URL: https://github.com/freeipa/freeipa/pull/4474
Author: abbra
Title: #4474: [Backport][ipa-4-8] Allow rename of a host group
Action: opened
PR body:
"""
This PR was opened automatically because PR #3487 was pushed to master and
backport to ipa-4-8 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4474/head:pr4474
git checkout pr4474
From 75a001ba92f4f56d7a620561868fc4e03f2afc12 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <aboko...@redhat.com>
Date: Fri, 27 Mar 2020 12:45:17 +0200
Subject: [PATCH 1/2] Add 'api' and 'aci' targets to make
'makeapi' and 'makeaci' has to be run in a particular environment that
forces IPA Python modules from the source tree used instead of what
might be installed system-wide.
Create 'make api' and 'make aci' targets to provide easy access to them.
Make sure we run Python interpreter with PYTHONPATH set to force use of
the source tree.
Signed-off-by: Alexander Bokovoy <aboko...@redhat.com>
---
Makefile.am | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 9c273ee103..f52c8842a5 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -272,11 +272,23 @@ $(top_builddir)/ipapython/version.py:
.PHONY: acilint
acilint: $(GENERATED_PYTHON_FILES)
- cd $(srcdir); $(PYTHON) ./makeaci --validate
+ cd $(srcdir); \
+ PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON) ./makeaci --validate
+
+.PHONY: aci
+aci: $(GENERATED_PYTHON_FILES)
+ cd $(srcdir); \
+ PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON) ./makeaci
.PHONY: apilint
apilint: $(GENERATED_PYTHON_FILES)
- cd $(srcdir); $(PYTHON) ./makeapi --validate
+ cd $(srcdir); \
+ PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON) ./makeapi --validate
+
+.PHONY: api
+api: $(GENERATED_PYTHON_FILES)
+ cd $(srcdir); \
+ PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON) ./makeapi
.PHONY: polint
polint:
From 1e1f3c8058d8184a9ad36d37260a05afe75380d1 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <aboko...@redhat.com>
Date: Thu, 1 Aug 2019 17:19:23 +0300
Subject: [PATCH 2/2] Allow rename of a host group
RN: host groups can now be renamed with IPA CLI:
RN: 'ipa hostgroup-mod group-name --rename new-name'.
RN: Protected hostgroups ('ipaservers') cannot be renamed.
Fixes: https://pagure.io/freeipa/issue/6783
Signed-off-by: Alexander Bokovoy <aboko...@redhat.com>
---
API.txt | 3 +-
VERSION.m4 | 5 ++-
ipaserver/plugins/hostgroup.py | 11 +++++
ipatests/test_xmlrpc/test_hostgroup_plugin.py | 44 +++++++++++++++++++
4 files changed, 60 insertions(+), 3 deletions(-)
diff --git a/API.txt b/API.txt
index 9459762c4f..3e658836a4 100644
--- a/API.txt
+++ b/API.txt
@@ -2789,7 +2789,7 @@ output: ListOfEntries('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: Output('truncated', type=[<type 'bool'>])
command: hostgroup_mod/1
-args: 1,9,3
+args: 1,10,3
arg: Str('cn', cli_name='hostgroup_name')
option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False)
@@ -2797,6 +2797,7 @@ option: Str('delattr*', cli_name='delattr')
option: Str('description?', autofill=False, cli_name='desc')
option: Flag('no_members', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
+option: Str('rename?', cli_name='rename')
option: Flag('rights', autofill=True, default=False)
option: Str('setattr*', cli_name='setattr')
option: Str('version?')
diff --git a/VERSION.m4 b/VERSION.m4
index c82675673d..11707d557b 100644
--- a/VERSION.m4
+++ b/VERSION.m4
@@ -86,8 +86,9 @@ define(IPA_DATA_VERSION, 20100614120000)
# #
########################################################
define(IPA_API_VERSION_MAJOR, 2)
-define(IPA_API_VERSION_MINOR, 236)
-# Last change: Add trust_enable_agent.
+define(IPA_API_VERSION_MINOR, 237)
+# Last change: allow rename a hostgroup
+
########################################################
# Following values are auto-generated from values above
diff --git a/ipaserver/plugins/hostgroup.py b/ipaserver/plugins/hostgroup.py
index 85e6e3652c..aa03fd46f1 100644
--- a/ipaserver/plugins/hostgroup.py
+++ b/ipaserver/plugins/hostgroup.py
@@ -113,6 +113,7 @@ class hostgroup(LDAPObject):
'memberofindirect', 'membermanager',
]
uuid_attribute = 'ipauniqueid'
+ allow_rename = True
attribute_members = {
'member': ['host', 'hostgroup'],
'membermanager': ['user', 'group'],
@@ -276,6 +277,16 @@ class hostgroup_mod(LDAPUpdate):
has_output_params = LDAPUpdate.has_output_params + hostgroup_output_params
msg_summary = _('Modified hostgroup "%(value)s"')
+ def pre_callback(self, ldap, dn, entry_attrs, attrs_list,
+ *keys, **options):
+ assert isinstance(dn, DN)
+ if keys[0] in PROTECTED_HOSTGROUPS and 'rename' in options:
+ raise errors.ProtectedEntryError(label=_(u'hostgroup'),
+ key=keys[0],
+ reason=_(u'privileged hostgroup'))
+
+ return dn
+
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
self.obj.suppress_netgroup_memberof(ldap, dn, entry_attrs)
diff --git a/ipatests/test_xmlrpc/test_hostgroup_plugin.py b/ipatests/test_xmlrpc/test_hostgroup_plugin.py
index 361fd9df0d..a94062d9a1 100644
--- a/ipatests/test_xmlrpc/test_hostgroup_plugin.py
+++ b/ipatests/test_xmlrpc/test_hostgroup_plugin.py
@@ -29,6 +29,7 @@
from ipalib import errors
import pytest
+renamedhostgroup1 = u'renamedhostgroup1'
@pytest.fixture(scope='class')
def hostgroup(request, xmlrpc_setup):
@@ -54,6 +55,20 @@ def host(request, xmlrpc_setup):
return tracker.make_fixture(request)
+@pytest.fixture(scope='class')
+def ipaservers(request, xmlrpc_setup):
+ # Track the ipaservers hostgroup
+ # Since the hostgroup is protected, we cannot use 'make_fixture()' because
+ # it will try to delete the object when scope is destroyed and that will
+ # fail. Thus, we only create it here.
+ tracker = HostGroupTracker(
+ name=u'ipaservers', description=u'IPA server hosts'
+ )
+ tracker.exists = True
+ tracker.track_create()
+ return tracker
+
+
class TestNonexistentHostGroup(XMLRPC_test):
def test_retrieve_nonexistent(self, hostgroup):
""" Try to retrieve non-existent hostgroup """
@@ -105,6 +120,35 @@ def test_create_duplicate_hostgroup(self, hostgroup):
hostgroup.cn)):
command()
+ def test_rename_hostgroup(self, hostgroup):
+ """ Rename a hostgroup and than rename it back """
+ origname = hostgroup.cn
+
+ command = hostgroup.make_command(
+ 'hostgroup_mod', *[hostgroup.cn],
+ **dict(setattr=u'cn=%s' % renamedhostgroup1))
+ result = command()
+ hostgroup.attrs.update(cn=[renamedhostgroup1])
+ hostgroup.check_update(result)
+ hostgroup.cn = renamedhostgroup1
+
+ command = hostgroup.make_command(
+ 'hostgroup_mod', *[hostgroup.cn],
+ **dict(setattr=u'cn=%s' % origname))
+ result = command()
+ hostgroup.attrs.update(cn=[origname])
+ hostgroup.check_update(result)
+ hostgroup.cn = origname
+
+ def test_rename_ipaservers(self, ipaservers):
+ """ Try to rename the protected ipaservers group """
+ command = ipaservers.make_command('hostgroup_mod', *[ipaservers.cn],
+ **dict(rename=renamedhostgroup1))
+ reason = u'privileged hostgroup'
+ with raises_exact(errors.ProtectedEntryError(label=u'hostgroup',
+ key=ipaservers.cn, reason=reason)):
+ command()
+
def test_create_host_add_to_hostgroup(self, hostgroup, host):
""" Check that host can be added to hostgroup """
host.create()
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
