Hi Petr,
On 06/08/2015 04:50 PM, Ludwig Krispenz wrote:

On 06/08/2015 04:47 PM, Petr Vobornik wrote:
On 06/03/2015 06:20 PM, Simo Sorce wrote:
On Wed, 2015-06-03 at 14:53 +0200, Ludwig Krispenz wrote:

this should prevent adding duplicate segments or segments with same
start and end node



The self referential check is done only in ipa_topo_pre_add. But it is still possible to create self referential in mod.

Interesting thing is if I:
- have segment (A, B)
- modify it to (A, A) (success)
- add (A, B), got: "Server is unwilling to perform: Segment already exists in topology or is self referential. Add rejected." - removal of (A, A): "Server is unwilling to perform: Removal of Segment disconnects topology.Deletion not allowed." note that, there are also: (A, D) and (A, C) segments.

ACK if it will be addressed in separate patch.
did you push this patch ?
yes, it will be.
but it will take more work, if we want to properly allow mods to change connectivity and endpoints, then we would need to check if the mod disconnects the topology, delete existing agreements, check if the new would be a duplicate and create new agmts. There could be some difficult scenarios,like having

A <--> B <--> C <--> D,

if you modify the segment B-C to A-D topology breaks and is then reconnected.

So I think we should reject segment mods affecting endpoints of the segment, at least for alpha, beta ...
You find interesting scenarios :-)

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to