[Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
Alexander Bokovoy
abokovoy at redhat.com
Mon Jun 6 11:37:19 UTC 2016
On Mon, 06 Jun 2016, Jan Cholasta wrote:
>On 6.6.2016 13:22, Martin Basti wrote:
>>
>>
>>On 06.06.2016 13:14, Alexander Bokovoy wrote:
>>>On Mon, 06 Jun 2016, Martin Basti wrote:
>>>>
>>>>
>>>>On 06.06.2016 12:36, Alexander Bokovoy wrote:
>>>>>Hi,
>>>>>
>>>>>MS-ADTS spec requires that TrustPartner field should be equal to the
>>>>>commonName (cn) of the trust. We used it a bit wrongly to express
>>>>>trust relationship between parent and child domains. In fact, we
>>>>>have parent-child relationship recorded in the DN (child domains
>>>>>are part of the parent domain's container).
>>>>>
>>>>>Remove the argument that was never used externally but only supplied by
>>>>>trust-specific code inside the IPA framework.
>>>>>
>>>>>Part of https://fedorahosted.org/freeipa/ticket/5354
>>>>>
>>>>>
>>>>>
>>>>
>>>>Hello, how is handled backward compatibility here, you just removes
>>>>the option from API, without any additional logic for older clients.
>>>This is not used by the external clients at all. It is part of internal
>>>logic of the code in trust.py+com.redhat.trust.fetch-domains which
>>>always talk to the same server they are running on.
>>>
>>>@register()
>>>class trustdomain_add(LDAPCreate):
>>> __doc__ = _('Allow access from the trusted domain')
>>> NO_CLI = True
>>>
>>>
>>
>>Yes sorry, not old IPA clients, but it was part of API, shown in API
>>browser, and since this was in API, it is set to stone. So If you think
>>that it is safe to be removed and nobody can hit this, I'm okay for
>>removing that option. Maybe we should at least wrote it to release notes
>>(I'll let Honza to express his feelings as API versioning/compatibility
>>sensei)
>
>IMHO it is safe to remove.
>
>>
>>And you forgot to increment api version in VERSION file
Updated patch attached, with a VERSION change.
--
/ Alexander Bokovoy
-------------- next part --------------
From 71feb298933b3e447c060f4ab70d23fb269a40e2 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy at redhat.com>
Date: Mon, 6 Jun 2016 11:42:34 +0300
Subject: [PATCH 3/4] adtrust: remove nttrustpartner parameter
MS-ADTS spec requires that TrustPartner field should be equal to the
commonName (cn) of the trust. We used it a bit wrongly to express
trust relationship between parent and child domains. In fact, we
have parent-child relationship recorded in the DN (child domains
are part of the parent domain's container).
Remove the argument that was never used externally but only supplied by
trust-specific code inside the IPA framework.
Part of https://fedorahosted.org/freeipa/ticket/5354
---
API.txt | 9 ++----
VERSION | 4 +--
install/ui/test/data/ipa_init_commands.json | 43 -----------------------------
install/ui/test/data/ipa_init_objects.json | 13 ---------
ipaserver/plugins/trust.py | 4 ---
5 files changed, 5 insertions(+), 68 deletions(-)
diff --git a/API.txt b/API.txt
index d5fbc27..4247dd7 100644
--- a/API.txt
+++ b/API.txt
@@ -5323,14 +5323,13 @@ output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: trustdomain_add
-args: 2,9,3
+args: 2,8,3
arg: Str('trustcn', cli_name='trust')
arg: Str('cn', cli_name='domain')
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('ipantflatname?', cli_name='flat_name')
option: Str('ipanttrusteddomainsid?', cli_name='sid')
-option: Str('ipanttrustpartner?')
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('setattr*', cli_name='setattr')
option: StrEnum('trust_type', autofill=True, cli_name='type', default=u'ad', values=[u'ad'])
@@ -5364,14 +5363,13 @@ output: Output('result', type=[<type 'bool'>])
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: trustdomain_find
-args: 2,10,4
+args: 2,9,4
arg: Str('trustcn', cli_name='trust')
arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('cn?', autofill=False, cli_name='domain')
option: Str('ipantflatname?', autofill=False, cli_name='flat_name')
option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='sid')
-option: Str('ipanttrustpartner?', autofill=False)
option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Int('sizelimit?', autofill=False)
@@ -5382,7 +5380,7 @@ output: ListOfEntries('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: Output('truncated', type=[<type 'bool'>])
command: trustdomain_mod
-args: 2,11,3
+args: 2,10,3
arg: Str('trustcn', cli_name='trust')
arg: Str('cn', cli_name='domain')
option: Str('addattr*', cli_name='addattr')
@@ -5390,7 +5388,6 @@ option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('delattr*', cli_name='delattr')
option: Str('ipantflatname?', autofill=False, cli_name='flat_name')
option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='sid')
-option: Str('ipanttrustpartner?', autofill=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Flag('rights', autofill=True, default=False)
option: Str('setattr*', cli_name='setattr')
diff --git a/VERSION b/VERSION
index 4ada746..8945ae5 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=176
-# Last change: mbasti - location-show: list servers in the location
+IPA_API_VERSION_MINOR=177
+# Last change: abbra - adtrust: remove nttrustpartner parameter
diff --git a/install/ui/test/data/ipa_init_commands.json b/install/ui/test/data/ipa_init_commands.json
index c7f717c..b5c482e 100644
--- a/install/ui/test/data/ipa_init_commands.json
+++ b/install/ui/test/data/ipa_init_commands.json
@@ -22023,20 +22023,6 @@
"type": "unicode"
},
{
- "attribute": true,
- "class": "Str",
- "deprecated_cli_aliases": [],
- "doc": "Trusted domain partner",
- "flags": [
- "no_display",
- "no_option"
- ],
- "label": "Trusted domain partner",
- "name": "ipanttrustpartner",
- "noextrawhitespace": true,
- "type": "unicode"
- },
- {
"name": "setattr"
},
{
@@ -22142,21 +22128,6 @@
"type": "unicode"
},
{
- "attribute": true,
- "class": "Str",
- "deprecated_cli_aliases": [],
- "doc": "Trusted domain partner",
- "flags": [
- "no_display",
- "no_option"
- ],
- "label": "Trusted domain partner",
- "name": "ipanttrustpartner",
- "noextrawhitespace": true,
- "query": true,
- "type": "unicode"
- },
- {
"class": "Int",
"deprecated_cli_aliases": [],
"doc": "Time limit of search in seconds",
@@ -22228,20 +22199,6 @@
"type": "unicode"
},
{
- "attribute": true,
- "class": "Str",
- "deprecated_cli_aliases": [],
- "doc": "Trusted domain partner",
- "flags": [
- "no_display",
- "no_option"
- ],
- "label": "Trusted domain partner",
- "name": "ipanttrustpartner",
- "noextrawhitespace": true,
- "type": "unicode"
- },
- {
"name": "setattr"
},
{
diff --git a/install/ui/test/data/ipa_init_objects.json b/install/ui/test/data/ipa_init_objects.json
index ca98a1a..d8dfba2 100644
--- a/install/ui/test/data/ipa_init_objects.json
+++ b/install/ui/test/data/ipa_init_objects.json
@@ -8527,19 +8527,6 @@
"noextrawhitespace": true,
"type": "unicode"
},
- {
- "class": "Str",
- "deprecated_cli_aliases": [],
- "doc": "Trusted domain partner",
- "flags": [
- "no_display",
- "no_option"
- ],
- "label": "Trusted domain partner",
- "name": "ipanttrustpartner",
- "noextrawhitespace": true,
- "type": "unicode"
- }
],
"uuid_attribute": ""
},
diff --git a/ipaserver/plugins/trust.py b/ipaserver/plugins/trust.py
index 98def2e..62fe96e 100644
--- a/ipaserver/plugins/trust.py
+++ b/ipaserver/plugins/trust.py
@@ -1478,10 +1478,6 @@ class trustdomain(LDAPObject):
cli_name='sid',
label=_('Domain Security Identifier'),
),
- Str('ipanttrustpartner?',
- label=_('Trusted domain partner'),
- flags=['no_display', 'no_option'],
- ),
)
# LDAPObject.get_dn() only passes all but last element of keys and no kwargs
--
2.7.4
More information about the Freeipa-devel
mailing list