460745
From 9a8352637aeb32ddffd83f4477695ec290da8429 Mon Sep 17 00:00:00 2001
460745
From: Florence Blanc-Renaud <flo@redhat.com>
460745
Date: Wed, 23 Aug 2017 16:31:18 +0200
460745
Subject: [PATCH] Fix ipa config-mod --ca-renewal-master
460745
460745
commit bddb90f38a3505a2768862d2f814c5e749a7dcde added the support for
460745
multivalued server attributes (for pkinit_server_server), but this
460745
introduced an API change where the setter and getter of ServerAttribute
460745
are expecting list of values.
460745
460745
When a SingleValuedServerAttribute is used, we need to convert one elem
460745
into a list containing this elem and vice-versa, so that the ipa config-mod
460745
and ipa config_show APIs are not modified.
460745
460745
https://pagure.io/freeipa/issue/7120
460745
460745
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
460745
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
460745
---
460745
 ipaserver/plugins/serverroles.py            | 16 +++++++++++++++-
460745
 ipatests/test_ipaserver/test_serverroles.py |  4 ++--
460745
 2 files changed, 17 insertions(+), 3 deletions(-)
460745
460745
diff --git a/ipaserver/plugins/serverroles.py b/ipaserver/plugins/serverroles.py
460745
index e81635c3315cc3fca84450f43fb7df883aae57d9..04e21090657197b9267f2ffc05048399a7ce3d38 100644
460745
--- a/ipaserver/plugins/serverroles.py
460745
+++ b/ipaserver/plugins/serverroles.py
460745
@@ -46,6 +46,7 @@ from ipalib import errors, _
460745
 from ipalib.backend import Backend
460745
 from ipalib.plugable import Registry
460745
 from ipaserver.servroles import (attribute_instances, ENABLED, role_instances)
460745
+from ipaserver.servroles import SingleValuedServerAttribute
460745
 
460745
 
460745
 if six.PY3:
460745
@@ -136,13 +137,26 @@ class serverroles(Backend):
460745
 
460745
         for name, attr in assoc_attributes.items():
460745
             attr_value = attr.get(self.api)
460745
-            result.update({name: attr_value})
460745
+
460745
+            if attr_value:
460745
+                # attr can be a SingleValuedServerAttribute
460745
+                # in this case, the API expects a value, not a list of values
460745
+                if isinstance(attr, SingleValuedServerAttribute):
460745
+                    attr_value = attr_value[0]
460745
+                result.update({name: attr_value})
460745
 
460745
         return result
460745
 
460745
     def config_update(self, **attrs_values):
460745
         for attr, value in attrs_values.items():
460745
             try:
460745
+                # when the attribute is single valued, it will be stored
460745
+                # in a SingleValuedServerAttribute. The set method expects
460745
+                # a list containing a single value.
460745
+                # We need to convert value to a list containing value
460745
+                if isinstance(self.attributes[attr],
460745
+                              SingleValuedServerAttribute):
460745
+                    value = [value]
460745
                 self.attributes[attr].set(self.api, value)
460745
             except KeyError:
460745
                 raise errors.NotFound(
460745
diff --git a/ipatests/test_ipaserver/test_serverroles.py b/ipatests/test_ipaserver/test_serverroles.py
460745
index 985c750b64f109e0a83686f31ddb3b8d4171072d..e8967517d0c65fb6e3daebf220cae7df38bfe044 100644
460745
--- a/ipatests/test_ipaserver/test_serverroles.py
460745
+++ b/ipatests/test_ipaserver/test_serverroles.py
460745
@@ -715,7 +715,7 @@ class TestServerAttributes(object):
460745
         non_ca_fqdn = mock_masters.get_fqdn('trust-controller-dns')
460745
 
460745
         with pytest.raises(errors.ValidationError):
460745
-            self.config_update(mock_api, **{attr_name: [non_ca_fqdn]})
460745
+            self.config_update(mock_api, **{attr_name: non_ca_fqdn})
460745
 
460745
     def test_set_unknown_attribute_on_master_raises_notfound(
460745
             self, mock_api, mock_masters):
460745
@@ -732,7 +732,7 @@ class TestServerAttributes(object):
460745
         original_renewal_master = self.config_retrieve(
460745
             role_name, mock_api)[attr_name]
460745
 
460745
-        other_ca_server = [mock_masters.get_fqdn('trust-controller-ca')]
460745
+        other_ca_server = mock_masters.get_fqdn('trust-controller-ca')
460745
 
460745
         for host in (other_ca_server, original_renewal_master):
460745
             self.config_update(mock_api, **{attr_name: host})
460745
-- 
460745
2.13.5
460745