From c781e8a57d3d05fa07729dbccff07bc1fab9d8e8 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 10 Aug 2009 16:24:10 -0400 Subject: Add a new objectclass, ipaObject, that will add a UUID to many IPA objects ipaObject is defined as an auxiliary objectclass so it is up to the plugin author to ensure that the objectclass is included an a UUID generated. ipaUniqueId is a MUST attribute so if you include the objectclass you must ensure that the uuid is generated. This also fixes up some unrelated unit test failures. --- install/share/60basev2.ldif | 1 + install/share/bootstrap-template.ldif | 2 ++ ipalib/plugins/basegroup.py | 5 ++++- ipalib/plugins/host.py | 5 ++++- ipalib/plugins/netgroup.py | 4 ++-- ipalib/plugins/service.py | 4 +++- ipalib/plugins/user.py | 3 +++ tests/test_xmlrpc/test_group_plugin.py | 13 +++++++------ tests/test_xmlrpc/test_host_plugin.py | 1 + tests/test_xmlrpc/test_hostgroup_plugin.py | 7 ++++--- tests/test_xmlrpc/test_netgroup_plugin.py | 27 ++++++++++++++------------- tests/test_xmlrpc/test_passwd_plugin.py | 1 + tests/test_xmlrpc/test_rolegroup_plugin.py | 7 ++++--- tests/test_xmlrpc/test_service_plugin.py | 1 + tests/test_xmlrpc/test_taskgroup_plugin.py | 3 ++- tests/test_xmlrpc/test_user_plugin.py | 1 + 16 files changed, 54 insertions(+), 31 deletions(-) diff --git a/install/share/60basev2.ldif b/install/share/60basev2.ldif index 485f8299..552001de 100644 --- a/install/share/60basev2.ldif +++ b/install/share/60basev2.ldif @@ -5,6 +5,7 @@ attributeTypes: (2.16.840.1.113730.3.8.3.3 NAME 'enrolledBy' DESC 'DN of adminis attributeTypes: (2.16.840.1.113730.3.8.3.4 NAME 'enrollmentPwd' DESC 'Password used to bulk enroll machines' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} X-ORIGIN 'IPA v2' ) attributeTypes: (2.16.840.1.113730.3.8.3.43 NAME 'fqdn' DESC 'FQDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $ ipaClientVersion $ enrolledBy $ memberOf) X-ORIGIN 'IPA v2' ) +objectClasses: (2.16.840.1.113730.3.8.4.44 NAME 'ipaObject' DESC 'IPA objectclass' AUXILIARY MUST ( ipaUniqueId ) X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA service objectclass' AUXILIARY MAY ( memberOf ) X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.3 NAME 'nestedGroup' DESC 'Group that supports nesting' SUP groupOfNames STRUCTURAL MAY memberOf X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.4 NAME 'ipaUserGroup' DESC 'IPA user group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' ) diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index 8e90c6e1..5c716f6a 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -149,6 +149,7 @@ ipaGroupObjectClasses: top ipaGroupObjectClasses: groupofnames ipaGroupObjectClasses: nestedgroup ipaGroupObjectClasses: ipausergroup +ipaGroupObjectClasses: ipaobject ipaUserObjectClasses: top ipaUserObjectClasses: person ipaUserObjectClasses: organizationalperson @@ -157,6 +158,7 @@ ipaUserObjectClasses: inetuser ipaUserObjectClasses: posixaccount ipaUserObjectClasses: krbprincipalaux ipaUserObjectClasses: radiusprofile +ipaUserObjectClasses: ipaobject ipaDefaultEmailDomain: $DOMAIN dn: cn=account inactivation,cn=accounts,$SUFFIX diff --git a/ipalib/plugins/basegroup.py b/ipalib/plugins/basegroup.py index edcc9999..9cfd3506 100644 --- a/ipalib/plugins/basegroup.py +++ b/ipalib/plugins/basegroup.py @@ -25,6 +25,7 @@ Base plugin for groups. from ipalib import api, crud, errors from ipalib import Command, Object from ipalib import Flag, Int, List, Str +from ipalib import uuid _default_attributes = ['cn', 'description', 'member', 'memberof'] _default_class = 'groupofnames' @@ -137,7 +138,7 @@ class basegroup_add(crud.Create): """ Create new group. """ - base_classes = ('top', _default_class) + base_classes = ('top', 'ipaobject', _default_class) def execute(self, cn, **kw): """ @@ -162,6 +163,8 @@ class basegroup_add(crud.Create): else: entry_attrs['objectclass'] = self.base_classes + entry_attrs['ipauniqueid'] = str(uuid.uuid1()) + ldap.add_entry(dn, entry_attrs) return ldap.get_entry(dn, entry_attrs.keys()) diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index fe46d2d5..809ec319 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -29,6 +29,7 @@ from ipalib import api, crud, errors, util from ipalib import Object from ipalib import Str, Flag from ipalib.plugins.service import split_principal +from ipalib import uuid _container_dn = api.env.container_host _default_attributes = [ @@ -166,7 +167,7 @@ class host_add(crud.Create): # FIXME: add this attribute to cn=ipaconfig # config = ldap.get_ipa_config()[1] # kw['objectclass'] = config.get('ipahostobjectclasses') - entry_attrs['objectclass'] = ['nshost', 'ipahost', 'pkiuser'] + entry_attrs['objectclass'] = ['ipaobject', 'nshost', 'ipahost', 'pkiuser'] if 'userpassword' not in entry_attrs: entry_attrs['krbprincipalname'] = 'host/%s@%s' % ( @@ -178,6 +179,8 @@ class host_add(crud.Create): elif 'krbprincipalaux' in entry_attrs['objectclass']: entry_attrs['objectclass'].remove('krbprincipalaux') + entry_attrs['ipauniqueid'] = str(uuid.uuid1()) + ldap.add_entry(dn, entry_attrs) return ldap.get_entry(dn, entry_attrs.keys()) diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py index 9a2d750c..4aac0271 100644 --- a/ipalib/plugins/netgroup.py +++ b/ipalib/plugins/netgroup.py @@ -69,9 +69,9 @@ class netgroup_add(basegroup_add): ldap = self.api.Backend.ldap2 entry_attrs = self.args_options_2_entry(cn, **kw) - entry_attrs['ipauniqueid'] = str(uuid.uuid1()) - entry_attrs['objectclass'] = ['top', 'ipaassociation', _default_class] + entry_attrs['objectclass'] = ['top', 'ipaobject', 'ipaassociation', _default_class] entry_attrs.setdefault('nisdomainname', self.api.env.domain) + entry_attrs['ipauniqueid'] = str(uuid.uuid1()) dn = ldap.make_dn(entry_attrs, 'ipauniqueid', _container_dn) diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 03204acb..8d852ca4 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -28,6 +28,7 @@ from OpenSSL import crypto from ipalib import api, crud, errors from ipalib import Object from ipalib import Str, Flag, Bytes +from ipalib import uuid _container_dn = api.env.container_service _default_attributes = ['krbprincipalname', 'usercertificate'] @@ -152,8 +153,9 @@ class service_add(crud.Create): entry_attrs = self.args_options_2_entry(principal, **kw) entry_attrs['objectclass'] = [ 'krbprincipal', 'krbprincipalaux', 'krbticketpolicyaux', - 'ipaservice', 'pkiuser' + 'ipaobject', 'ipaservice', 'pkiuser' ] + entry_attrs['ipauniqueid'] = str(uuid.uuid1()) dn = ldap.make_dn(entry_attrs, 'krbprincipalname', _container_dn) ldap.add_entry(dn, entry_attrs) diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 2b4ec521..e48a408c 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -24,6 +24,7 @@ Users (Identity) from ipalib import api, crud, errors from ipalib import Command, Object from ipalib import Flag, Int, Password, Str +from ipalib import uuid # parent DN _container_dn = api.env.container_user @@ -151,6 +152,8 @@ class user_add(crud.Create): # fill default group's gidNumber entry_attrs['gidnumber'] = group_attrs['gidnumber'] + entry_attrs['ipauniqueid'] = str(uuid.uuid1()) + # create user entry ldap.add_entry(dn, entry_attrs) diff --git a/tests/test_xmlrpc/test_group_plugin.py b/tests/test_xmlrpc/test_group_plugin.py index d1024fca..44baba3c 100644 --- a/tests/test_xmlrpc/test_group_plugin.py +++ b/tests/test_xmlrpc/test_group_plugin.py @@ -45,6 +45,7 @@ class test_group(XMLRPC_test): assert res assert_attr_equal(res, 'description', self.description) assert_attr_equal(res, 'cn', self.cn) + assert_attr_equal(res, 'objectclass', 'ipaobject') def test_2_group_add(self): """ @@ -136,24 +137,24 @@ class test_group(XMLRPC_test): assert_attr_equal(res, 'cn', self.cn) assert res.get('gidnumber', '') - def test_9_group_del_member(self): + def test_9_group_remove_member(self): """ - Test the `xmlrpc.group_del_member` method. + Test the `xmlrpc.group_remove_member` method. """ kw = {} kw['groups'] = self.cn2 - (total, failed, res) = api.Command['group_del_member'](self.cn, **kw) + (total, failed, res) = api.Command['group_remove_member'](self.cn, **kw) assert res assert total == 1 - def test_a_group_del_member(self): + def test_a_group_remove_member(self): """ - Test the `xmlrpc.group_del_member` method with non-member + Test the `xmlrpc.group_remove_member` method with non-member """ kw = {} kw['groups'] = u'notfound' # an error isn't thrown, the list of failed members is returned - (total, failed, res) = api.Command['group_del_member'](self.cn, **kw) + (total, failed, res) = api.Command['group_remove_member'](self.cn, **kw) assert total == 0 assert 'notfound' in failed diff --git a/tests/test_xmlrpc/test_host_plugin.py b/tests/test_xmlrpc/test_host_plugin.py index e64ba7ae..38d1ff73 100644 --- a/tests/test_xmlrpc/test_host_plugin.py +++ b/tests/test_xmlrpc/test_host_plugin.py @@ -45,6 +45,7 @@ class test_host(XMLRPC_test): assert_attr_equal(res, 'description', self.description) assert_attr_equal(res, 'fqdn', self.fqdn) assert_attr_equal(res, 'localityname', self.localityname) + assert_attr_equal(res, 'objectclass', 'ipaobject') def test_2_host_show(self): """ diff --git a/tests/test_xmlrpc/test_hostgroup_plugin.py b/tests/test_xmlrpc/test_hostgroup_plugin.py index 6e26e099..0aa685d7 100644 --- a/tests/test_xmlrpc/test_hostgroup_plugin.py +++ b/tests/test_xmlrpc/test_hostgroup_plugin.py @@ -47,6 +47,7 @@ class test_hostgroup(XMLRPC_test): assert res assert_attr_equal(res, 'description', self.description) assert_attr_equal(res, 'cn', self.cn) + assert_attr_equal(res, 'objectclass', 'ipaobject') def test_2_host_add(self): """ @@ -101,13 +102,13 @@ class test_hostgroup(XMLRPC_test): assert_attr_equal(res, 'description', newdesc) assert_attr_equal(res, 'cn', self.cn) - def test_7_hostgroup_del_member(self): + def test_7_hostgroup_remove_member(self): """ - Test the `xmlrpc.hostgroup_del_member` method. + Test the `xmlrpc.hostgroup_remove_member` method. """ kw = {} kw['hosts'] = self.host_fqdn - (total, failed, res) = api.Command['hostgroup_del_member'](self.cn, **kw) + (total, failed, res) = api.Command['hostgroup_remove_member'](self.cn, **kw) assert res assert res[1].get('member', []) == [] diff --git a/tests/test_xmlrpc/test_netgroup_plugin.py b/tests/test_xmlrpc/test_netgroup_plugin.py index b447e017..a7543a25 100644 --- a/tests/test_xmlrpc/test_netgroup_plugin.py +++ b/tests/test_xmlrpc/test_netgroup_plugin.py @@ -164,7 +164,7 @@ class test_netgroup(XMLRPC_test): """ Test the `xmlrpc.netgroup_show` method. """ - (dn, res) = api.Command['netgroup_show'](self.ng_cn) + (dn, res) = api.Command['netgroup_show'](self.ng_cn, all=True) assert res assert_attr_equal(res, 'description', self.ng_description) assert_attr_equal(res, 'cn', self.ng_cn) @@ -172,6 +172,7 @@ class test_netgroup(XMLRPC_test): assert_is_member(res, 'cn=%s' % self.hg_cn) assert_is_member(res, 'uid=%s' % self.user_uid) assert_is_member(res, 'cn=%s' % self.group_cn) + assert_attr_equal(res, 'objectclass', 'ipaobject') def test_7_netgroup_find(self): """ @@ -198,56 +199,56 @@ class test_netgroup(XMLRPC_test): assert_attr_equal(res, 'description', newdesc) assert_attr_equal(res, 'cn', self.ng_cn) - def test_9_netgroup_del_member(self): + def test_9_netgroup_remove_member(self): """ - Test the `xmlrpc.hostgroup_del_member` method. + Test the `xmlrpc.hostgroup_remove_member` method. """ kw = {} kw['hosts'] = self.host_fqdn - (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw) + (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert total == 1 kw = {} kw['hostgroups'] = self.hg_cn - (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw) + (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert total == 1 kw = {} kw['users'] = self.user_uid - (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw) + (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert total == 1 kw = {} kw['groups'] = self.group_cn - (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw) + (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert total == 1 - def test_a_netgroup_del_member(self): + def test_a_netgroup_remove_member(self): """ - Test the `xmlrpc.netgroup_del_member` method again to test not found. + Test the `xmlrpc.netgroup_remove_member` method again to test not found. """ kw = {} kw['hosts'] = self.host_fqdn - (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw) + (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert total == 0 assert self.host_fqdn in failed kw = {} kw['hostgroups'] = self.hg_cn - (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw) + (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert total == 0 assert self.hg_cn in failed kw = {} kw['users'] = self.user_uid (dn, res) = api.Command['netgroup_show'](self.ng_cn, all=True) - (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw) + (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert total == 0 assert self.user_uid in failed kw = {} kw['groups'] = self.group_cn - (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw) + (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw) assert total == 0 assert self.group_cn in failed diff --git a/tests/test_xmlrpc/test_passwd_plugin.py b/tests/test_xmlrpc/test_passwd_plugin.py index 9be18019..21fb743f 100644 --- a/tests/test_xmlrpc/test_passwd_plugin.py +++ b/tests/test_xmlrpc/test_passwd_plugin.py @@ -47,6 +47,7 @@ class test_passwd(XMLRPC_test): assert_attr_equal(res, 'sn', self.sn) assert_attr_equal(res, 'uid', self.uid) assert_attr_equal(res, 'homedirectory', self.home) + assert_attr_equal(res, 'objectclass', 'ipaobject') def test_2_set_passwd(self): """ diff --git a/tests/test_xmlrpc/test_rolegroup_plugin.py b/tests/test_xmlrpc/test_rolegroup_plugin.py index 9a93a926..d001c90f 100644 --- a/tests/test_xmlrpc/test_rolegroup_plugin.py +++ b/tests/test_xmlrpc/test_rolegroup_plugin.py @@ -46,6 +46,7 @@ class test_rolegroup(XMLRPC_test): assert res assert_attr_equal(res, 'description', self.description) assert_attr_equal(res, 'cn', self.cn) + assert_attr_equal(res, 'objectclass', 'ipaobject') def test_2_add_group(self): """ @@ -102,13 +103,13 @@ class test_rolegroup(XMLRPC_test): assert_attr_equal(res, 'description', newdesc) assert_attr_equal(res, 'cn', self.cn) - def test_7_rolegroup_del_member(self): + def test_7_rolegroup_remove_member(self): """ - Test the `xmlrpc.rolegroup_del_member` method. + Test the `xmlrpc.rolegroup_remove_member` method. """ kw = {} kw['groups'] = self.rolegroup_cn - (total, failed, res) = api.Command['rolegroup_del_member'](self.cn, **kw) + (total, failed, res) = api.Command['rolegroup_remove_member'](self.cn, **kw) assert total == 1 def test_8_rolegroup_del(self): diff --git a/tests/test_xmlrpc/test_service_plugin.py b/tests/test_xmlrpc/test_service_plugin.py index 7a7608a8..9eede38b 100644 --- a/tests/test_xmlrpc/test_service_plugin.py +++ b/tests/test_xmlrpc/test_service_plugin.py @@ -42,6 +42,7 @@ class test_service(XMLRPC_test): (dn, res) = api.Command['service_add'](**self.kw) assert res assert_attr_equal(res, 'krbprincipalname', self.principal) + assert_attr_equal(res, 'objectclass', 'ipaobject') def test_2_service_add(self): """ diff --git a/tests/test_xmlrpc/test_taskgroup_plugin.py b/tests/test_xmlrpc/test_taskgroup_plugin.py index 9cede858..bae6db53 100644 --- a/tests/test_xmlrpc/test_taskgroup_plugin.py +++ b/tests/test_xmlrpc/test_taskgroup_plugin.py @@ -49,6 +49,7 @@ class test_taskgroup(XMLRPC_test): assert res assert_attr_equal(res, 'description', self.description) assert_attr_equal(res, 'cn', self.cn) + assert_attr_equal(res, 'objectclass', 'ipaobject') def test_2_add_rolegroup(self): """ @@ -124,7 +125,7 @@ class test_taskgroup(XMLRPC_test): """ kw = {} kw['groups'] = self.taskgroup_cn - (total, failed, res) = api.Command['taskgroup_del_member'](self.cn, **kw) + (total, failed, res) = api.Command['taskgroup_remove_member'](self.cn, **kw) assert total == 1 def test_9_taskgroup_del(self): diff --git a/tests/test_xmlrpc/test_user_plugin.py b/tests/test_xmlrpc/test_user_plugin.py index 3bc8177a..efe48d84 100644 --- a/tests/test_xmlrpc/test_user_plugin.py +++ b/tests/test_xmlrpc/test_user_plugin.py @@ -48,6 +48,7 @@ class test_user(XMLRPC_test): assert_attr_equal(res, 'sn', self.sn) assert_attr_equal(res, 'uid', self.uid) assert_attr_equal(res, 'homedirectory', self.home) + assert_attr_equal(res, 'objectclass', 'ipaobject') def test_2_user_add(self): """ -- cgit