[Freeipa-devel] [freeipa PR#6101][opened] Don't limit role-find by hostname when searching for last KRA

Mon, 22 Nov 2021 08:03:37 -0800 

   URL: https://github.com/freeipa/freeipa/pull/6101
Author: rcritten
 Title: #6101: Don't limit role-find by hostname when searching for last KRA
Action: opened

PR body:
"""
The "is this the last KRA" test did a role-find including the
current server. This skewed the result if the server to be
removed has a KRA installed, it would always return "not allowed"
because len(roles) == 1 and the name matched, regardless of
whether other servers also provided a KRA.

https://pagure.io/freeipa/issue/8397

Signed-off-by: Rob Crittenden <rcrit...@redhat.com>
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6101/head:pr6101
git checkout pr6101

From 2f3531e69dfd1122cb49db0fd7cee5b2d596960d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Mon, 22 Nov 2021 10:53:20 -0500
Subject: [PATCH] Don't limit role-find by hostname when searching for last KRA

The "is this the last KRA" test did a role-find including the
current server. This skewed the result if the server to be
removed has a KRA installed, it would always return "not allowed"
because len(roles) == 1 and the name matched, regardless of
whether other servers also provided a KRA.

https://pagure.io/freeipa/issue/8397

Signed-off-by: Rob Crittenden <rcrit...@redhat.com>
---
 ipaserver/plugins/server.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py
index 8fab5d1d6e4..60d89d5b383 100644
--- a/ipaserver/plugins/server.py
+++ b/ipaserver/plugins/server.py
@@ -509,7 +509,6 @@ def handler(msg, ignore_last_of_role):
         if self.api.Command.ca_is_enabled()['result']:
             try:
                 roles = self.api.Command.server_role_find(
-                    server_server=hostname,
                     role_servrole='KRA server',
                     status='enabled',
                     include_master=True,

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to