Re: [Freeipa-devel] [PATCH 0090] Allow deletion of an empty trusted range with the --force flag

[Tomas Babej]

On 08/06/2013 05:40 PM, Ana Krivokapic wrote:

1) I can now delete the default range that gets created together with the trust.
Should this be allowed?

2) There is a failing test now, because you changed the DependentEntry error to
ValidationError. Btw, isn't a DependentEntry more appropriate here?

==
FAIL: test_range[23]: idrange_del: Try to delete active AD trusted range
u'testrange10'
--
Traceback (most recent call last):
   File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in runTest
 self.test(*self.arg)
   File "/home/akrivoka/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 271,
in 
 func = lambda: self.check(nice, **test)
   File "/home/akrivoka/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 285,
in check
 self.check_exception(nice, cmd, args, options, expected)
   File "/home/akrivoka/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 304,
in check_exception
 UNEXPECTED % (cmd, name, args, options, e.__class__.__name__, e)
AssertionError: Expected 'idrange_del' to raise DependentEntry, but caught
different.
   args = [u'testrange10']
   options = {'version': u'2.64'}
   ValidationError: invalid 'ID range': ID range 'testrange10' cannot be deleted
because it belongs to the active trust 'testtrust'. Remove it prior to removing
this range or use --force option.


3)

+ doc=_('Forces deletion of an empty range even if it belongs to '
+   'a active trust.'),

"a active trust" -> "an active trust"

We had a discussion with Sumit and Alexander after which we came to the
conclusion that bug described in the ticket should be expected behaviour.

Please discard the patches.

I closed the ticket as invalid.

--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0090] Allow deletion of an empty trusted range with the --force flag

[Ana Krivokapic]

1) I can now delete the default range that gets created together with the trust.
Should this be allowed?

2) There is a failing test now, because you changed the DependentEntry error to
ValidationError. Btw, isn't a DependentEntry more appropriate here?

==
FAIL: test_range[23]: idrange_del: Try to delete active AD trusted range
u'testrange10'
--
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in runTest
self.test(*self.arg)
  File "/home/akrivoka/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 271,
in 
func = lambda: self.check(nice, **test)
  File "/home/akrivoka/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 285,
in check
self.check_exception(nice, cmd, args, options, expected)
  File "/home/akrivoka/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 304,
in check_exception
UNEXPECTED % (cmd, name, args, options, e.__class__.__name__, e)
AssertionError: Expected 'idrange_del' to raise DependentEntry, but caught
different.
  args = [u'testrange10']
  options = {'version': u'2.64'}
  ValidationError: invalid 'ID range': ID range 'testrange10' cannot be deleted
because it belongs to the active trust 'testtrust'. Remove it prior to removing
this range or use --force option.


3)
> + doc=_('Forces deletion of an empty range even if it belongs to '
> +   'a active trust.'),
"a active trust" -> "an active trust"

-- 
Regards,

Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH 0090] Allow deletion of an empty trusted range with the --force flag

[Tomas Babej]

Hi,

Adds a --force flag to idrange-del command that allows the
deletion of the empty trusted range. This can be used in case
the range has been mistakenly created with wrong parameters,
and needs to be recreated.

Note at Minor Enhacements page added:
http://www.freeipa.org/page/V3_Minor_Enhancements

https://fedorahosted.org/freeipa/ticket/3787

--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org

From 96287a035aa3dd4ff2acc40cf6ca81221dc40a8d Mon Sep 17 00:00:00 2001
From: Tomas Babej 
Date: Tue, 6 Aug 2013 16:01:58 +0200
Subject: [PATCH] Allow deletion of an empty trusted range with the --force
 flag

Adds a --force flag to idrange-del command that allows the
deletion of the empty trusted range. This can be used in case
the range has been mistakenly created with wrong parameters,
and needs to be recreated.

Note at Minor Enhacements page added:
http://www.freeipa.org/page/V3_Minor_Enhancements

https://fedorahosted.org/freeipa/ticket/3787
---
 API.txt   |  3 ++-
 VERSION   |  2 +-
 ipalib/plugins/idrange.py | 23 +--
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/API.txt b/API.txt
index 47cf5411f1cfa600823d890308ca7504410f7d0b..f3cf646fa5f016f2eeb9266f4d1dde95b002617f 100644
--- a/API.txt
+++ b/API.txt
@@ -1957,9 +1957,10 @@ output: Entry('result', , Gettext('A dictionary representing an LDA
 output: Output('summary', (, ), None)
 output: Output('value', , None)
 command: idrange_del
-args: 1,2,3
+args: 1,3,3
 arg: Str('cn', attribute=True, cli_name='name', multivalue=True, primary_key=True, query=True, required=True)
 option: Flag('continue', autofill=True, cli_name='continue', default=False)
+option: Flag('force', autofill=True, default=False)
 option: Str('version?', exclude='webui')
 output: Output('result', , None)
 output: Output('summary', (, ), None)
diff --git a/VERSION b/VERSION
index 313d5f96ffdf025a3e97aa405d432fdae64d0d20..950e094d171534ada518a89d12ada4b0180c5c62 100644
--- a/VERSION
+++ b/VERSION
@@ -89,4 +89,4 @@ IPA_DATA_VERSION=2010061412
 #  #
 
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=63
+IPA_API_VERSION_MINOR=64
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index cf74a75ffda42b2d2e40d2ab35c79ed069dd0f52..f78fc629d8787c0725af980c7645ddfa78623849 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -19,7 +19,7 @@
 
 from ipalib.plugins.baseldap import (LDAPObject, LDAPCreate, LDAPDelete,
  LDAPRetrieve, LDAPSearch, LDAPUpdate)
-from ipalib import api, Int, Str, DeprecatedParam, StrEnum, _, ngettext
+from ipalib import api, Int, Str, DeprecatedParam, StrEnum, _, ngettext, Flag
 from ipalib import errors
 from ipapython.dn import DN
 
@@ -549,6 +549,14 @@ class idrange_del(LDAPDelete):
 
 msg_summary = _('Deleted ID range "%(value)s"')
 
+takes_options = LDAPDelete.takes_options + (
+Flag('force',
+ label=_('Force'),
+ doc=_('Forces deletion of an empty range even if it belongs to '
+   'a active trust.'),
+),
+)
+
 def pre_callback(self, ldap, dn, *keys, **options):
 try:
 (old_dn, old_attrs) = ldap.get_entry(dn, ['ipabaseid',
@@ -566,15 +574,18 @@ class idrange_del(LDAPDelete):
 # Check whether the range does not belong to the active trust
 range_sid = old_attrs.get('ipanttrusteddomainsid')
 
-if range_sid is not None:
+if range_sid is not None and not options['force']:
 range_sid = range_sid[0]
 result = api.Command['trust_find'](ipanttrusteddomainsid=range_sid)
 
 if result['count'] > 0:
-raise errors.DependentEntry(
-label='Active Trust',
-key=keys[0],
-dependent=result['result'][0]['cn'][0])
+error = "ID range '{idrange}' cannot be deleted because it "\
+"belongs to the active trust '{trust}'. Remove it "\
+"prior to removing this range or use --force option."\
+.format(idrange=keys[0],
+trust=result['result'][0]['cn'][0])
+
+raise errors.ValidationError(name='ID range', error=error)
 
 return dn
 
-- 
1.8.3.1

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel