Re: [Freeipa-devel] [PATCH] 594 display aci components separately

2010-11-04 Thread Adam Young 

On 11/03/2010 02:18 PM, Adam Young wrote:

On 11/03/2010 01:42 PM, Rob Crittenden wrote:

Adam Young wrote:

On 11/03/2010 11:32 AM, Rob Crittenden wrote:

Break out an ACI into components so it is easier to see what it does.
This will be needed for UI support.

I also filled more supported types and made the List parameter perform
validation.

rob


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

NACK. Doesn't run.

WIth a full install:

[ayo...@ipa freeipa]$ ipa aci-find
ipa: ERROR: no such entry



Is this a full install from a fresh pull? I applied this to the HEAD 
and built rpms and it works fine.


rob

Yes it is.

git checkout master
git checkout -b patch-594
git clean -fdx\
git am ...
make rpms
and so on

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

ACK pushed to master

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 594 display aci components separately

2010-11-03 Thread Rob Crittenden 
Break out an ACI into components so it is easier to see what it does. 
This will be needed for UI support.


I also filled more supported types and made the List parameter perform 
validation.


rob
From d3f91cf238daf76e908f37b7a591612c6f986aa0 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Wed, 3 Nov 2010 11:30:03 -0400
Subject: [PATCH] Output ACI's broken out into attributes rather than a single text field

Also add validation to the List parameter type.

ticket 357
---
 ipalib/parameters.py |   11 ++-
 ipalib/plugins/aci.py|  150 +
 tests/test_xmlrpc/test_aci_plugin.py |   96 ++
 3 files changed, 166 insertions(+), 91 deletions(-)

diff --git a/ipalib/parameters.py b/ipalib/parameters.py
index 862c759..7543e15 100644
--- a/ipalib/parameters.py
+++ b/ipalib/parameters.py
@@ -1387,7 +1387,16 @@ class List(Param):
 return value
 
 def _validate_scalar(self, value, index=None):
-return
+for rule in self.all_rules:
+error = rule(ugettext, value)
+if error is not None:
+raise ValidationError(
+name=self.name,
+value=value,
+index=index,
+error=error,
+rule=rule,
+)
 
 
 class File(Str):
diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py
index ae1c400..1537989 100644
--- a/ipalib/plugins/aci.py
+++ b/ipalib/plugins/aci.py
@@ -99,7 +99,10 @@ import logging
 _type_map = {
 'user': 'ldap:///uid=*,%s,%s' % (api.env.container_user, api.env.basedn),
 'group': 'ldap:///cn=*,%s,%s' % (api.env.container_group, api.env.basedn),
-'host': 'ldap:///fqdn=*,%s,%s' % (api.env.container_host, api.env.basedn)
+'host': 'ldap:///fqdn=*,%s,%s' % (api.env.container_host, api.env.basedn),
+'hostgroup': 'ldap:///cn=*,%s,%s' % (api.env.container_hostgroup, api.env.basedn),
+'service': 'ldap:///krbprincipalname=*,%s,%s' % (api.env.container_service, api.env.basedn),
+'netgroup': 'ldap:///ipauniqueid=*,%s,%s' % (api.env.container_netgroup, api.env.basedn),
 }
 
 _valid_permissions_values = [
@@ -214,13 +217,16 @@ def _aci_to_kw(ldap, a):
 kw['aciname'] = a.name
 kw['permissions'] = tuple(a.permissions)
 if 'targetattr' in a.target:
-kw['attrs'] = tuple(a.target['targetattr']['expression'])
+kw['attrs'] = list(a.target['targetattr']['expression'])
+for i in xrange(len(kw['attrs'])):
+kw['attrs'][i] = unicode(kw['attrs'][i])
+kw['attrs'] = tuple(kw['attrs'])
 if 'targetfilter' in a.target:
 target = a.target['targetfilter']['expression']
 if target.startswith('memberOf'):
-kw['memberof'] = target
+kw['memberof'] = unicode(target)
 else:
-kw['filter'] = target
+kw['filter'] = unicode(target)
 if 'target' in a.target:
 target = a.target['target']['expression']
 found = False
@@ -231,25 +237,28 @@ def _aci_to_kw(ldap, a):
 break;
 if not found:
 if target.startswith('('):
-kw['filter'] = target
+kw['filter'] = unicode(target)
 else:
 # See if the target is a group. If so we set the
 # targetgroup attr, otherwise we consider it a subtree
 if api.env.container_group in target:
-kw['targetgroup'] = target
+kw['targetgroup'] = unicode(target)
 else:
-kw['subtree'] = target
+kw['subtree'] = unicode(target)
 
 groupdn = a.bindrule['expression']
 groupdn = groupdn.replace('ldap:///','')
 if groupdn == 'self':
 kw['selfaci'] = True
+elif groupdn == 'anyone':
+pass
 else:
-(dn, entry_attrs) = ldap.get_entry(groupdn, ['cn'])
-if api.env.container_taskgroup in dn:
-kw['taskgroup'] = entry_attrs['cn'][0]
-else:
-kw['group'] = entry_attrs['cn'][0]
+if groupdn.startswith('cn='):
+(dn, entry_attrs) = ldap.get_entry(groupdn, ['cn'])
+if api.env.container_taskgroup in dn:
+kw['taskgroup'] = entry_attrs['cn'][0]
+else:
+kw['group'] = entry_attrs['cn'][0]
 
 return kw
 
@@ -268,12 +277,20 @@ def _find_aci_by_name(acis, aciname):
 return a
 raise errors.NotFound(reason=_('ACI with name %s not found') % aciname)
 
+def validate_permissions(ugettext, permissions):
+valid_permissions = []
+permissions = permissions.split(',')
+for p in permissions:
+p = p.strip().lower()
+if not p in _valid_permissions_values:
+ return '%s is not a valid permission' % p
+
 def _normalize_permissions(permissions):
 valid_permissions = []
 permissions =

Re: [Freeipa-devel] [PATCH] 594 display aci components separately

2010-11-03 Thread Adam Young 

On 11/03/2010 01:42 PM, Rob Crittenden wrote:

Adam Young wrote:

On 11/03/2010 11:32 AM, Rob Crittenden wrote:

Break out an ACI into components so it is easier to see what it does.
This will be needed for UI support.

I also filled more supported types and made the List parameter perform
validation.

rob


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

NACK. Doesn't run.

WIth a full install:

[ayo...@ipa freeipa]$ ipa aci-find
ipa: ERROR: no such entry



Is this a full install from a fresh pull? I applied this to the HEAD 
and built rpms and it works fine.


rob

Yes it is.

git checkout master
git checkout -b patch-594
git clean -fdx\
git am ...
make rpms
and so on

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel