User life cycle: provide preserved user virtual attribute

https://fedorahosted.org/freeipa/ticket/3813

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>

API.txt

@@ -5218,7 +5218,7 @@ option: Str('pager', attribute=True, autofill=False, cli_name='pager', multivalu
 option: Flag('pkey_only?', autofill=True, default=False)
 option: Str('postalcode', attribute=True, autofill=False, cli_name='postalcode', multivalue=False, query=True, required=False)
 option: Str('preferredlanguage', attribute=True, autofill=False, cli_name='preferredlanguage', multivalue=False, pattern='^(([a-zA-Z]{1,8}(-[a-zA-Z]{1,8})?(;q\\=((0(\\.[0-9]{0,3})?)|(1(\\.0{0,3})?)))?(\\s*,\\s*[a-zA-Z]{1,8}(-[a-zA-Z]{1,8})?(;q\\=((0(\\.[0-9]{0,3})?)|(1(\\.0{0,3})?)))?)*)|(\\*))$', query=True, required=False)
-option: Flag('preserved?', autofill=True, cli_name='preserved', default=False)
+option: Bool('preserved', attribute=False, autofill=False, cli_name='preserved', default=False, multivalue=False, query=True, required=False)
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: Int('sizelimit?', autofill=False, minvalue=0)
 option: Str('sn', attribute=True, autofill=False, cli_name='last', multivalue=False, query=True, required=False)

VERSION

@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=133
+IPA_API_VERSION_MINOR=134
-# Last change: pvoborni - add server-del internal command
+# Last change: jcholast - User life cycle: provide preserved user virtual attribute

ipalib/plugins/user.py

@@ -333,6 +333,11 @@ class user(baseuser):
             label=_('Account disabled'),
             flags=['no_option'],
         ),
+        Bool('preserved?',
+            label=_('Preserved user'),
+            default=False,
+            flags=['virtual_attribute', 'no_create', 'no_update'],
+        ),
     )
 
     def get_dn(self, *keys, **options):
@@ -369,6 +374,15 @@ class user(baseuser):
         """
         return super(user, self).normalize_manager(manager, self.active_container_dn)
 
+    def get_preserved_attribute(self, entry, options):
+        if options.get('raw', False):
+            return
+        delete_container_dn = DN(self.delete_container_dn, api.env.basedn)
+        if entry.dn.endswith(delete_container_dn):
+            entry['preserved'] = True
+        elif options.get('all', False):
+            entry['preserved'] = False
+
 
 @register()
 class user_add(baseuser_add):
@@ -540,6 +554,7 @@ class user_add(baseuser_add):
         self.obj.get_password_attributes(ldap, dn, entry_attrs)
         convert_sshpubkey_post(ldap, dn, entry_attrs)
         radius_dn2pk(self.api, entry_attrs)
+        self.obj.get_preserved_attribute(entry_attrs, options)
         return dn
 
 
@@ -665,6 +680,7 @@ class user_mod(baseuser_mod):
 
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
         self.post_common_callback(ldap, dn, entry_attrs, **options)
+        self.obj.get_preserved_attribute(entry_attrs, options)
         return dn
 
 
@@ -675,56 +691,56 @@ class user_find(baseuser_find):
     member_attributes = ['memberof']
     has_output_params = baseuser_find.has_output_params + user_output_params
 
+    msg_summary = ngettext(
+        '%(count)d user matched', '%(count)d users matched', 0
+    )
+
     takes_options = LDAPSearch.takes_options + (
         Flag('whoami',
             label=_('Self'),
             doc=_('Display user record for current Kerberos principal'),
         ),
-        Flag('preserved?',
-            doc=_('Display preserved deleted user'),
-            cli_name='preserved',
-            default=False,
-        ),
     )
 
-    def execute(self, *args, **options):
+    def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *keys, **options):
-        if self.original_msg_summary:
+        assert isinstance(base_dn, DN)
-            object.__setattr__(self, 'msg_summary', self.original_msg_summary)
+
+        if options.get('whoami'):
+            return ("(&(objectclass=posixaccount)(krbprincipalname=%s))"%\
+                        getattr(context, 'principal'), base_dn, scope)
+
         newoptions = {}
         self.common_enhance_options(newoptions, **options)
         options.update(newoptions)
 
-        for arg in args:
+        preserved = options.get('preserved', False)
-            self.log.debug("user-find- exec arg %r" % (arg))
+        if preserved is None:
-        if options['preserved']:
+            base_dn = self.api.env.basedn
-            self.obj.container_dn = baseuser.delete_container_dn
+            scope = ldap.SCOPE_SUBTREE
-            self.msg_summary = ngettext('%(count)d (delete) user matched', '%(count)d (delete) users matched', 0)
+        elif preserved:
-
+            base_dn = DN(self.obj.delete_container_dn, self.api.env.basedn)
-            ret = super(user_find, self).execute(self, *args, **options)
-
-            self.obj.container_dn = baseuser.active_container_dn
-            return ret
         else:
-            return super(user_find, self).execute(self, *args, **options)
+            base_dn = DN(self.obj.active_container_dn, self.api.env.basedn)
-
-    def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *keys, **options):
-        assert isinstance(base_dn, DN)
-        if options.get('whoami'):
-            return ("(&(objectclass=posixaccount)(krbprincipalname=%s))"%\
-                        getattr(context, 'principal'), base_dn, scope)
 
         return (filter, base_dn, scope)
 
     def post_callback(self, ldap, entries, truncated, *args, **options):
         if options.get('pkey_only', False):
             return truncated
-        self.post_common_callback(ldap, entries, lockout=False, **options)
-        return truncated
 
-    msg_summary = ngettext(
+        if options.get('preserved', False) is None:
-        '%(count)d user matched', '%(count)d users matched', 0
+            base_dns = (
+                DN(self.obj.active_container_dn, self.api.env.basedn),
+                DN(self.obj.delete_container_dn, self.api.env.basedn),
             )
-    original_msg_summary = msg_summary
+            entries[:] = [e for e in entries
+                          if any(e.dn.endswith(bd) for bd in base_dns)]
+
+        self.post_common_callback(ldap, entries, lockout=False, **options)
+        for entry in entries:
+            self.obj.get_preserved_attribute(entry, options)
+
+        return truncated
 
 
 @register()
@@ -736,6 +752,7 @@ class user_show(baseuser_show):
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
         convert_nsaccountlock(entry_attrs)
         self.post_common_callback(ldap, dn, entry_attrs, **options)
+        self.obj.get_preserved_attribute(entry_attrs, options)
         return dn
 
 @register()
@@ -944,6 +961,7 @@ class user_status(LDAPQuery):
                 convert_nsaccountlock(entry)
                 if 'nsaccountlock' in entry:
                     disabled = entry['nsaccountlock']
+                self.obj.get_preserved_attribute(entry, options)
                 entries.append(newresult)
                 count += 1
             except errors.NotFound: