On 04/11/2013 05:57 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 04/11/2013 12:01 AM, Rob Crittenden wrote:
Ana Krivokapic wrote:
Hello,

This patch set deprecates HBAC source hosts from IPA.

See commit messages and the design page[1] for details.

https://fedorahosted.org/freeipa/ticket/3528

[1] http://www.freeipa.org/page/V3/HBACSourceHosts

Been a while since I've run the UI but I get an error in FF 18:

Timestamp: 04/10/2013 05:43:31 PM
Error: TypeError: e.messages is undefined
Source File: https://rawhide2.greyoak.com/ipa/ui/js/freeipa/app.js
Line: 1

This probably means that you didn't rebuild the UI since 42300eb.
Try git clean and a fresh rebuild, or use tools in install/ui/util/
(Petr Vobornik is the person to ask about those).

Seems to have been a remnant of a previous build. I'm guessing that the UI build directories aren't covered by a clean/distclean. I manually removed some files from build and it works now.


The other changes seem to operate fine. I tested with an older client
and got reasonable error messages back when I tried to do the various
sourcehost things.

I got an unknown error message with --add-sourcehost but it did include
the text that the command is deprecated so I think this is acceptable.
There isn't a lot we can do, I'm sorry we didn't add this exception in
the beginning.

I do wonder if we should leave the warning in hbactest if sourcehost is
set though, for those cases where there are already options set.

So this question still remains, should we leave the sourcehost warning in hbactest for another release or two?

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Rob and I agreed on IRC to put the sourcehost warning back in hbactest for now. I updated the patch 0016 accordingly. (It also needed a slight rebase, due to API changes that happened in the meantime.) New version is attached.

--
Regards,

Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.

From 3af5d795939964e4f29bba5d0f1105f46b5f02be Mon Sep 17 00:00:00 2001
From: Ana Krivokapic <akriv...@redhat.com>
Date: Fri, 12 Apr 2013 00:17:55 +0200
Subject: [PATCH] Deprecate HBAC source hosts from CLI

Hide the commands and options listed below from the CLI,
but keep them in the API. When called directly from the API,
raise appropriate exceptions informing the user that the
functionality has been deprecated.

Affected commands: hbacrule_add_sourcehost, hbacrule_remove_sourcehost.
Affected options: sourcehostcategory, sourcehost_host and
sourcehost_hostgroup (hbacrule); sourcehost (hbactest).

https://fedorahosted.org/freeipa/ticket/3528
---
 API.txt                                   |  20 +++--
 VERSION                                   |   2 +-
 ipalib/__init__.py                        |   2 +-
 ipalib/errors.py                          |  15 ++++
 ipalib/parameters.py                      |  17 ++++
 ipalib/plugins/hbacrule.py                |  49 +++--------
 ipalib/plugins/hbactest.py                |   9 +-
 tests/test_xmlrpc/test_hbac_plugin.py     | 131 ++++--------------------------
 tests/test_xmlrpc/test_hbactest_plugin.py |  80 +++---------------
 9 files changed, 86 insertions(+), 239 deletions(-)

diff --git a/API.txt b/API.txt
index 13cb380e05ffcb96d28becb04feb184d24ecf986..3e01fdc3611b5bc71e1a4ee185af63f7c4b07c06 100644
--- a/API.txt
+++ b/API.txt
@@ -1379,7 +1379,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('value', <type 'unicode'>, None)
 command: hbacrule_add
-args: 1,13,3
+args: 1,15,3
 arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
 option: StrEnum('accessruletype', attribute=True, autofill=True, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=True, values=(u'allow', u'deny'))
 option: Str('addattr*', cli_name='addattr', exclude='webui')
@@ -1391,7 +1391,9 @@ option: Bool('ipaenabledflag', attribute=True, cli_name='ipaenabledflag', multiv
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: StrEnum('servicecategory', attribute=True, cli_name='servicecat', multivalue=False, required=False, values=(u'all',))
 option: Str('setattr*', cli_name='setattr', exclude='webui')
-option: StrEnum('sourcehostcategory', attribute=True, cli_name='srchostcat', multivalue=False, required=False, values=(u'all',))
+option: DeprecatedParam('sourcehost_host', attribute=True, cli_name='sourcehost_host', multivalue=False, required=False)
+option: DeprecatedParam('sourcehost_hostgroup', attribute=True, cli_name='sourcehost_hostgroup', multivalue=False, required=False)
+option: DeprecatedParam('sourcehostcategory', attribute=True, cli_name='sourcehostcategory', multivalue=False, required=False)
 option: StrEnum('usercategory', attribute=True, cli_name='usercat', multivalue=False, required=False, values=(u'all',))
 option: Str('version?', exclude='webui')
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
@@ -1464,7 +1466,7 @@ output: Output('result', <type 'bool'>, None)
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('value', <type 'unicode'>, None)
 command: hbacrule_find
-args: 1,15,4
+args: 1,17,4
 arg: Str('criteria?', noextrawhitespace=False)
 option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, query=True, required=False, values=(u'allow', u'deny'))
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
@@ -1477,7 +1479,9 @@ option: Flag('pkey_only?', autofill=True, default=False)
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: StrEnum('servicecategory', attribute=True, autofill=False, cli_name='servicecat', multivalue=False, query=True, required=False, values=(u'all',))
 option: Int('sizelimit?', autofill=False, minvalue=0)
-option: StrEnum('sourcehostcategory', attribute=True, autofill=False, cli_name='srchostcat', multivalue=False, query=True, required=False, values=(u'all',))
+option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_name='sourcehost_host', multivalue=False, query=True, required=False)
+option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, query=True, required=False)
+option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, query=True, required=False)
 option: Int('timelimit?', autofill=False, minvalue=0)
 option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, query=True, required=False, values=(u'all',))
 option: Str('version?', exclude='webui')
@@ -1486,7 +1490,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('truncated', <type 'bool'>, None)
 command: hbacrule_mod
-args: 1,15,3
+args: 1,17,3
 arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
 option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=False, values=(u'allow', u'deny'))
 option: Str('addattr*', cli_name='addattr', exclude='webui')
@@ -1500,7 +1504,9 @@ option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui
 option: Flag('rights', autofill=True, default=False)
 option: StrEnum('servicecategory', attribute=True, autofill=False, cli_name='servicecat', multivalue=False, required=False, values=(u'all',))
 option: Str('setattr*', cli_name='setattr', exclude='webui')
-option: StrEnum('sourcehostcategory', attribute=True, autofill=False, cli_name='srchostcat', multivalue=False, required=False, values=(u'all',))
+option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_name='sourcehost_host', multivalue=False, required=False)
+option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, required=False)
+option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, required=False)
 option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, required=False, values=(u'all',))
 option: Str('version?', exclude='webui')
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
@@ -1706,7 +1712,7 @@ option: Flag('nodetail?', autofill=True, cli_name='nodetail', default=False)
 option: Str('rules*', cli_name='rules', csv=True)
 option: Str('service', cli_name='service')
 option: Int('sizelimit?', autofill=False, minvalue=0)
-option: Str('sourcehost?', cli_name='srchost')
+option: DeprecatedParam('sourcehost?')
 option: Str('targethost', cli_name='host')
 option: Str('user', cli_name='user', primary_key=True)
 option: Str('version?', exclude='webui')
diff --git a/VERSION b/VERSION
index 5eda9ca36f7bf777b576bc7119f19e9622612b03..cc3c2c8791a143f21aeac0f994b3f897925775b3 100644
--- a/VERSION
+++ b/VERSION
@@ -89,4 +89,4 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=56
+IPA_API_VERSION_MINOR=57
diff --git a/ipalib/__init__.py b/ipalib/__init__.py
index aab740081deb2f3b5552d115d4a44ea8c8a0c399..57f78472172b614f68021aeef2ee6e240c427888 100644
--- a/ipalib/__init__.py
+++ b/ipalib/__init__.py
@@ -885,7 +885,7 @@ from backend import Backend
 from frontend import Command, LocalOrRemote, Updater
 from frontend import Object, Method, Property
 from crud import Create, Retrieve, Update, Delete, Search
-from parameters import DefaultFrom, Bool, Flag, Int, Decimal, Bytes, Str, IA5Str, Password, DNParam
+from parameters import DefaultFrom, Bool, Flag, Int, Decimal, Bytes, Str, IA5Str, Password, DNParam, DeprecatedParam
 from parameters import BytesEnum, StrEnum, AccessTime, File
 from errors import SkipPluginModule
 from text import _, ngettext, GettextFactory, NGettextFactory
diff --git a/ipalib/errors.py b/ipalib/errors.py
index 658c8cbc216457b216476d28d09b9a084fa78a10..716decb2b41baf5470a1dc23c0cfb5d1c995e5ff 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -796,6 +796,21 @@ class PromptFailed(InvocationError):
     format = _('Could not get %(name)s interactively')
 
 
+class DeprecationError(InvocationError):
+    """
+    **3015** Raise when a command has been deprecated
+
+    For example:
+
+    >>> raise DeprecationError(name='hbacrule_add_sourcehost')
+    Traceback (most recent call last):
+      ...
+    DeprecationError: Command 'hbacrule_add_sourcehost' has been deprecated
+    """
+    errno = 3015
+    format = _("Command '%(name)s' has been deprecated")
+
+
 ##############################################################################
 # 4000 - 4999: Execution errors
 
diff --git a/ipalib/parameters.py b/ipalib/parameters.py
index a934a8fb23273ea74465b2ace5005c7393d55cb9..ab4b8321686bd88ad122a37ff289a0153e65ea21 100644
--- a/ipalib/parameters.py
+++ b/ipalib/parameters.py
@@ -1800,6 +1800,23 @@ class DNParam(Param):
                                   error=ugettext(e))
         return dn
 
+
+class DeprecatedParam(Any):
+    kwargs = Param.kwargs + (
+        ('deprecate', bool, True),
+    )
+
+    def __init__(self, name, *rules, **kw):
+        if 'flags' in kw:
+            kw['flags'] = list(kw['flags']) + ['no_option']
+        else:
+            kw['flags'] = ['no_option']
+
+        super(DeprecatedParam, self).__init__(name, *rules, **kw)
+
+    def _rule_deprecate(self, _, value):
+        return _('this option is deprecated')
+
 def create_param(spec):
     """
     Create an `Str` instance from the shorthand ``spec``.
diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py
index c36a7881692dc25d57be4622ff04b312bd6efa48..63ae3b83e1bb1bad8cb95f69bd753083837f41f3 100644
--- a/ipalib/plugins/hbacrule.py
+++ b/ipalib/plugins/hbacrule.py
@@ -18,7 +18,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 from ipalib import api, errors
-from ipalib import AccessTime, Password, Str, StrEnum, Bool
+from ipalib import AccessTime, Password, Str, StrEnum, Bool, DeprecatedParam
 from ipalib.plugins.baseldap import *
 from ipalib import _, ngettext
 
@@ -150,7 +150,7 @@ class hbacrule(LDAPObject):
             exclude='webui',
             flags=['no_option', 'no_output'],
         ),
-        # FIXME: {user,host,sourcehost,service}categories should expand in the future
+        # FIXME: {user,host,service}categories should expand in the future
         StrEnum('usercategory?',
             cli_name='usercat',
             label=_('User category'),
@@ -163,12 +163,7 @@ class hbacrule(LDAPObject):
             doc=_('Host category the rule applies to'),
             values=(u'all', ),
         ),
-        StrEnum('sourcehostcategory?',
-            cli_name='srchostcat',
-            label=_('Source host category'),
-            doc=_('Source host category the rule applies to'),
-            values=(u'all', ),
-        ),
+        DeprecatedParam('sourcehostcategory?'),
         StrEnum('servicecategory?',
             cli_name='servicecat',
             label=_('Service category'),
@@ -203,14 +198,8 @@ class hbacrule(LDAPObject):
             label=_('Host Groups'),
             flags=['no_create', 'no_update', 'no_search'],
         ),
-        Str('sourcehost_host?',
-            label=_('Source Hosts'),
-            flags=['no_create', 'no_update', 'no_search'],
-        ),
-        Str('sourcehost_hostgroup?',
-            label=_('Source Host Groups'),
-            flags=['no_create', 'no_update', 'no_search'],
-        ),
+        DeprecatedParam('sourcehost_host?'),
+        DeprecatedParam('sourcehost_hostgroup?'),
         Str('memberservice_hbacsvc?',
             label=_('Services'),
             flags=['no_create', 'no_update', 'no_search'],
@@ -272,8 +261,6 @@ class hbacrule_mod(LDAPUpdate):
             raise errors.MutuallyExclusiveError(reason=_("user category cannot be set to 'all' while there are allowed users"))
         if is_all(options, 'hostcategory') and 'memberhost' in entry_attrs:
             raise errors.MutuallyExclusiveError(reason=_("host category cannot be set to 'all' while there are allowed hosts"))
-        if is_all(options, 'sourcehostcategory') and 'sourcehost' in entry_attrs:
-            raise errors.MutuallyExclusiveError(reason=_("sourcehost category cannot be set to 'all' while there are allowed sourcehosts"))
         if is_all(options, 'servicecategory') and 'memberservice' in entry_attrs:
             raise errors.MutuallyExclusiveError(reason=_("service category cannot be set to 'all' while there are allowed services"))
         return dn
@@ -493,39 +480,25 @@ api.register(hbacrule_remove_host)
 
 
 class hbacrule_add_sourcehost(LDAPAddMember):
-    __doc__ = _('Add source hosts and hostgroups from a HBAC rule.')
+    NO_CLI = True
 
     member_attributes = ['sourcehost']
     member_count_out = ('%i object added.', '%i objects added.')
 
-    def pre_callback(self, ldap, dn, found, not_found, *keys, **options):
-        assert isinstance(dn, DN)
-        try:
-            (dn, entry_attrs) = ldap.get_entry(dn, self.obj.default_attributes)
-        except errors.NotFound:
-            self.obj.handle_not_found(*keys)
-        if 'sourcehostcategory' in entry_attrs and \
-            entry_attrs['sourcehostcategory'][0].lower() == 'all':
-            raise errors.MutuallyExclusiveError(reason=_(
-                "source hosts cannot be added when sourcehost category='all'"))
-        return add_external_pre_callback('host', ldap, dn, keys, options)
-
-    def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
-        assert isinstance(dn, DN)
-        return add_external_post_callback('sourcehost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options)
+    def validate(self, **kw):
+        raise errors.DeprecationError(name='hbacrule_add_sourcehost')
 
 api.register(hbacrule_add_sourcehost)
 
 
 class hbacrule_remove_sourcehost(LDAPRemoveMember):
-    __doc__ = _('Remove source hosts and hostgroups from an HBAC rule.')
+    NO_CLI = True
 
     member_attributes = ['sourcehost']
     member_count_out = ('%i object removed.', '%i objects removed.')
 
-    def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options):
-        assert isinstance(dn, DN)
-        return remove_external_post_callback('sourcehost', 'host', 'externalhost', ldap, completed, failed, dn, entry_attrs, keys, options)
+    def validate(self, **kw):
+        raise errors.DeprecationError(name='hbacrule_remove_sourcehost')
 
 api.register(hbacrule_remove_sourcehost)
 
diff --git a/ipalib/plugins/hbactest.py b/ipalib/plugins/hbactest.py
index 55c8aab8c88936850be153fdf70fe2f26590bc85..8011d18f61825c19eb26a8b3ec24bafeb4aa5452 100644
--- a/ipalib/plugins/hbactest.py
+++ b/ipalib/plugins/hbactest.py
@@ -18,7 +18,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 from ipalib import api, errors, output, util
-from ipalib import Command, Str, Flag, Int
+from ipalib import Command, Str, Flag, Int, DeprecatedParam
 from types import NoneType
 from ipalib.cli import to_cli
 from ipalib import _, ngettext
@@ -257,10 +257,7 @@ class hbactest(Command):
             label=_('User name'),
             primary_key=True,
         ),
-        Str('sourcehost?',
-            cli_name='srchost',
-            label=_('Source host'),
-        ),
+        DeprecatedParam('sourcehost?'),
         Str('targethost',
             cli_name='host',
             label=_('Target host'),
@@ -306,7 +303,7 @@ class hbactest(Command):
     def execute(self, *args, **options):
         # First receive all needed information:
         # 1. HBAC rules (whether enabled or disabled)
-        # 2. Required options are (user, source host, target host, service)
+        # 2. Required options are (user, target host, service)
         # 3. Options: rules to test (--rules, --enabled, --disabled), request for detail output
         rules = []
 
diff --git a/tests/test_xmlrpc/test_hbac_plugin.py b/tests/test_xmlrpc/test_hbac_plugin.py
index 22c9b74e9805a54d801f1b5842c51896d5d377b7..c0f8b530776decaf2f7503ea5cb269e56895494d 100644
--- a/tests/test_xmlrpc/test_hbac_plugin.py
+++ b/tests/test_xmlrpc/test_hbac_plugin.py
@@ -45,8 +45,6 @@ class test_hbac(XMLRPC_test):
     test_group = u'hbacrule_test_group'
     test_host = u'hbacrule.testnetgroup'
     test_hostgroup = u'hbacrule_test_hostgroup'
-    test_sourcehost = u'hbacrule.testsrchost'
-    test_sourcehostgroup = u'hbacrule_test_src_hostgroup'
     test_service = u'sshd'
     test_host_external = u'notfound.example.com'
 
@@ -150,12 +148,6 @@ class test_hbac(XMLRPC_test):
         self.failsafe_add(api.Object.hostgroup,
             self.test_hostgroup, description=u'description'
         )
-        self.failsafe_add(api.Object.host,
-            self.test_sourcehost, force=True
-        )
-        self.failsafe_add(api.Object.hostgroup,
-            self.test_sourcehostgroup, description=u'desc'
-        )
         self.failsafe_add(api.Object.hbacsvc,
             self.test_service, description=u'desc',
         )
@@ -268,34 +260,14 @@ class test_hbac(XMLRPC_test):
         assert 'memberhost_host' not in entry
         assert 'memberhost_hostgroup' not in entry
 
-    def test_a_hbacrule_add_sourcehost(self):
+    @raises(errors.DeprecationError)
+    def test_a_hbacrule_add_sourcehost_deprecated(self):
         """
-        Test adding source host and hostgroup to HBAC rule using `xmlrpc.hbacrule_add_host`.
+        Test deprecated command hbacrule_add_sourcehost.
         """
         ret = api.Command['hbacrule_add_sourcehost'](
             self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup
         )
-        assert ret['completed'] == 2
-        failed = ret['failed']
-        assert 'sourcehost' in failed
-        assert 'host' in failed['sourcehost']
-        assert not failed['sourcehost']['host']
-        assert 'hostgroup' in failed['sourcehost']
-        assert not failed['sourcehost']['hostgroup']
-        entry = ret['result']
-        assert_attr_equal(entry, 'sourcehost_host', self.test_host)
-        assert_attr_equal(entry, 'sourcehost_hostgroup', self.test_hostgroup)
-
-    def test_a_hbacrule_add_invalid_sourcehost(self):
-        """
-        Test adding invalid source host to HBAC rule using `xmlrpc.hbacrule_add_host`.
-        """
-        try:
-            api.Command['hbacrule_add_sourcehost'](
-                self.rule_name, host=self.test_invalid_sourcehost, hostgroup=self.test_hostgroup
-            )
-        except errors.ValidationError:
-            pass
 
     def test_a_hbacrule_add_service(self):
         """
@@ -327,55 +299,14 @@ class test_hbac(XMLRPC_test):
         entry = ret['result']
         assert 'memberservice service' not in entry
 
-    def test_b_hbacrule_remove_sourcehost(self):
+    @raises(errors.DeprecationError)
+    def test_b_hbacrule_remove_sourcehost_deprecated(self):
         """
-        Test removing source host and hostgroup from HBAC rule using `xmlrpc.hbacrule_remove_host`.
+        Test deprecated command hbacrule_remove_sourcehost.
         """
         ret = api.Command['hbacrule_remove_sourcehost'](
             self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup
         )
-        assert ret['completed'] == 2
-        failed = ret['failed']
-        assert 'sourcehost' in failed
-        assert 'host' in failed['sourcehost']
-        assert not failed['sourcehost']['host']
-        assert 'hostgroup' in failed['sourcehost']
-        assert not failed['sourcehost']['hostgroup']
-        entry = ret['result']
-        assert 'sourcehost host' not in entry
-        assert 'sourcehost hostgroup' not in entry
-
-    def test_c_hbacrule_add_external_host(self):
-        """
-        Test adding an external host using `xmlrpc.hbacrule_add_host`.
-        """
-        ret = api.Command['hbacrule_add_sourcehost'](
-            self.rule_name, host=self.test_host_external
-        )
-        assert ret['completed'] == 1
-        failed = ret['failed']
-        assert 'sourcehost' in failed
-        assert 'host' in failed['sourcehost']
-        assert not failed['sourcehost']['host']
-        assert 'hostgroup' in failed['sourcehost']
-        assert not failed['sourcehost']['hostgroup']
-        entry = ret['result']
-        assert_attr_equal(entry, 'externalhost', self.test_host_external)
-
-    def test_c_hbacrule_add_same_external(self):
-        """
-        Test adding the same external host using `xmlrpc.hbacrule_add_host`.
-        """
-        ret = api.Command['hbacrule_add_sourcehost'](
-            self.rule_name, host=self.test_host_external
-        )
-        assert ret['completed'] == 0
-        failed = ret['failed']
-        assert 'sourcehost' in failed
-        assert 'host' in failed['sourcehost']
-        assert (self.test_host_external, unicode(errors.AlreadyGroupMember())) in failed['sourcehost']['host']
-        entry = ret['result']
-        assert_attr_equal(entry, 'externalhost', self.test_host_external)
 
     @raises(errors.ValidationError)
     def test_c_hbacrule_mod_invalid_external_setattr(self):
@@ -386,40 +317,6 @@ class test_hbac(XMLRPC_test):
             self.rule_name, setattr=self.test_invalid_sourcehost
         )
 
-    def test_c_hbacrule_remove_external_host(self):
-        """
-        Test removing external source host using `xmlrpc.hbacrule_remove_host`.
-        """
-        ret = api.Command['hbacrule_remove_sourcehost'](
-            self.rule_name, host=self.test_host_external
-        )
-        assert ret['completed'] == 1
-        failed = ret['failed']
-        assert 'sourcehost' in failed
-        assert 'host' in failed['sourcehost']
-        assert not failed['sourcehost']['host']
-        assert 'hostgroup' in failed['sourcehost']
-        assert not failed['sourcehost']['hostgroup']
-        entry = ret['result']
-        assert 'sourcehost host' not in entry
-        assert 'sourcehost hostgroup' not in entry
-
-    def test_c_hbacrule_remove_nonexist_external(self):
-        """
-        Test removing non-existent external source host using `xmlrpc.hbacrule_remove_host`.
-        """
-        ret = api.Command['hbacrule_remove_sourcehost'](
-            self.rule_name, host=self.test_host_external
-        )
-        assert ret['completed'] == 0
-        failed = ret['failed']
-        assert 'sourcehost' in failed
-        assert 'host' in failed['sourcehost']
-        assert (self.test_host_external, unicode(errors.NotGroupMember())) in failed['sourcehost']['host']
-        assert 'hostgroup' in failed['sourcehost']
-        assert not failed['sourcehost']['hostgroup']
-        entry = ret['result']
-
     def test_d_hbacrule_disable(self):
         """
         Test disabling HBAC rule using `xmlrpc.hbacrule_disable`.
@@ -551,17 +448,12 @@ class test_hbac(XMLRPC_test):
         """
         Test adding various links to HBAC rule
         """
-        api.Command['hbacrule_add_sourcehost'](
-            self.rule_name, host=self.test_host, hostgroup=self.test_hostgroup
-        )
         api.Command['hbacrule_add_service'](
             self.rule_name, hbacsvc=self.test_service
         )
 
         entry = api.Command['hbacrule_show'](self.rule_name)['result']
         assert_attr_equal(entry, 'cn', self.rule_name)
-        assert_attr_equal(entry, 'sourcehost_host', self.test_host)
-        assert_attr_equal(entry, 'sourcehost_hostgroup', self.test_hostgroup)
         assert_attr_equal(entry, 'memberservice_hbacsvc', self.test_service)
 
     def test_y_hbacrule_zap_testing_data(self):
@@ -574,8 +466,6 @@ class test_hbac(XMLRPC_test):
         api.Command['group_del'](self.test_group)
         api.Command['host_del'](self.test_host)
         api.Command['hostgroup_del'](self.test_hostgroup)
-        api.Command['host_del'](self.test_sourcehost)
-        api.Command['hostgroup_del'](self.test_sourcehostgroup)
         api.Command['hbacsvc_del'](self.test_service)
 
     def test_k_2_sudorule_referential_integrity(self):
@@ -596,3 +486,12 @@ class test_hbac(XMLRPC_test):
         # verify that it's gone
         with assert_raises(errors.NotFound):
             api.Command['hbacrule_show'](self.rule_name)
+
+    @raises(errors.ValidationError)
+    def test_zz_hbacrule_add_with_deprecated_option(self):
+        """
+        Test using a deprecated command option 'sourcehostcategory' with 'hbacrule_add'.
+        """
+        api.Command['hbacrule_add'](
+            self.rule_name, sourcehostcategory=u'all'
+        )
diff --git a/tests/test_xmlrpc/test_hbactest_plugin.py b/tests/test_xmlrpc/test_hbactest_plugin.py
index bc12e8974dc4591afa3b4a5f9e68df9ed32e2231..520f202476a00e60c21ce7a3bf4b5ace3b96fbc4 100644
--- a/tests/test_xmlrpc/test_hbactest_plugin.py
+++ b/tests/test_xmlrpc/test_hbactest_plugin.py
@@ -25,6 +25,7 @@ from xmlrpc_test import XMLRPC_test, assert_attr_equal
 from ipalib import api
 from ipalib import errors
 from types import NoneType
+from nose.tools import raises
 
 # Test strategy:
 # 1. Create few allow rules: with user categories, with explicit users, with user groups, with groups, with services
@@ -95,10 +96,6 @@ class test_hbactest(XMLRPC_test):
                 self.rule_names[i], host=self.test_host, hostgroup=self.test_hostgroup
             )
 
-            ret = api.Command['hbacrule_add_sourcehost'](
-                self.rule_names[i], host=self.test_sourcehost, hostgroup=self.test_sourcehostgroup
-            )
-
             ret = api.Command['hbacrule_add_service'](
                 self.rule_names[i], hbacsvc=self.test_service
             )
@@ -112,20 +109,6 @@ class test_hbactest(XMLRPC_test):
         """
         ret = api.Command['hbactest'](
             user=self.test_user,
-            sourcehost=self.test_sourcehost,
-            targethost=self.test_host,
-            service=self.test_service,
-            rules=self.rule_names
-        )
-        assert ret['value'] == True
-        assert type(ret['error']) == NoneType
-        for i in [0,1,2,3]:
-            assert self.rule_names[i] in ret['matched']
-            assert self.rule_names[i] in ret['warning'][i]
-
-        # same test without sourcehost value
-        ret = api.Command['hbactest'](
-            user=self.test_user,
             targethost=self.test_host,
             service=self.test_service,
             rules=self.rule_names
@@ -141,21 +124,6 @@ class test_hbactest(XMLRPC_test):
         """
         ret = api.Command['hbactest'](
             user=self.test_user,
-            sourcehost=self.test_sourcehost,
-            targethost=self.test_host,
-            service=self.test_service,
-            rules=self.rule_names,
-            nodetail=True
-        )
-        assert ret['value'] == True
-        assert ret['error'] == None
-        assert ret['matched'] == None
-        assert ret['notmatched'] == None
-        assert ret['warning'] == None
-
-        # same test without sourcehost value
-        ret = api.Command['hbactest'](
-            user=self.test_user,
             targethost=self.test_host,
             service=self.test_service,
             rules=self.rule_names,
@@ -172,7 +140,6 @@ class test_hbactest(XMLRPC_test):
         """
         ret = api.Command['hbactest'](
             user=self.test_user,
-            sourcehost=self.test_sourcehost,
             targethost=self.test_host,
             service=self.test_service,
             enabled=True
@@ -182,17 +149,6 @@ class test_hbactest(XMLRPC_test):
         # Thus, check that our two enabled rules are in matched, nothing more
         for i in [0,2]:
             assert self.rule_names[i] in ret['matched']
-            assert self.check_rule_presence(self.rule_names[i], ret['warning'])
-
-        # same test without sourcehost value
-        ret = api.Command['hbactest'](
-            user=self.test_user,
-            targethost=self.test_host,
-            service=self.test_service,
-            enabled=True
-        )
-        for i in [0,2]:
-            assert self.rule_names[i] in ret['matched']
 
     def test_d_hbactest_check_rules_disabled_detail(self):
         """
@@ -200,7 +156,6 @@ class test_hbactest(XMLRPC_test):
         """
         ret = api.Command['hbactest'](
             user=self.test_user,
-            sourcehost=self.test_sourcehost,
             targethost=self.test_host,
             service=self.test_service,
             disabled=True
@@ -210,17 +165,6 @@ class test_hbactest(XMLRPC_test):
         # Thus, check that our two disabled rules are in matched, nothing more
         for i in [1,3]:
             assert self.rule_names[i] in ret['matched']
-            assert self.check_rule_presence(self.rule_names[i], ret['warning'])
-
-        # same test without sourcehost value
-        ret = api.Command['hbactest'](
-            user=self.test_user,
-            targethost=self.test_host,
-            service=self.test_service,
-            disabled=True
-        )
-        for i in [1,3]:
-            assert self.rule_names[i] in ret['matched']
 
     def test_e_hbactest_check_non_existing_rule_detail(self):
         """
@@ -228,7 +172,6 @@ class test_hbactest(XMLRPC_test):
         """
         ret = api.Command['hbactest'](
             user=self.test_user,
-            sourcehost=self.test_sourcehost,
             targethost=self.test_host,
             service=self.test_service,
             rules=[u'%s_1x1' % (rule) for rule in self.rule_names],
@@ -241,30 +184,27 @@ class test_hbactest(XMLRPC_test):
         for rule in self.rule_names:
             assert u'%s_1x1' % (rule) in ret['error']
 
-        # same test without sourcehost value
-        ret = api.Command['hbactest'](
+    @raises(errors.ValidationError)
+    def test_f_hbactest_check_sourcehost_option_is_deprecated(self):
+        """
+        Test running 'ipa hbactest' with --srchost option raises ValidationError
+        """
+        api.Command['hbactest'](
             user=self.test_user,
             targethost=self.test_host,
+            sourcehost=self.test_sourcehost,
             service=self.test_service,
-            rules=[u'%s_1x1' % (rule) for rule in self.rule_names],
+            rules=[u'%s_1x1' % rule for rule in self.rule_names],
             nodetail=True
         )
 
-        assert ret['value'] == False
-        assert ret['matched'] == None
-        assert ret['notmatched'] == None
-        for rule in self.rule_names:
-            assert u'%s_1x1' % (rule) in ret['error']
-
-    def test_f_hbactest_clear_testing_data(self):
+    def test_g_hbactest_clear_testing_data(self):
         """
         Clear data for HBAC test plugin testing.
         """
         for i in [0,1,2,3]:
             api.Command['hbacrule_remove_host'](self.rule_names[i], host=self.test_host)
             api.Command['hbacrule_remove_host'](self.rule_names[i], hostgroup=self.test_hostgroup)
-            api.Command['hbacrule_remove_sourcehost'](self.rule_names[i], host=self.test_sourcehost)
-            api.Command['hbacrule_remove_sourcehost'](self.rule_names[i], hostgroup=self.test_sourcehostgroup)
             api.Command['hbacrule_del'](self.rule_names[i])
 
         api.Command['user_del'](self.test_user)
-- 
1.8.1.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to