Consider hidden servers as role provider

Hidden services are now considered as associated role providers, too. This
fixes the issue of:

    invalid 'PKINIT enabled server': all masters must have IPA
    master role enabled

and similar issues with CA and DNS.

Fixes: https://pagure.io/freeipa/issue/7892
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
This commit is contained in:
Christian Heimes 2019-03-25 15:58:07 +01:00
parent 94b86354b5
commit d810e1ff2f

View File

@ -338,12 +338,13 @@ class ServerAttribute(LDAPBasedProperty):
ldap.update_entry(service_entry)
def _get_assoc_role_providers(self, api_instance):
"""
get list of all servers on which the associated role is enabled
"""get list of all servers on which the associated role is enabled
Consider a hidden server as a valid provider for a role.
"""
return [
r[u'server_server'] for r in self.associated_role.status(
api_instance) if r[u'status'] == ENABLED]
api_instance) if r[u'status'] in {ENABLED, HIDDEN}]
def _remove(self, api_instance, masters):
"""