diff options
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/parameters.py | 3 | ||||
| -rw-r--r-- | ipalib/plugable.py | 2 | ||||
| -rw-r--r-- | ipalib/plugins/baseldap.py | 18 | ||||
| -rw-r--r-- | ipalib/plugins/hbacrule.py | 6 | ||||
| -rw-r--r-- | ipalib/plugins/selinuxusermap.py | 6 | ||||
| -rw-r--r-- | ipalib/plugins/sudorule.py | 6 | ||||
| -rw-r--r-- | ipalib/plugins/user.py | 2 |
7 files changed, 22 insertions, 21 deletions
diff --git a/ipalib/parameters.py b/ipalib/parameters.py index 83a86544d..529f15b37 100644 --- a/ipalib/parameters.py +++ b/ipalib/parameters.py @@ -330,6 +330,9 @@ class Param(ReadOnly): commands * no_update: do not include the parameter for crud.update based commands + * no_option: this attribute is not displayed in the CLI, usually + because there's a better way of setting it (for example, a + separate command) * virtual_attribute: the parameter is not stored physically in the LDAP and thus attribute `attribute` is not enabled * suppress_empty (Output parameters only): do not display parameter diff --git a/ipalib/plugable.py b/ipalib/plugable.py index 293db9241..f3d185e14 100644 --- a/ipalib/plugable.py +++ b/ipalib/plugable.py @@ -646,7 +646,7 @@ class API(DictProxy): if self.env.startup_traceback: import traceback self.log.error('could not load plugin module %r\n%s', pyfile, traceback.format_exc()) - raise e + raise def finalize(self): """ diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 2851f0f27..7664928be 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -320,7 +320,7 @@ def validate_externalhost(ugettext, hostname): external_host_param = Str('externalhost*', validate_externalhost, label=_('External host'), - flags=['no_create', 'no_update', 'no_search'], + flags=['no_option'], ) @@ -819,6 +819,11 @@ last, after all sets and adds."""), m = re.match("\s*(.*?)\s*=\s*(.*?)\s*$", a) attr = str(m.group(1)).lower() value = m.group(2) + if attr in self.obj.params and attr not in self.params: + # The attribute is managed by IPA, but it didn't get cloned + # to the command. This happens with no_update/no_create attrs. + raise errors.ValidationError( + name=attr, error=_('attribute is not configurable')) if len(value) == 0: # None means "delete this attribute" value = None @@ -919,17 +924,10 @@ last, after all sets and adds."""), # normalize all values changedattrs = setattrs | addattrs | delattrs for attr in changedattrs: - if attr in self.obj.params: + if attr in self.params and self.params[attr].attribute: # convert single-value params to scalars + param = self.params[attr] value = entry_attrs[attr] - try: - param = self.params[attr] - except KeyError: - # The CRUD classes filter their disallowed parameters out. - # Yet {set,add,del}attr are powerful enough to change these - # (e.g. Config's ipacertificatesubjectbase) - # So, use the parent's attribute - param = self.obj.params[attr] if not param.multivalue: if len(value) == 1: value = value[0] diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index 33440ccde..460083622 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -18,7 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipalib import api, errors -from ipalib import AccessTime, Password, Str, StrEnum +from ipalib import AccessTime, Password, Str, StrEnum, Bool from ipalib.plugins.baseldap import * from ipalib import _, ngettext @@ -183,9 +183,9 @@ class hbacrule(LDAPObject): cli_name='desc', label=_('Description'), ), - Flag('ipaenabledflag?', + Bool('ipaenabledflag?', label=_('Enabled'), - flags=['no_create', 'no_update', 'no_search'], + flags=['no_option'], ), Str('memberuser_user?', label=_('Users'), diff --git a/ipalib/plugins/selinuxusermap.py b/ipalib/plugins/selinuxusermap.py index e33e10161..e6179cee9 100644 --- a/ipalib/plugins/selinuxusermap.py +++ b/ipalib/plugins/selinuxusermap.py @@ -18,7 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipalib import api, errors -from ipalib import Str, StrEnum +from ipalib import Str, StrEnum, Bool from ipalib.plugins.baseldap import * from ipalib import _, ngettext from ipalib.plugins.hbacrule import is_all @@ -172,9 +172,9 @@ class selinuxusermap(LDAPObject): cli_name='desc', label=_('Description'), ), - Flag('ipaenabledflag?', + Bool('ipaenabledflag?', label=_('Enabled'), - flags=['no_create', 'no_update', 'no_search'], + flags=['no_option'], ), Str('memberuser_user?', label=_('Users'), diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index 2c0358e87..723cce2e4 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -18,7 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipalib import api, errors -from ipalib import Str, StrEnum +from ipalib import Str, StrEnum, Bool from ipalib.plugins.baseldap import * from ipalib.plugins.hbacrule import is_all from ipalib import _, ngettext @@ -110,9 +110,9 @@ class sudorule(LDAPObject): cli_name='desc', label=_('Description'), ), - Flag('ipaenabledflag?', + Bool('ipaenabledflag?', label=_('Enabled'), - flags=['no_create', 'no_update', 'no_search'], + flags=['no_option'], ), StrEnum('usercategory?', cli_name='usercat', diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 3bea7af6f..2e069bde3 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -338,7 +338,7 @@ class user(LDAPObject): ), Bool('nsaccountlock?', label=_('Account disabled'), - flags=['no_create', 'no_update', 'no_search'], + flags=['no_option'], ), Bytes('ipasshpubkey*', validate_sshpubkey, cli_name='sshpubkey', |