diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-01-26 13:41:39 +0100 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2012-01-26 10:17:39 -0600 |
| commit | 0b9279a30a04de447b324eeb87e7a9e3b288bb1d (patch) | |
| tree | ac2633d9c3c3e65908c56c883c1045f82c36032b /ipalib/plugins | |
| parent | 4277253b837f1485a900abee2b5fd0c246fa8d50 (diff) | |
| download | freeipa.git-0b9279a30a04de447b324eeb87e7a9e3b288bb1d.tar.gz freeipa.git-0b9279a30a04de447b324eeb87e7a9e3b288bb1d.tar.xz freeipa.git-0b9279a30a04de447b324eeb87e7a9e3b288bb1d.zip | |
Add missing managing hosts filtering options
Host object has a virtual attribute "managing" containing all hosts
it manages (governed by managedBy attribute). This patch also adds
standard membership filtering options:
--man-hosts=HOSTS: Only hosts managing _all_ HOSTS are returned
--not-man-hosts=HOSTS: Only hosts which do not manage _any_ host
in HOSTS are returned
https://fedorahosted.org/freeipa/ticket/1675
Diffstat (limited to 'ipalib/plugins')
| -rw-r--r-- | ipalib/plugins/baseldap.py | 50 | ||||
| -rw-r--r-- | ipalib/plugins/host.py | 47 |
2 files changed, 74 insertions, 23 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 3d648045..f59a0d41 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1595,6 +1595,31 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): for arg in super(crud.Search, self).get_args(): yield arg + def get_member_options(self, attr): + for ldap_obj_name in self.obj.attribute_members[attr]: + ldap_obj = self.api.Object[ldap_obj_name] + relationship = self.obj.relationships.get( + attr, ['member', '', 'no_'] + ) + doc = self.member_param_incl_doc % ( + self.obj.object_name_plural, relationship[0].lower(), + ldap_obj.object_name_plural + ) + name = '%s%s' % (relationship[1], to_cli(ldap_obj_name)) + yield Str( + '%s*' % name, cli_name='%ss' % name, doc=doc, + label=ldap_obj.object_name, csv=True + ) + doc = self.member_param_excl_doc % ( + self.obj.object_name_plural, relationship[0].lower(), + ldap_obj.object_name_plural + ) + name = '%s%s' % (relationship[2], to_cli(ldap_obj_name)) + yield Str( + '%s*' % name, cli_name='%ss' % name, doc=doc, + label=ldap_obj.object_name, csv=True + ) + def get_options(self): for option in super(LDAPSearch, self).get_options(): yield option @@ -1602,29 +1627,8 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): 'no_output' not in self.obj.primary_key.flags: yield gen_pkey_only_option(self.obj.primary_key.cli_name) for attr in self.member_attributes: - for ldap_obj_name in self.obj.attribute_members[attr]: - ldap_obj = self.api.Object[ldap_obj_name] - relationship = self.obj.relationships.get( - attr, ['member', '', 'no_'] - ) - doc = self.member_param_incl_doc % ( - self.obj.object_name_plural, relationship[0].lower(), - ldap_obj.object_name_plural - ) - name = '%s%s' % (relationship[1], to_cli(ldap_obj_name)) - yield Str( - '%s*' % name, cli_name='%ss' % name, doc=doc, - label=ldap_obj.object_name, csv=True - ) - doc = self.member_param_excl_doc % ( - self.obj.object_name_plural, relationship[0].lower(), - ldap_obj.object_name_plural - ) - name = '%s%s' % (relationship[2], to_cli(ldap_obj_name)) - yield Str( - '%s*' % name, cli_name='%ss' % name, doc=doc, - label=ldap_obj.object_name, csv=True - ) + for option in self.get_member_options(attr): + yield option def get_member_filter(self, ldap, **options): filter = '' diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index a37297e4..0cae656b 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -33,6 +33,7 @@ from ipalib.plugins.dns import dns_container_exists, _record_types from ipalib.plugins.dns import add_forward_record from ipalib import _, ngettext from ipalib import x509 +from ipalib.dn import * from ipapython.ipautil import ipa_generate_password, CheckedIPAddress from ipalib.request import context import base64 @@ -733,10 +734,56 @@ class host_find(LDAPSearch): ) member_attributes = ['memberof', 'enrolledby', 'managedby'] + def get_options(self): + for option in super(host_find, self).get_options(): + yield option + # "managing" membership has to be added and processed separately + for option in self.get_member_options('managing'): + yield option + def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *args, **options): if 'locality' in attrs_list: attrs_list.remove('locality') attrs_list.append('l') + if 'man_host' in options or 'not_man_host' in options: + hosts = [] + if options.get('man_host') is not None: + for pkey in options.get('man_host', []): + dn = self.obj.get_dn(pkey) + try: + (dn, entry_attrs) = ldap.get_entry(dn, ['managedby']) + except errors.NotFound: + self.obj.handle_not_found(pkey) + hosts.append(set(entry_attrs.get('managedby', ''))) + hosts = list(reduce(lambda s1, s2: s1 & s2, hosts)) + + if not hosts: + # There is no host managing _all_ hosts in --man-hosts + filter = ldap.combine_filters( + (filter, '(objectclass=disabled)'), ldap.MATCH_ALL + ) + + not_hosts = [] + if options.get('not_man_host') is not None: + for pkey in options.get('not_man_host', []): + dn = self.obj.get_dn(pkey) + try: + (dn, entry_attrs) = ldap.get_entry(dn, ['managedby']) + except errors.NotFound: + self.obj.handle_not_found(pkey) + not_hosts += entry_attrs.get('managedby', []) + not_hosts = list(set(not_hosts)) + + for target_hosts, filter_op in ((hosts, ldap.MATCH_ANY), + (not_hosts, ldap.MATCH_NONE)): + hosts_avas = [DN(host)[0][0] for host in target_hosts] + hosts_filters = [ldap.make_filter_from_attr(ava.attr, ava.value) for ava in hosts_avas] + hosts_filter = ldap.combine_filters(hosts_filters, filter_op) + + filter = ldap.combine_filters( + (filter, hosts_filter), ldap.MATCH_ALL + ) + return (filter.replace('locality', 'l'), base_dn, scope) def post_callback(self, ldap, entries, truncated, *args, **options): |