From d57dfc4e980ecb26cfdb608d90a5f95c26cc7fbb Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 23 Feb 2011 17:49:09 -0500
Subject: Sudo command groups are not supposed to allow nesting.

It was a design decision to not allow nesting sudo command groups,
remove it.

ticket 1004
---
 API.txt                                       |  6 ++----
 ipalib/plugins/baseldap.py                    | 11 +----------
 ipalib/plugins/sudocmdgroup.py                |  6 ++----
 tests/test_xmlrpc/test_sudocmdgroup_plugin.py |  4 ----
 4 files changed, 5 insertions(+), 22 deletions(-)

diff --git a/API.txt b/API.txt
index 56cbb8b28..710ec37c7 100644
--- a/API.txt
+++ b/API.txt
@@ -2232,13 +2232,12 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user")
 command: sudocmdgroup_add_member
-args: 1,5,3
+args: 1,4,3
 arg: Str('cn', attribute=True, cli_name='sudocmdgroup_name', label=Gettext('Sudo Command Group', domain='ipa', localedir=None), multivalue=False, normalizer=<lambda>, primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', flags=['no_output'])
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui', flags=['no_output'])
 option: Str('version?', exclude='webui', flags=['no_option', 'no_output'])
 option: List('sudocmd?', alwaysask=True, cli_name='sudocmds',ist('sudocmd?', alwaysask=True, cli_name='sudocmds', doc='comma-separated list of sudocmds to add', label='sudocmd', multivalue=True)
-option: List('sudocmdgroup?', alwaysask=True, cli_name='sudocmdgroups',ist('sudocmdgroup?', alwaysask=True, cli_name='sudocmdgroups', doc='comma-separated list of sudocmdgroups to add', label='sudocmdgroup', multivalue=True)
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 output: Output('failed', <type 'dict'>, Gettext('Members that could not be added', domain='ipa', localedir=None))
 output: Output('completed', <type 'int'>, Gettext('Number of members added', domain='ipa', localedir=None))
@@ -2277,13 +2276,12 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user")
 command: sudocmdgroup_remove_member
-args: 1,5,3
+args: 1,4,3
 arg: Str('cn', attribute=True, cli_name='sudocmdgroup_name', label=Gettext('Sudo Command Group', domain='ipa', localedir=None), multivalue=False, normalizer=<lambda>, primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', flags=['no_output'])
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui', flags=['no_output'])
 option: Str('version?', exclude='webui', flags=['no_option', 'no_output'])
 option: List('sudocmd?', alwaysask=True, cli_name='sudocmds',ist('sudocmd?', alwaysask=True, cli_name='sudocmds', doc='comma-separated list of sudocmds to remove', label='sudocmd', multivalue=True)
-option: List('sudocmdgroup?', alwaysask=True, cli_name='sudocmdgroups',ist('sudocmdgroup?', alwaysask=True, cli_name='sudocmdgroups', doc='comma-separated list of sudocmdgroups to remove', label='sudocmdgroup', multivalue=True)
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 output: Output('failed', <type 'dict'>, Gettext('Members that could not be removed', domain='ipa', localedir=None))
 output: Output('completed', <type 'int'>, Gettext('Number of members removed', domain='ipa', localedir=None))
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 0581ea3ad..4441e7960 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -66,7 +66,7 @@ global_output_params = (
         label=_('Roles'),
     ),
     Str('memberof_sudocmdgroup?',
-        label=_('Sudo Command Groups'),
+        label=_('SUDO Command Groups'),
     ),
     Str('member_privilege?',
         label='Granted to Privilege',
@@ -95,9 +95,6 @@ global_output_params = (
     Str('memberof_hbacsvcgroup?',
         label='Member of HBAC service groups',
     ),
-    Str('member_sudocmdgroup?',
-        label='Member SUDO command groups',
-    ),
     Str('member_sudocmd?',
         label='Member SUDO commands',
     ),
@@ -128,12 +125,6 @@ global_output_params = (
     Str('memberindirect_netgroup?',
         label=_('Indirect Member netgroups'),
     ),
-    Str('memberindirect_sudocmdgroup?',
-        label='Indirect Member SUDO command groups',
-    ),
-    Str('memberindirect_sudocmd?',
-        label='Indirect Member SUDO commands',
-    ),
     Str('memberofindirect_group?',
         label='Indirect Member of group',
     ),
diff --git a/ipalib/plugins/sudocmdgroup.py b/ipalib/plugins/sudocmdgroup.py
index c13d54810..923b3c688 100644
--- a/ipalib/plugins/sudocmdgroup.py
+++ b/ipalib/plugins/sudocmdgroup.py
@@ -56,13 +56,11 @@ class sudocmdgroup(LDAPObject):
     object_name_plural = 'sudocmdgroups'
     object_class = ['ipaobject', 'ipasudocmdgrp']
     default_attributes = [
-        'cn', 'description', 'member', 'memberof', 'memberindirect',
+        'cn', 'description', 'member',
     ]
     uuid_attribute = 'ipauniqueid'
     attribute_members = {
-        'member': ['sudocmd', 'sudocmdgroup'],
-        'memberof': ['sudocmdgroup'],
-        'memberindirect': ['sudocmd', 'sudocmdgroup'],
+        'member': ['sudocmd'],
     }
 
     label = _('SUDO Command Groups')
diff --git a/tests/test_xmlrpc/test_sudocmdgroup_plugin.py b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py
index ad84ab631..28c589fc1 100644
--- a/tests/test_xmlrpc/test_sudocmdgroup_plugin.py
+++ b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py
@@ -360,7 +360,6 @@ class test_sudocmdgroup(Declarative):
                 completed=1,
                 failed=dict(
                     member=dict(
-                        sudocmdgroup=tuple(),
                         sudocmd=tuple(),
                     ),
                 ),
@@ -400,7 +399,6 @@ class test_sudocmdgroup(Declarative):
                 completed=0,
                 failed=dict(
                     member=dict(
-                        sudocmdgroup=tuple(),
                         sudocmd=[(u'notfound', u'no such entry')],
                     ),
                 ),
@@ -423,7 +421,6 @@ class test_sudocmdgroup(Declarative):
                 completed=1,
                 failed=dict(
                     member=dict(
-                        sudocmdgroup=tuple(),
                         sudocmd=tuple(),
                     ),
                 ),
@@ -446,7 +443,6 @@ class test_sudocmdgroup(Declarative):
                 completed=0,
                 failed=dict(
                     member=dict(
-                        sudocmdgroup=tuple(),
                         sudocmd=[(u'notfound', u'This entry is not a member')],
                     ),
                 ),
-- 
cgit