Fix ipa config-mod --ca-renewal-master

commit bddb90f38a added the support for multivalued server attributes (for pkinit_server_server), but this introduced an API change where the setter and getter of ServerAttribute are expecting list of values. When a SingleValuedServerAttribute is used, we need to convert one elem into a list containing this elem and vice-versa, so that the ipa config-mod and ipa config_show APIs are not modified. https://pagure.io/freeipa/issue/7120 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2025-01-26 16:16:31 -06:00 · 2017-08-23 16:31:18 +02:00 · 2017-08-23 16:31:18 +02:00 · a077c705fe
commit a077c705fe
parent 45bd31b436
2 changed files with 14 additions and 2 deletions
--- a/ipaserver/plugins/serverroles.py
+++ b/ipaserver/plugins/serverroles.py
@ -46,6 +46,7 @@ from ipalib import errors, _
 from ipalib.backend import Backend
 from ipalib.plugable import Registry
 from ipaserver.servroles import (attribute_instances, ENABLED, role_instances)
+from ipaserver.servroles import SingleValuedServerAttribute


 if six.PY3:
@ -142,6 +143,10 @@ class serverroles(Backend):
            attr_value = attr.get(self.api)

            if attr_value:
+                # attr can be a SingleValuedServerAttribute
+                # in this case, the API expects a value, not a list of values
+                if isinstance(attr, SingleValuedServerAttribute):
+                    attr_value = attr_value[0]
                result.update({name: attr_value})

        return result
@ -149,6 +154,13 @@ class serverroles(Backend):
    def config_update(self, **attrs_values):
        for attr, value in attrs_values.items():
            try:
+                # when the attribute is single valued, it will be stored
+                # in a SingleValuedServerAttribute. The set method expects
+                # a list containing a single value.
+                # We need to convert value to a list containing value
+                if isinstance(self.attributes[attr],
+                              SingleValuedServerAttribute):
+                    value = [value]
                self.attributes[attr].set(self.api, value)
            except KeyError:
                raise errors.NotFound(
--- a/ipatests/test_ipaserver/test_serverroles.py
+++ b/ipatests/test_ipaserver/test_serverroles.py
@ -715,7 +715,7 @@ class TestServerAttributes(object):
        non_ca_fqdn = mock_masters.get_fqdn('trust-controller-dns')

        with pytest.raises(errors.ValidationError):
-            self.config_update(mock_api, **{attr_name: [non_ca_fqdn]})
+            self.config_update(mock_api, **{attr_name: non_ca_fqdn})

    def test_set_unknown_attribute_on_master_raises_notfound(
            self, mock_api, mock_masters):
@ -732,7 +732,7 @@ class TestServerAttributes(object):
        original_renewal_master = self.config_retrieve(
            role_name, mock_api)[attr_name]

-        other_ca_server = [mock_masters.get_fqdn('trust-controller-ca')]
+        other_ca_server = mock_masters.get_fqdn('trust-controller-ca')

        for host in (other_ca_server, original_renewal_master):
            self.config_update(mock_api, **{attr_name: host})