[Freeipa-devel] [PATCH] 961 don't allow masters or their services to be deleted

[Rob Crittenden]

Martin Kosek wrote:
> On Thu, 2012-02-23 at 11:33 -0500, Rob Crittenden wrote:
>> Martin Kosek wrote:
>>> On Wed, 2012-02-22 at 17:47 -0500, Rob Crittenden wrote:
>>>> Don't allow a host that is a master or its IPA services to be deleted.
>>>>
>>>> I'm taking a pretty limited view of services, preventing deletion of
>>>> just the IPA services I could think of. I don't want to prevent someone
>>>> from deleting an nfs service they set up, for example.
>>>>
>>>> I'm raising a ValidationError here. I don't know what value it would add
>>>> to have a custom exception but I can add one if desired.
>>>>
>>>> rob
>>>
>>> Generally it looks OK. At first I was concerned if we don't blow up
>>> during ipa-replica-manage del, but it worked fine.
>>>
>>> I have just 2 minor issues:
>>> 1) There is wrong attribute name in new service-del ValidationError,
>>> which is confusing:
>>>
>>> # ipa service-del
>>> ldap/vm-068.idm.lab.bos.redhat.com at IDM.LAB.BOS.REDHAT.COM
>>> ipa: ERROR: invalid 'hostname': This service cannot be removed from an
>>> IPA master
>>
>> Yeah, I waffled on that myself. I used hostname since that is what was
>> blowing up. I can change it.
>
> Yes please. This may confuse users as we always try to have attribute
> name in ValidationError. We may want to reword the error text in that
> case too.
>
>>
>>> 2) I would move function host_is_master rather to ipalib/util.py as its
>>> not really related with base classes in baseldap.py
>>
>> I added in there because it requires LDAP to execute. You can't call
>> this without an ldpa handle, etc. I think it should remain there to
>> avoid confusion.
>>

Done. Added some unit tests too.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-961-2-removehost.patch
Type: text/x-diff
Size: 5357 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120223/d0f12f24/attachment.bin>