Fix - Invalid ipaotp returned if host in cache

Change: Id107000b3a667f5724331e281912560cff6f92f0 implemented
caching in the IPAClient. We need to store the OTP in the cache
and return the cached OTP, not the one generated on the join
request in case there is a cache hit, since we do not update
the OTP in FreeIPA when the host is in the cache.

Closes-Bug: #1796415
Change-Id: Ic19ee7c2228d275397bc4be04432126fd2f228ec
This commit is contained in:
Harald Jensås 2018-10-06 00:28:48 +02:00
parent 3d58511664
commit 96ab6fd525
2 changed files with 13 additions and 10 deletions

View File

@ -260,7 +260,7 @@ class IPAClient(IPANovaJoinBase):
if hostname in self.host_cache:
LOG.debug('Host ' + hostname + ' found in cache.')
return True
return self.host_cache[hostname]
params = [hostname]
@ -289,21 +289,25 @@ class IPAClient(IPANovaJoinBase):
try:
self._call_ipa('host_mod', *params, **modargs)
self.host_cache[hostname] = ipaotp.decode('UTF-8')
except errors.NotFound:
try:
self._call_ipa('host_add', *params, **hostargs)
self.host_cache[hostname] = True
self.host_cache[hostname] = ipaotp.decode('UTF-8')
except errors.DuplicateEntry:
self.host_cache[hostname] = True
# We have no idea what the OTP is for the existing host.
return False
except (errors.ValidationError, errors.DNSNotARecordError):
pass
# Assumes despite these exceptions the host was created
# and the OTP was set.
self.host_cache[hostname] = ipaotp.decode('UTF-8')
except errors.ValidationError:
# Updating the OTP on an enrolled-host is not allowed
# in IPA and really a no-op.
self.host_cache[hostname] = True
# We don't know the OTP of the host, so we cannot update the cache.
return False
return True
return self.host_cache.get(hostname, False)
def add_subhost(self, hostname):
"""Add a subhost to IPA.

View File

@ -200,15 +200,14 @@ class JoinController(Controller):
ipaotp = uuid.uuid4().hex
data['ipaotp'] = ipaotp
data['hostname'] = get_fqdn(hostname_short, project_name)
_, realm = self.ipaclient.get_host_and_realm()
data['krb_realm'] = realm
try:
res = self.ipaclient.add_host(data['hostname'], ipaotp,
metadata, image_metadata)
if not res:
data['ipaotp'] = self.ipaclient.add_host(data['hostname'], ipaotp,
metadata, image_metadata)
if not data['ipaotp']:
# OTP was not added to host, don't return one
del data['ipaotp']
except Exception as e: # pylint: disable=broad-except