Drop accessTime in the management framework.

I've done it through comments as much as I could to make it easier to revive it later.

rob
>From 1f764df1e4a3d2c1a1c8e3d234995f59094f2b11 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Fri, 3 Dec 2010 13:57:19 -0500
Subject: [PATCH] Remove accessTime from HBAC.

ticket 545
---
 ipalib/plugins/hbac.py                |   43 ++++++++++++++++-------------
 tests/test_xmlrpc/test_hbac_plugin.py |   49 +++++++++++++++-----------------
 2 files changed, 47 insertions(+), 45 deletions(-)

diff --git a/ipalib/plugins/hbac.py b/ipalib/plugins/hbac.py
index 117b075..8e3e44e 100644
--- a/ipalib/plugins/hbac.py
+++ b/ipalib/plugins/hbac.py
@@ -21,16 +21,12 @@ Host-based access control
 
 Control who can access what services on what hosts and from where. You
 can use HBAC to control which users or groups on a source host can
-access a service, or group of services, on a target host. You can also
-control the times that the rule is active.
+access a service, or group of services, on a target host.
 
 You can also specify a category of users, target hosts, and source
 hosts. This is currently limited to "all", but might be expanded in the
 future.
 
-The access time(s) of a host are cumulative and are not guaranteed to be
-applied in the order displayed.
-
 Target hosts and source hosts in HBAC rules must be hosts managed by IPA.
 
 The available services and groups of services are controlled by the
@@ -46,13 +42,6 @@ EXAMPLES:
  Display the properties of a named HBAC rule:
    ipa hbac-show test1
 
- Specify that the rule "test1" be active every day between 0800 and 1400:
-   ipa hbac-add-accesstime --time='periodic daily 0800-1400' test1
-
-  Specify that the rule "test1" be active once, from 10:32 until 10:33 on
-  December 16, 2010:
-   ipa hbac-add-accesstime --time='absolute 201012161032 ~ 201012161033' test1
-
  Create a rule for a specific service. This lets the user john access
  the sshd service on any machine from any machine:
    ipa hbac-add --type=allow --hostcat=all --srchostcat=all john_sshd
@@ -75,6 +64,22 @@ EXAMPLES:
    ipa hbac-del allow_server
 """
 
+
+# AccessTime support is being removed for now.
+#
+# You can also control the times that the rule is active.
+#
+# The access time(s) of a host are cumulative and are not guaranteed to be
+# applied in the order displayed.
+#
+# Specify that the rule "test1" be active every day between 0800 and 1400:
+#   ipa hbac-add-accesstime --time='periodic daily 0800-1400' test1
+#
+# Specify that the rule "test1" be active once, from 10:32 until 10:33 on
+# December 16, 2010:
+#   ipa hbac-add-accesstime --time='absolute 201012161032 ~ 201012161033' test1
+
+
 from ipalib import api, errors
 from ipalib import AccessTime, Password, Str, StrEnum
 from ipalib.plugins.baseldap import *
@@ -102,7 +107,7 @@ class hbac(LDAPObject):
     object_class = ['ipaassociation', 'ipahbacrule']
     default_attributes = [
         'cn', 'accessruletype', 'ipaenabledflag',
-        'accesstime', 'description', 'usercategory', 'hostcategory',
+        'description', 'usercategory', 'hostcategory',
         'sourcehostcategory', 'servicecategory', 'ipaenabledflag',
         'memberuser', 'sourcehost', 'memberhost', 'memberservice',
         'memberhostgroup',
@@ -155,10 +160,10 @@ class hbac(LDAPObject):
             doc=_('Service category the rule applies to'),
             values=(u'all', ),
         ),
-        AccessTime('accesstime?',
-            cli_name='time',
-            label=_('Access time'),
-        ),
+#        AccessTime('accesstime?',
+#            cli_name='time',
+#            label=_('Access time'),
+#        ),
         Str('description?',
             cli_name='desc',
             label=_('Description'),
@@ -346,7 +351,7 @@ class hbac_add_accesstime(LDAPQuery):
             )
         )
 
-api.register(hbac_add_accesstime)
+#api.register(hbac_add_accesstime)
 
 
 class hbac_remove_accesstime(LDAPQuery):
@@ -386,7 +391,7 @@ class hbac_remove_accesstime(LDAPQuery):
             )
         )
 
-api.register(hbac_remove_accesstime)
+#api.register(hbac_remove_accesstime)
 
 
 class hbac_add_user(LDAPAddMember):
diff --git a/tests/test_xmlrpc/test_hbac_plugin.py b/tests/test_xmlrpc/test_hbac_plugin.py
index 3c1cfae..51591ea 100644
--- a/tests/test_xmlrpc/test_hbac_plugin.py
+++ b/tests/test_xmlrpc/test_hbac_plugin.py
@@ -55,13 +55,11 @@ class test_hbac(XMLRPC_test):
         ret = self.failsafe_add(api.Object.hbac,
             self.rule_name,
             accessruletype=self.rule_type,
-            accesstime=self.rule_time,
             description=self.rule_desc,
         )
         entry = ret['result']
         assert_attr_equal(entry, 'cn', self.rule_name)
         assert_attr_equal(entry, 'accessruletype', self.rule_type)
-        assert_attr_equal(entry, 'accesstime', self.rule_time)
         assert_attr_equal(entry, 'ipaenabledflag', 'TRUE')
         assert_attr_equal(entry, 'description', self.rule_desc)
 
@@ -85,7 +83,6 @@ class test_hbac(XMLRPC_test):
         entry = api.Command['hbac_show'](self.rule_name)['result']
         assert_attr_equal(entry, 'cn', self.rule_name)
         assert_attr_equal(entry, 'accessruletype', self.rule_type)
-        assert_attr_equal(entry, 'accesstime', self.rule_time)
         assert_attr_equal(entry, 'ipaenabledflag', 'TRUE')
         assert_attr_equal(entry, 'description', self.rule_desc)
 
@@ -99,30 +96,30 @@ class test_hbac(XMLRPC_test):
         entry = ret['result']
         assert_attr_equal(entry, 'description', self.rule_desc_mod)
 
-    def test_4_hbac_add_accesstime(self):
-        """
-        Test adding access time to HBAC rule using `xmlrpc.hbac_add_accesstime`.
-        """
-        return
-        ret = api.Command['hbac_add_accesstime'](
-            self.rule_name, accesstime=self.rule_time2
-        )
-        entry = ret['result']
-        assert_attr_equal(entry, 'accesstime', self.rule_time);
-        assert_attr_equal(entry, 'accesstime', self.rule_time2);
+#    def test_4_hbac_add_accesstime(self):
+#        """
+#        Test adding access time to HBAC rule using `xmlrpc.hbac_add_accesstime`.
+#        """
+#        return
+#        ret = api.Command['hbac_add_accesstime'](
+#            self.rule_name, accesstime=self.rule_time2
+#        )
+#        entry = ret['result']
+#        assert_attr_equal(entry, 'accesstime', self.rule_time);
+#        assert_attr_equal(entry, 'accesstime', self.rule_time2);
 
-    def test_5_hbac_add_accesstime(self):
-        """
-        Test adding invalid access time to HBAC rule using `xmlrpc.hbac_add_accesstime`.
-        """
-        try:
-            api.Command['hbac_add_accesstime'](
-                self.rule_name, accesstime=self.rule_time_fail
-            )
-        except errors.ValidationError:
-            pass
-        else:
-            assert False
+#    def test_5_hbac_add_accesstime(self):
+#        """
+#        Test adding invalid access time to HBAC rule using `xmlrpc.hbac_add_accesstime`.
+#        """
+#        try:
+#            api.Command['hbac_add_accesstime'](
+#                self.rule_name, accesstime=self.rule_time_fail
+#            )
+#        except errors.ValidationError:
+#            pass
+#        else:
+#            assert False
 
     def test_6_hbac_find(self):
         """
-- 
1.7.2.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to