From e4a444ba8159f890daa124d1c546b977a91b9f32 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Tue, 5 Jul 2011 17:59:05 -0400 Subject: HBAC deny warning shows dialog if there are any HBAC deny rules. Dialog provides option to navigate to the HBAC page. Deny rules have their rule type value show up in red. Only shows up fro administrators, not for self service users. https://fedorahosted.org/freeipa/ticket/1421 --- install/ui/test/bin/update_ipa_init.sh | 2 +- install/ui/test/data/hbacrule_find.json | 58 ++++++++++++++++++++---------- install/ui/test/data/ipa_init.json | 64 ++++++++++++++++++++++++++++----- 3 files changed, 96 insertions(+), 28 deletions(-) (limited to 'install/ui/test') diff --git a/install/ui/test/bin/update_ipa_init.sh b/install/ui/test/bin/update_ipa_init.sh index 5cdeacaa..23852a26 100755 --- a/install/ui/test/bin/update_ipa_init.sh +++ b/install/ui/test/bin/update_ipa_init.sh @@ -17,4 +17,4 @@ fi -curl -v -H "Content-Type:application/json" -H "Accept:applicaton/json" --negotiate -u : --cacert /etc/ipa/ca.crt -d '{"method":"batch","params":[[ {"method":"json_metadata","params":[[],{}]}, {"method":"i18n_messages","params":[[],{}]}, {"method":"user_find","params":[[],{"whoami":"true","all":"true"}]}, {"method":"env","params":[[],{}]}, {"method":"dns_is_enabled","params":[[],{}]} ],{}],"id":1}' -X POST https://`hostname`/ipa/json | sed 's/[ \t]*$//' > $INIT_FILE +curl -v -H "Content-Type:application/json" -H "Accept:applicaton/json" --negotiate -u : --cacert /etc/ipa/ca.crt -d '{"method":"batch","params":[[{"method":"json_metadata","params":[[],{}]},{"method":"i18n_messages","params":[[],{}]},{"method":"user_find","params":[[],{"whoami":true,"all":true}]},{"method":"env","params":[[],{}]},{"method":"dns_is_enabled","params":[[],{}]},{"method":"hbacrule_find","params":[[],{"accessruletype":"deny"}]}],{}]}' -X POST https://`hostname`/ipa/json | sed 's/[ \t]*$//' > $INIT_FILE diff --git a/install/ui/test/data/hbacrule_find.json b/install/ui/test/data/hbacrule_find.json index fd95d9f5..3801a7d4 100644 --- a/install/ui/test/data/hbacrule_find.json +++ b/install/ui/test/data/hbacrule_find.json @@ -1,54 +1,74 @@ { - "error": null, - "id": 0, + "error": null, + "id": null, "result": { - "count": 2, + "count": 4, "result": [ { "accessruletype": [ "allow" - ], + ], "cn": [ "allow_all" - ], + ], "description": [ "Allow all users to access any host from any host" - ], - "dn": "ipauniqueid=b7567b5a-e39311df-bfde9b13-2b28c216,cn=hbac,dc=dev,dc=example,dc=com", + ], + "dn": "ipauniqueid=ca842a42-a445-11e0-87ff-525400b55a47,cn=hbac,dc=server15,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "hostcategory": [ "all" - ], + ], "ipaenabledflag": [ "TRUE" - ], + ], "servicecategory": [ "all" - ], + ], "sourcehostcategory": [ "all" - ], + ], "usercategory": [ "all" ] }, { "accessruletype": [ - "allow" + "deny" + ], + "cn": [ + "deny1" ], - "accesstime": [ - "periodic daily 0800-1400", - "absolute 201012161032 ~ 201012161033" + "dn": "ipauniqueid=8af3e23c-a7e2-11e0-b394-525400b55a47,cn=hbac,dc=server15,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "ipaenabledflag": [ + "TRUE" + ] + }, + { + "accessruletype": [ + "deny" + ], + "cn": [ + "deny2" + ], + "dn": "ipauniqueid=8f05d042-a7e2-11e0-b394-525400b55a47,cn=hbac,dc=server15,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "ipaenabledflag": [ + "TRUE" + ] + }, + { + "accessruletype": [ + "deny" ], "cn": [ - "test" + "deny3" ], - "dn": "ipauniqueid=3b6d2a82-e3b511df-bfde9b13-2b28c216,cn=hbac,dc=dev,dc=example,dc=com", + "dn": "ipauniqueid=92dcf9fc-a7e2-11e0-8dac-525400b55a47,cn=hbac,dc=server15,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", "ipaenabledflag": [ "TRUE" ] } - ], - "summary": null, + ], + "summary": "4 HBAC rules matched", "truncated": false } } diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json index 5b4dadfc..a6700210 100644 --- a/install/ui/test/data/ipa_init.json +++ b/install/ui/test/data/ipa_init.json @@ -1,8 +1,8 @@ { "error": null, - "id": 1, + "id": null, "result": { - "count": 5, + "count": 6, "results": [ { "error": null, @@ -8266,7 +8266,8 @@ "ipausersearchfields", "ipagroupsearchfields", "ipamigrationenabled", - "ipacertificatesubjectbase" + "ipacertificatesubjectbase", + "ipapwdexpadvnotify" ], "hidden_attributes": [ "objectclass", @@ -12117,7 +12118,7 @@ "aciattrs": [], "attribute_members": {}, "bindable": false, - "container_dn": "cn=IDM.LAB.BOS.REDHAT.COM,cn=kerberos", + "container_dn": "cn=SERVER15.AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=kerberos", "default_attributes": [ "krbmaxticketlife", "krbmaxrenewableage" @@ -12962,7 +12963,7 @@ ], "attribute_members": {}, "bindable": false, - "container_dn": "cn=IDM.LAB.BOS.REDHAT.COM,cn=kerberos", + "container_dn": "cn=SERVER15.AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=kerberos", "default_attributes": [ "cn", "cospriority", @@ -15887,17 +15888,17 @@ ], "krbextradata": [ { - "__base64__": "AAL2bA5Ocm9vdC9hZG1pbkBTRVJWRVIxNS5BWU9VTkcuQk9TVE9OLkRFVkVMLlJFREhBVC5DT00A" + "__base64__": "AAgBAA==" }, { - "__base64__": "AAgBAA==" + "__base64__": "AAL2bA5Ocm9vdC9hZG1pbkBTRVJWRVIxNS5BWU9VTkcuQk9TVE9OLkRFVkVMLlJFREhBVC5DT00A" } ], "krblastpwdchange": [ "20110702005726Z" ], "krblastsuccessfulauth": [ - "20110705172822Z" + "20110705180548Z" ], "krbpasswordexpiration": [ "20110930005726Z" @@ -16017,6 +16018,53 @@ "result": true, "summary": null, "value": "" + }, + { + "count": 3, + "error": null, + "result": [ + { + "accessruletype": [ + "deny" + ], + "cn": [ + "deny1" + ], + "dn": "ipauniqueid=8af3e23c-a7e2-11e0-b394-525400b55a47,cn=hbac,dc=server15,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "ipaenabledflag": [ + "TRUE" + ], + "memberuser_user": [ + "abrown" + ] + }, + { + "accessruletype": [ + "deny" + ], + "cn": [ + "deny2" + ], + "dn": "ipauniqueid=8f05d042-a7e2-11e0-b394-525400b55a47,cn=hbac,dc=server15,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "ipaenabledflag": [ + "TRUE" + ] + }, + { + "accessruletype": [ + "deny" + ], + "cn": [ + "deny3" + ], + "dn": "ipauniqueid=92dcf9fc-a7e2-11e0-8dac-525400b55a47,cn=hbac,dc=server15,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "ipaenabledflag": [ + "TRUE" + ] + } + ], + "summary": "3 HBAC rules matched", + "truncated": false } ] } -- cgit