Suppress managed netgroups as indirect members of hosts. This enhances a
previous patch that I did for hostgroups.
rob
>From 5ab1b8b8f82e419c4b6c80e01e6a0805ab62bffe Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Wed, 14 Sep 2011 16:33:33 -0400
Subject: [PATCH] Suppress managed netgroups as indirect members of hosts.
By design these managed netgroups are not supposed to show unless you
specifically want to see them.
https://fedorahosted.org/freeipa/ticket/1738
---
ipalib/plugins/host.py | 34 ++++++++++++++++++++++++++++++++++
tests/test_xmlrpc/test_nesting.py | 2 +-
2 files changed, 35 insertions(+), 1 deletions(-)
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 4230c44..52907ee 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -339,6 +339,23 @@ class host(LDAPObject):
return managed_hosts
+ def suppress_netgroup_memberof(self, entry_attrs):
+ """
+ We don't want to show managed netgroups so remove them from the
+ memberofindirect list.
+ """
+ ng_container = DN(api.env.container_netgroup, api.env.basedn)
+ if 'memberofindirect' in entry_attrs:
+ for member in entry_attrs['memberofindirect']:
+ memberdn = DN(member)
+ if memberdn.endswith(ng_container):
+ try:
+ netgroup = api.Command['netgroup_show'](memberdn['cn'], all=True)['result']
+ if self.has_objectclass(netgroup['objectclass'], 'mepmanagedentry'):
+ entry_attrs['memberofindirect'].remove(member)
+ except errors.NotFound:
+ pass
+
api.register(host)
@@ -681,6 +698,8 @@ class host_mod(LDAPUpdate):
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(dn)
+ self.obj.suppress_netgroup_memberof(entry_attrs)
+
return dn
api.register(host_mod)
@@ -706,6 +725,7 @@ class host_find(LDAPSearch):
(dn, entry_attrs) = entry
set_certificate_attrs(entry_attrs)
self.obj.get_password_attributes(ldap, dn, entry_attrs)
+ self.obj.suppress_netgroup_memberof(entry_attrs)
if entry_attrs['has_password']:
# If an OTP is set there is no keytab, at least not one
# fetched anywhere.
@@ -741,6 +761,8 @@ class host_show(LDAPRetrieve):
if options.get('all', False):
entry_attrs['managing'] = self.obj.get_managed_hosts(dn)
+ self.obj.suppress_netgroup_memberof(entry_attrs)
+
return dn
def forward(self, *keys, **options):
@@ -843,6 +865,10 @@ class host_disable(LDAPQuery):
value=keys[0],
)
+ def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+ self.obj.suppress_netgroup_memberof(entry_attrs)
+ return dn
+
api.register(host_disable)
class host_add_managedby(LDAPAddMember):
@@ -852,6 +878,10 @@ class host_add_managedby(LDAPAddMember):
has_output_params = LDAPAddMember.has_output_params + host_output_params
allow_same = True
+ def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
+ self.obj.suppress_netgroup_memberof(entry_attrs)
+ return (completed, dn)
+
api.register(host_add_managedby)
@@ -861,4 +891,8 @@ class host_remove_managedby(LDAPRemoveMember):
member_attributes = ['managedby']
has_output_params = LDAPRemoveMember.has_output_params + host_output_params
+ def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
+ self.obj.suppress_netgroup_memberof(entry_attrs)
+ return (completed, dn)
+
api.register(host_remove_managedby)
diff --git a/tests/test_xmlrpc/test_nesting.py b/tests/test_xmlrpc/test_nesting.py
index cb2d1d0..a855960 100644
--- a/tests/test_xmlrpc/test_nesting.py
+++ b/tests/test_xmlrpc/test_nesting.py
@@ -815,7 +815,7 @@ class test_nesting(Declarative):
managedby_host=[fqdn1],
memberof_hostgroup = [u'testhostgroup2'],
memberofindirect_hostgroup = [u'testhostgroup1'],
- memberofindirect_netgroup = [u'testhostgroup1', u'testhostgroup2'],
+ memberofindirect_netgroup = [u'testhostgroup2'],
),
),
),
--
1.7.6
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel