[Freeipa-devel] [PATCH] 961 don't allow masters or their services to be deleted
Rob Crittenden
rcritten at redhat.com
Thu Feb 23 16:33:37 UTC 2012
Martin Kosek wrote:
> On Wed, 2012-02-22 at 17:47 -0500, Rob Crittenden wrote:
>> Don't allow a host that is a master or its IPA services to be deleted.
>>
>> I'm taking a pretty limited view of services, preventing deletion of
>> just the IPA services I could think of. I don't want to prevent someone
>> from deleting an nfs service they set up, for example.
>>
>> I'm raising a ValidationError here. I don't know what value it would add
>> to have a custom exception but I can add one if desired.
>>
>> rob
>
> Generally it looks OK. At first I was concerned if we don't blow up
> during ipa-replica-manage del, but it worked fine.
>
> I have just 2 minor issues:
> 1) There is wrong attribute name in new service-del ValidationError,
> which is confusing:
>
> # ipa service-del
> ldap/vm-068.idm.lab.bos.redhat.com at IDM.LAB.BOS.REDHAT.COM
> ipa: ERROR: invalid 'hostname': This service cannot be removed from an
> IPA master
Yeah, I waffled on that myself. I used hostname since that is what was
blowing up. I can change it.
> 2) I would move function host_is_master rather to ipalib/util.py as its
> not really related with base classes in baseldap.py
I added in there because it requires LDAP to execute. You can't call
this without an ldpa handle, etc. I think it should remain there to
avoid confusion.
rob
More information about the Freeipa-devel
mailing list