diff options
| -rw-r--r-- | API.txt | 6 | ||||
| -rw-r--r-- | ipalib/plugins/hbacrule.py | 10 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_hbac_plugin.py | 25 |
3 files changed, 36 insertions, 5 deletions
@@ -1018,7 +1018,7 @@ output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e command: hbacrule_add args: 1,11,3 arg: Str('cn', attribute=True, cli_name='name', label=Gettext('Rule name', domain='ipa', localedir=None), multivalue=False, primary_key=True, required=True) -option: StrEnum('accessruletype', attribute=True, cli_name='type', label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, required=True, values=(u'allow', u'deny')) +option: StrEnum('accessruletype', validate_type, attribute=True, autofill=True, cli_name='type', default=u'allow', label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, required=True, values=(u'allow', u'deny')) option: StrEnum('usercategory', attribute=True, cli_name='usercat', label=Gettext('User category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',)) option: StrEnum('hostcategory', attribute=True, cli_name='hostcat', label=Gettext('Host category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',)) option: StrEnum('sourcehostcategory', attribute=True, cli_name='srchostcat', label=Gettext('Source host category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',)) @@ -1099,7 +1099,7 @@ command: hbacrule_find args: 1,12,4 arg: Str('criteria?', noextrawhitespace=False) option: Str('cn', attribute=True, autofill=False, cli_name='name', label=Gettext('Rule name', domain='ipa', localedir=None), multivalue=False, primary_key=True, query=True, required=False) -option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'allow', u'deny')) +option: StrEnum('accessruletype', validate_type, attribute=True, autofill=False, cli_name='type', default=u'allow', label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'allow', u'deny')) option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', label=Gettext('User category', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'all',)) option: StrEnum('hostcategory', attribute=True, autofill=False, cli_name='hostcat', label=Gettext('Host category', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'all',)) option: StrEnum('sourcehostcategory', attribute=True, autofill=False, cli_name='srchostcat', label=Gettext('Source host category', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'all',)) @@ -1117,7 +1117,7 @@ output: Output('truncated', <type 'bool'>, 'True if not all results were returne command: hbacrule_mod args: 1,12,3 arg: Str('cn', attribute=True, cli_name='name', label=Gettext('Rule name', domain='ipa', localedir=None), multivalue=False, primary_key=True, query=True, required=True) -option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'allow', u'deny')) +option: StrEnum('accessruletype', validate_type, attribute=True, autofill=False, cli_name='type', default=u'allow', label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'allow', u'deny')) option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', label=Gettext('User category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',)) option: StrEnum('hostcategory', attribute=True, autofill=False, cli_name='hostcat', label=Gettext('Host category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',)) option: StrEnum('sourcehostcategory', attribute=True, autofill=False, cli_name='srchostcat', label=Gettext('Source host category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',)) diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index 2488b1d91..2dcdddd58 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -87,6 +87,10 @@ from ipalib import _, ngettext topic = ('hbac', 'Host-based access control commands') +def validate_type(ugettext, type): + if type.lower() == 'deny': + raise errors.ValidationError(name='type', error=_('The deny type has been deprecated.')) + def is_all(options, attribute): """ See if options[attribute] is lower-case 'all' in a safe way. @@ -132,11 +136,13 @@ class hbacrule(LDAPObject): label=_('Rule name'), primary_key=True, ), - StrEnum('accessruletype', + StrEnum('accessruletype', validate_type, cli_name='type', - doc=_('Rule type (allow or deny)'), + doc=_('Rule type (allow)'), label=_('Rule type'), values=(u'allow', u'deny'), + default=u'allow', + autofill=True, ), # FIXME: {user,host,sourcehost,service}categories should expand in the future StrEnum('usercategory?', diff --git a/tests/test_xmlrpc/test_hbac_plugin.py b/tests/test_xmlrpc/test_hbac_plugin.py index b2345cc4a..29e9f6c48 100644 --- a/tests/test_xmlrpc/test_hbac_plugin.py +++ b/tests/test_xmlrpc/test_hbac_plugin.py @@ -436,6 +436,31 @@ class test_hbac(XMLRPC_test): finally: api.Command['hbacrule_remove_service'](self.rule_name, hbacsvc=self.test_service) + def test_l_hbacrule_add(self): + """ + Test adding a new HBAC rule with a deny type. + """ + try: + api.Command['hbacrule_add']( + u'denyrule', + accessruletype=u'deny', + description=self.rule_desc, + ) + except errors.ValidationError: + pass + + def test_m_hbacrule_add(self): + """ + Test changing an HBAC rule to the deny type + """ + try: + api.Command['hbacrule_mod']( + self.rule_name, + accessruletype=u'deny', + ) + except errors.ValidationError: + pass + def test_z_hbacrule_del(self): """ Test deleting a HBAC rule using `xmlrpc.hbacrule_del`. |