URL: https://github.com/freeipa/freeipa/pull/1039 Author: tomaskrizek Title: #1039: Backport PR 1001 to ipa-4-5 Action: opened
PR body: """ This PR was opened automatically because PR #1001 was pushed to master and backport to ipa-4-5 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1039/head:pr1039 git checkout pr1039
From 49d5d838dfb1381d6c4de9cff5119948ddb00eb4 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Wed, 23 Aug 2017 16:31:18 +0200 Subject: [PATCH] Fix ipa config-mod --ca-renewal-master commit bddb90f38a3505a2768862d2f814c5e749a7dcde added the support for multivalued server attributes (for pkinit_server_server), but this introduced an API change where the setter and getter of ServerAttribute are expecting list of values. When a SingleValuedServerAttribute is used, we need to convert one elem into a list containing this elem and vice-versa, so that the ipa config-mod and ipa config_show APIs are not modified. https://pagure.io/freeipa/issue/7120 --- ipaserver/plugins/serverroles.py | 12 ++++++++++++ ipatests/test_ipaserver/test_serverroles.py | 4 ++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/ipaserver/plugins/serverroles.py b/ipaserver/plugins/serverroles.py index b41fb45d16..0abf48ae52 100644 --- a/ipaserver/plugins/serverroles.py +++ b/ipaserver/plugins/serverroles.py @@ -46,6 +46,7 @@ from ipalib.backend import Backend from ipalib.plugable import Registry from ipaserver.servroles import (attribute_instances, ENABLED, role_instances) +from ipaserver.servroles import SingleValuedServerAttribute if six.PY3: @@ -142,6 +143,10 @@ def config_retrieve(self, servrole): attr_value = attr.get(self.api) if attr_value: + # attr can be a SingleValuedServerAttribute + # in this case, the API expects a value, not a list of values + if isinstance(attr, SingleValuedServerAttribute): + attr_value = attr_value[0] result.update({name: attr_value}) return result @@ -149,6 +154,13 @@ def config_retrieve(self, servrole): def config_update(self, **attrs_values): for attr, value in attrs_values.items(): try: + # when the attribute is single valued, it will be stored + # in a SingleValuedServerAttribute. The set method expects + # a list containing a single value. + # We need to convert value to a list containing value + if isinstance(self.attributes[attr], + SingleValuedServerAttribute): + value = [value] self.attributes[attr].set(self.api, value) except KeyError: raise errors.NotFound( diff --git a/ipatests/test_ipaserver/test_serverroles.py b/ipatests/test_ipaserver/test_serverroles.py index 985c750b64..e8967517d0 100644 --- a/ipatests/test_ipaserver/test_serverroles.py +++ b/ipatests/test_ipaserver/test_serverroles.py @@ -715,7 +715,7 @@ def test_set_attribute_on_master_without_assoc_role_raises_validationerror( non_ca_fqdn = mock_masters.get_fqdn('trust-controller-dns') with pytest.raises(errors.ValidationError): - self.config_update(mock_api, **{attr_name: [non_ca_fqdn]}) + self.config_update(mock_api, **{attr_name: non_ca_fqdn}) def test_set_unknown_attribute_on_master_raises_notfound( self, mock_api, mock_masters): @@ -732,7 +732,7 @@ def test_set_ca_renewal_master_on_other_ca_and_back(self, mock_api, original_renewal_master = self.config_retrieve( role_name, mock_api)[attr_name] - other_ca_server = [mock_masters.get_fqdn('trust-controller-ca')] + other_ca_server = mock_masters.get_fqdn('trust-controller-ca') for host in (other_ca_server, original_renewal_master): self.config_update(mock_api, **{attr_name: host})
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org