Consider hidden servers as role provider

Hidden services are now considered as associated role providers, too. This fixes the issue of: invalid 'PKINIT enabled server': all masters must have IPA master role enabled and similar issues with CA and DNS. Fixes: https://pagure.io/freeipa/issue/7892 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Francois Cami <fcami@redhat.com> Reviewed-By: Thomas Woerner <twoerner@redhat.com>
2025-02-25 18:55:28 -06:00 · 2019-03-25 15:58:07 +01:00 · 2019-03-25 15:58:07 +01:00 · d810e1ff2f
commit d810e1ff2f
parent 94b86354b5
1 changed files with 4 additions and 3 deletions
--- a/ipaserver/servroles.py
+++ b/ipaserver/servroles.py
@ -338,12 +338,13 @@ class ServerAttribute(LDAPBasedProperty):
        ldap.update_entry(service_entry)

    def _get_assoc_role_providers(self, api_instance):
-        """
-        get list of all servers on which the associated role is enabled
+        """get list of all servers on which the associated role is enabled
+
+        Consider a hidden server as a valid provider for a role.
        """
        return [
            r[u'server_server'] for r in self.associated_role.status(
-                api_instance) if r[u'status'] == ENABLED]
+                api_instance) if r[u'status'] in {ENABLED, HIDDEN}]

    def _remove(self, api_instance, masters):
        """