x
/
novajoin
Code Issues Proposed changes

Fix - Invalid ipaotp returned if host in cache 

Change: Id107000b3a667f5724331e281912560cff6f92f0 implemented
caching in the IPAClient. We need to store the OTP in the cache
and return the cached OTP, not the one generated on the join
request in case there is a cache hit, since we do not update
the OTP in FreeIPA when the host is in the cache.

Closes-Bug: #1796415
Change-Id: Ic19ee7c2228d275397bc4be04432126fd2f228ec
This commit is contained in:
Harald Jensås 2018-10-06 00:28:48 +02:00
parent 3d58511664
commit 96ab6fd525
2 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
novajoin/ipa.py
View File

@ -260,7 +260,7 @@ class IPAClient(IPANovaJoinBase):
if hostname in self.host_cache: if hostname in self.host_cache:
LOG.debug('Host ' + hostname + ' found in cache.') LOG.debug('Host ' + hostname + ' found in cache.')
return True return self.host_cache[hostname]
params = [hostname] params = [hostname]
@ -289,21 +289,25 @@ class IPAClient(IPANovaJoinBase):
try: try:
self._call_ipa('host_mod', *params, **modargs) self._call_ipa('host_mod', *params, **modargs)
self.host_cache[hostname] = ipaotp.decode('UTF-8')
except errors.NotFound: except errors.NotFound:
try: try:
self._call_ipa('host_add', *params, **hostargs) self._call_ipa('host_add', *params, **hostargs)
self.host_cache[hostname] = True self.host_cache[hostname] = ipaotp.decode('UTF-8')
except errors.DuplicateEntry: except errors.DuplicateEntry:
self.host_cache[hostname] = True # We have no idea what the OTP is for the existing host.
return False
except (errors.ValidationError, errors.DNSNotARecordError): except (errors.ValidationError, errors.DNSNotARecordError):
pass # Assumes despite these exceptions the host was created
# and the OTP was set.
self.host_cache[hostname] = ipaotp.decode('UTF-8')
except errors.ValidationError: except errors.ValidationError:
# Updating the OTP on an enrolled-host is not allowed # Updating the OTP on an enrolled-host is not allowed
# in IPA and really a no-op. # in IPA and really a no-op.
self.host_cache[hostname] = True # We don't know the OTP of the host, so we cannot update the cache.
return False return False
return True return self.host_cache.get(hostname, False)
def add_subhost(self, hostname): def add_subhost(self, hostname):
"""Add a subhost to IPA. """Add a subhost to IPA.

7
novajoin/join.py
View File

@ -200,15 +200,14 @@ class JoinController(Controller):
ipaotp = uuid.uuid4().hex ipaotp = uuid.uuid4().hex
data['ipaotp'] = ipaotp
data['hostname'] = get_fqdn(hostname_short, project_name) data['hostname'] = get_fqdn(hostname_short, project_name)
_, realm = self.ipaclient.get_host_and_realm() _, realm = self.ipaclient.get_host_and_realm()
data['krb_realm'] = realm data['krb_realm'] = realm
try: try:
res = self.ipaclient.add_host(data['hostname'], ipaotp, data['ipaotp'] = self.ipaclient.add_host(data['hostname'], ipaotp,
metadata, image_metadata) metadata, image_metadata)
if not res: if not data['ipaotp']:
# OTP was not added to host, don't return one # OTP was not added to host, don't return one
del data['ipaotp'] del data['ipaotp']
except Exception as e: # pylint: disable=broad-except except Exception as e: # pylint: disable=broad-except