diff options
-rw-r--r-- | API.txt | 4 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | ipalib/plugins/baseldap.py | 50 | ||||
-rw-r--r-- | ipalib/plugins/host.py | 47 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_host_plugin.py | 33 |
5 files changed, 111 insertions, 25 deletions
@@ -1697,7 +1697,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('result', <type 'bool'>, None) output: Output('value', <type 'unicode'>, None) command: host_find -args: 1,29,4 +args: 1,31,4 arg: Str('criteria?', noextrawhitespace=False) option: Str('fqdn', attribute=True, autofill=False, cli_name='hostname', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9][a-zA-Z0-9-\\.]{0,254}$', pattern_errmsg='may only include letters, numbers, and -', primary_key=True, query=True, required=False) option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False) @@ -1728,6 +1728,8 @@ option: Str('enroll_by_user*', cli_name='enroll_by_users', csv=True) option: Str('not_enroll_by_user*', cli_name='not_enroll_by_users', csv=True) option: Str('man_by_host*', cli_name='man_by_hosts', csv=True) option: Str('not_man_by_host*', cli_name='not_man_by_hosts', csv=True) +option: Str('man_host*', cli_name='man_hosts', csv=True) +option: Str('not_man_host*', cli_name='not_man_hosts', csv=True) output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None)) output: Output('count', <type 'int'>, None) @@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=22 +IPA_API_VERSION_MINOR=23 diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 3d6480458..f59a0d410 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1595,6 +1595,31 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): for arg in super(crud.Search, self).get_args(): yield arg + def get_member_options(self, attr): + for ldap_obj_name in self.obj.attribute_members[attr]: + ldap_obj = self.api.Object[ldap_obj_name] + relationship = self.obj.relationships.get( + attr, ['member', '', 'no_'] + ) + doc = self.member_param_incl_doc % ( + self.obj.object_name_plural, relationship[0].lower(), + ldap_obj.object_name_plural + ) + name = '%s%s' % (relationship[1], to_cli(ldap_obj_name)) + yield Str( + '%s*' % name, cli_name='%ss' % name, doc=doc, + label=ldap_obj.object_name, csv=True + ) + doc = self.member_param_excl_doc % ( + self.obj.object_name_plural, relationship[0].lower(), + ldap_obj.object_name_plural + ) + name = '%s%s' % (relationship[2], to_cli(ldap_obj_name)) + yield Str( + '%s*' % name, cli_name='%ss' % name, doc=doc, + label=ldap_obj.object_name, csv=True + ) + def get_options(self): for option in super(LDAPSearch, self).get_options(): yield option @@ -1602,29 +1627,8 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): 'no_output' not in self.obj.primary_key.flags: yield gen_pkey_only_option(self.obj.primary_key.cli_name) for attr in self.member_attributes: - for ldap_obj_name in self.obj.attribute_members[attr]: - ldap_obj = self.api.Object[ldap_obj_name] - relationship = self.obj.relationships.get( - attr, ['member', '', 'no_'] - ) - doc = self.member_param_incl_doc % ( - self.obj.object_name_plural, relationship[0].lower(), - ldap_obj.object_name_plural - ) - name = '%s%s' % (relationship[1], to_cli(ldap_obj_name)) - yield Str( - '%s*' % name, cli_name='%ss' % name, doc=doc, - label=ldap_obj.object_name, csv=True - ) - doc = self.member_param_excl_doc % ( - self.obj.object_name_plural, relationship[0].lower(), - ldap_obj.object_name_plural - ) - name = '%s%s' % (relationship[2], to_cli(ldap_obj_name)) - yield Str( - '%s*' % name, cli_name='%ss' % name, doc=doc, - label=ldap_obj.object_name, csv=True - ) + for option in self.get_member_options(attr): + yield option def get_member_filter(self, ldap, **options): filter = '' diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index a37297e48..0cae656b7 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -33,6 +33,7 @@ from ipalib.plugins.dns import dns_container_exists, _record_types from ipalib.plugins.dns import add_forward_record from ipalib import _, ngettext from ipalib import x509 +from ipalib.dn import * from ipapython.ipautil import ipa_generate_password, CheckedIPAddress from ipalib.request import context import base64 @@ -733,10 +734,56 @@ class host_find(LDAPSearch): ) member_attributes = ['memberof', 'enrolledby', 'managedby'] + def get_options(self): + for option in super(host_find, self).get_options(): + yield option + # "managing" membership has to be added and processed separately + for option in self.get_member_options('managing'): + yield option + def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *args, **options): if 'locality' in attrs_list: attrs_list.remove('locality') attrs_list.append('l') + if 'man_host' in options or 'not_man_host' in options: + hosts = [] + if options.get('man_host') is not None: + for pkey in options.get('man_host', []): + dn = self.obj.get_dn(pkey) + try: + (dn, entry_attrs) = ldap.get_entry(dn, ['managedby']) + except errors.NotFound: + self.obj.handle_not_found(pkey) + hosts.append(set(entry_attrs.get('managedby', ''))) + hosts = list(reduce(lambda s1, s2: s1 & s2, hosts)) + + if not hosts: + # There is no host managing _all_ hosts in --man-hosts + filter = ldap.combine_filters( + (filter, '(objectclass=disabled)'), ldap.MATCH_ALL + ) + + not_hosts = [] + if options.get('not_man_host') is not None: + for pkey in options.get('not_man_host', []): + dn = self.obj.get_dn(pkey) + try: + (dn, entry_attrs) = ldap.get_entry(dn, ['managedby']) + except errors.NotFound: + self.obj.handle_not_found(pkey) + not_hosts += entry_attrs.get('managedby', []) + not_hosts = list(set(not_hosts)) + + for target_hosts, filter_op in ((hosts, ldap.MATCH_ANY), + (not_hosts, ldap.MATCH_NONE)): + hosts_avas = [DN(host)[0][0] for host in target_hosts] + hosts_filters = [ldap.make_filter_from_attr(ava.attr, ava.value) for ava in hosts_avas] + hosts_filter = ldap.combine_filters(hosts_filters, filter_op) + + filter = ldap.combine_filters( + (filter, hosts_filter), ldap.MATCH_ALL + ) + return (filter.replace('locality', 'l'), base_dn, scope) def post_callback(self, ldap, entries, truncated, *args, **options): diff --git a/tests/test_xmlrpc/test_host_plugin.py b/tests/test_xmlrpc/test_host_plugin.py index 9459aec39..372ee256e 100644 --- a/tests/test_xmlrpc/test_host_plugin.py +++ b/tests/test_xmlrpc/test_host_plugin.py @@ -391,6 +391,39 @@ class test_host(Declarative): ), dict( + desc='Search for hosts with --man-hosts and --not-man-hosts', + command=('host_find', [], {'man_host' : fqdn3, 'not_man_host' : fqdn1}), + expected=dict( + count=1, + truncated=False, + summary=u'1 host matched', + result=[ + dict( + dn=lambda x: DN(x) == dn3, + fqdn=[fqdn3], + description=[u'Test host 2'], + l=[u'Undisclosed location 2'], + krbprincipalname=[u'host/%s@%s' % (fqdn3, api.env.realm)], + has_keytab=False, + has_password=False, + managedby_host=[u'%s' % fqdn3, u'%s' % fqdn1], + ), + ], + ), + ), + + dict( + desc='Try to search for hosts with --man-hosts', + command=('host_find', [], {'man_host' : [fqdn3,fqdn4]}), + expected=dict( + count=0, + truncated=False, + summary=u'0 hosts matched', + result=[], + ), + ), + + dict( desc='Remove managedby_host %r from %r' % (fqdn1, fqdn3), command=('host_remove_managedby', [fqdn3], dict( |