When external host is specified in HBAC rule, allow its use in simulation

https://fedorahosted.org/freeipa/ticket/1763 When external host is specified in HBAC rule, it needs to be added to the set of source hosts this rule applies to. Add (list of external hosts) explicitly when converting FreeIPA rules to PyHBAC objects.
2025-01-14 02:11:56 -06:00 · 2011-09-13 11:49:27 +03:00 · 2011-09-13 11:49:27 +03:00 · 261a41b3d4
commit 261a41b3d4
parent 579c8e56e0
1 changed files with 4 additions and 1 deletions
--- a/ipalib/plugins/hbactest.py
+++ b/ipalib/plugins/hbactest.py
@ -131,7 +131,8 @@ def convert_to_ipa_rule(rule):
    ipa_rule = pyhbac.HbacRule(rule['cn'][0])
    ipa_rule.enabled = rule['ipaenabledflag'][0]
    # Following code attempts to process rule systematically
-    structure = (('user',       'memberuser',    'user',    'group',        ipa_rule.users),
+    structure = \
+        (('user',       'memberuser',    'user',    'group',        ipa_rule.users),
         ('host',       'memberhost',    'host',    'hostgroup',    ipa_rule.targethosts),
         ('sourcehost', 'sourcehost',    'host',    'hostgroup',    ipa_rule.srchosts),
         ('service',    'memberservice', 'hbacsvc', 'hbacsvcgroup', ipa_rule.services),
@ -151,6 +152,8 @@ def convert_to_ipa_rule(rule):
            attr_name = '%s_%s' % (element[1], element[3])
            if attr_name in rule:
                element[4].groups = rule[attr_name]
+    if 'externalhost' in rule:
+            ipa_rule.srchosts.names.extend(rule['externalhost'])
    return ipa_rule