Fix - Invalid ipaotp returned if host in cache
Change: Id107000b3a667f5724331e281912560cff6f92f0 implemented caching in the IPAClient. We need to store the OTP in the cache and return the cached OTP, not the one generated on the join request in case there is a cache hit, since we do not update the OTP in FreeIPA when the host is in the cache. Closes-Bug: #1796415 Change-Id: Ic19ee7c2228d275397bc4be04432126fd2f228ec
This commit is contained in:
parent
3d58511664
commit
96ab6fd525
|
@ -260,7 +260,7 @@ class IPAClient(IPANovaJoinBase):
|
||||||
|
|
||||||
if hostname in self.host_cache:
|
if hostname in self.host_cache:
|
||||||
LOG.debug('Host ' + hostname + ' found in cache.')
|
LOG.debug('Host ' + hostname + ' found in cache.')
|
||||||
return True
|
return self.host_cache[hostname]
|
||||||
|
|
||||||
params = [hostname]
|
params = [hostname]
|
||||||
|
|
||||||
|
@ -289,21 +289,25 @@ class IPAClient(IPANovaJoinBase):
|
||||||
|
|
||||||
try:
|
try:
|
||||||
self._call_ipa('host_mod', *params, **modargs)
|
self._call_ipa('host_mod', *params, **modargs)
|
||||||
|
self.host_cache[hostname] = ipaotp.decode('UTF-8')
|
||||||
except errors.NotFound:
|
except errors.NotFound:
|
||||||
try:
|
try:
|
||||||
self._call_ipa('host_add', *params, **hostargs)
|
self._call_ipa('host_add', *params, **hostargs)
|
||||||
self.host_cache[hostname] = True
|
self.host_cache[hostname] = ipaotp.decode('UTF-8')
|
||||||
except errors.DuplicateEntry:
|
except errors.DuplicateEntry:
|
||||||
self.host_cache[hostname] = True
|
# We have no idea what the OTP is for the existing host.
|
||||||
|
return False
|
||||||
except (errors.ValidationError, errors.DNSNotARecordError):
|
except (errors.ValidationError, errors.DNSNotARecordError):
|
||||||
pass
|
# Assumes despite these exceptions the host was created
|
||||||
|
# and the OTP was set.
|
||||||
|
self.host_cache[hostname] = ipaotp.decode('UTF-8')
|
||||||
except errors.ValidationError:
|
except errors.ValidationError:
|
||||||
# Updating the OTP on an enrolled-host is not allowed
|
# Updating the OTP on an enrolled-host is not allowed
|
||||||
# in IPA and really a no-op.
|
# in IPA and really a no-op.
|
||||||
self.host_cache[hostname] = True
|
# We don't know the OTP of the host, so we cannot update the cache.
|
||||||
return False
|
return False
|
||||||
|
|
||||||
return True
|
return self.host_cache.get(hostname, False)
|
||||||
|
|
||||||
def add_subhost(self, hostname):
|
def add_subhost(self, hostname):
|
||||||
"""Add a subhost to IPA.
|
"""Add a subhost to IPA.
|
||||||
|
|
|
@ -200,15 +200,14 @@ class JoinController(Controller):
|
||||||
|
|
||||||
ipaotp = uuid.uuid4().hex
|
ipaotp = uuid.uuid4().hex
|
||||||
|
|
||||||
data['ipaotp'] = ipaotp
|
|
||||||
data['hostname'] = get_fqdn(hostname_short, project_name)
|
data['hostname'] = get_fqdn(hostname_short, project_name)
|
||||||
_, realm = self.ipaclient.get_host_and_realm()
|
_, realm = self.ipaclient.get_host_and_realm()
|
||||||
data['krb_realm'] = realm
|
data['krb_realm'] = realm
|
||||||
|
|
||||||
try:
|
try:
|
||||||
res = self.ipaclient.add_host(data['hostname'], ipaotp,
|
data['ipaotp'] = self.ipaclient.add_host(data['hostname'], ipaotp,
|
||||||
metadata, image_metadata)
|
metadata, image_metadata)
|
||||||
if not res:
|
if not data['ipaotp']:
|
||||||
# OTP was not added to host, don't return one
|
# OTP was not added to host, don't return one
|
||||||
del data['ipaotp']
|
del data['ipaotp']
|
||||||
except Exception as e: # pylint: disable=broad-except
|
except Exception as e: # pylint: disable=broad-except
|
||||||
|
|
Loading…
Reference in New Issue