Improve hostgroup/netgroup collision checks

When the NGP plugin is enabled, a managed netgroup is created for every hostgroup. We already check that netgroup with the same name does not exist and provide a meaningful error message. However, this error message was also printed when a duplicate hostgroup existed. This patch checks for duplicate hostgroup existence first and netgroup on the second place. It also makes sure that when NGP plugin is (temporarily) disabled, a colliding netgroup cannot be created. https://fedorahosted.org/freeipa/ticket/1914
2025-02-25 18:55:28 -06:00 · 2011-10-17 14:26:13 +02:00 · 2011-10-17 14:26:13 +02:00 · 5a3268fc7d
commit 5a3268fc7d
parent e365bc5379
2 changed files with 32 additions and 2 deletions
--- a/ipalib/plugins/hostgroup.py
+++ b/ipalib/plugins/hostgroup.py
@ -117,10 +117,20 @@ class hostgroup_add(LDAPCreate):

    def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
        try:
+            # check duplicity with hostgroups first to provide proper error
+            netgroup = api.Command['hostgroup_show'](keys[-1])
+            self.obj.handle_duplicate_entry(*keys)
+        except errors.NotFound:
+            pass
+
+        try:
+            # when enabled, a managed netgroup is created for every hostgroup
+            # make sure that the netgroup can be created
            netgroup = api.Command['netgroup_show'](keys[-1])
            raise errors.DuplicateEntry(message=unicode(_(\
-                    u'netgroup with name "%s" already exists' % keys[-1]\
-                    )))
+                    u'netgroup with name "%s" already exists. ' \
+                    u'Hostgroups and netgroups share a common namespace'\
+                    ) % keys[-1]))
        except errors.NotFound:
            pass

--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@ -145,6 +145,26 @@ class netgroup_add(LDAPCreate):
    msg_summary = _('Added netgroup "%(value)s"')
    def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
        entry_attrs.setdefault('nisdomainname', self.api.env.domain)
+
+        try:
+            # check duplicity with netgroups first to provide proper error
+            netgroup = api.Command['netgroup_show'](keys[-1])
+            self.obj.handle_duplicate_entry(*keys)
+        except errors.NotFound:
+            pass
+
+        try:
+            # when enabled, a managed netgroup is created for every hostgroup
+            # make sure that we don't create a collision if the plugin is
+            # (temporarily) disabled
+            netgroup = api.Command['hostgroup_show'](keys[-1])
+            raise errors.DuplicateEntry(message=unicode(_(\
+                    u'hostgroup with name "%s" already exists. ' \
+                    u'Hostgroups and netgroups share a common namespace'\
+                    ) % keys[-1]))
+        except errors.NotFound:
+            pass
+
        return dn

 api.register(netgroup_add)