[Freeipa-devel] [PATCH 0473-0476, 0478-0482]DNS Locations: Prologue
Martin Basti
mbasti at redhat.com
Thu Jun 2 14:16:32 UTC 2016
On 02.06.2016 14:53, Martin Basti wrote:
>
>
> On 02.06.2016 14:41, Pavel Vomacka wrote:
>>
>> On 06/02/2016 02:20 PM, Jan Cholasta wrote:
>>> On 2.6.2016 14:06, Petr Spacek wrote:
>>>> On 1.6.2016 18:00, Martin Basti wrote:
>>>>> <snip>
>>>>>
>>>>> updated patches attached
>>>>>
>>>>> freeipa-mbasti-0473.6-DNS-Locations-Always-create-DNS-related-privileges.patch
>>>>>
>>>>>
>>>>>
>>>>> From 549379a36281d80818fca4ec929d499efafda044 Mon Sep 17 00:00:00
>>>>> 2001
>>>>> From: Martin Basti <mbasti at redhat.com>
>>>>> Date: Wed, 4 May 2016 17:33:52 +0200
>>>>> Subject: [PATCH 1/4] DNS Locations: Always create DNS related
>>>>> privileges
>>>>>
>>>>> DNS privileges are important for handling DNS locations which can be
>>>>> created without DNS servers in IPA topology. We will also need this
>>>>> privileges presented for future feature 'External DNS support'
>>>>>
>>>>> https://fedorahosted.org/freeipa/ticket/2008
>>>>> ---
>>>>> install/share/delegation.ldif | 16 ++++++++++++++++
>>>>> install/share/dns.ldif | 16 ----------------
>>>>> install/updates/37-locations.update | 0
>>>>> install/updates/40-delegation.update | 16 ++++++++++++++++
>>>>> 4 files changed, 32 insertions(+), 16 deletions(-)
>>>>> create mode 100644 install/updates/37-locations.update
>>>>>
>>>>> diff --git a/install/share/delegation.ldif
>>>>> b/install/share/delegation.ldif
>>>>> index
>>>>> 067b4d26a8be8f4d1b699c15b027ed7f260ddb5b..064078306560528842fa76176152ac594db077c8
>>>>> 100644
>>>>> --- a/install/share/delegation.ldif
>>>>> +++ b/install/share/delegation.ldif
>>>>> @@ -80,6 +80,22 @@ objectClass: nestedgroup
>>>>> cn: Delegation Administrator
>>>>> description: Role administration
>>>>>
>>>>> +dn: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
>>>>> +changetype: add
>>>>> +objectClass: top
>>>>> +objectClass: groupofnames
>>>>> +objectClass: nestedgroup
>>>>> +cn: DNS Administrators
>>>>> +description: DNS Administrators
>>>>> +
>>>>> +dn: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX
>>>>> +changetype: add
>>>>> +objectClass: top
>>>>> +objectClass: groupofnames
>>>>> +objectClass: nestedgroup
>>>>> +cn: DNS Servers
>>>>> +description: DNS Servers
>>>>> +
>>>>> dn: cn=Service Administrators,cn=privileges,cn=pbac,$SUFFIX
>>>>> changetype: add
>>>>> objectClass: top
>>>>> diff --git a/install/share/dns.ldif b/install/share/dns.ldif
>>>>> index
>>>>> bd5cc57f90ed66066699af06a74e1426cc8f9a59..6cee478674af191350cf24e0aef74c5e418f392e
>>>>> 100644
>>>>> --- a/install/share/dns.ldif
>>>>> +++ b/install/share/dns.ldif
>>>>> @@ -12,19 +12,3 @@ aci: (targetattr = "*")(version 3.0; acl "Allow
>>>>> read access"; allow (read,search
>>>>> aci: (target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version
>>>>> 3.0;acl "Add DNS entries in a zone";allow (add) userattr =
>>>>> "parent[1].managedby#GROUPDN";)
>>>>> aci: (target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version
>>>>> 3.0;acl "Remove DNS entries from a zone";allow (delete) userattr =
>>>>> "parent[1].managedby#GROUPDN";)
>>>>> aci: (targetattr = "a6record || aaaarecord || afsdbrecord ||
>>>>> aplrecord || arecord || certrecord || cn || cnamerecord ||
>>>>> dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl ||
>>>>> dsrecord || hinforecord || hiprecord || idnsallowdynupdate ||
>>>>> idnsallowquery || idnsallowsyncptr || idnsallowtransfer ||
>>>>> idnsforwarders || idnsforwardpolicy || idnsname ||
>>>>> idnssecinlinesigning || idnssoaexpire || idnssoaminimum ||
>>>>> idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname ||
>>>>> idnssoaserial || idnsupdatepolicy || idnszoneactive ||
>>>>> ipseckeyrecord || keyrecord || kxrecord || locrecord || mdrecord
>>>>> || minforecord || mxrecord || naptrrecord || nsecrecord ||
>>>>> nsec3paramrecord || nsrecord || nxtrecord || ptrrecord || rprecord
>>>>> || rrsigrecord || sigrecord || spfrecord || srvrecord ||
>>>>> sshfprecord || tlsarecord || txtrecord || unknownrecord ")(target
>>>>> = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Update DNS
>>>>> entries in a zone";allow (write) userattr = "parent[0,1].managedby#!
>>> GROUPDN";)
>>>>> -
>>>>> -dn: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
>>>>> -changetype: add
>>>>> -objectClass: top
>>>>> -objectClass: groupofnames
>>>>> -objectClass: nestedgroup
>>>>> -cn: DNS Administrators
>>>>> -description: DNS Administrators
>>>>> -
>>>>> -dn: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX
>>>>> -changetype: add
>>>>> -objectClass: top
>>>>> -objectClass: groupofnames
>>>>> -objectClass: nestedgroup
>>>>> -cn: DNS Servers
>>>>> -description: DNS Servers
>>>>> diff --git a/install/updates/37-locations.update
>>>>> b/install/updates/37-locations.update
>>>>> new file mode 100644
>>>>> index
>>>>> 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
>>>>> diff --git a/install/updates/40-delegation.update
>>>>> b/install/updates/40-delegation.update
>>>>> index
>>>>> f0431b92d707b17607fe873efbfe2fcccd3efce1..259cbdbdab9eef69e29dba117db36a9e3e0c5f66
>>>>> 100644
>>>>> --- a/install/updates/40-delegation.update
>>>>> +++ b/install/updates/40-delegation.update
>>>>> @@ -274,3 +274,19 @@ default:objectClass: groupofnames
>>>>> default:objectClass: top
>>>>> default:cn: Vault Administrators
>>>>> default:description: Vault Administrators
>>>>> +
>>>>> +
>>>>> +# Locations - always create DNS related privileges
>>>>> +dn: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
>>>>> +default:objectClass: top
>>>>> +default:objectClass: groupofnames
>>>>> +default:objectClass: nestedgroup
>>>>> +default:cn: DNS Administrators
>>>>> +default:description: DNS Administrators
>>>>> +
>>>>> +dn: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX
>>>>> +default:objectClass: top
>>>>> +default:objectClass: groupofnames
>>>>> +default:objectClass: nestedgroup
>>>>> +default:cn: DNS Servers
>>>>> +default:description: DNS Servers
>>>>> -- 2.5.5
>>>>>
>>>>>
>>>>> freeipa-mbasti-0474.6-DNS-Locations-add-new-attributes-and-objectclasses.patch
>>>>>
>>>>>
>>>>>
>>>>> From 4363fd4823efcf173f9cc6b56769771bf7867170 Mon Sep 17 00:00:00
>>>>> 2001
>>>>> From: Martin Basti <mbasti at redhat.com>
>>>>> Date: Thu, 12 May 2016 10:53:37 +0200
>>>>> Subject: [PATCH 2/4] DNS Locations: add new attributes and
>>>>> objectclasses
>>>>>
>>>>> http://www.freeipa.org/page/V4/DNS_Location_Mechanism
>>>>>
>>>>> https://fedorahosted.org/freeipa/ticket/2008
>>>>> ---
>>>>> install/share/60ipadns.ldif | 4 ++++
>>>>> 1 file changed, 4 insertions(+)
>>>>>
>>>>> diff --git a/install/share/60ipadns.ldif
>>>>> b/install/share/60ipadns.ldif
>>>>> index
>>>>> 71b99d4d03c34591dc83a5706d300727f3f77f30..5bfed905566bdbfe4e011e218c328701ce854943
>>>>> 100644
>>>>> --- a/install/share/60ipadns.ldif
>>>>> +++ b/install/share/60ipadns.ldif
>>>>> @@ -71,6 +71,8 @@ attributeTypes: ( 2.16.840.1.113730.3.8.5.26
>>>>> NAME 'idnsSecKeySep' DESC 'DNSKEY S
>>>>> attributeTypes: ( 2.16.840.1.113730.3.8.5.27 NAME
>>>>> 'idnsSecAlgorithm' DESC 'DNSKEY algorithm: string used as
>>>>> mnemonic' EQUALITY caseIgnoreIA5Match SUBSTR
>>>>> caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
>>>>> SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
>>>>> attributeTypes: ( 2.16.840.1.113730.3.8.5.28 NAME 'idnsSecKeyRef'
>>>>> DESC 'PKCS#11 URI of the key' EQUALITY caseExactMatch SINGLE-VALUE
>>>>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v4.1' )
>>>>> attributeTypes: ( 2.16.840.1.113730.3.8.11.74 NAME
>>>>> 'ipaDNSVersion' DESC 'IPA DNS data version' EQUALITY integerMatch
>>>>> ORDERING integerOrderingMatch SINGLE-VALUE SYNTAX
>>>>> 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'IPA v4.3' )
>>>>> +attributeTypes: ( 2.16.840.1.113730.3.8.5.32 NAME 'ipaLocation'
>>>>> DESC 'Reference to IPA location' EQUALITY distinguishedNameMatch
>>>>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'IPA
>>>>> v4.4' )
>>>>> +attributeTypes: ( 2.16.840.1.113730.3.8.5.33 NAME
>>>>> 'ipaLocationWeight' DESC 'Weight for the server in IPA location'
>>>>> EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
>>>>> SINGLE-VALUE X-ORIGIN 'IPA v4.4' )
>>>>> objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC
>>>>> 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY
>>>>> ( cn $ idnsAllowDynUpdate $ dNSTTL $ dNSClass $ aRecord $
>>>>> aAAARecord $ a6Record $ nSRecord $ cNAMERecord $ pTRRecord $
>>>>> sRVRecord $ tXTRecord $ mXRecord $ mDRecord $ hInfoRecord $
>>>>> mInfoRecord $ aFSDBRecord $ SigRecord $ KeyRecord $ LocRecord $
>>>>> nXTRecord $ nAPTRRecord $ kXRecord $ certRecord $ dNameRecord $
>>>>> dSRecord $ sSHFPRecord $ rRSIGRecord $ nSECRecord $ DLVRecord $
>>>>> TLSARecord $ UnknownRecord $ RPRecord $ APLRecord $ IPSECKEYRecord
>>>>> $ DHCIDRecord $ HIPRecord $ SPFRecord ) )
>>>>> objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC
>>>>> 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $
>>>>> idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $
>>>>> idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum ) MAY (
>>>>> idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $
>>>>> idnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders $
>>>>> idnsSecInlineSigning $ nSEC3PARAMRecord ) )
>>>>> objectClasses: ( 2.16.840.1.113730.3.8.6.2 NAME
>>>>> 'idnsConfigObject' DESC 'DNS global config options' STRUCTURAL MAY
>>>>> ( idnsForwardPolicy $ idnsForwarders $ idnsAllowSyncPTR $
>>>>> idnsZoneRefresh $ idnsPersistentSearch ) )
>>>>> @@ -78,3 +80,5 @@ objectClasses: ( 2.16.840.1.113730.3.8.12.18
>>>>> NAME 'ipaDNSZone' SUP top AUXILIARY
>>>>> objectClasses: ( 2.16.840.1.113730.3.8.6.3 NAME 'idnsForwardZone'
>>>>> DESC 'Forward Zone class' SUP top STRUCTURAL MUST ( idnsName $
>>>>> idnsZoneActive ) MAY ( idnsForwarders $ idnsForwardPolicy ) )
>>>>> objectClasses: ( 2.16.840.1.113730.3.8.6.4 NAME 'idnsSecKey' DESC
>>>>> 'DNSSEC key metadata' STRUCTURAL MUST ( idnsSecKeyRef $
>>>>> idnsSecKeyCreated $ idnsSecAlgorithm ) MAY ( idnsSecKeyPublish $
>>>>> idnsSecKeyActivate $ idnsSecKeyInactive $ idnsSecKeyDelete $
>>>>> idnsSecKeyZone $ idnsSecKeyRevoke $ idnsSecKeySep $ cn ) X-ORIGIN
>>>>> 'IPA v4.1' )
>>>>> objectClasses: ( 2.16.840.1.113730.3.8.12.36 NAME
>>>>> 'ipaDNSContainer' DESC 'IPA DNS container' AUXILIARY MUST (
>>>>> ipaDNSVersion ) X-ORIGIN 'IPA v4.3' )
>>>>> +objectClasses: ( 2.16.840.1.113730.3.8.6.7 NAME
>>>>> 'ipaLocationObject' DESC 'Object for storing IPA server location'
>>>>> STRUCTURAL MUST ( idnsName ) MAY ( description ) X-ORIGIN 'IPA
>>>>> v4.4' )
>>>>> +objectClasses: ( 2.16.840.1.113730.3.8.6.8 NAME
>>>>> 'ipaLocationMember' DESC 'Member object of IPA location' AUXILIARY
>>>>> MAY ( ipaLocation $ ipaLocationWeight ) X-ORIGIN 'IPA v4.4' )
>>>>> -- 2.5.5
>>>>>
>>>>>
>>>>> freeipa-mbasti-0475.6-DNS-Locations-location-commands.patch
>>>>>
>>>>>
>>>>> From c353f0ecbb0e97d9ff28e38ddea27168e69f9ac5 Mon Sep 17 00:00:00
>>>>> 2001
>>>>> From: Martin Basti <mbasti at redhat.com>
>>>>> Date: Thu, 12 May 2016 10:54:20 +0200
>>>>> Subject: [PATCH 3/4] DNS Locations: location-* commands
>>>>>
>>>>> http://www.freeipa.org/page/V4/DNS_Location_Mechanism
>>>>>
>>>>> https://fedorahosted.org/freeipa/ticket/2008
>>>>> ---
>>>>> ACI.txt | 8 ++
>>>>> API.txt | 59 ++++++++++++++
>>>>> VERSION | 4 +-
>>>>> install/share/bootstrap-template.ldif | 6 ++
>>>>> install/updates/37-locations.update | 4 +
>>>>> install/updates/Makefile.am | 1 +
>>>>> ipalib/constants.py | 1 +
>>>>> ipalib/plugins/location.py | 149
>>>>> ++++++++++++++++++++++++++++++++++
>>>>> 8 files changed, 230 insertions(+), 2 deletions(-)
>>>>> create mode 100644 ipalib/plugins/location.py
>>>>>
>>>>> diff --git a/ACI.txt b/ACI.txt
>>>>> index
>>>>> cea814a0ceb7aea48b709236f0f88677e851ac92..2226eccc74ec6d25c1f6fcc93f3e1c7d636b8146
>>>>> 100644
>>>>> --- a/ACI.txt
>>>>> +++ b/ACI.txt
>>>>> @@ -158,6 +158,14 @@ dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example
>>>>> aci: (targetattr = "createtimestamp || entryusn ||
>>>>> krbdefaultencsalttypes || krbmaxrenewableage || krbmaxticketlife
>>>>> || krbsupportedencsalttypes || modifytimestamp ||
>>>>> objectclass")(targetfilter =
>>>>> "(objectclass=krbticketpolicyaux)")(version 3.0;acl
>>>>> "permission:System: Read Default Kerberos Ticket Policy";allow
>>>>> (compare,read,search) groupdn = "ldap:///cn=System: Read Default
>>>>> Kerberos Ticket
>>>>> Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>>>>> dn: cn=users,cn=accounts,dc=ipa,dc=example
>>>>> aci: (targetattr = "krbmaxrenewableage ||
>>>>> krbmaxticketlife")(targetfilter =
>>>>> "(objectclass=krbticketpolicyaux)")(version 3.0;acl
>>>>> "permission:System: Read User Kerberos Ticket Policy";allow
>>>>> (compare,read,search) groupdn = "ldap:///cn=System: Read User
>>>>> Kerberos Ticket
>>>>> Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>>>>> +dn: cn=locations,cn=etc,dc=ipa,dc=example
>>>>> +aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>>>>> 3.0;acl "permission:System: Add IPA Locations";allow (add) groupdn
>>>>> = "ldap:///cn=System: Add IPA
>>>>> Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>>>>> +dn: cn=locations,cn=etc,dc=ipa,dc=example
>>>>> +aci: (targetattr = "description")(targetfilter =
>>>>> "(objectclass=ipaLocationObject)")(version 3.0;acl
>>>>> "permission:System: Modify IPA Locations";allow (write) groupdn =
>>>>> "ldap:///cn=System: Modify IPA
>>>>> Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>>>>> +dn: cn=locations,cn=etc,dc=ipa,dc=example
>>>>> +aci: (targetattr = "createtimestamp || description || entryusn ||
>>>>> idnsname || modifytimestamp || objectclass")(targetfilter =
>>>>> "(objectclass=ipaLocationObject)")(version 3.0;acl
>>>>> "permission:System: Read IPA Locations";allow
>>>>> (compare,read,search) groupdn = "ldap:///cn=System: Read IPA
>>>>> Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>>>>> +dn: cn=locations,cn=etc,dc=ipa,dc=example
>>>>> +aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>>>>> 3.0;acl "permission:System: Remove IPA Locations";allow (delete)
>>>>> groupdn = "ldap:///cn=System: Remove IPA
>>>>> Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>>>>> dn: cn=ng,cn=alt,dc=ipa,dc=example
>>>>> aci: (targetfilter = "(objectclass=ipanisnetgroup)")(version
>>>>> 3.0;acl "permission:System: Add Netgroups";allow (add) groupdn =
>>>>> "ldap:///cn=System: Add
>>>>> Netgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
>>>>> dn: cn=ng,cn=alt,dc=ipa,dc=example
>>>>> diff --git a/API.txt b/API.txt
>>>>> index
>>>>> 3ad250e74f48ef3c54494ba6bd2d398a7c5d1b69..0568a6573236ca25c7b2353832f949c95b353758
>>>>> 100644
>>>>> --- a/API.txt
>>>>> +++ b/API.txt
>>>>> @@ -2759,6 +2759,65 @@ option: Str('version?')
>>>>> output: Entry('result')
>>>>> output: Output('summary', type=[<type 'unicode'>, <type
>>>>> 'NoneType'>])
>>>>> output: PrimaryKey('value')
>>>>> +command: location_add
>>>>> +args: 1,6,3
>>>>> +arg: DNSNameParam('idnsname', cli_name='name')
>>>>> +option: Str('addattr*', cli_name='addattr')
>>>>> +option: Flag('all', autofill=True, cli_name='all', default=False)
>>>>> +option: Str('description?')
>>>>> +option: Flag('raw', autofill=True, cli_name='raw', default=False)
>>>>> +option: Str('setattr*', cli_name='setattr')
>>>>> +option: Str('version?')
>>>>> +output: Entry('result')
>>>>> +output: Output('summary', type=[<type 'unicode'>, <type
>>>>> 'NoneType'>])
>>>>> +output: PrimaryKey('value')
>>>>> +command: location_del
>>>>> +args: 1,2,3
>>>>> +arg: DNSNameParam('idnsname+', cli_name='name')
>>>>> +option: Flag('continue', autofill=True, cli_name='continue',
>>>>> default=False)
>>>>> +option: Str('version?')
>>>>> +output: Output('result', type=[<type 'dict'>])
>>>>> +output: Output('summary', type=[<type 'unicode'>, <type
>>>>> 'NoneType'>])
>>>>> +output: ListOfPrimaryKeys('value')
>>>>> +command: location_find
>>>>> +args: 1,8,4
>>>>> +arg: Str('criteria?')
>>>>> +option: Flag('all', autofill=True, cli_name='all', default=False)
>>>>> +option: Str('description?', autofill=False)
>>>>> +option: DNSNameParam('idnsname?', autofill=False, cli_name='name')
>>>>> +option: Flag('pkey_only?', autofill=True, default=False)
>>>>> +option: Flag('raw', autofill=True, cli_name='raw', default=False)
>>>>> +option: Int('sizelimit?', autofill=False)
>>>>> +option: Int('timelimit?', autofill=False)
>>>>> +option: Str('version?')
>>>>> +output: Output('count', type=[<type 'int'>])
>>>>> +output: ListOfEntries('result')
>>>>> +output: Output('summary', type=[<type 'unicode'>, <type
>>>>> 'NoneType'>])
>>>>> +output: Output('truncated', type=[<type 'bool'>])
>>>>> +command: location_mod
>>>>> +args: 1,8,3
>>>>> +arg: DNSNameParam('idnsname', cli_name='name')
>>>>> +option: Str('addattr*', cli_name='addattr')
>>>>> +option: Flag('all', autofill=True, cli_name='all', default=False)
>>>>> +option: Str('delattr*', cli_name='delattr')
>>>>> +option: Str('description?', autofill=False)
>>>>> +option: Flag('raw', autofill=True, cli_name='raw', default=False)
>>>>> +option: Flag('rights', autofill=True, default=False)
>>>>> +option: Str('setattr*', cli_name='setattr')
>>>>> +option: Str('version?')
>>>>> +output: Entry('result')
>>>>> +output: Output('summary', type=[<type 'unicode'>, <type
>>>>> 'NoneType'>])
>>>>> +output: PrimaryKey('value')
>>>>> +command: location_show
>>>>> +args: 1,4,3
>>>>> +arg: DNSNameParam('idnsname', cli_name='name')
>>>>> +option: Flag('all', autofill=True, cli_name='all', default=False)
>>>>> +option: Flag('raw', autofill=True, cli_name='raw', default=False)
>>>>> +option: Flag('rights', autofill=True, default=False)
>>>>> +option: Str('version?')
>>>>> +output: Entry('result')
>>>>> +output: Output('summary', type=[<type 'unicode'>, <type
>>>>> 'NoneType'>])
>>>>> +output: PrimaryKey('value')
>>>>> command: migrate_ds
>>>>> args: 2,20,4
>>>>> arg: Str('ldapuri', cli_name='ldap_uri')
>>>>> diff --git a/VERSION b/VERSION
>>>>> index
>>>>> 45fdb09788dbc6496272da786bb6d6afa45bf118..03908580e3008b5011588588ad41083310d24095
>>>>> 100644
>>>>> --- a/VERSION
>>>>> +++ b/VERSION
>>>>> @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
>>>>> # #
>>>>> ########################################################
>>>>> IPA_API_VERSION_MAJOR=2
>>>>> -IPA_API_VERSION_MINOR=170
>>>>> -# Last change: mbasti - *-find: do not search for members by default
>>>>> +IPA_API_VERSION_MINOR=171
>>>>> +# Last change: mbasti - location-* commands
>>>>> diff --git a/install/share/bootstrap-template.ldif
>>>>> b/install/share/bootstrap-template.ldif
>>>>> index
>>>>> 628a8e2e0f5483b9f6f565b0c7d11eb000a5912d..83be4399508a905f8eae7e2f59140a6b4051b661
>>>>> 100644
>>>>> --- a/install/share/bootstrap-template.ldif
>>>>> +++ b/install/share/bootstrap-template.ldif
>>>>> @@ -119,6 +119,12 @@ objectClass: nsContainer
>>>>> objectClass: top
>>>>> cn: etc
>>>>>
>>>>> +dn: cn=locations,cn=etc,$SUFFIX
>>>>> +changetype: add
>>>>> +objectClass: nsContainer
>>>>> +objectClass: top
>>>>> +cn: locations
>>>>> +
>>>>> dn: cn=sysaccounts,cn=etc,$SUFFIX
>>>>> changetype: add
>>>>> objectClass: nsContainer
>>>>> diff --git a/install/updates/37-locations.update
>>>>> b/install/updates/37-locations.update
>>>>> index
>>>>> e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..cf47e6d6296af830a76aad2c9b9f5a6ea5d9f3a1
>>>>> 100644
>>>>> --- a/install/updates/37-locations.update
>>>>> +++ b/install/updates/37-locations.update
>>>>> @@ -0,0 +1,4 @@
>>>>> +dn: cn=locations,cn=etc,$SUFFIX
>>>>> +default: objectClass: nsContainer
>>>>> +default: objectClass: top
>>>>> +default: cn: locations
>>>>> diff --git a/install/updates/Makefile.am
>>>>> b/install/updates/Makefile.am
>>>>> index
>>>>> 3edc21473d676bd282e9ea2b88769c097fb8a63a..737a8bbbd1a4915a6aefec2d273b90bb3ca31710
>>>>> 100644
>>>>> --- a/install/updates/Makefile.am
>>>>> +++ b/install/updates/Makefile.am
>>>>> @@ -28,6 +28,7 @@ app_DATA = \
>>>>> 25-referint.update \
>>>>> 30-provisioning.update \
>>>>> 30-s4u2proxy.update \
>>>>> + 37-locations.update \
>>>>> 40-delegation.update \
>>>>> 40-realm_domains.update \
>>>>> 40-replication.update \
>>>>> diff --git a/ipalib/constants.py b/ipalib/constants.py
>>>>> index
>>>>> 021f18cd366b821427bdbfcc5e354d2047ef39b1..d1c9ccf68d01ef1dc032559ca8a353eede7a0e09
>>>>> 100644
>>>>> --- a/ipalib/constants.py
>>>>> +++ b/ipalib/constants.py
>>>>> @@ -121,6 +121,7 @@ DEFAULT_CONFIG = (
>>>>> ('container_certprofile', DN(('cn', 'certprofiles'), ('cn',
>>>>> 'ca'))),
>>>>> ('container_topology', DN(('cn', 'topology'), ('cn', 'ipa'),
>>>>> ('cn', 'etc'))),
>>>>> ('container_caacl', DN(('cn', 'caacls'), ('cn', 'ca'))),
>>>>> + ('container_locations', DN(('cn', 'locations'), ('cn', 'etc'))),
>>>>>
>>>>> # Ports, hosts, and URIs:
>>>>> ('xmlrpc_uri', 'http://localhost:8888/ipa/xml'),
>>>>> diff --git a/ipalib/plugins/location.py b/ipalib/plugins/location.py
>>>>> new file mode 100644
>>>>> index
>>>>> 0000000000000000000000000000000000000000..efba55aa75e342f566a40a0d10887e173b8a83fc
>>>>> --- /dev/null
>>>>> +++ b/ipalib/plugins/location.py
>>>>> @@ -0,0 +1,149 @@
>>>>> +#
>>>>> +# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
>>>>> +#
>>>>> +
>>>>> +from __future__ import absolute_import
>>>>> +
>>>>> +from ipalib import (
>>>>> + _,
>>>>> + ngettext,
>>>>> + api,
>>>>> + Str,
>>>>> + DNSNameParam
>>>>> +)
>>>>> +from ipalib.plugable import Registry
>>>>> +from ipalib.plugins.baseldap import (
>>>>> + LDAPCreate,
>>>>> + LDAPSearch,
>>>>> + LDAPRetrieve,
>>>>> + LDAPDelete,
>>>>> + LDAPObject,
>>>>> + LDAPUpdate,
>>>>> +)
>>>>> +from ipapython.dnsutil import DNSName
>>>>> +
>>>>> +__doc__ = _("""
>>>>> +IPA locations
>>>>> +""") + _("""
>>>>> +Manipulate DNS locations
>>>>> +""") + _("""
>>>>> +EXAMPLES:
>>>>> +""") + _("""
>>>>> + Find all locations:
>>>>> + ipa location-find
>>>>> +""") + _("""
>>>>> + Show specific location:
>>>>> + ipa location-show location
>>>>> +""") + _("""
>>>>> + Add location:
>>>>> + ipa location-add location --description 'My location'
>>>>> +""") + _("""
>>>>> + Delete location:
>>>>> + ipa location-del location
>>>>> +""")
>>>>> +
>>>>> +register = Registry()
>>>>> +
>>>>> +
>>>>> + at register()
>>>>> +class location(LDAPObject):
>>>>> + """
>>>>> + IPA locations
>>>>> + """
>>>>> + container_dn = api.env.container_locations
>>>>> + object_name = _('location')
>>>>> + object_name_plural = _('locations')
>>>>> + object_class = ['ipaLocationObject']
>>>>> + search_attributes = ['idnsName']
>>>>> + default_attributes = [
>>>>> + 'idnsname', 'description'
>>>>> + ]
>>>>> + label = _('IPA Locations')
>>>>> + label_singular = _('IPA Location')
>>>>> +
>>>>> + permission_filter_objectclasses = ['ipaLocationObject']
>>>>> + managed_permissions = {
>>>>> + 'System: Read IPA Locations': {
>>>>> + 'ipapermright': {'read', 'search', 'compare'},
>>>>> + 'ipapermdefaultattr': {
>>>>> + 'objectclass', 'idnsname', 'description',
>>>>> + },
>>>>> + 'default_privileges': {'DNS Administrators'},
>>>>> + },
>>>>> + 'System: Add IPA Locations': {
>>>>> + 'ipapermright': {'add'},
>>>>> + 'default_privileges': {'DNS Administrators'},
>>>>> + },
>>>>> + 'System: Remove IPA Locations': {
>>>>> + 'ipapermright': {'delete'},
>>>>> + 'default_privileges': {'DNS Administrators'},
>>>>> + },
>>>>> + 'System: Modify IPA Locations': {
>>>>> + 'ipapermright': {'write'},
>>>>> + 'ipapermdefaultattr': {
>>>>> + 'description',
>>>>> + },
>>>>> + 'default_privileges': {'DNS Administrators'},
>>>>> + },
>>>>> + }
>>>>> +
>>>>> + takes_params = (
>>>>> + DNSNameParam(
>>>>> + 'idnsname',
>>>>> + cli_name='name',
>>>>> + primary_key=True,
>>>>> + label=_('Location name'),
>>>>> + doc=_('IPA location name'),
>>>>> + # dns name must be relative, we will put it into
>>>>> middle of
>>>>> + # location domain name for location records
>>>>> + only_relative=True,
>>>>> + ),
>>>>> + Str(
>>>>> + 'description?',
>>>>> + label=_('Description'),
>>>>> + doc=_('IPA Location description'),
>>>>> + ),
>>>>> + )
>>>>> +
>>>>> + def get_dn(self, *keys, **options):
>>>>> + loc = keys[-1]
>>>>> + assert isinstance(loc, DNSName)
>>>>> + loc_a = loc.ToASCII()
>>>>> +
>>>>> + return super(location, self).get_dn(loc_a, **options)
>>>>> +
>>>>> +
>>>>> + at register()
>>>>> +class location_add(LDAPCreate):
>>>>> + __doc__ = _('Add a new IPA location.')
>>>>> +
>>>>> + msg_summary = _('Added IPA location "%(value)s"')
>>>>> +
>>>>> +
>>>>> + at register()
>>>>> +class location_del(LDAPDelete):
>>>>> + __doc__ = _('Delete an IPA location.')
>>>>> +
>>>>> + msg_summary = _('Deleted IPA location "%(value)s"')
>>>>> +
>>>>> +
>>>>> + at register()
>>>>> +class location_mod(LDAPUpdate):
>>>>> + __doc__ = _('Modify information about an IPA location .')
>>>>
>>>> Typo - redundant ' ' at the end.
>>>>
>>>>
>>>> Conditional NACK, warnings mentioned in
>>>> http://www.freeipa.org/page/V4/DNS_Location_Mechanism#CLI
>>>> are not there.
>>>>
>>>> I'm open to changing this to ACK if you open a separate ticket for
>>>> this
>>>> omission so we do not forget to add them later on.
>>>
>>> +1
>>>
>>>
>>> Patch 480:
>>>
>>> 1) The code in location_show.execute() looks like it could be moved
>>> to location_show.post_callback()
>>>
>>>
>>> 2) Before calling super().output_for_cli(), pop 'servers' from
>>> result, so that it is not displayed with --all.
>>>
>>>
>>> Patch 481:
>>>
>>> 1) Could we rename --force to --nonempty (or something better)? I
>>> would like to reserve --force for "ignore NotFound when deleting the
>>> entry", which is not the case here.
>>>
>>
>> I tried to build freeIPA with your patches on Fedora 23 and I got
>> following pylint error:
>> ************* Module ipalib.plugins.location
>> ipalib/plugins/location.py:218: [W1619(old-division),
>> location_show.execute] division w/o __future__ statement)
>> Makefile:137: recipe for target 'lint' failed
>>
> This is a bug in older pylint, I have that import there, I don't see
> this with pylint on F24
> I will put there # pylint: disable=old-division to unblock build on F23
>
I changed my mind, IPA 4.4 won't be on F23, and nothing prevents us to
build it on F24 with never and better pylint. In worst case we can put
newer pylint to @freeipa/freeipa-master copr repo
So, if you disagree scream now or never
Martin^2
More information about the Freeipa-devel
mailing list