diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2009-03-19 15:45:20 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2009-03-20 09:28:26 -0400 |
| commit | c39a29e0cf72a7f7629e3bdaaa2efc49337cb727 (patch) | |
| tree | 0dd0e3f730396ed3730f0ccdfd38b78f31c6d402 | |
| parent | ad4819ff66ce34bdf1b0ac33d6f2de108e363a45 (diff) | |
| download | freeipa-c39a29e0cf72a7f7629e3bdaaa2efc49337cb727.tar.gz freeipa-c39a29e0cf72a7f7629e3bdaaa2efc49337cb727.tar.xz freeipa-c39a29e0cf72a7f7629e3bdaaa2efc49337cb727.zip | |
Converted to use new baseclass, remove the one with the f_ prefix
| -rw-r--r-- | ipalib/plugins/f_group.py | 417 | ||||
| -rw-r--r-- | ipalib/plugins/f_hostgroup.py | 354 | ||||
| -rw-r--r-- | ipalib/plugins/f_netgroup.py | 483 |
3 files changed, 0 insertions, 1254 deletions
diff --git a/ipalib/plugins/f_group.py b/ipalib/plugins/f_group.py deleted file mode 100644 index b9f536916..000000000 --- a/ipalib/plugins/f_group.py +++ /dev/null @@ -1,417 +0,0 @@ -# Authors: -# Jason Gerard DeRose <jderose@redhat.com> -# -# Copyright (C) 2008 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -""" -Frontend plugins for group (Identity). -""" - -from ipalib import api, crud, errors, errors2 -from ipalib import Object, Command # Plugin base classes -from ipalib import Str, Int, Flag # Parameter types - - -def get_members(members): - """ - Return a list of members. - - It is possible that the value passed in is None. - """ - if members: - members = members.split(',') - else: - members = [] - - return members - -default_attributes = ['cn','description','gidnumber', 'member'] - -class group(Object): - """ - Group object. - """ - takes_params = ( - Str('description', - doc='A description of this group', - attribute=True, - ), - Int('gidnumber?', - cli_name='gid', - doc='The gid to use for this group. If not included one is automatically set.', - attribute=True, - ), - Str('cn', - cli_name='name', - primary_key=True, - normalizer=lambda value: value.lower(), - attribute=True, - ), - ) -api.register(group) - - -class group_add(crud.Add): - 'Add a new group.' - takes_options = ( - Flag('posix', - doc='Create as a posix group', - attribute=False, - ), - ) - - def execute(self, cn, **kw): - """ - Execute the group-add operation. - - The dn should not be passed as a keyword argument as it is constructed - by this method. - - Returns the entry as it will be created in LDAP. - - No need to explicitly set gidNumber. The dna_plugin will do this - for us if the value isn't provided by the caller. - - :param cn: The name of the group being added. - :param kw: Keyword arguments for the other LDAP attributes. - """ - assert 'cn' not in kw - assert 'dn' not in kw - ldap = self.api.Backend.ldap - entry = self.args_options_2_entry(cn, **kw) - entry['dn'] = ldap.make_group_dn(cn) - - # Get our configuration - config = ldap.get_ipa_config() - - # some required objectclasses - entry['objectClass'] = config.get('ipagroupobjectclasses') - if kw.get('posix'): - entry['objectClass'].append('posixGroup') - - return ldap.create(**entry) - - def output_for_cli(self, textui, result, *args, **options): - """ - Output result of this command to command line interface. - """ - textui.print_name(self.name) - textui.print_entry(result) - textui.print_dashed('Added group "%s"' % result['cn']) - -api.register(group_add) - - -class group_del(crud.Del): - 'Delete an existing group.' - def execute(self, cn, **kw): - """ - Delete a group - - The memberOf plugin handles removing the group from any other - groups. - - :param cn: The name of the group being removed - :param kw: Unused - """ - # We have 2 special groups, don't allow them to be removed -# if "admins" == cn.lower() or "editors" == cn.lower(): -# raise ipaerror.gen_exception(ipaerror.CONFIG_REQUIRED_GROUPS) - - ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("cn", cn, "ipaUserGroup") - self.log.info("IPA: group-del '%s'" % dn) - - # Don't allow the default user group to be removed - try: - config=ldap.get_ipa_config() - default_group = ldap.find_entry_dn("cn", config.get('ipadefaultprimarygroup'), "ipaUserGroup") - if dn == default_group: - raise errors.DefaultGroup - except errors2.NotFound: - pass - - return ldap.delete(dn) - - def output_for_cli(self, textui, result, cn): - """ - Output result of this command to command line interface. - """ - textui.print_plain("Deleted group %s" % cn) - -api.register(group_del) - - -class group_mod(crud.Mod): - 'Edit an existing group.' - takes_options = ( - Flag('posix', - doc='Make this group a posix group', - attribute=False, - ), - ) - def execute(self, cn, **kw): - """ - Execute the group-mod operation. - - The dn should not be passed as a keyword argument as it is constructed - by this method. - - Returns the entry - - :param cn: The name of the group to update. - :param kw: Keyword arguments for the other LDAP attributes. - """ - assert 'cn' not in kw - assert 'dn' not in kw - ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("cn", cn, "ipaUserGroup") - - # Are we promoting a non-posix group into a posix one? We just - # need to add the posixGroup objectclass to the list and the - # DNA plugin will handle assigning a new gidNumber for us. - if kw.get('posix'): - groupkw = {'all': True} - oldgroup = api.Command['group_show'](cn, **groupkw) - if oldgroup.get('gidnumber'): - raise errors2.AlreadyPosixGroup - else: - oldgroup['objectclass'].append('posixgroup') - kw['objectclass'] = oldgroup['objectclass'] - - if kw.has_key('posix'): - del kw['posix'] - - if isinstance(kw.get('gidnumber',''), int): - # python-ldap wants this as a string - kw['gidnumber'] = str(kw['gidnumber']) - - return ldap.update(dn, **kw) - - def output_for_cli(self, textui, result, cn, **options): - """ - Output result of this command to command line interface. - """ - if result: - textui.print_plain("Group updated") - -api.register(group_mod) - - -class group_find(crud.Find): - 'Search the groups.' - def execute(self, term, **kw): - ldap = self.api.Backend.ldap - - # Pull the list of searchable attributes out of the configuration. - config = ldap.get_ipa_config() - search_fields_conf_str = config.get('ipagroupsearchfields') - search_fields = search_fields_conf_str.split(",") - - search_kw = {} - for s in search_fields: - search_kw[s] = term - - object_type = ldap.get_object_type("cn") - if object_type and not kw.get('objectclass'): - search_kw['objectclass'] = object_type - return ldap.search(**search_kw) - - def output_for_cli(self, textui, result, uid, **options): - counter = result[0] - groups = result[1:] - if counter == 0 or len(groups) == 0: - textui.print_plain("No entries found") - return - if len(groups) == 1: - textui.print_entry(groups[0]) - return - textui.print_name(self.name) - - for g in groups: - textui.print_entry(g) - textui.print_plain('') - if counter == -1: - textui.print_plain("These results are truncated.") - textui.print_plain("Please refine your search and try again.") - textui.print_count(groups, '%d groups matched') - -api.register(group_find) - - -class group_show(crud.Get): - 'Examine an existing group.' - takes_options = ( - Flag('all', doc='Retrieve all attributes'), - ) - def execute(self, cn, **kw): - """ - Execute the group-show operation. - - The dn should not be passed as a keyword argument as it is constructed - by this method. - - Returns the entry - - :param cn: The group name to retrieve. - :param kw: Not used. - """ - ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("cn", cn, "ipaUserGroup") - - # FIXME: should kw contain the list of attributes to display? - if kw.get('all', False): - return ldap.retrieve(dn) - else: - return ldap.retrieve(dn, default_attributes) - - def output_for_cli(self, textui, result, *args, **options): - textui.print_entry(result) - -api.register(group_show) - - -class group_add_member(Command): - 'Add a member to a group.' - takes_args = ( - Str('group', primary_key=True), - ) - takes_options = ( - Str('users?', doc='comma-separated list of users to add'), - Str('groups?', doc='comma-separated list of groups to add'), - ) - def execute(self, cn, **kw): - """ - Execute the group-add-member operation. - - Returns the updated group entry - - :param cn: The group name to add new members to. - :param kw: groups is a comma-separated list of groups to add - :parem kw: users is a comma-separated list of users to add - """ - ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("cn", cn) - add_failed = [] - to_add = [] - completed = 0 - - members = get_members(kw.get('groups', '')) - for m in members: - if not m: continue - try: - member_dn = ldap.find_entry_dn("cn", m) - to_add.append(member_dn) - except errors2.NotFound: - add_failed.append(m) - continue - - members = get_members(kw.get('users', '')) - for m in members: - if not m: continue - try: - member_dn = ldap.find_entry_dn("uid", m) - to_add.append(member_dn) - except errors2.NotFound: - add_failed.append(m) - continue - - for member_dn in to_add: - try: - ldap.add_member_to_group(member_dn, dn) - completed+=1 - except: - add_failed.append(member_dn) - - return add_failed - - def output_for_cli(self, textui, result, *args, **options): - """ - Output result of this command to command line interface. - """ - if result: - print "These entries failed to add to the group:" - for a in add_failed: - print "\t'%s'" % a - - -api.register(group_add_member) - - -class group_remove_member(Command): - 'Remove a member from a group.' - takes_args = ( - Str('group', primary_key=True), - ) - takes_options = ( - Str('users?', doc='comma-separated list of users to remove'), - Str('groups?', doc='comma-separated list of groups to remove'), - ) - def execute(self, cn, **kw): - """ - Execute the group-remove-member operation. - - Returns the members that could not be added - - :param cn: The group name to add new members to. - :param kw: groups is a comma-separated list of groups to remove - :parem kw: users is a comma-separated list of users to remove - """ - ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("cn", cn) - to_remove = [] - remove_failed = [] - completed = 0 - - members = get_members(kw.get('groups', '')) - for m in members: - if not m: continue - try: - member_dn = ldap.find_entry_dn("cn", m) - to_remove.append(member_dn) - except errors2.NotFound: - remove_failed.append(m) - continue - - members = get_members(kw.get('users', '')) - for m in members: - try: - member_dn = ldap.find_entry_dn("uid", m,) - to_remove.append(member_dn) - except errors2.NotFound: - remove_failed.append(m) - continue - - for member_dn in to_remove: - try: - ldap.remove_member_from_group(member_dn, dn) - completed+=1 - except: - remove_failed.append(member_dn) - - return remove_failed - - def output_for_cli(self, textui, result, *args, **options): - """ - Output result of this command to command line interface. - """ - if result: - print "These entries failed to be removed from the group:" - for a in result: - print "\t'%s'" % a - -api.register(group_remove_member) diff --git a/ipalib/plugins/f_hostgroup.py b/ipalib/plugins/f_hostgroup.py deleted file mode 100644 index 85dbfc496..000000000 --- a/ipalib/plugins/f_hostgroup.py +++ /dev/null @@ -1,354 +0,0 @@ -# Authors: -# Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2008 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -""" -Frontend plugins for groups of hosts -""" - -from ipalib import api, crud, errors2 -from ipalib import Object, Command # Plugin base classes -from ipalib import Str # Parameter types - - -hostgroup_filter = "groupofnames)(!(objectclass=posixGroup)" - -def get_members(members): - """ - Return a list of members. - - It is possible that the value passed in is None. - """ - if members: - members = members.split(',') - else: - members = [] - - return members - -class hostgroup(Object): - """ - Host Group object. - """ - takes_params = ( - Str('description', - doc='A description of this group', - ), - Str('cn', - cli_name='name', - primary_key=True, - normalizer=lambda value: value.lower(), - ) - ) -api.register(hostgroup) - - -class hostgroup_add(crud.Add): - 'Add a new group of hosts.' - - def execute(self, cn, **kw): - """ - Execute the hostgroup-add operation. - - The dn should not be passed as a keyword argument as it is constructed - by this method. - - Returns the entry as it will be created in LDAP. - - No need to explicitly set gidNumber. The dna_plugin will do this - for us if the value isn't provided by the caller. - - :param cn: The name of the host group being added. - :param kw: Keyword arguments for the other LDAP attributes. - """ - assert 'cn' not in kw - assert 'dn' not in kw - ldap = self.api.Backend.ldap - kw['cn'] = cn - kw['dn'] = ldap.make_hostgroup_dn(cn) - - # Get our configuration - #config = ldap.get_ipa_config() - - # some required objectclasses - # FIXME: get this out of config - kw['objectClass'] = ['groupofnames'] - - return ldap.create(**kw) - - def output_for_cli(self, textui, result, *args, **options): - """ - Output result of this command to command line interface. - """ - textui.print_plain("Group added") - -api.register(hostgroup_add) - - -class hostgroup_del(crud.Del): - 'Delete an existing group of hosts.' - def execute(self, cn, **kw): - """ - Delete a group of hosts - - The memberOf plugin handles removing the group from any other - groups. - - :param cn: The name of the group being removed - :param kw: Unused - """ - ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("cn", cn, hostgroup_filter) - - return ldap.delete(dn) - - def output_for_cli(self, textui, result, *args, **options): - """ - Output result of this command to command line interface. - """ - textui.print_plain("Group deleted") - -api.register(hostgroup_del) - - -class hostgroup_mod(crud.Mod): - 'Edit an existing group of hosts.' - def execute(self, cn, **kw): - """ - Execute the hostgroup-mod operation. - - The dn should not be passed as a keyword argument as it is constructed - by this method. - - Returns the entry - - :param cn: The name of the group to update. - :param kw: Keyword arguments for the other LDAP attributes. - """ - assert 'cn' not in kw - assert 'dn' not in kw - ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("cn", cn, hostgroup_filter) - return ldap.update(dn, **kw) - - def output_for_cli(self, textui, result, *args, **options): - """ - Output result of this command to command line interface. - """ - texui.print_plain("Group updated") - -api.register(hostgroup_mod) - - -class hostgroup_find(crud.Find): - 'Search the groups of hosts.' - def execute(self, term, **kw): - ldap = self.api.Backend.ldap - - # Pull the list of searchable attributes out of the configuration. - config = ldap.get_ipa_config() - - # FIXME: for now use same search fields as user groups - search_fields_conf_str = config.get('ipagroupsearchfields') - search_fields = search_fields_conf_str.split(",") - - search_kw = {} - for s in search_fields: - search_kw[s] = term - - search_kw['objectclass'] = hostgroup_filter - return ldap.search(**search_kw) - - def output_for_cli(self, textui, result, *args, **options): - counter = result[0] - groups = result[1:] - if counter == 0: - textui.print_plain("No entries found") - return - - for g in groups: - textui.print_entry(g) - - if counter == -1: - textui.print_plain("These results are truncated.") - textui.print_plain("Please refine your search and try again.") - -api.register(hostgroup_find) - - -class hostgroup_show(crud.Get): - 'Examine an existing group of hosts.' - def execute(self, cn, **kw): - """ - Execute the hostgroup-show operation. - - The dn should not be passed as a keyword argument as it is constructed - by this method. - - Returns the entry - - :param cn: The group name to retrieve. - :param kw: Not used. - """ - ldap = self.api.Backend.ldap - # FIXME: this works for now but the plan is to add a new objectclass - # type. - dn = ldap.find_entry_dn("cn", cn, hostgroup_filter) - # FIXME: should kw contain the list of attributes to display? - return ldap.retrieve(dn) - - def output_for_cli(self, textui, result, *args, **options): - textui.print_entry(result) - -api.register(hostgroup_show) - - -class hostgroup_add_member(Command): - 'Add a member to a group.' - takes_args = ( - Str('group', primary_key=True), - ) - takes_options = ( - Str('groups?', doc='comma-separated list of host groups to add'), - Str('hosts?', doc='comma-separated list of hosts to add'), - ) - def execute(self, cn, **kw): - """ - Execute the hostgroup-add-member operation. - - Returns the updated group entry - - :param cn: The group name to add new members to. - :param kw: groups is a comma-separated list of host groups to add - :param kw: hosts is a comma-separated list of hosts to add - """ - ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("cn", cn, hostgroup_filter) - add_failed = [] - to_add = [] - completed = 0 - - members = get_members(kw.get('groups', '')) - for m in members: - if not m: continue - try: - member_dn = ldap.find_entry_dn("cn", m, hostgroup_filter) - to_add.append(member_dn) - except errors2.NotFound: - add_failed.append(m) - continue - - members = get_members(kw.get('hosts', '')) - for m in members: - if not m: continue - try: - member_dn = ldap.find_entry_dn("cn", m, "ipaHost") - to_add.append(member_dn) - except errors2.NotFound: - add_failed.append(m) - continue - - for member_dn in to_add: - try: - ldap.add_member_to_group(member_dn, dn) - completed+=1 - except: - add_failed.append(member_dn) - - return add_failed - - def output_for_cli(self, textui, result, *args, **options): - """ - Output result of this command to command line interface. - """ - if result: - textui.print_plain("These entries failed to add to the group:") - for a in result: - print "\t'%s'" % a - else: - textui.print_plain("Group membership updated.") - -api.register(hostgroup_add_member) - - -class hostgroup_remove_member(Command): - 'Remove a member from a group.' - takes_args = ( - Str('group', primary_key=True), - ) - takes_options = ( - Str('hosts?', doc='comma-separated list of hosts to add'), - Str('groups?', doc='comma-separated list of groups to remove'), - ) - def execute(self, cn, **kw): - """ - Execute the group-remove-member operation. - - Returns the members that could not be added - - :param cn: The group name to add new members to. - :param kw: groups is a comma-separated list of groups to remove - :param kw: hosts is a comma-separated list of hosts to add - """ - ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("cn", cn, hostgroup_filter) - to_remove = [] - remove_failed = [] - completed = 0 - - members = get_members(kw.get('groups', '')) - for m in members: - if not m: continue - try: - member_dn = ldap.find_entry_dn("cn", m, hostgroup_filter) - to_remove.append(member_dn) - except errors2.NotFound: - remove_failed.append(m) - continue - - members = get_members(kw.get('hosts', '')) - for m in members: - if not m: continue - try: - member_dn = ldap.find_entry_dn("cn", m, "ipaHost") - to_remove.append(member_dn) - except errors2.NotFound: - remove_failed.append(m) - continue - - for member_dn in to_remove: - try: - ldap.remove_member_from_group(member_dn, dn) - completed+=1 - except: - remove_failed.append(member_dn) - - return remove_failed - - def output_for_cli(self, textui, result, *args, **options): - """ - Output result of this command to command line interface. - """ - if result: - textui.print_plain("These entries failed to be removed from the group:") - for a in result: - print "\t'%s'" % a - else: - textui.print_plain("Group membership updated.") - -api.register(hostgroup_remove_member) diff --git a/ipalib/plugins/f_netgroup.py b/ipalib/plugins/f_netgroup.py deleted file mode 100644 index d6c710709..000000000 --- a/ipalib/plugins/f_netgroup.py +++ /dev/null @@ -1,483 +0,0 @@ -# Authors: -# Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2009 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -""" -Frontend plugin for netgroups. -""" - -from ipalib import api, crud, errors2 -from ipalib import Object, Command # Plugin base classes -from ipalib import Str # Parameter types -from ipalib import uuid - -netgroup_base = "cn=ng, cn=alt" -netgroup_filter = "ipaNISNetgroup" -hostgroup_filter = "groupofnames)(!(objectclass=ipaUserGroup)" - -def get_members(members): - """ - Return a list of members. - - It is possible that the value passed in is None. - """ - if members: - members = members.split(',') - else: - members = [] - - return members - -def find_members(ldap, failed, members, attribute, filter=None, base=None): - """ - Return 2 lists: one a list of DNs found, one a list of errors - """ - found = [] - for m in members: - if not m: continue - try: - member_dn = ldap.find_entry_dn(attribute, m, filter, base) - found.append(member_dn) - except errors2.NotFound: - failed.append(m) - continue - - return found, failed - -def add_members(ldap, completed, members, dn, memberattr): - add_failed = [] - for member_dn in members: - try: - ldap.add_member_to_group(member_dn, dn, memberattr) - completed+=1 - except: - add_failed.append(member_dn) - - return completed, add_failed - -def add_external(ldap, completed, members, cn): - failed = [] - netgroup = api.Command['netgroup_show'](cn) - external = netgroup.get('externalhost', []) - if not isinstance(external, list): - external = [external] - external_len = len(external) - for m in members: - if not m in external: - external.append(m) - completed+=1 - else: - failed.append(m) - if len(external) > external_len: - kw = {'externalhost': external} - ldap.update(netgroup['dn'], **kw) - - return completed, failed - -def remove_members(ldap, completed, members, dn, memberattr): - remove_failed = [] - for member_dn in members: - try: - ldap.remove_member_from_group(member_dn, dn, memberattr) - completed+=1 - except: - remove_failed.append(member_dn) - - return completed, remove_failed - -def remove_external(ldap, completed, members, cn): - failed = [] - netgroup = api.Command['netgroup_show'](cn) - external = netgroup.get('externalhost', []) - if not isinstance(external, list): - external = [external] - external_len = len(external) - for m in members: - try: - external.remove(m) - completed+=1 - except ValueError: - failed.append(m) - if len(external) < external_len: - kw = {'externalhost': external} - ldap.update(netgroup['dn'], **kw) - - return completed, failed - -class netgroup(Object): - """ - netgroups object. - """ - takes_params = ( - Str('cn', - cli_name='name', - primary_key=True - ), - Str('description', - doc='Description', - ), - Str('nisdomainname?', - cli_name='domainname', - doc='Domain name', - ), - ) -api.register(netgroup) - - -class netgroup_add(crud.Add): - 'Add a new netgroup.' - - def execute(self, cn, **kw): - """ - Execute the netgroup-add operation. - - The dn should not be passed as a keyword argument as it is constructed - by this method. - - Returns the entry as it will be created in LDAP. - - :param cn: The name of the netgroup - :param kw: Keyword arguments for the other LDAP attributes. - """ - self.log.info("IPA: netgroup-add '%s'" % cn) - assert 'cn' not in kw - assert 'dn' not in kw - ldap = self.api.Backend.ldap - kw['cn'] = cn -# kw['dn'] = ldap.make_netgroup_dn() - kw['ipauniqueid'] = str(uuid.uuid1()) - kw['dn'] = "ipauniqueid=%s,%s,%s" % (kw['ipauniqueid'], netgroup_base, api.env.basedn) - - if not kw.get('nisdomainname', False): - kw['nisdomainname'] = api.env.domain - - # some required objectclasses - kw['objectClass'] = ['top', 'ipaAssociation', 'ipaNISNetgroup'] - - return ldap.create(**kw) - - def output_for_cli(self, textui, result, *args, **options): - """ - Output result of this command to command line interface. - """ - textui.print_name(self.name) - textui.print_entry(result) - textui.print_dashed('Added netgroup "%s"' % result.get('cn')) - -api.register(netgroup_add) - - -class netgroup_del(crud.Del): - 'Delete an existing netgroup.' - - def execute(self, cn, **kw): - """Delete a netgroup. - - cn is the cn of the netgroup to delete - - The memberOf plugin handles removing the netgroup from any other - groups. - - :param cn: The name of the netgroup being removed. - :param kw: Not used. - """ - self.log.info("IPA: netgroup-del '%s'" % cn) - - ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("cn", cn, netgroup_filter, netgroup_base) - return ldap.delete(dn) - - def output_for_cli(self, textui, result, cn): - """ - Output result of this command to command line interface. - """ - textui.print_plain('Deleted net group "%s"' % cn) - -api.register(netgroup_del) - - -class netgroup_mod(crud.Mod): - 'Edit an existing netgroup.' - def execute(self, cn, **kw): - """ - Execute the netgroup-mod operation. - - The dn should not be passed as a keyword argument as it is constructed - by this method. - - Returns the entry - - :param cn: The name of the netgroup to retrieve. - :param kw: Keyword arguments for the other LDAP attributes. - """ - self.log.info("IPA: netgroup-mod '%s'" % cn) - assert 'cn' not in kw - assert 'dn' not in kw - ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("cn", cn, netgroup_filter, netgroup_base) - return ldap.update(dn, **kw) - - def output_for_cli(self, textui, result, cn, **options): - """ - Output result of this command to command line interface. - """ - textui.print_name(self.name) - textui.print_entry(result) - textui.print_dashed('Updated netgroup "%s"' % result['cn']) - -api.register(netgroup_mod) - - -class netgroup_find(crud.Find): - 'Search the netgroups.' - def execute(self, term, **kw): - ldap = self.api.Backend.ldap - - search_fields = ['ipauniqueid','description','nisdomainname','cn'] - - search_kw = {} - for s in search_fields: - search_kw[s] = term - - search_kw['objectclass'] = netgroup_filter - search_kw['base'] = netgroup_base - return ldap.search(**search_kw) - - def output_for_cli(self, textui, result, *args, **options): - counter = result[0] - groups = result[1:] - if counter == 0 or len(groups) == 0: - textui.print_plain("No entries found") - return - if len(groups) == 1: - textui.print_entry(groups[0]) - return - textui.print_name(self.name) - for g in groups: - textui.print_entry(g) - textui.print_plain('') - if counter == -1: - textui.print_plain('These results are truncated.') - textui.print_plain('Please refine your search and try again.') - textui.print_count(groups, '%d netgroups matched') - -api.register(netgroup_find) - - -class netgroup_show(crud.Get): - 'Examine an existing netgroup.' - def execute(self, cn, **kw): - """ - Execute the netgroup-show operation. - - The dn should not be passed as a keyword argument as it is constructed - by this method. - - Returns the entry - - :param cn: The name of the netgroup to retrieve. - :param kw: Unused - """ - ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("cn", cn, netgroup_filter, netgroup_base) - return ldap.retrieve(dn) - - def output_for_cli(self, textui, result, *args, **options): - textui.print_entry(result) - -api.register(netgroup_show) - -class netgroup_add_member(Command): - 'Add a member to a group.' - takes_args = ( - Str('cn', - cli_name='name', - primary_key=True - ), - ) - takes_options = ( - Str('hosts?', doc='comma-separated list of hosts to add'), - Str('hostgroups?', doc='comma-separated list of host groups to add'), - Str('users?', doc='comma-separated list of users to add'), - Str('groups?', doc='comma-separated list of groups to add'), - Str('netgroups?', doc='comma-separated list of netgroups to add'), - ) - - def execute(self, cn, **kw): - """ - Execute the netgroup-add-member operation. - - Returns the updated group entry - - :param cn: The netgroup name to add new members to. - :param kw: hosts is a comma-separated list of hosts to add - :param kw: hostgroups is a comma-separated list of host groups to add - :param kw: users is a comma-separated list of users to add - :param kw: groups is a comma-separated list of groups to add - :param kw: netgroups is a comma-separated list of netgroups to add - """ - ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("cn", cn, netgroup_filter, netgroup_base) - add_failed = [] - to_add = [] - completed = 0 - - # Hosts - members = get_members(kw.get('hosts', '')) - (to_add, add_failed) = find_members(ldap, add_failed, members, "cn", "ipaHost") - - # If a host is not found we'll consider it an externalHost. It will - # be up to the user to handle typos - if add_failed: - (completed, failed) = add_external(ldap, completed, add_failed, cn) - add_failed = failed - - (completed, failed) = add_members(ldap, completed, to_add, dn, 'memberhost') - add_failed+=failed - - # Host groups - members = get_members(kw.get('hostgroups', '')) - (to_add, add_failed) = find_members(ldap, add_failed, members, "cn", hostgroup_filter) - (completed, failed) = add_members(ldap, completed, to_add, dn, 'memberhost') - add_failed+=failed - - # User - members = get_members(kw.get('users', '')) - (to_add, add_failed) = find_members(ldap, add_failed, members, "uid") - (completed, failed) = add_members(ldap, completed, to_add, dn, 'memberuser') - add_failed+=failed - - # Groups - members = get_members(kw.get('groups', '')) - (to_add, add_failed) = find_members(ldap, add_failed, members, "cn", "ipaUserGroup") - (completed, failed) = add_members(ldap, completed, to_add, dn, 'memberuser') - add_failed+=failed - - # Netgroups - members = get_members(kw.get('netgroups', '')) - (to_add, add_failed) = find_members(ldap, add_failed, members, "cn", netgroup_filter, netgroup_base) - (completed, failed) = add_members(ldap, completed, to_add, dn, 'member') - add_failed+=failed - - if completed == 0 and len(add_failed) == 0: - return 0 - - return add_failed - - def output_for_cli(self, textui, result, *args, **options): - """ - Output result of this command to command line interface. - """ - if result: - textui.print_plain("These entries failed to add to the group:") - for a in result: - print "\t'%s'" % a - else: - if not type(result) in (list, tuple) and result == 0: - textui.print_plain("nothing to do.") - else: - textui.print_plain("netgroup membership updated.") - -api.register(netgroup_add_member) - - -class netgroup_remove_member(Command): - 'Remove a member from a group.' - takes_args = ( - Str('cn', - cli_name='name', - primary_key=True - ), - ) - takes_options = ( - Str('hosts?', doc='comma-separated list of hosts to remove'), - Str('hostgroups?', doc='comma-separated list of groups to remove'), - Str('users?', doc='comma-separated list of users to remove'), - Str('groups?', doc='comma-separated list of groups to remove'), - Str('netgroups?', doc='comma-separated list of netgroups to add'), - ) - def execute(self, cn, **kw): - """ - Execute the group-remove-member operation. - - Returns the members that could not be added - - :param cn: The group name to add new members to. - :param kw: hosts is a comma-separated list of hosts to remove - :param kw: hostgroups is a comma-separated list of host groups to remove - :param kw: users is a comma-separated list of users to remove - :param kw: groups is a comma-separated list of groups to remove - :param kw: netgroups is a comma-separated list of netgroups to add - """ - ldap = self.api.Backend.ldap - dn = ldap.find_entry_dn("cn", cn, netgroup_filter, netgroup_base) - remove_failed = [] - to_remove = [] - completed = 0 - - # Hosts - members = get_members(kw.get('hosts', '')) - (to_remove, remove_failed) = find_members(ldap, remove_failed, members, "cn", "ipaHost") - - # If a host is not found we'll consider it an externalHost. It will - # be up to the user to handle typos - if remove_failed: - (completed, failed) = remove_external(ldap, completed, remove_failed, cn) - remove_failed = failed - - (completed, failed) = remove_members(ldap, completed, to_remove, dn, 'memberhost') - remove_failed+=failed - - # Host groups - members = get_members(kw.get('hostgroups', '')) - (to_remove, remove_failed) = find_members(ldap, remove_failed, members, "cn", hostgroup_filter) - (completed, failed) = remove_members(ldap, completed, to_remove, dn, 'memberhost') - remove_failed+=failed - - # User - members = get_members(kw.get('users', '')) - (to_remove, remove_failed) = find_members(ldap, remove_failed, members, "uid") - (completed, failed) = remove_members(ldap, completed, to_remove, dn, 'memberuser') - remove_failed+=failed - - # Groups - members = get_members(kw.get('groups', '')) - (to_remove, remove_failed) = find_members(ldap, remove_failed, members, "cn", "ipaUserGroup") - (completed, failed) = remove_members(ldap, completed, to_remove, dn, 'memberuser') - remove_failed+=failed - - # Netgroups - members = get_members(kw.get('netgroups', '')) - (to_remove, remove_failed) = find_members(ldap, remove_failed, members, "cn", netgroup_filter, netgroup_base) - (completed, failed) = remove_members(ldap, completed, to_remove, dn, 'member') - remove_failed+=failed - - return remove_failed - - def output_for_cli(self, textui, result, *args, **options): - """ - Output result of this command to command line interface. - """ - if result: - textui.print_plain("These entries failed to be removed from the group:") - for a in result: - print "\t'%s'" % a - else: - textui.print_plain("netgroup membership updated.") - -api.register(netgroup_remove_member) |