On Thu, 2012-02-23 at 13:49 -0500, Rob Crittenden wrote: > Martin Kosek wrote: > > On Thu, 2012-02-23 at 11:33 -0500, Rob Crittenden wrote: > >> Martin Kosek wrote: > >>> On Wed, 2012-02-22 at 17:47 -0500, Rob Crittenden wrote: > >>>> Don't allow a host that is a master or its IPA services to be deleted. > >>>> > >>>> I'm taking a pretty limited view of services, preventing deletion of > >>>> just the IPA services I could think of. I don't want to prevent someone > >>>> from deleting an nfs service they set up, for example. > >>>> > >>>> I'm raising a ValidationError here. I don't know what value it would add > >>>> to have a custom exception but I can add one if desired. > >>>> > >>>> rob > >>> > >>> Generally it looks OK. At first I was concerned if we don't blow up > >>> during ipa-replica-manage del, but it worked fine. > >>> > >>> I have just 2 minor issues: > >>> 1) There is wrong attribute name in new service-del ValidationError, > >>> which is confusing: > >>> > >>> # ipa service-del > >>> ldap/vm-068.idm.lab.bos.redhat....@idm.lab.bos.redhat.com > >>> ipa: ERROR: invalid 'hostname': This service cannot be removed from an > >>> IPA master > >> > >> Yeah, I waffled on that myself. I used hostname since that is what was > >> blowing up. I can change it. > > > > Yes please. This may confuse users as we always try to have attribute > > name in ValidationError. We may want to reword the error text in that > > case too. > > > >> > >>> 2) I would move function host_is_master rather to ipalib/util.py as its > >>> not really related with base classes in baseldap.py > >> > >> I added in there because it requires LDAP to execute. You can't call > >> this without an ldpa handle, etc. I think it should remain there to > >> avoid confusion. > >> > > Done. Added some unit tests too. > > rob
Works for me. Although I hope that somebody does not run updated unit test against unpatched server. He would be surprised. ACK. Pushed to master, ipa-2-2. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
