On Fri, 2014-07-04 at 13:10 +0200, Martin Basti wrote: > Ticket: https://fedorahosted.org/freeipa/ticket/4422 > Classless reverse zone contains '/' which disallow to add managed > permission. > > This should be in IPA 4.0 (If ACKed before release) > > IPA 3.3.5 supports classless reverse zones too. Should be this patch > applied to 3.3.x too? > > Both patches attached (3.3 and 4.0) > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel
Updated patches attached (Fix: cleanup permission) -- Martin^2 Basti
>From 9f37614c30185883aff023a779b0ac7fd053f4ba Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 4 Jul 2014 12:03:19 +0200 Subject: [PATCH] Allow to add managed permission for reverse zones Ticket: https://fedorahosted.org/freeipa/ticket/4422 --- API.txt | 16 ++++++------ ipalib/plugins/permission.py | 4 +-- ipatests/test_xmlrpc/test_dns_plugin.py | 34 +++++++++++++++++++++++++- ipatests/test_xmlrpc/test_permission_plugin.py | 2 +- 4 files changed, 44 insertions(+), 12 deletions(-) diff --git a/API.txt b/API.txt index 605f9ee30b7a945e529dc208c8e719cd04ec3a87..b6c0a4c961e15131490c4fcd6ed1539cfeab49ff 100644 --- a/API.txt +++ b/API.txt @@ -2218,7 +2218,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('value', <type 'unicode'>, None) command: permission_add args: 1,13,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Str('attrs', alwaysask=True, attribute=True, autofill=False, cli_name='attrs', csv=True, multivalue=True, query=False, required=False) @@ -2237,7 +2237,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('value', <type 'unicode'>, None) command: permission_add_member args: 1,5,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, query=True, required=True) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('no_members', autofill=True, default=False, exclude='webui') option: Str('privilege*', alwaysask=True, cli_name='privileges', csv=True) @@ -2259,7 +2259,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('value', <type 'unicode'>, None) command: permission_del args: 1,3,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, query=True, required=True) option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Flag('force', autofill=True, default=False) option: Str('version?', exclude='webui') @@ -2271,7 +2271,7 @@ args: 1,15,4 arg: Str('criteria?', noextrawhitespace=False) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Str('attrs', attribute=True, autofill=False, cli_name='attrs', csv=True, multivalue=True, query=True, required=False) -option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=False) +option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, query=True, required=False) option: Str('filter', attribute=True, autofill=False, cli_name='filter', multivalue=False, query=True, required=False) option: Str('memberof', attribute=True, autofill=False, cli_name='memberof', multivalue=False, query=True, required=False) option: Flag('no_members', autofill=True, default=False, exclude='webui') @@ -2290,7 +2290,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('truncated', <type 'bool'>, None) command: permission_mod args: 1,16,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, query=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Str('attrs', attribute=True, autofill=False, cli_name='attrs', csv=True, multivalue=True, required=False) @@ -2300,7 +2300,7 @@ option: Str('memberof', attribute=True, autofill=False, cli_name='memberof', mul option: Flag('no_members', autofill=True, default=False, exclude='webui') option: Str('permissions', attribute=True, autofill=False, cli_name='permissions', csv=True, multivalue=True, required=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') -option: Str('rename', cli_name='rename', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, required=False) +option: Str('rename', cli_name='rename', multivalue=False, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, required=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr', exclude='webui') option: Str('subtree', attribute=True, autofill=False, cli_name='subtree', multivalue=False, required=False) @@ -2312,7 +2312,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('value', <type 'unicode'>, None) command: permission_remove_member args: 1,5,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, query=True, required=True) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('no_members', autofill=True, default=False, exclude='webui') option: Str('privilege*', alwaysask=True, cli_name='privileges', csv=True) @@ -2323,7 +2323,7 @@ output: Output('failed', <type 'dict'>, None) output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) command: permission_show args: 1,5,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9/]+$', primary_key=True, query=True, required=True) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('no_members', autofill=True, default=False, exclude='webui') option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 9754cac21bb42757aa2bfa02ba3ac564dc8e81e5..56bee8569879ccf7fc5507dec73dcb51af4ed1db 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -127,8 +127,8 @@ class permission(LDAPObject): cli_name='name', label=_('Permission name'), primary_key=True, - pattern='^[-_ a-zA-Z0-9]+$', - pattern_errmsg="May only contain letters, numbers, -, _, and space", + pattern='^[-_ a-zA-Z0-9/]+$', + pattern_errmsg="May only contain letters, numbers, -, _, /, and space", ), Str('permissions+', cli_name='permissions', diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py index 9a14e3c32296922d680a2dd080b1d085e85b00d7..89fae7e6dcf0f7f0bc1666acdb34d6913229891a 100644 --- a/ipatests/test_xmlrpc/test_dns_plugin.py +++ b/ipatests/test_xmlrpc/test_dns_plugin.py @@ -104,6 +104,10 @@ revzone3_classless2_ip = u'192.168.1.128' revzone3_classless2_ipprefix = u'192.168.1.' revzone3_classless2_dn = DN(('idnsname', revzone3_classless2), api.env.container_dns, api.env.basedn) +revzone3_classless2_permission = u'Manage DNS zone %s' % revzone3_classless2 +revzone3_classless2_permission_dn = DN(('cn', revzone3_classless2_permission), + api.env.container_permission, api.env.basedn) + name1 = u'testdnsres' name1_dn = DN(('idnsname',name1), zone1_dn) name1_renamed = u'testdnsres-renamed' @@ -175,7 +179,8 @@ class test_dns(Declarative): 'idnsforwardpolicy' : None, 'idnsallowsyncptr' : None, }), - ('permission_del', [dnszone1_permission], {'force': True}), + ('permission_del', [dnszone1_permission, revzone3_classless2_permission + ], {'force': True}), ] tests = [ @@ -1715,6 +1720,33 @@ class test_dns(Declarative): }, ), + + dict( + desc='Add per-zone permission for classless zone %r' % revzone3_classless2, + command=( + 'dnszone_add_permission', [revzone3_classless2], {} + ), + expected=dict( + result=True, + value=revzone3_classless2_permission, + summary=u'Added system permission "%s"' % revzone3_classless2_permission, + ), + ), + + + dict( + desc='Remove per-zone permission for classless zone %r' % revzone3_classless2, + command=( + 'dnszone_remove_permission', [revzone3_classless2], {} + ), + expected=dict( + result=True, + value=revzone3_classless2_permission, + summary=u'Removed system permission "%s"' % revzone3_classless2_permission, + ), + ), + + dict( desc='Add NS record to %r in revzone %r' % (nsrev, revzone3_classless1), command=('dnsrecord_add', [revzone3_classless1, nsrev], {'nsrecord': zone3_ns2}), diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index dbd9d6901479144ffd909109cd132574512130f1..734dd201af6dd6214eb619b03d6099a369e55426 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -908,7 +908,7 @@ class test_permission(Declarative): permissions=u'write', )), expected=errors.ValidationError(name='name', - error='May only contain letters, numbers, -, _, and space'), + error='May only contain letters, numbers, -, _, /, and space'), ), dict( -- 1.8.3.1
>From 8c38a23b6d6a505c3fbf44257b901938370f5e53 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 4 Jul 2014 10:20:04 +0200 Subject: [PATCH] Allow to add managed permission for reverse zones Ticket: https://fedorahosted.org/freeipa/ticket/4422 --- API.txt | 14 +++++++------- VERSION | 4 ++-- ipalib/plugins/permission.py | 4 ++-- ipatests/test_xmlrpc/test_dns_plugin.py | 34 ++++++++++++++++++++++++++++++++- 4 files changed, 44 insertions(+), 12 deletions(-) diff --git a/API.txt b/API.txt index 0181f7d6cb7dd2fb6ba36ed48ad49a16088f6c2f..04107281e7a0c9d097685c279002217766f262dd 100644 --- a/API.txt +++ b/API.txt @@ -2473,7 +2473,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: PrimaryKey('value', None, None) command: permission_add_member args: 1,5,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=True) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('no_members', autofill=True, default=False, exclude='webui') option: Str('privilege*', alwaysask=True, cli_name='privileges', csv=True) @@ -2484,7 +2484,7 @@ output: Output('failed', <type 'dict'>, None) output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) command: permission_add_noaci args: 1,5,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, required=True) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', multivalue=False, required=True) option: Str('ipapermissiontype', cli_name='ipapermissiontype', multivalue=True, required=True) option: Flag('no_members', autofill=True, cli_name='no_members', default=False, exclude='webui', multivalue=False, required=True) @@ -2495,7 +2495,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: PrimaryKey('value', None, None) command: permission_del args: 1,3,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=True) option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Flag('force', autofill=True, default=False) option: Str('version?', exclude='webui') @@ -2507,7 +2507,7 @@ args: 1,24,4 arg: Str('criteria?', noextrawhitespace=False) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Str('attrs', attribute=False, autofill=False, cli_name='attrs', multivalue=True, query=True, required=False) -option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=False) +option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=False) option: Str('extratargetfilter', attribute=False, autofill=False, cli_name='filter', multivalue=True, query=True, required=False) option: Str('filter', attribute=False, autofill=False, cli_name='filter', multivalue=True, query=True, required=False) option: StrEnum('ipapermbindruletype', attribute=True, autofill=False, cli_name='bindtype', default=u'permission', multivalue=False, query=True, required=False, values=(u'permission', u'all', u'anonymous')) @@ -2535,7 +2535,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('truncated', <type 'bool'>, None) command: permission_mod args: 1,24,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Str('attrs', attribute=False, autofill=False, cli_name='attrs', multivalue=True, required=False) @@ -2565,7 +2565,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: PrimaryKey('value', None, None) command: permission_remove_member args: 1,5,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=True) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('no_members', autofill=True, default=False, exclude='webui') option: Str('privilege*', alwaysask=True, cli_name='privileges', csv=True) @@ -2576,7 +2576,7 @@ output: Output('failed', <type 'dict'>, None) output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) command: permission_show args: 1,5,3 -arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=True) +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=True) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Flag('no_members', autofill=True, default=False, exclude='webui') option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') diff --git a/VERSION b/VERSION index e37f51de8217c661af276baf1f80b70860936fad..78baf5a2f4851f7846b0ac3891434a980ec13be5 100644 --- a/VERSION +++ b/VERSION @@ -89,5 +89,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=100 -# Last change: tbabej - Fix IPA OTP DateTime params +IPA_API_VERSION_MINOR=101 +# Last change: mbasti - Allow '/' in permission name diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 30571bea393d9c5010fb714be13a247b2c0aeaea..edd316be6446cd5561729e1502a837ddcf1a3831 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -223,9 +223,9 @@ class permission(baseldap.LDAPObject): cli_name='name', label=_('Permission name'), primary_key=True, - pattern='^[-_ a-zA-Z0-9.:]+$', + pattern='^[-_ a-zA-Z0-9.:/]+$', pattern_errmsg="May only contain letters, numbers, " - "-, _, ., :, and space", + "-, _, ., :, /, and space", ), StrEnum( 'ipapermright*', diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py index 9937af9b60a6bc222c384cbb1bffc2eef3de8868..1f22e244a5810675fc923b6ece479cbe4e97a549 100644 --- a/ipatests/test_xmlrpc/test_dns_plugin.py +++ b/ipatests/test_xmlrpc/test_dns_plugin.py @@ -96,6 +96,10 @@ revzone3_classless2_ip = u'172.16.70.128' revzone3_classless2_ipprefix = u'172.16.70.' revzone3_classless2_dn = DN(('idnsname', revzone3_classless2), api.env.container_dns, api.env.basedn) +revzone3_classless2_permission = u'Manage DNS zone %s' % revzone3_classless2 +revzone3_classless2_permission_dn = DN(('cn', revzone3_classless2_permission), + api.env.container_permission, api.env.basedn) + name1 = u'testdnsres' name1_dnsname = DNSName(name1) name1_dn = DN(('idnsname',name1), zone1_dn) @@ -266,7 +270,8 @@ class test_dns(Declarative): 'idnsallowsyncptr' : None, }), ('permission_del', [zone1_permission, idnzone1_permission, - fwzone1_permission], {'force': True} + fwzone1_permission, + revzone3_classless2_permission], {'force': True} ), ] @@ -1815,6 +1820,33 @@ class test_dns(Declarative): }, ), + + dict( + desc='Add per-zone permission for classless zone %r' % revzone3_classless2, + command=( + 'dnszone_add_permission', [revzone3_classless2], {} + ), + expected=dict( + result=True, + value=revzone3_classless2_permission, + summary=u'Added system permission "%s"' % revzone3_classless2_permission, + ), + ), + + + dict( + desc='Remove per-zone permission for classless zone %r' % revzone3_classless2, + command=( + 'dnszone_remove_permission', [revzone3_classless2], {} + ), + expected=dict( + result=True, + value=revzone3_classless2_permission, + summary=u'Removed system permission "%s"' % revzone3_classless2_permission, + ), + ), + + dict( desc='Add NS record to %r in revzone %r' % (nsrev, revzone3_classless1), command=('dnsrecord_add', [revzone3_classless1, nsrev], {'nsrecord': zone3_ns2}), -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
