mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
idviews: prevent applying to a master
Custom IDViews should not be applied to IPA master nodes. Add a check enforcing this rule in idview_apply command. Fixes: https://pagure.io/freeipa/issue/5662 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
parent
14c9cf9988
commit
e08f7a9ef3
@ -26,6 +26,7 @@ from .baseldap import (LDAPQuery, LDAPObject, LDAPCreate,
|
||||
LDAPAddAttributeViaOption,
|
||||
LDAPRemoveAttributeViaOption,
|
||||
LDAPRetrieve, global_output_params,
|
||||
host_is_master,
|
||||
add_missing_object_class)
|
||||
from .hostgroup import get_complete_hostgroup_member_list
|
||||
from ipalib import (
|
||||
@ -360,6 +361,16 @@ class baseidview_apply(LDAPQuery):
|
||||
|
||||
for host in hosts_to_apply:
|
||||
try:
|
||||
# Check that the host is not a master
|
||||
# IDView must not be applied to masters
|
||||
try:
|
||||
host_is_master(ldap, host)
|
||||
except errors.ValidationError:
|
||||
failed['host'].append(
|
||||
(host,
|
||||
unicode(_("ID View cannot be applied to IPA master")))
|
||||
)
|
||||
continue
|
||||
host_dn = api.Object['host'].get_dn_if_exists(host)
|
||||
|
||||
host_entry = ldap.get_entry(host_dn,
|
||||
|
Loading…
Reference in New Issue
Block a user