Ticket: https://fedorahosted.org/freeipa/ticket/4422
Classless reverse zone contains '/' which disallow to add managed
permission.

This should be in IPA 4.0 (If ACKed before release)

IPA 3.3.5 supports classless reverse zones too. Should be this patch
applied to 3.3.x too?

Both patches attached (3.3 and 4.0)
-- 
Martin^2 Basti
>From 1a4049209ab302b05611aa4c02372ccc2be184dc Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Fri, 4 Jul 2014 12:03:19 +0200
Subject: [PATCH] Allow to add managed permission for reverse zones

Ticket: https://fedorahosted.org/freeipa/ticket/4422
---
 API.txt                                        | 16 ++++++-------
 ipalib/plugins/permission.py                   |  4 ++--
 ipatests/test_xmlrpc/test_dns_plugin.py        | 31 ++++++++++++++++++++++++++
 ipatests/test_xmlrpc/test_permission_plugin.py |  2 +-
 4 files changed, 42 insertions(+), 11 deletions(-)

diff --git a/API.txt b/API.txt
index 605f9ee30b7a945e529dc208c8e719cd04ec3a87..b6c0a4c961e15131490c4fcd6ed1539cfeab49ff 100644
--- a/API.txt
+++ b/API.txt
@@ -2218,7 +2218,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('value', <type 'unicode'>, None)
 command: permission_add
 args: 1,13,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, required=True)
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Str('attrs', alwaysask=True, attribute=True, autofill=False, cli_name='attrs', csv=True, multivalue=True, query=False, required=False)
@@ -2237,7 +2237,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('value', <type 'unicode'>, None)
 command: permission_add_member
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Str('privilege*', alwaysask=True, cli_name='privileges', csv=True)
@@ -2259,7 +2259,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('value', <type 'unicode'>, None)
 command: permission_del
 args: 1,3,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, query=True, required=True)
 option: Flag('continue', autofill=True, cli_name='continue', default=False)
 option: Flag('force', autofill=True, default=False)
 option: Str('version?', exclude='webui')
@@ -2271,7 +2271,7 @@ args: 1,15,4
 arg: Str('criteria?', noextrawhitespace=False)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Str('attrs', attribute=True, autofill=False, cli_name='attrs', csv=True, multivalue=True, query=True, required=False)
-option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=False)
+option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, query=True, required=False)
 option: Str('filter', attribute=True, autofill=False, cli_name='filter', multivalue=False, query=True, required=False)
 option: Str('memberof', attribute=True, autofill=False, cli_name='memberof', multivalue=False, query=True, required=False)
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
@@ -2290,7 +2290,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('truncated', <type 'bool'>, None)
 command: permission_mod
 args: 1,16,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, query=True, required=True)
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Str('attrs', attribute=True, autofill=False, cli_name='attrs', csv=True, multivalue=True, required=False)
@@ -2300,7 +2300,7 @@ option: Str('memberof', attribute=True, autofill=False, cli_name='memberof', mul
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Str('permissions', attribute=True, autofill=False, cli_name='permissions', csv=True, multivalue=True, required=False)
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
-option: Str('rename', cli_name='rename', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, required=False)
+option: Str('rename', cli_name='rename', multivalue=False, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, required=False)
 option: Flag('rights', autofill=True, default=False)
 option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: Str('subtree', attribute=True, autofill=False, cli_name='subtree', multivalue=False, required=False)
@@ -2312,7 +2312,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('value', <type 'unicode'>, None)
 command: permission_remove_member
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Str('privilege*', alwaysask=True, cli_name='privileges', csv=True)
@@ -2323,7 +2323,7 @@ output: Output('failed', <type 'dict'>, None)
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 command: permission_show
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 9754cac21bb42757aa2bfa02ba3ac564dc8e81e5..56bee8569879ccf7fc5507dec73dcb51af4ed1db 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -127,8 +127,8 @@ class permission(LDAPObject):
             cli_name='name',
             label=_('Permission name'),
             primary_key=True,
-            pattern='^[-_ a-zA-Z0-9]+$',
-            pattern_errmsg="May only contain letters, numbers, -, _, and space",
+            pattern='^[-_ a-zA-Z0-9/]+$',
+            pattern_errmsg="May only contain letters, numbers, -, _, /, and space",
         ),
         Str('permissions+',
             cli_name='permissions',
diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py
index 9a14e3c32296922d680a2dd080b1d085e85b00d7..0b0da567b42fab5eec02fe668f620e66ec291339 100644
--- a/ipatests/test_xmlrpc/test_dns_plugin.py
+++ b/ipatests/test_xmlrpc/test_dns_plugin.py
@@ -104,6 +104,10 @@ revzone3_classless2_ip = u'192.168.1.128'
 revzone3_classless2_ipprefix = u'192.168.1.'
 revzone3_classless2_dn = DN(('idnsname', revzone3_classless2), api.env.container_dns, api.env.basedn)
 
+revzone3_classless2_permission = u'Manage DNS zone %s' % revzone3_classless2
+revzone3_classless2_permission_dn = DN(('cn', revzone3_classless2_permission),
+                           api.env.container_permission, api.env.basedn)
+
 name1 = u'testdnsres'
 name1_dn = DN(('idnsname',name1), zone1_dn)
 name1_renamed = u'testdnsres-renamed'
@@ -1715,6 +1719,33 @@ class test_dns(Declarative):
             },
         ),
 
+
+        dict(
+            desc='Add per-zone permission for classless zone %r' % revzone3_classless2,
+            command=(
+                'dnszone_add_permission', [revzone3_classless2], {}
+            ),
+            expected=dict(
+                result=True,
+                value=revzone3_classless2_permission,
+                summary=u'Added system permission "%s"' % revzone3_classless2_permission,
+            ),
+        ),
+
+
+        dict(
+            desc='Remove per-zone permission for classless zone %r' % revzone3_classless2,
+            command=(
+                'dnszone_remove_permission', [revzone3_classless2], {}
+            ),
+            expected=dict(
+                result=True,
+                value=revzone3_classless2_permission,
+                summary=u'Removed system permission "%s"' % revzone3_classless2_permission,
+            ),
+        ),
+
+
         dict(
             desc='Add NS record to %r in revzone %r' % (nsrev, revzone3_classless1),
             command=('dnsrecord_add', [revzone3_classless1, nsrev], {'nsrecord': zone3_ns2}),
diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py
index dbd9d6901479144ffd909109cd132574512130f1..734dd201af6dd6214eb619b03d6099a369e55426 100644
--- a/ipatests/test_xmlrpc/test_permission_plugin.py
+++ b/ipatests/test_xmlrpc/test_permission_plugin.py
@@ -908,7 +908,7 @@ class test_permission(Declarative):
                      permissions=u'write',
                 )),
             expected=errors.ValidationError(name='name',
-                error='May only contain letters, numbers, -, _, and space'),
+                error='May only contain letters, numbers, -, _, /, and space'),
         ),
 
         dict(
-- 
1.8.3.1

>From f2235e8040a960274848cfeb35b6497870e6c2ca Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Fri, 4 Jul 2014 10:20:04 +0200
Subject: [PATCH] Allow to add managed permission for reverse zones

Ticket: https://fedorahosted.org/freeipa/ticket/4422
---
 API.txt                                 | 14 +++++++-------
 VERSION                                 |  4 ++--
 ipalib/plugins/permission.py            |  4 ++--
 ipatests/test_xmlrpc/test_dns_plugin.py | 31 +++++++++++++++++++++++++++++++
 4 files changed, 42 insertions(+), 11 deletions(-)

diff --git a/API.txt b/API.txt
index 0181f7d6cb7dd2fb6ba36ed48ad49a16088f6c2f..04107281e7a0c9d097685c279002217766f262dd 100644
--- a/API.txt
+++ b/API.txt
@@ -2473,7 +2473,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
 command: permission_add_member
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Str('privilege*', alwaysask=True, cli_name='privileges', csv=True)
@@ -2484,7 +2484,7 @@ output: Output('failed', <type 'dict'>, None)
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 command: permission_add_noaci
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', multivalue=False, required=True)
 option: Str('ipapermissiontype', cli_name='ipapermissiontype', multivalue=True, required=True)
 option: Flag('no_members', autofill=True, cli_name='no_members', default=False, exclude='webui', multivalue=False, required=True)
@@ -2495,7 +2495,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
 command: permission_del
 args: 1,3,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=True)
 option: Flag('continue', autofill=True, cli_name='continue', default=False)
 option: Flag('force', autofill=True, default=False)
 option: Str('version?', exclude='webui')
@@ -2507,7 +2507,7 @@ args: 1,24,4
 arg: Str('criteria?', noextrawhitespace=False)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Str('attrs', attribute=False, autofill=False, cli_name='attrs', multivalue=True, query=True, required=False)
-option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=False)
+option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=False)
 option: Str('extratargetfilter', attribute=False, autofill=False, cli_name='filter', multivalue=True, query=True, required=False)
 option: Str('filter', attribute=False, autofill=False, cli_name='filter', multivalue=True, query=True, required=False)
 option: StrEnum('ipapermbindruletype', attribute=True, autofill=False, cli_name='bindtype', default=u'permission', multivalue=False, query=True, required=False, values=(u'permission', u'all', u'anonymous'))
@@ -2535,7 +2535,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('truncated', <type 'bool'>, None)
 command: permission_mod
 args: 1,24,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=True)
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Str('attrs', attribute=False, autofill=False, cli_name='attrs', multivalue=True, required=False)
@@ -2565,7 +2565,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
 command: permission_remove_member
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Str('privilege*', alwaysask=True, cli_name='privileges', csv=True)
@@ -2576,7 +2576,7 @@ output: Output('failed', <type 'dict'>, None)
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 command: permission_show
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
diff --git a/VERSION b/VERSION
index e37f51de8217c661af276baf1f80b70860936fad..78baf5a2f4851f7846b0ac3891434a980ec13be5 100644
--- a/VERSION
+++ b/VERSION
@@ -89,5 +89,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=100
-# Last change: tbabej - Fix IPA OTP DateTime params
+IPA_API_VERSION_MINOR=101
+# Last change: mbasti - Allow '/' in permission name
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 30571bea393d9c5010fb714be13a247b2c0aeaea..edd316be6446cd5561729e1502a837ddcf1a3831 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -223,9 +223,9 @@ class permission(baseldap.LDAPObject):
             cli_name='name',
             label=_('Permission name'),
             primary_key=True,
-            pattern='^[-_ a-zA-Z0-9.:]+$',
+            pattern='^[-_ a-zA-Z0-9.:/]+$',
             pattern_errmsg="May only contain letters, numbers, "
-                           "-, _, ., :, and space",
+                           "-, _, ., :, /, and space",
         ),
         StrEnum(
             'ipapermright*',
diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py
index 9937af9b60a6bc222c384cbb1bffc2eef3de8868..a501bc8122cd1651f5a087d3f1c0a2b6f72120ed 100644
--- a/ipatests/test_xmlrpc/test_dns_plugin.py
+++ b/ipatests/test_xmlrpc/test_dns_plugin.py
@@ -96,6 +96,10 @@ revzone3_classless2_ip = u'172.16.70.128'
 revzone3_classless2_ipprefix = u'172.16.70.'
 revzone3_classless2_dn = DN(('idnsname', revzone3_classless2), api.env.container_dns, api.env.basedn)
 
+revzone3_classless2_permission = u'Manage DNS zone %s' % revzone3_classless2
+revzone3_classless2_permission_dn = DN(('cn', revzone3_classless2_permission),
+                           api.env.container_permission, api.env.basedn)
+
 name1 = u'testdnsres'
 name1_dnsname = DNSName(name1)
 name1_dn = DN(('idnsname',name1), zone1_dn)
@@ -1815,6 +1819,33 @@ class test_dns(Declarative):
             },
         ),
 
+
+        dict(
+            desc='Add per-zone permission for classless zone %r' % revzone3_classless2,
+            command=(
+                'dnszone_add_permission', [revzone3_classless2], {}
+            ),
+            expected=dict(
+                result=True,
+                value=revzone3_classless2_permission,
+                summary=u'Added system permission "%s"' % revzone3_classless2_permission,
+            ),
+        ),
+
+
+        dict(
+            desc='Remove per-zone permission for classless zone %r' % revzone3_classless2,
+            command=(
+                'dnszone_remove_permission', [revzone3_classless2], {}
+            ),
+            expected=dict(
+                result=True,
+                value=revzone3_classless2_permission,
+                summary=u'Removed system permission "%s"' % revzone3_classless2_permission,
+            ),
+        ),
+
+
         dict(
             desc='Add NS record to %r in revzone %r' % (nsrev, revzone3_classless1),
             command=('dnsrecord_add', [revzone3_classless1, nsrev], {'nsrecord': zone3_ns2}),
-- 
1.8.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to