[Freeipa-devel] [PATCH 0473-0476, 0478-0482]DNS Locations: Prologue
Pavel Vomacka
pvomacka at redhat.com
Thu Jun 2 12:41:13 UTC 2016
On 06/02/2016 02:20 PM, Jan Cholasta wrote:
> On 2.6.2016 14:06, Petr Spacek wrote:
>> On 1.6.2016 18:00, Martin Basti wrote:
>>> <snip>
>>>
>>> updated patches attached
>>>
>>> freeipa-mbasti-0473.6-DNS-Locations-Always-create-DNS-related-privileges.patch
>>>
>>>
>>>
>>> From 549379a36281d80818fca4ec929d499efafda044 Mon Sep 17 00:00:00 2001
>>> From: Martin Basti <mbasti at redhat.com>
>>> Date: Wed, 4 May 2016 17:33:52 +0200
>>> Subject: [PATCH 1/4] DNS Locations: Always create DNS related
>>> privileges
>>>
>>> DNS privileges are important for handling DNS locations which can be
>>> created without DNS servers in IPA topology. We will also need this
>>> privileges presented for future feature 'External DNS support'
>>>
>>> https://fedorahosted.org/freeipa/ticket/2008
>>> ---
>>> install/share/delegation.ldif | 16 ++++++++++++++++
>>> install/share/dns.ldif | 16 ----------------
>>> install/updates/37-locations.update | 0
>>> install/updates/40-delegation.update | 16 ++++++++++++++++
>>> 4 files changed, 32 insertions(+), 16 deletions(-)
>>> create mode 100644 install/updates/37-locations.update
>>>
>>> diff --git a/install/share/delegation.ldif
>>> b/install/share/delegation.ldif
>>> index
>>> 067b4d26a8be8f4d1b699c15b027ed7f260ddb5b..064078306560528842fa76176152ac594db077c8
>>> 100644
>>> --- a/install/share/delegation.ldif
>>> +++ b/install/share/delegation.ldif
>>> @@ -80,6 +80,22 @@ objectClass: nestedgroup
>>> cn: Delegation Administrator
>>> description: Role administration
>>>
>>> +dn: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
>>> +changetype: add
>>> +objectClass: top
>>> +objectClass: groupofnames
>>> +objectClass: nestedgroup
>>> +cn: DNS Administrators
>>> +description: DNS Administrators
>>> +
>>> +dn: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX
>>> +changetype: add
>>> +objectClass: top
>>> +objectClass: groupofnames
>>> +objectClass: nestedgroup
>>> +cn: DNS Servers
>>> +description: DNS Servers
>>> +
>>> dn: cn=Service Administrators,cn=privileges,cn=pbac,$SUFFIX
>>> changetype: add
>>> objectClass: top
>>> diff --git a/install/share/dns.ldif b/install/share/dns.ldif
>>> index
>>> bd5cc57f90ed66066699af06a74e1426cc8f9a59..6cee478674af191350cf24e0aef74c5e418f392e
>>> 100644
>>> --- a/install/share/dns.ldif
>>> +++ b/install/share/dns.ldif
>>> @@ -12,19 +12,3 @@ aci: (targetattr = "*")(version 3.0; acl "Allow
>>> read access"; allow (read,search
>>> aci: (target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl
>>> "Add DNS entries in a zone";allow (add) userattr =
>>> "parent[1].managedby#GROUPDN";)
>>> aci: (target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl
>>> "Remove DNS entries from a zone";allow (delete) userattr =
>>> "parent[1].managedby#GROUPDN";)
>>> aci: (targetattr = "a6record || aaaarecord || afsdbrecord ||
>>> aplrecord || arecord || certrecord || cn || cnamerecord ||
>>> dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl ||
>>> dsrecord || hinforecord || hiprecord || idnsallowdynupdate ||
>>> idnsallowquery || idnsallowsyncptr || idnsallowtransfer ||
>>> idnsforwarders || idnsforwardpolicy || idnsname ||
>>> idnssecinlinesigning || idnssoaexpire || idnssoaminimum ||
>>> idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname ||
>>> idnssoaserial || idnsupdatepolicy || idnszoneactive ||
>>> ipseckeyrecord || keyrecord || kxrecord || locrecord || mdrecord ||
>>> minforecord || mxrecord || naptrrecord || nsecrecord ||
>>> nsec3paramrecord || nsrecord || nxtrecord || ptrrecord || rprecord
>>> || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord
>>> || tlsarecord || txtrecord || unknownrecord ")(target =
>>> "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Update DNS
>>> entries in a zone";allow (write) userattr = "parent[0,1].managedby#!
> GROUPDN";)
>>> -
>>> -dn: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
>>> -changetype: add
>>> -objectClass: top
>>> -objectClass: groupofnames
>>> -objectClass: nestedgroup
>>> -cn: DNS Administrators
>>> -description: DNS Administrators
>>> -
>>> -dn: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX
>>> -changetype: add
>>> -objectClass: top
>>> -objectClass: groupofnames
>>> -objectClass: nestedgroup
>>> -cn: DNS Servers
>>> -description: DNS Servers
>>> diff --git a/install/updates/37-locations.update
>>> b/install/updates/37-locations.update
>>> new file mode 100644
>>> index
>>> 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
>>> diff --git a/install/updates/40-delegation.update
>>> b/install/updates/40-delegation.update
>>> index
>>> f0431b92d707b17607fe873efbfe2fcccd3efce1..259cbdbdab9eef69e29dba117db36a9e3e0c5f66
>>> 100644
>>> --- a/install/updates/40-delegation.update
>>> +++ b/install/updates/40-delegation.update
>>> @@ -274,3 +274,19 @@ default:objectClass: groupofnames
>>> default:objectClass: top
>>> default:cn: Vault Administrators
>>> default:description: Vault Administrators
>>> +
>>> +
>>> +# Locations - always create DNS related privileges
>>> +dn: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
>>> +default:objectClass: top
>>> +default:objectClass: groupofnames
>>> +default:objectClass: nestedgroup
>>> +default:cn: DNS Administrators
>>> +default:description: DNS Administrators
>>> +
>>> +dn: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX
>>> +default:objectClass: top
>>> +default:objectClass: groupofnames
>>> +default:objectClass: nestedgroup
>>> +default:cn: DNS Servers
>>> +default:description: DNS Servers
>>> -- 2.5.5
>>>
>>>
>>> freeipa-mbasti-0474.6-DNS-Locations-add-new-attributes-and-objectclasses.patch
>>>
>>>
>>>
>>> From 4363fd4823efcf173f9cc6b56769771bf7867170 Mon Sep 17 00:00:00 2001
>>> From: Martin Basti <mbasti at redhat.com>
>>> Date: Thu, 12 May 2016 10:53:37 +0200
>>> Subject: [PATCH 2/4] DNS Locations: add new attributes and
>>> objectclasses
>>>
>>> http://www.freeipa.org/page/V4/DNS_Location_Mechanism
>>>
>>> https://fedorahosted.org/freeipa/ticket/2008
>>> ---
>>> install/share/60ipadns.ldif | 4 ++++
>>> 1 file changed, 4 insertions(+)
>>>
>>> diff --git a/install/share/60ipadns.ldif b/install/share/60ipadns.ldif
>>> index
>>> 71b99d4d03c34591dc83a5706d300727f3f77f30..5bfed905566bdbfe4e011e218c328701ce854943
>>> 100644
>>> --- a/install/share/60ipadns.ldif
>>> +++ b/install/share/60ipadns.ldif
>>> @@ -71,6 +71,8 @@ attributeTypes: ( 2.16.840.1.113730.3.8.5.26 NAME
>>> 'idnsSecKeySep' DESC 'DNSKEY S
>>> attributeTypes: ( 2.16.840.1.113730.3.8.5.27 NAME
>>> 'idnsSecAlgorithm' DESC 'DNSKEY algorithm: string used as mnemonic'
>>> EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch
>>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
>>> attributeTypes: ( 2.16.840.1.113730.3.8.5.28 NAME 'idnsSecKeyRef'
>>> DESC 'PKCS#11 URI of the key' EQUALITY caseExactMatch SINGLE-VALUE
>>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v4.1' )
>>> attributeTypes: ( 2.16.840.1.113730.3.8.11.74 NAME 'ipaDNSVersion'
>>> DESC 'IPA DNS data version' EQUALITY integerMatch ORDERING
>>> integerOrderingMatch SINGLE-VALUE SYNTAX
>>> 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'IPA v4.3' )
>>> +attributeTypes: ( 2.16.840.1.113730.3.8.5.32 NAME 'ipaLocation'
>>> DESC 'Reference to IPA location' EQUALITY distinguishedNameMatch
>>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'IPA v4.4' )
>>> +attributeTypes: ( 2.16.840.1.113730.3.8.5.33 NAME
>>> 'ipaLocationWeight' DESC 'Weight for the server in IPA location'
>>> EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
>>> SINGLE-VALUE X-ORIGIN 'IPA v4.4' )
>>> objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC
>>> 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY (
>>> cn $ idnsAllowDynUpdate $ dNSTTL $ dNSClass $ aRecord $ aAAARecord $
>>> a6Record $ nSRecord $ cNAMERecord $ pTRRecord $ sRVRecord $
>>> tXTRecord $ mXRecord $ mDRecord $ hInfoRecord $ mInfoRecord $
>>> aFSDBRecord $ SigRecord $ KeyRecord $ LocRecord $ nXTRecord $
>>> nAPTRRecord $ kXRecord $ certRecord $ dNameRecord $ dSRecord $
>>> sSHFPRecord $ rRSIGRecord $ nSECRecord $ DLVRecord $ TLSARecord $
>>> UnknownRecord $ RPRecord $ APLRecord $ IPSECKEYRecord $ DHCIDRecord
>>> $ HIPRecord $ SPFRecord ) )
>>> objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC
>>> 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $
>>> idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $
>>> idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum ) MAY (
>>> idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $
>>> idnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders $
>>> idnsSecInlineSigning $ nSEC3PARAMRecord ) )
>>> objectClasses: ( 2.16.840.1.113730.3.8.6.2 NAME 'idnsConfigObject'
>>> DESC 'DNS global config options' STRUCTURAL MAY ( idnsForwardPolicy
>>> $ idnsForwarders $ idnsAllowSyncPTR $ idnsZoneRefresh $
>>> idnsPersistentSearch ) )
>>> @@ -78,3 +80,5 @@ objectClasses: ( 2.16.840.1.113730.3.8.12.18 NAME
>>> 'ipaDNSZone' SUP top AUXILIARY
>>> objectClasses: ( 2.16.840.1.113730.3.8.6.3 NAME 'idnsForwardZone'
>>> DESC 'Forward Zone class' SUP top STRUCTURAL MUST ( idnsName $
>>> idnsZoneActive ) MAY ( idnsForwarders $ idnsForwardPolicy ) )
>>> objectClasses: ( 2.16.840.1.113730.3.8.6.4 NAME 'idnsSecKey' DESC
>>> 'DNSSEC key metadata' STRUCTURAL MUST ( idnsSecKeyRef $
>>> idnsSecKeyCreated $ idnsSecAlgorithm ) MAY ( idnsSecKeyPublish $
>>> idnsSecKeyActivate $ idnsSecKeyInactive $ idnsSecKeyDelete $
>>> idnsSecKeyZone $ idnsSecKeyRevoke $ idnsSecKeySep $ cn ) X-ORIGIN
>>> 'IPA v4.1' )
>>> objectClasses: ( 2.16.840.1.113730.3.8.12.36 NAME 'ipaDNSContainer'
>>> DESC 'IPA DNS container' AUXILIARY MUST ( ipaDNSVersion ) X-ORIGIN
>>> 'IPA v4.3' )
>>> +objectClasses: ( 2.16.840.1.113730.3.8.6.7 NAME 'ipaLocationObject'
>>> DESC 'Object for storing IPA server location' STRUCTURAL MUST (
>>> idnsName ) MAY ( description ) X-ORIGIN 'IPA v4.4' )
>>> +objectClasses: ( 2.16.840.1.113730.3.8.6.8 NAME 'ipaLocationMember'
>>> DESC 'Member object of IPA location' AUXILIARY MAY ( ipaLocation $
>>> ipaLocationWeight ) X-ORIGIN 'IPA v4.4' )
>>> -- 2.5.5
>>>
>>>
>>> freeipa-mbasti-0475.6-DNS-Locations-location-commands.patch
>>>
>>>
>>> From c353f0ecbb0e97d9ff28e38ddea27168e69f9ac5 Mon Sep 17 00:00:00 2001
>>> From: Martin Basti <mbasti at redhat.com>
>>> Date: Thu, 12 May 2016 10:54:20 +0200
>>> Subject: [PATCH 3/4] DNS Locations: location-* commands
>>>
>>> http://www.freeipa.org/page/V4/DNS_Location_Mechanism
>>>
>>> https://fedorahosted.org/freeipa/ticket/2008
>>> ---
>>> ACI.txt | 8 ++
>>> API.txt | 59 ++++++++++++++
>>> VERSION | 4 +-
>>> install/share/bootstrap-template.ldif | 6 ++
>>> install/updates/37-locations.update | 4 +
>>> install/updates/Makefile.am | 1 +
>>> ipalib/constants.py | 1 +
>>> ipalib/plugins/location.py | 149
>>> ++++++++++++++++++++++++++++++++++
>>> 8 files changed, 230 insertions(+), 2 deletions(-)
>>> create mode 100644 ipalib/plugins/location.py
>>>
>>> diff --git a/ACI.txt b/ACI.txt
>>> index
>>> cea814a0ceb7aea48b709236f0f88677e851ac92..2226eccc74ec6d25c1f6fcc93f3e1c7d636b8146
>>> 100644
>>> --- a/ACI.txt
>>> +++ b/ACI.txt
>>> @@ -158,6 +158,14 @@ dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example
>>> aci: (targetattr = "createtimestamp || entryusn ||
>>> krbdefaultencsalttypes || krbmaxrenewableage || krbmaxticketlife ||
>>> krbsupportedencsalttypes || modifytimestamp ||
>>> objectclass")(targetfilter =
>>> "(objectclass=krbticketpolicyaux)")(version 3.0;acl
>>> "permission:System: Read Default Kerberos Ticket Policy";allow
>>> (compare,read,search) groupdn = "ldap:///cn=System: Read Default
>>> Kerberos Ticket
>>> Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>>> dn: cn=users,cn=accounts,dc=ipa,dc=example
>>> aci: (targetattr = "krbmaxrenewableage ||
>>> krbmaxticketlife")(targetfilter =
>>> "(objectclass=krbticketpolicyaux)")(version 3.0;acl
>>> "permission:System: Read User Kerberos Ticket Policy";allow
>>> (compare,read,search) groupdn = "ldap:///cn=System: Read User
>>> Kerberos Ticket
>>> Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>>> +dn: cn=locations,cn=etc,dc=ipa,dc=example
>>> +aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>>> 3.0;acl "permission:System: Add IPA Locations";allow (add) groupdn =
>>> "ldap:///cn=System: Add IPA
>>> Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>>> +dn: cn=locations,cn=etc,dc=ipa,dc=example
>>> +aci: (targetattr = "description")(targetfilter =
>>> "(objectclass=ipaLocationObject)")(version 3.0;acl
>>> "permission:System: Modify IPA Locations";allow (write) groupdn =
>>> "ldap:///cn=System: Modify IPA
>>> Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>>> +dn: cn=locations,cn=etc,dc=ipa,dc=example
>>> +aci: (targetattr = "createtimestamp || description || entryusn ||
>>> idnsname || modifytimestamp || objectclass")(targetfilter =
>>> "(objectclass=ipaLocationObject)")(version 3.0;acl
>>> "permission:System: Read IPA Locations";allow (compare,read,search)
>>> groupdn = "ldap:///cn=System: Read IPA
>>> Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>>> +dn: cn=locations,cn=etc,dc=ipa,dc=example
>>> +aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>>> 3.0;acl "permission:System: Remove IPA Locations";allow (delete)
>>> groupdn = "ldap:///cn=System: Remove IPA
>>> Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>>> dn: cn=ng,cn=alt,dc=ipa,dc=example
>>> aci: (targetfilter = "(objectclass=ipanisnetgroup)")(version
>>> 3.0;acl "permission:System: Add Netgroups";allow (add) groupdn =
>>> "ldap:///cn=System: Add
>>> Netgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>>> dn: cn=ng,cn=alt,dc=ipa,dc=example
>>> diff --git a/API.txt b/API.txt
>>> index
>>> 3ad250e74f48ef3c54494ba6bd2d398a7c5d1b69..0568a6573236ca25c7b2353832f949c95b353758
>>> 100644
>>> --- a/API.txt
>>> +++ b/API.txt
>>> @@ -2759,6 +2759,65 @@ option: Str('version?')
>>> output: Entry('result')
>>> output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
>>> output: PrimaryKey('value')
>>> +command: location_add
>>> +args: 1,6,3
>>> +arg: DNSNameParam('idnsname', cli_name='name')
>>> +option: Str('addattr*', cli_name='addattr')
>>> +option: Flag('all', autofill=True, cli_name='all', default=False)
>>> +option: Str('description?')
>>> +option: Flag('raw', autofill=True, cli_name='raw', default=False)
>>> +option: Str('setattr*', cli_name='setattr')
>>> +option: Str('version?')
>>> +output: Entry('result')
>>> +output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
>>> +output: PrimaryKey('value')
>>> +command: location_del
>>> +args: 1,2,3
>>> +arg: DNSNameParam('idnsname+', cli_name='name')
>>> +option: Flag('continue', autofill=True, cli_name='continue',
>>> default=False)
>>> +option: Str('version?')
>>> +output: Output('result', type=[<type 'dict'>])
>>> +output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
>>> +output: ListOfPrimaryKeys('value')
>>> +command: location_find
>>> +args: 1,8,4
>>> +arg: Str('criteria?')
>>> +option: Flag('all', autofill=True, cli_name='all', default=False)
>>> +option: Str('description?', autofill=False)
>>> +option: DNSNameParam('idnsname?', autofill=False, cli_name='name')
>>> +option: Flag('pkey_only?', autofill=True, default=False)
>>> +option: Flag('raw', autofill=True, cli_name='raw', default=False)
>>> +option: Int('sizelimit?', autofill=False)
>>> +option: Int('timelimit?', autofill=False)
>>> +option: Str('version?')
>>> +output: Output('count', type=[<type 'int'>])
>>> +output: ListOfEntries('result')
>>> +output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
>>> +output: Output('truncated', type=[<type 'bool'>])
>>> +command: location_mod
>>> +args: 1,8,3
>>> +arg: DNSNameParam('idnsname', cli_name='name')
>>> +option: Str('addattr*', cli_name='addattr')
>>> +option: Flag('all', autofill=True, cli_name='all', default=False)
>>> +option: Str('delattr*', cli_name='delattr')
>>> +option: Str('description?', autofill=False)
>>> +option: Flag('raw', autofill=True, cli_name='raw', default=False)
>>> +option: Flag('rights', autofill=True, default=False)
>>> +option: Str('setattr*', cli_name='setattr')
>>> +option: Str('version?')
>>> +output: Entry('result')
>>> +output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
>>> +output: PrimaryKey('value')
>>> +command: location_show
>>> +args: 1,4,3
>>> +arg: DNSNameParam('idnsname', cli_name='name')
>>> +option: Flag('all', autofill=True, cli_name='all', default=False)
>>> +option: Flag('raw', autofill=True, cli_name='raw', default=False)
>>> +option: Flag('rights', autofill=True, default=False)
>>> +option: Str('version?')
>>> +output: Entry('result')
>>> +output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
>>> +output: PrimaryKey('value')
>>> command: migrate_ds
>>> args: 2,20,4
>>> arg: Str('ldapuri', cli_name='ldap_uri')
>>> diff --git a/VERSION b/VERSION
>>> index
>>> 45fdb09788dbc6496272da786bb6d6afa45bf118..03908580e3008b5011588588ad41083310d24095
>>> 100644
>>> --- a/VERSION
>>> +++ b/VERSION
>>> @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
>>> # #
>>> ########################################################
>>> IPA_API_VERSION_MAJOR=2
>>> -IPA_API_VERSION_MINOR=170
>>> -# Last change: mbasti - *-find: do not search for members by default
>>> +IPA_API_VERSION_MINOR=171
>>> +# Last change: mbasti - location-* commands
>>> diff --git a/install/share/bootstrap-template.ldif
>>> b/install/share/bootstrap-template.ldif
>>> index
>>> 628a8e2e0f5483b9f6f565b0c7d11eb000a5912d..83be4399508a905f8eae7e2f59140a6b4051b661
>>> 100644
>>> --- a/install/share/bootstrap-template.ldif
>>> +++ b/install/share/bootstrap-template.ldif
>>> @@ -119,6 +119,12 @@ objectClass: nsContainer
>>> objectClass: top
>>> cn: etc
>>>
>>> +dn: cn=locations,cn=etc,$SUFFIX
>>> +changetype: add
>>> +objectClass: nsContainer
>>> +objectClass: top
>>> +cn: locations
>>> +
>>> dn: cn=sysaccounts,cn=etc,$SUFFIX
>>> changetype: add
>>> objectClass: nsContainer
>>> diff --git a/install/updates/37-locations.update
>>> b/install/updates/37-locations.update
>>> index
>>> e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..cf47e6d6296af830a76aad2c9b9f5a6ea5d9f3a1
>>> 100644
>>> --- a/install/updates/37-locations.update
>>> +++ b/install/updates/37-locations.update
>>> @@ -0,0 +1,4 @@
>>> +dn: cn=locations,cn=etc,$SUFFIX
>>> +default: objectClass: nsContainer
>>> +default: objectClass: top
>>> +default: cn: locations
>>> diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
>>> index
>>> 3edc21473d676bd282e9ea2b88769c097fb8a63a..737a8bbbd1a4915a6aefec2d273b90bb3ca31710
>>> 100644
>>> --- a/install/updates/Makefile.am
>>> +++ b/install/updates/Makefile.am
>>> @@ -28,6 +28,7 @@ app_DATA = \
>>> 25-referint.update \
>>> 30-provisioning.update \
>>> 30-s4u2proxy.update \
>>> + 37-locations.update \
>>> 40-delegation.update \
>>> 40-realm_domains.update \
>>> 40-replication.update \
>>> diff --git a/ipalib/constants.py b/ipalib/constants.py
>>> index
>>> 021f18cd366b821427bdbfcc5e354d2047ef39b1..d1c9ccf68d01ef1dc032559ca8a353eede7a0e09
>>> 100644
>>> --- a/ipalib/constants.py
>>> +++ b/ipalib/constants.py
>>> @@ -121,6 +121,7 @@ DEFAULT_CONFIG = (
>>> ('container_certprofile', DN(('cn', 'certprofiles'), ('cn',
>>> 'ca'))),
>>> ('container_topology', DN(('cn', 'topology'), ('cn', 'ipa'),
>>> ('cn', 'etc'))),
>>> ('container_caacl', DN(('cn', 'caacls'), ('cn', 'ca'))),
>>> + ('container_locations', DN(('cn', 'locations'), ('cn', 'etc'))),
>>>
>>> # Ports, hosts, and URIs:
>>> ('xmlrpc_uri', 'http://localhost:8888/ipa/xml'),
>>> diff --git a/ipalib/plugins/location.py b/ipalib/plugins/location.py
>>> new file mode 100644
>>> index
>>> 0000000000000000000000000000000000000000..efba55aa75e342f566a40a0d10887e173b8a83fc
>>> --- /dev/null
>>> +++ b/ipalib/plugins/location.py
>>> @@ -0,0 +1,149 @@
>>> +#
>>> +# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
>>> +#
>>> +
>>> +from __future__ import absolute_import
>>> +
>>> +from ipalib import (
>>> + _,
>>> + ngettext,
>>> + api,
>>> + Str,
>>> + DNSNameParam
>>> +)
>>> +from ipalib.plugable import Registry
>>> +from ipalib.plugins.baseldap import (
>>> + LDAPCreate,
>>> + LDAPSearch,
>>> + LDAPRetrieve,
>>> + LDAPDelete,
>>> + LDAPObject,
>>> + LDAPUpdate,
>>> +)
>>> +from ipapython.dnsutil import DNSName
>>> +
>>> +__doc__ = _("""
>>> +IPA locations
>>> +""") + _("""
>>> +Manipulate DNS locations
>>> +""") + _("""
>>> +EXAMPLES:
>>> +""") + _("""
>>> + Find all locations:
>>> + ipa location-find
>>> +""") + _("""
>>> + Show specific location:
>>> + ipa location-show location
>>> +""") + _("""
>>> + Add location:
>>> + ipa location-add location --description 'My location'
>>> +""") + _("""
>>> + Delete location:
>>> + ipa location-del location
>>> +""")
>>> +
>>> +register = Registry()
>>> +
>>> +
>>> + at register()
>>> +class location(LDAPObject):
>>> + """
>>> + IPA locations
>>> + """
>>> + container_dn = api.env.container_locations
>>> + object_name = _('location')
>>> + object_name_plural = _('locations')
>>> + object_class = ['ipaLocationObject']
>>> + search_attributes = ['idnsName']
>>> + default_attributes = [
>>> + 'idnsname', 'description'
>>> + ]
>>> + label = _('IPA Locations')
>>> + label_singular = _('IPA Location')
>>> +
>>> + permission_filter_objectclasses = ['ipaLocationObject']
>>> + managed_permissions = {
>>> + 'System: Read IPA Locations': {
>>> + 'ipapermright': {'read', 'search', 'compare'},
>>> + 'ipapermdefaultattr': {
>>> + 'objectclass', 'idnsname', 'description',
>>> + },
>>> + 'default_privileges': {'DNS Administrators'},
>>> + },
>>> + 'System: Add IPA Locations': {
>>> + 'ipapermright': {'add'},
>>> + 'default_privileges': {'DNS Administrators'},
>>> + },
>>> + 'System: Remove IPA Locations': {
>>> + 'ipapermright': {'delete'},
>>> + 'default_privileges': {'DNS Administrators'},
>>> + },
>>> + 'System: Modify IPA Locations': {
>>> + 'ipapermright': {'write'},
>>> + 'ipapermdefaultattr': {
>>> + 'description',
>>> + },
>>> + 'default_privileges': {'DNS Administrators'},
>>> + },
>>> + }
>>> +
>>> + takes_params = (
>>> + DNSNameParam(
>>> + 'idnsname',
>>> + cli_name='name',
>>> + primary_key=True,
>>> + label=_('Location name'),
>>> + doc=_('IPA location name'),
>>> + # dns name must be relative, we will put it into middle of
>>> + # location domain name for location records
>>> + only_relative=True,
>>> + ),
>>> + Str(
>>> + 'description?',
>>> + label=_('Description'),
>>> + doc=_('IPA Location description'),
>>> + ),
>>> + )
>>> +
>>> + def get_dn(self, *keys, **options):
>>> + loc = keys[-1]
>>> + assert isinstance(loc, DNSName)
>>> + loc_a = loc.ToASCII()
>>> +
>>> + return super(location, self).get_dn(loc_a, **options)
>>> +
>>> +
>>> + at register()
>>> +class location_add(LDAPCreate):
>>> + __doc__ = _('Add a new IPA location.')
>>> +
>>> + msg_summary = _('Added IPA location "%(value)s"')
>>> +
>>> +
>>> + at register()
>>> +class location_del(LDAPDelete):
>>> + __doc__ = _('Delete an IPA location.')
>>> +
>>> + msg_summary = _('Deleted IPA location "%(value)s"')
>>> +
>>> +
>>> + at register()
>>> +class location_mod(LDAPUpdate):
>>> + __doc__ = _('Modify information about an IPA location .')
>>
>> Typo - redundant ' ' at the end.
>>
>>
>> Conditional NACK, warnings mentioned in
>> http://www.freeipa.org/page/V4/DNS_Location_Mechanism#CLI
>> are not there.
>>
>> I'm open to changing this to ACK if you open a separate ticket for this
>> omission so we do not forget to add them later on.
>
> +1
>
>
> Patch 480:
>
> 1) The code in location_show.execute() looks like it could be moved to
> location_show.post_callback()
>
>
> 2) Before calling super().output_for_cli(), pop 'servers' from result,
> so that it is not displayed with --all.
>
>
> Patch 481:
>
> 1) Could we rename --force to --nonempty (or something better)? I
> would like to reserve --force for "ignore NotFound when deleting the
> entry", which is not the case here.
>
I tried to build freeIPA with your patches on Fedora 23 and I got
following pylint error:
************* Module ipalib.plugins.location
ipalib/plugins/location.py:218: [W1619(old-division),
location_show.execute] division w/o __future__ statement)
Makefile:137: recipe for target 'lint' failed
More information about the Freeipa-devel
mailing list