| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Move the remaining plugin code from ipalib.plugins to ipaserver.plugins.
Remove the now unused ipalib.plugins package.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
File arguments are relevant only on the client, on the server they are the
same as Str. Specify the arguments as Str in ipalib.plugins and override
them with File in ipaclient.plugins.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a set of plugins for API schema introspection. This includes:
* a set of commands for command introspection
(`command_find`, `command_show`, `command_defaults`),
* a set of commands for command param introspection
(`param_find`, `param_show`),
* a set of commands for command output introspection
(`output_find`, `output_show`),
* a set of commands for help topic introspection
(`topic_find`, `topic_show`),
* a command to get the full API schema in one call (`schema`).
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce new `deprecated` Param keywork argument. Setting it to True on a
param has the same effect as using DeprecatedParam. This allows deprecating
params while retaining their type information.
Revert all DeprecatedParam params back to their original definition and set
`deprecated` to True.
Remove the now unused DeprecatedParam class.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Provide client-side overrides for command plugins which implement any of
the client-side `interactive_prompt_callback`, `forward` or
`output_for_cli` methods and move the methods from the original plugins to
the overrides.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Move the shared code to a new ipalib.dns module.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Specify module topic by name rather than by name and summary. A topic
module of the topic name must exist. Summary is extracted from the
docstring of the topic module.
This changes makes topic handling more generic and consistent between
modules and commands.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Move the rpcclient backend and commands which are executed on the client
to ipaclient.plugins.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Do not crash in interactive mode of dnsrecord_{add,mod}.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/433
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add option to add host dialog which allows to show generated OTP.
This patch also changed the way of informing user about success of adding host
but only when the 'Generate OTP' option is checked. There is a new dialog with
generated OTP.
https://fedorahosted.org/freeipa/ticket/4602
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cert_revoke -h" and "ipa cert_find -h".
According to review feedback, I changed the help message as follow
$ ipa cert_revoke -h
Usage: ipa [global-options] cert-revoke SERIAL-NUMBER [options]
Revoke a certificate.
Options:
-h, --help show this help message and exit
--revocation-reason=INT
Reason for revoking the certificate (0-10). Type "ipa
help cert" for revocation reason details.
https://fedorahosted.org/freeipa/ticket/5819
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Gabe Alford <redhatrises@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The 'no_cli' is not valid flag in parameters scope, so to hide option from
CLI 'no_option' flag should be used
https://fedorahosted.org/freeipa/ticket/4995
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In all *-find commands, member attributes shouldn't be processed due
high amount fo ldpaserches cause serious performance issues. For this
reason --no-members option is set by default in CLI and API.
To get members in *-find command option --all in CLI is rquired or
'no_members=False' or 'all=True' must be set in API call.
For other commands processing of members stays unchanged. WebUI is not
affected by this change.
https://fedorahosted.org/freeipa/ticket/4995
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
With many members commands became slow. Making this option public allows
users to speedup searches.
https://fedorahosted.org/freeipa/ticket/4995
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ad-hoc LDAP calls in DNS upgrade code were hard to maintain and
ipaConfigString was bad idea from the very beginning as it was hard to
manipulate the number in it.
To avoid problems in future we are introducing new ipaDNSVersion
attribute which is used on cn=dns instead of ipaConfigString.
Original value of ipaConfigString is kept in the tree for now
so older upgraders see it and do not execute the upgrade procedure again.
The attribute can be changed only by installer/upgrade so it is not
exposed in dnsconfig_mod API.
Command dnsconfig_show displays it only if --all option was used.
https://fedorahosted.org/freeipa/ticket/5710
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
After discussion with Martin Basti we decided to standardize on root_logger
with hope that one day we will use root_logger.getLogger('module')
to make logging prettier and tunable per module.
https://fedorahosted.org/freeipa/ticket/5710
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This is preparatory work to avoid (future) cyclic import between
ipapython.dnsutil and ipapython.ipautil.
https://fedorahosted.org/freeipa/ticket/5710
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Forwarding policy "first" or "none" may conflicts with some automatic empty
zones. Queries for zones specified by RFC 6303 will ignore
forwarding and recursion and always result in NXDOMAIN answers.
This is not detected and warned about. Global forwarding is equivalent
to forward zone ".".
Example:
Forward zone 1.10.in-addr.arpa with policy "first"
will not forward anything because BIND will automatically prefer
automatic empty zone "10.in-addr.arpa." which is authoritative.
https://fedorahosted.org/freeipa/ticket/5710
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Added 'employeenumber', 'departmentnumber' and 'mail' to Modify Users
permission
https://fedorahosted.org/freeipa/ticket/5911#comment:2
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This will make it possible to move the plugin modules between ipalib,
ipaclient and ipaserver without having to change the imports.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Copy arguments of vault_{add,mod,archive,retrieve} from
vault_{add,mod,archive,retrieve}_internal.
Also add missing LDAPCreate arguments to vault_add_internal.
This will make it possible to move the commands to ipaclient.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Move client-side code from the vault class to module-level functions.
This will make it possible to move the code to ipaclient without the vault
class bits.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Copy args, options and output of otptoken_add_yubikey from otptoken_add.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Import DN from ipapython.dn rather than ipalib.plugins.baseldap.
This will make it possible to move otptoken_sync to ipaclient.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace code which references the DNSRecord and dnsrecord classes with
equivalent code which uses only generic data structures.
This will make it possible to move client code to ipaclient without
dnsrecord bits, DNSRecord and all its subclasses.
The conversion from record value to structured record can't be done on the
client without DNSRecord and subclasses. Introduce a new internal command
dnsrecord_split_parts to do the job on the server when necessary.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Move DNSRecord and dnsrecord code called on client to module-level
functions.
This will make it possible to move the code to ipaclient without the
DNSRecord and dnsrecord class bits.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
automountlocation_import is a client-side command which does not use LDAP
directly. Inherit it from Command rather than LDAPQuery and copy its
arguments from automountlocation_show.
This will make it possible to move automountlocation_import to ipaclient.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Move interactive_prompt callback type from baseldap.BaseLDAPCommand to
Command.
This will make it possible to move all interactive_prompt callbacks to
ipaclient.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Also make it possible for subclasses to introduce new callback types.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Do not use the deprecated API.register method.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Fix several plugins not to assume optional positional arguments have a
value of None when not specified.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not validate values of command arguments on the client and let the
server handle validation.
This will make the client more lightweight by not having it to carry
validation code and metadata with itself for the price of increasing
network traffic in case the validation fails.
Types of the arguments are still validated on both the client and the
server.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Include keyword arguments of exceptions in RPC responses. This is limited
to JSON-RPC, as XML-RPC does not support additional data in error
responses.
Include keyword arguments of messages in RPC responses.
Include keyword arguments of exceptions in batch command result.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Do not set the `value`, `index` and `rule` arguments when raising
ConversionError and ValidationError. The arguments are unused and are not
specified consistently accross the framework and plugins.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
| |
Variable msg may not exists in the last except context, and even it
contains improper value because it is not related to catched exception
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This might happen when the command is called directly in Python,
e.g. in installers and so on.
Pylint pylint-1.5.5-1.fc24.noarch caught this.
https://fedorahosted.org/freeipa/ticket/5838
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4955
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4985
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
In Python 3, the "message" attribute has been removed in favor of
calling str() on the error.
Part of the work for https://fedorahosted.org/freeipa/ticket/4985
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Python 3, str.encode('ascii') converts to bytes, and str()
(nicknamed unicode() in IPA) returns the string representation
of an object, which is b'...' for bytes.
So, unicode('...'.encode('ascii')) results in "b'...'".
Change the code to only call encode() for the error.
Part of the work for https://fedorahosted.org/freeipa/ticket/4985
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Host, user and idview commands do unnnecessary extra search for
ipasshpubkey attribute to generate fingerprints.
Note: Host and user plugins shows ipasshpubkey only when the attribute
is changed, idviews show ipasshpubkey always. This behavior has been
kept by this commit.
common_pre/post_callbacks were fixed in [base|stage]user modules.
common_callbacks requires the same arguments as pre/post_callbacks now
(except baseuser_find.post_common_callback)
Note2: in *-add commands there is no need for managing ipasshpubkey as
this attribute should be shown always there.
https://fedorahosted.org/freeipa/ticket/3376
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For each entry in user/host-find was executed an extra search for password
attributes what has significant impact on performance (for 2000 users
there were 2000 additional searches)
http://www.freeipa.org/page/V4/Performance_Improvements
https://fedorahosted.org/freeipa/ticket/5281
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5773
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
