Re: [Freeipa-devel] [PATCH 0046] add option to skip client API version check and proceed at user's own risk
On 08/07/15 13:08, Jan Cholasta wrote: Dne 8.7.2015 v 07:43 Jan Cholasta napsal(a): Dne 8.7.2015 v 00:37 Tomas Babej napsal(a): On 07/07/2015 07:49 PM, Martin Basti wrote: On 03/07/15 16:41, Martin Babinsky wrote: On 07/02/2015 01:58 PM, Martin Babinsky wrote: First attempt at https://fedorahosted.org/freeipa/ticket/4768 Attaching reworked patch. ACK -- Martin Basti Pushed to master: ea7f392bb98c1f1c4558ec5d6e84ee7a7c613474 NACK! This won't work, as it breaks capabilities. Fixed, see the attached patch. ACK -- Martin Basti -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0046] add option to skip client API version check and proceed at user's own risk
Dne 8.7.2015 v 07:43 Jan Cholasta napsal(a):
Dne 8.7.2015 v 00:37 Tomas Babej napsal(a):
On 07/07/2015 07:49 PM, Martin Basti wrote:
On 03/07/15 16:41, Martin Babinsky wrote:
On 07/02/2015 01:58 PM, Martin Babinsky wrote:
First attempt at https://fedorahosted.org/freeipa/ticket/4768
Attaching reworked patch.
ACK
--
Martin Basti
Pushed to master: ea7f392bb98c1f1c4558ec5d6e84ee7a7c613474
NACK! This won't work, as it breaks capabilities.
Fixed, see the attached patch.
--
Jan Cholasta
From 5d9321d7a11bcb60ec2b1fde5bebe151932e3046 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 8 Jul 2015 06:21:02 +
Subject: [PATCH] ipalib: Fix skip_version_check option
This reverts commit ea7f392bb98c1f1c4558ec5d6e84ee7a7c613474.
The option can be either set in IPA config file or specified as
'ipa -e skip_version_check=1 [COMMAND]'.
https://fedorahosted.org/freeipa/ticket/4768
---
ipa-client/man/default.conf.5 | 3 +++
ipalib/frontend.py| 7 +--
ipalib/plugable.py| 8 +---
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/ipa-client/man/default.conf.5 b/ipa-client/man/default.conf.5
index e345e93..75b9f86 100644
--- a/ipa-client/man/default.conf.5
+++ b/ipa-client/man/default.conf.5
@@ -166,6 +166,9 @@ Specifies how the expiration of a session is computed. With \fBinactivity_timeou
.B server hostname
Specifies the IPA Server hostname.
.TP
+.B skip_version_check boolean
+Skip client vs. server API version checking. Can lead to errors/strange behavior when newer clients talk to older servers. Use with caution.
+.TP
.B startup_timeout time in seconds
Controls the amount of time waited when starting a service. The default value is 120 seconds.
.TP
diff --git a/ipalib/frontend.py b/ipalib/frontend.py
index 3a59838..2ca3aae 100644
--- a/ipalib/frontend.py
+++ b/ipalib/frontend.py
@@ -26,6 +26,7 @@ from distutils import version
from ipapython.version import API_VERSION
from ipapython.ipa_log_manager import root_logger
+from ipalib.capabilities import VERSION_WITHOUT_CAPABILITIES
from base import NameSpace
from plugable import Plugin
from parameters import create_param, Param, Str, Flag, Password
@@ -423,7 +424,9 @@ class Command(HasParam):
version_provided = 'version' in options
if version_provided:
self.verify_client_version(unicode(options['version']))
-elif self.api.env.in_server or not self.api.env.skip_version_check:
+elif self.api.env.skip_version_check and not self.api.env.in_server:
+options['version'] = VERSION_WITHOUT_CAPABILITIES
+else:
options['version'] = API_VERSION
params = self.args_options_2_params(*args, **options)
self.debug(
@@ -451,7 +454,7 @@ class Command(HasParam):
):
ret['summary'] = self.get_summary_default(ret)
if self.use_output_validation and (self.output or ret is not None):
-self.validate_output(ret, options.get('version', API_VERSION))
+self.validate_output(ret, options['version'])
return ret
def soft_validate(self, values):
diff --git a/ipalib/plugable.py b/ipalib/plugable.py
index 269d580..2ce7acf 100644
--- a/ipalib/plugable.py
+++ b/ipalib/plugable.py
@@ -484,12 +484,6 @@ class API(ReadOnly):
dest='fallback',
help='Only use the server configured in /etc/ipa/default.conf'
)
-parser.add_option(
-'--skip-version-check',
-action='store_true',
-dest='skip_version_check',
-help=optparse.SUPPRESS_HELP
-)
return parser
@@ -509,7 +503,7 @@ class API(ReadOnly):
pass
overrides[str(key.strip())] = value.strip()
for key in ('conf', 'debug', 'verbose', 'prompt_all', 'interactive',
-'fallback', 'delegate', 'skip_version_check'):
+'fallback', 'delegate'):
value = getattr(options, key, None)
if value is not None:
overrides[key] = value
--
2.1.0
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0046] add option to skip client API version check and proceed at user's own risk
On 03/07/15 16:41, Martin Babinsky wrote: On 07/02/2015 01:58 PM, Martin Babinsky wrote: First attempt at https://fedorahosted.org/freeipa/ticket/4768 Attaching reworked patch. ACK -- Martin Basti -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0046] add option to skip client API version check and proceed at user's own risk
On 07/07/2015 07:49 PM, Martin Basti wrote: On 03/07/15 16:41, Martin Babinsky wrote: On 07/02/2015 01:58 PM, Martin Babinsky wrote: First attempt at https://fedorahosted.org/freeipa/ticket/4768 Attaching reworked patch. ACK -- Martin Basti Pushed to master: ea7f392bb98c1f1c4558ec5d6e84ee7a7c613474 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0046] add option to skip client API version check and proceed at user's own risk
Dne 8.7.2015 v 00:37 Tomas Babej napsal(a): On 07/07/2015 07:49 PM, Martin Basti wrote: On 03/07/15 16:41, Martin Babinsky wrote: On 07/02/2015 01:58 PM, Martin Babinsky wrote: First attempt at https://fedorahosted.org/freeipa/ticket/4768 Attaching reworked patch. ACK -- Martin Basti Pushed to master: ea7f392bb98c1f1c4558ec5d6e84ee7a7c613474 NACK! This won't work, as it breaks capabilities. -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0046] add option to skip client API version check and proceed at user's own risk
On 07/02/2015 01:58 PM, Martin Babinsky wrote:
First attempt at https://fedorahosted.org/freeipa/ticket/4768
Attaching reworked patch.
--
Martin^3 Babinsky
From 809a63b86f73cc041f28e223187337dd65f8b1fd Mon Sep 17 00:00:00 2001
From: Martin Babinsky mbabi...@redhat.com
Date: Fri, 3 Jul 2015 12:21:09 +0200
Subject: [PATCH] add option to skip client API version check
This can be either set in IPA config file or specified as
'ipa --skip-version-check [COMMAND]'.
part of https://fedorahosted.org/freeipa/ticket/4768
---
VERSION | 4 ++--
ipalib/cli.py | 1 -
ipalib/constants.py | 4
ipalib/frontend.py | 4 ++--
ipalib/plugable.py | 8 +++-
5 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/VERSION b/VERSION
index 266a04af1a61132637112611b7e86649ff818c2a..043d505c1525cbb4bcea7036292aa8bffbe99711 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=2010061412
# #
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=137
-# Last change: mbabinsk: Commands to manage user/host/service certificates
+IPA_API_VERSION_MINOR=138
+# Last change: mbabinsk: Add option to skip client API version check
diff --git a/ipalib/cli.py b/ipalib/cli.py
index 8515b91ed42fcdb853f8ca1aab14575c38d9bfb3..b260ca65172dab7ba56a23b78c086f49f5c18f70 100644
--- a/ipalib/cli.py
+++ b/ipalib/cli.py
@@ -1082,7 +1082,6 @@ class cli(backend.Executioner):
else:
for callback in callbacks:
callback(cmd, kw)
-kw['version'] = API_VERSION
self.load_files(cmd, kw)
return kw
diff --git a/ipalib/constants.py b/ipalib/constants.py
index a062505c349436332d430af4fd29c76d20c85343..53c3106cdd16fef0eba42a70518f7633b3fd95d1 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -188,6 +188,10 @@ DEFAULT_CONFIG = (
# Used when verifying that the API hasn't changed. Not for production.
('validate_api', False),
+# Skip client vs. server API version checking. Can lead to errors/strange
+# behavior when newer clients talk to older servers. Use with caution.
+('skip_version_check', False),
+
#
# The remaining keys are never set from the values here!
#
diff --git a/ipalib/frontend.py b/ipalib/frontend.py
index 81bf6d90b7f4d0b60a1312c4ec3049c63b09512f..3a59838d78f2b67f9eebf6dbb77bb7dac731abfb 100644
--- a/ipalib/frontend.py
+++ b/ipalib/frontend.py
@@ -423,7 +423,7 @@ class Command(HasParam):
version_provided = 'version' in options
if version_provided:
self.verify_client_version(unicode(options['version']))
-else:
+elif self.api.env.in_server or not self.api.env.skip_version_check:
options['version'] = API_VERSION
params = self.args_options_2_params(*args, **options)
self.debug(
@@ -451,7 +451,7 @@ class Command(HasParam):
):
ret['summary'] = self.get_summary_default(ret)
if self.use_output_validation and (self.output or ret is not None):
-self.validate_output(ret, options['version'])
+self.validate_output(ret, options.get('version', API_VERSION))
return ret
def soft_validate(self, values):
diff --git a/ipalib/plugable.py b/ipalib/plugable.py
index 2ce7acfd6c916000923500a1da077f49e68392d1..269d58092b297afae6bf8553ef762da3060acb25 100644
--- a/ipalib/plugable.py
+++ b/ipalib/plugable.py
@@ -484,6 +484,12 @@ class API(ReadOnly):
dest='fallback',
help='Only use the server configured in /etc/ipa/default.conf'
)
+parser.add_option(
+'--skip-version-check',
+action='store_true',
+dest='skip_version_check',
+help=optparse.SUPPRESS_HELP
+)
return parser
@@ -503,7 +509,7 @@ class API(ReadOnly):
pass
overrides[str(key.strip())] = value.strip()
for key in ('conf', 'debug', 'verbose', 'prompt_all', 'interactive',
-'fallback', 'delegate'):
+'fallback', 'delegate', 'skip_version_check'):
value = getattr(options, key, None)
if value is not None:
overrides[key] = value
--
2.4.3
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0046] add option to skip client API version check and proceed at user's own risk
On 07/02/2015 01:58 PM, Martin Babinsky wrote: First attempt at https://fedorahosted.org/freeipa/ticket/4768 self-NACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
