diff options
Diffstat (limited to 'ipalib/plugins')
-rw-r--r-- | ipalib/plugins/hbacrule.py | 49 | ||||
-rw-r--r-- | ipalib/plugins/hbactest.py | 26 |
2 files changed, 14 insertions, 61 deletions
diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index 41aaf97ee..5cc8bc1a3 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -18,7 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipalib import api, errors -from ipalib import AccessTime, Password, Str, StrEnum, Bool +from ipalib import AccessTime, Password, Str, StrEnum, Bool, DeprecatedParam from ipalib.plugins.baseldap import * from ipalib import _, ngettext @@ -150,7 +150,7 @@ class hbacrule(LDAPObject): exclude='webui', flags=['no_option', 'no_output'], ), - # FIXME: {user,host,sourcehost,service}categories should expand in the future + # FIXME: {user,host,service}categories should expand in the future StrEnum('usercategory?', cli_name='usercat', label=_('User category'), @@ -163,12 +163,7 @@ class hbacrule(LDAPObject): doc=_('Host category the rule applies to'), values=(u'all', ), ), - StrEnum('sourcehostcategory?', - cli_name='srchostcat', - label=_('Source host category'), - doc=_('Source host category the rule applies to'), - values=(u'all', ), - ), + DeprecatedParam('sourcehostcategory?'), StrEnum('servicecategory?', cli_name='servicecat', label=_('Service category'), @@ -203,14 +198,8 @@ class hbacrule(LDAPObject): label=_('Host Groups'), flags=['no_create', 'no_update', 'no_search'], ), - Str('sourcehost_host?', - label=_('Source Hosts'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('sourcehost_hostgroup?', - label=_('Source Host Groups'), - flags=['no_create', 'no_update', 'no_search'], - ), + DeprecatedParam('sourcehost_host?'), + DeprecatedParam('sourcehost_hostgroup?'), Str('memberservice_hbacsvc?', label=_('Services'), flags=['no_create', 'no_update', 'no_search'], @@ -272,8 +261,6 @@ class hbacrule_mod(LDAPUpdate): raise errors.MutuallyExclusiveError(reason=_("user category cannot be set to 'all' while there are allowed users")) if is_all(options, 'hostcategory') and 'memberhost' in entry_attrs: raise errors.MutuallyExclusiveError(reason=_("host category cannot be set to 'all' while there are allowed hosts")) - if is_all(options, 'sourcehostcategory') and 'sourcehost' in entry_attrs: - raise errors.MutuallyExclusiveError(reason=_("sourcehost category cannot be set to 'all' while there are allowed sourcehosts")) if is_all(options, 'servicecategory') and 'memberservice' in entry_attrs: raise errors.MutuallyExclusiveError(reason=_("service category cannot be set to 'all' while there are allowed services")) return dn @@ -493,39 +480,25 @@ api.register(hbacrule_remove_host) class hbacrule_add_sourcehost(LDAPAddMember): - __doc__ = _('Add source hosts and hostgroups from a HBAC rule.') + NO_CLI = True member_attributes = ['sourcehost'] member_count_out = ('%i object added.', '%i objects added.') - def pre_callback(self, ldap, dn, found, not_found, *keys, **options): - assert isinstance(dn, DN) - try: - (dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes) - except errors.NotFound: - self.obj.handle_not_found(*keys) - if 'sourcehostcategory' in entry_attrs and \ - entry_attrs['sourcehostcategory'][0].lower() == 'all': - raise errors.MutuallyExclusiveError(reason=_( - "source hosts cannot be added when sourcehost category='all'")) - return add_external_pre_callback('host', ldap, dn, keys, options) - - def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): - assert isinstance(dn, DN) - return add_external_post_callback('sourcehost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options) + def validate(self, **kw): + raise errors.DeprecationError(name='hbacrule_add_sourcehost') api.register(hbacrule_add_sourcehost) class hbacrule_remove_sourcehost(LDAPRemoveMember): - __doc__ = _('Remove source hosts and hostgroups from an HBAC rule.') + NO_CLI = True member_attributes = ['sourcehost'] member_count_out = ('%i object removed.', '%i objects removed.') - def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): - assert isinstance(dn, DN) - return remove_external_post_callback('sourcehost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options) + def validate(self, **kw): + raise errors.DeprecationError(name='hbacrule_remove_sourcehost') api.register(hbacrule_remove_sourcehost) diff --git a/ipalib/plugins/hbactest.py b/ipalib/plugins/hbactest.py index 25c64ea4d..eeb0281f5 100644 --- a/ipalib/plugins/hbactest.py +++ b/ipalib/plugins/hbactest.py @@ -18,7 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipalib import api, errors, output, util -from ipalib import Command, Str, Flag, Int +from ipalib import Command, Str, Flag, Int, DeprecatedParam from types import NoneType from ipalib.cli import to_cli from ipalib import _, ngettext @@ -255,10 +255,7 @@ class hbactest(Command): label=_('User name'), primary_key=True, ), - Str('sourcehost?', - cli_name='srchost', - label=_('Source host'), - ), + DeprecatedParam('sourcehost?'), Str('targethost', cli_name='host', label=_('Target host'), @@ -304,7 +301,7 @@ class hbactest(Command): def execute(self, *args, **options): # First receive all needed information: # 1. HBAC rules (whether enabled or disabled) - # 2. Required options are (user, source host, target host, service) + # 2. Required options are (user, target host, service) # 3. Options: rules to test (--rules, --enabled, --disabled), request for detail output rules = [] @@ -436,21 +433,6 @@ class hbactest(Command): except: pass - if options.get('sourcehost'): - warning_flag = True - if options['sourcehost'] != u'all': - try: - request.srchost.name = self.canonicalize(options['sourcehost']) - srchost_result = self.api.Command.host_show(request.srchost.name)['result'] - groups = srchost_result['memberof_hostgroup'] - if 'memberofindirect_hostgroup' in srchost_result: - groups += srchost_result['memberofindirect_hostgroup'] - request.srchost.groups = sorted(set(groups)) - except: - pass - else: - warning_flag = False - if options['targethost'] != u'all': try: request.targethost.name = self.canonicalize(options['targethost']) @@ -477,8 +459,6 @@ class hbactest(Command): matched_rules.append(ipa_rule.name) if res == pyhbac.HBAC_EVAL_DENY: notmatched_rules.append(ipa_rule.name) - if warning_flag: - warning_rules.append(_(u'Sourcehost value of rule "%s" is ignored') % (ipa_rule.name)) except pyhbac.HbacError as (code, rule_name): if code == pyhbac.HBAC_EVAL_ERROR: error_rules.append(rule_name) |