diff options
-rw-r--r-- | API.txt | 3 | ||||
-rw-r--r-- | ipalib/plugins/hbactest.py | 28 |
2 files changed, 27 insertions, 4 deletions
@@ -1634,7 +1634,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('value', <type 'unicode'>, None) command: hbactest -args: 0,8,6 +args: 0,9,6 option: Str('user', cli_name='user', primary_key=True) option: Str('sourcehost?', cli_name='srchost') option: Str('targethost', cli_name='host') @@ -1643,6 +1643,7 @@ option: Str('rules*', cli_name='rules', csv=True) option: Flag('nodetail?', autofill=True, cli_name='nodetail', default=False) option: Flag('enabled?', autofill=True, cli_name='enabled', default=False) option: Flag('disabled?', autofill=True, cli_name='disabled', default=False) +option: Int('sizelimit?', autofill=False, minvalue=0) output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('warning', (<type 'list'>, <type 'tuple'>, <type 'NoneType'>), None) output: Output('matched', (<type 'list'>, <type 'tuple'>, <type 'NoneType'>), None) diff --git a/ipalib/plugins/hbactest.py b/ipalib/plugins/hbactest.py index f1b608d21..92b7145a3 100644 --- a/ipalib/plugins/hbactest.py +++ b/ipalib/plugins/hbactest.py @@ -18,7 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipalib import api, errors, output -from ipalib import Command, Str, Flag +from ipalib import Command, Str, Flag, Int from types import NoneType from ipalib.cli import to_cli from ipalib import _, ngettext @@ -40,7 +40,7 @@ having access to the production environment. ipa hbactest --user= --host= --service= [--rules=rules-list] [--nodetail] [--enabled] [--disabled] - [--srchost= ] + [--srchost= ] [--sizelimit= ] --user, --host, and --service are mandatory, others are optional. @@ -57,6 +57,8 @@ having access to the production environment. all IPA enabled rules. If no --rules specified, simulation is run against all IPA enabled rules. + By default there is a IPA-wide limit to number of entries fetched, you can change it + with --sizelimit option. If --srchost is specified, it will be ignored. It is left because of compatibility reasons only. @@ -208,6 +210,13 @@ class hbactest(Command): cli_name='disabled', label=_('Include all disabled IPA rules into test'), ), + Int('sizelimit?', + label=_('Size Limit'), + doc=_('Maximum number of rules to process when no --rules is specified'), + flags=['no_display'], + minvalue=0, + autofill=False, + ), ) def canonicalize(self, host): @@ -224,7 +233,6 @@ class hbactest(Command): # 2. Required options are (user, source host, target host, service) # 3. Options: rules to test (--rules, --enabled, --disabled), request for detail output rules = [] - hbacset = self.api.Command.hbacrule_find()['result'] # Use all enabled IPA rules by default all_enabled = True @@ -238,6 +246,10 @@ class hbactest(Command): all_enabled = False all_disabled = False + sizelimit = None + if 'sizelimit' in options: + sizelimit = int(options['sizelimit']) + # Check if --disabled is specified, include all disabled IPA rules if options['disabled']: all_disabled = True @@ -247,6 +259,16 @@ class hbactest(Command): if options['enabled']: all_enabled = True + hbacset = [] + if len(testrules) == 0: + hbacset = self.api.Command.hbacrule_find(sizelimit=sizelimit)['result'] + else: + for rule in testrules: + try: + hbacset.append(self.api.Command.hbacrule_show(rule)['result']) + except: + pass + # We have some rules, import them # --enabled will import all enabled rules (default) # --disabled will import all disabled rules |