[Freeipa-devel] [PATCH] 0221 fix trustdomain-del
Alexander Bokovoy
abokovoy at redhat.com
Tue Nov 1 08:42:57 UTC 2016
On ti, 01 marras 2016, Martin Babinsky wrote:
>On 10/31/2016 05:23 PM, Alexander Bokovoy wrote:
>>See description. This is a regression since FreeIPA 4.4.0.
>>
>>
>>
>
>Hi Alexander,
>
>Please link upstream ticket[1] to the commit message, not BZ.
>
>I have put on my Travis hat and found:
>
>1.) pep8 error:
>
>./ipaserver/plugins/trust.py:1623:25: E128 continuation line
>under-indented for visual indent
>
>I know that this is a piece of code that was only moved around but it
>should conform to pep8 anyway.
>
>2.) unused variable:
>
>Pylint is running, please wait ...
>************* Module ipaserver.plugins.trust
>ipaserver/plugins/trust.py:1619: [W0612(unused-variable),
>trustdomain_del.execute] Unused variable 'entry')
>Makefile:130: recipe for target 'pylint' failed
>make: *** [pylint] Error 1
>
>Also, if you just want to check if the domain exists, I think that you
>can use `get_dn_if_exists` method of LDAPObject (you will get rid of
>unused variable as a bonus):
>
>diff --git a/ipaserver/plugins/trust.py b/ipaserver/plugins/trust.py
>index 3540742..2cd4722 100644
>--- a/ipaserver/plugins/trust.py
>+++ b/ipaserver/plugins/trust.py
>@@ -1615,8 +1615,7 @@ class trustdomain_del(LDAPDelete):
>
> for domain in keys[1]:
> try:
>- dn = self.obj.get_dn(keys[0], domain, trust_type=u'ad')
>- entry = ldap.get_entry(dn)
>+ self.obj.get_dn_if_exists(keys[0], domain,
>trust_type=u'ad')
> except errors.NotFound:
> if keys[0].lower() == domain:
> raise errors.ValidationError(name='domain'
>
>[1] https://fedorahosted.org/freeipa/ticket/6445
Thanks, I've fixed these issues.
Updated patch is attached.
--
/ Alexander Bokovoy
-------------- next part --------------
From 2b7cb26a5e95ee6f780b3484ca673fdb5e8bd67e Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy at redhat.com>
Date: Mon, 31 Oct 2016 18:17:35 +0200
Subject: [PATCH 2/2] trustdomain-del: fix the way how subdomain is searched
With FreeIPA 4.4 we moved child domains behind the 'trustdomain' topic.
Update 'ipa trustdomain-del' command to properly calculate DN to the
actual child domain and handle the case when it is missing correctly.
Fixes https://fedorahosted.org/freeipa/ticket/6445
---
ipaserver/plugins/trust.py | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/ipaserver/plugins/trust.py b/ipaserver/plugins/trust.py
index c0c080d..c84b1aa 100644
--- a/ipaserver/plugins/trust.py
+++ b/ipaserver/plugins/trust.py
@@ -1614,13 +1614,16 @@ class trustdomain_del(LDAPDelete):
# to always receive empty keys. We need to catch the case when root domain is being deleted
for domain in keys[1]:
- # Fetch the trust to verify that the entered domain is trusted
- self.api.Command.trust_show(domain)
+ try:
+ self.obj.get_dn_if_exists(keys[0], domain, trust_type=u'ad')
+ except errors.NotFound:
+ if keys[0].lower() == domain:
+ raise errors.ValidationError(
+ name='domain',
+ error=_("cannot delete root domain of the trust, "
+ "use trust-del to delete the trust itself"))
+ self.obj.handle_not_found(keys[0], domain)
- if keys[0].lower() == domain:
- raise errors.ValidationError(name='domain',
- error=_("cannot delete root domain of the trust, "
- "use trust-del to delete the trust itself"))
try:
self.api.Command.trustdomain_enable(keys[0], domain)
except errors.AlreadyActive:
--
2.9.3
More information about the Freeipa-devel
mailing list