From 77ae4da70632e17b6be09e9ad71fc353b3bad96e Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Wed, 19 Jun 2013 09:48:29 +0200 Subject: Remove entitlement support Entitlements code was not tested nor supported upstream since version 3.0. Remove the associated code. https://fedorahosted.org/freeipa/ticket/3739 --- API.txt | 65 -- freeipa.spec.in | 4 - install/share/bootstrap-template.ldif | 6 - install/share/delegation.ldif | 80 --- install/tools/Makefile.am | 1 - install/tools/ipa-compliance | 201 ------ install/tools/man/Makefile.am | 1 - install/tools/man/ipa-compliance.1 | 45 -- install/ui/images/Makefile.am | 3 - install/ui/images/entitle-consume.png | Bin 1105 -> 0 bytes install/ui/images/entitle-import.png | Bin 1086 -> 0 bytes install/ui/images/entitle-register.png | Bin 1168 -> 0 bytes install/ui/ipa.css | 15 - install/ui/src/freeipa/entitle.js | 770 --------------------- install/ui/test/data/entitle_consume.json | 24 - install/ui/test/data/entitle_find_offline.json | 32 - install/ui/test/data/entitle_find_online.json | 37 - install/ui/test/data/entitle_get.json | 27 - install/ui/test/data/entitle_import.json | 12 - install/ui/test/data/entitle_register.json | 26 - install/ui/test/data/entitle_status_offline.json | 12 - install/ui/test/data/entitle_status_online.json | 12 - .../ui/test/data/entitle_status_unregistered.json | 11 - install/ui/test/data/ipa_init.json | 22 - install/ui/test/data/ipa_init_commands.json | 215 ------ install/ui/test/data/ipa_init_methods.json | 469 +------------ install/ui/test/data/ipa_init_objects.json | 62 -- install/ui/test/data/json_metadata.json | 1 - install/ui/test/data/privilege_find.json | 16 +- install/ui/test/data/privilege_find_pkeys.json | 8 +- install/ui/test/data/privilege_get_records.json | 21 +- ipa-client/man/default.conf.5 | 1 - ipa-compliance.cron | 5 - ipalib/constants.py | 1 - ipalib/plugins/entitle.py | 750 -------------------- ipalib/plugins/internal.py | 21 - 36 files changed, 4 insertions(+), 2972 deletions(-) delete mode 100644 install/tools/ipa-compliance delete mode 100644 install/tools/man/ipa-compliance.1 delete mode 100644 install/ui/images/entitle-consume.png delete mode 100644 install/ui/images/entitle-import.png delete mode 100644 install/ui/images/entitle-register.png delete mode 100644 install/ui/src/freeipa/entitle.js delete mode 100644 install/ui/test/data/entitle_consume.json delete mode 100644 install/ui/test/data/entitle_find_offline.json delete mode 100644 install/ui/test/data/entitle_find_online.json delete mode 100644 install/ui/test/data/entitle_get.json delete mode 100644 install/ui/test/data/entitle_import.json delete mode 100644 install/ui/test/data/entitle_register.json delete mode 100644 install/ui/test/data/entitle_status_offline.json delete mode 100644 install/ui/test/data/entitle_status_online.json delete mode 100644 install/ui/test/data/entitle_status_unregistered.json delete mode 100644 ipa-compliance.cron delete mode 100644 ipalib/plugins/entitle.py diff --git a/API.txt b/API.txt index bbffbd4b3..067955ef7 100644 --- a/API.txt +++ b/API.txt @@ -1191,71 +1191,6 @@ option: Str('version?', exclude='webui') output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('summary', (, ), None) output: Output('value', , None) -command: entitle_consume -args: 1,4,3 -arg: Int('quantity', minvalue=1) -option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') -option: Int('hidden', autofill=True, default=1, minvalue=1) -option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') -option: Str('version?', exclude='webui') -output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) -output: Output('summary', (, ), None) -output: Output('value', , None) -command: entitle_find -args: 1,5,4 -arg: Str('criteria?', noextrawhitespace=False) -option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') -option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') -option: Int('sizelimit?', autofill=False, minvalue=0) -option: Int('timelimit?', autofill=False, minvalue=0) -option: Str('version?', exclude='webui') -output: Output('count', , None) -output: ListOfEntries('result', (, ), Gettext('A list of LDAP entries', domain='ipa', localedir=None)) -output: Output('summary', (, ), None) -output: Output('truncated', , None) -command: entitle_get -args: 0,3,4 -option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') -option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') -option: Str('version?', exclude='webui') -output: Output('count', , None) -output: ListOfEntries('result', (, ), Gettext('A list of LDAP entries', domain='ipa', localedir=None)) -output: Output('summary', (, ), None) -output: Output('truncated', , None) -command: entitle_import -args: 1,4,1 -arg: File('usercertificate*', cli_name='certificate_file') -option: Str('addattr*', cli_name='addattr', exclude='webui') -option: Str('setattr*', cli_name='setattr', exclude='webui') -option: Str('uuid?', autofill=True, default=u'IMPORTED') -option: Str('version?', exclude='webui') -output: Output('result', , None) -command: entitle_register -args: 1,7,3 -arg: Str('username') -option: Str('addattr*', cli_name='addattr', exclude='webui') -option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') -option: Str('ipaentitlementid?') -option: Password('password', confirm=False) -option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') -option: Str('setattr*', cli_name='setattr', exclude='webui') -option: Str('version?', exclude='webui') -output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) -output: Output('summary', (, ), None) -output: Output('value', , None) -command: entitle_status -args: 0,1,1 -option: Str('version?', exclude='webui') -output: Output('result', , None) -command: entitle_sync -args: 0,4,3 -option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') -option: Int('hidden', autofill=True, default=1, minvalue=1) -option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') -option: Str('version?', exclude='webui') -output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) -output: Output('summary', (, ), None) -output: Output('value', , None) command: env args: 1,3,4 arg: Str('variables*') diff --git a/freeipa.spec.in b/freeipa.spec.in index 239811ac2..fcbad3e97 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -446,7 +446,6 @@ mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa-client/sysrestore mkdir -p %{buildroot}%{_sysconfdir}/bash_completion.d install -pm 644 contrib/completion/ipa.bash_completion %{buildroot}%{_sysconfdir}/bash_completion.d/ipa mkdir -p %{buildroot}%{_sysconfdir}/cron.d -install -pm 644 ipa-compliance.cron %{buildroot}%{_sysconfdir}/cron.d/ipa-compliance (cd %{buildroot}/%{python_sitelib}/ipaserver && find . -type f | \ grep -v dcerpc | grep -v adtrustinstance | \ @@ -597,10 +596,8 @@ fi %{_sbindir}/ipa-managed-entries %{_sbindir}/ipactl %{_sbindir}/ipa-upgradeconfig -%{_sbindir}/ipa-compliance %{_libexecdir}/certmonger/dogtag-ipa-retrieve-agent-submit %{_libexecdir}/ipa-otpd -%{_sysconfdir}/cron.d/ipa-compliance %config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached %dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/ %dir %attr(0700,root,root) %{_localstatedir}/run/ipa/ @@ -727,7 +724,6 @@ fi %{_mandir}/man1/ipa-ldap-updater.1.gz %{_mandir}/man8/ipactl.8.gz %{_mandir}/man8/ipa-upgradeconfig.8.gz -%{_mandir}/man1/ipa-compliance.1.gz %{_mandir}/man1/ipa-backup.1.gz %{_mandir}/man1/ipa-restore.1.gz diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index 014f7a55b..f603ad5ce 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -125,12 +125,6 @@ objectClass: nsContainer objectClass: top cn: sysaccounts -dn: cn=entitlements,cn=etc,$SUFFIX -changetype: add -objectClass: nsContainer -objectClass: top -cn: entitlements - dn: cn=ipa,cn=etc,$SUFFIX changetype: add objectClass: nsContainer diff --git a/install/share/delegation.ldif b/install/share/delegation.ldif index 14069586c..7fe303082 100644 --- a/install/share/delegation.ldif +++ b/install/share/delegation.ldif @@ -37,23 +37,6 @@ objectClass: nestedgroup cn: helpdesk description: Helpdesk -dn: cn=Entitlement Management,cn=roles,cn=accounts,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: nestedgroup -cn: Entitlement Management -description: Entitlements administrator - -dn: cn=Entitlement Compliance,cn=roles,cn=accounts,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: nestedgroup -cn: Entitlement Compliance -description: Verify entitlement compliance -member: fqdn=$FQDN,cn=computers,cn=accounts,$SUFFIX - ############################################ # Add the default privileges ############################################ @@ -146,26 +129,6 @@ objectClass: nestedgroup cn: Host Enrollment description: Host Enrollment -dn: cn=Register and Write Entitlements,cn=privileges,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: nestedgroup -cn: Register and Write Entitlements -description: Register and Write Entitlements -member: cn=Entitlement Management,cn=roles,cn=accounts,$SUFFIX - -dn: cn=Read Entitlements,cn=privileges,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: nestedgroup -cn: Read Entitlements -description: Read Entitlements -member: cn=Entitlement Management,cn=roles,cn=accounts,$SUFFIX -member: cn=Entitlement Compliance,cn=roles,cn=accounts,$SUFFIX - - ############################################ # Default permissions. ############################################ @@ -554,32 +517,6 @@ cn: Modify DNA Range ipapermissiontype: SYSTEM member: cn=Replication Administrators,cn=privileges,cn=pbac,$SUFFIX -# Entitlement management - -dn: cn=Register Entitlements,cn=permissions,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: ipapermission -cn: Register Entitlements -member: cn=Register and Write Entitlements,cn=privileges,cn=pbac,$SUFFIX - -dn: cn=Read Entitlements,cn=permissions,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: ipapermission -cn: Read Entitlements -member: cn=Read Entitlements,cn=privileges,cn=pbac,$SUFFIX - -dn: cn=Write Entitlements,cn=permissions,cn=pbac,$SUFFIX -changetype: add -objectClass: top -objectClass: groupofnames -objectClass: ipapermission -cn: Write Entitlements -member: cn=Register and Write Entitlements,cn=privileges,cn=pbac,$SUFFIX - ############################################ # Default permissions (ACIs) ############################################ @@ -701,23 +638,6 @@ changetype: modify add: aci aci: (targetattr = "objectclass")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Enroll a host";allow (write) groupdn = "ldap:///cn=Enroll a host,cn=permissions,cn=pbac,$SUFFIX";) -# Entitlement administration - -dn: $SUFFIX -changetype: modify -add: aci -aci: (target = "ldap:///ipaentitlementid=*,cn=entitlements,cn=etc,$SUFFIX")(version 3.0;acl "permission:Register Entitlements";allow (add) groupdn = "ldap:///cn=Register Entitlements,cn=permissions,cn=pbac,$SUFFIX";) - -dn: $SUFFIX -changetype: modify -add: aci -aci: (targetattr = "usercertificate")(target = "ldap:///ipaentitlement=*,cn=entitlements,cn=etc,$SUFFIX")(version 3.0;acl "permission:Write Entitlements";allow (write) groupdn = "ldap:///cn=Write Entitlements,cn=permissions,cn=pbac,$SUFFIX";) - -dn: $SUFFIX -changetype: modify -add: aci -aci: (targetattr = "userpkcs12")(target = "ldap:///ipaentitlementid=*,cn=entitlements,cn=etc,$SUFFIX")(version 3.0;acl "permission:Read Entitlements";allow (read) groupdn = "ldap:///cn=Read Entitlements,cn=permissions,cn=pbac,$SUFFIX";) - # Create virtual operations entry. This is used to control access to # operations that don't rely on LDAP directly. dn: cn=virtual operations,cn=etc,$SUFFIX diff --git a/install/tools/Makefile.am b/install/tools/Makefile.am index 7c553116c..659ce0a87 100644 --- a/install/tools/Makefile.am +++ b/install/tools/Makefile.am @@ -21,7 +21,6 @@ sbin_SCRIPTS = \ ipa-managed-entries \ ipa-ldap-updater \ ipa-upgradeconfig \ - ipa-compliance \ ipa-backup \ ipa-restore \ $(NULL) diff --git a/install/tools/ipa-compliance b/install/tools/ipa-compliance deleted file mode 100644 index 9b34350b4..000000000 --- a/install/tools/ipa-compliance +++ /dev/null @@ -1,201 +0,0 @@ -#!/usr/bin/env python -# -# Authors: -# Rob Crittenden -# -# Copyright (C) 2010 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# An LDAP client to count entitlements and log to syslog if the number is -# exceeded. - -try: - import sys - import os - import syslog - import tempfile - import krbV - import base64 - import shutil - - from rhsm.certificate import EntitlementCertificate - - from ipaserver.plugins.ldap2 import ldap2 - from ipalib import api, errors, backend - from ipaserver.install import installutils - from ipapython.dn import DN -except ImportError, e: - # If python-rhsm isn't installed exit gracefully and quietly. - if e.args[0] == 'No module named rhsm.certificate': - sys.exit(0) - print >> sys.stderr, """\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % sys.exc_value - sys.exit(1) - -# Each IPA server comes with this many entitlements -DEFAULT_ENTITLEMENTS = 25 - -class client(backend.Executioner): - """ - A simple-minded IPA client that can execute remote commands. - """ - - def run(self, method, **kw): - self.create_context() - result = self.execute(method, **kw) - return result - -def parse_options(): - from optparse import OptionParser - - parser = OptionParser() - parser.add_option("--debug", dest="debug", action="store_true", - default=False, help="enable debugging") - - options, args = parser.parse_args() - return options, args - -def check_compliance(tmpdir, debug=False): - cfg = dict( - context='cli', - in_server=False, - debug=debug, - verbose=0, - ) - - api.bootstrap(**cfg) - api.register(client) - api.finalize() - from ipalib.x509 import normalize_certificate, make_pem - - try: - # Create a new credentials cache for this tool. This executes - # using the systems host principal. - ccache_file = 'FILE:%s/ccache' % tmpdir - krbcontext = krbV.default_context() - principal = str('host/%s@%s' % (api.env.host, api.env.realm)) - keytab = krbV.Keytab(name='/etc/krb5.keytab', context=krbcontext) - principal = krbV.Principal(name=principal, context=krbcontext) - os.environ['KRB5CCNAME'] = ccache_file - ccache = krbV.CCache(name=ccache_file, context=krbcontext, primary_principal=principal) - ccache.init(principal) - ccache.init_creds_keytab(keytab=keytab, principal=principal) - except krbV.Krb5Error, e: - raise StandardError('Error initializing principal %s in %s: %s' % (principal.name, '/etc/krb5.keytab', str(e))) - - # entitle-sync doesn't return any information we want to see, it just - # needs to be done so the LDAP data is correct. - try: - result = api.Backend.client.run('entitle_sync') - except errors.NotRegisteredError: - # Even if not registered they have some default entitlements - pass - - conn = ldap2(shared_instance=False) - - # Bind using GSSAPI - conn.connect(ccache=ccache_file) - - hostcount = 0 - # Get the hosts first - try: - (entries, truncated) = conn.find_entries('(krblastpwdchange=*)', [], - DN(api.env.container_host, api.env.basedn), - conn.SCOPE_ONELEVEL, - size_limit = -1) - except errors.NotFound: - # No hosts - pass - - if not truncated: - hostcount = len(entries) - else: - # This will not happen unless we bump into a server-side limit. - msg = 'The host count result was truncated, they will be underreported' - syslog.syslog(syslog.LOG_ERR, msg) - if sys.stdin.isatty(): - print msg - - available = 0 - try: - (entries, truncated) = conn.find_entries('(objectclass=ipaentitlement)', - ['userCertificate'], - DN(api.env.container_entitlements, api.env.basedn), - conn.SCOPE_ONELEVEL, - size_limit = -1) - - for entry in entries: - (dn, attrs) = entry - if 'usercertificate' in attrs: - rawcert = attrs['usercertificate'][0] - rawcert = normalize_certificate(rawcert) - cert = make_pem(base64.b64encode(rawcert)) - cert = EntitlementCertificate(cert) - order = cert.getOrder() - available += int(order.getQuantityUsed()) - except errors.NotFound: - pass - - conn.disconnect() - - available += DEFAULT_ENTITLEMENTS - - if hostcount > available: - syslog.syslog(syslog.LOG_ERR, 'IPA is out of compliance: %d of %d entitlements used.' % (hostcount, available)) - if sys.stdin.isatty(): - print 'IPA is out of compliance: %d of %d entitlements used.' % (hostcount, available) - else: - if sys.stdin.isatty(): - # If run from the command-line display some info - print 'IPA is in compliance: %d of %d entitlements used.' % (hostcount, available) - -def main(): - installutils.check_server_configuration() - - if not os.path.exists('/etc/ipa/default.conf'): - return 0 - - options, args = parse_options() - - try: - tmpdir = tempfile.mkdtemp(prefix = "tmp-") - try: - check_compliance(tmpdir, options.debug) - finally: - shutil.rmtree(tmpdir) - except KeyboardInterrupt: - return 1 - except (StandardError, errors.PublicError), e: - syslog.syslog(syslog.LOG_ERR, 'IPA compliance checking failed: %s' % str(e)) - if sys.stdin.isatty(): - print 'IPA compliance checking failed: %s' % str(e) - return 1 - - return 0 - -try: - if not os.geteuid()==0: - sys.exit("\nMust be root to check compliance\n") - - main() -except SystemExit, e: - sys.exit(e) -except RuntimeError, e: - sys.exit(e) diff --git a/install/tools/man/Makefile.am b/install/tools/man/Makefile.am index a1bf076bf..b16d2b5c7 100644 --- a/install/tools/man/Makefile.am +++ b/install/tools/man/Makefile.am @@ -19,7 +19,6 @@ man1_MANS = \ ipa-compat-manage.1 \ ipa-nis-manage.1 \ ipa-managed-entries.1 \ - ipa-compliance.1 \ ipa-backup.1 \ ipa-restore.1 \ $(NULL) diff --git a/install/tools/man/ipa-compliance.1 b/install/tools/man/ipa-compliance.1 deleted file mode 100644 index 4f8a6191d..000000000 --- a/install/tools/man/ipa-compliance.1 +++ /dev/null @@ -1,45 +0,0 @@ -.\" A man page for ipa-compliance -.\" Copyright (C) 2010 Red Hat, Inc. -.\" -.\" This is free software; you can redistribute it and/or modify it under -.\" the terms of the GNU Library General Public License as published by -.\" the Free Software Foundation; version 2 only -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU Library General Public -.\" License along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" Author: Rob Crittenden -.\" -.TH "ipa-compliance" "1" "Dec 14 2010" "FreeIPA" "FreeIPA Manual Pages" -.SH "NAME" -ipa\-compliance \- Check entitlement compliance -.SH "SYNOPSIS" -ipa\-compliance [\fIOPTION\fR] -.SH "DESCRIPTION" -Verify that the IPA installation is in compliance with the number of client entitlements it has. - -Entitlements are managed using the ipa entitle command. - -An enrolled host is an machine that has a host keytab in the IPA system. - -The entitlements take the form of x509v3 certificates. The certificates are examined and the quantities summed. This is compared to the number of enrolled hosts to determine compliance. - -The command logs to syslog and if run from a tty will log to the terminal as well. - -The IPA server provides 25 entitlements of its own. -.SH "OPTIONS" -.TP -\fB\-\-debug\fR -Enable debugging output in the command -.SH "EXIT STATUS" -0 if the command was successful - -1 if an error occurred -.SH "NOTES" -Entitlements are not checked if the python\-rhsm package is not installed. diff --git a/install/ui/images/Makefile.am b/install/ui/images/Makefile.am index 06e2cd73f..ea9b712b1 100644 --- a/install/ui/images/Makefile.am +++ b/install/ui/images/Makefile.am @@ -12,9 +12,6 @@ app_DATA = \ centered-background.png \ check-icon.png \ combobox-open.png \ - entitle-consume.png \ - entitle-import.png \ - entitle-register.png \ facet-tab-off.png \ facet-tab-on.png \ firefox-icon.png \ diff --git a/install/ui/images/entitle-consume.png b/install/ui/images/entitle-consume.png deleted file mode 100644 index e643e1062..000000000 Binary files a/install/ui/images/entitle-consume.png and /dev/null differ diff --git a/install/ui/images/entitle-import.png b/install/ui/images/entitle-import.png deleted file mode 100644 index 261e3297d..000000000 Binary files a/install/ui/images/entitle-import.png and /dev/null differ diff --git a/install/ui/images/entitle-register.png b/install/ui/images/entitle-register.png deleted file mode 100644 index 4a4608724..000000000 Binary files a/install/ui/images/entitle-register.png and /dev/null differ diff --git a/install/ui/ipa.css b/install/ui/ipa.css index 5c141bc13..8ef0a5096 100644 --- a/install/ui/ipa.css +++ b/install/ui/ipa.css @@ -179,21 +179,6 @@ body { margin: -4px 0 0 1px; } -.register-icon { - background: url(images/entitle-register.png); - margin: -4px 0 0 1px; -} - -.import-icon { - background: url(images/entitle-import.png); - margin: -4px 0 0 1px; -} - -.consume-icon { - background: url(images/entitle-consume.png); - margin: -4px 0 0 1px; -} - .ipa-icon { font-size: 0.7em; padding-right: 0.3em; diff --git a/install/ui/src/freeipa/entitle.js b/install/ui/src/freeipa/entitle.js deleted file mode 100644 index 1a60d6500..000000000 --- a/install/ui/src/freeipa/entitle.js +++ /dev/null @@ -1,770 +0,0 @@ -/* Authors: - * Endi S. Dewata - * - * Copyright (C) 2010 Red Hat - * see file 'COPYING' for use and warranty information - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -define([ - './ipa', - './jquery', - './phases', - './reg', - './text', - './details', - './search', - './add', - './facet', - './entity', - './field', - './widget'], - function(IPA, $, phases, reg, text) { - -var exp = IPA.entitle = {}; - -IPA.entitle.unregistered = 'unregistered'; -IPA.entitle.online = 'online'; -IPA.entitle.offline = 'offline'; - - -var make_spec = function() { -return { - name: 'entitle', - facet_groups: [ 'account', 'certificates' ], - facets: [ - { - $type: 'details', - $factory: IPA.entitle.details_facet, - label: '@i18n:objects.entitle.account', - facet_group: 'account', - sections: [ - { - name: 'general', - label: '@i18n:details.general', - fields: [ - { - name: 'uuid', - label: '@mc-opt:entitle_register:ipaentitlementid:label', - read_only: true - }, - { - $factory: IPA.entitle.download_widget, - name: 'certificate', - label: '@i18n:objects.entitle.certificate' - } - ] - }, - { - name: 'status', - label: '@i18n:objects.entitle.status', - fields: [ - { - name: 'product', - label: '@i18n:objects.entitle.product', - read_only: true - }, - { - name: 'quantity', - label: '@mc-arg:entitle_consume:quantity:label', - read_only: true - }, - { - name: 'consumed', - label: '@i18n:objects.entitle.consumed', - read_only: true - } - ] - } - ] - }, - { - $factory: IPA.entitle.certificates_facet, - name: 'certificates', - label: '@i18n:objects.entitle.certificates', - facet_group: 'certificates', - columns: [ - { - name: 'product', - label: '@i18n:objects.entitle.product' - }, - { - name: 'quantity', - label: '@mc-arg:entitle_consume:quantity:label' - }, - { - name: 'start', - label: '@i18n:objects.entitle.start' - }, - { - name: 'end', - label: '@i18n:objects.entitle.end' - }, - { - $factory: IPA.entitle.certificate_column, - name: 'certificate', - label: '@i18n:objects.entitle.certificate' - } - ] - } - ], - standard_association_facets: true, - dialogs: [ - { - $factory: IPA.entitle.register_online_dialog, - name: 'online_registration', - title: '@i18n:objects.entitle.registration', - fields: [ - { - name: 'username', - label: '@mc-arg:entitle_register:username:label' - }, - { - name: 'password', - label: '@mc-opt:entitle_register:password:label', - $type: 'password' - } -/* currently not supported - , { - name: 'ipaentitlementid', - label: '@mc-opt:entitle_register:ipaentitlementid:label' - } -*/ - ] - }, - { - $factory: IPA.entitle.register_offline_dialog, - name: 'offline_registration', - title: '@i18n:objects.entitle.import_certificate', - message: '@i18n:objects.entitle.import_message', - fields: [ - { - name: 'certificate', - label: '@i18n:objects.entitle.certificate' - } - ] - }, - { - $factory: IPA.entitle.consume_dialog, - name: 'consume', - title: '@i18n:objects.entitle.consume_entitlement', - fields: [ - { - name: 'quantity', - label: '@mc-arg:entitle_consume:quantity:label', - metadata: '@mc-arg:entitle_consume:quantity' - } - ] - }, - { - $factory: IPA.entitle.import_dialog, - name: 'import', - title: '@i18n:objects.entitle.import_certificate', - message: '@i18n:objects.entitle.import_message', - fields: [ - { - name: 'certificate', - label: '@i18n:objects.entitle.certificate' - } - ] - } - ] -};}; - -IPA.entitle.entity = function(spec) { - - spec = spec || {}; - - var that = IPA.entity(spec); - - that.status = spec.status || IPA.entitle.unregistered; - - that.get_accounts = function(on_success, on_error) { - - var command = IPA.command({ - name: 'entitle_find_'+that.status, - entity: 'entitle', - method: 'find', - options: { all: true }, - on_success: on_success, - on_error: on_error - }); - - command.execute(); - }; - - that.get_status = function(on_success, on_error) { - - var command = IPA.command({ - name: 'entitle_status_'+that.status, - entity: 'entitle', - method: 'status', - on_success: function(data, text_status, xhr) { - if (data.result.result.uuid == 'IMPORTED') { - that.status = IPA.entitle.offline; - } else { - that.status = IPA.entitle.online; - } - - if (on_success) { - on_success.call(this, data, text_status, xhr); - } - }, - on_error: function(xhr, text_status, error_thrown) { - that.status = IPA.entitle.unregistered; - - if (on_error) { - on_error.call(this, xhr, text_status, error_thrown); - } - }, - retry: false - }); - - command.execute(); - }; - - that.get_certificates = function(on_success, on_error) { - - var command = IPA.command({ - entity: 'entitle', - method: 'get', - on_success: on_success, - on_error: on_error, - retry: false - }); - - command.execute(); - }; - - that.register_online = function(username, password, ipaentitlementid, on_success, on_error) { - - var command = IPA.command({ - entity: 'entitle', - method: 'register', - args: [ username ], - options: { - password: password - }, - on_success: function(data, text_status, xhr) { - that.status = IPA.entitle.online; - if (on_success) { - on_success.call(this, data, text_status, xhr); - } - }, - on_error: on_error - }); - - if (ipaentitlementid) { - command.set_option('ipaentitlementid', ipaentitlementid); - } - - command.execute(); - }; - - that.register_offline = function(certificate, on_success, on_error) { - - var command = IPA.command({ - entity: 'entitle', - method: 'import', - args: [ certificate ], - on_success: function(data, text_status, xhr) { - that.status = IPA.entitle.offline; - if (on_success) { - on_success.call(this, data, text_status, xhr); - } - }, - on_error: on_error - }); - - command.execute(); - }; - - that.consume = function(quantity, on_success, on_error) { - - var command = IPA.command({ - entity: 'entitle', - method: 'consume', - args: [ quantity ], - on_success: on_success, - on_error: on_error - }); - - command.execute(); - }; - - that.import_certificate = function(certificate, on_success, on_error) { - - var command = IPA.command({ - entity: 'entitle', - method: 'import', - args: [ certificate ], - on_success: function(data, text_status, xhr) { - that.status = IPA.entitle.offline; - if (on_success) { - on_success.call(this, data, text_status, xhr); - } - }, - on_error: on_error - }); - - command.execute(); - }; - - return that; -}; - -IPA.entitle.details_facet = function(spec) { - - spec = spec || {}; - spec.disable_breadcrumb = true; - - var that = IPA.details_facet(spec); - - that.create_controls = function() { - - that.register_buttons = $('', { - name: 'register_buttons' - }).appendTo(that.controls); - - that.register_online_button = IPA.action_button({ - name: 'register', - label: '@i18n:objects.entitle.register', - icon: 'register-icon', - click: function() { - var dialog = that.entity.get_dialog('online_registration'); - dialog.open(that.container); - return false; - } - }).appendTo(that.register_buttons); - - that.register_online_button.css('display', 'none'); -/* - that.register_offline_button = IPA.action_button({ - name: 'import', - label: '@i18n:objects.entitle.import', - icon: 'import-icon', - click: function() { - var dialog = that.entity.get_dialog('offline_registration'); - dialog.open(that.container); - return false; - } - }).appendTo(that.register_buttons); - - that.register_offline_button.css('display', 'none'); -*/ - }; - - that.refresh = function() { - - var summary = $('span[name=summary]', that.container).empty(); - summary.append(text.get('@i18n:objects.entitle.loading')); - - function on_success(data, text_status, xhr) { - if (that.entity.status == IPA.entitle.unregistered) { - that.register_online_button.css('display', 'inline'); - // that.register_offline_button.css('display', 'inline'); - - } else { - that.register_online_button.css('display', 'none'); - // that.register_offline_button.css('display', 'none'); - } - - that.load(data); - - summary.empty(); - } - - function on_error(xhr, text_status, error_thrown) { - - that.register_online_button.css('display', 'inline'); - // that.register_offline_button.css('display', 'inline'); - - var data = {}; - data.result = {}; - data.result.result = { - uuid: '', - product: '', - quantity: 0, - consumed: 0 - }; - that.load(data); - - summary.empty(); - summary.append(error_thrown.name+': '+error_thrown.message); - } - - that.entity.get_status( - on_success, - on_error); - }; - - return that; -}; - -IPA.entitle.certificates_facet = function(spec) { - - spec = spec || {}; - spec.disable_facet_tabs = false; - spec.selectable = false; - - var that = IPA.table_facet(spec); - - var init = function() { - that.init_table(that.entity); - }; - - that.create_header = function(container) { - - that.facet_create_header(container); - - that.consume_buttons = $('', { - name: 'consume_buttons' - }).appendTo(that.controls); - - that.consume_button = IPA.action_button({ - name: 'consume', - label: '@i18n:objects.entitle.consume', - icon: 'consume-icon', - click: function() { - var dialog = that.entity.get_dialog('consume'); - dialog.open(that.container); - return false; - } - }).appendTo(that.consume_buttons); - - that.consume_button.css('display', 'none'); - - that.import_button = IPA.action_button({ - name: 'import', - label: '@i18n:objects.entitle.import_button', - icon: 'import-icon', - click: function() { - var dialog = that.entity.get_dialog('import'); - dialog.open(that.container); - return false; - } - }).appendTo(that.consume_buttons); - - that.import_button.css('display', 'none'); - }; - - that.refresh = function() { - - function on_success(data, text_status, xhr) { - - if (that.entity.status == IPA.entitle.online) { - that.consume_button.css('display', 'inline'); - that.import_button.css('display', 'none'); - - } else if (that.entity.status == IPA.entitle.offline) { - that.consume_button.css('display', 'none'); - that.import_button.css('display', 'inline'); - - } else { - that.consume_button.css('display', 'none'); - that.import_button.css('display', 'inline'); - } - - that.load(data); - } - - function on_error(xhr, text_status, error_thrown) { - - that.consume_button.css('display', 'none'); - that.import_button.css('display', 'inline'); - - that.table.summary.text(error_thrown.name+': '+error_thrown.message); - } - - that.entity.get_status( - function(data, text_status, xhr) { - that.entity.get_certificates( - on_success, - on_error); - }, - on_error); - }; - - init(); - - return that; -}; - -IPA.entitle.certificate_column = function(spec) { - - spec = spec || {}; - - var that = IPA.column(spec); - - that.setup = function(container, record) { - - container.empty(); - - var certificate = record[that.name]; - - $('', { - href: '#download', - html: text.get('@i18n:objects.entitle.download'), - click: function() { - var dialog = IPA.cert.download_dialog({ - title: '@i18n:objects.entitle.download_certificate', - certificate: certificate - }); - dialog.open(); - return false; - } - }).appendTo(container); - }; - - return that; -}; - -IPA.entitle.certificate_dialog = function(spec) { - - spec = spec || {}; - - var that = IPA.dialog(spec); - - that.width = spec.width || 500; - that.height = spec.height || 400; - that.message = text.get(spec.message); - that.label = text.get(spec.label); - - that.get_certificate = function() { - var certificate = that.textarea.val(); - return IPA.cert.BEGIN_CERTIFICATE+'\n'+ - $.trim(certificate)+'\n'+ - IPA.cert.END_CERTIFICATE+'\n'; - }; - - that.create = function() { - that.container.append(that.message); - that.container.append('
'); - that.container.append('
'); - - that.container.append(IPA.cert.BEGIN_CERTIFICATE); - that.container.append('
'); - - that.textarea = $('