On 06/10/2015 02:26 PM, Ludwig Krispenz wrote:
Hi Petr,
On 06/08/2015 04:50 PM, Ludwig Krispenz wrote:

On 06/08/2015 04:47 PM, Petr Vobornik wrote:
On 06/03/2015 06:20 PM, Simo Sorce wrote:
On Wed, 2015-06-03 at 14:53 +0200, Ludwig Krispenz wrote:

this should prevent adding duplicate segments or segments with same
start and end node



The self referential check is done only in ipa_topo_pre_add. But it
is still possible to create self referential in mod.

Interesting thing is if I:
- have segment (A, B)
- modify it to (A, A) (success)
- add (A, B), got: "Server is unwilling to perform: Segment already
exists in topology or is self referential. Add rejected."
- removal of (A, A): "Server is unwilling to perform: Removal of
Segment disconnects topology.Deletion not allowed." note that, there
are also: (A, D) and (A, C) segments.

ACK if it will be addressed in separate patch.
did you push this patch ?

Pushed to master: 777a9500ceba11e6adbd85306f460e8a320504cb

yes, it will be.
but it will take more work, if we want to properly allow mods to change
connectivity and endpoints, then we would need to check if the mod
disconnects the topology, delete existing agreements, check if the new
would be a duplicate and create new agmts. There could be some difficult
scenarios,like having

A <--> B <--> C <--> D,

if you modify the segment B-C to A-D topology breaks and is then

So I think we should reject segment mods affecting endpoints of the
segment, at least for alpha, beta ...
You find interesting scenarios :-)

I think it's even more proper. IMHO, this operation should be done by "add" and "del" anyway.

So then, so we should add "no_update" flag in ipalib and reject it in topology plugin. I'll adjust the ipalib part.

Petr Vobornik

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to