Commit Graph

154 Commits

Author SHA1 Message Date
Jan Cholasta
e9c1d21b9f parameters: move the confirm kwarg to Param
Whether a parameter is treated like password is determined by the
`password` class attribute defined in the Param class. Whether the CLI will
asks for confirmation of a password parameter depends on the value of the
`confirm` kwarg of the Password class.

Move the `confirm` kwarg from the Password class to the Param class, so
that it can be used by any Param subclass which has the `password` class
attribute set to True.

This fixes confirmation of the --key option of otptoken-add, which is a
Bytes subclass with `password` set to True.

https://fedorahosted.org/freeipa/ticket/6174

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
2016-08-10 08:51:39 +02:00
Martin Babinsky
974eb7b5ef ipalib: introduce Principal parameter
This patch introduces a separate Principal parameter that allows the framework
to syntactically validate incoming/outcoming principals by using a single
shared codebase.

https://fedorahosted.org/freeipa/ticket/3864

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-07-01 09:37:25 +02:00
Jan Cholasta
e2a8290af1 batch, schema: use Dict instead of Any
Add new Dict parameter class and use it in the batch and command_defaults
plugins.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-15 14:03:51 +02:00
Jan Cholasta
3cf5f83d92 ipalib: replace DeprecatedParam with deprecated Param argument
Introduce new `deprecated` Param keywork argument. Setting it to True on a
param has the same effect as using DeprecatedParam. This allows deprecating
params while retaining their type information.

Revert all DeprecatedParam params back to their original definition and set
`deprecated` to True.

Remove the now unused DeprecatedParam class.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-03 09:00:34 +02:00
Jan Cholasta
0e989e2a28 parameters: introduce no_convert keyword argument
When set to true, the argument causes params to not convert unicode values
to the param type.

This will allow thin client to properly handle params which can be
converted from unicode to the param type only on the server, e.g. because
of a normalizer.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-03 09:00:34 +02:00
Jan Cholasta
98ede1b0e8 parameters: introduce cli_metavar keyword argument
Add new Param keyword argument cli_metavar to specify the stand-in for CLI
option arguments in command help text. Uppercase class name is used by
default.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-06-03 09:00:34 +02:00
Jan Cholasta
b08f771518 ipalib: remove the unused csv argument of Param
https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-05-25 16:06:26 +02:00
Jan Cholasta
77e27de147 makeapi: optimize API.txt
Change Param formatting to:
* always use quantified names rather than the `required` and `multivalue`
  kwargs,
* ignore kwargs with default value,
* ignore kwargs related to validation, as validation is now strictly
  server-side,
* ignore the `attribute` and `primary_key` kwargs, as they are relevant
  only on object params,
* ignore the `include` and `exclude` kwargs, as makeapi takes into account
  only params available in the 'cli' context,
* ignore the unused `csv` kwarg.

Format optional Output arguments as kwargs.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-05-25 16:06:26 +02:00
Jan Cholasta
278fa29906 frontend: perform argument value validation only on server
Do not validate values of command arguments on the client and let the
server handle validation.

This will make the client more lightweight by not having it to carry
validation code and metadata with itself for the price of increasing
network traffic in case the validation fails.

Types of the arguments are still validated on both the client and the
server.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-05-25 16:06:26 +02:00
Jan Cholasta
2f6b333187 frontend: re-raise remote RequirementError using CLI name in CLI
https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-05-25 16:06:26 +02:00
Jan Cholasta
861294c0d6 parameters: remove unused ConversionError and ValidationError arguments
Do not set the `value`, `index` and `rule` arguments when raising
ConversionError and ValidationError. The arguments are unused and are not
specified consistently accross the framework and plugins.

https://fedorahosted.org/freeipa/ticket/4739

Reviewed-By: David Kupka <dkupka@redhat.com>
2016-05-25 16:06:26 +02:00
Jan Cholasta
83f6ddb473 makeapi: use the same formatting for int and long values
This prevents validation failures on architectures where integer is less
than 32 bits.

https://fedorahosted.org/freeipa/ticket/5894

Reviewed-By: Martin Basti <mbasti@redhat.com>
2016-05-19 16:43:58 +02:00
Martin Basti
e4075b1fe2 Remove unused imports
This patch removes unused imports, alse pylint has been configured to
check unused imports.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-12-23 07:59:22 +01:00
Petr Viktorin
eab334dde8 Handle binascii.Error from base64.b64decode()
In Python 3, the base64.b64decode function raises binascii.Error (a ValueError
subclass) when it finds incorrect padding. In Python 2 it raises TypeError.

Callers should usually handle ValueError; unless they are specifically
concerned with handling base64 padding issues).

In some cases, callers should handle ValueError:
- ipalib.pkcs10 (get_friendlyname, load_certificate_request): callers should
  handle ValueError
- ipalib.x509 (load_certificate*, get_*): callers should handle ValueError

In other cases ValueError is handled:
- ipalib.parameters
- ipapython.ssh
- ipalib.rpc (json_decode_binary - callers already expect ValueError)
- ipaserver.install.ldapupdate

Elsewhere no error handling is done, because values come from trusted
sources, or are pre-validated:
- vault plugin
- ipaserver.install.cainstance
- ipaserver.install.certs
- ipaserver.install.ipa_otptoken_import

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-10-22 18:34:46 +02:00
Petr Viktorin
614b490402 ipalib.parameters: Require bytes for Bytes.pattern
Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-10-13 14:16:32 +02:00
Petr Viktorin
e0eff8b834 ipalib.parameters: Handle 0-prefixed octal format of ints
In Python 2, numbers prfixed with '0' are parsed as octal,
e.g. '020' -> 16. In Python 3, the prefix is '0o'.

Handle the old syntax for IPA's parameter conversion to keep
backwards compatibility.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-10-13 14:16:32 +02:00
Petr Viktorin
59d87d53b1 Do not compare types that are not comparable in Python 3
In Python 3, different types are generally not comparable (except for equality),
and None can't be compared to None.
Fix cases of these comparisons.

In ipatest.util, give up on sorting lists if the sorting raises a TypeError.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-10-13 14:16:32 +02:00
Petr Viktorin
e3c05fcb73 Remove uses of the types module
In Python 3, the types module no longer provide alternate names for
built-in types, e.g. `types.StringType` can just be spelled `str`.

NoneType is also removed; it needs to be replaced with type(None)

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-10-07 10:27:20 +02:00
Petr Viktorin
ad2bc94725 Use six.moves.xmlrpc.client instead of xmlrpclib
The module is renamed to xmlrpc.client in Python 3.

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-10-07 10:27:20 +02:00
Robert Kuska
01da4a8de3 Replace StandardError with Exception
StandardError was removed in Python3 and instead
Exception should be used.

Signed-off-by: Robert Kuska <rkuska@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-09-30 10:51:36 +02:00
Jan Cholasta
ba5201979d Use bytes instead of str where appropriate
Under Python 2, "str" and "bytes" are synonyms.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2015-09-17 11:08:43 +02:00
Jan Cholasta
23507e6124 Alias "unicode" to "str" under Python 3
The six way of doing this is to replace all occurences of "unicode"
with "six.text_type". However, "unicode" is non-ambiguous and
(arguably) easier to read. Also, using it makes the patches smaller,
which should help with backporting.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2015-09-17 11:08:43 +02:00
Petr Viktorin
5178e9a597 Modernize use of range()
In Python 3, range() behaves like the old xrange().
The difference between range() and xrange() is usually not significant,
especially if the whole result is iterated over.

Convert xrange() usage to range() for small ranges.
Use modern idioms in a few other uses of range().

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-09-01 11:42:01 +02:00
Petr Viktorin
fbacc26a6a Use six.integer_types instead of (long, int)
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-09-01 11:42:01 +02:00
Petr Viktorin
5a9141dc40 Replace filter() calls with list comprehensions
In Python 3, filter() returns an iterator.
Use list comprehensions instead.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-09-01 11:42:01 +02:00
Petr Viktorin
dd16cc98b0 Use six.string_types instead of "basestring"
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-09-01 11:42:01 +02:00
Petr Vobornik
d01f18d441 fix missing information in object metadata
Missing 'required' values in takes_params causes Web UI to treat required
fields as optional.

Regression caused by ba0a1c6b33

https://fedorahosted.org/freeipa/ticket/5258

Reviewed-By: Martin Basti <mbasti@redhat.com>
2015-08-26 13:01:52 +02:00
Petr Viktorin
5435a8a32a Use absolute imports
In Python 3, implicit relative imports will not be supported.
Use fully-qualified imports everywhere.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-08-12 18:17:23 +02:00
Petr Viktorin
8b88caa110 Modernize function and method attribute names
Python 3 uses double-underscored names for internal function attributes.
In Python 2.7, these names exist as aliases to the old 'func_*' and
'im_*' names.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-08-12 18:17:23 +02:00
Petr Viktorin
27dabb4528 Modernize 'except' clauses
The 'as' syntax works from Python 2 on, and Python 3 will
drop the "comma" syntax.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-08-12 18:17:23 +02:00
Petr Vobornik
ba0a1c6b33 include more information in metadata
added to commands: doc, proper args, NO_CLI

added to options: default_from, cli_name, cli_short_name and others

https://fedorahosted.org/freeipa/ticket/3129

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-07-03 10:42:16 +02:00
Martin Basti
ca25c92ea8 Throw zonemgr error message before installation proceeds
Ticket: https://fedorahosted.org/freeipa/ticket/4771
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2014-12-01 12:31:36 +00:00
Martin Basti
152c8f210b Check normalization only for IDNA domains
Backward compability with older IPA versions which allow to use uppper
case. Only IDNA domains will be checked.

https://fedorahosted.org/freeipa/ticket/4382

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2014-07-01 09:58:42 +02:00
Martin Basti
64d8da21c6 DNSNameParam parameter
New param type for domain names

Part of ticket:
IPA should allow internationalized domain names
https://fedorahosted.org/freeipa/ticket/3169

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2014-06-03 15:55:32 +02:00
Martin Basti
47f473d0ca Allows to sort non text entries
Part of ticket:
IPA should allow internationalized domain names
https://fedorahosted.org/freeipa/ticket/3169

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2014-06-03 15:55:32 +02:00
Tomas Babej
1df696f543 ipalib: Add DateTime parameter
Adds a parameter that represents a DateTime format using datetime.datetime
object from python's native datetime library.

In the CLI, accepts one of the following formats:
    Accepts LDAP Generalized time without in the following format:
       '%Y%m%d%H%M%SZ'

    Accepts subset of values defined by ISO 8601:
        '%Y-%m-%dT%H:%M:%SZ'
        '%Y-%m-%dT%H:%MZ'
        '%Y-%m-%dZ'

    Also accepts above formats using ' ' (space) as a separator instead of 'T'.

As a simplification, it does not deal with timezone info and ISO 8601
values with timezone info (+-hhmm) are rejected. Values are expected
to be in the UTC timezone.

Values are saved to LDAP as LDAP Generalized time values in the format
'%Y%m%d%H%SZ' (no time fractions and UTC timezone is assumed). To avoid
confusion, in addition to subset of ISO 8601 values, the LDAP generalized
time in the format '%Y%m%d%H%M%SZ' is also accepted as an input (as this is the
format user will see on the output).

Part of: https://fedorahosted.org/freeipa/ticket/3306

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2014-05-05 18:57:29 +03:00
Petr Viktorin
ffd9bb2d7c cli: Add mechanism for deprecated option name aliases
Add a new Param kwarg, deprecated_cli_aliases, that lists
deprecated aliases.
The aliases will appear in a "Deprecated options" in the help,
and otherwise act as the normal variant.

Preparation for: https://fedorahosted.org/freeipa/ticket/4231
2014-03-21 12:49:21 +01:00
Nathaniel McCallum
4499b25be9 Remove NULLS from constants.py
In the parameters system, we have been checking for a positive list of values
which get converted to None. The problem is that this method can in some
cases throw warnings when type coercion doesn't work (particularly, string
to unicode). Instead, any values that evaluate to False that are neither
numeric nor boolean should be converted to None.

Reviewed-By: Jan Pazdziora <jpazdziora@redhat.com>
2014-02-25 16:05:19 +01:00
Petr Viktorin
3db08227e8 Add support for managed permissions
This adds support for managed permissions. The attribute list
of these is computed from the "default" (modifiable only internally),
"allowed", and "excluded" lists. This makes it possible to cleanly
merge updated IPA defaults and user changes on upgrades.

The default managed permissions are to be added in a future patch.
For now they can only be created manually (see test_managed_permissions).

Tests included.

Part of the work for: https://fedorahosted.org/freeipa/ticket/4033
Design: http://www.freeipa.org/page/V3/Managed_Read_permissions
Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-02-12 17:11:17 +01:00
Petr Viktorin
a8ba5e0ef9 Allow sets for initialization of frozenset-typed Param keywords
Lists and tuples are already allowed for convenience; it is easier to write
(1, 2, 3) or [1, 2, 3] than frozenset([1, 2, 3]).
This allows the set literal syntax, {1, 2, 3}, as well.
2013-12-13 15:08:51 +01:00
Nathaniel McCallum
88d003c68b Add IntEnum parameter to ipalib 2013-10-09 18:05:37 +02:00
Nathaniel McCallum
4f6580f11d Allow multiple types in Param type validation
Int already needed to take both int and long. This makes the functionality
available for all Param classes.
2013-10-09 18:05:37 +02:00
Nathaniel McCallum
e05dfbd8b4 Add optional_create flag 2013-10-08 16:46:20 +02:00
Nathaniel McCallum
fd63505f6d Don't special case the Password class in Param.__init__() 2013-10-08 16:14:32 +02:00
Nathaniel McCallum
12ae6a054a Document no_search in Param flags 2013-10-07 14:00:52 +02:00
Ana Krivokapic
b8b573a966 Deprecate HBAC source hosts from CLI
Hide the commands and options listed below from the CLI,
but keep them in the API. When called directly from the API,
raise appropriate exceptions informing the user that the
functionality has been deprecated.

Affected commands: hbacrule_add_sourcehost, hbacrule_remove_sourcehost.
Affected options: sourcehostcategory, sourcehost_host and
sourcehost_hostgroup (hbacrule); sourcehost (hbactest).

https://fedorahosted.org/freeipa/ticket/3528
2013-04-12 14:07:55 -04:00
Petr Viktorin
3a96cbc518 Drop support for CSV in the CLI client
Ticket: https://fedorahosted.org/freeipa/ticket/3352
Design: http://freeipa.org/page/V3/Drop_CSV
2013-02-22 17:20:35 +01:00
Petr Viktorin
b4915bd2fd Remove csv_separator and csv_skipspace Param arguments
These were never set to anything but the defaults.

Part of work for https://fedorahosted.org/freeipa/ticket/3352
2013-02-22 17:20:35 +01:00
Jan Cholasta
1d35043e46 Raise ValidationError on invalid CSV values.
https://fedorahosted.org/freeipa/ticket/3323
2013-02-08 15:16:37 +01:00
Jan Cholasta
77bb4b5177 Pylint cleanup.
Add more dynamic attribute info to IPATypeChecker in make-lint. Remove
unnecessary pylint comments. Fix false positivies introduced by Pylint 0.26.

https://fedorahosted.org/freeipa/ticket/3379
2013-01-29 15:39:49 +01:00