IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

DNS Locations: location-* commands

Browse Source 
http://www.freeipa.org/page/V4/DNS_Location_Mechanism

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Martin Basti
2016-05-12 10:54:20 +02:00
parent 180d7458de
commit bae621415d
8 changed files with 230 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ACI.txt
View File

@@ -158,6 +158,14 @@ dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example
aci: (targetattr = "createtimestamp || entryusn || krbdefaultencsalttypes || krbmaxrenewableage || krbmaxticketlife || krbsupportedencsalttypes || modifytimestamp || objectclass")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read Default Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Default Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";) aci: (targetattr = "createtimestamp || entryusn || krbdefaultencsalttypes || krbmaxrenewableage || krbmaxticketlife || krbsupportedencsalttypes || modifytimestamp || objectclass")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read Default Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Default Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "krbmaxrenewableage || krbmaxticketlife")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read User Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";) aci: (targetattr = "krbmaxrenewableage || krbmaxticketlife")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read User Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=locations,cn=etc,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System: Add IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=locations,cn=etc,dc=ipa,dc=example
aci: (targetattr = "description")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write) groupdn = "ldap:///cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=locations,cn=etc,dc=ipa,dc=example
aci: (targetattr = "createtimestamp || description || entryusn || idnsname || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,read,search) groupdn = "ldap:///cn=System: Read IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=locations,cn=etc,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=System: Remove IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=ng,cn=alt,dc=ipa,dc=example dn: cn=ng,cn=alt,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Add Netgroups";allow (add) groupdn = "ldap:///cn=System: Add Netgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";) aci: (targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Add Netgroups";allow (add) groupdn = "ldap:///cn=System: Add Netgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=ng,cn=alt,dc=ipa,dc=example dn: cn=ng,cn=alt,dc=ipa,dc=example

59
API.txt
View File

@@ -2787,6 +2787,65 @@ option: Str('version?')
output: Entry('result') output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value') output: PrimaryKey('value')
command: location_add
args: 1,6,3
arg: DNSNameParam('idnsname', cli_name='name')
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('description?')
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('setattr*', cli_name='setattr')
option: Str('version?')
output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: location_del
args: 1,2,3
arg: DNSNameParam('idnsname+', cli_name='name')
option: Flag('continue', autofill=True, cli_name='continue', default=False)
option: Str('version?')
output: Output('result', type=[<type 'dict'>])
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: ListOfPrimaryKeys('value')
command: location_find
args: 1,8,4
arg: Str('criteria?')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('description?', autofill=False)
option: DNSNameParam('idnsname?', autofill=False, cli_name='name')
option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Int('sizelimit?', autofill=False)
option: Int('timelimit?', autofill=False)
option: Str('version?')
output: Output('count', type=[<type 'int'>])
output: ListOfEntries('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: Output('truncated', type=[<type 'bool'>])
command: location_mod
args: 1,8,3
arg: DNSNameParam('idnsname', cli_name='name')
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('delattr*', cli_name='delattr')
option: Str('description?', autofill=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Flag('rights', autofill=True, default=False)
option: Str('setattr*', cli_name='setattr')
option: Str('version?')
output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: location_show
args: 1,4,3
arg: DNSNameParam('idnsname', cli_name='name')
option: Flag('all', autofill=True, cli_name='all', default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Flag('rights', autofill=True, default=False)
option: Str('version?')
output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value')
command: migrate_ds command: migrate_ds
args: 2,20,4 args: 2,20,4
arg: Str('ldapuri', cli_name='ldap_uri') arg: Str('ldapuri', cli_name='ldap_uri')

4
VERSION
View File

@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# # # #
######################################################## ########################################################
IPA_API_VERSION_MAJOR=2 IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=173 IPA_API_VERSION_MINOR=174
# Last change: ipalib: introduce API schema plugins # Last change: mbasti - location-* commands

6
install/share/bootstrap-template.ldif
View File

@@ -119,6 +119,12 @@ objectClass: nsContainer
objectClass: top objectClass: top
cn: etc cn: etc
dn: cn=locations,cn=etc,$SUFFIX
changetype: add
objectClass: nsContainer
objectClass: top
cn: locations
dn: cn=sysaccounts,cn=etc,$SUFFIX dn: cn=sysaccounts,cn=etc,$SUFFIX
changetype: add changetype: add
objectClass: nsContainer objectClass: nsContainer

4
install/updates/37-locations.update
View File

@@ -0,0 +1,4 @@
dn: cn=locations,cn=etc,$SUFFIX
default: objectClass: nsContainer
default: objectClass: top
default: cn: locations

1
install/updates/Makefile.am
View File

@@ -28,6 +28,7 @@ app_DATA = \
25-referint.update \ 25-referint.update \
30-provisioning.update \ 30-provisioning.update \
30-s4u2proxy.update \ 30-s4u2proxy.update \
37-locations.update \
40-delegation.update \ 40-delegation.update \
40-realm_domains.update \ 40-realm_domains.update \
40-replication.update \ 40-replication.update \

1
ipalib/constants.py
View File

@@ -121,6 +121,7 @@ DEFAULT_CONFIG = (
('container_certprofile', DN(('cn', 'certprofiles'), ('cn', 'ca'))), ('container_certprofile', DN(('cn', 'certprofiles'), ('cn', 'ca'))),
('container_topology', DN(('cn', 'topology'), ('cn', 'ipa'), ('cn', 'etc'))), ('container_topology', DN(('cn', 'topology'), ('cn', 'ipa'), ('cn', 'etc'))),
('container_caacl', DN(('cn', 'caacls'), ('cn', 'ca'))), ('container_caacl', DN(('cn', 'caacls'), ('cn', 'ca'))),
('container_locations', DN(('cn', 'locations'), ('cn', 'etc'))),
# Ports, hosts, and URIs: # Ports, hosts, and URIs:
('xmlrpc_uri', 'http://localhost:8888/ipa/xml'), ('xmlrpc_uri', 'http://localhost:8888/ipa/xml'),

149
ipaserver/plugins/location.py Normal file
View File

@@ -0,0 +1,149 @@
#
# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
#
from __future__ import absolute_import
from ipalib import (
_,
ngettext,
api,
Str,
DNSNameParam
)
from ipalib.plugable import Registry
from ipaserver.plugins.baseldap import (
LDAPCreate,
LDAPSearch,
LDAPRetrieve,
LDAPDelete,
LDAPObject,
LDAPUpdate,
)
from ipapython.dnsutil import DNSName
__doc__ = _("""
IPA locations
""") + _("""
Manipulate DNS locations
""") + _("""
EXAMPLES:
""") + _("""
Find all locations:
ipa location-find
""") + _("""
Show specific location:
ipa location-show location
""") + _("""
Add location:
ipa location-add location --description 'My location'
""") + _("""
Delete location:
ipa location-del location
""")
register = Registry()
@register()
class location(LDAPObject):
"""
IPA locations
"""
container_dn = api.env.container_locations
object_name = _('location')
object_name_plural = _('locations')
object_class = ['top', 'ipaLocationObject']
search_attributes = ['idnsName']
default_attributes = [
'idnsname', 'description'
]
label = _('IPA Locations')
label_singular = _('IPA Location')
permission_filter_objectclasses = ['ipaLocationObject']
managed_permissions = {
'System: Read IPA Locations': {
'ipapermright': {'read', 'search', 'compare'},
'ipapermdefaultattr': {
'objectclass', 'idnsname', 'description',
},
'default_privileges': {'DNS Administrators'},
},
'System: Add IPA Locations': {
'ipapermright': {'add'},
'default_privileges': {'DNS Administrators'},
},
'System: Remove IPA Locations': {
'ipapermright': {'delete'},
'default_privileges': {'DNS Administrators'},
},
'System: Modify IPA Locations': {
'ipapermright': {'write'},
'ipapermdefaultattr': {
'description',
},
'default_privileges': {'DNS Administrators'},
},
}
takes_params = (
DNSNameParam(
'idnsname',
cli_name='name',
primary_key=True,
label=_('Location name'),
doc=_('IPA location name'),
# dns name must be relative, we will put it into middle of
# location domain name for location records
only_relative=True,
),
Str(
'description?',
label=_('Description'),
doc=_('IPA Location description'),
),
)
def get_dn(self, *keys, **options):
loc = keys[-1]
assert isinstance(loc, DNSName)
loc_a = loc.ToASCII()
return super(location, self).get_dn(loc_a, **options)
@register()
class location_add(LDAPCreate):
__doc__ = _('Add a new IPA location.')
msg_summary = _('Added IPA location "%(value)s"')
@register()
class location_del(LDAPDelete):
__doc__ = _('Delete an IPA location.')
msg_summary = _('Deleted IPA location "%(value)s"')
@register()
class location_mod(LDAPUpdate):
__doc__ = _('Modify information about an IPA location.')
msg_summary = _('Modified IPA location "%(value)s"')
@register()
class location_find(LDAPSearch):
__doc__ = _('Search for IPA locations.')
msg_summary = ngettext(
'%(count)d IPA location matched',
'%(count)d IPA locations matched', 0
)
@register()
class location_show(LDAPRetrieve):
__doc__ = _('Display information about an IPA location.')