[Freeipa-devel] [PATCH] 874 suppress managed netgroups as indirect members of hosts

2011-09-14 Thread Rob Crittenden 
Suppress managed netgroups as indirect members of hosts. This enhances a 
previous patch that I did for hostgroups.


rob
>From 5ab1b8b8f82e419c4b6c80e01e6a0805ab62bffe Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Wed, 14 Sep 2011 16:33:33 -0400
Subject: [PATCH] Suppress managed netgroups as indirect members of hosts.

By design these managed netgroups are not supposed to show unless you
specifically want to see them.

https://fedorahosted.org/freeipa/ticket/1738
---
 ipalib/plugins/host.py|   34 ++
 tests/test_xmlrpc/test_nesting.py |2 +-
 2 files changed, 35 insertions(+), 1 deletions(-)

diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 4230c44..52907ee 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -339,6 +339,23 @@ class host(LDAPObject):
 
 return managed_hosts
 
+def suppress_netgroup_memberof(self, entry_attrs):
+"""
+We don't want to show managed netgroups so remove them from the
+memberofindirect list.
+"""
+ng_container = DN(api.env.container_netgroup, api.env.basedn)
+if 'memberofindirect' in entry_attrs:
+for member in entry_attrs['memberofindirect']:
+memberdn = DN(member)
+if memberdn.endswith(ng_container):
+try:
+netgroup = api.Command['netgroup_show'](memberdn['cn'], all=True)['result']
+if self.has_objectclass(netgroup['objectclass'], 'mepmanagedentry'):
+entry_attrs['memberofindirect'].remove(member)
+except errors.NotFound:
+pass
+
 api.register(host)
 
 
@@ -681,6 +698,8 @@ class host_mod(LDAPUpdate):
 if options.get('all', False):
 entry_attrs['managing'] = self.obj.get_managed_hosts(dn)
 
+self.obj.suppress_netgroup_memberof(entry_attrs)
+
 return dn
 
 api.register(host_mod)
@@ -706,6 +725,7 @@ class host_find(LDAPSearch):
 (dn, entry_attrs) = entry
 set_certificate_attrs(entry_attrs)
 self.obj.get_password_attributes(ldap, dn, entry_attrs)
+self.obj.suppress_netgroup_memberof(entry_attrs)
 if entry_attrs['has_password']:
 # If an OTP is set there is no keytab, at least not one
 # fetched anywhere.
@@ -741,6 +761,8 @@ class host_show(LDAPRetrieve):
 if options.get('all', False):
 entry_attrs['managing'] = self.obj.get_managed_hosts(dn)
 
+self.obj.suppress_netgroup_memberof(entry_attrs)
+
 return dn
 
 def forward(self, *keys, **options):
@@ -843,6 +865,10 @@ class host_disable(LDAPQuery):
 value=keys[0],
 )
 
+def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+self.obj.suppress_netgroup_memberof(entry_attrs)
+return dn
+
 api.register(host_disable)
 
 class host_add_managedby(LDAPAddMember):
@@ -852,6 +878,10 @@ class host_add_managedby(LDAPAddMember):
 has_output_params = LDAPAddMember.has_output_params + host_output_params
 allow_same = True
 
+def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
+self.obj.suppress_netgroup_memberof(entry_attrs)
+return (completed, dn)
+
 api.register(host_add_managedby)
 
 
@@ -861,4 +891,8 @@ class host_remove_managedby(LDAPRemoveMember):
 member_attributes = ['managedby']
 has_output_params = LDAPRemoveMember.has_output_params + host_output_params
 
+def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
+self.obj.suppress_netgroup_memberof(entry_attrs)
+return (completed, dn)
+
 api.register(host_remove_managedby)
diff --git a/tests/test_xmlrpc/test_nesting.py b/tests/test_xmlrpc/test_nesting.py
index cb2d1d0..a855960 100644
--- a/tests/test_xmlrpc/test_nesting.py
+++ b/tests/test_xmlrpc/test_nesting.py
@@ -815,7 +815,7 @@ class test_nesting(Declarative):
 managedby_host=[fqdn1],
 memberof_hostgroup = [u'testhostgroup2'],
 memberofindirect_hostgroup = [u'testhostgroup1'],
-memberofindirect_netgroup = [u'testhostgroup1', u'testhostgroup2'],
+memberofindirect_netgroup = [u'testhostgroup2'],
 ),
 ),
 ),
-- 
1.7.6

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 874 suppress managed netgroups as indirect members of hosts

2011-09-15 Thread Martin Kosek 
On Wed, 2011-09-14 at 16:39 -0400, Rob Crittenden wrote:
> Suppress managed netgroups as indirect members of hosts. This enhances a 
> previous patch that I did for hostgroups.
> 
> rob

This works fine. I just one suggestion for the code - the function
suppress_netgroup_memberof() function was already implemented in the
last patch:

https://fedorahosted.org/freeipa/changeset/ca1ca17cb61516dff6933b1b0381b32e1e38d44c

for hostgroup. I suggest making this function more general and calling
it from both host and hostgroup objects.

Martin


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 874 suppress managed netgroups as indirect members of hosts

2011-09-15 Thread Rob Crittenden 

Martin Kosek wrote:

On Wed, 2011-09-14 at 16:39 -0400, Rob Crittenden wrote:

Suppress managed netgroups as indirect members of hosts. This enhances a
previous patch that I did for hostgroups.

rob


This works fine. I just one suggestion for the code - the function
suppress_netgroup_memberof() function was already implemented in the
last patch:

https://fedorahosted.org/freeipa/changeset/ca1ca17cb61516dff6933b1b0381b32e1e38d44c

for hostgroup. I suggest making this function more general and calling
it from both host and hostgroup objects.

Martin




I looked at that. For the hostgroup once you find your own entry you can 
exit, for hosts you have to look at all netgroups. The dn comparison is 
also very different. These could be handled as arguments but I think the 
code would be less clear so I chose quasi-duplication.


rob

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 874 suppress managed netgroups as indirect members of hosts

2011-09-16 Thread JR Aquino 
On Sep 14, 2011, at 1:39 PM, Rob Crittenden wrote:

> Suppress managed netgroups as indirect members of hosts. This enhances a 
> previous patch that I did for hostgroups.
> 
> rob

Works as advertised:

ACK


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 874 suppress managed netgroups as indirect members of hosts

2011-09-16 Thread Rob Crittenden 

JR Aquino wrote:

On Sep 14, 2011, at 1:39 PM, Rob Crittenden wrote:


Suppress managed netgroups as indirect members of hosts. This enhances a 
previous patch that I did for hostgroups.

rob


Works as advertised:

ACK



Martin, ok to push?

rob

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 874 suppress managed netgroups as indirect members of hosts

2011-09-18 Thread Martin Kosek 
On Fri, 2011-09-16 at 17:24 -0400, Rob Crittenden wrote:
> JR Aquino wrote:
> > On Sep 14, 2011, at 1:39 PM, Rob Crittenden wrote:
> >
> >> Suppress managed netgroups as indirect members of hosts. This enhances a 
> >> previous patch that I did for hostgroups.
> >>
> >> rob
> >
> > Works as advertised:
> >
> > ACK
> >
> 
> Martin, ok to push?
> 
> rob

Agreed. Pushed to master, ipa-2-1.

Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel