From 506cbaa1fb24c9c5afd091582de0af1c44cc33ea Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 19 Jul 2011 20:46:20 -0400 Subject: Hide the HBAC access type attribute now that deny is deprecated. It won't appear in the UI/CLI but is still available via XML-RPC. allow is the default and deny will be rejected. https://fedorahosted.org/freeipa/ticket/1495 --- API.txt | 6 +++--- ipalib/plugins/hbacrule.py | 10 ++++++---- tests/test_xmlrpc/test_hbac_plugin.py | 1 - 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/API.txt b/API.txt index 3d7150493..0ceb3a757 100644 --- a/API.txt +++ b/API.txt @@ -1021,7 +1021,7 @@ output: Output('value', , "The primary_key value of the entry, e command: hbacrule_add args: 1,11,3 arg: Str('cn', attribute=True, cli_name='name', label=Gettext('Rule name', domain='ipa', localedir=None), multivalue=False, primary_key=True, required=True) -option: StrEnum('accessruletype', validate_type, attribute=True, autofill=True, cli_name='type', default=u'allow', label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, required=True, values=(u'allow', u'deny')) +option: StrEnum('accessruletype', validate_type, attribute=True, autofill=True, cli_name='type', default=u'allow', exclude='webui', flags=['no_option', 'no_output'], label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, required=True, values=(u'allow', u'deny')) option: StrEnum('usercategory', attribute=True, cli_name='usercat', label=Gettext('User category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',)) option: StrEnum('hostcategory', attribute=True, cli_name='hostcat', label=Gettext('Host category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',)) option: StrEnum('sourcehostcategory', attribute=True, cli_name='srchostcat', label=Gettext('Source host category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',)) @@ -1102,7 +1102,7 @@ command: hbacrule_find args: 1,12,4 arg: Str('criteria?', noextrawhitespace=False) option: Str('cn', attribute=True, autofill=False, cli_name='name', label=Gettext('Rule name', domain='ipa', localedir=None), multivalue=False, primary_key=True, query=True, required=False) -option: StrEnum('accessruletype', validate_type, attribute=True, autofill=False, cli_name='type', default=u'allow', label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'allow', u'deny')) +option: StrEnum('accessruletype', validate_type, attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', flags=['no_option', 'no_output'], label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'allow', u'deny')) option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', label=Gettext('User category', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'all',)) option: StrEnum('hostcategory', attribute=True, autofill=False, cli_name='hostcat', label=Gettext('Host category', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'all',)) option: StrEnum('sourcehostcategory', attribute=True, autofill=False, cli_name='srchostcat', label=Gettext('Source host category', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'all',)) @@ -1120,7 +1120,7 @@ output: Output('truncated', , 'True if not all results were returne command: hbacrule_mod args: 1,12,3 arg: Str('cn', attribute=True, cli_name='name', label=Gettext('Rule name', domain='ipa', localedir=None), multivalue=False, primary_key=True, query=True, required=True) -option: StrEnum('accessruletype', validate_type, attribute=True, autofill=False, cli_name='type', default=u'allow', label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'allow', u'deny')) +option: StrEnum('accessruletype', validate_type, attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', flags=['no_option', 'no_output'], label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'allow', u'deny')) option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', label=Gettext('User category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',)) option: StrEnum('hostcategory', attribute=True, autofill=False, cli_name='hostcat', label=Gettext('Host category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',)) option: StrEnum('sourcehostcategory', attribute=True, autofill=False, cli_name='srchostcat', label=Gettext('Source host category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',)) diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index 2dcdddd58..0d8474fbd 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -36,7 +36,7 @@ EXAMPLES: Create a rule, "test1", that grants all users access to the host "server" from anywhere: - ipa hbacrule-add --type=allow --usercat=all --srchostcat=all test1 + ipa hbacrule-add --usercat=all --srchostcat=all test1 ipa hbacrule-add-host --hosts=server.example.com test1 Display the properties of a named HBAC rule: @@ -44,7 +44,7 @@ EXAMPLES: Create a rule for a specific service. This lets the user john access the sshd service on any machine from any machine: - ipa hbacrule-add --type=allow --hostcat=all --srchostcat=all john_sshd + ipa hbacrule-add --hostcat=all --srchostcat=all john_sshd ipa hbacrule-add-user --users=john john_sshd ipa hbacrule-add-service --hbacsvcs=sshd john_sshd @@ -53,7 +53,7 @@ EXAMPLES: ipa hbacsvcgroup-add ftpers ipa hbacsvc-add sftp ipa hbacsvcgroup-add-member --hbacsvcs=ftp,sftp ftpers - ipa hbacrule-add --type=allow --hostcat=all --srchostcat=all john_ftp + ipa hbacrule-add --hostcat=all --srchostcat=all john_ftp ipa hbacrule-add-user --users=john john_ftp ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp @@ -112,7 +112,7 @@ class hbacrule(LDAPObject): object_name_plural = _('HBAC rules') object_class = ['ipaassociation', 'ipahbacrule'] default_attributes = [ - 'cn', 'accessruletype', 'ipaenabledflag', + 'cn', 'ipaenabledflag', 'description', 'usercategory', 'hostcategory', 'sourcehostcategory', 'servicecategory', 'ipaenabledflag', 'memberuser', 'sourcehost', 'memberhost', 'memberservice', @@ -143,6 +143,8 @@ class hbacrule(LDAPObject): values=(u'allow', u'deny'), default=u'allow', autofill=True, + exclude='webui', + flags=['no_option', 'no_output'], ), # FIXME: {user,host,sourcehost,service}categories should expand in the future StrEnum('usercategory?', diff --git a/tests/test_xmlrpc/test_hbac_plugin.py b/tests/test_xmlrpc/test_hbac_plugin.py index 3985b61cf..fc673c203 100644 --- a/tests/test_xmlrpc/test_hbac_plugin.py +++ b/tests/test_xmlrpc/test_hbac_plugin.py @@ -81,7 +81,6 @@ class test_hbac(XMLRPC_test): """ entry = api.Command['hbacrule_show'](self.rule_name)['result'] assert_attr_equal(entry, 'cn', self.rule_name) - assert_attr_equal(entry, 'accessruletype', self.rule_type) assert_attr_equal(entry, 'ipaenabledflag', 'TRUE') assert_attr_equal(entry, 'description', self.rule_desc) -- cgit