IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add sudorule and hbacrule to memberof and indirectmemberof attributes

Browse Source 
Add Add tests for users, groups, hosts and hostgroups to verify membership

Update API to version 2.3

https://fedorahosted.org/freeipa/ticket/1170
This commit is contained in:
Jr Aquino
2011-05-31 14:52:35 -07:00
committed by Rob Crittenden
parent 4080a03051
commit d7c60205a6
8 changed files with 103 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
API.txt
View File

@@ -904,7 +904,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly
output: Output('result', <type 'bool'>, 'True means the operation was successful')
output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user")
command: group_find
args: 1,19,4
args: 1,23,4
arg: Str('criteria?')
option: Str('cn', attribute=True, autofill=False, cli_name='group_name', label=Gettext('Group name', domain='ipa', localedir=None), maxlength=255, multivalue=False, normalizer=<lambda>, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', pattern_errmsg='may only include letters, numbers, _, -, . and $', primary_key=True, query=True, required=False)
option: Str('description', attribute=True, autofill=False, cli_name='desc', label=Gettext('Description', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
@@ -925,6 +925,10 @@ option: List('in_netgroup?', cli_name='in_netgroups', label='netgroup', multival
option: List('not_in_netgroup?', cli_name='not_in_netgroups', label='netgroup', multivalue=True)
option: List('in_role?', cli_name='in_roles', label='role', multivalue=True)
option: List('not_in_role?', cli_name='not_in_roles', label='role', multivalue=True)
option: List('in_hbacrule?', cli_name='in_hbacrules', label='HBAC rule', multivalue=True)
option: List('not_in_hbacrule?', cli_name='not_in_hbacrules', label='HBAC rule', multivalue=True)
option: List('in_sudorule?', cli_name='in_sudorules', label='Sudo Rule', multivalue=True)
option: List('not_in_sudorule?', cli_name='not_in_sudorules', label='Sudo Rule', multivalue=True)
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly description of action performed')
output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None))
output: Output('count', <type 'int'>, 'Number of entries returned')
@@ -1313,7 +1317,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly
output: Output('result', <type 'bool'>, 'True means the operation was successful')
output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user")
command: host_find
args: 1,23,4
args: 1,27,4
arg: Str('criteria?')
option: Str('fqdn', validate_host, attribute=True, autofill=False, cli_name='hostname', label=Gettext('Host name', domain='ipa', localedir=None), multivalue=False, normalizer=<lambda>, primary_key=True, query=True, required=False)
option: Str('description', attribute=True, autofill=False, cli_name='desc', label=Gettext('Description', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
@@ -1334,6 +1338,10 @@ option: List('in_netgroup?', cli_name='in_netgroups', label='netgroup', multival
option: List('not_in_netgroup?', cli_name='not_in_netgroups', label='netgroup', multivalue=True)
option: List('in_role?', cli_name='in_roles', label='role', multivalue=True)
option: List('not_in_role?', cli_name='not_in_roles', label='role', multivalue=True)
option: List('in_hbacrule?', cli_name='in_hbacrules', label='HBAC rule', multivalue=True)
option: List('not_in_hbacrule?', cli_name='not_in_hbacrules', label='HBAC rule', multivalue=True)
option: List('in_sudorule?', cli_name='in_sudorules', label='Sudo Rule', multivalue=True)
option: List('not_in_sudorule?', cli_name='not_in_sudorules', label='Sudo Rule', multivalue=True)
option: List('enroll_by_user?', cli_name='enroll_by_users', label='user', multivalue=True)
option: List('not_enroll_by_user?', cli_name='not_enroll_by_users', label='user', multivalue=True)
option: List('man_by_host?', cli_name='man_by_hosts', label='host', multivalue=True)
@@ -1415,7 +1423,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly
output: Output('result', <type 'dict'>, 'list of deletions that failed')
output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user")
command: hostgroup_find
args: 1,13,4
args: 1,17,4
arg: Str('criteria?')
option: Str('cn', attribute=True, autofill=False, cli_name='hostgroup_name', label=Gettext('Host-group', domain='ipa', localedir=None), multivalue=False, normalizer=<lambda>, primary_key=True, query=True, required=False)
option: Str('description', attribute=True, autofill=False, cli_name='desc', label=Gettext('Description', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
@@ -1430,6 +1438,10 @@ option: List('hostgroup?', cli_name='hostgroups', label='hostgroup', multivalue=
option: List('no_hostgroup?', cli_name='no_hostgroups', label='hostgroup', multivalue=True)
option: List('in_hostgroup?', cli_name='in_hostgroups', label='hostgroup', multivalue=True)
option: List('not_in_hostgroup?', cli_name='not_in_hostgroups', label='hostgroup', multivalue=True)
option: List('in_hbacrule?', cli_name='in_hbacrules', label='HBAC rule', multivalue=True)
option: List('not_in_hbacrule?', cli_name='not_in_hbacrules', label='HBAC rule', multivalue=True)
option: List('in_sudorule?', cli_name='in_sudorules', label='Sudo Rule', multivalue=True)
option: List('not_in_sudorule?', cli_name='not_in_sudorules', label='Sudo Rule', multivalue=True)
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly description of action performed')
output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None))
output: Output('count', <type 'int'>, 'Number of entries returned')
@@ -2580,7 +2592,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly
output: Output('result', <type 'bool'>, 'True means the operation was successful')
output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user")
command: user_find
args: 1,38,4
args: 1,42,4
arg: Str('criteria?')
option: Str('uid', attribute=True, autofill=False, cli_name='login', default_from=DefaultFrom(<lambda>, 'givenname', 'sn'), label=Gettext('User login', domain='ipa', localedir=None), maxlength=255, multivalue=False, normalizer=<lambda>, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', pattern_errmsg='may only include letters, numbers, _, -, . and $', primary_key=True, query=True, required=False)
option: Str('givenname', attribute=True, autofill=False, cli_name='first', label=Gettext('First name', domain='ipa', localedir=None), multivalue=False, query=True, required=False)
@@ -2620,6 +2632,10 @@ option: List('in_netgroup?', cli_name='in_netgroups', label='netgroup', multival
option: List('not_in_netgroup?', cli_name='not_in_netgroups', label='netgroup', multivalue=True)
option: List('in_role?', cli_name='in_roles', label='role', multivalue=True)
option: List('not_in_role?', cli_name='not_in_roles', label='role', multivalue=True)
option: List('in_hbacrule?', cli_name='in_hbacrules', label='HBAC rule', multivalue=True)
option: List('not_in_hbacrule?', cli_name='not_in_hbacrules', label='HBAC rule', multivalue=True)
option: List('in_sudorule?', cli_name='in_sudorules', label='Sudo Rule', multivalue=True)
option: List('not_in_sudorule?', cli_name='not_in_sudorules', label='Sudo Rule', multivalue=True)
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly description of action performed')
output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None))
output: Output('count', <type 'int'>, 'Number of entries returned')

2
VERSION
View File

@@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=2
IPA_API_VERSION_MINOR=3

5
ipalib/plugins/group.py
View File

@@ -90,9 +90,10 @@ class group(LDAPObject):
uuid_attribute = 'ipauniqueid'
attribute_members = {
'member': ['user', 'group'],
'memberof': ['group', 'netgroup', 'role',],
'memberof': ['group', 'netgroup', 'role', 'hbacrule', 'sudorule'],
'memberindirect': ['user', 'group', 'netgroup', 'role'],
'memberofindirect': ['group', 'netgroup', 'role'],
'memberofindirect': ['group', 'netgroup', 'role', 'hbacrule',
'sudorule'],
}
rdnattr = 'cn'

5
ipalib/plugins/host.py
View File

@@ -214,9 +214,10 @@ class host(LDAPObject):
uuid_attribute = 'ipauniqueid'
attribute_members = {
'enrolledby': ['user'],
'memberof': ['hostgroup', 'netgroup', 'role'],
'memberof': ['hostgroup', 'netgroup', 'role', 'hbacrule', 'sudorule'],
'managedby': ['host'],
'memberofindirect': ['hostgroup', 'netgroup', 'role'],
'memberofindirect': ['hostgroup', 'netgroup', 'role', 'hbacrule',
'sudorule'],
}
bindable = True
relationships = {

4
ipalib/plugins/hostgroup.py
View File

@@ -65,9 +65,9 @@ class hostgroup(LDAPObject):
uuid_attribute = 'ipauniqueid'
attribute_members = {
'member': ['host', 'hostgroup'],
'memberof': ['hostgroup'],
'memberof': ['hostgroup', 'hbacrule', 'sudorule'],
'memberindirect': ['host', 'hostgroup'],
'memberofindirect': ['host', 'hostgroup'],
'memberofindirect': ['host', 'hostgroup', 'hbacrule', 'sudorule'],
}
label = _('Host Groups')

4
ipalib/plugins/user.py
View File

@@ -99,8 +99,8 @@ class user(LDAPObject):
]
uuid_attribute = 'ipauniqueid'
attribute_members = {
'memberof': ['group', 'netgroup', 'role'],
'memberofindirect': ['group', 'netgroup', 'role'],
'memberof': ['group', 'netgroup', 'role', 'hbacrule', 'sudorule'],
'memberofindirect': ['group', 'netgroup', 'role', 'hbacrule', 'sudorule'],
}
rdnattr = 'uid'
bindable = True

37
tests/test_xmlrpc/test_hbac_plugin.py
View File

@@ -24,7 +24,6 @@ from xmlrpc_test import XMLRPC_test, assert_attr_equal
from ipalib import api
from ipalib import errors
class test_hbac(XMLRPC_test):
"""
Test the `hbacrule` plugin.
@@ -179,6 +178,24 @@ class test_hbac(XMLRPC_test):
assert_attr_equal(entry, 'memberuser_user', self.test_user)
assert_attr_equal(entry, 'memberuser_group', self.test_group)
def test_9_a_show_user(self):
"""
Test showing a user to verify HBAC rule membership
`xmlrpc.user_show`.
"""
ret = api.Command['user_show'](self.test_user, all=True)
entry = ret['result']
assert_attr_equal(entry, 'memberof_HBAC rule', self.rule_name)
def test_9_b_show_group(self):
"""
Test showing a group to verify HBAC rule membership
`xmlrpc.group_show`.
"""
ret = api.Command['group_show'](self.test_group, all=True)
entry = ret['result']
assert_attr_equal(entry, 'memberof_HBAC rule', self.rule_name)
def test_9_hbacrule_remove_user(self):
"""
Test removing user and group from HBAC rule using `xmlrpc.hbacrule_remove_user'.
@@ -215,6 +232,24 @@ class test_hbac(XMLRPC_test):
assert_attr_equal(entry, 'memberhost_host', self.test_host)
assert_attr_equal(entry, 'memberhost_hostgroup', self.test_hostgroup)
def test_a_hbacrule_show_host(self):
"""
Test showing host to verify HBAC rule membership
`xmlrpc.host_show`.
"""
ret = api.Command['host_show'](self.test_host, all=True)
entry = ret['result']
assert_attr_equal(entry, 'memberof_HBAC rule', self.rule_name)
def test_a_hbacrule_show_hostgroup(self):
"""
Test showing hostgroup to verify HBAC rule membership
`xmlrpc.hostgroup_show`.
"""
ret = api.Command['hostgroup_show'](self.test_hostgroup, all=True)
entry = ret['result']
assert_attr_equal(entry, 'memberof_HBAC rule', self.rule_name)
def test_b_hbacrule_remove_host(self):
"""
Test removing host and hostgroup from HBAC rule using `xmlrpc.hbacrule_remove_host`.

37
tests/test_xmlrpc/test_sudorule_plugin.py
View File

@@ -25,7 +25,6 @@ from xmlrpc_test import XMLRPC_test, assert_attr_equal
from ipalib import api
from ipalib import errors
class test_sudorule(XMLRPC_test):
"""
Test the `sudorule` plugin.
@@ -155,6 +154,24 @@ class test_sudorule(XMLRPC_test):
assert_attr_equal(entry, 'memberuser_user', self.test_user)
assert_attr_equal(entry, 'memberuser_group', self.test_group)
def test_9_a_show_user(self):
"""
Test showing a user to verify Sudo rule membership
`xmlrpc.user_show`.
"""
ret = api.Command['user_show'](self.test_user, all=True)
entry = ret['result']
assert_attr_equal(entry, 'memberof_Sudo Rule', self.rule_name)
def test_9_b_show_group(self):
"""
Test showing a group to verify Sudo rule membership
`xmlrpc.group_show`.
"""
ret = api.Command['group_show'](self.test_group, all=True)
entry = ret['result']
assert_attr_equal(entry, 'memberof_Sudo Rule', self.rule_name)
def test_9_sudorule_remove_user(self):
"""
Test removing user and group from Sudo rule using
@@ -359,6 +376,24 @@ class test_sudorule(XMLRPC_test):
assert_attr_equal(entry, 'memberhost_host', self.test_host)
assert_attr_equal(entry, 'memberhost_hostgroup', self.test_hostgroup)
def test_a_sudorule_show_host(self):
"""
Test showing host to verify Sudo rule membership
`xmlrpc.host_show`.
"""
ret = api.Command['host_show'](self.test_host, all=True)
entry = ret['result']
assert_attr_equal(entry, 'memberof_Sudo Rule', self.rule_name)
def test_a_sudorule_show_hostgroup(self):
"""
Test showing hostgroup to verify Sudo rule membership
`xmlrpc.hostgroup_show`.
"""
ret = api.Command['hostgroup_show'](self.test_hostgroup, all=True)
entry = ret['result']
assert_attr_equal(entry, 'memberof_Sudo Rule', self.rule_name)
def test_b_sudorule_remove_host(self):
"""
Test removing host and hostgroup from Sudo rule using