restrict direction changes
Ludwig Krispenz
lkrispen at redhat.com
Thu Jun 11 11:11:27 UTC 2015
On 06/11/2015 12:53 PM, Petr Vobornik wrote:
> On 06/11/2015 12:35 PM, Ludwig Krispenz wrote:
>>
>> On 06/11/2015 12:19 PM, Petr Vobornik wrote:
>>> On 06/11/2015 10:22 AM, Martin Babinsky wrote:
>>>> On 06/10/2015 03:13 PM, Petr Vobornik wrote:
>>>>> topology plugin doesn't properly handle:
>>>>> - creation of segment with direction 'none' and then upgrade to other
>>>>> direction
>>>>> - downgrade of direction
>>>>>
>>>>> These situations are now forbidden in API.
>>>>>
>>>>> part of: https://fedorahosted.org/freeipa/ticket/4302
>>>>>
>>>>>
>>>> ACK
>>>>
>>>
>>> Looking at Ludwig's path 12, the patch completely forbids mod of
>>> ipaReplTopoSegmentDirection?
>> that's what I thought we agreed on,
>
> I thought, that we will only complain loudly on downgrade of connection.
>
>> so you would have to add a segment
>> in the opposite direction an they would be merged to both,
>> but maybe this is a bit strict.
>
> This could work as well, but:
>
> I just tried (without patch 12) to create:
> 1. A to B, left-right: success
> 2. B to A, right-left: "Server is unwilling to perform: Segment
> already exists in topology or is self referential. Add rejected."
yes, B to A, right-left is the same as A-B, left right
>
> I.e., the upgrade didn't happen.
>
>> I could allow for
>> ipaReplTopoSegmentDirection replace: both
>>> So that upgrade from right-left and left-right to both is not
>>> allowed? If so then this patch needs to be updated.
>> depends a bit on what you prefer and what we can get in for alpha.
>
> Depends what's better, I already have adjusted patch for ^^ so it's
> not about the work.
so lets take the changes to your patch and we could still extend
functionality a bit for beta or later
More information about the Freeipa-devel
mailing list