diff options
author | John Dennis <jdennis@redhat.com> | 2011-08-24 22:48:30 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-08-24 23:13:16 -0400 |
commit | 1b4eab0411cd4e669e3bd18541f5736c9aa81467 (patch) | |
tree | 55e54f7879165508f770adb9615b1b5bd8c4c885 | |
parent | 7746e22fe7da42d6e221770c93f1926e92343965 (diff) | |
download | freeipa-1b4eab0411cd4e669e3bd18541f5736c9aa81467.tar.gz freeipa-1b4eab0411cd4e669e3bd18541f5736c9aa81467.tar.xz freeipa-1b4eab0411cd4e669e3bd18541f5736c9aa81467.zip |
ticket 1669 - improve i18n docstring extraction
This patch reverts the use of pygettext for i18n string extraction. It
was originally introduced because the help documentation for commands
are in the class docstring and module docstring.
Docstrings are a Python construct whereby any string which immediately
follows a class declaration, function/method declaration or appears
first in a module is taken to be the documentation for that
object. Python automatically assigns that string to the __doc__
variable associated with the object. Explicitly assigning to the
__doc__ variable is equivalent and permitted.
We mark strings in the source for i18n translation by embedding them
in _() or ngettext(). Specialized extraction tools (e.g. xgettext)
scan the source code looking for strings with those markers and
extracts the string for inclusion in a translation catalog.
It was mistakingly assumed one could not mark for translation Python
docstrings. Since some docstrings are vital for our command help
system some method had to be devised to extract docstrings for the
translation catalog. pygettext has the ability to locate and extract
docstrings and it was introduced to acquire the documentation for our
commands located in module and class docstrings.
However pygettext was too large a hammer for this task, it lacked any
fined grained ability to extract only the docstrings we were
interested in. In practice it extracted EVERY docstring in each file
it was presented with. This caused a large number strings to be
extracted for translation which had no reason to be translated, the
string might have been internal code documentation never meant to be
seen by users. Often the superfluous docstrings were long, complex and
likely difficult to translate. This placed an unnecessary burden on
our volunteer translators.
Instead what is needed is some method to extract only those strings
intended for translation. We already have such a mechanism and it is
already widely used, namely wrapping strings intended for translation
in calls to _() or _negettext(), i.e. marking a string for i18n
translation. Thus the solution to the docstring translation problem is
to mark the docstrings exactly as we have been doing, it only requires
that instead of a bare Python docstring we instead assign the marked
string to the __doc__ variable. Using the hypothetical class foo as
an example.
class foo(Command):
'''
The foo command takes out the garbage.
'''
Would become:
class foo(Command):
__doc__ = _('The foo command takes out the garbage.')
But which docstrings need to be marked for translation? The makeapi
tool knows how to iterate over every command in our public API. It was
extended to validate every command's documentation and report if any
documentation is missing or not marked for translation. That
information was then used to identify each docstring in the code which
needed to be transformed.
In summary what this patch does is:
* Remove the use of pygettext (modification to install/po/Makefile.in)
* Replace every docstring with an explicit assignment to __doc__ where
the rhs of the assignment is an i18n marking function.
* Single line docstrings appearing in multi-line string literals
(e.g. ''' or """) were replaced with single line string literals
because the multi-line literals were introducing unnecessary
whitespace and newlines in the string extracted for translation. For
example:
'''
The foo command takes out the garbage.
'''
Would appear in the translation catalog as:
"\n
The foo command takes out the garbage.\n
"
The superfluous whitespace and newlines are confusing to translators
and requires us to strip leading and trailing whitespace from the
translation at run time.
* Import statements were moved from below the docstring to above
it. This was necessary because the i18n markers are imported
functions and must be available before the the doc is
parsed. Technically only the import of the i18n markers had to
appear before the doc but stylistically it's better to keep all the
imports together.
* It was observed during the docstring editing process that the
command documentation was inconsistent with respect to the use of
periods to terminate a sentence. Some doc had a trailing period,
others didn't. Consistency was enforced by adding a period to end of
every docstring if one was missing.
31 files changed, 634 insertions, 914 deletions
diff --git a/install/po/Makefile.in b/install/po/Makefile.in index 00ff9f97c..47c8bbba5 100644 --- a/install/po/Makefile.in +++ b/install/po/Makefile.in @@ -10,7 +10,6 @@ AWK = @AWK@ SED = @SED@ MKDIR_P = @MKDIR_P@ XGETTEXT = @XGETTEXT@ -PYGETTEXT = install/po/pygettext.py MSGFMT = @MSGFMT@ MSGINIT = @MSGINIT@ MSGMERGE = @MSGMERGE@ @@ -28,16 +27,13 @@ XGETTEXT_OPTIONS = \ --copyright-holder="$(COPYRIGHT_HOLDER)" \ --package-name="$(PACKAGE_NAME)" \ --msgid-bugs-address="$(PACKAGE_BUGREPORT)" -PYGETTEXT_OPTIONS = \ ---docstrings languages = $(shell $(SED) 's/\#.*//' LINGUAS) # The sed command removes comments po_files = $(patsubst %, %.po, $(languages)) mo_files = $(patsubst %.po, %.mo, $(po_files)) po_count=$(words $(po_files)) -PY_FILES = $(shell cd ../..; git ls-files | grep -v -e "^tests/" -e "^doc/" -e "^install/po/" -e "^ipapython/test/" -e "setup.py" -e "setup-client.py" -e "^ipalib/plugins/" | grep "\.py$$" | tr '\n' ' '; cd install/po) -PY_PLUGIN_FILES = $(shell cd ../..; git ls-files | grep -e "^ipalib/plugins/" | grep "\.py$$" | tr '\n' ' '; cd install/po) +PY_FILES = $(shell cd ../..; git ls-files | grep -v -e "^tests/" -e "^doc/" -e "^install/po/" -e "^ipapython/test/" -e "setup.py" -e "setup-client.py" | grep "\.py$$" | tr '\n' ' '; cd install/po) C_FILES = $(shell cd ../..; git ls-files | grep "\.c$$" | tr '\n' ' '; cd install/po) H_FILES = $(shell cd ../..; git ls-files | grep "\.h$$" | tr '\n' ' '; cd install/po) @@ -102,13 +98,8 @@ update-po: update-pot update-pot: @rm -f $(DOMAIN).pot.update @pushd ../.. ; \ - $(PYGETTEXT) $(PYGETTEXT_OPTIONS) \ - --output install/po/$(DOMAIN).pot.update \ - $(PY_PLUGIN_FILES) \ - && \ $(XGETTEXT) $(XGETTEXT_OPTIONS) \ --output install/po/$(DOMAIN).pot.update \ - --join-existing \ --language="python" \ $(PYTHON_POTFILES) \ && \ diff --git a/ipalib/plugins/automount.py b/ipalib/plugins/automount.py index 6aa3afd0d..1b2214d11 100644 --- a/ipalib/plugins/automount.py +++ b/ipalib/plugins/automount.py @@ -17,7 +17,16 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib import api, errors +from ipalib import Object, Command +from ipalib import Flag, Str, IA5Str +from ipalib.plugins.baseldap import * +from ipalib import _, ngettext +import ldap as _ldap +import os + +__doc__ = _(""" Automount Stores automount(8) configuration for autofs(8) in IPA. @@ -101,7 +110,7 @@ Keys: Remove the man key from the auto.share map: ipa automountkey-del baltimore auto.share --key=man -""" +""") """ Developer notes: @@ -169,13 +178,6 @@ automountInformation: -ro,soft,rsize=8192,wsize=8192 nfs.example.com:/vol/arch ive/stuff """ -from ipalib import api, errors -from ipalib import Object, Command -from ipalib import Flag, Str, IA5Str -from ipalib.plugins.baseldap import * -from ipalib import _, ngettext -import ldap as _ldap -import os DIRECT_MAP_KEY = u'/-' DEFAULT_MAPS = (u'auto.direct', ) @@ -206,9 +208,7 @@ api.register(automountlocation) class automountlocation_add(LDAPCreate): - """ - Create a new automount location. - """ + __doc__ = _('Create a new automount location.') msg_summary = _('Added automount location "%(value)s"') @@ -229,9 +229,7 @@ api.register(automountlocation_add) class automountlocation_del(LDAPDelete): - """ - Delete an automount location. - """ + __doc__ = _('Delete an automount location.') msg_summary = _('Deleted automount location "%(value)s"') @@ -239,17 +237,13 @@ api.register(automountlocation_del) class automountlocation_show(LDAPRetrieve): - """ - Display an automount location. - """ + __doc__ = _('Display an automount location.') api.register(automountlocation_show) class automountlocation_find(LDAPSearch): - """ - Search for an automount location. - """ + __doc__ = _('Search for an automount location.') msg_summary = ngettext( '%(count)d automount location matched', @@ -260,9 +254,8 @@ api.register(automountlocation_find) class automountlocation_tofiles(LDAPQuery): - """ - Generate automount files for a specific location. - """ + __doc__ = _('Generate automount files for a specific location.') + def execute(self, *args, **options): ldap = self.obj.backend @@ -323,9 +316,7 @@ api.register(automountlocation_tofiles) class automountlocation_import(LDAPQuery): - """ - Import automount files for a specific location. - """ + __doc__ = _('Import automount files for a specific location.') takes_args = ( Str('masterfile', @@ -543,9 +534,7 @@ api.register(automountmap) class automountmap_add(LDAPCreate): - """ - Create a new automount map. - """ + __doc__ = _('Create a new automount map.') msg_summary = _('Added automount map "%(value)s"') @@ -553,9 +542,7 @@ api.register(automountmap_add) class automountmap_del(LDAPDelete): - """ - Delete an automount map. - """ + __doc__ = _('Delete an automount map.') msg_summary = _('Deleted automount map "%(value)s"') @@ -575,9 +562,7 @@ api.register(automountmap_del) class automountmap_mod(LDAPUpdate): - """ - Modify an automount map. - """ + __doc__ = _('Modify an automount map.') msg_summary = _('Modified automount map "%(value)s"') @@ -585,9 +570,7 @@ api.register(automountmap_mod) class automountmap_find(LDAPSearch): - """ - Search for an automount map. - """ + __doc__ = _('Search for an automount map.') msg_summary = ngettext( '%(count)d automount map matched', @@ -598,17 +581,14 @@ api.register(automountmap_find) class automountmap_show(LDAPRetrieve): - """ - Display an automount map. - """ + __doc__ = _('Display an automount map.') api.register(automountmap_show) class automountkey(LDAPObject): - """ - Automount key object. - """ + __doc__ = _('Automount key object.') + parent_object = 'automountmap' container_dn = api.env.container_automount object_name = _('automount key') @@ -753,9 +733,7 @@ api.register(automountkey) class automountkey_add(LDAPCreate): - """ - Create a new automount key. - """ + __doc__ = _('Create a new automount key.') msg_summary = _('Added automount key "%(value)s"') @@ -780,9 +758,7 @@ api.register(automountkey_add) class automountmap_add_indirect(LDAPCreate): - """ - Create a new indirect mount point. - """ + __doc__ = _('Create a new indirect mount point.') msg_summary = _('Added automount indirect map "%(value)s"') @@ -818,9 +794,7 @@ api.register(automountmap_add_indirect) class automountkey_del(LDAPDelete): - """ - Delete an automount key. - """ + __doc__ = _('Delete an automount key.') msg_summary = _('Deleted automount key "%(value)s"') @@ -862,9 +836,7 @@ api.register(automountkey_del) class automountkey_mod(LDAPUpdate): - """ - Modify an automount key. - """ + __doc__ = _('Modify an automount key.') msg_summary = _('Modified automount key "%(value)s"') @@ -920,9 +892,7 @@ api.register(automountkey_mod) class automountkey_find(LDAPSearch): - """ - Search for an automount key. - """ + __doc__ = _('Search for an automount key.') msg_summary = ngettext( '%(count)d automount key matched', @@ -933,9 +903,8 @@ api.register(automountkey_find) class automountkey_show(LDAPRetrieve): - """ - Display an automount key. - """ + __doc__ = _('Display an automount key.') + takes_options = LDAPRetrieve.takes_options + ( IA5Str('automountkey', cli_name='key', diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py index 2c8ab4992..e32004e54 100644 --- a/ipalib/plugins/cert.py +++ b/ipalib/plugins/cert.py @@ -19,7 +19,28 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" +from ipalib import api, SkipPluginModule +if api.env.enable_ra is not True: + # In this case, abort loading this plugin module... + raise SkipPluginModule(reason='env.enable_ra is not True') +from ipalib import Command, Str, Int, Bytes, Flag, File +from ipalib import errors +from ipalib import pkcs10 +from ipalib import x509 +from ipalib import util +from ipalib.plugins.virtual import * +from ipalib.plugins.service import split_principal +import base64 +import logging +import traceback +from ipalib.text import _ +from ipalib.request import context +from ipalib.output import Output +from ipalib.plugins.service import validate_principal +import nss.nss as nss +from nss.error import NSPRError + +__doc__ = _(""" IPA certificate operations Implements a set of commands for managing server SSL certificates. @@ -77,28 +98,7 @@ Note that reason code 7 is not used. See RFC 5280 for more details: http://www.ietf.org/rfc/rfc5280.txt -""" - -from ipalib import api, SkipPluginModule -if api.env.enable_ra is not True: - # In this case, abort loading this plugin module... - raise SkipPluginModule(reason='env.enable_ra is not True') -from ipalib import Command, Str, Int, Bytes, Flag, File -from ipalib import errors -from ipalib import pkcs10 -from ipalib import x509 -from ipalib import util -from ipalib.plugins.virtual import * -from ipalib.plugins.service import split_principal -import base64 -import logging -import traceback -from ipalib.text import _ -from ipalib.request import context -from ipalib.output import Output -from ipalib.plugins.service import validate_principal -import nss.nss as nss -from nss.error import NSPRError +""") def get_csr_hostname(csr): """ @@ -199,9 +199,7 @@ def get_host_from_principal(principal): return hostname class cert_request(VirtualCommand): - """ - Submit a certificate signing request. - """ + __doc__ = _('Submit a certificate signing request.') takes_args = ( File('csr', validate_csr, @@ -393,9 +391,7 @@ api.register(cert_request) class cert_status(VirtualCommand): - """ - Check the status of a certificate signing request. - """ + __doc__ = _('Check the status of a certificate signing request.') takes_args = ( Str('request_id', @@ -428,9 +424,7 @@ _serial_number = Str('serial_number', ) class cert_show(VirtualCommand): - """ - Retrieve an existing certificate. - """ + __doc__ = _('Retrieve an existing certificate.') takes_args = _serial_number @@ -515,9 +509,7 @@ api.register(cert_show) class cert_revoke(VirtualCommand): - """ - Revoke a certificate. - """ + __doc__ = _('Revoke a certificate.') takes_args = _serial_number @@ -562,9 +554,7 @@ api.register(cert_revoke) class cert_remove_hold(VirtualCommand): - """ - Take a revoked certificate off hold. - """ + __doc__ = _('Take a revoked certificate off hold.') takes_args = _serial_number diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py index b973e43bc..b78597c1b 100644 --- a/ipalib/plugins/config.py +++ b/ipalib/plugins/config.py @@ -17,7 +17,14 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib import api +from ipalib import Bool, Int, Str, IA5Str +from ipalib.plugins.baseldap import * +from ipalib import _ +from ipalib.errors import ValidationError + +__doc__ = _(""" Manage the IPA configuration Manage the default values that IPA uses and some of its tuning parameters. @@ -62,14 +69,7 @@ Certificate Subject base: the configured certificate subject base, e.g. O=EXAMPLE.COM. This is configurable only at install time. Password plug-in features: currently defines additional hashes that the password will generate (there may be other conditions). -""" - -from ipalib import api -from ipalib import Bool, Int, Str, IA5Str -from ipalib.plugins.baseldap import * -from ipalib import _ -from ipalib.errors import ValidationError - +""") def validate_searchtimelimit(ugettext, limit): if limit == 0: @@ -182,9 +182,8 @@ api.register(config) class config_mod(LDAPUpdate): - """ - Modify configuration options. - """ + __doc__ = _('Modify configuration options.') + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): if 'ipamigrationenabled' in entry_attrs: if entry_attrs['ipamigrationenabled']: @@ -219,8 +218,6 @@ api.register(config_mod) class config_show(LDAPRetrieve): - """ - Show the current configuration. - """ + __doc__ = _('Show the current configuration.') api.register(config_show) diff --git a/ipalib/plugins/delegation.py b/ipalib/plugins/delegation.py index 914552f1b..fad0be362 100644 --- a/ipalib/plugins/delegation.py +++ b/ipalib/plugins/delegation.py @@ -16,7 +16,16 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +import copy +from ipalib import api, _, ngettext +from ipalib import Flag, Str, List +from ipalib.request import context +from ipalib import api, crud, errors +from ipalib import output +from ipalib import Object, Command + +__doc__ = _(""" Group to Group Delegation A permission enables fine-grained delegation of permissions. Access Control @@ -40,15 +49,7 @@ EXAMPLES: Delete a rule: ipa delegation-del "managers edit employees' street" -""" - -import copy -from ipalib import api, _, ngettext -from ipalib import Flag, Str, List -from ipalib.request import context -from ipalib import api, crud, errors -from ipalib import output -from ipalib import Object, Command +""") ACI_PREFIX=u"delegation" @@ -150,9 +151,7 @@ api.register(delegation) class delegation_add(crud.Create): - """ - Add a new delegation. - """ + __doc__ = _('Add a new delegation.') msg_summary = _('Added delegation "%(value)s"') @@ -174,9 +173,7 @@ api.register(delegation_add) class delegation_del(crud.Delete): - """ - Delete a delegation. - """ + __doc__ = _('Delete a delegation.') has_output = output.standard_boolean msg_summary = _('Deleted delegation "%(value)s"') @@ -195,9 +192,7 @@ api.register(delegation_del) class delegation_mod(crud.Update): - """ - Modify a delegation. - """ + __doc__ = _('Modify a delegation.') msg_summary = _('Modified delegation "%(value)s"') @@ -217,9 +212,7 @@ api.register(delegation_mod) class delegation_find(crud.Search): - """ - Search for delegations. - """ + __doc__ = _('Search for delegations.') msg_summary = ngettext( '%(count)d delegation matched', '%(count)d delegations matched', 0 @@ -248,9 +241,8 @@ api.register(delegation_find) class delegation_show(crud.Retrieve): - """ - Display information about a delegation. - """ + __doc__ = _('Display information about a delegation.') + has_output_params = ( Str('aci', label=_('ACI'), diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index b4eee1139..d922cdfb5 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -17,7 +17,20 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +import netaddr +import time + +from ipalib import api, errors, output +from ipalib import Command +from ipalib import Flag, Int, List, Str, StrEnum +from ipalib.plugins.baseldap import * +from ipalib import _, ngettext +from ipapython import dnsclient +from ipapython.ipautil import valid_ip +from ldap import explode_dn + +__doc__ = _(""" Domain Name System (DNS) Manage DNS zone and resource records. @@ -98,19 +111,7 @@ EXAMPLES: if one is not included): ipa dns-resolve www.example.com ipa dns-resolve www -""" - -import netaddr -import time - -from ipalib import api, errors, output -from ipalib import Command -from ipalib import Flag, Int, List, Str, StrEnum -from ipalib.plugins.baseldap import * -from ipalib import _, ngettext -from ipapython import dnsclient -from ipapython.ipautil import valid_ip -from ldap import explode_dn +""") # supported resource record types _record_types = ( @@ -404,9 +405,8 @@ api.register(dnszone) class dnszone_add(LDAPCreate): - """ - Create new DNS zone (SOA record). - """ + __doc__ = _('Create new DNS zone (SOA record).') + takes_options = LDAPCreate.takes_options + ( Flag('force', label=_('Force'), @@ -461,17 +461,14 @@ api.register(dnszone_add) class dnszone_del(LDAPDelete): - """ - Delete DNS zone (SOA record). - """ + __doc__ = _('Delete DNS zone (SOA record).') api.register(dnszone_del) class dnszone_mod(LDAPUpdate): - """ - Modify DNS zone (SOA record). - """ + __doc__ = _('Modify DNS zone (SOA record).') + def pre_callback(self, ldap, dn, entry_attrs, *keys, **options): if 'name_from_ip' in entry_attrs: del entry_attrs['name_from_ip'] @@ -484,9 +481,8 @@ api.register(dnszone_mod) class dnszone_find(LDAPSearch): - """ - Search for DNS zones (SOA records). - """ + __doc__ = _('Search for DNS zones (SOA records).') + def args_options_2_entry(self, *args, **options): if 'name_from_ip' in options: if 'idnsname' not in options: @@ -517,17 +513,14 @@ api.register(dnszone_find) class dnszone_show(LDAPRetrieve): - """ - Display information about a DNS zone (SOA record). - """ + __doc__ = _('Display information about a DNS zone (SOA record).') api.register(dnszone_show) class dnszone_disable(LDAPQuery): - """ - Disable DNS Zone. - """ + __doc__ = _('Disable DNS Zone.') + has_output = output.standard_value msg_summary = _('Disabled DNS zone "%(value)s"') @@ -547,9 +540,8 @@ api.register(dnszone_disable) class dnszone_enable(LDAPQuery): - """ - Enable DNS Zone. - """ + __doc__ = _('Enable DNS Zone.') + has_output = output.standard_value msg_summary = _('Enabled DNS zone "%(value)s"') @@ -804,9 +796,8 @@ api.register(dnsrecord_add_record) class dnsrecord_add(LDAPCreate, dnsrecord_cmd_w_record_options): - """ - Add new DNS resource record. - """ + __doc__ = _('Add new DNS resource record.') + no_option_msg = 'No options to add a specific record provided.\n' \ "Command help may be consulted for all supported record types." takes_options = LDAPCreate.takes_options + ( @@ -866,9 +857,8 @@ api.register(dnsrecord_add) class dnsrecord_mod(dnsrecord_mod_record): - """ - Modify a DNS resource record. - """ + __doc__ = _('Modify a DNS resource record.') + no_option_msg = 'No options to modify a specific record provided.' def update_old_entry_callback(self, entry_attrs, old_entry_attrs): @@ -914,9 +904,8 @@ api.register(dnsrecord_delentry) class dnsrecord_del(dnsrecord_mod_record): - """ - Delete DNS resource record. - """ + __doc__ = _('Delete DNS resource record.') + no_option_msg = _('Neither --del-all nor options to delete a specific record provided.\n'\ "Command help may be consulted for all supported record types.") takes_options = ( @@ -1003,9 +992,8 @@ api.register(dnsrecord_del) class dnsrecord_show(LDAPRetrieve, dnsrecord_cmd_w_record_options): - """ - Display DNS resource. - """ + __doc__ = _('Display DNS resource.') + def has_output_params(self): for option in self.get_record_options(): yield option @@ -1019,9 +1007,8 @@ api.register(dnsrecord_show) class dnsrecord_find(LDAPSearch, dnsrecord_cmd_w_record_options): - """ - Search for DNS resources. - """ + __doc__ = _('Search for DNS resources.') + def get_options(self): for option in super(dnsrecord_find, self).get_options(): yield option @@ -1046,9 +1033,8 @@ class dnsrecord_find(LDAPSearch, dnsrecord_cmd_w_record_options): api.register(dnsrecord_find) class dns_resolve(Command): - """ - Resolve a host name in DNS - """ + __doc__ = _('Resolve a host name in DNS.') + has_output = output.standard_value msg_summary = _('Found \'%(value)s\'') diff --git a/ipalib/plugins/entitle.py b/ipalib/plugins/entitle.py index 0543b0f23..28d2c5dc8 100644 --- a/ipalib/plugins/entitle.py +++ b/ipalib/plugins/entitle.py @@ -16,40 +16,6 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" -Entitlements - -Manage entitlements for client machines - -Entitlements can be managed either by registering with an entitlement -server with a username and password or by manually importing entitlement -certificates. An entitlement certificate contains embedded information -such as the product being entitled, the quantity and the validity dates. - -An entitlement server manages the number of client entitlements available. -To mark these entitlements as used by the IPA server you provide a quantity -and they are marked as consumed on the entitlement server. - - Register with an entitlement server: - ipa entitle-register consumer - - Import an entitlement certificate: - ipa entitle-import /home/user/ipaclient.pem - - Display current entitlements: - ipa entitle-status - - Retrieve details on entitlement certificates: - ipa entitle-get - - Consume some entitlements from the entitlement server: - ipa entitle-consume 50 - -The registration ID is a Unique Identifier (UUID). This ID will be -IMPORTED if you have used entitle-import. - -Changes to /etc/rhsm/rhsm.conf require a restart of the httpd service. -""" from ipalib import api, SkipPluginModule try: @@ -83,6 +49,41 @@ from ipalib import x509 import locale +__doc__ = _(""" +Entitlements + +Manage entitlements for client machines + +Entitlements can be managed either by registering with an entitlement +server with a username and password or by manually importing entitlement +certificates. An entitlement certificate contains embedded information +such as the product being entitled, the quantity and the validity dates. + +An entitlement server manages the number of client entitlements available. +To mark these entitlements as used by the IPA server you provide a quantity +and they are marked as consumed on the entitlement server. + + Register with an entitlement server: + ipa entitle-register consumer + + Import an entitlement certificate: + ipa entitle-import /home/user/ipaclient.pem + + Display current entitlements: + ipa entitle-status + + Retrieve details on entitlement certificates: + ipa entitle-get + + Consume some entitlements from the entitlement server: + ipa entitle-consume 50 + +The registration ID is a Unique Identifier (UUID). This ID will be +IMPORTED if you have used entitle-import. + +Changes to /etc/rhsm/rhsm.conf require a restart of the httpd service. +""") + def read_file(filename): fp = open(filename, 'r') data = fp.readlines() @@ -204,9 +205,7 @@ class entitle(LDAPObject): api.register(entitle) class entitle_status(VirtualCommand): - """ - Display current entitlements - """ + __doc__ = _('Display current entitlements.') operation="show entitlement" @@ -274,9 +273,7 @@ api.register(entitle_status) class entitle_consume(LDAPUpdate): - """ - Consume an entitlement - """ + __doc__ = _('Consume an entitlement.') operation="consume entitlement" @@ -378,9 +375,7 @@ api.register(entitle_consume) class entitle_get(VirtualCommand): - """ - Retrieve the entitlement certs - """ + __doc__ = _('Retrieve the entitlement certs.') operation="retrieve entitlement" @@ -458,9 +453,8 @@ class entitle_get(VirtualCommand): api.register(entitle_get) class entitle_find(LDAPSearch): - """ - Search for entitlement accounts. - """ + __doc__ = _('Search for entitlement accounts.') + has_output_params = output_params INTERNAL = True @@ -471,9 +465,7 @@ class entitle_find(LDAPSearch): api.register(entitle_find) class entitle_register(LDAPCreate): - """ - Register to the entitlement system - """ + __doc__ = _('Register to the entitlement system.') operation="register entitlement" @@ -571,9 +563,7 @@ api.register(entitle_register) class entitle_import(LDAPUpdate): - """ - Import an entitlement certificate. - """ + __doc__ = _('Import an entitlement certificate.') has_output_params = ( Str('product', @@ -669,9 +659,7 @@ class entitle_import(LDAPUpdate): api.register(entitle_import) class entitle_sync(LDAPUpdate): - """ - Re-sync the local entitlement cache with the entitlement server - """ + __doc__ = _('Re-sync the local entitlement cache with the entitlement server.') operation="sync entitlement" diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py index 3298b2bd3..cd4a0545e 100644 --- a/ipalib/plugins/group.py +++ b/ipalib/plugins/group.py @@ -17,7 +17,13 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib import api +from ipalib import Int, Str +from ipalib.plugins.baseldap import * +from ipalib import _, ngettext + +__doc__ = _(""" Groups of users Manage groups of users. By default, new groups are POSIX groups. You @@ -64,13 +70,7 @@ EXAMPLES: Display information about a named group. ipa group-show localadmins -""" - -from ipalib import api -from ipalib import Int, Str -from ipalib.plugins.baseldap import * -from ipalib import _, ngettext - +""") class group(LDAPObject): """ @@ -126,9 +126,7 @@ api.register(group) class group_add(LDAPCreate): - """ - Create a new group. - """ + __doc__ = _('Create a new group.') msg_summary = _('Added group "%(value)s"') @@ -152,9 +150,7 @@ api.register(group_add) class group_del(LDAPDelete): - """ - Delete group. - """ + __doc__ = _('Delete group.') msg_summary = _('Deleted group "%(value)s"') @@ -184,9 +180,8 @@ api.register(group_del) class group_mod(LDAPUpdate): - """ - Modify a group. - """ + __doc__ = _('Modify a group.') + msg_summary = _('Modified group "%(value)s"') takes_options = LDAPUpdate.takes_options + ( @@ -213,9 +208,8 @@ api.register(group_mod) class group_find(LDAPSearch): - """ - Search for groups. - """ + __doc__ = _('Search for groups.') + member_attributes = ['member', 'memberof'] msg_summary = ngettext( @@ -255,33 +249,26 @@ api.register(group_find) class group_show(LDAPRetrieve): - """ - Display information about a named group. - """ + __doc__ = _('Display information about a named group.') api.register(group_show) class group_add_member(LDAPAddMember): - """ - Add members to a group. - """ + __doc__ = _('Add members to a group.') api.register(group_add_member) class group_remove_member(LDAPRemoveMember): - """ - Remove members from a group. - """ + __doc__ = _('Remove members from a group.') api.register(group_remove_member) class group_detach(LDAPQuery): - """ - Detach a managed group from a user - """ + __doc__ = _('Detach a managed group from a user.') + has_output = output.standard_value msg_summary = _('Detached group "%(value)s" from user "%(value)s"') diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index 1ea0259a2..8368a33bd 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -16,7 +16,13 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib import api, errors +from ipalib import AccessTime, Password, Str, StrEnum +from ipalib.plugins.baseldap import * +from ipalib import _, ngettext + +__doc__ = _(""" Host-based access control Control who can access what services on what hosts and from where. You @@ -62,7 +68,7 @@ EXAMPLES: Remove a named HBAC rule: ipa hbacrule-del allow_server -""" +""") # AccessTime support is being removed for now. @@ -80,11 +86,6 @@ EXAMPLES: # ipa hbacrule-add-accesstime --time='absolute 201012161032 ~ 201012161033' test1 -from ipalib import api, errors -from ipalib import AccessTime, Password, Str, StrEnum -from ipalib.plugins.baseldap import * -from ipalib import _, ngettext - topic = ('hbac', _('Host-based access control commands')) def validate_type(ugettext, type): @@ -221,9 +222,7 @@ api.register(hbacrule) class hbacrule_add(LDAPCreate): - """ - Create a new HBAC rule. - """ + __doc__ = _('Create a new HBAC rule.') msg_summary = _('Added HBAC rule "%(value)s"') @@ -236,9 +235,7 @@ api.register(hbacrule_add) class hbacrule_del(LDAPDelete): - """ - Delete an HBAC rule. - """ + __doc__ = _('Delete an HBAC rule.') msg_summary = _('Deleted HBAC rule "%(value)s"') @@ -246,9 +243,7 @@ api.register(hbacrule_del) class hbacrule_mod(LDAPUpdate): - """ - Modify an HBAC rule. - """ + __doc__ = _('Modify an HBAC rule.') msg_summary = _('Modified HBAC rule "%(value)s"') @@ -272,9 +267,7 @@ api.register(hbacrule_mod) class hbacrule_find(LDAPSearch): - """ - Search for HBAC rules. - """ + __doc__ = _('Search for HBAC rules.') msg_summary = ngettext( '%(count)d HBAC rule matched', '%(count)d HBAC rules matched', 0 @@ -284,17 +277,13 @@ api.register(hbacrule_find) class hbacrule_show(LDAPRetrieve): - """ - Display the properties of an HBAC rule. - """ + __doc__ = _('Display the properties of an HBAC rule.') api.register(hbacrule_show) class hbacrule_enable(LDAPQuery): - """ - Enable an HBAC rule. - """ + __doc__ = _('Enable an HBAC rule.') msg_summary = _('Enabled HBAC rule "%(value)s"') has_output = output.standard_value @@ -321,9 +310,7 @@ api.register(hbacrule_enable) class hbacrule_disable(LDAPQuery): - """ - Disable an HBAC rule. - """ + __doc__ = _('Disable an HBAC rule.') msg_summary = _('Disabled HBAC rule "%(value)s"') has_output = output.standard_value @@ -431,9 +418,8 @@ class hbacrule_remove_accesstime(LDAPQuery): class hbacrule_add_user(LDAPAddMember): - """ - Add users and groups to an HBAC rule. - """ + __doc__ = _('Add users and groups to an HBAC rule.') + member_attributes = ['memberuser'] member_count_out = ('%i object added.', '%i objects added.') @@ -448,9 +434,8 @@ api.register(hbacrule_add_user) class hbacrule_remove_user(LDAPRemoveMember): - """ - Remove users and groups from an HBAC rule. - """ + __doc__ = _('Remove users and groups from an HBAC rule.') + member_attributes = ['memberuser'] member_count_out = ('%i object removed.', '%i objects removed.') @@ -458,9 +443,8 @@ api.register(hbacrule_remove_user) class hbacrule_add_host(LDAPAddMember): - """ - Add target hosts and hostgroups to an HBAC rule - """ + __doc__ = _('Add target hosts and hostgroups to an HBAC rule.') + member_attributes = ['memberhost'] member_count_out = ('%i object added.', '%i objects added.') @@ -475,9 +459,8 @@ api.register(hbacrule_add_host) class hbacrule_remove_host(LDAPRemoveMember): - """ - Remove target hosts and hostgroups from an HBAC rule. - """ + __doc__ = _('Remove target hosts and hostgroups from an HBAC rule.') + member_attributes = ['memberhost'] member_count_out = ('%i object removed.', '%i objects removed.') @@ -485,9 +468,8 @@ api.register(hbacrule_remove_host) class hbacrule_add_sourcehost(LDAPAddMember): - """ - Add source hosts and hostgroups from a HBAC rule. - """ + __doc__ = _('Add source hosts and hostgroups from a HBAC rule.') + member_attributes = ['sourcehost'] member_count_out = ('%i object added.', '%i objects added.') @@ -502,9 +484,8 @@ api.register(hbacrule_add_sourcehost) class hbacrule_remove_sourcehost(LDAPRemoveMember): - """ - Remove source hosts and hostgroups from an HBAC rule. - """ + __doc__ = _('Remove source hosts and hostgroups from an HBAC rule.') + member_attributes = ['sourcehost'] member_count_out = ('%i object removed.', '%i objects removed.') @@ -512,9 +493,8 @@ api.register(hbacrule_remove_sourcehost) class hbacrule_add_service(LDAPAddMember): - """ - Add services to an HBAC rule. - """ + __doc__ = _('Add services to an HBAC rule.') + member_attributes = ['memberservice'] member_count_out = ('%i object added.', '%i objects added.') @@ -529,9 +509,8 @@ api.register(hbacrule_add_service) class hbacrule_remove_service(LDAPRemoveMember): - """ - Remove service and service groups from an HBAC rule. - """ + __doc__ = _('Remove service and service groups from an HBAC rule.') + member_attributes = ['memberservice'] member_count_out = ('%i object removed.', '%i objects removed.') diff --git a/ipalib/plugins/hbacsvc.py b/ipalib/plugins/hbacsvc.py index a45d9d631..6c6bc94fe 100644 --- a/ipalib/plugins/hbacsvc.py +++ b/ipalib/plugins/hbacsvc.py @@ -16,7 +16,15 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib import api +from ipalib import Str +from ipalib.plugins.baseldap import LDAPObject, LDAPCreate, LDAPDelete +from ipalib.plugins.baseldap import LDAPUpdate, LDAPSearch, LDAPRetrieve + +from ipalib import _, ngettext + +__doc__ = _(""" HBAC Services The PAM services that HBAC can control access to. The name used here @@ -37,13 +45,7 @@ EXAMPLES: Delete an HBAC service: ipa hbacsvc-del tftp -""" -from ipalib import api -from ipalib import Str -from ipalib.plugins.baseldap import LDAPObject, LDAPCreate, LDAPDelete -from ipalib.plugins.baseldap import LDAPUpdate, LDAPSearch, LDAPRetrieve - -from ipalib import _, ngettext +""") topic = ('hbac', _('Host based access control commands')) @@ -83,27 +85,23 @@ api.register(hbacsvc) class hbacsvc_add(LDAPCreate): - """ - Add a new HBAC service. - """ + __doc__ = _('Add a new HBAC service.') + msg_summary = _('Added HBAC service "%(value)s"') api.register(hbacsvc_add) class hbacsvc_del(LDAPDelete): - """ - Delete an existing HBAC service. - """ + __doc__ = _('Delete an existing HBAC service.') + msg_summary = _('Deleted HBAC service "%(value)s"') api.register(hbacsvc_del) class hbacsvc_mod(LDAPUpdate): - """ - Modify an HBAC service. - """ + __doc__ = _('Modify an HBAC service.') msg_summary = _('Modified HBAC service "%(value)s"') @@ -111,9 +109,7 @@ api.register(hbacsvc_mod) class hbacsvc_find(LDAPSearch): - """ - Search for HBAC services. - """ + __doc__ = _('Search for HBAC services.') msg_summary = ngettext( '%(count)d HBAC service matched', '%(count)d HBAC services matched', 0 @@ -123,8 +119,6 @@ api.register(hbacsvc_find) class hbacsvc_show(LDAPRetrieve): - """ - Display information about an HBAC service. - """ + __doc__ = _('Display information about an HBAC service.') api.register(hbacsvc_show) diff --git a/ipalib/plugins/hbacsvcgroup.py b/ipalib/plugins/hbacsvcgroup.py index 5154b18eb..35ca40fd8 100644 --- a/ipalib/plugins/hbacsvcgroup.py +++ b/ipalib/plugins/hbacsvcgroup.py @@ -16,7 +16,12 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib import api, errors +from ipalib.plugins.baseldap import * +from ipalib import _, ngettext + +__doc__ = _(""" HBAC Service Groups HBAC service groups can contain any number of individual services, @@ -39,11 +44,7 @@ EXAMPLES: Delete an HBAC service group: ipa hbacsvcgroup-del login -""" - -from ipalib import api, errors -from ipalib.plugins.baseldap import * -from ipalib import _, ngettext +""") topic = ('hbac', _('Host based access control commands')) @@ -82,36 +83,32 @@ api.register(hbacsvcgroup) class hbacsvcgroup_add(LDAPCreate): - """ - Add a new HBAC service group. - """ + __doc__ = _('Add a new HBAC service group.') + msg_summary = _('Added HBAC service group "%(value)s"') api.register(hbacsvcgroup_add) class hbacsvcgroup_del(LDAPDelete): - """ - Delete an HBAC service group. - """ + __doc__ = _('Delete an HBAC service group.') + msg_summary = _('Deleted HBAC service group "%(value)s"') api.register(hbacsvcgroup_del) class hbacsvcgroup_mod(LDAPUpdate): - """ - Modify an HBAC service group. - """ + __doc__ = _('Modify an HBAC service group.') + msg_summary = _('Modified HBAC service group "%(value)s"') api.register(hbacsvcgroup_mod) class hbacsvcgroup_find(LDAPSearch): - """ - Search for an HBAC service group. - """ + __doc__ = _('Search for an HBAC service group.') + msg_summary = ngettext( '%(count)d HBAC service group matched', '%(count)d HBAC service groups matched', 0 ) @@ -120,24 +117,18 @@ api.register(hbacsvcgroup_find) class hbacsvcgroup_show(LDAPRetrieve): - """ - Display information about an HBAC service group. - """ + __doc__ = _('Display information about an HBAC service group.') api.register(hbacsvcgroup_show) class hbacsvcgroup_add_member(LDAPAddMember): - """ - Add members to an HBAC service group. - """ + __doc__ = _('Add members to an HBAC service group.') api.register(hbacsvcgroup_add_member) class hbacsvcgroup_remove_member(LDAPRemoveMember): - """ - Remove members from an HBAC service group. - """ + __doc__ = _('Remove members from an HBAC service group.') api.register(hbacsvcgroup_remove_member) diff --git a/ipalib/plugins/hbactest.py b/ipalib/plugins/hbactest.py index 05fb56932..f6f652177 100644 --- a/ipalib/plugins/hbactest.py +++ b/ipalib/plugins/hbactest.py @@ -16,7 +16,15 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib import api, errors, output +from ipalib import Command, List, Str, Flag +from types import NoneType +from ipalib.cli import to_cli +from ipalib import _, ngettext +import pyhbac + +__doc__ = _(""" Simulate use of Host-based access controls HBAC rules control who can access what services on what hosts and from where. @@ -116,14 +124,7 @@ EXAMPLES: notmatched: new-rule matched: allow_all -""" - -from ipalib import api, errors, output -from ipalib import Command, List, Str, Flag -from types import NoneType -from ipalib.cli import to_cli -from ipalib import _, ngettext -import pyhbac +""") def convert_to_ipa_rule(rule): # convert a dict with a rule to an pyhbac rule @@ -154,6 +155,7 @@ def convert_to_ipa_rule(rule): class hbactest(Command): + __doc__ = _('Simulate use of Host-based access controls') has_output = ( output.summary, diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 6c590ca4f..76f204567 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -17,7 +17,29 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +import platform +import os +import sys +from nss.error import NSPRError + +from ipalib import api, errors, util +from ipalib import Str, Flag, Bytes +from ipalib.plugins.baseldap import * +from ipalib.plugins.service import split_principal +from ipalib.plugins.service import validate_certificate +from ipalib.plugins.service import set_certificate_attrs +from ipalib.plugins.dns import dns_container_exists, _record_types +from ipalib.plugins.dns import add_forward_record +from ipalib import _, ngettext +from ipalib import x509 +from ipapython.ipautil import ipa_generate_password, CheckedIPAddress +from ipalib.request import context +import base64 +import nss.nss as nss +import netaddr + +__doc__ = _(""" Hosts/Machines A host represents a machine. It can be used in a number of contexts: @@ -69,29 +91,7 @@ EXAMPLES: Add a host that can manage this host's keytab and certificate: ipa host-add-managedby --hosts=test2 test -""" - -import platform -import os -import sys -from nss.error import NSPRError - -from ipalib import api, errors, util -from ipalib import Str, Flag, Bytes -from ipalib.plugins.baseldap import * -from ipalib.plugins.service import split_principal -from ipalib.plugins.service import validate_certificate -from ipalib.plugins.service import set_certificate_attrs -from ipalib.plugins.dns import dns_container_exists, _record_types -from ipalib.plugins.dns import add_forward_record -from ipalib import _, ngettext -from ipalib import x509 -from ipapython.ipautil import ipa_generate_password, CheckedIPAddress -from ipalib.request import context -import base64 -import nss.nss as nss -import netaddr - +""") def validate_host(ugettext, fqdn): """ @@ -340,9 +340,7 @@ api.register(host) class host_add(LDAPCreate): - """ - Add a new host. - """ + __doc__ = _('Add a new host.') has_output_params = LDAPCreate.has_output_params + host_output_params msg_summary = _('Added host "%(value)s"') @@ -477,9 +475,7 @@ api.register(host_add) class host_del(LDAPDelete): - """ - Delete a host. - """ + __doc__ = _('Delete a host.') msg_summary = _('Deleted host "%(value)s"') member_attributes = ['managedby'] @@ -592,9 +588,7 @@ api.register(host_del) class host_mod(LDAPUpdate): - """ - Modify information about a host. - """ + __doc__ = _('Modify information about a host.') has_output_params = LDAPUpdate.has_output_params + host_output_params msg_summary = _('Modified host "%(value)s"') @@ -682,9 +676,7 @@ api.register(host_mod) class host_find(LDAPSearch): - """ - Search for hosts. - """ + __doc__ = _('Search for hosts.') has_output_params = LDAPSearch.has_output_params + host_output_params msg_summary = ngettext( @@ -715,9 +707,8 @@ api.register(host_find) class host_show(LDAPRetrieve): - """ - Display information about a host. - """ + __doc__ = _('Display information about a host.') + has_output_params = LDAPRetrieve.has_output_params + host_output_params takes_options = LDAPRetrieve.takes_options + ( Str('out?', @@ -758,9 +749,8 @@ api.register(host_show) class host_disable(LDAPQuery): - """ - Disable the Kerberos key, SSL certificate and all services of a host. - """ + __doc__ = _('Disable the Kerberos key, SSL certificate and all services of a host.') + has_output = output.standard_value msg_summary = _('Disabled host "%(value)s"') @@ -845,9 +835,8 @@ class host_disable(LDAPQuery): api.register(host_disable) class host_add_managedby(LDAPAddMember): - """ - Add hosts that can manage this host. - """ + __doc__ = _('Add hosts that can manage this host.') + member_attributes = ['managedby'] has_output_params = LDAPAddMember.has_output_params + host_output_params allow_same = True @@ -856,9 +845,8 @@ api.register(host_add_managedby) class host_remove_managedby(LDAPRemoveMember): - """ - Remove hosts that can manage this host. - """ + __doc__ = _('Remove hosts that can manage this host.') + member_attributes = ['managedby'] has_output_params = LDAPRemoveMember.has_output_params + host_output_params diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py index 24dac7517..a316270fa 100644 --- a/ipalib/plugins/hostgroup.py +++ b/ipalib/plugins/hostgroup.py @@ -17,7 +17,11 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib.plugins.baseldap import * +from ipalib import api, Int, _, ngettext + +__doc__ = _(""" Groups of hosts. Manage groups of hosts. This is useful for applying access control to a @@ -45,11 +49,7 @@ EXAMPLES: Delete a hostgroup: ipa hostgroup-del baltimore -""" - -from ipalib.plugins.baseldap import * -from ipalib import api, Int, _, ngettext - +""") class hostgroup(LDAPObject): """ @@ -92,9 +92,7 @@ api.register(hostgroup) class hostgroup_add(LDAPCreate): - """ - Add a new hostgroup. - """ + __doc__ = _('Add a new hostgroup.') msg_summary = _('Added hostgroup "%(value)s"') @@ -110,9 +108,7 @@ api.register(hostgroup_add) class hostgroup_del(LDAPDelete): - """ - Delete a hostgroup. - """ + __doc__ = _('Delete a hostgroup.') msg_summary = _('Deleted hostgroup "%(value)s"') @@ -120,9 +116,7 @@ api.register(hostgroup_del) class hostgroup_mod(LDAPUpdate): - """ - Modify a hostgroup. - """ + __doc__ = _('Modify a hostgroup.') msg_summary = _('Modified hostgroup "%(value)s"') @@ -130,9 +124,8 @@ api.register(hostgroup_mod) class hostgroup_find(LDAPSearch): - """ - Search for hostgroups. - """ + __doc__ = _('Search for hostgroups.') + member_attributes = ['member', 'memberof'] msg_summary = ngettext( '%(count)d hostgroup matched', '%(count)d hostgroups matched', 0 @@ -142,24 +135,18 @@ api.register(hostgroup_find) class hostgroup_show(LDAPRetrieve): - """ - Display information about a hostgroup. - """ + __doc__ = _('Display information about a hostgroup.') api.register(hostgroup_show) class hostgroup_add_member(LDAPAddMember): - """ - Add members to a hostgroup. - """ + __doc__ = _('Add members to a hostgroup.') api.register(hostgroup_add_member) class hostgroup_remove_member(LDAPRemoveMember): - """ - Remove members from a hostgroup. - """ + __doc__ = _('Remove members from a hostgroup.') api.register(hostgroup_remove_member) diff --git a/ipalib/plugins/krbtpolicy.py b/ipalib/plugins/krbtpolicy.py index f16353d06..0f80c770c 100644 --- a/ipalib/plugins/krbtpolicy.py +++ b/ipalib/plugins/krbtpolicy.py @@ -16,7 +16,13 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib import api +from ipalib import Int, Str +from ipalib.plugins.baseldap import * +from ipalib import _ + +__doc__ = _(""" Kerberos ticket policy There is a single Kerberos ticket policy. This policy defines the @@ -52,13 +58,7 @@ EXAMPLES: Modify per-user policy for user 'admin': ipa krbtpolicy-mod admin --maxlife=3600 -""" - -from ipalib import api -from ipalib import Int, Str -from ipalib.plugins.baseldap import * -from ipalib import _ - +""") # FIXME: load this from a config file? _default_values = { @@ -109,9 +109,8 @@ api.register(krbtpolicy) class krbtpolicy_mod(LDAPUpdate): - """ - Modify Kerberos ticket policy. - """ + __doc__ = _('Modify Kerberos ticket policy.') + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): # disable all flag # ticket policies are attached to objects with unrelated attributes @@ -123,9 +122,8 @@ api.register(krbtpolicy_mod) class krbtpolicy_show(LDAPRetrieve): - """ - Display the current Kerberos ticket policy. - """ + __doc__ = _('Display the current Kerberos ticket policy.') + def pre_callback(self, ldap, dn, attrs_list, *keys, **options): # disable all flag # ticket policies are attached to objects with unrelated attributes @@ -147,9 +145,8 @@ api.register(krbtpolicy_show) class krbtpolicy_reset(LDAPQuery): - """ - Reset Kerberos ticket policy to the default values. - """ + __doc__ = _('Reset Kerberos ticket policy to the default values.') + has_output = output.standard_entry def execute(self, *keys, **options): diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py index c2d3da8a8..f75612cef 100644 --- a/ipalib/plugins/migration.py +++ b/ipalib/plugins/migration.py @@ -16,7 +16,22 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +import logging +import re +import ldap as _ldap + +from ipalib import api, errors, output +from ipalib import Command, List, Password, Str, Flag, StrEnum +from ipalib.cli import to_cli +if api.env.in_server and api.env.context in ['lite', 'server']: + try: + from ipaserver.plugins.ldap2 import ldap2 + except StandardError, e: + raise e +from ipalib import _ + +__doc__ = _(""" Migration to IPA Migrate users and groups from an LDAP server to IPA. @@ -55,21 +70,7 @@ EXAMPLES: Specify the user and group container. This can be used to migrate user and group data from an IPA v1 server: ipa migrate-ds --user-container='cn=users,cn=accounts' --group-container='cn=groups,cn=accounts' ldap://ds.example.com:389 -""" - -import logging -import re -import ldap as _ldap - -from ipalib import api, errors, output -from ipalib import Command, List, Password, Str, Flag, StrEnum -from ipalib.cli import to_cli -if api.env.in_server and api.env.context in ['lite', 'server']: - try: - from ipaserver.plugins.ldap2 import ldap2 - except StandardError, e: - raise e -from ipalib import _ +""") # USER MIGRATION CALLBACKS AND VARS @@ -239,9 +240,8 @@ def validate_ldapuri(ugettext, ldapuri): class migrate_ds(Command): - """ - Migrate users and groups from DS to IPA. - """ + __doc__ = _('Migrate users and groups from DS to IPA.') + migrate_objects = { # OBJECT_NAME: (search_filter, pre_callback, post_callback) # diff --git a/ipalib/plugins/misc.py b/ipalib/plugins/misc.py index ed5048582..716797806 100644 --- a/ipalib/plugins/misc.py +++ b/ipalib/plugins/misc.py @@ -17,15 +17,15 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" -Misc plug-ins -""" - import re from ipalib import api, LocalOrRemote, _, ngettext from ipalib.output import Output, summary from ipalib import Flag +__doc__ = _(""" +Misc plug-ins +""") + # FIXME: We should not let env return anything in_server # when mode == 'production'. This would allow an attacker to see the # configuration of the server, potentially revealing compromising @@ -33,7 +33,7 @@ from ipalib import Flag class env(LocalOrRemote): - """Show environment variables""" + __doc__ = _('Show environment variables.') msg_summary = _('%(count)d variables') @@ -103,7 +103,7 @@ api.register(env) class plugins(LocalOrRemote): - """Show all loaded plugins""" + __doc__ = _('Show all loaded plugins.') msg_summary = ngettext( '%(count)d plugin loaded', '%(count)d plugins loaded', 0 diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py index b8afd3b97..8901ac92c 100644 --- a/ipalib/plugins/netgroup.py +++ b/ipalib/plugins/netgroup.py @@ -17,7 +17,15 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + + +from ipalib import api, errors +from ipalib import Str, StrEnum +from ipalib.plugins.baseldap import * +from ipalib import _, ngettext +from ipalib.plugins.hbacrule import is_all + +__doc__ = _(""" Netgroups A netgroup is a group used for permission checking. It can contain both @@ -39,14 +47,7 @@ EXAMPLES: Delete a netgroup: ipa netgroup-del admins -""" - -from ipalib import api, errors -from ipalib import Str, StrEnum -from ipalib.plugins.baseldap import * -from ipalib import _, ngettext -from ipalib.plugins.hbacrule import is_all - +""") output_params = ( Str('memberuser_user?', @@ -138,9 +139,8 @@ api.register(netgroup) class netgroup_add(LDAPCreate): - """ - Add a new netgroup. - """ + __doc__ = _('Add a new netgroup.') + has_output_params = LDAPCreate.has_output_params + output_params msg_summary = _('Added netgroup "%(value)s"') def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): @@ -151,18 +151,16 @@ api.register(netgroup_add) class netgroup_del(LDAPDelete): - """ - Delete a netgroup. - """ + __doc__ = _('Delete a netgroup.') + msg_summary = _('Deleted netgroup "%(value)s"') api.register(netgroup_del) class netgroup_mod(LDAPUpdate): - """ - Modify a netgroup. - """ + __doc__ = _('Modify a netgroup.') + has_output_params = LDAPUpdate.has_output_params + output_params msg_summary = _('Modified netgroup "%(value)s"') @@ -178,9 +176,8 @@ api.register(netgroup_mod) class netgroup_find(LDAPSearch): - """ - Search for a netgroup. - """ + __doc__ = _('Search for a netgroup.') + member_attributes = ['member', 'memberuser', 'memberhost', 'memberof'] has_output_params = LDAPSearch.has_output_params + output_params msg_summary = ngettext( @@ -216,18 +213,16 @@ api.register(netgroup_find) class netgroup_show(LDAPRetrieve): - """ - Display information about a netgroup. - """ + __doc__ = _('Display information about a netgroup.') + has_output_params = LDAPRetrieve.has_output_params + output_params api.register(netgroup_show) class netgroup_add_member(LDAPAddMember): - """ - Add members to a netgroup. - """ + __doc__ = _('Add members to a netgroup.') + member_attributes = ['memberuser', 'memberhost', 'member'] has_output_params = LDAPAddMember.has_output_params + output_params def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): @@ -261,9 +256,8 @@ api.register(netgroup_add_member) class netgroup_remove_member(LDAPRemoveMember): - """ - Remove members from a netgroup. - """ + __doc__ = _('Remove members from a netgroup.') + member_attributes = ['memberuser', 'memberhost', 'member'] has_output_params = LDAPRemoveMember.has_output_params + output_params def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): diff --git a/ipalib/plugins/passwd.py b/ipalib/plugins/passwd.py index b740c481d..901a56f20 100644 --- a/ipalib/plugins/passwd.py +++ b/ipalib/plugins/passwd.py @@ -16,7 +16,14 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib import api, errors, util +from ipalib import Command +from ipalib import Str, Password +from ipalib import _ +from ipalib import output + +__doc__ = _(""" Set a user's password If someone other than a user changes that user's password (e.g., Helpdesk @@ -33,19 +40,10 @@ EXAMPLES: To change another user's password: ipa passwd tuser1 -""" - -from ipalib import api, errors, util -from ipalib import Command -from ipalib import Str, Password -from ipalib import _ -from ipalib import output - +""") class passwd(Command): - """ - Set a user's password - """ + __doc__ = _("Set a user's password.") takes_args = ( Str('principal', diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 75adc9174..469b8ba1c 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -16,7 +16,15 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +import copy +from ipalib.plugins.baseldap import * +from ipalib import api, _, ngettext +from ipalib import Flag, Str, StrEnum +from ipalib.request import context +from ipalib import errors + +__doc__ = _(""" Permissions A permission enables fine-grained delegation of rights. A permission is @@ -68,14 +76,7 @@ EXAMPLES: Add a permission that grants the ability to manage group membership: ipa permission-add --attrs=member --permissions=write --type=group "Manage Group Members" -""" - -import copy -from ipalib.plugins.baseldap import * -from ipalib import api, _, ngettext -from ipalib import Flag, Str, StrEnum -from ipalib.request import context -from ipalib import errors +""") ACI_PREFIX=u"permission" @@ -175,9 +176,7 @@ api.register(permission) class permission_add(LDAPCreate): - """ - Add a new permission. - """ + __doc__ = _('Add a new permission.') msg_summary = _('Added permission "%(value)s"') @@ -234,9 +233,7 @@ api.register(permission_add) class permission_del(LDAPDelete): - """ - Delete a permission. - """ + __doc__ = _('Delete a permission.') msg_summary = _('Deleted permission "%(value)s"') @@ -254,9 +251,7 @@ api.register(permission_del) class permission_mod(LDAPUpdate): - """ - Modify a permission. - """ + __doc__ = _('Modify a permission.') msg_summary = _('Modified permission "%(value)s"') has_output_params = LDAPUpdate.has_output_params + output_params @@ -350,9 +345,7 @@ api.register(permission_mod) class permission_find(LDAPSearch): - """ - Search for permissions. - """ + __doc__ = _('Search for permissions.') msg_summary = ngettext( '%(count)d permission matched', '%(count)d permissions matched', 0 @@ -403,9 +396,8 @@ api.register(permission_find) class permission_show(LDAPRetrieve): - """ - Display information about a permission. - """ + __doc__ = _('Display information about a permission.') + has_output_params = LDAPRetrieve.has_output_params + output_params def post_callback(self, ldap, dn, entry_attrs, *keys, **options): try: diff --git a/ipalib/plugins/ping.py b/ipalib/plugins/ping.py index c2f9b6b28..93c6495d1 100644 --- a/ipalib/plugins/ping.py +++ b/ipalib/plugins/ping.py @@ -16,19 +16,20 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" -Ping the remote IPA server -""" from ipalib import api from ipalib import Command from ipalib import output +from ipalib import _, ngettext from ipapython.version import VERSION, API_VERSION +__doc__ = _(""" +Ping the remote IPA server +""") + class ping(Command): - """ - ping a remote server - """ + __doc__ = _('Ping a remote server.') + has_output = ( output.summary, ) diff --git a/ipalib/plugins/pkinit.py b/ipalib/plugins/pkinit.py index 7a5a93b42..cb3b9c2fc 100644 --- a/ipalib/plugins/pkinit.py +++ b/ipalib/plugins/pkinit.py @@ -16,7 +16,13 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib import api, errors +from ipalib import Int, Str +from ipalib import Object, Command +from ipalib import _ + +__doc__ = _(""" Kerberos pkinit options Enable or disable anonymous pkinit using the principal @@ -34,13 +40,7 @@ EXAMPLES: For more information on anonymous pkinit see: http://k5wiki.kerberos.org/wiki/Projects/Anonymous_pkinit -""" - -from ipalib import api, errors -from ipalib import Int, Str -from ipalib import Object, Command -from ipalib import _ - +""") class pkinit(Object): """ @@ -64,9 +64,8 @@ def valid_arg(ugettext, action): ) class pkinit_anonymous(Command): - """ - Enable or Disable Anonymous PKINIT - """ + __doc__ = _('Enable or Disable Anonymous PKINIT.') + princ_name = 'WELLKNOWN/ANONYMOUS@%s' % api.env.realm default_dn = 'krbprincipalname=%s,cn=%s,cn=kerberos,%s' % ( princ_name, api.env.realm, api.env.basedn diff --git a/ipalib/plugins/privilege.py b/ipalib/plugins/privilege.py index 6365ab9b6..3b086b9f9 100644 --- a/ipalib/plugins/privilege.py +++ b/ipalib/plugins/privilege.py @@ -16,7 +16,11 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib.plugins.baseldap import * +from ipalib import api, _, ngettext + +__doc__ = _(""" Privileges A privilege combines permissions into a logical task. A permission provides @@ -35,11 +39,7 @@ form of a privilege named "Add User" makes it easier to manage Roles. A privilege may not contain other privileges. See role and permission for additional information. -""" - -from ipalib.plugins.baseldap import * -from ipalib import api, _, ngettext - +""") class privilege(LDAPObject): """ @@ -83,9 +83,7 @@ api.register(privilege) class privilege_add(LDAPCreate): - """ - Add a new privilege. - """ + __doc__ = _('Add a new privilege.') msg_summary = _('Added privilege "%(value)s"') @@ -93,9 +91,7 @@ api.register(privilege_add) class privilege_del(LDAPDelete): - """ - Delete a privilege. - """ + __doc__ = _('Delete a privilege.') msg_summary = _('Deleted privilege "%(value)s"') @@ -103,9 +99,7 @@ api.register(privilege_del) class privilege_mod(LDAPUpdate): - """ - Modify a privilege. - """ + __doc__ = _('Modify a privilege.') msg_summary = _('Modified privilege "%(value)s"') @@ -113,9 +107,7 @@ api.register(privilege_mod) class privilege_find(LDAPSearch): - """ - Search for privileges. - """ + __doc__ = _('Search for privileges.') msg_summary = ngettext( '%(count)d privilege matched', '%(count)d privileges matched', 0 @@ -125,17 +117,14 @@ api.register(privilege_find) class privilege_show(LDAPRetrieve): - """ - Display information about a privilege. - """ + __doc__ = _('Display information about a privilege.') api.register(privilege_show) class privilege_add_member(LDAPAddMember): - """ - Add members to a privilege - """ + __doc__ = _('Add members to a privilege.') + NO_CLI=True api.register(privilege_add_member) @@ -151,9 +140,8 @@ api.register(privilege_remove_member) class privilege_add_permission(LDAPAddReverseMember): - """ - Add permissions to a privilege. - """ + __doc__ = _('Add permissions to a privilege.') + show_command = 'privilege_show' member_command = 'permission_add_member' reverse_attr = 'permission' @@ -175,9 +163,8 @@ api.register(privilege_add_permission) class privilege_remove_permission(LDAPRemoveReverseMember): - """ - Remove permissions from a privilege. - """ + __doc__ = _('Remove permissions from a privilege.') + show_command = 'privilege_show' member_command = 'permission_remove_member' reverse_attr = 'permission' diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py index b2a9436fe..79ea44dda 100644 --- a/ipalib/plugins/pwpolicy.py +++ b/ipalib/plugins/pwpolicy.py @@ -17,7 +17,16 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib import api +from ipalib import Int, Str +from ipalib.plugins.baseldap import * +from ipalib import _ +from ipalib.request import context +from ipapython.ipautil import run +from distutils import version + +__doc__ = _(""" Password policy A password policy sets limitations on IPA passwords, including maximum @@ -58,15 +67,7 @@ EXAMPLES: Modify a group password policy: ipa pwpolicy-mod --minclasses=2 localadmins -""" - -from ipalib import api -from ipalib import Int, Str -from ipalib.plugins.baseldap import * -from ipalib import _ -from ipalib.request import context -from ipapython.ipautil import run -from distutils import version +""") class cosentry(LDAPObject): """ @@ -331,9 +332,8 @@ api.register(pwpolicy) class pwpolicy_add(LDAPCreate): - """ - Add a new group password policy. - """ + __doc__ = _('Add a new group password policy.') + def get_args(self): yield self.obj.primary_key.clone(attribute=True, required=True) @@ -359,9 +359,8 @@ api.register(pwpolicy_add) class pwpolicy_del(LDAPDelete): - """ - Delete a group password policy. - """ + __doc__ = _('Delete a group password policy.') + def get_args(self): yield self.obj.primary_key.clone( attribute=True, required=True, multivalue=True @@ -378,9 +377,8 @@ api.register(pwpolicy_del) class pwpolicy_mod(LDAPUpdate): - """ - Modify a group password policy. - """ + __doc__ = _('Modify a group password policy.') + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): self.obj.convert_time_on_input(entry_attrs) self.obj.validate_lifetime(entry_attrs, False, *keys) @@ -421,9 +419,8 @@ api.register(pwpolicy_mod) class pwpolicy_show(LDAPRetrieve): - """ - Display information about password policy. - """ + __doc__ = _('Display information about password policy.') + takes_options = LDAPRetrieve.takes_options + ( Str('user?', label=_('User'), @@ -450,9 +447,8 @@ api.register(pwpolicy_show) class pwpolicy_find(LDAPSearch): - """ - Search for group password policies. - """ + __doc__ = _('Search for group password policies.') + def post_callback(self, ldap, entries, truncated, *args, **options): for e in entries: # attribute rights are not allowed for pwpolicy_find diff --git a/ipalib/plugins/role.py b/ipalib/plugins/role.py index c7e2f16c9..f10eb8095 100644 --- a/ipalib/plugins/role.py +++ b/ipalib/plugins/role.py @@ -17,7 +17,13 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib.plugins.baseldap import * +from ipalib import api, Str, _, ngettext +from ipalib import Command +from ipalib.plugins import privilege + +__doc__ = _(""" Roles A role is used for fine-grained delegation. A permission grants the ability @@ -50,13 +56,7 @@ EXAMPLES: The result of this is that any users in the group 'useradmins' can add users, reset passwords or add a user to the default IPA user group. -""" - -from ipalib.plugins.baseldap import * -from ipalib import api, Str, _, ngettext -from ipalib import Command -from ipalib.plugins import privilege - +""") class role(LDAPObject): """ @@ -99,9 +99,7 @@ api.register(role) class role_add(LDAPCreate): - """ - Add a new role. - """ + __doc__ = _('Add a new role.') msg_summary = _('Added role "%(value)s"') @@ -109,9 +107,7 @@ api.register(role_add) class role_del(LDAPDelete): - """ - Delete a role. - """ + __doc__ = _('Delete a role.') msg_summary = _('Deleted role "%(value)s"') @@ -119,9 +115,7 @@ api.register(role_del) class role_mod(LDAPUpdate): - """ - Modify a role. - """ + __doc__ = _('Modify a role.') msg_summary = _('Modified role "%(value)s"') @@ -129,9 +123,7 @@ api.register(role_mod) class role_find(LDAPSearch): - """ - Search for roles. - """ + __doc__ = _('Search for roles.') msg_summary = ngettext( '%(count)d role matched', '%(count)d roles matched', 0 @@ -141,33 +133,26 @@ api.register(role_find) class role_show(LDAPRetrieve): - """ - Display information about a role. - """ + __doc__ = _('Display information about a role.') api.register(role_show) class role_add_member(LDAPAddMember): - """ - Add members to a role. - """ + __doc__ = _('Add members to a role.') api.register(role_add_member) class role_remove_member(LDAPRemoveMember): - """ - Remove members from a role. - """ + __doc__ = _('Remove members from a role.') api.register(role_remove_member) class role_add_privilege(LDAPAddReverseMember): - """ - Add privileges to a role. - """ + __doc__ = _('Add privileges to a role.') + show_command = 'role_show' member_command = 'privilege_add_member' reverse_attr = 'privilege' @@ -189,9 +174,8 @@ api.register(role_add_privilege) class role_remove_privilege(LDAPRemoveReverseMember): - """ - Remove privileges from a role. - """ + __doc__ = _('Remove privileges from a role.') + show_command = 'role_show' member_command = 'privilege_remove_member' reverse_attr = 'privilege' diff --git a/ipalib/plugins/selfservice.py b/ipalib/plugins/selfservice.py index 61530987c..f68212539 100644 --- a/ipalib/plugins/selfservice.py +++ b/ipalib/plugins/selfservice.py @@ -16,7 +16,16 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +import copy +from ipalib import api, _, ngettext +from ipalib import Flag, Str, List +from ipalib.request import context +from ipalib import api, crud, errors +from ipalib import output +from ipalib import Object, Command + +__doc__ = _(""" Self-service Permissions A permission enables fine-grained delegation of permissions. Access Control @@ -40,15 +49,7 @@ EXAMPLES: Delete a rule: ipa selfservice-del "Users manage their own address" -""" - -import copy -from ipalib import api, _, ngettext -from ipalib import Flag, Str, List -from ipalib.request import context -from ipalib import api, crud, errors -from ipalib import output -from ipalib import Object, Command +""") ACI_PREFIX=u"selfservice" @@ -112,9 +113,7 @@ api.register(selfservice) class selfservice_add(crud.Create): - """ - Add a new self-service permission. - """ + __doc__ = _('Add a new self-service permission.') msg_summary = _('Added selfservice "%(value)s"') @@ -135,9 +134,7 @@ api.register(selfservice_add) class selfservice_del(crud.Delete): - """ - Delete a self-service permission. - """ + __doc__ = _('Delete a self-service permission.') has_output = output.standard_boolean msg_summary = _('Deleted selfservice "%(value)s"') @@ -156,9 +153,7 @@ api.register(selfservice_del) class selfservice_mod(crud.Update): - """ - Modify a self-service permission. - """ + __doc__ = _('Modify a self-service permission.') msg_summary = _('Modified selfservice "%(value)s"') @@ -179,9 +174,7 @@ api.register(selfservice_mod) class selfservice_find(crud.Search): - """ - Search for a self-service permission. - """ + __doc__ = _('Search for a self-service permission.') msg_summary = ngettext( '%(count)d selfservice matched', '%(count)d selfservices matched', 0 @@ -205,9 +198,8 @@ api.register(selfservice_find) class selfservice_show(crud.Retrieve): - """ - Display information about a self-service permission. - """ + __doc__ = _('Display information about a self-service permission.') + has_output_params = ( Str('aci', label=_('ACI'), diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index bcaa76afb..87d25d6bb 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -18,7 +18,21 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +import base64 +import os + +from ipalib import api, errors, util +from ipalib import Str, Flag, Bytes +from ipalib.plugins.baseldap import * +from ipalib import x509 +from ipalib import _, ngettext +from ipalib import util +import nss.nss as nss +from nss.error import NSPRError +from ipapython.ipautil import file_exists + +__doc__ = _(""" Services A IPA service represents a service that runs on a host. The IPA service @@ -67,20 +81,7 @@ EXAMPLES: Generate and retrieve a keytab for an IPA service: ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/httpd.keytab -""" -import base64 -import os - -from ipalib import api, errors, util -from ipalib import Str, Flag, Bytes -from ipalib.plugins.baseldap import * -from ipalib import x509 -from ipalib import _, ngettext -from ipalib import util -import nss.nss as nss -from nss.error import NSPRError -from ipapython.ipautil import file_exists - +""") output_params = ( Str('managedby_host', @@ -238,9 +239,8 @@ api.register(service) class service_add(LDAPCreate): - """ - Add a new IPA new service. - """ + __doc__ = _('Add a new IPA new service.') + msg_summary = _('Added service "%(value)s"') member_attributes = ['managedby'] has_output_params = LDAPCreate.has_output_params + output_params @@ -280,9 +280,8 @@ api.register(service_add) class service_del(LDAPDelete): - """ - Delete an IPA service. - """ + __doc__ = _('Delete an IPA service.') + msg_summary = _('Deleted service "%(value)s"') member_attributes = ['managedby'] def pre_callback(self, ldap, dn, *keys, **options): @@ -317,9 +316,8 @@ api.register(service_del) class service_mod(LDAPUpdate): - """ - Modify an existing IPA service. - """ + __doc__ = _('Modify an existing IPA service.') + msg_summary = _('Modified service "%(value)s"') takes_options = LDAPUpdate.takes_options has_output_params = LDAPUpdate.has_output_params + output_params @@ -352,9 +350,8 @@ api.register(service_mod) class service_find(LDAPSearch): - """ - Search for IPA services. - """ + __doc__ = _('Search for IPA services.') + msg_summary = ngettext( '%(count)d service matched', '%(count)d services matched', 0 ) @@ -385,9 +382,8 @@ api.register(service_find) class service_show(LDAPRetrieve): - """ - Display information about an IPA service. - """ + __doc__ = _('Display information about an IPA service.') + member_attributes = ['managedby'] takes_options = LDAPRetrieve.takes_options + ( Str('out?', @@ -418,9 +414,8 @@ class service_show(LDAPRetrieve): api.register(service_show) class service_add_host(LDAPAddMember): - """ - Add hosts that can manage this service. - """ + __doc__ = _('Add hosts that can manage this service.') + member_attributes = ['managedby'] has_output_params = LDAPAddMember.has_output_params + output_params @@ -428,9 +423,8 @@ api.register(service_add_host) class service_remove_host(LDAPRemoveMember): - """ - Remove hosts that can manage this service. - """ + __doc__ = _('Remove hosts that can manage this service.') + member_attributes = ['managedby'] has_output_params = LDAPRemoveMember.has_output_params + output_params @@ -438,9 +432,8 @@ api.register(service_remove_host) class service_disable(LDAPQuery): - """ - Disable the Kerberos key and SSL certificate of a service. - """ + __doc__ = _('Disable the Kerberos key and SSL certificate of a service.') + has_output = output.standard_value msg_summary = _('Disabled service "%(value)s"') has_output_params = LDAPQuery.has_output_params + output_params diff --git a/ipalib/plugins/sudocmd.py b/ipalib/plugins/sudocmd.py index af8ab0321..18190f9d9 100644 --- a/ipalib/plugins/sudocmd.py +++ b/ipalib/plugins/sudocmd.py @@ -16,7 +16,17 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +import platform +import os +import sys + +from ipalib import api, errors, util +from ipalib import Str +from ipalib.plugins.baseldap import * +from ipalib import _, ngettext + +__doc__ = _(""" Sudo Commands Commands used as building blocks for sudo @@ -29,16 +39,7 @@ EXAMPLES: Remove a command ipa sudocmd-del /usr/bin/less -""" - -import platform -import os -import sys - -from ipalib import api, errors, util -from ipalib import Str -from ipalib.plugins.baseldap import * -from ipalib import _, ngettext +""") topic = ('sudo', _('commands for controlling sudo configuration')) @@ -96,36 +97,28 @@ class sudocmd(LDAPObject): api.register(sudocmd) class sudocmd_add(LDAPCreate): - """ - Create new sudo command. - """ + __doc__ = _('Create new sudo command.') msg_summary = _('Added sudo command "%(value)s"') api.register(sudocmd_add) class sudocmd_del(LDAPDelete): - """ - Delete sudo command. - """ + __doc__ = _('Delete sudo command.') msg_summary = _('Deleted sudo command "%(value)s"') api.register(sudocmd_del) class sudocmd_mod(LDAPUpdate): - """ - Modify command. - """ + __doc__ = _('Modify command.') msg_summary = _('Modified sudo command "%(value)s"') api.register(sudocmd_mod) class sudocmd_find(LDAPSearch): - """ - Search for commands. - """ + __doc__ = _('Search for commands.') msg_summary = ngettext( '%(count)d sudo command matched', '%(count)d sudo command matched', 0 @@ -134,8 +127,6 @@ class sudocmd_find(LDAPSearch): api.register(sudocmd_find) class sudocmd_show(LDAPRetrieve): - """ - Display sudo command. - """ + __doc__ = _('Display sudo command.') api.register(sudocmd_show) diff --git a/ipalib/plugins/sudocmdgroup.py b/ipalib/plugins/sudocmdgroup.py index 60d4b3878..e7f1fd3be 100644 --- a/ipalib/plugins/sudocmdgroup.py +++ b/ipalib/plugins/sudocmdgroup.py @@ -16,7 +16,13 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib import api +from ipalib import Str +from ipalib.plugins.baseldap import * +from ipalib import _, ngettext + +__doc__ = _(""" Groups of Sudo commands Manage groups of Sudo commands. @@ -37,12 +43,7 @@ EXAMPLES: Show a Sudo command group: ipa group-show localadmins -""" - -from ipalib import api -from ipalib import Str -from ipalib.plugins.baseldap import * -from ipalib import _, ngettext +""") topic = ('sudo', _('commands for controlling sudo configuration')) @@ -91,9 +92,7 @@ api.register(sudocmdgroup) class sudocmdgroup_add(LDAPCreate): - """ - Create new sudo command group. - """ + __doc__ = _('Create new sudo command group.') msg_summary = _('Added sudo command group "%(value)s"') @@ -101,9 +100,7 @@ api.register(sudocmdgroup_add) class sudocmdgroup_del(LDAPDelete): - """ - Delete sudo command group. - """ + __doc__ = _('Delete sudo command group.') msg_summary = _('Deleted sudo command group "%(value)s"') @@ -111,9 +108,7 @@ api.register(sudocmdgroup_del) class sudocmdgroup_mod(LDAPUpdate): - """ - Modify group. - """ + __doc__ = _('Modify group.') msg_summary = _('Modified sudo command group "%(value)s"') @@ -121,9 +116,7 @@ api.register(sudocmdgroup_mod) class sudocmdgroup_find(LDAPSearch): - """ - Search for sudo command groups. - """ + __doc__ = _('Search for sudo command groups.') msg_summary = ngettext( '%(count)d sudo command group matched', @@ -134,24 +127,18 @@ api.register(sudocmdgroup_find) class sudocmdgroup_show(LDAPRetrieve): - """ - Display sudo command group. - """ + __doc__ = _('Display sudo command group.') api.register(sudocmdgroup_show) class sudocmdgroup_add_member(LDAPAddMember): - """ - Add members to sudo command group. - """ + __doc__ = _('Add members to sudo command group.') api.register(sudocmdgroup_add_member) class sudocmdgroup_remove_member(LDAPRemoveMember): - """ - Remove members from sudo command group. - """ + __doc__ = _('Remove members from sudo command group.') api.register(sudocmdgroup_remove_member) diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index c12620132..a169452a7 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -16,7 +16,13 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib import api, errors +from ipalib import Str, StrEnum +from ipalib.plugins.baseldap import * +from ipalib import _, ngettext + +__doc__ = _(""" Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the @@ -40,12 +46,7 @@ LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W \ uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com For more information, see the FreeIPA Documentation to Sudo. -""" - -from ipalib import api, errors -from ipalib import Str, StrEnum -from ipalib.plugins.baseldap import * -from ipalib import _, ngettext +""") topic = ('sudo', _('Commands for controlling sudo configuration')) @@ -204,9 +205,8 @@ api.register(sudorule) class sudorule_add(LDAPCreate): - """ - Create new Sudo Rule. - """ + __doc__ = _('Create new Sudo Rule.') + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): # Sudo rules are enabled by default entry_attrs['ipaenabledflag'] = 'TRUE' @@ -218,27 +218,24 @@ api.register(sudorule_add) class sudorule_del(LDAPDelete): - """ - Delete Sudo Rule. - """ + __doc__ = _('Delete Sudo Rule.') + msg_summary = _('Deleted sudo rule "%(value)s"') api.register(sudorule_del) class sudorule_mod(LDAPUpdate): - """ - Modify Sudo Rule. - """ + __doc__ = _('Modify Sudo Rule.') + msg_summary = _('Modified sudo rule "%(value)s"') api.register(sudorule_mod) class sudorule_find(LDAPSearch): - """ - Search for Sudo Rule. - """ + __doc__ = _('Search for Sudo Rule.') + msg_summary = ngettext( '%(count)d sudo rule matched', '%(count)d sudo rules matched', 0 ) @@ -247,17 +244,14 @@ api.register(sudorule_find) class sudorule_show(LDAPRetrieve): - """ - Display Sudo Rule. - """ + __doc__ = _('Display Sudo Rule.') api.register(sudorule_show) class sudorule_enable(LDAPQuery): - """ - Enable a Sudo rule. - """ + __doc__ = _('Enable a Sudo rule.') + def execute(self, cn): ldap = self.obj.backend @@ -281,9 +275,8 @@ api.register(sudorule_enable) class sudorule_disable(LDAPQuery): - """ - Disable a Sudo rule. - """ + __doc__ = _('Disable a Sudo rule.') + def execute(self, cn): ldap = self.obj.backend @@ -307,9 +300,8 @@ api.register(sudorule_disable) class sudorule_add_allow_command(LDAPAddMember): - """ - Add commands and sudo command groups affected by Sudo Rule. - """ + __doc__ = _('Add commands and sudo command groups affected by Sudo Rule.') + member_attributes = ['memberallowcmd'] member_count_out = ('%i object added.', '%i objects added.') @@ -317,9 +309,8 @@ api.register(sudorule_add_allow_command) class sudorule_remove_allow_command(LDAPRemoveMember): - """ - Remove commands and sudo command groups affected by Sudo Rule. - """ + __doc__ = _('Remove commands and sudo command groups affected by Sudo Rule.') + member_attributes = ['memberallowcmd'] member_count_out = ('%i object removed.', '%i objects removed.') @@ -327,9 +318,8 @@ api.register(sudorule_remove_allow_command) class sudorule_add_deny_command(LDAPAddMember): - """ - Add commands and sudo command groups affected by Sudo Rule. - """ + __doc__ = _('Add commands and sudo command groups affected by Sudo Rule.') + member_attributes = ['memberdenycmd'] member_count_out = ('%i object added.', '%i objects added.') @@ -337,9 +327,8 @@ api.register(sudorule_add_deny_command) class sudorule_remove_deny_command(LDAPRemoveMember): - """ - Remove commands and sudo command groups affected by Sudo Rule. - """ + __doc__ = _('Remove commands and sudo command groups affected by Sudo Rule.') + member_attributes = ['memberdenycmd'] member_count_out = ('%i object removed.', '%i objects removed.') @@ -347,9 +336,8 @@ api.register(sudorule_remove_deny_command) class sudorule_add_user(LDAPAddMember): - """ - Add users and groups affected by Sudo Rule. - """ + __doc__ = _('Add users and groups affected by Sudo Rule.') + member_attributes = ['memberuser'] member_count_out = ('%i object added.', '%i objects added.') @@ -383,9 +371,8 @@ api.register(sudorule_add_user) class sudorule_remove_user(LDAPRemoveMember): - """ - Remove users and groups affected by Sudo Rule. - """ + __doc__ = _('Remove users and groups affected by Sudo Rule.') + member_attributes = ['memberuser'] member_count_out = ('%i object removed.', '%i objects removed.') @@ -417,9 +404,8 @@ api.register(sudorule_remove_user) class sudorule_add_host(LDAPAddMember): - """ - Add hosts and hostgroups affected by Sudo Rule. - """ + __doc__ = _('Add hosts and hostgroups affected by Sudo Rule.') + member_attributes = ['memberhost'] member_count_out = ('%i object added.', '%i objects added.') @@ -453,9 +439,8 @@ api.register(sudorule_add_host) class sudorule_remove_host(LDAPRemoveMember): - """ - Remove hosts and hostgroups affected by Sudo Rule. - """ + __doc__ = _('Remove hosts and hostgroups affected by Sudo Rule.') + member_attributes = ['memberhost'] member_count_out = ('%i object removed.', '%i objects removed.') @@ -488,9 +473,8 @@ api.register(sudorule_remove_host) class sudorule_add_runasuser(LDAPAddMember): - """ - Add users and groups for Sudo to execute as. - """ + __doc__ = _('Add users and groups for Sudo to execute as.') + member_attributes = ['ipasudorunas'] member_count_out = ('%i object added.', '%i objects added.') @@ -524,9 +508,8 @@ api.register(sudorule_add_runasuser) class sudorule_remove_runasuser(LDAPRemoveMember): - """ - Remove users and groups for Sudo to execute as. - """ + __doc__ = _('Remove users and groups for Sudo to execute as.') + member_attributes = ['ipasudorunas'] member_count_out = ('%i object removed.', '%i objects removed.') @@ -558,9 +541,8 @@ api.register(sudorule_remove_runasuser) class sudorule_add_runasgroup(LDAPAddMember): - """ - Add group for Sudo to execute as. - """ + __doc__ = _('Add group for Sudo to execute as.') + member_attributes = ['ipasudorunasgroup'] member_count_out = ('%i object added.', '%i objects added.') @@ -594,9 +576,8 @@ api.register(sudorule_add_runasgroup) class sudorule_remove_runasgroup(LDAPRemoveMember): - """ - Remove group for Sudo to execute as. - """ + __doc__ = _('Remove group for Sudo to execute as.') + member_attributes = ['ipasudorunasgroup'] member_count_out = ('%i object removed.', '%i objects removed.') @@ -628,9 +609,7 @@ api.register(sudorule_remove_runasgroup) class sudorule_add_option(LDAPQuery): - """ - Add an option to the Sudo rule. - """ + __doc__ = _('Add an option to the Sudo rule.') takes_options = ( Str('ipasudoopt', @@ -675,9 +654,8 @@ api.register(sudorule_add_option) class sudorule_remove_option(LDAPQuery): - """ - Remove an option from Sudo rule. - """ + __doc__ = _('Remove an option from Sudo rule.') + takes_options = ( Str('ipasudoopt', cli_name='sudooption', diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 2112c03d0..d728ad47c 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -17,7 +17,16 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -""" + +from ipalib import api, errors +from ipalib import Flag, Int, Password, Str, Bool +from ipalib.plugins.baseldap import * +from ipalib.request import context +from time import gmtime, strftime +import copy +from ipalib import _, ngettext + +__doc__ = _(""" Users Manage user entries. All users are POSIX users. @@ -54,15 +63,7 @@ EXAMPLES: Delete a user: ipa user-del tuser1 -""" - -from ipalib import api, errors -from ipalib import Flag, Int, Password, Str, Bool -from ipalib.plugins.baseldap import * -from ipalib import _, ngettext -from ipalib.request import context -from time import gmtime, strftime -import copy +""") NO_UPG_MAGIC = '__no_upg__' @@ -304,9 +305,8 @@ api.register(user) class user_add(LDAPCreate): - """ - Add a new user. - """ + __doc__ = _('Add a new user.') + msg_summary = _('Added user "%(value)s"') takes_options = LDAPCreate.takes_options + ( @@ -416,9 +416,7 @@ api.register(user_add) class user_del(LDAPDelete): - """ - Delete a user. - """ + __doc__ = _('Delete a user.') msg_summary = _('Deleted user "%(value)s"') @@ -429,9 +427,7 @@ api.register(user_del) class user_mod(LDAPUpdate): - """ - Modify a user. - """ + __doc__ = _('Modify a user.') msg_summary = _('Modified user "%(value)s"') @@ -453,9 +449,8 @@ api.register(user_mod) class user_find(LDAPSearch): - """ - Search for users. - """ + __doc__ = _('Search for users.') + member_attributes = ['memberof'] takes_options = LDAPSearch.takes_options + ( @@ -487,9 +482,8 @@ api.register(user_find) class user_show(LDAPRetrieve): - """ - Display information about a user. - """ + __doc__ = _('Display information about a user.') + def post_callback(self, ldap, dn, entry_attrs, *keys, **options): convert_nsaccountlock(entry_attrs) self.obj._convert_manager(entry_attrs, **options) @@ -500,9 +494,7 @@ api.register(user_show) class user_disable(LDAPQuery): - """ - Disable a user account. - """ + __doc__ = _('Disable a user account.') has_output = output.standard_value msg_summary = _('Disabled user account "%(value)s"') @@ -523,9 +515,7 @@ api.register(user_disable) class user_enable(LDAPQuery): - """ - Enable a user account. - """ + __doc__ = _('Enable a user account.') has_output = output.standard_value msg_summary = _('Enabled user account "%(value)s"') @@ -545,14 +535,14 @@ class user_enable(LDAPQuery): api.register(user_enable) class user_unlock(LDAPQuery): - """ + __doc__ = _(""" Unlock a user account An account may become locked if the password is entered incorrectly too many times within a specific time period as controlled by password policy. A locked account is a temporary condition and may be unlocked by - an administrator. - """ + an administrator.""") + has_output = output.standard_value msg_summary = _('Unlocked account "%(value)s"') |