sudorule: PEP8 fixes in sudorule.py

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This commit is contained in:
Tomas Babej 2014-05-14 12:58:30 +02:00 committed by Petr Viktorin
parent 816007bdd9
commit 5a1207cb6e

View File

@ -18,11 +18,19 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
from ipalib import api, errors from ipalib import api, errors
from ipalib import Str, StrEnum, Bool from ipalib import Str, StrEnum, Bool, Int
from ipalib.plugable import Registry from ipalib.plugable import Registry
from ipalib.plugins.baseldap import * from ipalib.plugins.baseldap import (LDAPObject, LDAPCreate, LDAPDelete,
LDAPUpdate, LDAPSearch, LDAPRetrieve,
LDAPQuery, LDAPAddMember, LDAPRemoveMember,
add_external_pre_callback,
add_external_post_callback,
remove_external_post_callback,
output, entry_to_dict, pkey_to_value,
external_host_param)
from ipalib.plugins.hbacrule import is_all from ipalib.plugins.hbacrule import is_all
from ipalib import _, ngettext from ipalib import _, ngettext
from ipapython.dn import DN
__doc__ = _(""" __doc__ = _("""
Sudo Rules Sudo Rules
@ -79,18 +87,25 @@ register = Registry()
topic = ('sudo', _('Commands for controlling sudo configuration')) topic = ('sudo', _('Commands for controlling sudo configuration'))
def deprecated(attribute): def deprecated(attribute):
raise errors.ValidationError(name=attribute, error=_('this option has been deprecated.')) raise errors.ValidationError(
name=attribute,
error=_('this option has been deprecated.'))
def validate_externaluser(ugettext, value): def validate_externaluser(ugettext, value):
deprecated('externaluser') deprecated('externaluser')
def validate_runasextuser(ugettext, value): def validate_runasextuser(ugettext, value):
deprecated('runasexternaluser') deprecated('runasexternaluser')
def validate_runasextgroup(ugettext, value): def validate_runasextgroup(ugettext, value):
deprecated('runasexternalgroup') deprecated('runasexternalgroup')
@register() @register()
class sudorule(LDAPObject): class sudorule(LDAPObject):
""" """
@ -326,7 +341,6 @@ class sudorule(LDAPObject):
) )
@register() @register()
class sudorule_add(LDAPCreate): class sudorule_add(LDAPCreate):
__doc__ = _('Create new Sudo Rule.') __doc__ = _('Create new Sudo Rule.')
@ -341,7 +355,6 @@ class sudorule_add(LDAPCreate):
msg_summary = _('Added Sudo Rule "%(value)s"') msg_summary = _('Added Sudo Rule "%(value)s"')
@register() @register()
class sudorule_del(LDAPDelete): class sudorule_del(LDAPDelete):
__doc__ = _('Delete Sudo Rule.') __doc__ = _('Delete Sudo Rule.')
@ -349,14 +362,15 @@ class sudorule_del(LDAPDelete):
msg_summary = _('Deleted Sudo Rule "%(value)s"') msg_summary = _('Deleted Sudo Rule "%(value)s"')
@register() @register()
class sudorule_mod(LDAPUpdate): class sudorule_mod(LDAPUpdate):
__doc__ = _('Modify Sudo Rule.') __doc__ = _('Modify Sudo Rule.')
msg_summary = _('Modified Sudo Rule "%(value)s"') msg_summary = _('Modified Sudo Rule "%(value)s"')
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN) assert isinstance(dn, DN)
if 'sudoorder' in options: if 'sudoorder' in options:
new_order = options.get('sudoorder') new_order = options.get('sudoorder')
old_entry = self.api.Command.sudorule_show(keys[-1])['result'] old_entry = self.api.Command.sudorule_show(keys[-1])['result']
@ -386,7 +400,6 @@ class sudorule_mod(LDAPUpdate):
return dn return dn
@register() @register()
class sudorule_find(LDAPSearch): class sudorule_find(LDAPSearch):
__doc__ = _('Search for Sudo Rule.') __doc__ = _('Search for Sudo Rule.')
@ -396,13 +409,11 @@ class sudorule_find(LDAPSearch):
) )
@register() @register()
class sudorule_show(LDAPRetrieve): class sudorule_show(LDAPRetrieve):
__doc__ = _('Display Sudo Rule.') __doc__ = _('Display Sudo Rule.')
@register() @register()
class sudorule_enable(LDAPQuery): class sudorule_enable(LDAPQuery):
__doc__ = _('Enable a Sudo Rule.') __doc__ = _('Enable a Sudo Rule.')
@ -429,7 +440,6 @@ class sudorule_enable(LDAPQuery):
textui.print_dashed(_('Enabled Sudo Rule "%s"') % cn) textui.print_dashed(_('Enabled Sudo Rule "%s"') % cn)
@register() @register()
class sudorule_disable(LDAPQuery): class sudorule_disable(LDAPQuery):
__doc__ = _('Disable a Sudo Rule.') __doc__ = _('Disable a Sudo Rule.')
@ -456,7 +466,6 @@ class sudorule_disable(LDAPQuery):
textui.print_dashed(_('Disabled Sudo Rule "%s"') % cn) textui.print_dashed(_('Disabled Sudo Rule "%s"') % cn)
@register() @register()
class sudorule_add_allow_command(LDAPAddMember): class sudorule_add_allow_command(LDAPAddMember):
__doc__ = _('Add commands and sudo command groups affected by Sudo Rule.') __doc__ = _('Add commands and sudo command groups affected by Sudo Rule.')
@ -466,17 +475,20 @@ class sudorule_add_allow_command(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options): def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN) assert isinstance(dn, DN)
try: try:
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes) _entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound: except errors.NotFound:
self.obj.handle_not_found(*keys) self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'cmdcategory'): if is_all(_entry_attrs, 'cmdcategory'):
raise errors.MutuallyExclusiveError(reason=_("commands cannot be added when command category='all'")) raise errors.MutuallyExclusiveError(
reason=_("commands cannot be added when command "
"category='all'"))
return dn return dn
@register() @register()
class sudorule_remove_allow_command(LDAPRemoveMember): class sudorule_remove_allow_command(LDAPRemoveMember):
__doc__ = _('Remove commands and sudo command groups affected by Sudo Rule.') __doc__ = _('Remove commands and sudo command groups affected by Sudo Rule.')
@ -485,7 +497,6 @@ class sudorule_remove_allow_command(LDAPRemoveMember):
member_count_out = ('%i object removed.', '%i objects removed.') member_count_out = ('%i object removed.', '%i objects removed.')
@register() @register()
class sudorule_add_deny_command(LDAPAddMember): class sudorule_add_deny_command(LDAPAddMember):
__doc__ = _('Add commands and sudo command groups affected by Sudo Rule.') __doc__ = _('Add commands and sudo command groups affected by Sudo Rule.')
@ -504,7 +515,6 @@ class sudorule_add_deny_command(LDAPAddMember):
return dn return dn
@register() @register()
class sudorule_remove_deny_command(LDAPRemoveMember): class sudorule_remove_deny_command(LDAPRemoveMember):
__doc__ = _('Remove commands and sudo command groups affected by Sudo Rule.') __doc__ = _('Remove commands and sudo command groups affected by Sudo Rule.')
@ -513,7 +523,6 @@ class sudorule_remove_deny_command(LDAPRemoveMember):
member_count_out = ('%i object removed.', '%i objects removed.') member_count_out = ('%i object removed.', '%i objects removed.')
@register() @register()
class sudorule_add_user(LDAPAddMember): class sudorule_add_user(LDAPAddMember):
__doc__ = _('Add users and groups affected by Sudo Rule.') __doc__ = _('Add users and groups affected by Sudo Rule.')
@ -523,17 +532,24 @@ class sudorule_add_user(LDAPAddMember):
def pre_callback(self, ldap, dn, found, not_found, *keys, **options): def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
assert isinstance(dn, DN) assert isinstance(dn, DN)
try: try:
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes) _entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound: except errors.NotFound:
self.obj.handle_not_found(*keys) self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'usercategory'): if is_all(_entry_attrs, 'usercategory'):
raise errors.MutuallyExclusiveError(reason=_("users cannot be added when user category='all'")) raise errors.MutuallyExclusiveError(
reason=_("users cannot be added when user category='all'"))
return add_external_pre_callback('user', ldap, dn, keys, options) return add_external_pre_callback('user', ldap, dn, keys, options)
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): def post_callback(self, ldap, completed, failed, dn, entry_attrs,
*keys, **options):
assert isinstance(dn, DN) assert isinstance(dn, DN)
return add_external_post_callback('memberuser', 'user', 'externaluser', ldap, completed, failed, dn, entry_attrs, keys, options) return add_external_post_callback('memberuser', 'user', 'externaluser',
ldap, completed, failed, dn,
entry_attrs, keys, options)
@ -544,9 +560,13 @@ class sudorule_remove_user(LDAPRemoveMember):
member_attributes = ['memberuser'] member_attributes = ['memberuser']
member_count_out = ('%i object removed.', '%i objects removed.') member_count_out = ('%i object removed.', '%i objects removed.')
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): def post_callback(self, ldap, completed, failed, dn, entry_attrs,
*keys, **options):
assert isinstance(dn, DN) assert isinstance(dn, DN)
return remove_external_post_callback('memberuser', 'user', 'externaluser', ldap, completed, failed, dn, entry_attrs, keys, options) return remove_external_post_callback('memberuser', 'user',
'externaluser', ldap, completed,
failed, dn, entry_attrs, keys,
options)
@ -563,11 +583,15 @@ class sudorule_add_host(LDAPAddMember):
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes) _entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound: except errors.NotFound:
self.obj.handle_not_found(*keys) self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'hostcategory'): if is_all(_entry_attrs, 'hostcategory'):
raise errors.MutuallyExclusiveError(reason=_("hosts cannot be added when host category='all'")) raise errors.MutuallyExclusiveError(
reason=_("hosts cannot be added when host category='all'"))
return add_external_pre_callback('host', ldap, dn, keys, options) return add_external_pre_callback('host', ldap, dn, keys, options)
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): def post_callback(self, ldap, completed, failed, dn, entry_attrs,
*keys, **options):
assert isinstance(dn, DN) assert isinstance(dn, DN)
return add_external_post_callback('memberhost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options) return add_external_post_callback('memberhost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options)
@ -580,9 +604,13 @@ class sudorule_remove_host(LDAPRemoveMember):
member_attributes = ['memberhost'] member_attributes = ['memberhost']
member_count_out = ('%i object removed.', '%i objects removed.') member_count_out = ('%i object removed.', '%i objects removed.')
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): def post_callback(self, ldap, completed, failed, dn, entry_attrs,
*keys, **options):
assert isinstance(dn, DN) assert isinstance(dn, DN)
return remove_external_post_callback('memberhost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options) return remove_external_post_callback('memberhost', 'host',
'externalhost', ldap, completed,
failed, dn, entry_attrs, keys,
options)
@register() @register()
@ -594,6 +622,7 @@ class sudorule_add_runasuser(LDAPAddMember):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN) assert isinstance(dn, DN)
def check_validity(runas): def check_validity(runas):
v = unicode(runas) v = unicode(runas)
if v.upper() == u'ALL': if v.upper() == u'ALL':
@ -604,31 +633,38 @@ class sudorule_add_runasuser(LDAPAddMember):
_entry_attrs = ldap.get_entry(dn, self.obj.default_attributes) _entry_attrs = ldap.get_entry(dn, self.obj.default_attributes)
except errors.NotFound: except errors.NotFound:
self.obj.handle_not_found(*keys) self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'ipasudorunasusercategory') or \
is_all(_entry_attrs, 'ipasudorunasgroupcategory'): if any((is_all(_entry_attrs, 'ipasudorunasusercategory'),
raise errors.MutuallyExclusiveError(reason=_("users cannot be added when runAs user or runAs group category='all'")) is_all(_entry_attrs, 'ipasudorunasgroupcategory'))):
raise errors.MutuallyExclusiveError(
reason=_("users cannot be added when runAs user or runAs "
"group category='all'"))
if 'user' in options: if 'user' in options:
for name in options['user']: for name in options['user']:
if not check_validity(name): if not check_validity(name):
raise errors.ValidationError(name='runas-user', raise errors.ValidationError(name='runas-user',
error=unicode(_("RunAsUser does not accept '%(name)s' as a user name")) % error=unicode(_("RunAsUser does not accept "
dict(name=name)) "'%(name)s' as a user name")) %
dict(name=name))
if 'group' in options: if 'group' in options:
for name in options['group']: for name in options['group']:
if not check_validity(name): if not check_validity(name):
raise errors.ValidationError(name='runas-user', raise errors.ValidationError(name='runas-user',
error=unicode(_("RunAsUser does not accept '%(name)s' as a group name")) % error=unicode(_("RunAsUser does not accept "
dict(name=name)) "'%(name)s' as a group name")) %
dict(name=name))
return add_external_pre_callback('user', ldap, dn, keys, options) return add_external_pre_callback('user', ldap, dn, keys, options)
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): def post_callback(self, ldap, completed, failed, dn, entry_attrs,
*keys, **options):
assert isinstance(dn, DN) assert isinstance(dn, DN)
return add_external_post_callback('ipasudorunas', 'user', 'ipasudorunasextuser', ldap, completed, failed, dn, entry_attrs, keys, options) return add_external_post_callback('ipasudorunas', 'user', 'ipasudorunasextuser', ldap, completed, failed, dn, entry_attrs, keys, options)
@register() @register()
class sudorule_remove_runasuser(LDAPRemoveMember): class sudorule_remove_runasuser(LDAPRemoveMember):
__doc__ = _('Remove users and groups for Sudo to execute as.') __doc__ = _('Remove users and groups for Sudo to execute as.')
@ -636,12 +672,12 @@ class sudorule_remove_runasuser(LDAPRemoveMember):
member_attributes = ['ipasudorunas'] member_attributes = ['ipasudorunas']
member_count_out = ('%i object removed.', '%i objects removed.') member_count_out = ('%i object removed.', '%i objects removed.')
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): def post_callback(self, ldap, completed, failed, dn, entry_attrs,
*keys, **options):
assert isinstance(dn, DN) assert isinstance(dn, DN)
return remove_external_post_callback('ipasudorunas', 'user', 'ipasudorunasextuser', ldap, completed, failed, dn, entry_attrs, keys, options) return remove_external_post_callback('ipasudorunas', 'user', 'ipasudorunasextuser', ldap, completed, failed, dn, entry_attrs, keys, options)
@register() @register()
class sudorule_add_runasgroup(LDAPAddMember): class sudorule_add_runasgroup(LDAPAddMember):
__doc__ = _('Add group for Sudo to execute as.') __doc__ = _('Add group for Sudo to execute as.')
@ -651,6 +687,7 @@ class sudorule_add_runasgroup(LDAPAddMember):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN) assert isinstance(dn, DN)
def check_validity(runas): def check_validity(runas):
v = unicode(runas) v = unicode(runas)
if v.upper() == u'ALL': if v.upper() == u'ALL':
@ -663,20 +700,27 @@ class sudorule_add_runasgroup(LDAPAddMember):
self.obj.handle_not_found(*keys) self.obj.handle_not_found(*keys)
if is_all(_entry_attrs, 'ipasudorunasusercategory') or \ if is_all(_entry_attrs, 'ipasudorunasusercategory') or \
is_all(_entry_attrs, 'ipasudorunasgroupcategory'): is_all(_entry_attrs, 'ipasudorunasgroupcategory'):
raise errors.MutuallyExclusiveError(reason=_("users cannot be added when runAs user or runAs group category='all'")) raise errors.MutuallyExclusiveError(
reason=_("users cannot be added when runAs user or runAs "
"group category='all'"))
if 'group' in options: if 'group' in options:
for name in options['group']: for name in options['group']:
if not check_validity(name): if not check_validity(name):
raise errors.ValidationError(name='runas-group', raise errors.ValidationError(name='runas-group',
error=unicode(_("RunAsGroup does not accept '%(name)s' as a group name")) % error=unicode(_("RunAsGroup does not accept "
dict(name=name)) "'%(name)s' as a group name")) %
dict(name=name))
return add_external_pre_callback('group', ldap, dn, keys, options) return add_external_pre_callback('group', ldap, dn, keys, options)
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): def post_callback(self, ldap, completed, failed, dn, entry_attrs,
*keys, **options):
assert isinstance(dn, DN) assert isinstance(dn, DN)
return add_external_post_callback('ipasudorunasgroup', 'group', 'ipasudorunasextgroup', ldap, completed, failed, dn, entry_attrs, keys, options) return add_external_post_callback('ipasudorunasgroup', 'group',
'ipasudorunasextgroup', ldap,
completed, failed, dn, entry_attrs,
keys, options)
@ -687,9 +731,13 @@ class sudorule_remove_runasgroup(LDAPRemoveMember):
member_attributes = ['ipasudorunasgroup'] member_attributes = ['ipasudorunasgroup']
member_count_out = ('%i object removed.', '%i objects removed.') member_count_out = ('%i object removed.', '%i objects removed.')
def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): def post_callback(self, ldap, completed, failed, dn, entry_attrs,
*keys, **options):
assert isinstance(dn, DN) assert isinstance(dn, DN)
return remove_external_post_callback('ipasudorunasgroup', 'group', 'ipasudorunasextgroup', ldap, completed, failed, dn, entry_attrs, keys, options) return remove_external_post_callback('ipasudorunasgroup', 'group',
'ipasudorunasextgroup', ldap,
completed, failed, dn,
entry_attrs, keys, options)
@ -738,12 +786,12 @@ class sudorule_add_option(LDAPQuery):
return dict(result=entry_attrs, value=pkey_to_value(cn, options)) return dict(result=entry_attrs, value=pkey_to_value(cn, options))
def output_for_cli(self, textui, result, cn, **options): def output_for_cli(self, textui, result, cn, **options):
textui.print_dashed(_('Added option "%(option)s" to Sudo Rule "%(rule)s"') % \ textui.print_dashed(
dict(option=options['ipasudoopt'], rule=cn)) _('Added option "%(option)s" to Sudo Rule "%(rule)s"')
super(sudorule_add_option, self).output_for_cli(textui, result, cn, **options) % dict(option=options['ipasudoopt'], rule=cn))
super(sudorule_add_option, self).output_for_cli(textui, result, cn,
**options)
@register() @register()
@ -765,7 +813,9 @@ class sudorule_remove_option(LDAPQuery):
if not options['ipasudoopt'].strip(): if not options['ipasudoopt'].strip():
raise errors.EmptyModlist() raise errors.EmptyModlist()
entry_attrs = ldap.get_entry(dn, ['ipasudoopt']) entry_attrs = ldap.get_entry(dn, ['ipasudoopt'])
try: try:
if options['ipasudoopt'] in entry_attrs['ipasudoopt']: if options['ipasudoopt'] in entry_attrs['ipasudoopt']:
entry_attrs.setdefault('ipasudoopt', []).remove( entry_attrs.setdefault('ipasudoopt', []).remove(
@ -776,7 +826,7 @@ class sudorule_remove_option(LDAPQuery):
attr='ipasudoopt', attr='ipasudoopt',
value=options['ipasudoopt'] value=options['ipasudoopt']
) )
except ValueError, e: except ValueError:
pass pass
except KeyError: except KeyError:
raise errors.AttrValueNotFound( raise errors.AttrValueNotFound(
@ -794,7 +844,9 @@ class sudorule_remove_option(LDAPQuery):
return dict(result=entry_attrs, value=pkey_to_value(cn, options)) return dict(result=entry_attrs, value=pkey_to_value(cn, options))
def output_for_cli(self, textui, result, cn, **options): def output_for_cli(self, textui, result, cn, **options):
textui.print_dashed(_('Removed option "%(option)s" from Sudo Rule "%(rule)s"') % \ textui.print_dashed(
dict(option=options['ipasudoopt'], rule=cn)) _('Removed option "%(option)s" from Sudo Rule "%(rule)s"')
super(sudorule_remove_option, self).output_for_cli(textui, result, cn, **options) % dict(option=options['ipasudoopt'], rule=cn))
super(sudorule_remove_option, self).output_for_cli(textui, result, cn,
**options)