Hi,

Adds a --force flag to idrange-del command that allows the
deletion of the empty trusted range. This can be used in case
the range has been mistakenly created with wrong parameters,
and needs to be recreated.

Note at Minor Enhacements page added:
http://www.freeipa.org/page/V3_Minor_Enhancements

https://fedorahosted.org/freeipa/ticket/3787

--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org

From 96287a035aa3dd4ff2acc40cf6ca81221dc40a8d Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Tue, 6 Aug 2013 16:01:58 +0200
Subject: [PATCH] Allow deletion of an empty trusted range with the --force
 flag

Adds a --force flag to idrange-del command that allows the
deletion of the empty trusted range. This can be used in case
the range has been mistakenly created with wrong parameters,
and needs to be recreated.

Note at Minor Enhacements page added:
http://www.freeipa.org/page/V3_Minor_Enhancements

https://fedorahosted.org/freeipa/ticket/3787
---
 API.txt                   |  3 ++-
 VERSION                   |  2 +-
 ipalib/plugins/idrange.py | 23 +++++++++++++++++------
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/API.txt b/API.txt
index 47cf5411f1cfa600823d890308ca7504410f7d0b..f3cf646fa5f016f2eeb9266f4d1dde95b002617f 100644
--- a/API.txt
+++ b/API.txt
@@ -1957,9 +1957,10 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('value', <type 'unicode'>, None)
 command: idrange_del
-args: 1,2,3
+args: 1,3,3
 arg: Str('cn', attribute=True, cli_name='name', multivalue=True, primary_key=True, query=True, required=True)
 option: Flag('continue', autofill=True, cli_name='continue', default=False)
+option: Flag('force', autofill=True, default=False)
 option: Str('version?', exclude='webui')
 output: Output('result', <type 'dict'>, None)
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
diff --git a/VERSION b/VERSION
index 313d5f96ffdf025a3e97aa405d432fdae64d0d20..950e094d171534ada518a89d12ada4b0180c5c62 100644
--- a/VERSION
+++ b/VERSION
@@ -89,4 +89,4 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=63
+IPA_API_VERSION_MINOR=64
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index cf74a75ffda42b2d2e40d2ab35c79ed069dd0f52..f78fc629d8787c0725af980c7645ddfa78623849 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -19,7 +19,7 @@
 
 from ipalib.plugins.baseldap import (LDAPObject, LDAPCreate, LDAPDelete,
                                      LDAPRetrieve, LDAPSearch, LDAPUpdate)
-from ipalib import api, Int, Str, DeprecatedParam, StrEnum, _, ngettext
+from ipalib import api, Int, Str, DeprecatedParam, StrEnum, _, ngettext, Flag
 from ipalib import errors
 from ipapython.dn import DN
 
@@ -549,6 +549,14 @@ class idrange_del(LDAPDelete):
 
     msg_summary = _('Deleted ID range "%(value)s"')
 
+    takes_options = LDAPDelete.takes_options + (
+        Flag('force',
+             label=_('Force'),
+             doc=_('Forces deletion of an empty range even if it belongs to '
+                   'a active trust.'),
+        ),
+    )
+
     def pre_callback(self, ldap, dn, *keys, **options):
         try:
             (old_dn, old_attrs) = ldap.get_entry(dn, ['ipabaseid',
@@ -566,15 +574,18 @@ class idrange_del(LDAPDelete):
         # Check whether the range does not belong to the active trust
         range_sid = old_attrs.get('ipanttrusteddomainsid')
 
-        if range_sid is not None:
+        if range_sid is not None and not options['force']:
             range_sid = range_sid[0]
             result = api.Command['trust_find'](ipanttrusteddomainsid=range_sid)
 
             if result['count'] > 0:
-                raise errors.DependentEntry(
-                    label='Active Trust',
-                    key=keys[0],
-                    dependent=result['result'][0]['cn'][0])
+                error = "ID range '{idrange}' cannot be deleted because it "\
+                        "belongs to the active trust '{trust}'. Remove it "\
+                        "prior to removing this range or use --force option."\
+                        .format(idrange=keys[0],
+                                trust=result['result'][0]['cn'][0])
+
+                raise errors.ValidationError(name='ID range', error=error)
 
         return dn
 
-- 
1.8.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to