Suppress managed netgroups as indirect members of hosts. This enhances a
previous patch that I did for hostgroups.
rob
>From 5ab1b8b8f82e419c4b6c80e01e6a0805ab62bffe Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Wed, 14 Sep 2011 16:33:33 -0400
Subject: [PATCH] Suppress managed netgroups as indirect members of hosts.
By design these managed netgroups are not supposed to show unless you
specifically want to see them.
https://fedorahosted.org/freeipa/ticket/1738
---
ipalib/plugins/host.py| 34 ++
tests/test_xmlrpc/test_nesting.py |2 +-
2 files changed, 35 insertions(+), 1 deletions(-)
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 4230c44..52907ee 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -339,6 +339,23 @@ class host(LDAPObject):
return managed_hosts
+def suppress_netgroup_memberof(self, entry_attrs):
+"""
+We don't want to show managed netgroups so remove them from the
+memberofindirect list.
+"""
+ng_container = DN(api.env.container_netgroup, api.env.basedn)
+if 'memberofindirect' in entry_attrs:
+for member in entry_attrs['memberofindirect']:
+memberdn = DN(member)
+if memberdn.endswith(ng_container):
+try:
+netgroup = api.Command['netgroup_show'](memberdn['cn'], all=True)['result']
+if self.has_objectclass(netgroup['objectclass'], 'mepmanagedentry'):
+entry_attrs['memberofindirect'].remove(member)
+except errors.NotFound:
+pass
+
api.register(host)
@@ -681,6 +698,8 @@ class host_mod(LDAPUpdate):
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(dn)
+self.obj.suppress_netgroup_memberof(entry_attrs)
+
return dn
api.register(host_mod)
@@ -706,6 +725,7 @@ class host_find(LDAPSearch):
(dn, entry_attrs) = entry
set_certificate_attrs(entry_attrs)
self.obj.get_password_attributes(ldap, dn, entry_attrs)
+self.obj.suppress_netgroup_memberof(entry_attrs)
if entry_attrs['has_password']:
# If an OTP is set there is no keytab, at least not one
# fetched anywhere.
@@ -741,6 +761,8 @@ class host_show(LDAPRetrieve):
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(dn)
+self.obj.suppress_netgroup_memberof(entry_attrs)
+
return dn
def forward(self, *keys, **options):
@@ -843,6 +865,10 @@ class host_disable(LDAPQuery):
value=keys[0],
)
+def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+self.obj.suppress_netgroup_memberof(entry_attrs)
+return dn
+
api.register(host_disable)
class host_add_managedby(LDAPAddMember):
@@ -852,6 +878,10 @@ class host_add_managedby(LDAPAddMember):
has_output_params = LDAPAddMember.has_output_params + host_output_params
allow_same = True
+def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
+self.obj.suppress_netgroup_memberof(entry_attrs)
+return (completed, dn)
+
api.register(host_add_managedby)
@@ -861,4 +891,8 @@ class host_remove_managedby(LDAPRemoveMember):
member_attributes = ['managedby']
has_output_params = LDAPRemoveMember.has_output_params + host_output_params
+def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
+self.obj.suppress_netgroup_memberof(entry_attrs)
+return (completed, dn)
+
api.register(host_remove_managedby)
diff --git a/tests/test_xmlrpc/test_nesting.py b/tests/test_xmlrpc/test_nesting.py
index cb2d1d0..a855960 100644
--- a/tests/test_xmlrpc/test_nesting.py
+++ b/tests/test_xmlrpc/test_nesting.py
@@ -815,7 +815,7 @@ class test_nesting(Declarative):
managedby_host=[fqdn1],
memberof_hostgroup = [u'testhostgroup2'],
memberofindirect_hostgroup = [u'testhostgroup1'],
-memberofindirect_netgroup = [u'testhostgroup1', u'testhostgroup2'],
+memberofindirect_netgroup = [u'testhostgroup2'],
),
),
),
--
1.7.6
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel