[Freeipa-devel] [PATCHES] 0012-13 Don't allow deleting required config options

Petr Viktorin pviktori at redhat.com
Mon Feb 20 09:42:54 UTC 2012 

https://fedorahosted.org/freeipa/ticket/2159 says various config options 
are not marked Required, so entering an empty value for it will pass 
validation (and IPA will blow up later when it expects a string,not 
None). Forexample the following:
$ ipa config-mod --groupsearch=
fails with AttributeError: 'NoneType' object has no attribute 'split'

There is a more general problem behind this, though: even if the 
attributes *are* marked as Required, an empty string will pass 
validation. This is because `None` is used in `Param.validate` to mean 
both "No value supplied" and "Empty value supplied". The method 
currently assumes the former, and skips validation entirely for `None` 
values to optional parameters.

For example, the following will delete "membergroup", even though it's a 
required attribute :

$ ipa delegation-add --attrs=street --group=editors \
  --membergroup=admins td1
$ ipa delegation-mod --membergroup= td1

Note that some LDAPObjects handle this with a _check_empty_attrs 
function, so they aren't affected. That function is specific to LADP 
objects, though. So I needed to tackle this on a lower level.

This patch solves the problem by
* adding a 'nonempty' flag when a required parameter of a CRUD Update 
object is auto-converted to a non-required parameter
* making the`validate` method aware of whether the parameter was 
supplied; and if it was, honor the "nonempty" flag.


The second patch fixes https://fedorahosted.org/freeipa/ticket/2159 by 
marking required config options as required.

-- 
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0012-Enforce-that-required-attributes-can-t-be-set-to-Non.patch
Type: text/x-patch
Size: 4625 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120220/14fab7d6/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0013-Mark-several-config-options-as-required.patch
Type: text/x-patch
Size: 9487 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120220/14fab7d6/attachment-0001.bin>

More information about the Freeipa-devel mailing list