From 261a41b3d4e78f7563a4cc72ebd2b4db42fac3bf Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Tue, 13 Sep 2011 11:49:27 +0300
Subject: When external host is specified in HBAC rule, allow its use in
 simulation

https://fedorahosted.org/freeipa/ticket/1763

When external host is specified in HBAC rule, it needs to be added to
the set of source hosts this rule applies to. Add (list of external hosts)
explicitly when converting FreeIPA rules to PyHBAC objects.
---
 ipalib/plugins/hbactest.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'ipalib/plugins')

diff --git a/ipalib/plugins/hbactest.py b/ipalib/plugins/hbactest.py
index 5fce2e5fb..43151e340 100644
--- a/ipalib/plugins/hbactest.py
+++ b/ipalib/plugins/hbactest.py
@@ -131,7 +131,8 @@ def convert_to_ipa_rule(rule):
     ipa_rule = pyhbac.HbacRule(rule['cn'][0])
     ipa_rule.enabled = rule['ipaenabledflag'][0]
     # Following code attempts to process rule systematically
-    structure = (('user',       'memberuser',    'user',    'group',        ipa_rule.users),
+    structure = \
+        (('user',       'memberuser',    'user',    'group',        ipa_rule.users),
          ('host',       'memberhost',    'host',    'hostgroup',    ipa_rule.targethosts),
          ('sourcehost', 'sourcehost',    'host',    'hostgroup',    ipa_rule.srchosts),
          ('service',    'memberservice', 'hbacsvc', 'hbacsvcgroup', ipa_rule.services),
@@ -151,6 +152,8 @@ def convert_to_ipa_rule(rule):
             attr_name = '%s_%s' % (element[1], element[3])
             if attr_name in rule:
                 element[4].groups = rule[attr_name]
+    if 'externalhost' in rule:
+            ipa_rule.srchosts.names.extend(rule['externalhost'])
     return ipa_rule
 
 
-- 
cgit