On 02/26/2016 01:30 PM, Martin Kosek wrote: > Greetings, welcome! > > On 02/26/2016 01:17 PM, Lukáš Hellebrandt wrote: > ... >> Btw, is there some better place to share patches than a pasting tool? >> Maybe some form of pull request? > > There is :-) Please see advise here: > > http://www.freeipa.org/page/Contribute/Code#Submit_a_patch > > It has more information on top of submitting patches. For example, I think it > would actually make sense to start with a design page where you would describe > the use cases, design, APIs, etc: > > http://www.freeipa.org/page/Contribute/Code#Prepare > > Martin >
Should I send it as an attachment? Ok, sending, but do not apply it yet (even if you don't find bugs), I just need some feedback - not everything is done yet. -- Lukas Hellebrandt Associate Quality Engineer [email protected]
From 001d6c90c6fd007a49a22a9d96fe31fcc5b8ba6c Mon Sep 17 00:00:00 2001 From: Lukas Hellebrandt <[email protected]> Date: Thu, 18 Feb 2016 18:43:59 +0100 Subject: [PATCH] Adding URL to HBAC rule --- ACI.txt | 2 +- API.txt | 9 ++++++--- VERSION | 4 ++-- install/share/60basev2.ldif | 3 ++- install/ui/src/freeipa/hbac.js | 14 ++++++++++++-- install/ui/test/data/ipa_init.json | 3 ++- ipalib/plugins/hbacrule.py | 7 +++++-- ipalib/plugins/internal.py | 1 + 8 files changed, 31 insertions(+), 12 deletions(-) diff --git a/ACI.txt b/ACI.txt index 24cb332ce6e10c82a5bfab76d084fb6c0277800d..ecacc1ca50b6203d90879dcca35fdad16f7fc15b 100644 --- a/ACI.txt +++ b/ACI.txt @@ -93,7 +93,7 @@ aci: (targetattr = "externalhost || memberhost || memberservice || memberuser")( dn: cn=hbac,dc=ipa,dc=example aci: (targetattr = "accessruletype || accesstime || cn || description || hostcategory || ipaenabledflag || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Modify HBAC Rule";allow (write) groupdn = "ldap:///cn=System: Modify HBAC Rule,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hbac,dc=ipa,dc=example -aci: (targetattr = "accessruletype || accesstime || cn || createtimestamp || description || entryusn || externalhost || hostcategory || ipaenabledflag || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Read HBAC Rules";allow (compare,read,search) userdn = "ldap:///all";;) +aci: (targetattr = "accessruletype || accesstime || cn || createtimestamp || description || entryusn || externalhost || hostcategory || ipaenabledflag || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || sourcehost || sourcehostcategory || url || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Read HBAC Rules";allow (compare,read,search) userdn = "ldap:///all";;) dn: cn=hbacservices,cn=hbac,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Add HBAC Services";allow (add) groupdn = "ldap:///cn=System: Add HBAC Services,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hbacservices,cn=hbac,dc=ipa,dc=example diff --git a/API.txt b/API.txt index e2976e0e2897355bdb7ead438d4b67524f2fb1e8..5886e6a94bd8f25caa54c373e9ac9314e0755aff 100644 --- a/API.txt +++ b/API.txt @@ -1656,7 +1656,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: PrimaryKey('value', None, None) command: hbacrule_add -args: 1,16,3 +args: 1,17,3 arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True) option: StrEnum('accessruletype', attribute=True, autofill=True, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=True, values=(u'allow', u'deny')) option: Str('addattr*', cli_name='addattr', exclude='webui') @@ -1672,6 +1672,7 @@ option: Str('setattr*', cli_name='setattr', exclude='webui') option: DeprecatedParam('sourcehost_host', attribute=True, cli_name='sourcehost_host', multivalue=False, required=False) option: DeprecatedParam('sourcehost_hostgroup', attribute=True, cli_name='sourcehost_hostgroup', multivalue=False, required=False) option: DeprecatedParam('sourcehostcategory', attribute=True, cli_name='sourcehostcategory', multivalue=False, required=False) +option: Str('url', attribute=True, cli_name='url', multivalue=False, required=False) option: StrEnum('usercategory', attribute=True, cli_name='usercat', multivalue=False, required=False, values=(u'all',)) option: Str('version?', exclude='webui') output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) @@ -1748,7 +1749,7 @@ output: Output('result', <type 'bool'>, None) output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: PrimaryKey('value', None, None) command: hbacrule_find -args: 1,18,4 +args: 1,19,4 arg: Str('criteria?', noextrawhitespace=False) option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, query=True, required=False, values=(u'allow', u'deny')) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') @@ -1766,6 +1767,7 @@ option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_n option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, query=True, required=False) option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, query=True, required=False) option: Int('timelimit?', autofill=False, minvalue=0) +option: Str('url', attribute=True, autofill=False, cli_name='url', multivalue=False, query=True, required=False) option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, query=True, required=False, values=(u'all',)) option: Str('version?', exclude='webui') output: Output('count', <type 'int'>, None) @@ -1773,7 +1775,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Output('truncated', <type 'bool'>, None) command: hbacrule_mod -args: 1,18,3 +args: 1,19,3 arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=False, values=(u'allow', u'deny')) option: Str('addattr*', cli_name='addattr', exclude='webui') @@ -1791,6 +1793,7 @@ option: Str('setattr*', cli_name='setattr', exclude='webui') option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_name='sourcehost_host', multivalue=False, required=False) option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, required=False) option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, required=False) +option: Str('url', attribute=True, autofill=False, cli_name='url', multivalue=False, required=False) option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, required=False, values=(u'all',)) option: Str('version?', exclude='webui') output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) diff --git a/VERSION b/VERSION index 7053bea9dba13476a2138bfb0e9acc2165735ede..ccb4516f2635a1e91c31729c7ffe301f93e6ea63 100644 --- a/VERSION +++ b/VERSION @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=163 -# Last change: jcholast - replica install: add remote connection check over API +IPA_API_VERSION_MINOR=164 +# Last change: lhellebr - add URL to HBAC rule diff --git a/install/share/60basev2.ldif b/install/share/60basev2.ldif index 00712ddda2c548b7f7924a012f3f68499f2f01da..4205958db20be2e9bc27198814000d60cb7caa21 100644 --- a/install/share/60basev2.ldif +++ b/install/share/60basev2.ldif @@ -37,7 +37,8 @@ attributeTypes: (2.16.840.1.113730.3.8.3.11 NAME 'externalHost' DESC 'Multivalue attributeTypes: (2.16.840.1.113730.3.8.3.12 NAME 'sourceHostCategory' DESC 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: (2.16.840.1.113730.3.8.3.13 NAME 'accessRuleType' DESC 'The flag to represent if it is allow or deny rule.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) attributeTypes: (2.16.840.1.113730.3.8.3.14 NAME 'accessTime' DESC 'Access time' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) -objectClasses: (2.16.840.1.113730.3.8.4.7 NAME 'ipaHBACRule' SUP ipaAssociation STRUCTURAL MUST accessRuleType MAY ( sourceHost $ sourceHostCategory $ serviceCategory $ memberService $ externalHost $ accessTime ) X-ORIGIN 'IPA v2' ) +attributeTypes: (2.16.840.1.113730.3.8.3.21 NAME 'url' DESC 'Url of the source' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2') +objectClasses: (2.16.840.1.113730.3.8.4.7 NAME 'ipaHBACRule' SUP ipaAssociation STRUCTURAL MUST accessRuleType MAY ( sourceHost $ sourceHostCategory $ serviceCategory $ memberService $ externalHost $ accessTime $ url ) X-ORIGIN 'IPA v2' ) attributeTypes: (2.16.840.1.113730.3.8.3.15 NAME 'nisDomainName' DESC 'NIS domain name.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.8 NAME 'ipaNISNetgroup' DESC 'IPA version of NIS netgroup' SUP ipaAssociation STRUCTURAL MAY ( externalHost $ nisDomainName $ member $ memberOf ) X-ORIGIN 'IPA v2' ) attributeTypes: (1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount Map Name' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2307bis' ) diff --git a/install/ui/src/freeipa/hbac.js b/install/ui/src/freeipa/hbac.js index 6161942b93fce654830330fdbdf6853ce9e428ff..539849d681f03a4e89b94d817c4a40a16fc62bc3 100644 --- a/install/ui/src/freeipa/hbac.js +++ b/install/ui/src/freeipa/hbac.js @@ -52,7 +52,8 @@ var spec = { label: '@i18n:status.label', formatter: 'boolean_status' }, - 'description' + 'description', + 'url' ], actions: [ 'batch_disable', @@ -244,6 +245,11 @@ var add_hbacrule_details_facet_widgets = function (spec) { $type: 'textarea', name: 'description', widget: 'general.description' + }, + { + $type: 'textarea', + name: 'url', + widget: 'general.url' } ]; @@ -259,6 +265,10 @@ var add_hbacrule_details_facet_widgets = function (spec) { { $type: 'textarea', name: 'description' + }, + { + $type: 'textarea', + name: 'url' } ] } @@ -503,4 +513,4 @@ exp.register = function() { phases.on('registration', exp.register); return exp; -}); \ No newline at end of file +}); diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json index 852b953736da0ccb8a7803259e2bd5d4c4108ab9..ad12f771f605fed235982dbcef055a2ae0b68c47 100644 --- a/install/ui/test/data/ipa_init.json +++ b/install/ui/test/data/ipa_init.json @@ -353,7 +353,8 @@ "specified_hosts": "Specified Hosts and Groups", "specified_services": "Specified Services and Groups", "specified_users": "Specified Users and Groups", - "user": "Who" + "user": "Who", + "url": "URL" }, "hbacsvc": {}, "hbacsvcgroup": { diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index 54487eded21637bcd9d78179ad51c4abdedfc561..6569aa8ecc45d1513cce786fa5000c94a88f6b49 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -137,7 +137,7 @@ class hbacrule(LDAPObject): 'description', 'usercategory', 'hostcategory', 'servicecategory', 'ipaenabledflag', 'memberuser', 'sourcehost', 'memberhost', 'memberservice', - 'externalhost', + 'externalhost','url', ] uuid_attribute = 'ipauniqueid' rdn_attribute = 'ipauniqueid' @@ -157,7 +157,7 @@ class hbacrule(LDAPObject): 'externalhost', 'hostcategory', 'ipaenabledflag', 'ipauniqueid', 'memberhost', 'memberservice', 'memberuser', 'servicecategory', 'sourcehost', 'sourcehostcategory', - 'usercategory', 'objectclass', 'member', + 'usercategory', 'objectclass', 'member', 'url', }, }, 'System: Add HBAC Rule': { @@ -275,6 +275,9 @@ class hbacrule(LDAPObject): label=_('Service Groups'), flags=['no_create', 'no_update', 'no_search'], ), + Str('url?', + label=_('URL'), + ), external_host_param, ) diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py index 7156d4f47004dd702d3896ca736cc1f42227a321..99b55b60517d55e09e545dac9541d8d00f79bef8 100644 --- a/ipalib/plugins/internal.py +++ b/ipalib/plugins/internal.py @@ -498,6 +498,7 @@ class i18n_messages(Command): "specified_services": _("Specified Services and Groups"), "specified_users": _("Specified Users and Groups"), "user": _("Who"), + "url": _("URL"), }, "hbacsvc": { }, -- 2.4.3
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
