From 96ab6fd525ffcdfbde41bfd7a399d1aae2467c04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Harald=20Jens=C3=A5s?= <hjensas@redhat.com>
Date: Sat, 6 Oct 2018 00:28:48 +0200
Subject: [PATCH] Fix - Invalid ipaotp returned if host in cache

Change: Id107000b3a667f5724331e281912560cff6f92f0 implemented
caching in the IPAClient. We need to store the OTP in the cache
and return the cached OTP, not the one generated on the join
request in case there is a cache hit, since we do not update
the OTP in FreeIPA when the host is in the cache.

Closes-Bug: #1796415
Change-Id: Ic19ee7c2228d275397bc4be04432126fd2f228ec
---
 novajoin/ipa.py  | 16 ++++++++++------
 novajoin/join.py |  7 +++----
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/novajoin/ipa.py b/novajoin/ipa.py
index 1aafaac..42ae81c 100644
--- a/novajoin/ipa.py
+++ b/novajoin/ipa.py
@@ -260,7 +260,7 @@ class IPAClient(IPANovaJoinBase):
 
         if hostname in self.host_cache:
             LOG.debug('Host  ' + hostname + ' found in cache.')
-            return True
+            return self.host_cache[hostname]
 
         params = [hostname]
 
@@ -289,21 +289,25 @@ class IPAClient(IPANovaJoinBase):
 
         try:
             self._call_ipa('host_mod', *params, **modargs)
+            self.host_cache[hostname] = ipaotp.decode('UTF-8')
         except errors.NotFound:
             try:
                 self._call_ipa('host_add', *params, **hostargs)
-                self.host_cache[hostname] = True
+                self.host_cache[hostname] = ipaotp.decode('UTF-8')
             except errors.DuplicateEntry:
-                self.host_cache[hostname] = True
+                # We have no idea what the OTP is for the existing host.
+                return False
             except (errors.ValidationError, errors.DNSNotARecordError):
-                pass
+                # Assumes despite these exceptions the host was created
+                # and the OTP was set.
+                self.host_cache[hostname] = ipaotp.decode('UTF-8')
         except errors.ValidationError:
             # Updating the OTP on an enrolled-host is not allowed
             # in IPA and really a no-op.
-            self.host_cache[hostname] = True
+            # We don't know the OTP of the host, so we cannot update the cache.
             return False
 
-        return True
+        return self.host_cache.get(hostname, False)
 
     def add_subhost(self, hostname):
         """Add a subhost to IPA.
diff --git a/novajoin/join.py b/novajoin/join.py
index b2be4bd..9345663 100644
--- a/novajoin/join.py
+++ b/novajoin/join.py
@@ -200,15 +200,14 @@ class JoinController(Controller):
 
         ipaotp = uuid.uuid4().hex
 
-        data['ipaotp'] = ipaotp
         data['hostname'] = get_fqdn(hostname_short, project_name)
         _, realm = self.ipaclient.get_host_and_realm()
         data['krb_realm'] = realm
 
         try:
-            res = self.ipaclient.add_host(data['hostname'], ipaotp,
-                                          metadata, image_metadata)
-            if not res:
+            data['ipaotp'] = self.ipaclient.add_host(data['hostname'], ipaotp,
+                                                     metadata, image_metadata)
+            if not data['ipaotp']:
                 # OTP was not added to host, don't return one
                 del data['ipaotp']
         except Exception as e:  # pylint: disable=broad-except