[Freeipa-devel] [PATCHES] Various fixes for trust and range CLI
Sumit Bose
sbose at redhat.com
Thu Sep 6 11:39:47 UTC 2012
Hi,
this series of patches touches couple of tickets related to the trust
and (id)range CLI. I post them together because some of them depend on
each other. I already rebased them on Martin's "Add range safety check
for range_mod and range_del" patch which I'm currently reviewing.
bye,
Sumit
-------------- next part --------------
From 2a87bd560b0a348430e20c59ad8c2e1657ad1d6d Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Thu, 23 Aug 2012 14:17:34 +0200
Subject: [PATCH 60/66] Rename range CLI to idrange
---
API.txt | 146 ++++++++++-----------
install/ui/Makefile.am | 2 +-
install/ui/{range.js => idrange.js} | 62 ++++-----
install/ui/index.html | 2 +-
install/ui/jsl.conf | 2 +-
.../test/data/{range_add.json => idrange_add.json} | 0
.../data/{range_find.json => idrange_find.json} | 0
...nge_find_pkeys.json => idrange_find_pkeys.json} | 0
...e_get_records.json => idrange_get_records.json} | 0
.../test/data/{range_mod.json => idrange_mod.json} | 0
.../data/{range_show.json => idrange_show.json} | 0
install/ui/test/data/ipa_init.json | 2 +-
install/ui/test/data/ipa_init_commands.json | 12 +-
install/ui/test/data/ipa_init_objects.json | 4 +-
install/ui/webui.js | 2 +-
ipalib/plugins/{range.py => idrange.py} | 28 ++--
ipalib/plugins/internal.py | 2 +-
ipalib/plugins/trust.py | 4 +-
tests/test_xmlrpc/test_range_plugin.py | 40 +++---
19 Dateien ge?ndert, 154 Zeilen hinzugef?gt(+), 154 Zeilen entfernt(-)
rename install/ui/{range.js => idrange.js} (64%)
rename install/ui/test/data/{range_add.json => idrange_add.json} (100%)
rename install/ui/test/data/{range_find.json => idrange_find.json} (100%)
rename install/ui/test/data/{range_find_pkeys.json => idrange_find_pkeys.json} (100%)
rename install/ui/test/data/{range_get_records.json => idrange_get_records.json} (100%)
rename install/ui/test/data/{range_mod.json => idrange_mod.json} (100%)
rename install/ui/test/data/{range_show.json => idrange_show.json} (100%)
rename ipalib/plugins/{range.py => idrange.py} (95%)
diff --git a/API.txt b/API.txt
index aef12b7eb6e458d614c84ba20d782ef3154c09f0..f71d42c1ffc17d46b22ebca84868947d9fe376ba 100644
--- a/API.txt
+++ b/API.txt
@@ -1883,6 +1883,79 @@ output: Output('value', <type 'unicode'>, None)
command: i18n_messages
args: 0,0,1
output: Output('messages', <type 'dict'>, None)
+command: idrange_add
+args: 1,11,3
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
+option: Int('ipabaseid', attribute=True, cli_name='base_id', multivalue=False, required=True)
+option: Int('ipaidrangesize', attribute=True, cli_name='range_size', multivalue=False, required=True)
+option: Int('ipabaserid', attribute=True, cli_name='rid_base', multivalue=False, required=True)
+option: Int('ipasecondarybaserid', attribute=True, cli_name='secondary_rid_base', multivalue=False, required=False)
+option: Str('ipanttrusteddomainsid', attribute=True, cli_name='dom_sid', multivalue=False, required=False)
+option: Str('iparangetype', attribute=True, cli_name='iparangetype', multivalue=False, required=False)
+option: Str('setattr*', cli_name='setattr', exclude='webui')
+option: Str('addattr*', cli_name='addattr', exclude='webui')
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('version?', exclude='webui')
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('value', <type 'unicode'>, None)
+command: idrange_del
+args: 1,1,3
+arg: Str('cn', attribute=True, cli_name='name', multivalue=True, primary_key=True, query=True, required=True)
+option: Flag('continue', autofill=True, cli_name='continue', default=False)
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: Output('result', <type 'dict'>, None)
+output: Output('value', <type 'unicode'>, None)
+command: idrange_find
+args: 1,13,4
+arg: Str('criteria?', noextrawhitespace=False)
+option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, primary_key=True, query=True, required=False)
+option: Int('ipabaseid', attribute=True, autofill=False, cli_name='base_id', multivalue=False, query=True, required=False)
+option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, query=True, required=False)
+option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', multivalue=False, query=True, required=False)
+option: Int('ipasecondarybaserid', attribute=True, autofill=False, cli_name='secondary_rid_base', multivalue=False, query=True, required=False)
+option: Str('ipanttrusteddomainsid', attribute=True, autofill=False, cli_name='dom_sid', multivalue=False, query=True, required=False)
+option: Str('iparangetype', attribute=True, autofill=False, cli_name='iparangetype', multivalue=False, query=True, required=False)
+option: Int('timelimit?', autofill=False, minvalue=0)
+option: Int('sizelimit?', autofill=False, minvalue=0)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('version?', exclude='webui')
+option: Flag('pkey_only?', autofill=True, default=False)
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None))
+output: Output('count', <type 'int'>, None)
+output: Output('truncated', <type 'bool'>, None)
+command: idrange_mod
+args: 1,13,3
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
+option: Int('ipabaseid', attribute=True, autofill=False, cli_name='base_id', multivalue=False, required=False)
+option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, required=False)
+option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', multivalue=False, required=False)
+option: Int('ipasecondarybaserid', attribute=True, autofill=False, cli_name='secondary_rid_base', multivalue=False, required=False)
+option: Str('ipanttrusteddomainsid', attribute=True, autofill=False, cli_name='dom_sid', multivalue=False, required=False)
+option: Str('iparangetype', attribute=True, autofill=False, cli_name='iparangetype', multivalue=False, required=False)
+option: Str('setattr*', cli_name='setattr', exclude='webui')
+option: Str('addattr*', cli_name='addattr', exclude='webui')
+option: Str('delattr*', cli_name='delattr', exclude='webui')
+option: Flag('rights', autofill=True, default=False)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('version?', exclude='webui')
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('value', <type 'unicode'>, None)
+command: idrange_show
+args: 1,4,3
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
+option: Flag('rights', autofill=True, default=False)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('version?', exclude='webui')
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('value', <type 'unicode'>, None)
command: json_metadata
args: 2,3,3
arg: Str('objname?')
@@ -2376,79 +2449,6 @@ option: Str('version?', exclude='webui')
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
output: Output('value', <type 'unicode'>, None)
-command: range_add
-args: 1,11,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
-option: Int('ipabaseid', attribute=True, cli_name='base_id', multivalue=False, required=True)
-option: Int('ipaidrangesize', attribute=True, cli_name='range_size', multivalue=False, required=True)
-option: Int('ipabaserid', attribute=True, cli_name='rid_base', multivalue=False, required=True)
-option: Int('ipasecondarybaserid', attribute=True, cli_name='secondary_rid_base', multivalue=False, required=False)
-option: Str('ipanttrusteddomainsid', attribute=True, cli_name='dom_sid', multivalue=False, required=False)
-option: Str('iparangetype', attribute=True, cli_name='iparangetype', multivalue=False, required=False)
-option: Str('setattr*', cli_name='setattr', exclude='webui')
-option: Str('addattr*', cli_name='addattr', exclude='webui')
-option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
-option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
-option: Str('version?', exclude='webui')
-output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
-output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
-output: Output('value', <type 'unicode'>, None)
-command: range_del
-args: 1,1,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=True, primary_key=True, query=True, required=True)
-option: Flag('continue', autofill=True, cli_name='continue', default=False)
-output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
-output: Output('result', <type 'dict'>, None)
-output: Output('value', <type 'unicode'>, None)
-command: range_find
-args: 1,13,4
-arg: Str('criteria?', noextrawhitespace=False)
-option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, primary_key=True, query=True, required=False)
-option: Int('ipabaseid', attribute=True, autofill=False, cli_name='base_id', multivalue=False, query=True, required=False)
-option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, query=True, required=False)
-option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', multivalue=False, query=True, required=False)
-option: Int('ipasecondarybaserid', attribute=True, autofill=False, cli_name='secondary_rid_base', multivalue=False, query=True, required=False)
-option: Str('ipanttrusteddomainsid', attribute=True, autofill=False, cli_name='dom_sid', multivalue=False, query=True, required=False)
-option: Str('iparangetype', attribute=True, autofill=False, cli_name='iparangetype', multivalue=False, query=True, required=False)
-option: Int('timelimit?', autofill=False, minvalue=0)
-option: Int('sizelimit?', autofill=False, minvalue=0)
-option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
-option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
-option: Str('version?', exclude='webui')
-option: Flag('pkey_only?', autofill=True, default=False)
-output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
-output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None))
-output: Output('count', <type 'int'>, None)
-output: Output('truncated', <type 'bool'>, None)
-command: range_mod
-args: 1,13,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
-option: Int('ipabaseid', attribute=True, autofill=False, cli_name='base_id', multivalue=False, required=False)
-option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, required=False)
-option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', multivalue=False, required=False)
-option: Int('ipasecondarybaserid', attribute=True, autofill=False, cli_name='secondary_rid_base', multivalue=False, required=False)
-option: Str('ipanttrusteddomainsid', attribute=True, autofill=False, cli_name='dom_sid', multivalue=False, required=False)
-option: Str('iparangetype', attribute=True, autofill=False, cli_name='iparangetype', multivalue=False, required=False)
-option: Str('setattr*', cli_name='setattr', exclude='webui')
-option: Str('addattr*', cli_name='addattr', exclude='webui')
-option: Str('delattr*', cli_name='delattr', exclude='webui')
-option: Flag('rights', autofill=True, default=False)
-option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
-option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
-option: Str('version?', exclude='webui')
-output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
-output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
-output: Output('value', <type 'unicode'>, None)
-command: range_show
-args: 1,4,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
-option: Flag('rights', autofill=True, default=False)
-option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
-option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
-option: Str('version?', exclude='webui')
-output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
-output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
-output: Output('value', <type 'unicode'>, None)
command: role_add
args: 1,6,3
arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
diff --git a/install/ui/Makefile.am b/install/ui/Makefile.am
index 841e210e27e209d8a2117aa29a27c77359d6c01b..1dc3216021e89754f08f6f2c2a58b260f7b0ce28 100644
--- a/install/ui/Makefile.am
+++ b/install/ui/Makefile.am
@@ -54,7 +54,7 @@ app_DATA = \
overpass_regular-web.ttf \
overpass_regular-web.woff \
policy.js \
- range.js \
+ idrange.js \
reset_password.js \
reset_password.html \
rule.js \
diff --git a/install/ui/range.js b/install/ui/idrange.js
similarity index 64%
rename from install/ui/range.js
rename to install/ui/idrange.js
index ea9b47c982fff02ca988b8e1803fe95e1fd8cf2e..b2ce3169face41b2bd9327dfc016ba958436968d 100644
--- a/install/ui/range.js
+++ b/install/ui/idrange.js
@@ -22,9 +22,9 @@
/* REQUIRES: ipa.js, details.js, search.js, add.js, facet.js, entity.js */
-IPA.range = {};
+IPA.idrange = {};
-IPA.range.entity = function(spec) {
+IPA.idrange.entity = function(spec) {
var that = IPA.entity(spec);
@@ -48,28 +48,28 @@ IPA.range.entity = function(spec) {
'iparangetype',
{
name: 'ipabaseid',
- label: IPA.messages.objects.range.ipabaseid,
- tooltip: IPA.get_entity_param('range', 'ipabaseid').label
+ label: IPA.messages.objects.idrange.ipabaseid,
+ tooltip: IPA.get_entity_param('idrange', 'ipabaseid').label
},
{
name: 'ipaidrangesize',
- label: IPA.messages.objects.range.ipaidrangesize,
- tooltip: IPA.get_entity_param('range', 'ipaidrangesize').label
+ label: IPA.messages.objects.idrange.ipaidrangesize,
+ tooltip: IPA.get_entity_param('idrange', 'ipaidrangesize').label
},
{
name: 'ipabaserid',
- label: IPA.messages.objects.range.ipabaserid,
- tooltip: IPA.get_entity_param('range', 'ipabaserid').label
+ label: IPA.messages.objects.idrange.ipabaserid,
+ tooltip: IPA.get_entity_param('idrange', 'ipabaserid').label
},
{
name: 'ipasecondarybaserid',
- label: IPA.messages.objects.range.ipasecondarybaserid,
- tooltip: IPA.get_entity_param('range', 'ipasecondarybaserid').label
+ label: IPA.messages.objects.idrange.ipasecondarybaserid,
+ tooltip: IPA.get_entity_param('idrange', 'ipasecondarybaserid').label
},
{
name: 'ipanttrusteddomainsid',
- label: IPA.messages.objects.range.ipanttrusteddomainsid,
- tooltip: IPA.get_entity_param('range', 'ipanttrusteddomainsid').label
+ label: IPA.messages.objects.idrange.ipanttrusteddomainsid,
+ tooltip: IPA.get_entity_param('idrange', 'ipanttrusteddomainsid').label
}
]
}
@@ -79,43 +79,43 @@ IPA.range.entity = function(spec) {
fields: [
{
name: 'cn',
- widget: 'range.cn'
+ widget: 'idrange.cn'
},
{
name: 'ipabaseid',
- label: IPA.messages.objects.range.ipabaseid,
- tooltip: IPA.get_entity_param('range', 'ipabaseid').label,
- widget: 'range.ipabaseid'
+ label: IPA.messages.objects.idrange.ipabaseid,
+ tooltip: IPA.get_entity_param('idrange', 'ipabaseid').label,
+ widget: 'idrange.ipabaseid'
},
{
name: 'ipaidrangesize',
- label: IPA.messages.objects.range.ipaidrangesize,
- tooltip: IPA.get_entity_param('range', 'ipaidrangesize').label,
- widget: 'range.ipaidrangesize'
+ label: IPA.messages.objects.idrange.ipaidrangesize,
+ tooltip: IPA.get_entity_param('idrange', 'ipaidrangesize').label,
+ widget: 'idrange.ipaidrangesize'
},
{
name: 'ipabaserid',
- label: IPA.messages.objects.range.ipabaserid,
- tooltip: IPA.get_entity_param('range', 'ipabaserid').label,
- widget: 'range.ipabaserid'
+ label: IPA.messages.objects.idrange.ipabaserid,
+ tooltip: IPA.get_entity_param('idrange', 'ipabaserid').label,
+ widget: 'idrange.ipabaserid'
},
{
name: 'ipasecondarybaserid',
- label: IPA.messages.objects.range.ipasecondarybaserid,
- tooltip: IPA.get_entity_param('range', 'ipasecondarybaserid').label,
+ label: IPA.messages.objects.idrange.ipasecondarybaserid,
+ tooltip: IPA.get_entity_param('idrange', 'ipasecondarybaserid').label,
widget: 'type.ipasecondarybaserid'
},
{
name: 'ipanttrusteddomainsid',
- label: IPA.messages.objects.range.ipanttrusteddomainsid,
- tooltip: IPA.get_entity_param('range', 'ipanttrusteddomainsid').label,
+ label: IPA.messages.objects.idrange.ipanttrusteddomainsid,
+ tooltip: IPA.get_entity_param('idrange', 'ipanttrusteddomainsid').label,
widget: 'type.ipanttrusteddomainsid'
}
],
widgets: [
{
type: 'details_table_section_nc',
- name: 'range',
+ name: 'idrange',
widgets: [
'cn',
'ipabaseid',
@@ -126,18 +126,18 @@ IPA.range.entity = function(spec) {
{
type: 'multiple_choice_section',
name: 'type',
- label: IPA.messages.objects.range.type,
+ label: IPA.messages.objects.idrange.type,
choices: [
{
name: 'local',
- label: IPA.messages.objects.range.type_local,
+ label: IPA.messages.objects.idrange.type_local,
fields: ['ipasecondarybaserid'],
required: ['ipasecondarybaserid'],
enabled: true
},
{
name: 'ad',
- label: IPA.messages.objects.range.type_ad,
+ label: IPA.messages.objects.idrange.type_ad,
fields: ['ipanttrusteddomainsid'],
required: ['ipanttrusteddomainsid']
}
@@ -159,4 +159,4 @@ IPA.range.entity = function(spec) {
return that;
};
-IPA.register('range', IPA.range.entity);
+IPA.register('idrange', IPA.idrange.entity);
diff --git a/install/ui/index.html b/install/ui/index.html
index ab51b6d57b66158d0738697ef774f28b6efcab4a..ba86a521658c7d5ddc9f79485363548648d5b14d 100644
--- a/install/ui/index.html
+++ b/install/ui/index.html
@@ -53,7 +53,7 @@
<script type="text/javascript" src="aci.js"></script>
<script type="text/javascript" src="entitle.js"></script>
<script type="text/javascript" src="trust.js"></script>
- <script type="text/javascript" src="range.js"></script>
+ <script type="text/javascript" src="idrange.js"></script>
<script type="text/javascript" src="ext/extension.js"></script>
<script type="text/javascript" src="webui.js"></script>
diff --git a/install/ui/jsl.conf b/install/ui/jsl.conf
index 5faeed9329de13729c75a97b23fcaa3ba62a1a6e..935566d4fa856aa59a2fbcb7078e73c8a99d30b7 100644
--- a/install/ui/jsl.conf
+++ b/install/ui/jsl.conf
@@ -157,7 +157,7 @@
+process dns.js
+process automount.js
+process automember.js
-+process range.js
++process idrange.js
+process trust.js
+process webui.js
+process login.js
diff --git a/install/ui/test/data/range_add.json b/install/ui/test/data/idrange_add.json
similarity index 100%
rename from install/ui/test/data/range_add.json
rename to install/ui/test/data/idrange_add.json
diff --git a/install/ui/test/data/range_find.json b/install/ui/test/data/idrange_find.json
similarity index 100%
rename from install/ui/test/data/range_find.json
rename to install/ui/test/data/idrange_find.json
diff --git a/install/ui/test/data/range_find_pkeys.json b/install/ui/test/data/idrange_find_pkeys.json
similarity index 100%
rename from install/ui/test/data/range_find_pkeys.json
rename to install/ui/test/data/idrange_find_pkeys.json
diff --git a/install/ui/test/data/range_get_records.json b/install/ui/test/data/idrange_get_records.json
similarity index 100%
rename from install/ui/test/data/range_get_records.json
rename to install/ui/test/data/idrange_get_records.json
diff --git a/install/ui/test/data/range_mod.json b/install/ui/test/data/idrange_mod.json
similarity index 100%
rename from install/ui/test/data/range_mod.json
rename to install/ui/test/data/idrange_mod.json
diff --git a/install/ui/test/data/range_show.json b/install/ui/test/data/idrange_show.json
similarity index 100%
rename from install/ui/test/data/range_show.json
rename to install/ui/test/data/idrange_show.json
diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json
index 24364dafa9e996708b59946abb73c769c2096729..54ff66e33bf0148060e8788e41683e23522f0b80 100644
--- a/install/ui/test/data/ipa_init.json
+++ b/install/ui/test/data/ipa_init.json
@@ -368,7 +368,7 @@
"pwpolicy": {
"identity": "Password Policy"
},
- "range": {
+ "idrange": {
"details": "Range Settings",
"ipabaseid": "Base ID",
"ipabaserid": "Primary RID base",
diff --git a/install/ui/test/data/ipa_init_commands.json b/install/ui/test/data/ipa_init_commands.json
index cfb2703f0a94823c5f0875ccbc3dfc3923446445..4237cc8a8d25cfddab25de979e21a1fcc4b82d1d 100644
--- a/install/ui/test/data/ipa_init_commands.json
+++ b/install/ui/test/data/ipa_init_commands.json
@@ -13708,7 +13708,7 @@
}
]
},
- "range_add": {
+ "idrange_add": {
"takes_args": [],
"takes_options": [
{
@@ -13797,7 +13797,7 @@
}
]
},
- "range_del": {
+ "idrange_del": {
"takes_args": [],
"takes_options": [
{
@@ -13811,7 +13811,7 @@
}
]
},
- "range_find": {
+ "idrange_find": {
"takes_args": [],
"takes_options": [
{
@@ -13941,7 +13941,7 @@
}
]
},
- "range_mod": {
+ "idrange_mod": {
"takes_args": [],
"takes_options": [
{
@@ -14045,7 +14045,7 @@
}
]
},
- "range_show": {
+ "idrange_show": {
"takes_args": [],
"takes_options": [
{
@@ -18180,4 +18180,4 @@
"methods": {},
"objects": {}
}
-}
\ No newline at end of file
+}
diff --git a/install/ui/test/data/ipa_init_objects.json b/install/ui/test/data/ipa_init_objects.json
index 02ac25f4d301323769173200a286bf0e1f07d22f..6458e4cdaa5c64ee0bd82df67508b002bc4446fb 100644
--- a/install/ui/test/data/ipa_init_objects.json
+++ b/install/ui/test/data/ipa_init_objects.json
@@ -5882,7 +5882,7 @@
],
"uuid_attribute": ""
},
- "range": {
+ "idrange": {
"aciattrs": [
"cn",
"ipabaseid",
@@ -7743,4 +7743,4 @@
}
}
}
-}
\ No newline at end of file
+}
diff --git a/install/ui/webui.js b/install/ui/webui.js
index e91946011deb503bcd3cc3bd901f9ae35f927945..f381ab0bec7f48ff1bed204fbc5da7b6a5a5bd0a 100644
--- a/install/ui/webui.js
+++ b/install/ui/webui.js
@@ -84,7 +84,7 @@ IPA.admin_navigation = function(spec) {
]},
{entity: 'selfservice'},
{entity: 'delegation'},
- {entity: 'range'},
+ {entity: 'idrange'},
{entity: 'trust'},
{entity: 'config'}
]}];
diff --git a/ipalib/plugins/range.py b/ipalib/plugins/idrange.py
similarity index 95%
rename from ipalib/plugins/range.py
rename to ipalib/plugins/idrange.py
index cc0c127531bb608fbe22b3332660e6412c28747d..23c8e0c3446d7c6c676134c8422a845e8d752820 100644
--- a/ipalib/plugins/range.py
+++ b/ipalib/plugins/idrange.py
@@ -31,7 +31,7 @@ __doc__ = _("""
Manage ID ranges
""")
-class range(LDAPObject):
+class idrange(LDAPObject):
"""
Range object.
"""
@@ -46,8 +46,8 @@ class range(LDAPObject):
'ipasecondarybaserid', 'ipanttrusteddomainsid',
'iparangetype']
- label = _('Ranges')
- label_singular = _('Range')
+ label = _('ID Ranges')
+ label_singular = _('ID Range')
takes_params = (
Str('cn',
@@ -143,7 +143,7 @@ class range(LDAPObject):
error=_('range modification leaving objects with ID out '
'of the defined range is not allowed'))
-class range_add(LDAPCreate):
+class idrange_add(LDAPCreate):
__doc__ = _('Add new ID range.')
msg_summary = _('Added ID range "%(value)s"')
@@ -168,7 +168,7 @@ class range_add(LDAPCreate):
self.obj.handle_iparangetype(entry_attrs, options, keep_objectclass=True)
return dn
-class range_del(LDAPDelete):
+class idrange_del(LDAPDelete):
__doc__ = _('Delete an ID range.')
msg_summary = _('Deleted ID range "%(value)s"')
@@ -185,7 +185,7 @@ class range_del(LDAPDelete):
old_base_id, old_range_size, 0, 0)
return dn
-class range_find(LDAPSearch):
+class idrange_find(LDAPSearch):
__doc__ = _('Search for ranges.')
msg_summary = ngettext(
@@ -204,7 +204,7 @@ class range_find(LDAPSearch):
self.obj.handle_iparangetype(entry, options)
return truncated
-class range_show(LDAPRetrieve):
+class idrange_show(LDAPRetrieve):
__doc__ = _('Display information about a range.')
def pre_callback(self, ldap, dn, attrs_list, *keys, **options):
@@ -217,7 +217,7 @@ class range_show(LDAPRetrieve):
self.obj.handle_iparangetype(entry_attrs, options)
return dn
-class range_mod(LDAPUpdate):
+class idrange_mod(LDAPUpdate):
__doc__ = _('Modify ID range.')
msg_summary = _('Modified ID range "%(value)s"')
@@ -249,9 +249,9 @@ class range_mod(LDAPUpdate):
self.obj.handle_iparangetype(entry_attrs, options)
return dn
-api.register(range)
-api.register(range_add)
-api.register(range_mod)
-api.register(range_del)
-api.register(range_find)
-api.register(range_show)
+api.register(idrange)
+api.register(idrange_add)
+api.register(idrange_mod)
+api.register(idrange_del)
+api.register(idrange_find)
+api.register(idrange_show)
diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py
index f449da4f4a856f67fd0490d3eb461db85c7cd40c..fbfcfea076fda0e02af05cf7c7f3e3bb3548343a 100644
--- a/ipalib/plugins/internal.py
+++ b/ipalib/plugins/internal.py
@@ -506,7 +506,7 @@ class i18n_messages(Command):
"pwpolicy": {
"identity": _("Password Policy"),
},
- "range": {
+ "idrange": {
"details": _("Range Settings"),
"ipabaseid": _("Base ID"),
"ipabaserid": _("Primary RID base"),
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index f19a0a874057860d0ae32f1cc2336bdc3accf6e5..5af5111d599fab28e0a62e4f1ea2f7976ab046b1 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -182,7 +182,7 @@ class trust_add(LDAPCreate):
range_name = keys[-1].upper()+'_id_range'
try:
- old_range = api.Command['range_show'](range_name)
+ old_range = api.Command['idrange_show'](range_name)
except errors.NotFound, e:
old_range = None
@@ -209,7 +209,7 @@ class trust_add(LDAPCreate):
base_id = 200000 + (pysss_murmur.murmurhash3(dom_sid, len(dom_sid), 0xdeadbeef) % 10000) * 200000
try:
- new_range = api.Command['range_add'](range_name,
+ new_range = api.Command['idrange_add'](range_name,
ipabaseid=base_id,
ipaidrangesize=options['range_size'],
ipabaserid=0,
diff --git a/tests/test_xmlrpc/test_range_plugin.py b/tests/test_xmlrpc/test_range_plugin.py
index 4b7aa0893b9c77ebdec38e518bcf63ef88a6ce09..aab56e286ce04f6d3510eed0704b108c5cbe4bdc 100644
--- a/tests/test_xmlrpc/test_range_plugin.py
+++ b/tests/test_xmlrpc/test_range_plugin.py
@@ -18,7 +18,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
-Test the `ipalib/plugins/range.py` module, and XML-RPC in general.
+Test the `ipalib/plugins/idrange.py` module, and XML-RPC in general.
"""
from ipalib import api, errors, _
@@ -38,15 +38,15 @@ group1_gid = 900100
class test_range(Declarative):
cleanup_commands = [
- ('range_del', [testrange1], {}),
+ ('idrange_del', [testrange1], {}),
('user_del', [user1], {}),
('group_del', [group1], {}),
]
tests = [
dict(
- desc='Create range %r' % (testrange1),
- command=('range_add', [testrange1],
+ desc='Create ID range %r' % (testrange1),
+ command=('idrange_add', [testrange1],
dict(ipabaseid=testrange1_base_id, ipaidrangesize=testrange1_size,
ipabaserid=1000, ipasecondarybaserid=20000)),
expected=dict(
@@ -67,8 +67,8 @@ class test_range(Declarative):
),
dict(
- desc='Retrieve range %r' % (testrange1),
- command=('range_show', [testrange1], dict()),
+ desc='Retrieve ID range %r' % (testrange1),
+ command=('idrange_show', [testrange1], dict()),
expected=dict(
result=dict(
dn=DN(('cn',testrange1),('cn','ranges'),('cn','etc'),
@@ -87,7 +87,7 @@ class test_range(Declarative):
dict(
- desc='Create user %r in range %r' % (user1, testrange1),
+ desc='Create user %r in ID range %r' % (user1, testrange1),
command=(
'user_add', [user1], dict(givenname=u'Test', sn=u'User1',
uidnumber=user1_uid)
@@ -124,7 +124,7 @@ class test_range(Declarative):
dict(
- desc='Create group %r in range %r' % (group1, testrange1),
+ desc='Create group %r in ID range %r' % (group1, testrange1),
command=(
'group_add', [group1], dict(description=u'Test desc 1',
gidnumber=group1_gid)
@@ -145,8 +145,8 @@ class test_range(Declarative):
dict(
- desc='Try to modify range %r to get out bounds object #1' % (testrange1),
- command=('range_mod', [testrange1], dict(ipabaseid=90001)),
+ desc='Try to modify ID range %r to get out bounds object #1' % (testrange1),
+ command=('idrange_mod', [testrange1], dict(ipabaseid=90001)),
expected=errors.ValidationError(name='ipabaseid,ipaidrangesize',
error=u'range modification leaving objects with ID out of the'
u' defined range is not allowed'),
@@ -154,8 +154,8 @@ class test_range(Declarative):
dict(
- desc='Try to modify range %r to get out bounds object #2' % (testrange1),
- command=('range_mod', [testrange1], dict(ipaidrangesize=100)),
+ desc='Try to modify ID range %r to get out bounds object #2' % (testrange1),
+ command=('idrange_mod', [testrange1], dict(ipaidrangesize=100)),
expected=errors.ValidationError(name='ipabaseid,ipaidrangesize',
error=u'range modification leaving objects with ID out of the'
u' defined range is not allowed'),
@@ -163,8 +163,8 @@ class test_range(Declarative):
dict(
- desc='Try to modify range %r to get out bounds object #3' % (testrange1),
- command=('range_mod', [testrange1], dict(ipabaseid=100, ipaidrangesize=100)),
+ desc='Try to modify ID range %r to get out bounds object #3' % (testrange1),
+ command=('idrange_mod', [testrange1], dict(ipabaseid=100, ipaidrangesize=100)),
expected=errors.ValidationError(name='ipabaseid,ipaidrangesize',
error=u'range modification leaving objects with ID out of the'
u' defined range is not allowed'),
@@ -172,8 +172,8 @@ class test_range(Declarative):
dict(
- desc='Modify range %r' % (testrange1),
- command=('range_mod', [testrange1], dict(ipaidrangesize=90000)),
+ desc='Modify ID range %r' % (testrange1),
+ command=('idrange_mod', [testrange1], dict(ipaidrangesize=90000)),
expected=dict(
result=dict(
cn=[testrange1],
@@ -190,8 +190,8 @@ class test_range(Declarative):
dict(
- desc='Try to delete range %r with active IDs inside it' % testrange1,
- command=('range_del', [testrange1], {}),
+ desc='Try to delete ID range %r with active IDs inside it' % testrange1,
+ command=('idrange_del', [testrange1], {}),
expected=errors.ValidationError(name='ipabaseid,ipaidrangesize',
error=u'range modification leaving objects with ID out of the'
u' defined range is not allowed'),
@@ -221,8 +221,8 @@ class test_range(Declarative):
dict(
- desc='Delete range %r' % testrange1,
- command=('range_del', [testrange1], {}),
+ desc='Delete ID range %r' % testrange1,
+ command=('idrange_del', [testrange1], {}),
expected=dict(
result=dict(failed=u''),
value=testrange1,
--
1.7.11.4
-------------- next part --------------
From c399d4930602748d8415e1154b5b1329596b6d12 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Wed, 5 Sep 2012 13:21:04 +0200
Subject: [PATCH 61/66] IDRange CLI: allow to work without arguments
Fixes https://fedorahosted.org/freeipa/ticket/2999
---
API.txt | 2 +-
ipalib/plugins/idrange.py | 22 ++++++++++++++++------
2 Dateien ge?ndert, 17 Zeilen hinzugef?gt(+), 7 Zeilen entfernt(-)
diff --git a/API.txt b/API.txt
index f71d42c1ffc17d46b22ebca84868947d9fe376ba..8982582786c6cbe47c884478c14e4724d7d6070a 100644
--- a/API.txt
+++ b/API.txt
@@ -1888,7 +1888,7 @@ args: 1,11,3
arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
option: Int('ipabaseid', attribute=True, cli_name='base_id', multivalue=False, required=True)
option: Int('ipaidrangesize', attribute=True, cli_name='range_size', multivalue=False, required=True)
-option: Int('ipabaserid', attribute=True, cli_name='rid_base', multivalue=False, required=True)
+option: Int('ipabaserid', attribute=True, cli_name='rid_base', multivalue=False, required=False)
option: Int('ipasecondarybaserid', attribute=True, cli_name='secondary_rid_base', multivalue=False, required=False)
option: Str('ipanttrusteddomainsid', attribute=True, cli_name='dom_sid', multivalue=False, required=False)
option: Str('iparangetype', attribute=True, cli_name='iparangetype', multivalue=False, required=False)
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index 23c8e0c3446d7c6c676134c8422a845e8d752820..3231156bd8736db83912c73d990687ab4f4a8848 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -63,7 +63,7 @@ class idrange(LDAPObject):
cli_name='range_size',
label=_("Number of IDs in the range"),
),
- Int('ipabaserid',
+ Int('ipabaserid?',
cli_name='rid_base',
label=_('First RID of the corresponding RID range'),
),
@@ -150,15 +150,25 @@ class idrange_add(LDAPCreate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
- if ('ipanttrusteddomainsid' not in options and
- 'ipasecondarybaserid' not in options):
- raise errors.ValidationError(name=_('Range setup'),
- error=_('Ranges for local domain ' \
- 'must have a secondary RID base'))
if 'ipanttrusteddomainsid' in options:
+ if 'ipasecondarybaserid' in options:
+ raise errors.ValidationError(name=_('ID Range setup'),
+ error=_('Options dom_sid and secondary_rid_base cannot ' \
+ 'be used together'))
+
+ if 'ipabaserid' not in options:
+ raise errors.ValidationError(name=_('ID Range setup'),
+ error=_('Options dom_sid and rid_base must ' \
+ 'be used together'))
+
entry_attrs['objectclass'].append('ipatrustedaddomainrange')
else:
+ if (('ipasecondarybaserid' in options) != ('ipabaserid' in options)):
+ raise errors.ValidationError(name=_('ID Range setup'),
+ error=_('Options secondary_rid_base and rid_base must ' \
+ 'be used together'))
+
entry_attrs['objectclass'].append('ipadomainidrange')
return dn
--
1.7.11.4
-------------- next part --------------
From b37fad61093ff71b8ad12a49a6f9246fd3558074 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Mon, 13 Aug 2012 17:07:37 +0200
Subject: [PATCH 62/66] IDRange CLI: Add documentation
Fixes https://fedorahosted.org/freeipa/ticket/2969
---
ipalib/plugins/idrange.py | 129 +++++++++++++++++++++++++++++++++++++++++++++-
1 Datei ge?ndert, 127 Zeilen hinzugef?gt(+), 2 Zeilen entfernt(-)
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index 3231156bd8736db83912c73d990687ab4f4a8848..9604e1666afa38f5919324ca9dd11180c3c5b859 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -28,7 +28,113 @@ from ipapython.dn import DN
__doc__ = _("""
-Manage ID ranges
+ID ranges
+
+Manage ID ranges used to map Posix IDs to SIDs and back.
+
+There are two type of ID ranges which are both handled by this utility:
+
+ - the ID ranges of the local domain
+ - the ID ranges of trusted remote domains
+
+Both types have the following attributes in common:
+
+ - base-id: the first ID of the Posix ID range
+ - range-size: the size of the range
+
+With those two attributes a range object can reserve the Posix IDs starting
+with base-id up to but not including base-id+range-size exclusively.
+
+Additionally an ID range of the local domain may set
+ - rid-base: the first RID(*) of the corresponding RID range
+ - secondary-rid-base: first RID of the secondary RID range
+
+and an ID range of a trusted domain must set
+ - rid-base: the first RID of the corresponding RID range
+ - dom_sid: domain SID of the trusted domain
+
+
+
+EXAMPLE: Add a new ID range for a trusted domain
+
+Since there might be more than one trusted domain the domain SID must be given
+while creating the ID range.
+
+ ipa range-add --base-id=1200000 --range-size=200000 --rid-base=0 \\
+ --dom-sid=S-1-5-21-123-456-789 trusted_dom_range
+
+This ID range is then used by the IPA server and the SSSD IPA provider to
+assign Posix UIDs to users from the trusted domain.
+
+If e.g a range for a trusted domain is configured with the following values:
+ base-id = 1200000
+ range-size = 200000
+ rid-base = 0
+the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. So
+RID 1000 <-> Posix ID 1201000
+
+
+
+EXAMPLE: Add a new ID range for the local domain
+
+To create an ID range for the local domain it is not necessary to specify a
+domain SID. But since it is possible that a user and a group can have the same
+value as Posix ID a second RID interval is needed to handle conflicts.
+
+ ipa range-add --base-id=1200000 --range-size=200000 --rid-base=1000 \\
+ --secondary-rid-base=1000000 local_range
+
+The data from the ID ranges of the local domain are used by the IPA server
+internally to assign SIDs to IPA users and groups. The SID will then be stored
+in the user or group objects.
+
+If e.g. the ID range for the local domain is configured with the values from
+the example above then a new user with the UID 1200007 will get the RID 1007.
+If this RID is already used by a group the RID will be 1000007. This can only
+happen if a user or a group object was created with a fixed ID because the
+automatic assignment will not assign the same ID twice. Since there are only
+users and groups sharing the same ID namespace it is sufficient to have only
+one fallback range to handle conflicts.
+
+To find the Posix ID for a given RID from the local domain it has to be
+checked first if the RID falls in the primary or secondary RID range and
+the rid-base or the secondary-rid-base has to be subtracted, respectively,
+and the base-id has to be added to get the Posix ID.
+
+Typically the creation of ID ranges happens behind the scenes and this CLI
+must not be used at all. The ID range for the local domain will be created
+during installation or upgrade from an older version. The ID range for a
+trusted domain will be create together with the trust by 'ipa trust-add ...'.
+The use cases for this CLI are
+
+USE CASES:
+
+ Add an ID range from a transitively trusted domain
+
+ If the trusted domain (A) trusts another domain (B) as well and this trust
+ is transitive 'ipa trust-add domain-A' will only create a range for
+ domain A. The ID range for domain B must be added manually.
+
+ Add an additional ID range for the local domain
+
+ If the ID range of the local domain is exhausted, i.e. no new IDs can be
+ assigned to Posix users or groups by the DNA plugin, a new range has to be
+ created to allow new users an groups to be added. (Currently there is no
+ connection between this range CLI and the DNA plugin, but a future version
+ might be able to modify the configuration of the DNS plugin as well)
+
+In general it is not necessary to modify or delete ID ranges. If there is no
+other way to achieve a certain configuration than to modify or delete an ID
+range it should be done with great care. Because UIDs are stored in the file
+system and are used for access control it might be possible that users are
+allowed to access files of other users if an ID range got deleted and reused
+for a different domain.
+
+(*) The RID is typically the last integer of a user or group SID which follows
+the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user from
+this domain has the SID S-1-5-21-123-456-789-1010 then 1010 id the RID of the
+user. RIDs are unique in a domain, 32bit values and are used for users and
+groups.
""")
class idrange(LDAPObject):
@@ -144,7 +250,26 @@ class idrange(LDAPObject):
'of the defined range is not allowed'))
class idrange_add(LDAPCreate):
- __doc__ = _('Add new ID range.')
+ __doc__ = _("""
+ Add new ID range.
+
+ To add a new ID range you always have to specify
+
+ --base-id
+ --range-size
+
+ Additionally
+
+ --rid-base
+ --econdary-rid-base
+
+ may be given for a new ID range for the local domain while
+
+ --rid-bas
+ --dom-sid
+
+ must be given to add a new range for a trusted AD domain.
+ """)
msg_summary = _('Added ID range "%(value)s"')
--
1.7.11.4
-------------- next part --------------
From e727bac7b0aaa2dad237a9cf0a25846dc3809d5b Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Wed, 5 Sep 2012 15:46:05 +0200
Subject: [PATCH 63/66] Do not create trust if murmur hash is not available
and base-id not given
Fixes https://fedorahosted.org/freeipa/ticket/3018
---
ipalib/plugins/trust.py | 11 +++++------
1 Datei ge?ndert, 5 Zeilen hinzugef?gt(+), 6 Zeilen entfernt(-)
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index 5af5111d599fab28e0a62e4f1ea2f7976ab046b1..67f47932302a8eb0505dc58301034bc3fef8bccd 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -163,6 +163,11 @@ class trust_add(LDAPCreate):
msg_summary = _('Added Active Directory trust for realm "%(value)s"')
def execute(self, *keys, **options):
+ if not _murmur_installed and 'base_id' not in options:
+ raise errors.ValidationError(name=_('missing base_id'),
+ error=_('pysss_murmur is not available on the server ' \
+ 'and no base-id is given.'))
+
if 'trust_type' in options:
if options['trust_type'] == u'ad':
result = self.execute_ad(*keys, **options)
@@ -200,12 +205,6 @@ class trust_add(LDAPCreate):
if 'base_id' in options:
base_id = options['base_id']
else:
- if not _murmur_installed:
- raise errors.ValidationError(name=_('missing base_id'),
- error=_('pysss_murmur is not available on the server ' \
- 'and no base_id is given, ' \
- 'ID range must be create manually'))
-
base_id = 200000 + (pysss_murmur.murmurhash3(dom_sid, len(dom_sid), 0xdeadbeef) % 10000) * 200000
try:
--
1.7.11.4
-------------- next part --------------
From 01f497ef461c3b10b41725255288ed3508412efa Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Wed, 5 Sep 2012 17:53:29 +0200
Subject: [PATCH 64/66] Trust CLI: Return more details when searching trusts
Fixes https://fedorahosted.org/freeipa/ticket/2970
---
ipalib/plugins/trust.py | 13 +++++++++++++
1 Datei ge?ndert, 13 Zeilen hinzugef?gt(+)
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index 67f47932302a8eb0505dc58301034bc3fef8bccd..b2f3e559737f8858ac669d3a6b738f1a61b35ddc 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -100,6 +100,8 @@ class trust(LDAPObject):
'ipanttrusttype', 'ipanttrustattributes', 'ipanttrustdirection', 'ipanttrustpartner',
'ipantauthtrustoutgoing', 'ipanttrustauthincoming', 'ipanttrustforesttrustinfo',
'ipanttrustposixoffset', 'ipantsupportedencryptiontypes' ]
+ search_display_attributes = ['cn', 'ipantflatname',
+ 'ipanttrusteddomainsid', 'ipanttrusttype' ]
label = _('Trusts')
label_singular = _('Trust')
@@ -300,6 +302,7 @@ class trust_mod(LDAPUpdate):
class trust_find(LDAPSearch):
__doc__ = _('Search for trusts.')
+ has_output_params = LDAPSearch.has_output_params + trust_output_params
msg_summary = ngettext(
'%(count)d trust matched', '%(count)d trusts matched', 0
@@ -311,6 +314,16 @@ class trust_find(LDAPSearch):
assert isinstance(base_dn, DN)
return (filters, base_dn, ldap.SCOPE_SUBTREE)
+ def post_callback(self, ldap, entries, truncated, *args, **options):
+ if options.get('pkey_only', False):
+ return truncated
+
+ for entry in entries:
+ (dn, attrs) = entry
+ attrs['trusttype'] = trust_type_string(attrs['ipanttrusttype'][0])
+
+ return truncated
+
class trust_show(LDAPRetrieve):
__doc__ = _('Display information about a trust.')
has_output_params = LDAPRetrieve.has_output_params + trust_output_params
--
1.7.11.4
-------------- next part --------------
From 83d488b83f962766970f5cae8a192265fc95825b Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Wed, 5 Sep 2012 18:50:10 +0200
Subject: [PATCH 65/66] Trust CLI: return more details of added trust
Fixes: https://fedorahosted.org/freeipa/ticket/2971
---
ipalib/plugins/trust.py | 11 +++++++++++
1 Datei ge?ndert, 11 Zeilen hinzugef?gt(+)
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index b2f3e559737f8858ac669d3a6b738f1a61b35ddc..48aa4027aecfba0ee0b5c084c90e91a2285fefd6 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -163,6 +163,7 @@ class trust_add(LDAPCreate):
)
msg_summary = _('Added Active Directory trust for realm "%(value)s"')
+ has_output_params = LDAPCreate.has_output_params + trust_output_params
def execute(self, *keys, **options):
if not _murmur_installed and 'base_id' not in options:
@@ -180,6 +181,16 @@ class trust_add(LDAPCreate):
self.add_range(*keys, **options)
+ trust_filter = "cn=%s" % result['value']
+ ldap = self.obj.backend
+ (trusts, truncated) = ldap.find_entries(
+ base_dn = DN(api.env.container_trusts, api.env.basedn),
+ filter = trust_filter)
+
+ result['result'] = trusts[0][1]
+ result['result']['trusttype'] = [trust_type_string(result['result']['ipanttrusttype'][0])]
+ result['result']['trustdirection'] = [trust_direction_string(result['result']['ipanttrustdirection'][0])]
+
return result
def add_range(self, *keys, **options):
--
1.7.11.4
-------------- next part --------------
From 8588d9c0d28af3d2fe9cbd23de02d556e27225fd Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Thu, 6 Sep 2012 09:48:07 +0200
Subject: [PATCH 66/66] Trust CLI: mark trust-mod for future use
Fixes: https://fedorahosted.org/freeipa/ticket/2968
---
ipalib/plugins/trust.py | 7 ++++++-
1 Datei ge?ndert, 6 Zeilen hinzugef?gt(+), 1 Zeile entfernt(-)
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index 48aa4027aecfba0ee0b5c084c90e91a2285fefd6..074560dc27eb121b5035ba9a8260e5ab24b2b4b5 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -296,7 +296,12 @@ class trust_del(LDAPDelete):
return result['result']['dn']
class trust_mod(LDAPUpdate):
- __doc__ = _('Modify a trust.')
+ __doc__ = _("""
+ Modify a trust (for future use).
+
+ Currently only the default option to modify the LDAP attributes are
+ available. More specific options will be added in coming releases.
+ """)
msg_summary = _('Modified trust "%(value)s"')
--
1.7.11.4
More information about the Freeipa-devel
mailing list