From d8c479731e6f985f4c4be1e1e4fee858e9eae901 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 28 Jul 2011 18:46:22 -0400
Subject: Deprecated managing users and runas user/group in sudorule add/mod

We have helpers to manage these values so they shouldn't be available
via add/mod. There is no logic behind them to do the right thing.

https://fedorahosted.org/freeipa/ticket/1307
https://fedorahosted.org/freeipa/ticket/1320
---
 API.txt                    | 18 +++++++++---------
 ipalib/plugins/sudorule.py | 24 ++++++++++++++++++------
 2 files changed, 27 insertions(+), 15 deletions(-)

diff --git a/API.txt b/API.txt
index 5c4a7fe93..d78e3529c 100644
--- a/API.txt
+++ b/API.txt
@@ -2384,9 +2384,9 @@ option: StrEnum('hostcategory', attribute=True, cli_name='hostcat', label=Gettex
 option: StrEnum('cmdcategory', attribute=True, cli_name='cmdcat', label=Gettext('Command category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',))
 option: StrEnum('ipasudorunasusercategory', attribute=True, cli_name='runasusercat', label=Gettext('RunAs User category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',))
 option: StrEnum('ipasudorunasgroupcategory', attribute=True, cli_name='runasgroupcat', label=Gettext('RunAs Group category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',))
-option: Str('externaluser', attribute=True, cli_name='externaluser', label=Gettext('External User', domain='ipa', localedir=None), multivalue=False, required=False)
-option: Str('ipasudorunasextuser', attribute=True, cli_name='runasexternaluser', label=Gettext('RunAs External User', domain='ipa', localedir=None), multivalue=False, required=False)
-option: Str('ipasudorunasextgroup', attribute=True, cli_name='runasexternalgroup', label=Gettext('RunAs External Group', domain='ipa', localedir=None), multivalue=False, required=False)
+option: Str('externaluser', validate_externaluser, attribute=True, cli_name='externaluser', label=Gettext('External User', domain='ipa', localedir=None), multivalue=False, required=False)
+option: Str('ipasudorunasextuser', validate_runasextuser, attribute=True, cli_name='runasexternaluser', label=Gettext('RunAs External User', domain='ipa', localedir=None), multivalue=False, required=False)
+option: Str('ipasudorunasextgroup', validate_runasextgroup, attribute=True, cli_name='runasexternalgroup', label=Gettext('RunAs External Group', domain='ipa', localedir=None), multivalue=False, required=False)
 option: Str('addattr*', validate_add_attribute, cli_name='addattr', exclude='webui')
 option: Str('setattr*', validate_set_attribute, cli_name='setattr', exclude='webui')
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', flags=['no_output'])
@@ -2490,9 +2490,9 @@ option: StrEnum('hostcategory', attribute=True, autofill=False, cli_name='hostca
 option: StrEnum('cmdcategory', attribute=True, autofill=False, cli_name='cmdcat', label=Gettext('Command category', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'all',))
 option: StrEnum('ipasudorunasusercategory', attribute=True, autofill=False, cli_name='runasusercat', label=Gettext('RunAs User category', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'all',))
 option: StrEnum('ipasudorunasgroupcategory', attribute=True, autofill=False, cli_name='runasgroupcat', label=Gettext('RunAs Group category', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'all',))
-option: Str('externaluser', attribute=True, autofill=False, cli_name='externaluser', label=Gettext('External User', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
-option: Str('ipasudorunasextuser', attribute=True, autofill=False, cli_name='runasexternaluser', label=Gettext('RunAs External User', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
-option: Str('ipasudorunasextgroup', attribute=True, autofill=False, cli_name='runasexternalgroup', label=Gettext('RunAs External Group', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
+option: Str('externaluser', validate_externaluser, attribute=True, autofill=False, cli_name='externaluser', label=Gettext('External User', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
+option: Str('ipasudorunasextuser', validate_runasextuser, attribute=True, autofill=False, cli_name='runasexternaluser', label=Gettext('RunAs External User', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
+option: Str('ipasudorunasextgroup', validate_runasextgroup, attribute=True, autofill=False, cli_name='runasexternalgroup', label=Gettext('RunAs External Group', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
 option: Int('timelimit?', autofill=False, flags=['no_display'], label=Gettext('Time Limit', domain='ipa', localedir=None), minvalue=0)
 option: Int('sizelimit?', autofill=False, flags=['no_display'], label=Gettext('Size Limit', domain='ipa', localedir=None), minvalue=0)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', flags=['no_output'])
@@ -2511,9 +2511,9 @@ option: StrEnum('hostcategory', attribute=True, autofill=False, cli_name='hostca
 option: StrEnum('cmdcategory', attribute=True, autofill=False, cli_name='cmdcat', label=Gettext('Command category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',))
 option: StrEnum('ipasudorunasusercategory', attribute=True, autofill=False, cli_name='runasusercat', label=Gettext('RunAs User category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',))
 option: StrEnum('ipasudorunasgroupcategory', attribute=True, autofill=False, cli_name='runasgroupcat', label=Gettext('RunAs Group category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',))
-option: Str('externaluser', attribute=True, autofill=False, cli_name='externaluser', label=Gettext('External User', domain='ipa', localedir=None), multivalue=False, required=False)
-option: Str('ipasudorunasextuser', attribute=True, autofill=False, cli_name='runasexternaluser', label=Gettext('RunAs External User', domain='ipa', localedir=None), multivalue=False, required=False)
-option: Str('ipasudorunasextgroup', attribute=True, autofill=False, cli_name='runasexternalgroup', label=Gettext('RunAs External Group', domain='ipa', localedir=None), multivalue=False, required=False)
+option: Str('externaluser', validate_externaluser, attribute=True, autofill=False, cli_name='externaluser', label=Gettext('External User', domain='ipa', localedir=None), multivalue=False, required=False)
+option: Str('ipasudorunasextuser', validate_runasextuser, attribute=True, autofill=False, cli_name='runasexternaluser', label=Gettext('RunAs External User', domain='ipa', localedir=None), multivalue=False, required=False)
+option: Str('ipasudorunasextgroup', validate_runasextgroup, attribute=True, autofill=False, cli_name='runasexternalgroup', label=Gettext('RunAs External Group', domain='ipa', localedir=None), multivalue=False, required=False)
 option: Str('addattr*', validate_add_attribute, cli_name='addattr', exclude='webui')
 option: Str('setattr*', validate_set_attribute, cli_name='setattr', exclude='webui')
 option: Flag('rights', autofill=True, default=False, label=Gettext('Rights', domain='ipa', localedir=None))
diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py
index 8b415e72e..0c9a8c7e9 100644
--- a/ipalib/plugins/sudorule.py
+++ b/ipalib/plugins/sudorule.py
@@ -40,6 +40,18 @@ from ipalib import _, ngettext
 
 topic = ('sudo', 'Commands for controlling sudo configuration')
 
+def deprecated(attribute):
+    raise errors.ValidationError(name=attribute, error=_('this option has been deprecated.'))
+
+def validate_externaluser(ugettext, value):
+    deprecated('externaluser')
+
+def validate_runasextuser(ugettext, value):
+    deprecated('runasexternaluser')
+
+def validate_runasextgroup(ugettext, value):
+    deprecated('runasexternalgroup')
+
 class sudorule(LDAPObject):
     """
     Sudo Rule management
@@ -152,20 +164,20 @@ class sudorule(LDAPObject):
             label=_('RunAs Group'),
             flags=['no_create', 'no_update', 'no_search'],
         ),
-        Str('externaluser?',
+        Str('externaluser?', validate_externaluser,
             cli_name='externaluser',
             label=_('External User'),
-            doc=_('External User the rule applies to'),
+            doc=_('External User the rule applies to (sudorule-find only)'),
         ),
-        Str('ipasudorunasextuser?',
+        Str('ipasudorunasextuser?', validate_runasextuser,
             cli_name='runasexternaluser',
             label=_('RunAs External User'),
-            doc=_('External User the commands can run as'),
+            doc=_('External User the commands can run as (sudorule-find only)'),
         ),
-        Str('ipasudorunasextgroup?',
+        Str('ipasudorunasextgroup?', validate_runasextgroup,
             cli_name='runasexternalgroup',
             label=_('RunAs External Group'),
-            doc=_('External Group the commands can run as'),
+            doc=_('External Group the commands can run as (sudorule-find only)'),
         ),
     )
 
-- 
cgit