Hide the HBAC access type attribute now that deny is deprecated.

It won't appear in the UI/CLI but is still available via XML-RPC. allow is the default and deny will be rejected.

This is not tested in the UI. I'm not sure if this is due to a problem in my tree or something else.

https://fedorahosted.org/freeipa/ticket/1495

rob
>From 8d5f723e97cb2e9bfae3fad4ca24743903d156ab Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Tue, 19 Jul 2011 20:46:20 -0400
Subject: [PATCH] Hide the HBAC access type attribute now that deny is deprecated.

It won't appear in the UI/CLI but is still available via XML-RPC.
allow is the default and deny will be rejected.

https://fedorahosted.org/freeipa/ticket/1495
---
 API.txt                               |    6 +++---
 ipalib/plugins/hbacrule.py            |   10 ++++++----
 tests/test_xmlrpc/test_hbac_plugin.py |    1 -
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/API.txt b/API.txt
index 3d71504936647ccda7f9af9442497ba9138e99cd..0ceb3a757a26f2d9999259ad885ba5c745622c03 100644
--- a/API.txt
+++ b/API.txt
@@ -1021,7 +1021,7 @@ output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e
 command: hbacrule_add
 args: 1,11,3
 arg: Str('cn', attribute=True, cli_name='name', label=Gettext('Rule name', domain='ipa', localedir=None), multivalue=False, primary_key=True, required=True)
-option: StrEnum('accessruletype', validate_type, attribute=True, autofill=True, cli_name='type', default=u'allow', label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, required=True, values=(u'allow', u'deny'))
+option: StrEnum('accessruletype', validate_type, attribute=True, autofill=True, cli_name='type', default=u'allow', exclude='webui', flags=['no_option', 'no_output'], label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, required=True, values=(u'allow', u'deny'))
 option: StrEnum('usercategory', attribute=True, cli_name='usercat', label=Gettext('User category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',))
 option: StrEnum('hostcategory', attribute=True, cli_name='hostcat', label=Gettext('Host category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',))
 option: StrEnum('sourcehostcategory', attribute=True, cli_name='srchostcat', label=Gettext('Source host category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',))
@@ -1102,7 +1102,7 @@ command: hbacrule_find
 args: 1,12,4
 arg: Str('criteria?', noextrawhitespace=False)
 option: Str('cn', attribute=True, autofill=False, cli_name='name', label=Gettext('Rule name', domain='ipa', localedir=None), multivalue=False, primary_key=True, query=True, required=False)
-option: StrEnum('accessruletype', validate_type, attribute=True, autofill=False, cli_name='type', default=u'allow', label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'allow', u'deny'))
+option: StrEnum('accessruletype', validate_type, attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', flags=['no_option', 'no_output'], label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'allow', u'deny'))
 option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', label=Gettext('User category', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'all',))
 option: StrEnum('hostcategory', attribute=True, autofill=False, cli_name='hostcat', label=Gettext('Host category', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'all',))
 option: StrEnum('sourcehostcategory', attribute=True, autofill=False, cli_name='srchostcat', label=Gettext('Source host category', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'all',))
@@ -1120,7 +1120,7 @@ output: Output('truncated', <type 'bool'>, 'True if not all results were returne
 command: hbacrule_mod
 args: 1,12,3
 arg: Str('cn', attribute=True, cli_name='name', label=Gettext('Rule name', domain='ipa', localedir=None), multivalue=False, primary_key=True, query=True, required=True)
-option: StrEnum('accessruletype', validate_type, attribute=True, autofill=False, cli_name='type', default=u'allow', label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'allow', u'deny'))
+option: StrEnum('accessruletype', validate_type, attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', flags=['no_option', 'no_output'], label=Gettext('Rule type', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'allow', u'deny'))
 option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', label=Gettext('User category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',))
 option: StrEnum('hostcategory', attribute=True, autofill=False, cli_name='hostcat', label=Gettext('Host category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',))
 option: StrEnum('sourcehostcategory', attribute=True, autofill=False, cli_name='srchostcat', label=Gettext('Source host category', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'all',))
diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py
index 2dcdddd5899a0a25cc72e7658458352151031f9f..0d8474fbddc7b523abdbca85d6f5c0097cfccdc9 100644
--- a/ipalib/plugins/hbacrule.py
+++ b/ipalib/plugins/hbacrule.py
@@ -36,7 +36,7 @@ EXAMPLES:
 
  Create a rule, "test1", that grants all users access to the host "server" from
  anywhere:
-   ipa hbacrule-add --type=allow --usercat=all --srchostcat=all test1
+   ipa hbacrule-add --usercat=all --srchostcat=all test1
    ipa hbacrule-add-host --hosts=server.example.com test1
 
  Display the properties of a named HBAC rule:
@@ -44,7 +44,7 @@ EXAMPLES:
 
  Create a rule for a specific service. This lets the user john access
  the sshd service on any machine from any machine:
-   ipa hbacrule-add --type=allow --hostcat=all --srchostcat=all john_sshd
+   ipa hbacrule-add --hostcat=all --srchostcat=all john_sshd
    ipa hbacrule-add-user --users=john john_sshd
    ipa hbacrule-add-service --hbacsvcs=sshd john_sshd
 
@@ -53,7 +53,7 @@ EXAMPLES:
    ipa hbacsvcgroup-add ftpers
    ipa hbacsvc-add sftp
    ipa hbacsvcgroup-add-member --hbacsvcs=ftp,sftp ftpers
-   ipa hbacrule-add --type=allow --hostcat=all --srchostcat=all john_ftp
+   ipa hbacrule-add --hostcat=all --srchostcat=all john_ftp
    ipa hbacrule-add-user --users=john john_ftp
    ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp
 
@@ -112,7 +112,7 @@ class hbacrule(LDAPObject):
     object_name_plural = _('HBAC rules')
     object_class = ['ipaassociation', 'ipahbacrule']
     default_attributes = [
-        'cn', 'accessruletype', 'ipaenabledflag',
+        'cn', 'ipaenabledflag',
         'description', 'usercategory', 'hostcategory',
         'sourcehostcategory', 'servicecategory', 'ipaenabledflag',
         'memberuser', 'sourcehost', 'memberhost', 'memberservice',
@@ -143,6 +143,8 @@ class hbacrule(LDAPObject):
             values=(u'allow', u'deny'),
             default=u'allow',
             autofill=True,
+            exclude='webui',
+            flags=['no_option', 'no_output'],
         ),
         # FIXME: {user,host,sourcehost,service}categories should expand in the future
         StrEnum('usercategory?',
diff --git a/tests/test_xmlrpc/test_hbac_plugin.py b/tests/test_xmlrpc/test_hbac_plugin.py
index 3985b61cf706ff894b53baded37b358bcc9efb7a..fc673c20342557e9055d428b1c21f63fbf31245b 100644
--- a/tests/test_xmlrpc/test_hbac_plugin.py
+++ b/tests/test_xmlrpc/test_hbac_plugin.py
@@ -81,7 +81,6 @@ class test_hbac(XMLRPC_test):
         """
         entry = api.Command['hbacrule_show'](self.rule_name)['result']
         assert_attr_equal(entry, 'cn', self.rule_name)
-        assert_attr_equal(entry, 'accessruletype', self.rule_type)
         assert_attr_equal(entry, 'ipaenabledflag', 'TRUE')
         assert_attr_equal(entry, 'description', self.rule_desc)
 
-- 
1.7.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to