diff options
| -rw-r--r-- | API.txt | 24 | ||||
| -rw-r--r-- | VERSION | 2 | ||||
| -rw-r--r-- | ipalib/plugins/group.py | 5 | ||||
| -rw-r--r-- | ipalib/plugins/host.py | 5 | ||||
| -rw-r--r-- | ipalib/plugins/hostgroup.py | 4 | ||||
| -rw-r--r-- | ipalib/plugins/user.py | 4 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_hbac_plugin.py | 37 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_sudorule_plugin.py | 37 |
8 files changed, 103 insertions, 15 deletions
@@ -904,7 +904,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly output: Output('result', <type 'bool'>, 'True means the operation was successful') output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user") command: group_find -args: 1,19,4 +args: 1,23,4 arg: Str('criteria?') option: Str('cn', attribute=True, autofill=False, cli_name='group_name', label=Gettext('Group name', domain='ipa', localedir=None), maxlength=255, multivalue=False, normalizer=<lambda>, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', pattern_errmsg='may only include letters, numbers, _, -, . and $', primary_key=True, query=True, required=False) option: Str('description', attribute=True, autofill=False, cli_name='desc', label=Gettext('Description', domain='ipa', localedir=None), multivalue=False, query=True, required=False) @@ -925,6 +925,10 @@ option: List('in_netgroup?', cli_name='in_netgroups', label='netgroup', multival option: List('not_in_netgroup?', cli_name='not_in_netgroups', label='netgroup', multivalue=True) option: List('in_role?', cli_name='in_roles', label='role', multivalue=True) option: List('not_in_role?', cli_name='not_in_roles', label='role', multivalue=True) +option: List('in_hbacrule?', cli_name='in_hbacrules', label='HBAC rule', multivalue=True) +option: List('not_in_hbacrule?', cli_name='not_in_hbacrules', label='HBAC rule', multivalue=True) +option: List('in_sudorule?', cli_name='in_sudorules', label='Sudo Rule', multivalue=True) +option: List('not_in_sudorule?', cli_name='not_in_sudorules', label='Sudo Rule', multivalue=True) output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly description of action performed') output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None)) output: Output('count', <type 'int'>, 'Number of entries returned') @@ -1313,7 +1317,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly output: Output('result', <type 'bool'>, 'True means the operation was successful') output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user") command: host_find -args: 1,23,4 +args: 1,27,4 arg: Str('criteria?') option: Str('fqdn', validate_host, attribute=True, autofill=False, cli_name='hostname', label=Gettext('Host name', domain='ipa', localedir=None), multivalue=False, normalizer=<lambda>, primary_key=True, query=True, required=False) option: Str('description', attribute=True, autofill=False, cli_name='desc', label=Gettext('Description', domain='ipa', localedir=None), multivalue=False, query=True, required=False) @@ -1334,6 +1338,10 @@ option: List('in_netgroup?', cli_name='in_netgroups', label='netgroup', multival option: List('not_in_netgroup?', cli_name='not_in_netgroups', label='netgroup', multivalue=True) option: List('in_role?', cli_name='in_roles', label='role', multivalue=True) option: List('not_in_role?', cli_name='not_in_roles', label='role', multivalue=True) +option: List('in_hbacrule?', cli_name='in_hbacrules', label='HBAC rule', multivalue=True) +option: List('not_in_hbacrule?', cli_name='not_in_hbacrules', label='HBAC rule', multivalue=True) +option: List('in_sudorule?', cli_name='in_sudorules', label='Sudo Rule', multivalue=True) +option: List('not_in_sudorule?', cli_name='not_in_sudorules', label='Sudo Rule', multivalue=True) option: List('enroll_by_user?', cli_name='enroll_by_users', label='user', multivalue=True) option: List('not_enroll_by_user?', cli_name='not_enroll_by_users', label='user', multivalue=True) option: List('man_by_host?', cli_name='man_by_hosts', label='host', multivalue=True) @@ -1415,7 +1423,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly output: Output('result', <type 'dict'>, 'list of deletions that failed') output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user") command: hostgroup_find -args: 1,13,4 +args: 1,17,4 arg: Str('criteria?') option: Str('cn', attribute=True, autofill=False, cli_name='hostgroup_name', label=Gettext('Host-group', domain='ipa', localedir=None), multivalue=False, normalizer=<lambda>, primary_key=True, query=True, required=False) option: Str('description', attribute=True, autofill=False, cli_name='desc', label=Gettext('Description', domain='ipa', localedir=None), multivalue=False, query=True, required=False) @@ -1430,6 +1438,10 @@ option: List('hostgroup?', cli_name='hostgroups', label='hostgroup', multivalue= option: List('no_hostgroup?', cli_name='no_hostgroups', label='hostgroup', multivalue=True) option: List('in_hostgroup?', cli_name='in_hostgroups', label='hostgroup', multivalue=True) option: List('not_in_hostgroup?', cli_name='not_in_hostgroups', label='hostgroup', multivalue=True) +option: List('in_hbacrule?', cli_name='in_hbacrules', label='HBAC rule', multivalue=True) +option: List('not_in_hbacrule?', cli_name='not_in_hbacrules', label='HBAC rule', multivalue=True) +option: List('in_sudorule?', cli_name='in_sudorules', label='Sudo Rule', multivalue=True) +option: List('not_in_sudorule?', cli_name='not_in_sudorules', label='Sudo Rule', multivalue=True) output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly description of action performed') output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None)) output: Output('count', <type 'int'>, 'Number of entries returned') @@ -2580,7 +2592,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly output: Output('result', <type 'bool'>, 'True means the operation was successful') output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user") command: user_find -args: 1,38,4 +args: 1,42,4 arg: Str('criteria?') option: Str('uid', attribute=True, autofill=False, cli_name='login', default_from=DefaultFrom(<lambda>, 'givenname', 'sn'), label=Gettext('User login', domain='ipa', localedir=None), maxlength=255, multivalue=False, normalizer=<lambda>, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', pattern_errmsg='may only include letters, numbers, _, -, . and $', primary_key=True, query=True, required=False) option: Str('givenname', attribute=True, autofill=False, cli_name='first', label=Gettext('First name', domain='ipa', localedir=None), multivalue=False, query=True, required=False) @@ -2620,6 +2632,10 @@ option: List('in_netgroup?', cli_name='in_netgroups', label='netgroup', multival option: List('not_in_netgroup?', cli_name='not_in_netgroups', label='netgroup', multivalue=True) option: List('in_role?', cli_name='in_roles', label='role', multivalue=True) option: List('not_in_role?', cli_name='not_in_roles', label='role', multivalue=True) +option: List('in_hbacrule?', cli_name='in_hbacrules', label='HBAC rule', multivalue=True) +option: List('not_in_hbacrule?', cli_name='not_in_hbacrules', label='HBAC rule', multivalue=True) +option: List('in_sudorule?', cli_name='in_sudorules', label='Sudo Rule', multivalue=True) +option: List('not_in_sudorule?', cli_name='not_in_sudorules', label='Sudo Rule', multivalue=True) output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly description of action performed') output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None)) output: Output('count', <type 'int'>, 'Number of entries returned') @@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=2 +IPA_API_VERSION_MINOR=3 diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py index d4d0715c5..163a6f5da 100644 --- a/ipalib/plugins/group.py +++ b/ipalib/plugins/group.py @@ -90,9 +90,10 @@ class group(LDAPObject): uuid_attribute = 'ipauniqueid' attribute_members = { 'member': ['user', 'group'], - 'memberof': ['group', 'netgroup', 'role',], + 'memberof': ['group', 'netgroup', 'role', 'hbacrule', 'sudorule'], 'memberindirect': ['user', 'group', 'netgroup', 'role'], - 'memberofindirect': ['group', 'netgroup', 'role'], + 'memberofindirect': ['group', 'netgroup', 'role', 'hbacrule', + 'sudorule'], } rdnattr = 'cn' diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 4947986f6..a602df4d1 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -214,9 +214,10 @@ class host(LDAPObject): uuid_attribute = 'ipauniqueid' attribute_members = { 'enrolledby': ['user'], - 'memberof': ['hostgroup', 'netgroup', 'role'], + 'memberof': ['hostgroup', 'netgroup', 'role', 'hbacrule', 'sudorule'], 'managedby': ['host'], - 'memberofindirect': ['hostgroup', 'netgroup', 'role'], + 'memberofindirect': ['hostgroup', 'netgroup', 'role', 'hbacrule', + 'sudorule'], } bindable = True relationships = { diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py index 715523440..4ffc2217e 100644 --- a/ipalib/plugins/hostgroup.py +++ b/ipalib/plugins/hostgroup.py @@ -65,9 +65,9 @@ class hostgroup(LDAPObject): uuid_attribute = 'ipauniqueid' attribute_members = { 'member': ['host', 'hostgroup'], - 'memberof': ['hostgroup'], + 'memberof': ['hostgroup', 'hbacrule', 'sudorule'], 'memberindirect': ['host', 'hostgroup'], - 'memberofindirect': ['host', 'hostgroup'], + 'memberofindirect': ['host', 'hostgroup', 'hbacrule', 'sudorule'], } label = _('Host Groups') diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index c4d875a2d..6111d1632 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -99,8 +99,8 @@ class user(LDAPObject): ] uuid_attribute = 'ipauniqueid' attribute_members = { - 'memberof': ['group', 'netgroup', 'role'], - 'memberofindirect': ['group', 'netgroup', 'role'], + 'memberof': ['group', 'netgroup', 'role', 'hbacrule', 'sudorule'], + 'memberofindirect': ['group', 'netgroup', 'role', 'hbacrule', 'sudorule'], } rdnattr = 'uid' bindable = True diff --git a/tests/test_xmlrpc/test_hbac_plugin.py b/tests/test_xmlrpc/test_hbac_plugin.py index 504565477..b2345cc4a 100644 --- a/tests/test_xmlrpc/test_hbac_plugin.py +++ b/tests/test_xmlrpc/test_hbac_plugin.py @@ -24,7 +24,6 @@ from xmlrpc_test import XMLRPC_test, assert_attr_equal from ipalib import api from ipalib import errors - class test_hbac(XMLRPC_test): """ Test the `hbacrule` plugin. @@ -179,6 +178,24 @@ class test_hbac(XMLRPC_test): assert_attr_equal(entry, 'memberuser_user', self.test_user) assert_attr_equal(entry, 'memberuser_group', self.test_group) + def test_9_a_show_user(self): + """ + Test showing a user to verify HBAC rule membership + `xmlrpc.user_show`. + """ + ret = api.Command['user_show'](self.test_user, all=True) + entry = ret['result'] + assert_attr_equal(entry, 'memberof_HBAC rule', self.rule_name) + + def test_9_b_show_group(self): + """ + Test showing a group to verify HBAC rule membership + `xmlrpc.group_show`. + """ + ret = api.Command['group_show'](self.test_group, all=True) + entry = ret['result'] + assert_attr_equal(entry, 'memberof_HBAC rule', self.rule_name) + def test_9_hbacrule_remove_user(self): """ Test removing user and group from HBAC rule using `xmlrpc.hbacrule_remove_user'. @@ -215,6 +232,24 @@ class test_hbac(XMLRPC_test): assert_attr_equal(entry, 'memberhost_host', self.test_host) assert_attr_equal(entry, 'memberhost_hostgroup', self.test_hostgroup) + def test_a_hbacrule_show_host(self): + """ + Test showing host to verify HBAC rule membership + `xmlrpc.host_show`. + """ + ret = api.Command['host_show'](self.test_host, all=True) + entry = ret['result'] + assert_attr_equal(entry, 'memberof_HBAC rule', self.rule_name) + + def test_a_hbacrule_show_hostgroup(self): + """ + Test showing hostgroup to verify HBAC rule membership + `xmlrpc.hostgroup_show`. + """ + ret = api.Command['hostgroup_show'](self.test_hostgroup, all=True) + entry = ret['result'] + assert_attr_equal(entry, 'memberof_HBAC rule', self.rule_name) + def test_b_hbacrule_remove_host(self): """ Test removing host and hostgroup from HBAC rule using `xmlrpc.hbacrule_remove_host`. diff --git a/tests/test_xmlrpc/test_sudorule_plugin.py b/tests/test_xmlrpc/test_sudorule_plugin.py index 4c3ba5a21..3de1adce0 100644 --- a/tests/test_xmlrpc/test_sudorule_plugin.py +++ b/tests/test_xmlrpc/test_sudorule_plugin.py @@ -25,7 +25,6 @@ from xmlrpc_test import XMLRPC_test, assert_attr_equal from ipalib import api from ipalib import errors - class test_sudorule(XMLRPC_test): """ Test the `sudorule` plugin. @@ -155,6 +154,24 @@ class test_sudorule(XMLRPC_test): assert_attr_equal(entry, 'memberuser_user', self.test_user) assert_attr_equal(entry, 'memberuser_group', self.test_group) + def test_9_a_show_user(self): + """ + Test showing a user to verify Sudo rule membership + `xmlrpc.user_show`. + """ + ret = api.Command['user_show'](self.test_user, all=True) + entry = ret['result'] + assert_attr_equal(entry, 'memberof_Sudo Rule', self.rule_name) + + def test_9_b_show_group(self): + """ + Test showing a group to verify Sudo rule membership + `xmlrpc.group_show`. + """ + ret = api.Command['group_show'](self.test_group, all=True) + entry = ret['result'] + assert_attr_equal(entry, 'memberof_Sudo Rule', self.rule_name) + def test_9_sudorule_remove_user(self): """ Test removing user and group from Sudo rule using @@ -359,6 +376,24 @@ class test_sudorule(XMLRPC_test): assert_attr_equal(entry, 'memberhost_host', self.test_host) assert_attr_equal(entry, 'memberhost_hostgroup', self.test_hostgroup) + def test_a_sudorule_show_host(self): + """ + Test showing host to verify Sudo rule membership + `xmlrpc.host_show`. + """ + ret = api.Command['host_show'](self.test_host, all=True) + entry = ret['result'] + assert_attr_equal(entry, 'memberof_Sudo Rule', self.rule_name) + + def test_a_sudorule_show_hostgroup(self): + """ + Test showing hostgroup to verify Sudo rule membership + `xmlrpc.hostgroup_show`. + """ + ret = api.Command['hostgroup_show'](self.test_hostgroup, all=True) + entry = ret['result'] + assert_attr_equal(entry, 'memberof_Sudo Rule', self.rule_name) + def test_b_sudorule_remove_host(self): """ Test removing host and hostgroup from Sudo rule using |