summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-02-23 17:49:09 -0500
committerEndi S. Dewata <edewata@redhat.com>2011-02-23 18:44:28 -0500
commitd57dfc4e980ecb26cfdb608d90a5f95c26cc7fbb (patch)
tree8fb52bcacdb6fa5d09d72066e50f0446fb8069c6
parentaf9f9052393697383c79576490127a4426452ba8 (diff)
downloadfreeipa-d57dfc4e980ecb26cfdb608d90a5f95c26cc7fbb.zip
freeipa-d57dfc4e980ecb26cfdb608d90a5f95c26cc7fbb.tar.gz
freeipa-d57dfc4e980ecb26cfdb608d90a5f95c26cc7fbb.tar.xz
Sudo command groups are not supposed to allow nesting.
It was a design decision to not allow nesting sudo command groups, remove it. ticket 1004
-rw-r--r--API.txt6
-rw-r--r--ipalib/plugins/baseldap.py11
-rw-r--r--ipalib/plugins/sudocmdgroup.py6
-rw-r--r--tests/test_xmlrpc/test_sudocmdgroup_plugin.py4
4 files changed, 5 insertions, 22 deletions
diff --git a/API.txt b/API.txt
index 56cbb8b..710ec37 100644
--- a/API.txt
+++ b/API.txt
@@ -2232,13 +2232,12 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly
output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user")
command: sudocmdgroup_add_member
-args: 1,5,3
+args: 1,4,3
arg: Str('cn', attribute=True, cli_name='sudocmdgroup_name', label=Gettext('Sudo Command Group', domain='ipa', localedir=None), multivalue=False, normalizer=<lambda>, primary_key=True, query=True, required=True)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', flags=['no_output'])
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui', flags=['no_output'])
option: Str('version?', exclude='webui', flags=['no_option', 'no_output'])
option: List('sudocmd?', alwaysask=True, cli_name='sudocmds',ist('sudocmd?', alwaysask=True, cli_name='sudocmds', doc='comma-separated list of sudocmds to add', label='sudocmd', multivalue=True)
-option: List('sudocmdgroup?', alwaysask=True, cli_name='sudocmdgroups',ist('sudocmdgroup?', alwaysask=True, cli_name='sudocmdgroups', doc='comma-separated list of sudocmdgroups to add', label='sudocmdgroup', multivalue=True)
output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
output: Output('failed', <type 'dict'>, Gettext('Members that could not be added', domain='ipa', localedir=None))
output: Output('completed', <type 'int'>, Gettext('Number of members added', domain='ipa', localedir=None))
@@ -2277,13 +2276,12 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly
output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user")
command: sudocmdgroup_remove_member
-args: 1,5,3
+args: 1,4,3
arg: Str('cn', attribute=True, cli_name='sudocmdgroup_name', label=Gettext('Sudo Command Group', domain='ipa', localedir=None), multivalue=False, normalizer=<lambda>, primary_key=True, query=True, required=True)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', flags=['no_output'])
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui', flags=['no_output'])
option: Str('version?', exclude='webui', flags=['no_option', 'no_output'])
option: List('sudocmd?', alwaysask=True, cli_name='sudocmds',ist('sudocmd?', alwaysask=True, cli_name='sudocmds', doc='comma-separated list of sudocmds to remove', label='sudocmd', multivalue=True)
-option: List('sudocmdgroup?', alwaysask=True, cli_name='sudocmdgroups',ist('sudocmdgroup?', alwaysask=True, cli_name='sudocmdgroups', doc='comma-separated list of sudocmdgroups to remove', label='sudocmdgroup', multivalue=True)
output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
output: Output('failed', <type 'dict'>, Gettext('Members that could not be removed', domain='ipa', localedir=None))
output: Output('completed', <type 'int'>, Gettext('Number of members removed', domain='ipa', localedir=None))
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 0581ea3..4441e79 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -66,7 +66,7 @@ global_output_params = (
label=_('Roles'),
),
Str('memberof_sudocmdgroup?',
- label=_('Sudo Command Groups'),
+ label=_('SUDO Command Groups'),
),
Str('member_privilege?',
label='Granted to Privilege',
@@ -95,9 +95,6 @@ global_output_params = (
Str('memberof_hbacsvcgroup?',
label='Member of HBAC service groups',
),
- Str('member_sudocmdgroup?',
- label='Member SUDO command groups',
- ),
Str('member_sudocmd?',
label='Member SUDO commands',
),
@@ -128,12 +125,6 @@ global_output_params = (
Str('memberindirect_netgroup?',
label=_('Indirect Member netgroups'),
),
- Str('memberindirect_sudocmdgroup?',
- label='Indirect Member SUDO command groups',
- ),
- Str('memberindirect_sudocmd?',
- label='Indirect Member SUDO commands',
- ),
Str('memberofindirect_group?',
label='Indirect Member of group',
),
diff --git a/ipalib/plugins/sudocmdgroup.py b/ipalib/plugins/sudocmdgroup.py
index c13d548..923b3c6 100644
--- a/ipalib/plugins/sudocmdgroup.py
+++ b/ipalib/plugins/sudocmdgroup.py
@@ -56,13 +56,11 @@ class sudocmdgroup(LDAPObject):
object_name_plural = 'sudocmdgroups'
object_class = ['ipaobject', 'ipasudocmdgrp']
default_attributes = [
- 'cn', 'description', 'member', 'memberof', 'memberindirect',
+ 'cn', 'description', 'member',
]
uuid_attribute = 'ipauniqueid'
attribute_members = {
- 'member': ['sudocmd', 'sudocmdgroup'],
- 'memberof': ['sudocmdgroup'],
- 'memberindirect': ['sudocmd', 'sudocmdgroup'],
+ 'member': ['sudocmd'],
}
label = _('SUDO Command Groups')
diff --git a/tests/test_xmlrpc/test_sudocmdgroup_plugin.py b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py
index ad84ab6..28c589f 100644
--- a/tests/test_xmlrpc/test_sudocmdgroup_plugin.py
+++ b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py
@@ -360,7 +360,6 @@ class test_sudocmdgroup(Declarative):
completed=1,
failed=dict(
member=dict(
- sudocmdgroup=tuple(),
sudocmd=tuple(),
),
),
@@ -400,7 +399,6 @@ class test_sudocmdgroup(Declarative):
completed=0,
failed=dict(
member=dict(
- sudocmdgroup=tuple(),
sudocmd=[(u'notfound', u'no such entry')],
),
),
@@ -423,7 +421,6 @@ class test_sudocmdgroup(Declarative):
completed=1,
failed=dict(
member=dict(
- sudocmdgroup=tuple(),
sudocmd=tuple(),
),
),
@@ -446,7 +443,6 @@ class test_sudocmdgroup(Declarative):
completed=0,
failed=dict(
member=dict(
- sudocmdgroup=tuple(),
sudocmd=[(u'notfound', u'This entry is not a member')],
),
),