Break out an ACI into components so it is easier to see what it does.
This will be needed for UI support.
I also filled more supported types and made the List parameter perform
validation.
rob
From d3f91cf238daf76e908f37b7a591612c6f986aa0 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 3 Nov 2010 11:30:03 -0400
Subject: [PATCH] Output ACI's broken out into attributes rather than a single text field
Also add validation to the List parameter type.
ticket 357
---
ipalib/parameters.py | 11 ++-
ipalib/plugins/aci.py| 150 +
tests/test_xmlrpc/test_aci_plugin.py | 96 ++
3 files changed, 166 insertions(+), 91 deletions(-)
diff --git a/ipalib/parameters.py b/ipalib/parameters.py
index 862c759..7543e15 100644
--- a/ipalib/parameters.py
+++ b/ipalib/parameters.py
@@ -1387,7 +1387,16 @@ class List(Param):
return value
def _validate_scalar(self, value, index=None):
-return
+for rule in self.all_rules:
+error = rule(ugettext, value)
+if error is not None:
+raise ValidationError(
+name=self.name,
+value=value,
+index=index,
+error=error,
+rule=rule,
+)
class File(Str):
diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py
index ae1c400..1537989 100644
--- a/ipalib/plugins/aci.py
+++ b/ipalib/plugins/aci.py
@@ -99,7 +99,10 @@ import logging
_type_map = {
'user': 'ldap:///uid=*,%s,%s' % (api.env.container_user, api.env.basedn),
'group': 'ldap:///cn=*,%s,%s' % (api.env.container_group, api.env.basedn),
-'host': 'ldap:///fqdn=*,%s,%s' % (api.env.container_host, api.env.basedn)
+'host': 'ldap:///fqdn=*,%s,%s' % (api.env.container_host, api.env.basedn),
+'hostgroup': 'ldap:///cn=*,%s,%s' % (api.env.container_hostgroup, api.env.basedn),
+'service': 'ldap:///krbprincipalname=*,%s,%s' % (api.env.container_service, api.env.basedn),
+'netgroup': 'ldap:///ipauniqueid=*,%s,%s' % (api.env.container_netgroup, api.env.basedn),
}
_valid_permissions_values = [
@@ -214,13 +217,16 @@ def _aci_to_kw(ldap, a):
kw['aciname'] = a.name
kw['permissions'] = tuple(a.permissions)
if 'targetattr' in a.target:
-kw['attrs'] = tuple(a.target['targetattr']['expression'])
+kw['attrs'] = list(a.target['targetattr']['expression'])
+for i in xrange(len(kw['attrs'])):
+kw['attrs'][i] = unicode(kw['attrs'][i])
+kw['attrs'] = tuple(kw['attrs'])
if 'targetfilter' in a.target:
target = a.target['targetfilter']['expression']
if target.startswith('memberOf'):
-kw['memberof'] = target
+kw['memberof'] = unicode(target)
else:
-kw['filter'] = target
+kw['filter'] = unicode(target)
if 'target' in a.target:
target = a.target['target']['expression']
found = False
@@ -231,25 +237,28 @@ def _aci_to_kw(ldap, a):
break;
if not found:
if target.startswith('('):
-kw['filter'] = target
+kw['filter'] = unicode(target)
else:
# See if the target is a group. If so we set the
# targetgroup attr, otherwise we consider it a subtree
if api.env.container_group in target:
-kw['targetgroup'] = target
+kw['targetgroup'] = unicode(target)
else:
-kw['subtree'] = target
+kw['subtree'] = unicode(target)
groupdn = a.bindrule['expression']
groupdn = groupdn.replace('ldap:///','')
if groupdn == 'self':
kw['selfaci'] = True
+elif groupdn == 'anyone':
+pass
else:
-(dn, entry_attrs) = ldap.get_entry(groupdn, ['cn'])
-if api.env.container_taskgroup in dn:
-kw['taskgroup'] = entry_attrs['cn'][0]
-else:
-kw['group'] = entry_attrs['cn'][0]
+if groupdn.startswith('cn='):
+(dn, entry_attrs) = ldap.get_entry(groupdn, ['cn'])
+if api.env.container_taskgroup in dn:
+kw['taskgroup'] = entry_attrs['cn'][0]
+else:
+kw['group'] = entry_attrs['cn'][0]
return kw
@@ -268,12 +277,20 @@ def _find_aci_by_name(acis, aciname):
return a
raise errors.NotFound(reason=_('ACI with name %s not found') % aciname)
+def validate_permissions(ugettext, permissions):
+valid_permissions = []
+permissions = permissions.split(',')
+for p in permissions:
+p = p.strip().lower()
+if not p in _valid_permissions_values:
+ return '%s is not a valid permission' % p
+
def _normalize_permissions(permissions):
valid_permissions = []
permissions =