[Freeipa-devel] [PATCH] 961 don't allow masters or their services to be deleted
Martin Kosek
mkosek at redhat.com
Thu Feb 23 17:10:04 UTC 2012
On Thu, 2012-02-23 at 11:33 -0500, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Wed, 2012-02-22 at 17:47 -0500, Rob Crittenden wrote:
> >> Don't allow a host that is a master or its IPA services to be deleted.
> >>
> >> I'm taking a pretty limited view of services, preventing deletion of
> >> just the IPA services I could think of. I don't want to prevent someone
> >> from deleting an nfs service they set up, for example.
> >>
> >> I'm raising a ValidationError here. I don't know what value it would add
> >> to have a custom exception but I can add one if desired.
> >>
> >> rob
> >
> > Generally it looks OK. At first I was concerned if we don't blow up
> > during ipa-replica-manage del, but it worked fine.
> >
> > I have just 2 minor issues:
> > 1) There is wrong attribute name in new service-del ValidationError,
> > which is confusing:
> >
> > # ipa service-del
> > ldap/vm-068.idm.lab.bos.redhat.com at IDM.LAB.BOS.REDHAT.COM
> > ipa: ERROR: invalid 'hostname': This service cannot be removed from an
> > IPA master
>
> Yeah, I waffled on that myself. I used hostname since that is what was
> blowing up. I can change it.
Yes please. This may confuse users as we always try to have attribute
name in ValidationError. We may want to reword the error text in that
case too.
>
> > 2) I would move function host_is_master rather to ipalib/util.py as its
> > not really related with base classes in baseldap.py
>
> I added in there because it requires LDAP to execute. You can't call
> this without an ldpa handle, etc. I think it should remain there to
> avoid confusion.
>
Ok.
Martin
More information about the Freeipa-devel
mailing list