ipa delegation-add can add same permissions and attributes several times
Entries in permissions and attributes are not unique:
------------------------------------------- Added delegation "basic manager attributes" ------------------------------------------- Delegation name: basic manager attributes Permissions: read, read, read Attributes: businesscategory, departmentnumber, employeetype, employeenumber, employeenumber, employeenumber, employeenumber Member user group: employees User group: managers
Failure
$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server ipa-server-4.8.7-7.module+el8.3.0+7376+c83e4fcd.x86_64 ipa-client-4.8.7-7.module+el8.3.0+7376+c83e4fcd.x86_64 389-ds-base-1.4.3.8-4.module+el8.3.0+7193+dfd1e8ad.x86_64 pki-ca-10.9.0-0.7.module+el8.3.0+7364+90640274.noarch krb5-server-1.18.2-4.el8.x86_64
ipa delegation-mod is behaving differently. It is not possible to make the permissions and attributes items unique after the -add call in the reproducer has been used:
$ ipa delegation-mod "basic manager attributes" --permissions=read --attrs=businesscategory --attrs=departmentnumber --attrs=employeetype --attrs=employeenumber --group=managers --membergroup=employees ipa: ERROR: no modifications to be performed
Metadata Update from @rcritten: - Issue assigned to rcritten
I think we just need to convert the values into a set and allow the ACI class to handle sets as iterables.
https://github.com/freeipa/freeipa/pull/5094
Ended up not using a set() because it doesn't guarantee order which makes the xmlrpc tests more difficult than they need to be. We don't need a true set(), just de-duplication, so I added a simple iterator to de-duplicate things.
master:
ipa-4-8:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.