Add range-mod command

range plugin was missing range-mod command that could be used for
example to fix a size for a range generated during upgrades. The
range should be updated with a caution though, a misconfiguration
could break trusts.

iparangetype is now also handled better and filled in all commands
instead of just range-show. objectclass attribute is deleted only
when really needed now.
This commit is contained in:
Martin Kosek 2012-07-11 14:09:17 +02:00
parent 9d69db80a3
commit 34f8ff4793
4 changed files with 76 additions and 9 deletions

19
API.txt
View File

@ -2411,6 +2411,25 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None))
output: Output('count', <type 'int'>, None)
output: Output('truncated', <type 'bool'>, None)
command: range_mod
args: 1,13,3
arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
option: Int('ipabaseid', attribute=True, autofill=False, cli_name='base_id', multivalue=False, required=False)
option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, required=False)
option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', multivalue=False, required=False)
option: Int('ipasecondarybaserid', attribute=True, autofill=False, cli_name='secondary_rid_base', multivalue=False, required=False)
option: Str('ipanttrusteddomainsid', attribute=True, autofill=False, cli_name='dom_sid', multivalue=False, required=False)
option: Str('iparangetype', attribute=True, autofill=False, cli_name='iparangetype', multivalue=False, required=False)
option: Str('setattr*', cli_name='setattr', exclude='webui')
option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Str('delattr*', cli_name='delattr', exclude='webui')
option: Flag('rights', autofill=True, default=False)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Str('version?', exclude='webui')
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
output: Output('value', <type 'unicode'>, None)
command: range_show
args: 1,4,3
arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)

View File

@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=39
IPA_API_VERSION_MINOR=40

View File

@ -80,6 +80,16 @@ class range(LDAPObject):
)
)
def handle_iparangetype(self, entry_attrs, options, keep_objectclass=False):
if not options.get('pkey_only', False):
if 'ipatrustedaddomainrange' in entry_attrs.get('objectclass', []):
entry_attrs['iparangetype'] = [unicode(_('Active Directory domain range'))]
else:
entry_attrs['iparangetype'] = [unicode(_(u'local domain range'))]
if not keep_objectclass:
if not options.get('all', False) or options.get('pkey_only', False):
entry_attrs.pop('objectclass', None)
class range_add(LDAPCreate):
__doc__ = _('Add new ID range.')
@ -99,6 +109,10 @@ class range_add(LDAPCreate):
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
self.obj.handle_iparangetype(entry_attrs, options, keep_objectclass=True)
return dn
class range_del(LDAPDelete):
__doc__ = _('Delete an ID range.')
@ -114,8 +128,14 @@ class range_find(LDAPSearch):
# Since all range types are stored within separate containers under
# 'cn=ranges,cn=etc' search can be done on a one-level scope
def pre_callback(self, ldap, filters, attrs_list, base_dn, scope, *args, **options):
attrs_list.append('objectclass')
return (filters, base_dn, ldap.SCOPE_ONELEVEL)
def post_callback(self, ldap, entries, truncated, *args, **options):
for dn,entry in entries:
self.obj.handle_iparangetype(entry, options)
return truncated
class range_show(LDAPRetrieve):
__doc__ = _('Display information about a range.')
@ -124,16 +144,25 @@ class range_show(LDAPRetrieve):
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
if 'ipatrustedaddomainrange' in entry_attrs['objectclass']:
entry_attrs['iparangetype']=(u'Active Directory domain range')
else:
entry_attrs['iparangetype']=(u'local domain range')
del entry_attrs['objectclass']
self.obj.handle_iparangetype(entry_attrs, options)
return dn
class range_mod(LDAPUpdate):
__doc__ = _('Modify ID range.')
msg_summary = _('Modified ID range "%(value)s"')
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
attrs_list.append('objectclass')
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
self.obj.handle_iparangetype(entry_attrs, options)
return dn
api.register(range)
api.register(range_add)
#api.register(range_mod)
api.register(range_mod)
api.register(range_del)
api.register(range_find)
api.register(range_show)

View File

@ -49,7 +49,8 @@ class test_range(Declarative):
ipabaseid=[u'900000'],
ipabaserid=[u'1000'],
ipasecondarybaserid=[u'20000'],
ipaidrangesize=[u'99999']
ipaidrangesize=[u'99999'],
iparangetype=[u'local domain range'],
),
value=testrange1,
summary=u'Added ID range "%s"' % (testrange1),
@ -69,11 +70,29 @@ class test_range(Declarative):
ipabaserid=[u'1000'],
ipasecondarybaserid=[u'20000'],
ipaidrangesize=[u'99999'],
iparangetype=u'local domain range',
iparangetype=[u'local domain range'],
),
value=testrange1,
summary=None,
),
),
dict(
desc='Modify range %r' % (testrange1),
command=('range_mod', [testrange1], dict(ipaidrangesize=90000)),
expected=dict(
result=dict(
cn=[testrange1],
ipabaseid=[u'900000'],
ipabaserid=[u'1000'],
ipasecondarybaserid=[u'20000'],
ipaidrangesize=[u'90000'],
iparangetype=[u'local domain range'],
),
value=testrange1,
summary=u'Modified ID range "%s"' % (testrange1),
),
),
]