Re: [Freeipa-devel] [PATCH] Raise ValidationError when adding unallowed attribute to search fields.
Pavel Zuna pz...@redhat.com wrote: Depends on my previous patch number 64 (posted on the list 2 minutes ago). Ticket #845 Pavel ack Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Add ldap2 method to retrieve allowed attributes for specified objectClasses.
Pavel Zuna pz...@redhat.com wrote: ldap2.get_allowed_attributes(['posixuser']) returns a list of unicode all lower case attribute names allowed for the object class 'posixuser' You can enter as many object classes as you want. Pavel ack Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Add support for account unlocking
Jan Zeleny jzel...@redhat.com wrote: This patch adds command ipa user-unlock and some LDAP modifications which are required by Kerberos for unlocking to work. Ticket: https://fedorahosted.org/freeipa/ticket/344 Jan Just a reminder that this patch needs a review. Thanks Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Provide a way to display CLI-LDAP attribute relation
Since some LDAP attributes have their cli_name value defined, so they can be more user friendly, it can be difficult for user to find out which attributes do the parameteres given to CLI really represent. This patch provides new command, which will take another IPA command as and argument and display attributes which given command takes and what LDAP attributes are they mapped to. https://fedorahosted.org/freeipa/ticket/447 When reviewing, please pay attention to line 39 of the patch (detection of the 'webui' in param.excludes). I think this is the right approach, but I'm not 100% sure. Thanks Jan From 6021801d788893ae467facd79379a8dfcf5842f7 Mon Sep 17 00:00:00 2001 From: Jan Zeleny jzel...@redhat.com Date: Wed, 26 Jan 2011 13:09:26 +0100 Subject: [PATCH] Provide a way to display CLI-LDAP relation Since some LDAP attributes have their cli_name value defined, so they can be more user friendly, it can be difficult for user to find out which attributes do the parameteres given to CLI really represent. This patch provides new command, which will take another IPA command as and argument and display attributes which given command takes and what LDAP attributes are they mapped to. https://fedorahosted.org/freeipa/ticket/447 --- ipalib/cli.py | 21 + 1 files changed, 21 insertions(+), 0 deletions(-) diff --git a/ipalib/cli.py b/ipalib/cli.py index 2d219b71bd1a17b0dc2977b3b7048d8318203c63..c2e8bdcf646d7f2c1a06de5053c1c82ee61695af 100644 --- a/ipalib/cli.py +++ b/ipalib/cli.py @@ -786,6 +786,26 @@ class help(frontend.Local): print ' %s %s' % (to_cli(c.name).ljust(mcl), c.summary) print \n +class show_mappings(frontend.Command): +takes_args = (Bytes('command_name'),) +has_output = tuple() + +def run(self, command_name): +command_name = from_cli(command_name) +if command_name not in self.Command: +print 'error: TODO fill in the text' +params = self.Command[command_name].options +out = [('Parameter','LDAP attribute'), + ('=','==')] +mcl = len(out[0][0]) +for param in params(): +if param.exclude and 'webui' in param.exclude: +continue +out.append((param.cli_name, param.param_spec)) +mcl = max(mcl,len(param.cli_name)) +for item in out: +print to_cli(item[0]).ljust(mcl)+' : '+item[1] + class console(frontend.Command): Start the IPA interactive Python console. @@ -1054,6 +1074,7 @@ cli_plugins = ( textui, console, help, +show_mappings, ) -- 1.7.3.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Add flags to enforce asking for object attribute
Jan Zelený wrote: Rob Crittendenrcrit...@redhat.com wrote: Jan Zelený wrote: So far the only way to enforce asking for parameter in interactive mode was the alwaysask attribute, which is not sufficient any more. This patch adds the ability to control during which actions the atrribute shall be asked for. Jan nack, this doesn't address the interactive part in ipalib/cli.py. rob I'm afraid I don't know what do you mean. Can you please give me a quick guidance what are you referring to? Thanks Jan Sorry, I misread the intention. This definitely makes the -find functions work a lot nicer, esp permission-find. ack, pushed to master rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 017 ACI plugin supports prefixes
When more than one plugin produce ACIs, they share common namespace of ACI name. This may lead to name collisions between the ACIs from different plugins. This patch introduces a mandatory prefix attribute for non-find ACI operations which allow plugins to use their own prefixes (i.e. namespaces) which is then used when a name of the ACI is generated. Permission, Delegation and Selfservice plugins has been updated to use their own prefixes thus avoiding name collisions by using their own namespaces. Default ACIs in LDIFs has been updated to follow this new policy. Permission plugin now uses its CN (=primary key) instead of description in ACI names as Description may not be unique. This change requires an IPA server reinstall since the default ACI set has been changed. https://fedorahosted.org/freeipa/ticket/764 From 36188a6e45787000d9a334752863de4a2c9007b8 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Fri, 21 Jan 2011 09:20:01 +0100 Subject: [PATCH] ACI plugin supports prefixes When more than one plugin produce ACIs, they share common namespace of ACI name. This may lead to name collisions between the ACIs from different plugins. This patch introduces a mandatory prefix attribute for non-find ACI operations which allow plugins to use their own prefixes (i.e. namespaces) which is then used when a name of the ACI is generated. Permission, Delegation and Selfservice plugins has been updated to use their own prefixes thus avoiding name collisions by using their own namespaces. Default ACIs in LDIFs has been updated to follow this new policy. Permission plugin now uses its CN (=primary key) instead of description in ACI names as Description may not be unique. This change requires an IPA server reinstall since the default ACI set has been changed. https://fedorahosted.org/freeipa/ticket/764 --- install/share/default-aci.ldif |2 +- install/share/delegation.ldif | 88 ++-- install/share/replica-acis.ldif |6 +- ipalib/plugins/aci.py | 97 ++ ipalib/plugins/delegation.py|9 +++- ipalib/plugins/permission.py| 55 +- ipalib/plugins/selfservice.py | 16 ++- 7 files changed, 180 insertions(+), 93 deletions(-) diff --git a/install/share/default-aci.ldif b/install/share/default-aci.ldif index ff0e5aec0af551a34f53e46c85c95bb97a509dc2..b12eab492ec3f491e321ee8bf68a02168cf37073 100644 --- a/install/share/default-aci.ldif +++ b/install/share/default-aci.ldif @@ -5,7 +5,7 @@ changetype: modify add: aci aci: (targetattr != userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey)(version 3.0; acl Enable Anonymous access; allow (read, search, compare) userdn = ldap:///anyone;;) aci: (targetattr != userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || krbTicketFlags || ipaUniqueId || memberOf || serverHostName || enrolledBy)(version 3.0; acl Admin can manage any entry; allow (all) groupdn = ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX;;) -aci: (targetattr = userpassword || krbprincipalkey || sambalmpassword || sambantpassword)(version 3.0; acl Self can write own password; allow (write) userdn=ldap:///self;;) +aci: (targetattr = userpassword || krbprincipalkey || sambalmpassword || sambantpassword)(version 3.0; acl selfservice:Self can write own password; allow (write) userdn=ldap:///self;;) aci: (targetattr = userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory)(version 3.0; acl Admins can write passwords; allow (add,delete,write) groupdn=ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX;;) aci: (targetattr = userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory)(version 3.0; acl Password change service can read/write passwords; allow (read, write) userdn=ldap:///krbprincipalname=kadmin/changepw@$REALM,cn=$REALM,cn=kerberos,$SUFFIX;;) aci: (targetattr = userPassword || krbPrincipalKey || krbPasswordExpiration || sambaLMPassword || sambaNTPassword || passwordHistory || krbExtraData)(version 3.0; acl KDC System Account can access passwords; allow (all) userdn=ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX;;) diff --git a/install/share/delegation.ldif b/install/share/delegation.ldif index 79b5159da8f8e475979f97c3f450aabd874e6d4c..d1d60fd478bf879c37c060dfe07ae01b7a6ead23 100644 --- a/install/share/delegation.ldif +++ b/install/share/delegation.ldif @@ -507,96 +507,96 @@ member: cn=entitlementadmin,cn=privileges,cn=pbac,$SUFFIX dn: $SUFFIX changetype: modify add: aci -aci:
[Freeipa-devel] [PATCH] 041 Add example of DNS SRV record and a simple validator
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 https://fedorahosted.org/freeipa/ticket/846 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1AMfwACgkQHsardTLnvCWbCwCff34Pr/Hy6s6VUSmlFr9+++V8 dJIAn3evO4cbgokA1+xfLBG5q1LhReKI =azjr -END PGP SIGNATURE- From 082d3471fdfe1133a3dd83445ab3774c0304bae6 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek jhro...@redhat.com Date: Wed, 26 Jan 2011 09:31:50 -0500 Subject: [PATCH] Add example of DNS SRV record and a simple validator https://fedorahosted.org/freeipa/ticket/846 --- ipalib/plugins/dns.py | 23 +++ 1 files changed, 23 insertions(+), 0 deletions(-) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 69c38b2..4aad9dd 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -39,6 +39,13 @@ EXAMPLES: Add new PTR record for www.example.com ipa dnsrecord-add 15.142.80.in-addr.arpa 2 --ptr-rec www.example.com. + Add new SRV records for LDAP servers. Three quarters of the requests + should go to fast.example.com, one quarter to slow.example.com. If neither + is available, switch to backup.example.com. + ipa dnsrecord-add srvzone _ldap._tcp --srv-rec=0 3 389 fast.example.com + ipa dnsrecord-add srvzone _ldap._tcp --srv-rec=0 1 389 slow.example.com + ipa dnsrecord-add srvzone _ldap._tcp --srv-rec=1 1 389 backup.example.com + Show zone example.com: ipa dnszone-show example.com @@ -114,10 +121,26 @@ def _validate_ipnet(ugettext, ipnet): return u'invalid format' return None +def _validate_srv(ugettext, srv): +try: +prio, weight, port, host = srv.split() +except ValueError: +return u'format must be specified as priority weight port target' + +try: +prio = int(prio) +weight = int(weight) +port = int(port) +except ValueError: +return u'the values of priority, weight and port must be integers' + +return None + _record_validators = { u'A': _validate_ipaddr, u'': _validate_ipaddr, u'APL': _validate_ipnet, +u'SRV': _validate_srv, } -- 1.7.3.5 jhrozek-freeipa-041-srv-validator.patch.sig Description: PGP signature ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 041 Add example of DNS SRV record and a simple validator
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/26/2011 03:38 PM, Jakub Hrozek wrote: https://fedorahosted.org/freeipa/ticket/846 This version contains a better example (consistent zone name). -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1AMxwACgkQHsardTLnvCW8mwCeIik86wzgTkvaUxafulWzF872 LowAoMQKSKrQWW85ovg1wQobQSE1j+cf =XNLO -END PGP SIGNATURE- From 518aef649e56d0e14ba02396171c22c746aae37e Mon Sep 17 00:00:00 2001 From: Jakub Hrozek jhro...@redhat.com Date: Wed, 26 Jan 2011 09:31:50 -0500 Subject: [PATCH] Add example of DNS SRV record and a simple validator https://fedorahosted.org/freeipa/ticket/846 --- ipalib/plugins/dns.py | 23 +++ 1 files changed, 23 insertions(+), 0 deletions(-) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 5b5411f..69ae1aa 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -39,6 +39,13 @@ EXAMPLES: Add new PTR record for www.example.com ipa dnsrecord-add 15.142.80.in-addr.arpa 2 --ptr-rec www.example.com. + Add new SRV records for LDAP servers. Three quarters of the requests + should go to fast.example.com, one quarter to slow.example.com. If neither + is available, switch to backup.example.com. + ipa dnsrecord-add example.com _ldap._tcp --srv-rec=0 3 389 fast.example.com + ipa dnsrecord-add example.com _ldap._tcp --srv-rec=0 1 389 slow.example.com + ipa dnsrecord-add example.com _ldap._tcp --srv-rec=1 1 389 backup.example.com + Show zone example.com: ipa dnszone-show example.com @@ -114,10 +121,26 @@ def _validate_ipnet(ugettext, ipnet): return u'invalid format' return None +def _validate_srv(ugettext, srv): +try: +prio, weight, port, host = srv.split() +except ValueError: +return u'format must be specified as priority weight port target' + +try: +prio = int(prio) +weight = int(weight) +port = int(port) +except ValueError: +return u'the values of priority, weight and port must be integers' + +return None + _record_validators = { u'A': _validate_ipaddr, u'': _validate_ipaddr, u'APL': _validate_ipnet, +u'SRV': _validate_srv, } -- 1.7.3.4 jhrozek-freeipa-041-02-srv-validator.patch.sig Description: PGP signature ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0163-dns-container
ACK Looks good. - Original Message - On 01/25/2011 09:16 PM, Adam Young wrote: Kyle noticed that the DNS page was off. This fixes it. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Fixes the title. It had to be set after the entity was assigned. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel From 7873786188e39b6d91645dc66c733477188e6fdf Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Tue, 25 Jan 2011 21:15:05 -0500 Subject: [PATCH] dns container the dns records page was adding controls to the wrong tag. This pushes everything down one level, fixing the formatting. --- install/ui/policy.js | 58 - 1 files changed, 33 insertions(+), 25 deletions(-) diff --git a/install/ui/policy.js b/install/ui/policy.js index 208b7c9ec55f82166d876fea250c93a37bf85880..fedf40726ac11d05f859cc09045ebe59a783fb94 100644 --- a/install/ui/policy.js +++ b/install/ui/policy.js @@ -276,30 +276,21 @@ IPA.records_facet = function (spec){ }; function create(container) { + +container.attr('title', that.entity_name); + +$('h1/',{ +}).append(IPA.create_network_spinner()). +appendTo(container); + var details = $('div/', { 'class': 'content' }).appendTo(container); -} - -function setup(container){ - -that.facet_setup(container); - -that.pkey = $.bbq.getState(that.entity_name + '-pkey', true) || ''; -that.record = $.bbq.getState(that.entity_name + '-record', true) || ''; - -that.container.attr('title', that.entity_name); - -var h2 = $('h2/h2',{ -text: Records for DNS Zone: + that.pkey -}).appendTo(that.container); - var div = $('div class=search-controls/div'). -appendTo(that.container); +appendTo(details); var control_span =$('span class=record-filter/span').appendTo(div); - control_span.append('Resource'); control_span.append($('input /',{ type: text, @@ -311,13 +302,6 @@ IPA.records_facet = function (spec){ create_type_select('dns-record-type-filter',true). appendTo(control_span); -//commented out until data is searchable -//control_span.append('Data'); -//control_span.append($('input /',{ -//type: text, -//id: 'dns-record-data-filter', -//name: 'search-' + obj_name + '-filter' -//})); IPA.button({ @@ -349,7 +333,7 @@ IPA.records_facet = function (spec){ var records_results = $('div/', { 'class': 'records-results' -}).appendTo(that.container); +}).appendTo(details); var records_table = $('table/', { 'class': 'search-table' @@ -373,6 +357,30 @@ IPA.records_facet = function (spec){ tr.append($('thRecord Type/th')); tr.append($('thData/th')); +} + +function setup(container){ + +that.facet_setup(container); + +that.pkey = $.bbq.getState(that.entity_name + '-pkey', true) || ''; +that.record = $.bbq.getState(that.entity_name + '-record', true) || ''; + + +$('h1',container). +html(span id='headerpkey' /Records for DNS Zone: + that.pkey); + + +//commented out until data is searchable +//control_span.append('Data'); +//control_span.append($('input /',{ +//type: text, +//id: 'dns-record-data-filter', +//name: 'search-' + obj_name + '-filter' +//})); + + + refresh(); } -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0163-dns-container
ACK Looks good. - Original Message - Kyle noticed that the DNS page was off. This fixes it. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel From 6a7ca9e8400c359fa50f1ecca62a34a7cdf3abd7 Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Tue, 25 Jan 2011 21:15:05 -0500 Subject: [PATCH] dns container the dns records page was adding controls to the wrong tag. This pushes everything down one level, fixing the formatting. --- install/ui/policy.js | 55 +++-- 1 files changed, 30 insertions(+), 25 deletions(-) diff --git a/install/ui/policy.js b/install/ui/policy.js index 208b7c9ec55f82166d876fea250c93a37bf85880..7e9e05eb637047bf344c7748c06698ef3de4004f 100644 --- a/install/ui/policy.js +++ b/install/ui/policy.js @@ -276,30 +276,22 @@ IPA.records_facet = function (spec){ }; function create(container) { + +container.attr('title', that.entity_name); + +$('h1/',{ +html: span id='headerpkey' /Records for DNS Zone: + that.pkey +}).append(IPA.create_network_spinner()). +appendTo(container); + var details = $('div/', { 'class': 'content' }).appendTo(container); -} - -function setup(container){ - -that.facet_setup(container); - -that.pkey = $.bbq.getState(that.entity_name + '-pkey', true) || ''; -that.record = $.bbq.getState(that.entity_name + '-record', true) || ''; - -that.container.attr('title', that.entity_name); - -var h2 = $('h2/h2',{ -text: Records for DNS Zone: + that.pkey -}).appendTo(that.container); - var div = $('div class=search-controls/div'). -appendTo(that.container); +appendTo(details); var control_span =$('span class=record-filter/span').appendTo(div); - control_span.append('Resource'); control_span.append($('input /',{ type: text, @@ -311,13 +303,6 @@ IPA.records_facet = function (spec){ create_type_select('dns-record-type-filter',true). appendTo(control_span); -//commented out until data is searchable -//control_span.append('Data'); -//control_span.append($('input /',{ -//type: text, -//id: 'dns-record-data-filter', -//name: 'search-' + obj_name + '-filter' -//})); IPA.button({ @@ -349,7 +334,7 @@ IPA.records_facet = function (spec){ var records_results = $('div/', { 'class': 'records-results' -}).appendTo(that.container); +}).appendTo(details); var records_table = $('table/', { 'class': 'search-table' @@ -373,6 +358,26 @@ IPA.records_facet = function (spec){ tr.append($('thRecord Type/th')); tr.append($('thData/th')); +} + +function setup(container){ + +that.facet_setup(container); + +that.pkey = $.bbq.getState(that.entity_name + '-pkey', true) || ''; +that.record = $.bbq.getState(that.entity_name + '-record', true) || ''; + + +//commented out until data is searchable +//control_span.append('Data'); +//control_span.append($('input /',{ +//type: text, +//id: 'dns-record-data-filter', +//name: 'search-' + obj_name + '-filter' +//})); + + + refresh(); } -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0164-dns-visible-if-enabled.
ACK Looks good. - Original Message - ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel From 40c765b901e23d4677f82439796563241a6d40bd Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Tue, 25 Jan 2011 21:58:49 -0500 Subject: [PATCH] dns visible if enabled use the result of the is_dns_enabled command to show or hid the dns tab Also, Javascript lint cleanup from recent patches. --- install/ui/entity.js |2 +- install/ui/ipa.js|1 + install/ui/webui.js | 13 ++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/install/ui/entity.js b/install/ui/entity.js index 34e34d6cfccc199ee68404cd7276d22a0b342494..e7fa6a7a3e96ea850e87036a4cb06029cd8d2eba 100644 --- a/install/ui/entity.js +++ b/install/ui/entity.js @@ -434,7 +434,7 @@ IPA.nested_tabs = function(entity_name){ IPA.nested_tab_labels[entity_name] = top_tab.children[subtab_index].label; if (top_tab.children[subtab_index].children){ -label = top_tab.children[subtab_index].label +label = top_tab.children[subtab_index].label; nested_entities = top_tab.children[subtab_index].children; for ( nested_index = 0; nested_index nested_entities.length; diff --git a/install/ui/ipa.js b/install/ui/ipa.js index 5e22b2c3f08781f2f5a7bce1b72bd3142bcde240..725bf17c593aa30115d318bf3614239ef58948a6 100644 --- a/install/ui/ipa.js +++ b/install/ui/ipa.js @@ -95,6 +95,7 @@ var IPA = ( function () { that.messages = data.result.results[1].messages; that.whoami = data.result.results[2].result[0]; that.env = data.result.results[3].result; +that.dns_enabled = data.result.results[4].result; if (on_success) { on_success(data, text_status, xhr); } diff --git a/install/ui/webui.js b/install/ui/webui.js index b1097f63a1f5ec843961ed1b90a86d8d6e05a1c9..f5b77c851a798e3fbea328178be70e49fb86a7f6 100644 --- a/install/ui/webui.js +++ b/install/ui/webui.js @@ -27,7 +27,7 @@ IPA.admin_tab_set = function () { -return [ +var tabset = [ {name:'identity', label: IPA.messages.tabs.identity, children:[ {name:'user', entity:'user'}, {name:'group', entity:'group'}, @@ -37,7 +37,6 @@ IPA.admin_tab_set = function () { {name:'service', entity:'service'} ]}, {name:'policy', label: IPA.messages.tabs.policy, children:[ -{name:'dnszone', entity:'dnszone'}, {name:'hbacrule', label: IPA.messages.tabs.hbac , entity:'hbacrule', children:[ {name:'hbacsvc', entity:'hbacsvc'}, @@ -60,6 +59,14 @@ IPA.admin_tab_set = function () { {name:'delegation' ,entity:'delegation'}, {name:'config', entity:'config'} ]}]; + +if (IPA.dns_enabled){ +tabset[1].children.unshift( +{name:'dnszone', entity:'dnszone'} +); +} + +return tabset; }; IPA.self_serv_tab_set = function(){ @@ -139,7 +146,7 @@ $(function() { IPA.tab_set = IPA.admin_tab_set(); nav_create(IPA.tab_set, navigation, 'tabs'); } else { -IPA.tab_set = self_serv_tab_set(); +IPA.tab_set = IPA.self_serv_tab_set(); nav_create(IPA.tab_set, navigation, 'tabs'); var state = {'user-pkey':IPA.whoami_pkey , -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] admiyo-0165-api-version-update.
From b871b90ef023ebc705ea17bd076cfece619180f6 Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Wed, 26 Jan 2011 10:12:04 -0500 Subject: [PATCH] api version update --- API.txt | 36 ++-- 1 files changed, 18 insertions(+), 18 deletions(-) diff --git a/API.txt b/API.txt index 9717acc5d758c621efe2616862a2154fdd9c4ffb..42ba61f48dad4bdcaaa8e28c84e62c2607017ed6 100644 --- a/API.txt +++ b/API.txt @@ -1581,12 +1581,12 @@ args: 1,13,3 arg: Str('cn', attribute=True, cli_name='name', label=Gettext('Permission name', domain='ipa', localedir=None), multivalue=False, normalizer=lambda, primary_key=True, required=True) option: Str('description', attribute=True, cli_name='desc', label=Gettext('Description', domain='ipa', localedir=None), multivalue=False, required=True) option: List('permissions', attribute=True, cli_name='permissions', label=Gettext('Permissions', domain='ipa', localedir=None), multivalue=True, required=True) -option: List('attrs', alwaysask=True, attribute=True, cli_name='attrs', label=Gettext('Attributes', domain='ipa', localedir=None), multivalue=True, normalizer=lambda, required=False) -option: StrEnum('type', alwaysask=True, attribute=True, cli_name='type', label=Gettext('Type', domain='ipa', localedir=None), multivalue=False, required=False, values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dns')) -option: Str('memberof', alwaysask=True, attribute=True, cli_name='memberof', label=Gettext('Member of group', domain='ipa', localedir=None), multivalue=False, required=False) -option: Str('filter', alwaysask=True, attribute=True, cli_name='filter', label=Gettext('Filter', domain='ipa', localedir=None), multivalue=False, required=False) -option: Str('subtree', alwaysask=True, attribute=True, cli_name='subtree', label=Gettext('Subtree', domain='ipa', localedir=None), multivalue=False, required=False) -option: Str('targetgroup', alwaysask=True, attribute=True, cli_name='targetgroup', label=Gettext('Target group', domain='ipa', localedir=None), multivalue=False, required=False) +option: List('attrs', alwaysask=True, attribute=True, autofill=False, cli_name='attrs', flags=('ask_create', 'ask_update'), label=Gettext('Attributes', domain='ipa', localedir=None), multivalue=True, normalizer=lambda, query=True, required=False) +option: StrEnum('type', alwaysask=True, attribute=True, autofill=False, cli_name='type', flags=('ask_create', 'ask_update'), label=Gettext('Type', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dns')) +option: Str('memberof', alwaysask=True, attribute=True, autofill=False, cli_name='memberof', flags=('ask_create', 'ask_update'), label=Gettext('Member of group', domain='ipa', localedir=None), multivalue=False, query=True, required=False) +option: Str('filter', alwaysask=True, attribute=True, autofill=False, cli_name='filter', flags=('ask_create', 'ask_update'), label=Gettext('Filter', domain='ipa', localedir=None), multivalue=False, query=True, required=False) +option: Str('subtree', alwaysask=True, attribute=True, autofill=False, cli_name='subtree', flags=('ask_create', 'ask_update'), label=Gettext('Subtree', domain='ipa', localedir=None), multivalue=False, query=True, required=False) +option: Str('targetgroup', alwaysask=True, attribute=True, autofill=False, cli_name='targetgroup', flags=('ask_create', 'ask_update'), label=Gettext('Target group', domain='ipa', localedir=None), multivalue=False, query=True, required=False) option: Str('addattr*', validate_add_attribute, cli_name='addattr', exclude='webui') option: Str('setattr*', validate_set_attribute, cli_name='setattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', flags=['no_output']) @@ -1618,12 +1618,12 @@ arg: Str('criteria?') option: Str('cn', attribute=True, autofill=False, cli_name='name', label=Gettext('Permission name', domain='ipa', localedir=None), multivalue=False, normalizer=lambda, primary_key=True, query=True, required=False) option: Str('description', attribute=True, autofill=False, cli_name='desc', label=Gettext('Description', domain='ipa', localedir=None), multivalue=False, query=True, required=False) option: List('permissions', attribute=True, autofill=False, cli_name='permissions', label=Gettext('Permissions', domain='ipa', localedir=None), multivalue=True, query=True, required=False) -option: List('attrs', alwaysask=True, attribute=True, autofill=False, cli_name='attrs', label=Gettext('Attributes', domain='ipa', localedir=None), multivalue=True, normalizer=lambda, query=True, required=False) -option: StrEnum('type', alwaysask=True, attribute=True, autofill=False, cli_name='type', label=Gettext('Type', domain='ipa', localedir=None), multivalue=False, query=True, required=False, values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dns')) -option:
Re: [Freeipa-devel] [PATCH] admiyo-0165-api-version-update.
Adam Young wrote: ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ack ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0165-api-version-update.
On 01/26/2011 10:20 AM, Rob Crittenden wrote: Adam Young wrote: ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ack Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 017 ACI plugin supports prefixes
Martin Kosek wrote: When more than one plugin produce ACIs, they share common namespace of ACI name. This may lead to name collisions between the ACIs from different plugins. This patch introduces a mandatory prefix attribute for non-find ACI operations which allow plugins to use their own prefixes (i.e. namespaces) which is then used when a name of the ACI is generated. Permission, Delegation and Selfservice plugins has been updated to use their own prefixes thus avoiding name collisions by using their own namespaces. Default ACIs in LDIFs has been updated to follow this new policy. Permission plugin now uses its CN (=primary key) instead of description in ACI names as Description may not be unique. This change requires an IPA server reinstall since the default ACI set has been changed. https://fedorahosted.org/freeipa/ticket/764 I took a quick look. Rob, I thought that there are different APIs for self and delegation. Is this is the case? ipa permission-... functions should never deal with self service or delegation acis They are just for the permission ACIs connected to the target groups. I do not think this is the right approach. The prefix is need but it should be automatically added if you use this interface. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 041 Add example of DNS SRV record and a simple validator
Jakub Hrozek jhro...@redhat.com wrote: On 01/26/2011 03:38 PM, Jakub Hrozek wrote: https://fedorahosted.org/freeipa/ticket/846 This version contains a better example (consistent zone name). ack Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 017 ACI plugin supports prefixes
On Wed, 2011-01-26 at 10:20 -0500, Dmitri Pal wrote: I took a quick look. Rob, I thought that there are different APIs for self and delegation. Is this is the case? ipa permission-... functions should never deal with self service or delegation acis They are just for the permission ACIs connected to the target groups. I do not think this is the right approach. The prefix is need but it should be automatically added if you use this interface. Well, this patch ensures that permission-* functions will not deal with selfservice od delegation ACIs. Each of these plugins has its own prefix (e.g. permission: or delegation:) which is added to the underlying ACI name. Because of this, the Permission, Selfservice and Delegation plugins work only with ACIs with their prefix. Prefix is not visible for user, it is passed to ACI functions automatically by Permission, Delegation and Selfservice plugins. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 017 ACI plugin supports prefixes
Martin Kosek wrote: On Wed, 2011-01-26 at 10:20 -0500, Dmitri Pal wrote: I took a quick look. Rob, I thought that there are different APIs for self and delegation. Is this is the case? ipa permission-... functions should never deal with self service or delegation acis They are just for the permission ACIs connected to the target groups. I do not think this is the right approach. The prefix is need but it should be automatically added if you use this interface. Well, this patch ensures that permission-* functions will not deal with selfservice od delegation ACIs. Each of these plugins has its own prefix (e.g. permission: or delegation:) which is added to the underlying ACI name. Because of this, the Permission, Selfservice and Delegation plugins work only with ACIs with their prefix. Prefix is not visible for user, it is passed to ACI functions automatically by Permission, Delegation and Selfservice plugins. Add an entirely new kind of record to IPA that isn't covered by any of the --type options, creating a permission: - ipa permission-add --permissions=add --subtree=cn=*,cn=orange,cn=accounts,dc=example,dc=com --desc=Add Orange Entries add_orange + ipa permission-add --permissions=add --subtree=cn=*,cn=orange,cn=accounts,dc=example,dc=com --desc=Add Orange Entries --prefix=none add_orange This change exposes the prefix on the command line which means you can manage ACIs with different prefixes. Do i misread it? Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 017 ACI plugin supports prefixes
On Wed, 2011-01-26 at 10:36 -0500, Dmitri Pal wrote: Martin Kosek wrote: On Wed, 2011-01-26 at 10:20 -0500, Dmitri Pal wrote: I took a quick look. Rob, I thought that there are different APIs for self and delegation. Is this is the case? ipa permission-... functions should never deal with self service or delegation acis They are just for the permission ACIs connected to the target groups. I do not think this is the right approach. The prefix is need but it should be automatically added if you use this interface. Well, this patch ensures that permission-* functions will not deal with selfservice od delegation ACIs. Each of these plugins has its own prefix (e.g. permission: or delegation:) which is added to the underlying ACI name. Because of this, the Permission, Selfservice and Delegation plugins work only with ACIs with their prefix. Prefix is not visible for user, it is passed to ACI functions automatically by Permission, Delegation and Selfservice plugins. Add an entirely new kind of record to IPA that isn't covered by any of the --type options, creating a permission: - ipa permission-add --permissions=add --subtree=cn=*,cn=orange,cn=accounts,dc=example,dc=com --desc=Add Orange Entries add_orange + ipa permission-add --permissions=add --subtree=cn=*,cn=orange,cn=accounts,dc=example,dc=com --desc=Add Orange Entries --prefix=none add_orange This change exposes the prefix on the command line which means you can manage ACIs with different prefixes. Do i misread it? In the patch, the --prefix option is allowed only for ACI plugin, which is hidden to user. This option shouldn't be allowed for permission, delegation or selfservice plugins: $ ipa permission-add --permissions=add --subtree=cn=*,cn=orange,cn=accounts,dc=example,dc=com --desc=Add Orange Entries --prefix=none add_orange Usage: ipa [global-options] permission-add NAME [options] ipa: error: no such option: --prefix When these plugins access ACI they fill --prefix attribute automatically (search for ACI_PREFIX constant in the patch). Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] Opinions on Interface Layout for FreeIPA
Ben, thanks for the Feedback. I've taken the liberty of adding it to our mailing list so we can hqve an open discussion. If you are interested, please subscribe. On 01/25/2011 05:25 PM, JR Aquino wrote: On 1/25/11 2:22 PM, Ben Hamiltonben.hamil...@citrix.com wrote: Looks like a pretty straight forward interface. When clicking on a host group I expect to see host members. I get the need to look at the config also. Perhaps the description can be made (or an icon can be added) to take the user directly to the list of hosts rather than hiding it under another click. That is a general pattern that we've identified on several of the entities, and something we're thinking about incorporating in the future. For example, one open ticket is : Put DNS records on the default page clicked off of search https://fedorahosted.org/freeipa/ticket/592. I'd say the general concept is: if an entity is mostly used as a container, put the managed elements on the page you go to from search. We've had discussions on this, and we are choosing between a couple of approaches. The enrollment tabs for group membership (hosts and people) should leverage drag and drop rather than checkboxes and the assignment buttons, it's not just a nice to have - it's expected behavior. Interesting thought. Drag and Drop on the Web is tricky, as most browsers now support some aspect of dragging Icons around. Personally, I've been reluctant to use drag and drop for web apps, as people seem to have been trained no to do so. We'll keep this in mind, though. It isn't a case of being difficult to implement, but harder to get it right. Naturally the FreeIPA icon, color scheme and font faces should all be customized through an icon upload and config screen and/or css. Everything is themed through CSS. You can see it here: http://admiyo.fedorapeople.org/ipa/ui/ipa.css. We are using some aligned images to make the Tabs structure work clearly, and this would make customization a little tricky. We've had some discussions on customization, with look and feel being just one of the topics. Is there any direction to take the arbitrary ipaserver tab and incorporate it into the identity tab? After all, membership and authorization a natural extension of who someone is (identity and authorization). If not then renaming the tab to indicate what someone might be able to do with it would be a good idea. We were trying to separate out the management of entities in the organization from the access control for the server itself. Thus, the three tabs for Server Access control mechanisms were set next to the server config tab. However, your point is well taken, and we'll think about the Taxonomy. If I had to venture guess, I'd say that we could collapse the server tab into the policy tab...and possibly move DNS into the Identity Tab. Ben -Original Message- From: JR Aquino Sent: Tuesday, January 25, 2011 2:08 PM To: Opsec Cc: sysadmin (email) Subject: Opinions on Interface Layout for FreeIPA http://admiyo.fedorapeople.org/ipa/ui/ I have been asked to direct people to the static test page for FreeIPA to get feedback regarding its layout and design. Please let me know what you think, what doesn't make sense or looks ugly, etc... I'll be forwarding the comments back to the web developers. Thanks!!! -JR ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 041 Add example of DNS SRV record and a simple validator
Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/26/2011 03:38 PM, Jakub Hrozek wrote: https://fedorahosted.org/freeipa/ticket/846 This version contains a better example (consistent zone name). This requires a change to API.txt too, otherwise the patch looks good. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 017 ACI plugin supports prefixes
On Wed, 2011-01-26 at 10:56 -0500, Rob Crittenden wrote: Dmitri Pal wrote: Martin Kosek wrote: On Wed, 2011-01-26 at 10:20 -0500, Dmitri Pal wrote: I took a quick look. Rob, I thought that there are different APIs for self and delegation. Is this is the case? ipa permission-... functions should never deal with self service or delegation acis They are just for the permission ACIs connected to the target groups. I do not think this is the right approach. The prefix is need but it should be automatically added if you use this interface. Well, this patch ensures that permission-* functions will not deal with selfservice od delegation ACIs. Each of these plugins has its own prefix (e.g. permission: or delegation:) which is added to the underlying ACI name. Because of this, the Permission, Selfservice and Delegation plugins work only with ACIs with their prefix. Prefix is not visible for user, it is passed to ACI functions automatically by Permission, Delegation and Selfservice plugins. Add an entirely new kind of record to IPA that isn't covered by any of the --type options, creating a permission: - ipa permission-add --permissions=add --subtree=cn=*,cn=orange,cn=accounts,dc=example,dc=com --desc=Add Orange Entries add_orange + ipa permission-add --permissions=add --subtree=cn=*,cn=orange,cn=accounts,dc=example,dc=com --desc=Add Orange Entries --prefix=none add_orange This change exposes the prefix on the command line which means you can manage ACIs with different prefixes. Do i misread it? The help changes are unneeded. The prefix is not configurable by the user. rob Ah, now I see the source of confusion. My bad. I fixed help in ACI plugin (even though this plugin is not visible for CLI). There were examples for using aci-add command and I wanted to add a new mandatory parameter here, so that user is not prompted for it. Unfortunately, I didn't notice there was one permission-add example - --prefix attribute is not valid for this command. A patch #2 with fixed permission-add example + rebase to current master is attached. Martin From 2cc286d32f4fa63ac584851a9dc1834eb9fe0c19 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Fri, 21 Jan 2011 09:20:01 +0100 Subject: [PATCH] ACI plugin supports prefixes When more than one plugin produce ACIs, they share common namespace of ACI name. This may lead to name collisions between the ACIs from different plugins. This patch introduces a mandatory prefix attribute for non-find ACI operations which allow plugins to use their own prefixes (i.e. namespaces) which is then used when a name of the ACI is generated. Permission, Delegation and Selfservice plugins has been updated to use their own prefixes thus avoiding name collisions by using their own namespaces. Default ACIs in LDIFs has been updated to follow this new policy. Permission plugin now uses its CN (=primary key) instead of description in ACI names as Description may not be unique. This change requires an IPA server reinstall since the default ACI set has been changed. https://fedorahosted.org/freeipa/ticket/764 --- install/share/default-aci.ldif |2 +- install/share/delegation.ldif | 88 ++-- install/share/replica-acis.ldif |6 +- ipalib/plugins/aci.py | 95 ++ ipalib/plugins/delegation.py|9 +++- ipalib/plugins/permission.py| 55 +- ipalib/plugins/selfservice.py | 16 ++- 7 files changed, 179 insertions(+), 92 deletions(-) diff --git a/install/share/default-aci.ldif b/install/share/default-aci.ldif index 945b0bb316b0c54cf8f1da066ea6ad6ec865c3d6..8b00f46097bdaaa8c44e9603bb93b0552b34f816 100644 --- a/install/share/default-aci.ldif +++ b/install/share/default-aci.ldif @@ -6,7 +6,7 @@ add: aci aci: (targetattr != userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey)(version 3.0; acl Enable Anonymous access; allow (read, search, compare) userdn = ldap:///anyone;;) aci: (targetattr = memberOf || memberHost || memberUser)(version 3.0; acl No anonymous access to member information; deny (read,search,compare) userdn != ldap:///all;;) aci: (targetattr != userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || krbPrincipalName || krbCanonicalName || krbUPEnabled || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount || krbTicketFlags || ipaUniqueId || memberOf || serverHostName || enrolledBy)(version 3.0; acl Admin can manage any entry; allow (all) groupdn = ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX;;) -aci: (targetattr = userpassword || krbprincipalkey
Re: [Freeipa-devel] [PATCH] Raise ValidationError when adding unallowed attribute to search fields.
Jan Zelený wrote: Pavel Zunapz...@redhat.com wrote: Depends on my previous patch number 64 (posted on the list 2 minutes ago). Ticket #845 Pavel ack Jan pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] admiyo-0166-declarative-for-aci
Fixes https://fedorahosted.org/freeipa/ticket/772 Depends on freeipa-admiyo-0154-1-declarative-defintions.patch From a2bc445f1390aabb971230c04e0b48c39cb19725 Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Wed, 26 Jan 2011 13:46:49 -0500 Subject: [PATCH] declarative for aci A couple of the ACI definitions were incorrect, and the end result was that fields were not getting initialized. USing the declarative approach cleaned up the cause. Also fixed a few broken unit tests --- install/ui/aci.js | 340 ++- install/ui/serverconfig.js | 34 ++-- install/ui/test/details_tests.js|6 +- install/ui/test/entity_tests.js | 11 +- install/ui/test/navigation_tests.js | 10 +- 5 files changed, 121 insertions(+), 280 deletions(-) diff --git a/install/ui/aci.js b/install/ui/aci.js index 4e975d85528563f1e3888155235d42205aef7d09..91be59acc210aa7e305bdbd693934ff6e1602f37 100644 --- a/install/ui/aci.js +++ b/install/ui/aci.js @@ -458,9 +458,6 @@ IPA.target_section = function () { appendTo(dl); } - - - that.create = function(container) { var dl = $('dl class=entryattrs/').appendTo(container); @@ -565,111 +562,35 @@ IPA.target_section = function () { IPA.entity_factories.permission = function () { -var that = IPA.entity({ +return IPA.entity({ 'name': 'permission' -}); - -that.init = function() { - -var dialog = IPA.permission_add_dialog({ +}).add_dialog( +IPA.add_dialog({ name: 'add', -title: 'Add New Permission', -entity_name: 'permission' -}); -that.add_dialog(dialog); -dialog.init(); - -var facet = IPA.permission_search_facet({ -name: 'search', -label: 'Search' -}); -that.add_facet(facet); - -facet = IPA.permission_details_facet(); -that.add_facet(facet); - -that.entity_init(); -}; - -return that; -}; - - - -IPA.permission_add_dialog = function (spec) { - -spec = spec || {}; - -var that = IPA.add_dialog(spec); - -that.init = function() { - -that.add_field(IPA.text_widget({ -name: 'cn', -undo: false -})); - -that.add_field(IPA.text_widget({ -name: 'description', -undo: false -})); - -that.add_field(IPA.rights_widget({name:'permissions'})); -that.add_field(IPA.hidden_widget({name:'filter','value':'objectClass=changethisvalue'})); -that.add_dialog_init(); -}; - - -return that; -}; - - -IPA.permission_search_facet = function (spec) { - -spec = spec || {}; -var that = IPA.search_facet(spec); -that.init = function() { -that.create_column({name:'cn'}); -that.create_column({name:'description'}); -that.search_facet_init(); -}; -return that; -}; - - -IPA.permission_details_facet = function () { - -var spec = { -name: 'details' -}; -var that = IPA.details_facet(spec); - -that.init = function() { - -var section = that.add_section(IPA.details_list_section({ -name:'identity',label:'Identity' })); -section.create_field({ name: 'cn', 'read_only': true }); -section.create_field({ name: 'description'}); - -that.rights_section = IPA.rights_section(); -that.add_section(that.rights_section); - -that.target_section = IPA.target_section(); - -that.add_section(that.target_section); -that.details_facet_init(); -}; - -that.superior_load = that.load; - -that.load = function(result) { -that.superior_load(result); -}; - -that.superior_update = that.update; -that.update = function(on_win, on_fail){ -that.superior_update(on_win, on_fail); -}; +title: 'Add New Permission' +}). +field(IPA.text_widget({ +name: 'cn', +undo: false +})). +field(IPA.text_widget({ +name: 'description', +undo: false +})). +field(IPA.rights_widget({name:'permissions'})). +field(IPA.hidden_widget( +{name:'filter','value':'objectClass=changethisvalue'}))). +facet(IPA.search_facet(). + column({name:'cn'}). + column({name:'description'})). +facet(IPA.details_facet({ name: 'details' }). + section( + IPA.stanza({ +name:'identity',label:'Identity' }). + input({ name: 'cn', 'read_only': true }). + input({ name: 'description'})). + section(IPA.rights_section()). + section(IPA.target_section())); return that; }; @@ -718,155 +639,88 @@ IPA.entity_factories.privilege = function() { IPA.entity_factories.role =
[Freeipa-devel] [PATCH] admiyo-0167-adding-label-for-RBAC
Role Based Access control is supposed to be spelled out in the tabs. An earlier patch also broke the Title for the RBAC Action Panel. This fixes both. Depends on all my previous patches From a8c29b2aebfccb9cf3f09a682d04f4dafd2dec95 Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Wed, 26 Jan 2011 14:24:41 -0500 Subject: [PATCH] adding label for RBAC --- install/ui/test/data/ipa_init.json | 55 install/ui/webui.js|3 +- ipalib/plugins/internal.py |3 +- 3 files changed, 41 insertions(+), 20 deletions(-) diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json index 8fe28684d2640fb74f53b95d8c098624ac4e4f62..a4b9a0f79d6fda0b9f1edad5b79f333602bbb3b9 100644 --- a/install/ui/test/data/ipa_init.json +++ b/install/ui/test/data/ipa_init.json @@ -4544,7 +4544,7 @@ type: tuple }, { -alwaysask: true, +alwaysask: false, attribute: false, autofill: false, class: List, @@ -4553,7 +4553,10 @@ default: null, doc: Comma-separated list of attributes, exclude: null, -flags: [], +flags: [ +ask_create, +ask_update +], hint: null, include: null, label: Attributes, @@ -4567,7 +4570,7 @@ type: tuple }, { -alwaysask: true, +alwaysask: false, attribute: false, autofill: false, class: StrEnum, @@ -4576,7 +4579,10 @@ default: null, doc: Type of IPA object (user, group, host, hostgroup, service, netgroup, dns), exclude: null, -flags: [], +flags: [ +ask_create, +ask_update +], hint: null, include: null, label: Type, @@ -4597,7 +4603,7 @@ ] }, { -alwaysask: true, +alwaysask: false, attribute: false, autofill: false, class: Str, @@ -4606,7 +4612,10 @@ default: null, doc: Target members of a group, exclude: null, -flags: [], +flags: [ +ask_create, +ask_update +], hint: null, include: null, label: Member of group, @@ -4623,7 +4632,7 @@ type: unicode }, { -alwaysask: true, +alwaysask: false, attribute: false, autofill: false, class: Str, @@ -4632,7 +4641,10 @@ default: null, doc: Legal LDAP filter (e.g. ou=Engineering), exclude: null, -flags: [], +flags: [ +ask_create, +ask_update +], hint: null, include: null, label: Filter, @@ -4649,7 +4661,7 @@ type: unicode }, { -alwaysask: true, +alwaysask: false, attribute: false, autofill: false,
Re: [Freeipa-devel] [PATCH] 039 Delete the whole DNS record with no parameters
On Mon, 2011-01-24 at 15:51 +0100, Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/21/2011 05:54 PM, Rob Crittenden wrote: Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/20/2011 11:53 PM, Simo Sorce wrote: On Thu, 20 Jan 2011 17:27:37 -0500 Dmitri Pald...@redhat.com wrote: Michael Gregg wrote: Jakub Hrozek wrote: Hi, as discussed in https://bugzilla.redhat.com/show_bug.cgi?id=671019 to delete a DNS RR one has to remove its record types one by one. This patch modifies the behaviour so that if the user runs dnsrecord-delzone record-name with no other parameters, the whole record is removed. Alternative solutions might be to expose the internal command that is able to delete the record (although I think it is counterintuitive to have one command to remove record types and one for the whole record) or have a special flag (--del-all?) to remove the whole record. The patch also fixes the unit tests as they didn't reflect all the recent changes. Going with this patch sounds good, but to make sure, I polled several people here, and they all seemed to think that having to add a --del-all or --del-record flag at the end would be better as it would be less prone to failure where admins would accidentally delete a entire record because they didn't specify anything after the zone record So, maybe we do need a --del-all or --del-record operator. Agree. +1 Someone may simply push enter accidentally while checking what to write after the command. It would be rather unfortunate. Simo. Attached is a new version of the patch that implements --del-all. It also reports failure when deleting a nonexistent RR (new ticket 829). nack, this isn't working properly for me. Here is how I tested: - add a new zone, newzone1 - ipa dnsrecord-add newzone1 as --a-rec 3.4.5.6 - ipa dnsrecord-add newzone1 as Record name: as A record: 3.4.5.6 - ipa dnsrecord-show newzone1 as Record name: as A record: 3.4.5.6 - ipa dnsrecord-del newzone1 as --del-all [ no output ] - ipa dnsrecord-show newzone1 as ipa: ERROR: as: DNS resource record not found So a couple of problems: 1. An error should have been thrown when I tried a delete without a specific record type. I agree but I was reluctant to do this because it was perfectly OK to call dnsrecord-add with no options. That would create an empty DNS record. The interface was orthogonal so dnsrecord-del with no options would remove the record if it was empty. But I don't think an empty DNS record makes any sense. I changed the behaviour such that: * dnsrecord-add with no attributes is no longer allowed. You have to specify at least one RR type. Apparently this is not effective, I was able to add an empty DNS record. * dnsrecord-del with no attributes is no longer allowed. You have to either specify a RR type or --del-all. This one tested right. 2. Some output should be displayed when I delete all records, at least a summary. Agreed and fixed. This also checks out. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 691 add --hostname option to ipa-client-install
On Mon, 2011-01-24 at 17:35 -0500, Rob Crittenden wrote: Let the installer override the detected hostname value with the --hostname flag. This is likely to lead to a non-working installation so let the buyer beware. ticket 834 Works as expected. Ack and pushed to master. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] admiyo-0168-target-style-cleanup
Does not depend on any previous patches. From 106b8f90f482c86b491af710296129b354b56597 Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Wed, 26 Jan 2011 16:11:22 -0500 Subject: [PATCH] target style cleanup Target section had radio buttonsreversed, and a few other style changes --- install/ui/aci.js | 26 +-- install/ui/ipa.css | 119 2 files changed, 94 insertions(+), 51 deletions(-) diff --git a/install/ui/aci.js b/install/ui/aci.js index 91be59acc210aa7e305bdbd693934ff6e1602f37..3846789ae6ac7d2d94bc56bb7d879fa01c9f882a 100644 --- a/install/ui/aci.js +++ b/install/ui/aci.js @@ -53,10 +53,11 @@ IPA.attribute_table_widget= function (spec){ var that = IPA.widget(spec); var object_type = spec.objecttype || 'user'; var table; +var dd_class = other; that.create = function(container){ -var dd = $('dd/').appendTo(container); +var dd = $('dd/',{class:dd_class}).appendTo(container); table = $('table/',{ id:id, 'class':'search-table aci-attribute-table'}). @@ -323,14 +324,14 @@ IPA.target_section = function () { function display_filter_target(dl){ $(dt/). -append($(label/,{ -text: Filter })). append($('input/',{ type:radio, name:type, checked:true, id:aci_by_filter })). +append($(label/,{ +text: Filter })). appendTo(dl); $('dd/',{ @@ -347,13 +348,13 @@ IPA.target_section = function () { function display_type_target(dl){ $(dt/). -append($(label/,{ -text: Object By Type })). append($('input/',{ type:radio, name:type, checked:true, id:aci_by_type })). +append($(label/,{ +text: Object By Type })). appendTo(dl); var dd = $('dd/',{ @@ -375,8 +376,6 @@ IPA.target_section = function () { text: type_params.values[pc] })); } -dd = $('dd /',{ -class:aci_by_type other}).appendTo(dl); var attribute_table = IPA.attribute_table_widget( {name:'aci_attributes_table',object_type:'user'}); @@ -388,11 +387,11 @@ IPA.target_section = function () { function display_query_target(dl){ $('dt/'). -append($('label /',{ html: 'By Subtree'} )). append($('input /',{ type:radio, name:type, id:aci_by_query })). +append($('label /',{ html: 'By Subtree'} )). appendTo(dl); $(dd/,{ @@ -427,12 +426,12 @@ IPA.target_section = function () { function display_group_target(dl){ $('dt/' ). +append($('input /',{ +type:radio, +name:type, +id:aci_by_group })). append($('label /',{ html: 'Target Group'} )). -append($('input /',{ -type:radio, -name:type, -id:aci_by_group })). appendTo(dl); that.group_filter = $('input/',{ @@ -459,8 +458,7 @@ IPA.target_section = function () { } that.create = function(container) { -var dl = $('dl class=entryattrs/').appendTo(container); - +var dl = $('dl class=aci-target/').appendTo(container); display_filter_target(dl); display_query_target(dl); display_group_target(dl); diff --git a/install/ui/ipa.css b/install/ui/ipa.css index 67fa0338f8ba549f29ab00a55abd26ac6af86864..7938f8a23c0d8fe408c7c909d347933f35c7b421 100644 --- a/install/ui/ipa.css +++ b/install/ui/ipa.css @@ -13,7 +13,7 @@ body{ background-image:url(outer-bg.png); -background-repeat:repeat-x; +background-repeat:repeat-x; background-position:left top; background-color:#ededed; border-width: 0; @@ -98,7 +98,7 @@ div.tabs { width: 100%; height: 100%; min-height: 40em; - background: url(centered-bg.png) no-repeat scroll 0 8.4em transparent; +background: url(centered-bg.png) no-repeat scroll 0 8.4em transparent; } div#content { @@ -148,11 +148,11 @@ h1 { .entity-container h1{ -moz-border-radius: 0.5em 0.5em 0 0; - background: -moz-linear-gradient(center top , #EE, #DFDFDF) repeat scroll 0 0 transparent; - margin-top: 1.5em; - padding: 0.5em 0.9em; - position: relative; - width: 40.5em; +background: -moz-linear-gradient(center top , #EE, #DFDFDF) repeat scroll 0 0 transparent; +margin-top: 1.5em; +padding: 0.5em 0.9em; +position: relative; +width: 40.5em; } h2 { @@ -224,7 +224,7 @@ dl.entryattrs dd { dl.entryattrs dd.first { margin-left: 0; margin-top: 0.5em; -
Re: [Freeipa-devel] [PATCH] admiyo-0166-declarative-for-aci
ACK - Original Message - Fixes https://fedorahosted.org/freeipa/ticket/772 Depends on freeipa-admiyo-0154-1-declarative-defintions.patch ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel From a2bc445f1390aabb971230c04e0b48c39cb19725 Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Wed, 26 Jan 2011 13:46:49 -0500 Subject: [PATCH] declarative for aci A couple of the ACI definitions were incorrect, and the end result was that fields were not getting initialized. USing the declarative approach cleaned up the cause. Also fixed a few broken unit tests --- install/ui/aci.js | 340 ++- install/ui/serverconfig.js | 34 ++-- install/ui/test/details_tests.js|6 +- install/ui/test/entity_tests.js | 11 +- install/ui/test/navigation_tests.js | 10 +- 5 files changed, 121 insertions(+), 280 deletions(-) diff --git a/install/ui/aci.js b/install/ui/aci.js index 4e975d85528563f1e3888155235d42205aef7d09..91be59acc210aa7e305bdbd693934ff6e1602f37 100644 --- a/install/ui/aci.js +++ b/install/ui/aci.js @@ -458,9 +458,6 @@ IPA.target_section = function () { appendTo(dl); } - - - that.create = function(container) { var dl = $('dl class=entryattrs/').appendTo(container); @@ -565,111 +562,35 @@ IPA.target_section = function () { IPA.entity_factories.permission = function () { -var that = IPA.entity({ +return IPA.entity({ 'name': 'permission' -}); - -that.init = function() { - -var dialog = IPA.permission_add_dialog({ +}).add_dialog( +IPA.add_dialog({ name: 'add', -title: 'Add New Permission', -entity_name: 'permission' -}); -that.add_dialog(dialog); -dialog.init(); - -var facet = IPA.permission_search_facet({ -name: 'search', -label: 'Search' -}); -that.add_facet(facet); - -facet = IPA.permission_details_facet(); -that.add_facet(facet); - -that.entity_init(); -}; - -return that; -}; - - - -IPA.permission_add_dialog = function (spec) { - -spec = spec || {}; - -var that = IPA.add_dialog(spec); - -that.init = function() { - -that.add_field(IPA.text_widget({ -name: 'cn', -undo: false -})); - -that.add_field(IPA.text_widget({ -name: 'description', -undo: false -})); - -that.add_field(IPA.rights_widget({name:'permissions'})); -that.add_field(IPA.hidden_widget({name:'filter','value':'objectClass=changethisvalue'})); -that.add_dialog_init(); -}; - - -return that; -}; - - -IPA.permission_search_facet = function (spec) { - -spec = spec || {}; -var that = IPA.search_facet(spec); -that.init = function() { -that.create_column({name:'cn'}); -that.create_column({name:'description'}); -that.search_facet_init(); -}; -return that; -}; - - -IPA.permission_details_facet = function () { - -var spec = { -name: 'details' -}; -var that = IPA.details_facet(spec); - -that.init = function() { - -var section = that.add_section(IPA.details_list_section({ -name:'identity',label:'Identity' })); -section.create_field({ name: 'cn', 'read_only': true }); -section.create_field({ name: 'description'}); - -that.rights_section = IPA.rights_section(); -that.add_section(that.rights_section); - -that.target_section = IPA.target_section(); - -that.add_section(that.target_section); -that.details_facet_init(); -}; - -that.superior_load = that.load; - -that.load = function(result) { -that.superior_load(result); -}; - -that.superior_update = that.update; -that.update = function(on_win, on_fail){ -that.superior_update(on_win, on_fail); -}; +title: 'Add New Permission' +}). +field(IPA.text_widget({ +name: 'cn', +undo: false +})). +field(IPA.text_widget({ +name: 'description', +undo: false +})). +field(IPA.rights_widget({name:'permissions'})). +field(IPA.hidden_widget( +{name:'filter','value':'objectClass=changethisvalue'}))). +facet(IPA.search_facet(). + column({name:'cn'}). + column({name:'description'})). +facet(IPA.details_facet({ name: 'details' }). + section( + IPA.stanza({ +name:'identity',label:'Identity' }). + input({ name: 'cn', 'read_only': true }). + input({ name: 'description'})). +
Re: [Freeipa-devel] [PATCH] admiyo-0168-target-style-cleanup
ACK - Original Message - Does not depend on any previous patches. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel From 106b8f90f482c86b491af710296129b354b56597 Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Wed, 26 Jan 2011 16:11:22 -0500 Subject: [PATCH] target style cleanup Target section had radio buttonsreversed, and a few other style changes --- install/ui/aci.js | 26 +-- install/ui/ipa.css | 119 2 files changed, 94 insertions(+), 51 deletions(-) diff --git a/install/ui/aci.js b/install/ui/aci.js index 91be59acc210aa7e305bdbd693934ff6e1602f37..3846789ae6ac7d2d94bc56bb7d879fa01c9f882a 100644 --- a/install/ui/aci.js +++ b/install/ui/aci.js @@ -53,10 +53,11 @@ IPA.attribute_table_widget= function (spec){ var that = IPA.widget(spec); var object_type = spec.objecttype || 'user'; var table; +var dd_class = other; that.create = function(container){ -var dd = $('dd/').appendTo(container); +var dd = $('dd/',{class:dd_class}).appendTo(container); table = $('table/',{ id:id, 'class':'search-table aci-attribute-table'}). @@ -323,14 +324,14 @@ IPA.target_section = function () { function display_filter_target(dl){ $(dt/). -append($(label/,{ -text: Filter })). append($('input/',{ type:radio, name:type, checked:true, id:aci_by_filter })). +append($(label/,{ +text: Filter })). appendTo(dl); $('dd/',{ @@ -347,13 +348,13 @@ IPA.target_section = function () { function display_type_target(dl){ $(dt/). -append($(label/,{ -text: Object By Type })). append($('input/',{ type:radio, name:type, checked:true, id:aci_by_type })). +append($(label/,{ +text: Object By Type })). appendTo(dl); var dd = $('dd/',{ @@ -375,8 +376,6 @@ IPA.target_section = function () { text: type_params.values[pc] })); } -dd = $('dd /',{ -class:aci_by_type other}).appendTo(dl); var attribute_table = IPA.attribute_table_widget( {name:'aci_attributes_table',object_type:'user'}); @@ -388,11 +387,11 @@ IPA.target_section = function () { function display_query_target(dl){ $('dt/'). -append($('label /',{ html: 'By Subtree'} )). append($('input /',{ type:radio, name:type, id:aci_by_query })). +append($('label /',{ html: 'By Subtree'} )). appendTo(dl); $(dd/,{ @@ -427,12 +426,12 @@ IPA.target_section = function () { function display_group_target(dl){ $('dt/' ). +append($('input /',{ +type:radio, +name:type, +id:aci_by_group })). append($('label /',{ html: 'Target Group'} )). -append($('input /',{ -type:radio, -name:type, -id:aci_by_group })). appendTo(dl); that.group_filter = $('input/',{ @@ -459,8 +458,7 @@ IPA.target_section = function () { } that.create = function(container) { -var dl = $('dl class=entryattrs/').appendTo(container); - +var dl = $('dl class=aci-target/').appendTo(container); display_filter_target(dl); display_query_target(dl); display_group_target(dl); diff --git a/install/ui/ipa.css b/install/ui/ipa.css index 67fa0338f8ba549f29ab00a55abd26ac6af86864..7938f8a23c0d8fe408c7c909d347933f35c7b421 100644 --- a/install/ui/ipa.css +++ b/install/ui/ipa.css @@ -13,7 +13,7 @@ body{ background-image:url(outer-bg.png); -background-repeat:repeat-x; +background-repeat:repeat-x; background-position:left top; background-color:#ededed; border-width: 0; @@ -98,7 +98,7 @@ div.tabs { width: 100%; height: 100%; min-height: 40em; - background: url(centered-bg.png) no-repeat scroll 0 8.4em transparent; +background: url(centered-bg.png) no-repeat scroll 0 8.4em transparent; } div#content { @@ -148,11 +148,11 @@ h1 { .entity-container h1{ -moz-border-radius: 0.5em 0.5em 0 0; - background: -moz-linear-gradient(center top , #EE, #DFDFDF) repeat scroll 0 0 transparent; - margin-top: 1.5em; - padding: 0.5em 0.9em; - position: relative; - width: 40.5em; +background: -moz-linear-gradient(center top , #EE, #DFDFDF) repeat scroll 0 0 transparent; +margin-top: 1.5em; +padding:
Re: [Freeipa-devel] [PATCH] admiyo-0166-declarative-for-aci
On 01/26/2011 04:14 PM, Kyle Baker wrote: ACK - Original Message - Fixes https://fedorahosted.org/freeipa/ticket/772 Depends on freeipa-admiyo-0154-1-declarative-defintions.patch ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Hold on that...this requires edewata to sign off on. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0168-target-style-cleanup
On 01/26/2011 04:14 PM, Kyle Baker wrote: ACK - Original Message - Does not depend on any previous patches. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Check field's validity before executing add
On 01/24/2011 01:11 PM, Adam Young wrote: On 01/22/2011 07:49 PM, Endi Sukma Dewata wrote: This should fix this bug: https://fedorahosted.org/freeipa/ticket/660 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel NACK: Too many false positives: Try adding a user group. Group name works as designed, others do not allow anything through. Ithink you are not accounting fro null validation. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel With this change it works. ACK and pushed to master From add7d701c688be4d9699034427e5ab1be67a8bac Mon Sep 17 00:00:00 2001 From: Endi S. Dewata edew...@redhat.com Date: Sun, 23 Jan 2011 07:41:10 +0700 Subject: [PATCH] Check field's validity before executing add. --- install/ui/add.js |1 + install/ui/certificate.js | 12 ++-- install/ui/host.js|8 install/ui/service.js |8 install/ui/widget.js | 11 +++ 5 files changed, 22 insertions(+), 18 deletions(-) diff --git a/install/ui/add.js b/install/ui/add.js index 69b1108c31a72b281129624630e0bfb6238f25fe..89527ba23b0a8be77e882e7cb569066f2236e4f6 100644 --- a/install/ui/add.js +++ b/install/ui/add.js @@ -101,6 +101,7 @@ IPA.add_dialog = function (spec) { for (var i=0; ithat.fields.length; i++) { var field = that.fields[i]; +if (!field.valid) return; var value = record[field.name]; if (!value) continue; diff --git a/install/ui/certificate.js b/install/ui/certificate.js index b7e5a51d3e4d6d9f37d4d1c9b23854f68b2ebb48..4f12fc0cc6ff62c5b4b171a957a5ae92a1dcd955 100755 --- a/install/ui/certificate.js +++ b/install/ui/certificate.js @@ -536,9 +536,9 @@ function certificate_status_widget(spec) { that.widget_setup(container); -that.valid = $('div[name=certificate-valid]', that.container); -that.revoked = $('div[name=certificate-revoked]', that.container); -that.missing = $('div[name=certificate-missing]', that.container); +that.status_valid = $('div[name=certificate-valid]', that.container); +that.status_revoked = $('div[name=certificate-revoked]', that.container); +that.status_missing = $('div[name=certificate-missing]', that.container); var button = $('input[name=get]', that.container); that.get_button = IPA.button({ @@ -620,11 +620,11 @@ function certificate_status_widget(spec) { }; function set_status(status, revocation_reason) { -that.valid.css('display', status == CERTIFICATE_STATUS_VALID ? 'inline' : 'none'); -that.missing.css('display', status == CERTIFICATE_STATUS_MISSING ? 'inline' : 'none'); +that.status_valid.css('display', status == CERTIFICATE_STATUS_VALID ? 'inline' : 'none'); +that.status_missing.css('display', status == CERTIFICATE_STATUS_MISSING ? 'inline' : 'none'); if (!that.is_selfsign()) { -that.revoked.css('display', status == CERTIFICATE_STATUS_REVOKED ? 'inline' : 'none'); +that.status_revoked.css('display', status == CERTIFICATE_STATUS_REVOKED ? 'inline' : 'none'); that.revoke_button.css('visibility', status == CERTIFICATE_STATUS_VALID ? 'visible' : 'hidden'); that.revocation_reason.html(revocation_reason == undefined ? '' : CRL_REASON[revocation_reason]); that.restore_button.css('visibility', revocation_reason == 6 ? 'visible' : 'hidden'); diff --git a/install/ui/host.js b/install/ui/host.js index c3851ff75e7baf3c29389f1234d49943d3f3ef26..422c87a7728f9bd19057f8b173d2139fe08c27dc 100644 --- a/install/ui/host.js +++ b/install/ui/host.js @@ -299,8 +299,8 @@ function host_provisioning_status_widget(spec) { that.widget_setup(container); -that.valid = $('div[name=kerberos-key-valid]', that.container); -that.missing = $('div[name=kerberos-key-missing]', that.container); +that.status_valid = $('div[name=kerberos-key-valid]', that.container); +that.status_missing = $('div[name=kerberos-key-missing]', that.container); var button = $('input[name=unprovision]', that.container); that.unprovision_button = IPA.button({ @@ -397,8 +397,8 @@ function host_provisioning_status_widget(spec) { }; function set_status(status) { -that.valid.css('display', status == 'valid' ? 'inline' : 'none'); -that.missing.css('display', status == 'missing' ? 'inline' : 'none'); +that.status_valid.css('display', status == 'valid' ? 'inline' : 'none'); +that.status_missing.css('display', status == 'missing' ? 'inline' : 'none'); } return that; diff --git a/install/ui/service.js b/install/ui/service.js index
[Freeipa-devel] [PATCH] admiyo-0169-reset-target-section
From d4854f684a31d78f9e93f2855c1201a3682eaef4 Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Wed, 26 Jan 2011 16:50:43 -0500 Subject: [PATCH] reset target section target section needed to cache results for use in results moved load logic into reset and load now calls reset --- install/ui/aci.js |9 ++--- 1 files changed, 6 insertions(+), 3 deletions(-) diff --git a/install/ui/aci.js b/install/ui/aci.js index 1cc1611caac78163bc7ae88bc2f03426f91f58be..3bad384a2b80e3842395ba54004b2808928f28cf 100644 --- a/install/ui/aci.js +++ b/install/ui/aci.js @@ -494,6 +494,12 @@ IPA.target_section = function () { }; that.load = function(result) { +that.result = result; +that.reset(); +}; + +that.reset = function() { +var result = that.result; if(result.subtree){ $('#aci_query_text').val(result.subtree); $('#aci_by_query').click(); @@ -524,9 +530,6 @@ IPA.target_section = function () { } }; -that.reset = function() { -}; - that.save = function (record){ var record_type = $(input[name='type']:checked).attr('id'); -- 1.7.3.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 017 ACI plugin supports prefixes
Martin Kosek wrote: On Wed, 2011-01-26 at 10:56 -0500, Rob Crittenden wrote: Dmitri Pal wrote: Martin Kosek wrote: On Wed, 2011-01-26 at 10:20 -0500, Dmitri Pal wrote: I took a quick look. Rob, I thought that there are different APIs for self and delegation. Is this is the case? ipa permission-... functions should never deal with self service or delegation acis They are just for the permission ACIs connected to the target groups. I do not think this is the right approach. The prefix is need but it should be automatically added if you use this interface. Well, this patch ensures that permission-* functions will not deal with selfservice od delegation ACIs. Each of these plugins has its own prefix (e.g. permission: or delegation:) which is added to the underlying ACI name. Because of this, the Permission, Selfservice and Delegation plugins work only with ACIs with their prefix. Prefix is not visible for user, it is passed to ACI functions automatically by Permission, Delegation and Selfservice plugins. Add an entirely new kind of record to IPA that isn't covered by any of the --type options, creating a permission: - ipa permission-add --permissions=add --subtree=cn=*,cn=orange,cn=accounts,dc=example,dc=com --desc=Add Orange Entries add_orange + ipa permission-add --permissions=add --subtree=cn=*,cn=orange,cn=accounts,dc=example,dc=com --desc=Add Orange Entries --prefix=none add_orange This change exposes the prefix on the command line which means you can manage ACIs with different prefixes. Do i misread it? The help changes are unneeded. The prefix is not configurable by the user. rob Ah, now I see the source of confusion. My bad. I fixed help in ACI plugin (even though this plugin is not visible for CLI). There were examples for using aci-add command and I wanted to add a new mandatory parameter here, so that user is not prompted for it. Unfortunately, I didn't notice there was one permission-add example - --prefix attribute is not valid for this command. A patch #2 with fixed permission-add example + rebase to current master is attached. Martin ack, pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 0073 properly handle entryusn on replica
When re-initializing a replica it is better (for clients sake) to always increment entryusn values, so that no change will be missed aby a client querying the server. This patch configures the entryusn plugin to do the right thing. Requires ds 1.2.8 for testing (tested with the alpha in f14 updates-testing repo) Simo. -- Simo Sorce * Red Hat, Inc * New York From f572080e427e9c6d94aef1f3a4a6c4d29549 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Tue, 4 Jan 2011 11:28:20 -0500 Subject: [PATCH 1/3] Address entryusn initialization on replica installation Fixes: https://fedorahosted.org/freeipa/ticket/637 --- install/share/entryusn.ldif |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/install/share/entryusn.ldif b/install/share/entryusn.ldif index 51f9fc6eb5fb7dc070f3e91fe432410d654c8fe1..b77f16ba5092e3f500ddb8d1382681fc2cd9e4de 100644 --- a/install/share/entryusn.ldif +++ b/install/share/entryusn.ldif @@ -3,6 +3,11 @@ changetype: modify replace: nsslapd-entryusn-global nsslapd-entryusn-global: on +dn: cn=config +changetype: modify +replace: nsslapd-entryusn-import-initval +nsslapd-entryusn-import-initval: next + dn: cn=USN,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginenabled -- 1.7.3.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 0075 handle weird values in nolog
When using ipa-replica-manage re-initialize with GSSAPI credentials it turns out that the DN password may be set to None and this can end up in the nolog list. Add a check to skip any non-string object in the log substitution list, so that the code doesn't freak out on None objects. Ticket #856 Simo. -- Simo Sorce * Red Hat, Inc * New York From 70ad80b34b518b82c5dd9334e2db6c653da12649 Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Wed, 26 Jan 2011 17:37:46 -0500 Subject: [PATCH 3/3] Handle nolog list containing None values Fixes: https://fedorahosted.org/freeipa/ticket/856 --- ipapython/ipautil.py |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 88d0836549ebfd87b2251b6491ee7bd2c38a1ab8..7a91dcba0a9bd1e9839daeaf056adf4ab22a5bb5 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -136,6 +136,8 @@ def run(args, stdin=None, raiseonerr=True, # to log. Run through the nolog items. args = ' '.join(args) for value in nolog: +if not isinstance(value, basestring): +continue args = args.replace(value, '') stdout = stdout.replace(value, '') stderr = stderr.replace(value, '') -- 1.7.3.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0162-1-Tab-I18N
On 01/26/2011 09:50 AM, Kyle Baker wrote: ACK Looks good. - Original Message - On 01/25/2011 08:04 PM, Adam Young wrote: Fixes https://fedorahosted.org/freeipa/ticket/849 and https://fedorahosted.org/freeipa/ticket/745 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Third times the charm. This one has the internal.py file with messages in it. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0162-1-Tab-I18N
On Wed, 2011-01-26 at 09:50 -0500, Kyle Baker wrote: ACK Looks good. - Original Message - On 01/25/2011 08:04 PM, Adam Young wrote: Fixes https://fedorahosted.org/freeipa/ticket/849 and https://fedorahosted.org/freeipa/ticket/745 This was pushed to master. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0164-dns-visible-if-enabled.
On 01/26/2011 09:51 AM, Kyle Baker wrote: ACK Looks good. - Original Message - ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0163-dns-container
On 01/26/2011 09:51 AM, Kyle Baker wrote: ACK Looks good. - Original Message - Kyle noticed that the DNS page was off. This fixes it. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0163-dns-container
On Wed, 2011-01-26 at 09:50 -0500, Kyle Baker wrote: ACK Looks good. - Original Message - On 01/25/2011 09:16 PM, Adam Young wrote: Kyle noticed that the DNS page was off. This fixes it. This was pushed to master. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0002-Main-UI-migration-and-html-Style-updates 0003-deleteing-migration-css
On 01/20/2011 04:28 PM, Adam Young wrote: On 01/20/2011 04:22 PM, Kyle Baker wrote: UI Style Changes ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK In general, with a couple minor caveats: This duplicates the Font files and the jquery-ui assets. We can fix that by using relative URLs. I can fix that, squash these two, and push. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel A variation of this was pushed to master as a different patch ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] admiyo-0170-dirty
Depends on 154, 154, 166, 167, 169 From ef45bfffcb067dbcfd93e483ccd2a5aa7049fa2e Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Wed, 26 Jan 2011 20:58:06 -0500 Subject: [PATCH] dirty If a page is dirty, do not allow additional navigation until changes are saved or committed https://fedorahosted.org/freeipa/ticket/726 --- install/ui/details.js | 42 ++- install/ui/entity.js |8 +- install/ui/ipa.js | 36 ++ install/ui/navigation.js |9 ++- install/ui/test/data/ipa_init.json |3 +- install/ui/webui.js| 16 + install/ui/widget.js | 36 ++ ipalib/plugins/internal.py |3 +- 8 files changed, 130 insertions(+), 23 deletions(-) diff --git a/install/ui/details.js b/install/ui/details.js index 84a5c4098d0e0eef4bfa75517eac59665d3e4d93..c9e78bdef01c011ecf000e5e22373f258e8aa69a 100644 --- a/install/ui/details.js +++ b/install/ui/details.js @@ -49,6 +49,16 @@ IPA.details_field = function (spec) { that.record = record; that.values = record[that.name]; that.reset(); + +var param_info = IPA.get_param_info(that.entity_name, that.name); +if (param_info) { +if (param_info['primary_key']) { +that.read_only = true; +} +if ('no_update' in param_info['flags']) { +that.read_only = true; +} +} } that.update = function() { @@ -129,7 +139,10 @@ IPA.details_field = function (spec) { var label = $('label/', { html:value.toString() }); -if (!IPA.is_field_writable(rights)) return label; +if (!IPA.is_field_writable(rights)) { +that.read_only = true; +return label; +} var param_info = IPA.get_param_info(that.entity_name, that.name); if (param_info) { @@ -191,6 +204,7 @@ IPA.details_field = function (spec) { }).appendTo(span) ; if (!IPA.is_field_writable(rights)) { +that.read_only = true; input.attr('disabled', 'disabled'); } @@ -383,6 +397,16 @@ IPA.details_section = function (spec){ } }; +that.is_dirty = function(){ +for (var i=0; ithat.fields.length; i++) { +var field = that.fields[i]; +if (field.is_dirty()){ +return true; +} +} +return false; +} + // methods that should be invoked by subclasses that.section_init = that.init; that.section_create = that.create; @@ -653,10 +677,24 @@ IPA.details_facet = function (spec) { } } -function is_dirty() { +function new_key(){ var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || ''; return pkey != that.pkey; } +that.new_key = new_key; + + +function is_dirty() { + +var i; +for ( i =0; ithat.sections.length; i +=1 ){ +if (that.sections[i].is_dirty()){ +return true; +} +} + +return false; +} function load(record) { that.record = record; diff --git a/install/ui/entity.js b/install/ui/entity.js index 8d39b8e79857a63f4cbbee44bbba1a1f03597259..990d2eb7420b100c8828017327ef4fec0c72f16e 100644 --- a/install/ui/entity.js +++ b/install/ui/entity.js @@ -63,6 +63,10 @@ IPA.facet = function (spec) { function load() { } +that.is_dirty = function (){ +return false; +} + that.get_client_area = function() { return $('.client', that.container); }; @@ -371,6 +375,7 @@ IPA.entity_setup = function (container) { var entity = this; +IPA.current_entity = this; var facet_name = IPA.current_facet(entity); @@ -379,8 +384,7 @@ IPA.entity_setup = function (container) { if (IPA.entity_name == entity.name) { if (entity.facet_name == facet_name) { -if (!facet.is_dirty()) return; - +if (facet.new_key(!facet.new_key())) return; } else { entity.facet_name = facet_name; } diff --git a/install/ui/ipa.js b/install/ui/ipa.js index 406dce6d4614e6a43d063153eec3037505a860b0..128413b1e6b3e65d66062c7b3329cea399b0552b 100644 --- a/install/ui/ipa.js +++ b/install/ui/ipa.js @@ -131,7 +131,38 @@ var IPA = ( function () { } }; + +that.test_dirty = function(){ +if (IPA.current_entity){ +var facet_name = IPA.current_facet(IPA.current_entity); +var facet = IPA.current_entity.facets_by_name[facet_name]; +if (facet.is_dirty()){ +var message_box = $(div/,{ +html: IPA.messages.dirty +}). +appendTo($(#navigation)); +message_box.dialog({ +title:
Re: [Freeipa-devel] [PATCH] 041 Add example of DNS SRV record and a simple validator
On Wed, Jan 26, 2011 at 11:25:03AM -0500, Rob Crittenden wrote: Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/26/2011 03:38 PM, Jakub Hrozek wrote: https://fedorahosted.org/freeipa/ticket/846 This version contains a better example (consistent zone name). This requires a change to API.txt too, otherwise the patch looks good. rob Thanks for catching this. I still wonder why I was able to run make rpms which in turn runs makeapi --validate. A new patch is attached. From af17c43e77cab88ec001f4bd94c3002bd7a4494d Mon Sep 17 00:00:00 2001 From: Jakub Hrozek jhro...@redhat.com Date: Wed, 26 Jan 2011 09:31:50 -0500 Subject: [PATCH] Add example of DNS SRV record and a simple validator https://fedorahosted.org/freeipa/ticket/846 --- API.txt |8 ipalib/plugins/dns.py | 23 +++ 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/API.txt b/API.txt index c9a56f6..8e30a7e 100644 --- a/API.txt +++ b/API.txt @@ -522,7 +522,7 @@ option: List('rrsigrecord?', attribute=True, cli_name='rrsig_rec',ist('rrsigreco option: List('rprecord?', attribute=True, cli_name='rp_rec',ist('rprecord?', attribute=True, cli_name='rp_rec', doc='comma-separated list of RP records', label='RP record', multivalue=True) option: List('sigrecord?', attribute=True, cli_name='sig_rec',ist('sigrecord?', attribute=True, cli_name='sig_rec', doc='comma-separated list of SIG records', label='SIG record', multivalue=True) option: List('spfrecord?', attribute=True, cli_name='spf_rec',ist('spfrecord?', attribute=True, cli_name='spf_rec', doc='comma-separated list of SPF records', label='SPF record', multivalue=True) -option: List('srvrecord?', attribute=True, cli_name='srv_rec',ist('srvrecord?', attribute=True, cli_name='srv_rec', doc='comma-separated list of SRV records', label='SRV record', multivalue=True) +option: List('srvrecord?', _validate_srv, attribute=True, cli_name='srv_rec',ist('srvrecord?', _validate_srv, attribute=True, cli_name='srv_rec', doc='comma-separated list of SRV records', label='SRV record', multivalue=True) option: List('sshfprecord?', attribute=True, cli_name='sshfp_rec',ist('sshfprecord?', attribute=True, cli_name='sshfp_rec', doc='comma-separated list of SSHFP records', label='SSHFP record', multivalue=True) option: List('tarecord?', attribute=True, cli_name='ta_rec',ist('tarecord?', attribute=True, cli_name='ta_rec', doc='comma-separated list of TA records', label='TA record', multivalue=True) option: List('tkeyrecord?', attribute=True, cli_name='tkey_rec',ist('tkeyrecord?', attribute=True, cli_name='tkey_rec', doc='comma-separated list of TKEY records', label='TKEY record', multivalue=True) @@ -570,7 +570,7 @@ option: List('rrsigrecord?', attribute=True, cli_name='rrsig_rec',ist('rrsigreco option: List('rprecord?', attribute=True, cli_name='rp_rec',ist('rprecord?', attribute=True, cli_name='rp_rec', doc='comma-separated list of RP records', label='RP record', multivalue=True) option: List('sigrecord?', attribute=True, cli_name='sig_rec',ist('sigrecord?', attribute=True, cli_name='sig_rec', doc='comma-separated list of SIG records', label='SIG record', multivalue=True) option: List('spfrecord?', attribute=True, cli_name='spf_rec',ist('spfrecord?', attribute=True, cli_name='spf_rec', doc='comma-separated list of SPF records', label='SPF record', multivalue=True) -option: List('srvrecord?', attribute=True, cli_name='srv_rec',ist('srvrecord?', attribute=True, cli_name='srv_rec', doc='comma-separated list of SRV records', label='SRV record', multivalue=True) +option: List('srvrecord?', _validate_srv, attribute=True, cli_name='srv_rec',ist('srvrecord?', _validate_srv, attribute=True, cli_name='srv_rec', doc='comma-separated list of SRV records', label='SRV record', multivalue=True) option: List('sshfprecord?', attribute=True, cli_name='sshfp_rec',ist('sshfprecord?', attribute=True, cli_name='sshfp_rec', doc='comma-separated list of SSHFP records', label='SSHFP record', multivalue=True) option: List('tarecord?', attribute=True, cli_name='ta_rec',ist('tarecord?', attribute=True, cli_name='ta_rec', doc='comma-separated list of TA records', label='TA record', multivalue=True) option: List('tkeyrecord?', attribute=True, cli_name='tkey_rec',ist('tkeyrecord?', attribute=True, cli_name='tkey_rec', doc='comma-separated list of TKEY records', label='TKEY record', multivalue=True) @@ -619,7 +619,7 @@ option: List('rrsigrecord?', attribute=True, cli_name='rrsig_rec',ist('rrsigreco option: List('rprecord?', attribute=True, cli_name='rp_rec',ist('rprecord?', attribute=True, cli_name='rp_rec', doc='comma-separated list of RP records', label='RP record', multivalue=True) option: List('sigrecord?', attribute=True, cli_name='sig_rec',ist('sigrecord?', attribute=True, cli_name='sig_rec', doc='comma-separated list of SIG records', label='SIG record', multivalue=True) option: List('spfrecord?',
Re: [Freeipa-devel] [PATCH] 041 Add example of DNS SRV record and a simple validator
Rob Crittenden rcrit...@redhat.com wrote: Jakub Hrozek wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/26/2011 03:38 PM, Jakub Hrozek wrote: https://fedorahosted.org/freeipa/ticket/846 This version contains a better example (consistent zone name). This requires a change to API.txt too, otherwise the patch looks good. Sorry for not catching that. I have problems with API.txt on a regular basis, so I call makeapi before each compilation. I'm not sure why I have these problems, happens on a clean master. I recall seeing some information about it somewhere, but I don't know exactly what it was. Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel