This new freeform host attribute will allow provisioning systems to add custom tags for host objects which can be later used for in automember rules or for additional local interpretation.
Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems Ticket: https://fedorahosted.org/freeipa/ticket/3583 ----- This is how it can be used: # ipa hostgroup-add webservers Description: web servers ---------------------------- Added hostgroup "webservers" ---------------------------- Host-group: webservers Description: web servers # ipa automember-add --type=hostgroup webservers ---------------------------------- Added automember rule "webservers" ---------------------------------- Automember Rule: webservers # ipa automember-add-condition --key=userclass --type=hostgroup --inclusive-regex=^webserver webservers ---------------------------------- Added condition(s) to "webservers" ---------------------------------- Automember Rule: webservers Inclusive Regex: userclass=^webserver ---------------------------- Number of conditions added 1 ---------------------------- # ipa host-add web.example.com --force --class=webserver --class=mailserver ---------------------------- Added host "web.example.com" ---------------------------- Host name: web.example.com Principal name: host/web.example....@example.com Class: webserver, mailserver <<<<<<<<<< Password: False Member of host-groups: webservers <<<<<<<<<< Indirect Member of netgroup: webservers Keytab: False Managed by: web.example.com Martin
From 954b19f9017be18f6217474f396e81397c2d8f76 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Tue, 23 Apr 2013 09:59:24 +0200 Subject: [PATCH] Add userClass attribute for hosts This new freeform host attribute will allow provisioning systems to add custom tags for host objects which can be later used for in automember rules or for additional local interpretation. Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems Ticket: https://fedorahosted.org/freeipa/ticket/3583 --- API.txt | 9 ++++++--- VERSION | 2 +- install/share/60basev2.ldif | 2 +- install/updates/10-60basev3.update | 1 + ipalib/plugins/host.py | 6 ++++++ 5 files changed, 15 insertions(+), 5 deletions(-) diff --git a/API.txt b/API.txt index 3e01fdc3611b5bc71e1a4ee185af63f7c4b07c06..c2400e901345a70e0236d1c02979220c19ece9a5 100644 --- a/API.txt +++ b/API.txt @@ -1723,7 +1723,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('value', <type 'bool'>, None) output: Output('warning', (<type 'list'>, <type 'tuple'>, <type 'NoneType'>), None) command: host_add -args: 1,20,3 +args: 1,21,3 arg: Str('fqdn', attribute=True, cli_name='hostname', multivalue=False, primary_key=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') @@ -1743,6 +1743,7 @@ option: Flag('random', attribute=False, autofill=True, cli_name='random', defaul option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Str('setattr*', cli_name='setattr', exclude='webui') option: Bytes('usercertificate', attribute=True, cli_name='certificate', multivalue=False, required=False) +option: Str('userclass', attribute=True, cli_name='class', multivalue=True, required=False) option: Str('userpassword', attribute=True, cli_name='password', multivalue=False, required=False) option: Str('version?', exclude='webui') output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) @@ -1774,7 +1775,7 @@ output: Output('result', <type 'bool'>, None) output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('value', <type 'unicode'>, None) command: host_find -args: 1,31,4 +args: 1,32,4 arg: Str('criteria?', noextrawhitespace=False) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False) @@ -1805,6 +1806,7 @@ option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui option: Int('sizelimit?', autofill=False, minvalue=0) option: Int('timelimit?', autofill=False, minvalue=0) option: Bytes('usercertificate', attribute=True, autofill=False, cli_name='certificate', multivalue=False, query=True, required=False) +option: Str('userclass', attribute=True, autofill=False, cli_name='class', multivalue=True, query=True, required=False) option: Str('userpassword', attribute=True, autofill=False, cli_name='password', multivalue=False, query=True, required=False) option: Str('version?', exclude='webui') output: Output('count', <type 'int'>, None) @@ -1812,7 +1814,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('truncated', <type 'bool'>, None) command: host_mod -args: 1,21,3 +args: 1,22,3 arg: Str('fqdn', attribute=True, cli_name='hostname', multivalue=False, primary_key=True, query=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') @@ -1833,6 +1835,7 @@ option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr', exclude='webui') option: Flag('updatedns?', autofill=True, default=False) option: Bytes('usercertificate', attribute=True, autofill=False, cli_name='certificate', multivalue=False, required=False) +option: Str('userclass', attribute=True, autofill=False, cli_name='class', multivalue=True, required=False) option: Str('userpassword', attribute=True, autofill=False, cli_name='password', multivalue=False, required=False) option: Str('version?', exclude='webui') output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) diff --git a/VERSION b/VERSION index 9208237cbedf23d71c5c579fcc10207380cc9712..4bee01b981d818de21f0be1b16d5668a7f453baf 100644 --- a/VERSION +++ b/VERSION @@ -89,4 +89,4 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=57 +IPA_API_VERSION_MINOR=58 diff --git a/install/share/60basev2.ldif b/install/share/60basev2.ldif index 3b05e370147f6cace12913e695e02eb6550c6010..8e7174c10ddf73194bfbe634ff34c8c3fd25e264 100644 --- a/install/share/60basev2.ldif +++ b/install/share/60basev2.ldif @@ -13,7 +13,7 @@ attributeTypes: (2.16.840.1.113730.3.8.3.24 NAME 'ipaEntitlementId' DESC 'Entitl # ipaKrbAuthzData added here. Even though it is a v3 attribute it is updating # a v2 objectClass so needs to be here. attributeTypes: (2.16.840.1.113730.3.8.11.37 NAME 'ipaKrbAuthzData' DESC 'type of PAC preferred by a service' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3' ) -objectClasses: (2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $ ipaClientVersion $ enrolledBy $ memberOf) X-ORIGIN 'IPA v2' ) +objectClasses: (2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $ ipaClientVersion $ enrolledBy $ memberOf $ userClass ) X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.12 NAME 'ipaObject' DESC 'IPA objectclass' AUXILIARY MUST ( ipaUniqueId ) X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.14 NAME 'ipaEntitlement' DESC 'IPA Entitlement object' AUXILIARY MUST ( ipaEntitlementId ) MAY ( userPKCS12 $ userCertificate ) X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.15 NAME 'ipaPermission' DESC 'IPA Permission objectclass' AUXILIARY MAY ( ipaPermissionType ) X-ORIGIN 'IPA v2' ) diff --git a/install/updates/10-60basev3.update b/install/updates/10-60basev3.update index bed14f7b217335fc13fe17dbd146939a1ed4e82d..47d2eafc73c774f14ce49bae572ff33f1e911e34 100644 --- a/install/updates/10-60basev3.update +++ b/install/updates/10-60basev3.update @@ -12,3 +12,4 @@ replace:attributeTypes:( 2.16.840.1.113730.3.8.7.1 NAME 'memberAllowCmd' DESC 'R replace:attributeTypes:( 2.16.840.1.113730.3.8.7.2 NAME 'memberDenyCmd' DESC 'Reference to a command or group of commands that are denied by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.7.2 NAME 'memberDenyCmd' DESC 'Reference to a command or group of commands that are denied by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3' ) add:objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $$ memberOf $$ description $$ owner) X-ORIGIN 'IPA v3' ) +replace:objectClasses: (2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $$ ipaClientVersion $$ enrolledBy $$ memberOf ) X-ORIGIN 'IPA v2' )::(2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $$ ipaClientVersion $$ enrolledBy $$ memberOf $$ userClass ) X-ORIGIN 'IPA v2' ) diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index c79b9e212feec640a34ac0905d46adacee54060f..d35e7986808ba3781940597fb4cbe46d0d1354c2 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -323,6 +323,12 @@ class host(LDAPObject): csv=True, flags=['no_search'], ), + Str('userclass*', + cli_name='class', + label=_('Class'), + doc=_('Host category (semantics placed on this attribute are for ' + 'local interpretation)'), + ), ) + ticket_flags_params def get_dn(self, *keys, **options): -- 1.8.1.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
