mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
sudorule: PEP8 fixes in sudorule.py
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This commit is contained in:
parent
816007bdd9
commit
5a1207cb6e
@ -18,11 +18,19 @@
|
|||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
from ipalib import api, errors
|
from ipalib import api, errors
|
||||||
from ipalib import Str, StrEnum, Bool
|
from ipalib import Str, StrEnum, Bool, Int
|
||||||
from ipalib.plugable import Registry
|
from ipalib.plugable import Registry
|
||||||
from ipalib.plugins.baseldap import *
|
from ipalib.plugins.baseldap import (LDAPObject, LDAPCreate, LDAPDelete,
|
||||||
|
LDAPUpdate, LDAPSearch, LDAPRetrieve,
|
||||||
|
LDAPQuery, LDAPAddMember, LDAPRemoveMember,
|
||||||
|
add_external_pre_callback,
|
||||||
|
add_external_post_callback,
|
||||||
|
remove_external_post_callback,
|
||||||
|
output, entry_to_dict, pkey_to_value,
|
||||||
|
external_host_param)
|
||||||
from ipalib.plugins.hbacrule import is_all
|
from ipalib.plugins.hbacrule import is_all
|
||||||
from ipalib import _, ngettext
|
from ipalib import _, ngettext
|
||||||
|
from ipapython.dn import DN
|
||||||
|
|
||||||
__doc__ = _("""
|
__doc__ = _("""
|
||||||
Sudo Rules
|
Sudo Rules
|
||||||
@ -79,18 +87,25 @@ register = Registry()
|
|||||||
|
|
||||||
topic = ('sudo', _('Commands for controlling sudo configuration'))
|
topic = ('sudo', _('Commands for controlling sudo configuration'))
|
||||||
|
|
||||||
|
|
||||||
def deprecated(attribute):
|
def deprecated(attribute):
|
||||||
raise errors.ValidationError(name=attribute, error=_('this option has been deprecated.'))
|
raise errors.ValidationError(
|
||||||
|
name=attribute,
|
||||||
|
error=_('this option has been deprecated.'))
|
||||||
|
|
||||||
|
|
||||||
def validate_externaluser(ugettext, value):
|
def validate_externaluser(ugettext, value):
|
||||||
deprecated('externaluser')
|
deprecated('externaluser')
|
||||||
|
|
||||||
|
|
||||||
def validate_runasextuser(ugettext, value):
|
def validate_runasextuser(ugettext, value):
|
||||||
deprecated('runasexternaluser')
|
deprecated('runasexternaluser')
|
||||||
|
|
||||||
|
|
||||||
def validate_runasextgroup(ugettext, value):
|
def validate_runasextgroup(ugettext, value):
|
||||||
deprecated('runasexternalgroup')
|
deprecated('runasexternalgroup')
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
class sudorule(LDAPObject):
|
class sudorule(LDAPObject):
|
||||||
"""
|
"""
|
||||||
@ -326,7 +341,6 @@ class sudorule(LDAPObject):
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
class sudorule_add(LDAPCreate):
|
class sudorule_add(LDAPCreate):
|
||||||
__doc__ = _('Create new Sudo Rule.')
|
__doc__ = _('Create new Sudo Rule.')
|
||||||
@ -341,7 +355,6 @@ class sudorule_add(LDAPCreate):
|
|||||||
msg_summary = _('Added Sudo Rule "%(value)s"')
|
msg_summary = _('Added Sudo Rule "%(value)s"')
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
class sudorule_del(LDAPDelete):
|
class sudorule_del(LDAPDelete):
|
||||||
__doc__ = _('Delete Sudo Rule.')
|
__doc__ = _('Delete Sudo Rule.')
|
||||||
@ -349,14 +362,15 @@ class sudorule_del(LDAPDelete):
|
|||||||
msg_summary = _('Deleted Sudo Rule "%(value)s"')
|
msg_summary = _('Deleted Sudo Rule "%(value)s"')
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
class sudorule_mod(LDAPUpdate):
|
class sudorule_mod(LDAPUpdate):
|
||||||
__doc__ = _('Modify Sudo Rule.')
|
__doc__ = _('Modify Sudo Rule.')
|
||||||
|
|
||||||
msg_summary = _('Modified Sudo Rule "%(value)s"')
|
msg_summary = _('Modified Sudo Rule "%(value)s"')
|
||||||
|
|
||||||
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
||||||
assert isinstance(dn, DN)
|
assert isinstance(dn, DN)
|
||||||
|
|
||||||
if 'sudoorder' in options:
|
if 'sudoorder' in options:
|
||||||
new_order = options.get('sudoorder')
|
new_order = options.get('sudoorder')
|
||||||
old_entry = self.api.Command.sudorule_show(keys[-1])['result']
|
old_entry = self.api.Command.sudorule_show(keys[-1])['result']
|
||||||
@ -386,7 +400,6 @@ class sudorule_mod(LDAPUpdate):
|
|||||||
return dn
|
return dn
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
class sudorule_find(LDAPSearch):
|
class sudorule_find(LDAPSearch):
|
||||||
__doc__ = _('Search for Sudo Rule.')
|
__doc__ = _('Search for Sudo Rule.')
|
||||||
@ -396,13 +409,11 @@ class sudorule_find(LDAPSearch):
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
class sudorule_show(LDAPRetrieve):
|
class sudorule_show(LDAPRetrieve):
|
||||||
__doc__ = _('Display Sudo Rule.')
|
__doc__ = _('Display Sudo Rule.')
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
class sudorule_enable(LDAPQuery):
|
class sudorule_enable(LDAPQuery):
|
||||||
__doc__ = _('Enable a Sudo Rule.')
|
__doc__ = _('Enable a Sudo Rule.')
|
||||||
@ -429,7 +440,6 @@ class sudorule_enable(LDAPQuery):
|
|||||||
textui.print_dashed(_('Enabled Sudo Rule "%s"') % cn)
|
textui.print_dashed(_('Enabled Sudo Rule "%s"') % cn)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
class sudorule_disable(LDAPQuery):
|
class sudorule_disable(LDAPQuery):
|
||||||
__doc__ = _('Disable a Sudo Rule.')
|
__doc__ = _('Disable a Sudo Rule.')
|
||||||
@ -456,7 +466,6 @@ class sudorule_disable(LDAPQuery):
|
|||||||
textui.print_dashed(_('Disabled Sudo Rule "%s"') % cn)
|
textui.print_dashed(_('Disabled Sudo Rule "%s"') % cn)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
class sudorule_add_allow_command(LDAPAddMember):
|
class sudorule_add_allow_command(LDAPAddMember):
|
||||||
__doc__ = _('Add commands and sudo command groups affected by Sudo Rule.')
|
__doc__ = _('Add commands and sudo command groups affected by Sudo Rule.')
|
||||||
@ -466,17 +475,20 @@ class sudorule_add_allow_command(LDAPAddMember):
|
|||||||
|
|
||||||
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
|
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
|
||||||
assert isinstance(dn, DN)
|
assert isinstance(dn, DN)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
|
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
|
||||||
except errors.NotFound:
|
except errors.NotFound:
|
||||||
self.obj.handle_not_found(*keys)
|
self.obj.handle_not_found(*keys)
|
||||||
|
|
||||||
if is_all(_entry_attrs, 'cmdcategory'):
|
if is_all(_entry_attrs, 'cmdcategory'):
|
||||||
raise errors.MutuallyExclusiveError(reason=_("commands cannot be added when command category='all'"))
|
raise errors.MutuallyExclusiveError(
|
||||||
|
reason=_("commands cannot be added when command "
|
||||||
|
"category='all'"))
|
||||||
|
|
||||||
return dn
|
return dn
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
class sudorule_remove_allow_command(LDAPRemoveMember):
|
class sudorule_remove_allow_command(LDAPRemoveMember):
|
||||||
__doc__ = _('Remove commands and sudo command groups affected by Sudo Rule.')
|
__doc__ = _('Remove commands and sudo command groups affected by Sudo Rule.')
|
||||||
@ -485,7 +497,6 @@ class sudorule_remove_allow_command(LDAPRemoveMember):
|
|||||||
member_count_out = ('%i object removed.', '%i objects removed.')
|
member_count_out = ('%i object removed.', '%i objects removed.')
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
class sudorule_add_deny_command(LDAPAddMember):
|
class sudorule_add_deny_command(LDAPAddMember):
|
||||||
__doc__ = _('Add commands and sudo command groups affected by Sudo Rule.')
|
__doc__ = _('Add commands and sudo command groups affected by Sudo Rule.')
|
||||||
@ -504,7 +515,6 @@ class sudorule_add_deny_command(LDAPAddMember):
|
|||||||
return dn
|
return dn
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
class sudorule_remove_deny_command(LDAPRemoveMember):
|
class sudorule_remove_deny_command(LDAPRemoveMember):
|
||||||
__doc__ = _('Remove commands and sudo command groups affected by Sudo Rule.')
|
__doc__ = _('Remove commands and sudo command groups affected by Sudo Rule.')
|
||||||
@ -513,7 +523,6 @@ class sudorule_remove_deny_command(LDAPRemoveMember):
|
|||||||
member_count_out = ('%i object removed.', '%i objects removed.')
|
member_count_out = ('%i object removed.', '%i objects removed.')
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
class sudorule_add_user(LDAPAddMember):
|
class sudorule_add_user(LDAPAddMember):
|
||||||
__doc__ = _('Add users and groups affected by Sudo Rule.')
|
__doc__ = _('Add users and groups affected by Sudo Rule.')
|
||||||
@ -523,17 +532,24 @@ class sudorule_add_user(LDAPAddMember):
|
|||||||
|
|
||||||
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
|
def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
|
||||||
assert isinstance(dn, DN)
|
assert isinstance(dn, DN)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
|
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
|
||||||
except errors.NotFound:
|
except errors.NotFound:
|
||||||
self.obj.handle_not_found(*keys)
|
self.obj.handle_not_found(*keys)
|
||||||
|
|
||||||
if is_all(_entry_attrs, 'usercategory'):
|
if is_all(_entry_attrs, 'usercategory'):
|
||||||
raise errors.MutuallyExclusiveError(reason=_("users cannot be added when user category='all'"))
|
raise errors.MutuallyExclusiveError(
|
||||||
|
reason=_("users cannot be added when user category='all'"))
|
||||||
|
|
||||||
return add_external_pre_callback('user', ldap, dn, keys, options)
|
return add_external_pre_callback('user', ldap, dn, keys, options)
|
||||||
|
|
||||||
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
|
def post_callback(self, ldap, completed, failed, dn, entry_attrs,
|
||||||
|
*keys, **options):
|
||||||
assert isinstance(dn, DN)
|
assert isinstance(dn, DN)
|
||||||
return add_external_post_callback('memberuser', 'user', 'externaluser', ldap, completed, failed, dn, entry_attrs, keys, options)
|
return add_external_post_callback('memberuser', 'user', 'externaluser',
|
||||||
|
ldap, completed, failed, dn,
|
||||||
|
entry_attrs, keys, options)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -544,9 +560,13 @@ class sudorule_remove_user(LDAPRemoveMember):
|
|||||||
member_attributes = ['memberuser']
|
member_attributes = ['memberuser']
|
||||||
member_count_out = ('%i object removed.', '%i objects removed.')
|
member_count_out = ('%i object removed.', '%i objects removed.')
|
||||||
|
|
||||||
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
|
def post_callback(self, ldap, completed, failed, dn, entry_attrs,
|
||||||
|
*keys, **options):
|
||||||
assert isinstance(dn, DN)
|
assert isinstance(dn, DN)
|
||||||
return remove_external_post_callback('memberuser', 'user', 'externaluser', ldap, completed, failed, dn, entry_attrs, keys, options)
|
return remove_external_post_callback('memberuser', 'user',
|
||||||
|
'externaluser', ldap, completed,
|
||||||
|
failed, dn, entry_attrs, keys,
|
||||||
|
options)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -563,11 +583,15 @@ class sudorule_add_host(LDAPAddMember):
|
|||||||
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
|
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
|
||||||
except errors.NotFound:
|
except errors.NotFound:
|
||||||
self.obj.handle_not_found(*keys)
|
self.obj.handle_not_found(*keys)
|
||||||
|
|
||||||
if is_all(_entry_attrs, 'hostcategory'):
|
if is_all(_entry_attrs, 'hostcategory'):
|
||||||
raise errors.MutuallyExclusiveError(reason=_("hosts cannot be added when host category='all'"))
|
raise errors.MutuallyExclusiveError(
|
||||||
|
reason=_("hosts cannot be added when host category='all'"))
|
||||||
|
|
||||||
return add_external_pre_callback('host', ldap, dn, keys, options)
|
return add_external_pre_callback('host', ldap, dn, keys, options)
|
||||||
|
|
||||||
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
|
def post_callback(self, ldap, completed, failed, dn, entry_attrs,
|
||||||
|
*keys, **options):
|
||||||
assert isinstance(dn, DN)
|
assert isinstance(dn, DN)
|
||||||
return add_external_post_callback('memberhost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options)
|
return add_external_post_callback('memberhost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options)
|
||||||
|
|
||||||
@ -580,9 +604,13 @@ class sudorule_remove_host(LDAPRemoveMember):
|
|||||||
member_attributes = ['memberhost']
|
member_attributes = ['memberhost']
|
||||||
member_count_out = ('%i object removed.', '%i objects removed.')
|
member_count_out = ('%i object removed.', '%i objects removed.')
|
||||||
|
|
||||||
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
|
def post_callback(self, ldap, completed, failed, dn, entry_attrs,
|
||||||
|
*keys, **options):
|
||||||
assert isinstance(dn, DN)
|
assert isinstance(dn, DN)
|
||||||
return remove_external_post_callback('memberhost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options)
|
return remove_external_post_callback('memberhost', 'host',
|
||||||
|
'externalhost', ldap, completed,
|
||||||
|
failed, dn, entry_attrs, keys,
|
||||||
|
options)
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
@ -594,6 +622,7 @@ class sudorule_add_runasuser(LDAPAddMember):
|
|||||||
|
|
||||||
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
||||||
assert isinstance(dn, DN)
|
assert isinstance(dn, DN)
|
||||||
|
|
||||||
def check_validity(runas):
|
def check_validity(runas):
|
||||||
v = unicode(runas)
|
v = unicode(runas)
|
||||||
if v.upper() == u'ALL':
|
if v.upper() == u'ALL':
|
||||||
@ -604,31 +633,38 @@ class sudorule_add_runasuser(LDAPAddMember):
|
|||||||
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
|
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
|
||||||
except errors.NotFound:
|
except errors.NotFound:
|
||||||
self.obj.handle_not_found(*keys)
|
self.obj.handle_not_found(*keys)
|
||||||
if is_all(_entry_attrs, 'ipasudorunasusercategory') or \
|
|
||||||
is_all(_entry_attrs, 'ipasudorunasgroupcategory'):
|
if any((is_all(_entry_attrs, 'ipasudorunasusercategory'),
|
||||||
raise errors.MutuallyExclusiveError(reason=_("users cannot be added when runAs user or runAs group category='all'"))
|
is_all(_entry_attrs, 'ipasudorunasgroupcategory'))):
|
||||||
|
|
||||||
|
raise errors.MutuallyExclusiveError(
|
||||||
|
reason=_("users cannot be added when runAs user or runAs "
|
||||||
|
"group category='all'"))
|
||||||
|
|
||||||
if 'user' in options:
|
if 'user' in options:
|
||||||
for name in options['user']:
|
for name in options['user']:
|
||||||
if not check_validity(name):
|
if not check_validity(name):
|
||||||
raise errors.ValidationError(name='runas-user',
|
raise errors.ValidationError(name='runas-user',
|
||||||
error=unicode(_("RunAsUser does not accept '%(name)s' as a user name")) %
|
error=unicode(_("RunAsUser does not accept "
|
||||||
dict(name=name))
|
"'%(name)s' as a user name")) %
|
||||||
|
dict(name=name))
|
||||||
|
|
||||||
if 'group' in options:
|
if 'group' in options:
|
||||||
for name in options['group']:
|
for name in options['group']:
|
||||||
if not check_validity(name):
|
if not check_validity(name):
|
||||||
raise errors.ValidationError(name='runas-user',
|
raise errors.ValidationError(name='runas-user',
|
||||||
error=unicode(_("RunAsUser does not accept '%(name)s' as a group name")) %
|
error=unicode(_("RunAsUser does not accept "
|
||||||
dict(name=name))
|
"'%(name)s' as a group name")) %
|
||||||
|
dict(name=name))
|
||||||
|
|
||||||
return add_external_pre_callback('user', ldap, dn, keys, options)
|
return add_external_pre_callback('user', ldap, dn, keys, options)
|
||||||
|
|
||||||
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
|
def post_callback(self, ldap, completed, failed, dn, entry_attrs,
|
||||||
|
*keys, **options):
|
||||||
assert isinstance(dn, DN)
|
assert isinstance(dn, DN)
|
||||||
return add_external_post_callback('ipasudorunas', 'user', 'ipasudorunasextuser', ldap, completed, failed, dn, entry_attrs, keys, options)
|
return add_external_post_callback('ipasudorunas', 'user', 'ipasudorunasextuser', ldap, completed, failed, dn, entry_attrs, keys, options)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
class sudorule_remove_runasuser(LDAPRemoveMember):
|
class sudorule_remove_runasuser(LDAPRemoveMember):
|
||||||
__doc__ = _('Remove users and groups for Sudo to execute as.')
|
__doc__ = _('Remove users and groups for Sudo to execute as.')
|
||||||
@ -636,12 +672,12 @@ class sudorule_remove_runasuser(LDAPRemoveMember):
|
|||||||
member_attributes = ['ipasudorunas']
|
member_attributes = ['ipasudorunas']
|
||||||
member_count_out = ('%i object removed.', '%i objects removed.')
|
member_count_out = ('%i object removed.', '%i objects removed.')
|
||||||
|
|
||||||
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
|
def post_callback(self, ldap, completed, failed, dn, entry_attrs,
|
||||||
|
*keys, **options):
|
||||||
assert isinstance(dn, DN)
|
assert isinstance(dn, DN)
|
||||||
return remove_external_post_callback('ipasudorunas', 'user', 'ipasudorunasextuser', ldap, completed, failed, dn, entry_attrs, keys, options)
|
return remove_external_post_callback('ipasudorunas', 'user', 'ipasudorunasextuser', ldap, completed, failed, dn, entry_attrs, keys, options)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
class sudorule_add_runasgroup(LDAPAddMember):
|
class sudorule_add_runasgroup(LDAPAddMember):
|
||||||
__doc__ = _('Add group for Sudo to execute as.')
|
__doc__ = _('Add group for Sudo to execute as.')
|
||||||
@ -651,6 +687,7 @@ class sudorule_add_runasgroup(LDAPAddMember):
|
|||||||
|
|
||||||
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
||||||
assert isinstance(dn, DN)
|
assert isinstance(dn, DN)
|
||||||
|
|
||||||
def check_validity(runas):
|
def check_validity(runas):
|
||||||
v = unicode(runas)
|
v = unicode(runas)
|
||||||
if v.upper() == u'ALL':
|
if v.upper() == u'ALL':
|
||||||
@ -663,20 +700,27 @@ class sudorule_add_runasgroup(LDAPAddMember):
|
|||||||
self.obj.handle_not_found(*keys)
|
self.obj.handle_not_found(*keys)
|
||||||
if is_all(_entry_attrs, 'ipasudorunasusercategory') or \
|
if is_all(_entry_attrs, 'ipasudorunasusercategory') or \
|
||||||
is_all(_entry_attrs, 'ipasudorunasgroupcategory'):
|
is_all(_entry_attrs, 'ipasudorunasgroupcategory'):
|
||||||
raise errors.MutuallyExclusiveError(reason=_("users cannot be added when runAs user or runAs group category='all'"))
|
raise errors.MutuallyExclusiveError(
|
||||||
|
reason=_("users cannot be added when runAs user or runAs "
|
||||||
|
"group category='all'"))
|
||||||
|
|
||||||
if 'group' in options:
|
if 'group' in options:
|
||||||
for name in options['group']:
|
for name in options['group']:
|
||||||
if not check_validity(name):
|
if not check_validity(name):
|
||||||
raise errors.ValidationError(name='runas-group',
|
raise errors.ValidationError(name='runas-group',
|
||||||
error=unicode(_("RunAsGroup does not accept '%(name)s' as a group name")) %
|
error=unicode(_("RunAsGroup does not accept "
|
||||||
dict(name=name))
|
"'%(name)s' as a group name")) %
|
||||||
|
dict(name=name))
|
||||||
|
|
||||||
return add_external_pre_callback('group', ldap, dn, keys, options)
|
return add_external_pre_callback('group', ldap, dn, keys, options)
|
||||||
|
|
||||||
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
|
def post_callback(self, ldap, completed, failed, dn, entry_attrs,
|
||||||
|
*keys, **options):
|
||||||
assert isinstance(dn, DN)
|
assert isinstance(dn, DN)
|
||||||
return add_external_post_callback('ipasudorunasgroup', 'group', 'ipasudorunasextgroup', ldap, completed, failed, dn, entry_attrs, keys, options)
|
return add_external_post_callback('ipasudorunasgroup', 'group',
|
||||||
|
'ipasudorunasextgroup', ldap,
|
||||||
|
completed, failed, dn, entry_attrs,
|
||||||
|
keys, options)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -687,9 +731,13 @@ class sudorule_remove_runasgroup(LDAPRemoveMember):
|
|||||||
member_attributes = ['ipasudorunasgroup']
|
member_attributes = ['ipasudorunasgroup']
|
||||||
member_count_out = ('%i object removed.', '%i objects removed.')
|
member_count_out = ('%i object removed.', '%i objects removed.')
|
||||||
|
|
||||||
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
|
def post_callback(self, ldap, completed, failed, dn, entry_attrs,
|
||||||
|
*keys, **options):
|
||||||
assert isinstance(dn, DN)
|
assert isinstance(dn, DN)
|
||||||
return remove_external_post_callback('ipasudorunasgroup', 'group', 'ipasudorunasextgroup', ldap, completed, failed, dn, entry_attrs, keys, options)
|
return remove_external_post_callback('ipasudorunasgroup', 'group',
|
||||||
|
'ipasudorunasextgroup', ldap,
|
||||||
|
completed, failed, dn,
|
||||||
|
entry_attrs, keys, options)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -738,12 +786,12 @@ class sudorule_add_option(LDAPQuery):
|
|||||||
return dict(result=entry_attrs, value=pkey_to_value(cn, options))
|
return dict(result=entry_attrs, value=pkey_to_value(cn, options))
|
||||||
|
|
||||||
def output_for_cli(self, textui, result, cn, **options):
|
def output_for_cli(self, textui, result, cn, **options):
|
||||||
textui.print_dashed(_('Added option "%(option)s" to Sudo Rule "%(rule)s"') % \
|
textui.print_dashed(
|
||||||
dict(option=options['ipasudoopt'], rule=cn))
|
_('Added option "%(option)s" to Sudo Rule "%(rule)s"')
|
||||||
super(sudorule_add_option, self).output_for_cli(textui, result, cn, **options)
|
% dict(option=options['ipasudoopt'], rule=cn))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
super(sudorule_add_option, self).output_for_cli(textui, result, cn,
|
||||||
|
**options)
|
||||||
|
|
||||||
|
|
||||||
@register()
|
@register()
|
||||||
@ -765,7 +813,9 @@ class sudorule_remove_option(LDAPQuery):
|
|||||||
|
|
||||||
if not options['ipasudoopt'].strip():
|
if not options['ipasudoopt'].strip():
|
||||||
raise errors.EmptyModlist()
|
raise errors.EmptyModlist()
|
||||||
|
|
||||||
entry_attrs = ldap.get_entry(dn, ['ipasudoopt'])
|
entry_attrs = ldap.get_entry(dn, ['ipasudoopt'])
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if options['ipasudoopt'] in entry_attrs['ipasudoopt']:
|
if options['ipasudoopt'] in entry_attrs['ipasudoopt']:
|
||||||
entry_attrs.setdefault('ipasudoopt', []).remove(
|
entry_attrs.setdefault('ipasudoopt', []).remove(
|
||||||
@ -776,7 +826,7 @@ class sudorule_remove_option(LDAPQuery):
|
|||||||
attr='ipasudoopt',
|
attr='ipasudoopt',
|
||||||
value=options['ipasudoopt']
|
value=options['ipasudoopt']
|
||||||
)
|
)
|
||||||
except ValueError, e:
|
except ValueError:
|
||||||
pass
|
pass
|
||||||
except KeyError:
|
except KeyError:
|
||||||
raise errors.AttrValueNotFound(
|
raise errors.AttrValueNotFound(
|
||||||
@ -794,7 +844,9 @@ class sudorule_remove_option(LDAPQuery):
|
|||||||
return dict(result=entry_attrs, value=pkey_to_value(cn, options))
|
return dict(result=entry_attrs, value=pkey_to_value(cn, options))
|
||||||
|
|
||||||
def output_for_cli(self, textui, result, cn, **options):
|
def output_for_cli(self, textui, result, cn, **options):
|
||||||
textui.print_dashed(_('Removed option "%(option)s" from Sudo Rule "%(rule)s"') % \
|
textui.print_dashed(
|
||||||
dict(option=options['ipasudoopt'], rule=cn))
|
_('Removed option "%(option)s" from Sudo Rule "%(rule)s"')
|
||||||
super(sudorule_remove_option, self).output_for_cli(textui, result, cn, **options)
|
% dict(option=options['ipasudoopt'], rule=cn))
|
||||||
|
super(sudorule_remove_option, self).output_for_cli(textui, result, cn,
|
||||||
|
**options)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user