diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-10-04 17:45:40 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2010-10-28 15:15:52 -0400 |
commit | c25d62965af9dffc655d659dfcd1f39e8d08e66c (patch) | |
tree | 7b939938c863b67fd65253f45d9d486b58b92627 /ipalib | |
parent | 47629a604d7f312ccb32e6b260782cb7c5c70954 (diff) | |
download | freeipa-c25d62965af9dffc655d659dfcd1f39e8d08e66c.tar.gz freeipa-c25d62965af9dffc655d659dfcd1f39e8d08e66c.tar.xz freeipa-c25d62965af9dffc655d659dfcd1f39e8d08e66c.zip |
Populate indirect members when showing a group object.
This is done by creating a new attribute, memberindirect, to hold this
indirect membership.
The new function get_members() can return all members or just indirect or
direct. We are only using it to retrieve indirect members currently.
This also:
* Moves all member display attributes into baseldap.py to reduce duplication
* Adds netgroup nesting
* Use a unique object name in hbacsvc and hbacsvcgroup
ticket 296
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/baseldap.py | 108 | ||||
-rw-r--r-- | ipalib/plugins/group.py | 12 | ||||
-rw-r--r-- | ipalib/plugins/hbacsvc.py | 6 | ||||
-rw-r--r-- | ipalib/plugins/hbacsvcgroup.py | 21 | ||||
-rw-r--r-- | ipalib/plugins/host.py | 12 | ||||
-rw-r--r-- | ipalib/plugins/hostgroup.py | 17 | ||||
-rw-r--r-- | ipalib/plugins/netgroup.py | 32 | ||||
-rw-r--r-- | ipalib/plugins/rolegroup.py | 17 | ||||
-rw-r--r-- | ipalib/plugins/sudocmdgroup.py | 3 | ||||
-rw-r--r-- | ipalib/plugins/taskgroup.py | 18 | ||||
-rw-r--r-- | ipalib/plugins/user.py | 16 |
11 files changed, 130 insertions, 132 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 91aa3965..f764efbb 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -32,6 +32,93 @@ from ipalib import output from ipalib.text import _ from ipalib.util import json_serialize +global_output_params = ( + Str('member', + label=_('Failed members'), + ), + Str('member_user?', + label=_('Member users'), + ), + Str('member_group?', + label=_('Member groups'), + ), + Str('member_host?', + label=_('Member hosts'), + ), + Str('memberof_hostgroup?', + label=_('Member of host-groups'), + ), + Str('memberof_taskgroup?', + label=_('Member of task-groups'), + ), + Str('member_rolegroup?', + label=_('Member role-groups'), + ), + Str('member_netgroup?', + label=_('Member netgroups'), + ), + Str('memberof_netgroup?', + label=_('Member of netgroups'), + ), + Str('member_service?', + label=_('Member services'), + ), + Str('member_servicegroup?', + label=_('Member service groups'), + ), + Str('memberof_servicegroup?', + label='Member of service groups', + ), + Str('member_hbacsvcgroup?', + label=_('Member HBAC service groups'), + ), + Str('memberof_hbacsvcgroup?', + label='Member of HBAC service groups', + ), + Str('member_sudocmdgroup?', + label='Member SUDO command groups', + ), + Str('member_sudocmd?', + label='Member SUDO commands', + ), + Str('memberindirect_user?', + label=_('Indirect Member users'), + ), + Str('memberindirect_group?', + label=_('Indirect Member groups'), + ), + Str('memberindirect_host?', + label=_('Indirect Member hosts'), + ), + Str('memberindirect_hostgroup?', + label=_('Indirect Member host-groups'), + ), + Str('memberindirect_rolegroup?', + label=_('Indirect Member role-groups'), + ), + Str('memberindirect_taskgroup?', + label=_('Indirect Member role-groups'), + ), + Str('memberindirect_hbacsvc?', + label=_('Indirect Member HBAC service'), + ), + Str('memberindirect_hbacsvcgrp?', + label=_('Indirect Member HBAC service group'), + ), + Str('memberindirect_netgroup?', + label=_('Indirect Member netgroups'), + ), + Str('memberindirect_sudocmdgroup?', + label='Indirect Member SUDO command groups', + ), + Str('memberindirect_sudocmd?', + label='Indirect Member SUDO commands', + ), + Str('externalhost?', + label=_('External host'), + ), +) + def validate_add_attribute(ugettext, attr): validate_attribute(ugettext, 'addattr', attr) @@ -273,6 +360,8 @@ class LDAPCreate(CallbackInterface, crud.Create): for arg in super(crud.Create, self).get_args(): yield arg + has_output_params = global_output_params + def execute(self, *keys, **options): ldap = self.obj.backend @@ -425,6 +514,7 @@ class LDAPRetrieve(LDAPQuery): Retrieve an LDAP entry. """ has_output = output.standard_entry + has_output_params = global_output_params takes_options = ( Flag('rights', @@ -502,6 +592,8 @@ class LDAPUpdate(LDAPQuery, crud.Update): takes_options = _attr_options + has_output_params = global_output_params + def execute(self, *keys, **options): ldap = self.obj.backend @@ -630,6 +722,8 @@ class LDAPDelete(LDAPMultiQuery): """ has_output = output.standard_delete + has_output_params = global_output_params + def execute(self, *keys, **options): ldap = self.obj.backend @@ -765,11 +859,7 @@ class LDAPAddMember(LDAPModMember): ), ) - has_output_params = ( - Str('member', - label=_('Failed members'), - ), - ) + has_output_params = global_output_params def execute(self, *keys, **options): ldap = self.obj.backend @@ -870,11 +960,7 @@ class LDAPRemoveMember(LDAPModMember): ), ) - has_output_params = ( - Str('member', - label=_('Failed members'), - ), - ) + has_output_params = global_output_params def execute(self, *keys, **options): ldap = self.obj.backend @@ -989,6 +1075,8 @@ class LDAPSearch(CallbackInterface, crud.Search): for option in super(LDAPSearch, self).get_options(): yield option + has_output_params = global_output_params + def execute(self, *args, **options): ldap = self.obj.backend diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py index 975915b4..aec5ce05 100644 --- a/ipalib/plugins/group.py +++ b/ipalib/plugins/group.py @@ -83,12 +83,14 @@ class group(LDAPObject): object_class_config = 'ipagroupobjectclasses' search_attributes_config = 'ipagroupsearchfields' default_attributes = [ - 'cn', 'description', 'gidnumber', 'member', 'memberof' + 'cn', 'description', 'gidnumber', 'member', 'memberof', + 'memberindirect', ] uuid_attribute = 'ipauniqueid' attribute_members = { 'member': ['user', 'group'], 'memberof': ['group', 'netgroup', 'rolegroup', 'taskgroup'], + 'memberindirect': ['user', 'group', 'netgroup', 'rolegroup', 'taskgroup'], } rdnattr = 'cn' @@ -114,14 +116,6 @@ class group(LDAPObject): label=_('GID'), doc=_('GID (use this option to set it manually)'), ), - Str('member_group?', - label=_('Member groups'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('member_user?', - label=_('Member users'), - flags=['no_create', 'no_update', 'no_search'], - ), ) api.register(group) diff --git a/ipalib/plugins/hbacsvc.py b/ipalib/plugins/hbacsvc.py index d5302cde..4074eb33 100644 --- a/ipalib/plugins/hbacsvc.py +++ b/ipalib/plugins/hbacsvc.py @@ -51,10 +51,10 @@ class hbacsvc(LDAPObject): HBAC Service object. """ container_dn = api.env.container_hbacservice - object_name = 'service' - object_name_plural = 'services' + object_name = 'hbacsvc' + object_name_plural = 'hbacsvcs' object_class = [ 'ipaobject', 'ipahbacservice' ] - default_attributes = ['cn', 'description'] + default_attributes = ['cn', 'description', 'memberindirect',] uuid_attribute = 'ipauniqueid' label = _('Services') diff --git a/ipalib/plugins/hbacsvcgroup.py b/ipalib/plugins/hbacsvcgroup.py index 70dd32b1..682a6c4e 100644 --- a/ipalib/plugins/hbacsvcgroup.py +++ b/ipalib/plugins/hbacsvcgroup.py @@ -53,14 +53,17 @@ class hbacsvcgroup(LDAPObject): HBAC service group object. """ container_dn = api.env.container_hbacservicegroup - object_name = 'servicegroup' - object_name_plural = 'servicegroups' + object_name = 'hbacsvcgroup' + object_name_plural = 'hbacsvcgroups' object_class = ['ipaobject', 'ipahbacservicegroup'] - default_attributes = [ 'cn', 'description', 'member', 'memberof', ] + default_attributes = [ 'cn', 'description', 'member', 'memberof', + 'memberindirect', + ] uuid_attribute = 'ipauniqueid' attribute_members = { 'member': ['hbacsvc', 'hbacsvcgroup'], 'memberof': ['hbacsvcgroup'], + 'memberindirect': ['hbacsvc', 'hbacsvcgroup'], } label = _('HBAC Service Groups') @@ -77,18 +80,6 @@ class hbacsvcgroup(LDAPObject): label=_('Description'), doc=_('HBAC service group description'), ), - Str('member_service?', - label=_('Member services'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('member_servicegroup?', - label=_('Member service groups'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('memberof_servicegroup?', - label='Member of service groups', - flags=['no_create', 'no_update', 'no_search'], - ), ) api.register(hbacsvcgroup) diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 3a63d212..2c032f3e 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -159,18 +159,6 @@ class host(LDAPObject): label=_('Principal name'), flags=['no_create', 'no_update', 'no_search'], ), - Str('memberof_hostgroup?', - label=_('Member of host-groups'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('memberof_netgroup?', - label=_('Member of net-groups'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('memberof_rolegroup?', - label=_('Member of role-groups'), - flags=['no_create', 'no_update', 'no_search'], - ), ) def get_dn(self, *keys, **options): diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py index 2f9cbab2..51d05836 100644 --- a/ipalib/plugins/hostgroup.py +++ b/ipalib/plugins/hostgroup.py @@ -59,11 +59,14 @@ class hostgroup(LDAPObject): object_name = 'hostgroup' object_name_plural = 'hostgroups' object_class = ['ipaobject', 'ipahostgroup'] - default_attributes = ['cn', 'description', 'member', 'memberof'] + default_attributes = ['cn', 'description', 'member', 'memberof', + 'memberindirect' + ] uuid_attribute = 'ipauniqueid' attribute_members = { 'member': ['host', 'hostgroup'], 'memberof': ['hostgroup'], + 'memberindirect': ['host', 'hostgroup'], } label = _('Host Groups') @@ -81,18 +84,6 @@ class hostgroup(LDAPObject): label=_('Description'), doc=_('A description of this host-group'), ), - Str('member_host?', - label=_('Member hosts'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('member_hostgroup?', - label=_('Member host-groups'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('memberof_hostgroup?', - label=_('Member of host-groups'), - flags=['no_create', 'no_update', 'no_search'], - ), ) api.register(hostgroup) diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py index 9edc45e5..3b714213 100644 --- a/ipalib/plugins/netgroup.py +++ b/ipalib/plugins/netgroup.py @@ -46,23 +46,6 @@ from ipalib.plugins.baseldap import * from ipalib import _, ngettext -output_params = ( - Str('memberuser_user?', - label='Member User', - ), - Str('memberuser_group?', - label='Member Group', - ), - Str('memberhost_host?', - label=_('Member Host'), - ), - Str('memberhost_hostgroup?', - label='Member Hostgroup', - ), - Str('externalhost?', - label=_('External host'), - ), - ) class netgroup(LDAPObject): """ Netgroup object. @@ -72,13 +55,15 @@ class netgroup(LDAPObject): object_name_plural = 'netgroups' object_class = ['ipaobject', 'ipaassociation', 'ipanisnetgroup'] default_attributes = [ - 'cn', 'description', 'memberof', 'externalhost', - 'nisdomainname', 'memberuser', 'memberhost', + 'cn', 'description', 'memberof', 'externalhost', 'nisdomainname', + 'memberuser', 'memberhost','member', 'memberindirect', ] uuid_attribute = 'ipauniqueid' rdn_attribute = 'ipauniqueid' attribute_members = { + 'member': ['netgroup'], 'memberof': ['netgroup'], + 'memberindirect': ['netgroup'], 'memberuser': ['user', 'group'], 'memberhost': ['host', 'hostgroup'], } @@ -116,7 +101,6 @@ class netgroup_add(LDAPCreate): """ Add a new netgroup. """ - has_output_params = output_params def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): entry_attrs.setdefault('nisdomainname', self.api.env.domain) return dn @@ -128,6 +112,7 @@ class netgroup_del(LDAPDelete): """ Delete a netgroup. """ + msg_summary = _('Deleted netgroup "%(value)s"') api.register(netgroup_del) @@ -136,7 +121,6 @@ class netgroup_mod(LDAPUpdate): """ Modify a netgroup. """ - has_output_params = output_params api.register(netgroup_mod) @@ -145,7 +129,6 @@ class netgroup_find(LDAPSearch): """ Search for a netgroup. """ - has_output_params = output_params api.register(netgroup_find) @@ -154,7 +137,6 @@ class netgroup_show(LDAPRetrieve): """ Display information about a netgroup. """ - has_output_params = output_params api.register(netgroup_show) @@ -163,8 +145,7 @@ class netgroup_add_member(LDAPAddMember): """ Add members to a netgroup. """ - has_output_params = LDAPAddMember.has_output_params + output_params - member_attributes = ['memberuser', 'memberhost'] + member_attributes = ['memberuser', 'memberhost', 'member'] def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): completed_external = 0 # Sift through the host failures. We assume that these are all @@ -199,7 +180,6 @@ class netgroup_remove_member(LDAPRemoveMember): """ Remove members from a netgroup. """ - has_output_params = LDAPRemoveMember.has_output_params + output_params member_attributes = ['memberuser', 'memberhost'] def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): # Run through the host failures and gracefully remove any defined as diff --git a/ipalib/plugins/rolegroup.py b/ipalib/plugins/rolegroup.py index feffa0d4..e0b6fbc4 100644 --- a/ipalib/plugins/rolegroup.py +++ b/ipalib/plugins/rolegroup.py @@ -70,10 +70,13 @@ class rolegroup(LDAPObject): object_name = 'rolegroup' object_name_plural = 'rolegroups' object_class = ['groupofnames', 'nestedgroup'] - default_attributes = ['cn', 'description', 'member', 'memberof'] + default_attributes = ['cn', 'description', 'member', 'memberof', + 'memberindirect' + ] attribute_members = { 'member': ['user', 'group', 'host', 'hostgroup'], 'memberof': ['taskgroup'], + 'memberindirect': ['user', 'group', 'host', 'hostgroup'], } rdnattr='cn' @@ -91,18 +94,6 @@ class rolegroup(LDAPObject): label=_('Description'), doc=_('A description of this role-group'), ), - Str('member_group?', - label=_('Member groups'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('member_user?', - label=_('Member users'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('memberof_taskgroup?', - label=_('Member of task-groups'), - flags=['no_create', 'no_update', 'no_search'], - ), ) api.register(rolegroup) diff --git a/ipalib/plugins/sudocmdgroup.py b/ipalib/plugins/sudocmdgroup.py index 75b3efbd..5476f99c 100644 --- a/ipalib/plugins/sudocmdgroup.py +++ b/ipalib/plugins/sudocmdgroup.py @@ -55,12 +55,13 @@ class sudocmdgroup(LDAPObject): object_name_plural = 'sudocmdgroups' object_class = ['ipaobject', 'ipasudocmdgrp'] default_attributes = [ - 'cn', 'description', 'member', 'memberof' + 'cn', 'description', 'member', 'memberof', 'memberindirect', ] uuid_attribute = 'ipauniqueid' attribute_members = { 'member': ['sudocmd', 'sudocmdgroup'], 'memberof': ['sudocmdgroup'], + 'memberindirect': ['sudocmd', 'sudocmdgroup'], } label = _('Sudo Command Groups') diff --git a/ipalib/plugins/taskgroup.py b/ipalib/plugins/taskgroup.py index 11bef486..ba3f5073 100644 --- a/ipalib/plugins/taskgroup.py +++ b/ipalib/plugins/taskgroup.py @@ -33,7 +33,6 @@ from ipalib.plugins.baseldap import * from ipalib import api, _, ngettext - class taskgroup(LDAPObject): """ Taskgroup object. @@ -42,9 +41,12 @@ class taskgroup(LDAPObject): object_name = 'taskgroup' object_name_plural = 'taskgroups' object_class = ['groupofnames'] - default_attributes = ['cn', 'description', 'member', 'memberof'] + default_attributes = ['cn', 'description', 'member', 'memberof', + 'memberindirect' + ] attribute_members = { 'member': ['user', 'group', 'rolegroup'], + 'memberindirect': ['user', 'group', 'rolegroup'], # FIXME: taskgroup can be member of ??? } rdnattr='cn' @@ -63,18 +65,6 @@ class taskgroup(LDAPObject): label=_('Description'), doc=_('Task-group description'), ), - Str('member_group?', - label=_('Member groups'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('member_user?', - label=_('Member users'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('member_rolegroup?', - label=_('Member role-groups'), - flags=['no_create', 'no_update', 'no_search'], - ), ) api.register(taskgroup) diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index fb0da480..6bfb7b6f 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -139,22 +139,6 @@ class user(LDAPObject): cli_name='street', label=_('Street address'), ), - Str('memberof_group?', - label=_('Groups'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('memberof_netgroup?', - label=_('Netgroups'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('memberof_rolegroup?', - label=_('Rolegroups'), - flags=['no_create', 'no_update', 'no_search'], - ), - Str('memberof_taskgroup?', - label=_('Taskgroups'), - flags=['no_create', 'no_update', 'no_search'], - ), Str('telephonenumber*', cli_name='phone', label=_('Telephone Number') ), |