Jan Zelený <jzel...@redhat.com> wrote: > Rob Crittenden <rcrit...@redhat.com> wrote: > > Jan Zelený wrote: > > > Rob Crittenden<rcrit...@redhat.com> wrote: > > >> Jan Zelený wrote: > > >>> Recent change of DNS module to version caused that dns object type > > >>> was replaced by dnszone and dnsrecord. This patch corrects dns types > > >>> in permissions class. > > >>> > > >>> https://fedorahosted.org/freeipa/ticket/646 > > >> > > >> Nack. These values need to be added as valid types to the aci plugin > > >> and the _type_map needs to be updated. > > >> > > >> rob > > > > > > I'm sending an updated patch. > > > > > > Jan > > > > Since dnszone and dnsrecord point to the same kind of entry what is the > > point of having two separate names for them? When we read the entry we > > aren't going to be able to differentiate between the two. > > I didn't take a look how the type thing works, so I'm kinda guessing here > (please ignore the comment if it is wrong): > Sure, object with idnszone class is always also in dnsrecord class, but > that's not the case backwards (idnsrecord object isn't always idnszone) - > so I think it is possible to set different ACIs for these two types. > > > Can the type be made more specific? > > If the mapping doesn't distinguish object classes and it can, maybe that's > the answer. Will investagate further. But if not, I still think this is > the way to go considering the underline issue which we tried to solve by > this change.
From what I found I think that making changes necessary to distinguish dnsrecord and dnszone are not worth it, especially that user can use "filter" for that purpose. Since having both of them doesn't have any additional value, I'm sending new version of the patch, which is only adding dnsrecord type. Jan
From 0b7c6ddbc5e40e802357c01fb4d568965b77165e Mon Sep 17 00:00:00 2001 From: Jan Zeleny <jzel...@redhat.com> Date: Thu, 13 Jan 2011 17:32:57 +0100 Subject: [PATCH] Changed dns permission types Recent change of DNS module to version caused that dns object type was replaced by dnszone and dnsrecord. This patch corrects dns types in permissions class. https://fedorahosted.org/freeipa/ticket/646 --- ipalib/plugins/aci.py | 5 +++-- ipalib/plugins/permission.py | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py index 939fe535ab01bec9be0caa1952b4a36123bcc2db..d7765488fa1c48d618030564d652a90143bd0123 100644 --- a/ipalib/plugins/aci.py +++ b/ipalib/plugins/aci.py @@ -135,7 +135,7 @@ _type_map = { 'hostgroup': 'ldap:///cn=*,%s,%s' % (api.env.container_hostgroup, api.env.basedn), 'service': 'ldap:///krbprincipalname=*,%s,%s' % (api.env.container_service, api.env.basedn), 'netgroup': 'ldap:///ipauniqueid=*,%s,%s' % (api.env.container_netgroup, api.env.basedn), - 'dns': 'ldap:///idnsname=*,%s,%s' % (api.env.container_dns, api.env.basedn), + 'dnsrecord': 'ldap:///idnsname=*,%s,%s' % (api.env.container_dns, api.env.basedn), } _valid_permissions_values = [ @@ -382,7 +382,7 @@ class aci(Object): cli_name='type', label=_('Type'), doc=_('type of IPA object (user, group, host, hostgroup, service, netgroup)'), - values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dns',), + values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord'), ), Str('memberof?', cli_name='memberof', diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 43bb2634d34cab8d2bb8ecbce883df8008c34645..182a02cc389c970962e93c4e1653cbbfeee3f30b 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -121,7 +121,7 @@ class permission(LDAPObject): cli_name='type', label=_('Type'), doc=_('Type of IPA object (user, group, host, hostgroup, service, netgroup, dns)'), - values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dns',), + values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord',), ), Str('memberof?', cli_name='memberof', -- 1.7.3.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
