diff options
author | Martin Kosek <mkosek@redhat.com> | 2013-04-23 09:59:24 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2013-04-26 10:20:17 -0400 |
commit | 5af2e1779ae1a0eca785493c8ed2eb044c8e282a (patch) | |
tree | 9b90f8e18e0235852bbfb19634d0a77f29031f9b | |
parent | e10d934230a7f70fd9ea20a3ca96f4b8356f5664 (diff) | |
download | freeipa-5af2e1779ae1a0eca785493c8ed2eb044c8e282a.tar.gz freeipa-5af2e1779ae1a0eca785493c8ed2eb044c8e282a.tar.xz freeipa-5af2e1779ae1a0eca785493c8ed2eb044c8e282a.zip |
Add userClass attribute for hosts
This new freeform host attribute will allow provisioning systems
to add custom tags for host objects which can be later used for
in automember rules or for additional local interpretation.
Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems
Ticket: https://fedorahosted.org/freeipa/ticket/3583
-rw-r--r-- | API.txt | 9 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | install/share/60basev2.ldif | 2 | ||||
-rw-r--r-- | install/updates/10-60basev3.update | 1 | ||||
-rw-r--r-- | ipalib/plugins/host.py | 7 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_host_plugin.py | 23 |
6 files changed, 39 insertions, 5 deletions
@@ -1723,7 +1723,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('value', <type 'bool'>, None) output: Output('warning', (<type 'list'>, <type 'tuple'>, <type 'NoneType'>), None) command: host_add -args: 1,20,3 +args: 1,21,3 arg: Str('fqdn', attribute=True, cli_name='hostname', multivalue=False, primary_key=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') @@ -1743,6 +1743,7 @@ option: Flag('random', attribute=False, autofill=True, cli_name='random', defaul option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Str('setattr*', cli_name='setattr', exclude='webui') option: Bytes('usercertificate', attribute=True, cli_name='certificate', multivalue=False, required=False) +option: Str('userclass', attribute=True, cli_name='class', multivalue=True, required=False) option: Str('userpassword', attribute=True, cli_name='password', multivalue=False, required=False) option: Str('version?', exclude='webui') output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) @@ -1774,7 +1775,7 @@ output: Output('result', <type 'bool'>, None) output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('value', <type 'unicode'>, None) command: host_find -args: 1,31,4 +args: 1,32,4 arg: Str('criteria?', noextrawhitespace=False) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False) @@ -1805,6 +1806,7 @@ option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui option: Int('sizelimit?', autofill=False, minvalue=0) option: Int('timelimit?', autofill=False, minvalue=0) option: Bytes('usercertificate', attribute=True, autofill=False, cli_name='certificate', multivalue=False, query=True, required=False) +option: Str('userclass', attribute=True, autofill=False, cli_name='class', multivalue=True, query=True, required=False) option: Str('userpassword', attribute=True, autofill=False, cli_name='password', multivalue=False, query=True, required=False) option: Str('version?', exclude='webui') output: Output('count', <type 'int'>, None) @@ -1812,7 +1814,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('truncated', <type 'bool'>, None) command: host_mod -args: 1,21,3 +args: 1,22,3 arg: Str('fqdn', attribute=True, cli_name='hostname', multivalue=False, primary_key=True, query=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') @@ -1833,6 +1835,7 @@ option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr', exclude='webui') option: Flag('updatedns?', autofill=True, default=False) option: Bytes('usercertificate', attribute=True, autofill=False, cli_name='certificate', multivalue=False, required=False) +option: Str('userclass', attribute=True, autofill=False, cli_name='class', multivalue=True, required=False) option: Str('userpassword', attribute=True, autofill=False, cli_name='password', multivalue=False, required=False) option: Str('version?', exclude='webui') output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) @@ -89,4 +89,4 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=57 +IPA_API_VERSION_MINOR=58 diff --git a/install/share/60basev2.ldif b/install/share/60basev2.ldif index 3b05e3701..8e7174c10 100644 --- a/install/share/60basev2.ldif +++ b/install/share/60basev2.ldif @@ -13,7 +13,7 @@ attributeTypes: (2.16.840.1.113730.3.8.3.24 NAME 'ipaEntitlementId' DESC 'Entitl # ipaKrbAuthzData added here. Even though it is a v3 attribute it is updating # a v2 objectClass so needs to be here. attributeTypes: (2.16.840.1.113730.3.8.11.37 NAME 'ipaKrbAuthzData' DESC 'type of PAC preferred by a service' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3' ) -objectClasses: (2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $ ipaClientVersion $ enrolledBy $ memberOf) X-ORIGIN 'IPA v2' ) +objectClasses: (2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $ ipaClientVersion $ enrolledBy $ memberOf $ userClass ) X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.12 NAME 'ipaObject' DESC 'IPA objectclass' AUXILIARY MUST ( ipaUniqueId ) X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.14 NAME 'ipaEntitlement' DESC 'IPA Entitlement object' AUXILIARY MUST ( ipaEntitlementId ) MAY ( userPKCS12 $ userCertificate ) X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.15 NAME 'ipaPermission' DESC 'IPA Permission objectclass' AUXILIARY MAY ( ipaPermissionType ) X-ORIGIN 'IPA v2' ) diff --git a/install/updates/10-60basev3.update b/install/updates/10-60basev3.update index bed14f7b2..47d2eafc7 100644 --- a/install/updates/10-60basev3.update +++ b/install/updates/10-60basev3.update @@ -12,3 +12,4 @@ replace:attributeTypes:( 2.16.840.1.113730.3.8.7.1 NAME 'memberAllowCmd' DESC 'R replace:attributeTypes:( 2.16.840.1.113730.3.8.7.2 NAME 'memberDenyCmd' DESC 'Reference to a command or group of commands that are denied by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.7.2 NAME 'memberDenyCmd' DESC 'Reference to a command or group of commands that are denied by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3' ) add:objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $$ memberOf $$ description $$ owner) X-ORIGIN 'IPA v3' ) +replace:objectClasses: (2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $$ ipaClientVersion $$ enrolledBy $$ memberOf ) X-ORIGIN 'IPA v2' )::(2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $$ ipaClientVersion $$ enrolledBy $$ memberOf $$ userClass ) X-ORIGIN 'IPA v2' ) diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index c79b9e212..e61525917 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -230,6 +230,7 @@ class host(LDAPObject): 'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname', 'nshardwareplatform', 'nsosversion', 'usercertificate', 'memberof', 'managedby', 'memberindirect', 'memberofindirect', 'macaddress', + 'userclass' ] uuid_attribute = 'ipauniqueid' attribute_members = { @@ -323,6 +324,12 @@ class host(LDAPObject): csv=True, flags=['no_search'], ), + Str('userclass*', + cli_name='class', + label=_('Class'), + doc=_('Host category (semantics placed on this attribute are for ' + 'local interpretation)'), + ), ) + ticket_flags_params def get_dn(self, *keys, **options): diff --git a/tests/test_xmlrpc/test_host_plugin.py b/tests/test_xmlrpc/test_host_plugin.py index f788dc6bc..07faf7760 100644 --- a/tests/test_xmlrpc/test_host_plugin.py +++ b/tests/test_xmlrpc/test_host_plugin.py @@ -700,6 +700,7 @@ class test_host(Declarative): dict( description=u'Test host 2', l=u'Undisclosed location 2', + userclass=[u'webserver', u'mailserver'], force=True, ), ), @@ -715,6 +716,7 @@ class test_host(Declarative): objectclass=objectclasses.host, ipauniqueid=[fuzzy_uuid], managedby_host=[fqdn2], + userclass=[u'webserver', u'mailserver'], has_keytab=False, has_password=False, ), @@ -722,6 +724,27 @@ class test_host(Declarative): ), + dict( + desc='Retrieve %r' % fqdn2, + command=('host_show', [fqdn2], {}), + expected=dict( + value=fqdn2, + summary=None, + result=dict( + dn=dn2, + fqdn=[fqdn2], + description=[u'Test host 2'], + l=[u'Undisclosed location 2'], + krbprincipalname=[u'host/%s@%s' % (fqdn2, api.env.realm)], + has_keytab=False, + has_password=False, + managedby_host=[fqdn2], + userclass=[u'webserver', u'mailserver'], + ), + ), + ), + + # This test will only succeed when running against lite-server.py # on same box as IPA install. dict( |