diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2016-06-23 18:23:00 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-07-01 09:37:25 +0200 |
| commit | 974eb7b5efd20ad2195b0ad578637ab31f4c1df4 (patch) | |
| tree | 4e9893aded56953876550d1588ca26887ec98c6f /ipalib/parameters.py | |
| parent | e6fc8f84d3ad5fc4c030ad592a3d743c02393439 (diff) | |
| download | freeipa-974eb7b5efd20ad2195b0ad578637ab31f4c1df4.tar.gz freeipa-974eb7b5efd20ad2195b0ad578637ab31f4c1df4.tar.xz freeipa-974eb7b5efd20ad2195b0ad578637ab31f4c1df4.zip | |
ipalib: introduce Principal parameter
This patch introduces a separate Principal parameter that allows the framework
to syntactically validate incoming/outcoming principals by using a single
shared codebase.
https://fedorahosted.org/freeipa/ticket/3864
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipalib/parameters.py')
| -rw-r--r-- | ipalib/parameters.py | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/ipalib/parameters.py b/ipalib/parameters.py index a08113460..1581b7dca 100644 --- a/ipalib/parameters.py +++ b/ipalib/parameters.py @@ -115,9 +115,11 @@ from ipalib.errors import PasswordMismatch, Base64DecodeError from ipalib.constants import TYPE_ERROR, CALLABLE_ERROR, LDAP_GENERALIZED_TIME_FORMAT from ipalib.text import Gettext, FixMe from ipalib.util import json_serialize, validate_idna_domain +from ipapython import kerberos from ipapython.dn import DN from ipapython.dnsutil import DNSName + def _is_null(value): return not value and value != 0 # NOTE: False == 0 @@ -1970,3 +1972,38 @@ class Dict(Param): type = dict type_error = _("must be dictionary") + + +class Principal(Param): + """ + Kerberos principal name + """ + + type = kerberos.Principal + type_error = _('must be Kerberos principal') + kwargs = Param.kwargs + ( + ('require_service', bool, False), + ) + + @property + def allowed_types(self): + return (self.type, unicode) + + def _convert_scalar(self, value, index=None): + if isinstance(value, unicode): + try: + value = kerberos.Principal(value) + except ValueError: + raise ConversionError( + name=self.get_param_name(), + error=_("Malformed principal: '%(value)s'") % dict( + value=value)) + + return super(Principal, self)._convert_scalar(value) + + def _rule_require_service(self, _, value): + if self.require_service and not value.is_service: + raise ValidationError( + name=self.get_param_name(), + error=_("Service principal is required") + ) |