[Freeipa-devel] [PATCH 0011] check-for-existing-and-self-referential-segments
Ludwig Krispenz
lkrispen at redhat.com
Wed Jun 10 12:26:20 UTC 2015
Hi Petr,
On 06/08/2015 04:50 PM, Ludwig Krispenz wrote:
>
> On 06/08/2015 04:47 PM, Petr Vobornik wrote:
>> On 06/03/2015 06:20 PM, Simo Sorce wrote:
>>> On Wed, 2015-06-03 at 14:53 +0200, Ludwig Krispenz wrote:
>>>> Hi,
>>>>
>>>> this should prevent adding duplicate segments or segments with same
>>>> start and end node
>>>
>>> LGTM!
>>>
>>> Simo.
>>>
>>
>> The self referential check is done only in ipa_topo_pre_add. But it
>> is still possible to create self referential in mod.
>>
>> Interesting thing is if I:
>> - have segment (A, B)
>> - modify it to (A, A) (success)
>> - add (A, B), got: "Server is unwilling to perform: Segment already
>> exists in topology or is self referential. Add rejected."
>> - removal of (A, A): "Server is unwilling to perform: Removal of
>> Segment disconnects topology.Deletion not allowed." note that, there
>> are also: (A, D) and (A, C) segments.
>>
>> ACK if it will be addressed in separate patch.
did you push this patch ?
> yes, it will be.
but it will take more work, if we want to properly allow mods to change
connectivity and endpoints, then we would need to check if the mod
disconnects the topology, delete existing agreements, check if the new
would be a duplicate and create new agmts. There could be some difficult
scenarios,like having
A <--> B <--> C <--> D,
if you modify the segment B-C to A-D topology breaks and is then
reconnected.
So I think we should reject segment mods affecting endpoints of the
segment, at least for alpha, beta ...
> You find interesting scenarios :-)
>
More information about the Freeipa-devel
mailing list