Hello, This patch addresses https://fedorahosted.org/freeipa/ticket/3634
-- Regards, Ana Krivokapic Associate Software Engineer FreeIPA team Red Hat Inc.
From d22fe354c901e7ab47a7a53270a43ca8baf1b03f Mon Sep 17 00:00:00 2001 From: Ana Krivokapic <akriv...@redhat.com> Date: Tue, 28 May 2013 16:42:03 +0200 Subject: [PATCH] Require rid-base and secondary-rid-base options in idrange-add when trust exists https://fedorahosted.org/freeipa/ticket/3634 --- ipalib/plugins/idrange.py | 41 +++++++++++++++++++++++++++++++++- tests/test_cmdline/test_cli.py | 50 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+), 1 deletion(-) diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py index 54f6fbb3e19b9aa01dfde2a8d0c5da4498632386..4b2221ad45f1d1a62d0ac9ff4e180022d204bab4 100644 --- a/ipalib/plugins/idrange.py +++ b/ipalib/plugins/idrange.py @@ -342,7 +342,7 @@ class idrange_add(LDAPCreate): may be given for a new ID range for the local domain while - --rid-bas + --rid-base --dom-sid must be given to add a new range for a trusted AD domain. @@ -361,6 +361,31 @@ class idrange_add(LDAPCreate): msg_summary = _('Added ID range "%(value)s"') + def interactive_prompt_callback(self, kw): + """ + Interactive mode should prompt for rid-base and secondary-rid-base + if a trust is established. + """ + trust_exists = api.Command['trust_find']()['count'] + + if not trust_exists: + return + + rid_base = kw.get('ipabaserid', None) + secondary_rid_base = kw.get('ipasecondarybaserid', None) + + if rid_base is None: + rid_base = self.Backend.textui.prompt( + _(u'First RID of the corresponding RID range') + ) + kw['ipabaserid'] = rid_base + + if secondary_rid_base is None: + secondary_rid_base = self.Backend.textui.prompt( + _(u'First RID of the secondary RID range') + ) + kw['ipasecondarybaserid'] = secondary_rid_base + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) @@ -418,6 +443,20 @@ def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): error=_("Primary RID range and secondary RID range" " cannot overlap")) + # If a trust is established, base rid and secondary base rid + # must be specified for local id range + trust_exists = api.Command['trust_find']()['count'] + + if trust_exists and not ( + is_set('ipabaserid') and is_set('ipasecondarybaserid')): + raise errors.ValidationError( + name='ID Range setup', + error=_('You must specify both rid-base and ' + 'secondary-rid-base options, because a trust is ' + 'established.' + ) + ) + entry_attrs['objectclass'].append('ipadomainidrange') return dn diff --git a/tests/test_cmdline/test_cli.py b/tests/test_cmdline/test_cli.py index bd1281e1d682b055ede9685a10a9cec91a3c76fd..7137ff4573f7de7699b0ff0b6ec86b305af49e00 100644 --- a/tests/test_cmdline/test_cli.py +++ b/tests/test_cmdline/test_cli.py @@ -325,3 +325,53 @@ def test_dnszone_add(self): force=False, version=API_VERSION ) + + def test_idrange_add(self): + """ + Test idrange-add with interative prompt + """ + trust_exists = api.Command['trust_find']()['count'] + + if trust_exists: + # Pass rid-base and secondary-rid-base interactively + with self.fake_stdin('5\n500000\n'): + self.check_command( + 'idrange_add range1 --base-id=1 --range-size=1', + 'idrange_add', + cn=u'range1', + ipabaseid=u'1', + ipaidrangesize=u'1', + ipabaserid=u'5', + ipasecondarybaserid=u'500000', + all=False, + raw=False, + version=API_VERSION + ) + + # Pass rid-base and secondary-rid-base on the command-line + self.check_command( + 'idrange_add range1 --base-id=1 --range-size=1 ' + '--rid-base=5 --secondary-rid-base=500000', + 'idrange_add', + cn=u'range1', + ipabaseid=u'1', + ipaidrangesize=u'1', + ipabaserid=u'5', + ipasecondarybaserid=u'500000', + all=False, + raw=False, + version=API_VERSION + ) + else: + # Trust not established - no need to pass rid-base + # and secondary-rid-base + self.check_command( + 'idrange_add range1 --base-id=1 --range-size=1', + 'idrange_add', + cn=u'range1', + ipabaseid=u'1', + ipaidrangesize=u'1', + all=False, + raw=False, + version=API_VERSION + ) -- 1.8.1.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel