Re: [Freeipa-devel] [PATCH] 8 Fix typo in ipa-server-install
On Thu, 2011-04-07 at 17:28 +0200, Jan Cholasta wrote: Fixed typo in ipa-server-install. ACK, pushed to master,ipa-2-0 Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 767 fix ipa-nis-manage
ipa-nis-manage was failing because root has very limited capabilities when binding over ldapi because of autobind. So don't use ldapi. Also force this to be run as root since we start/stop and configure/unconfigure services. ticket 1157 rob freeipa-rcrit-767-nis.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 768 fix migration between v2 servers
Migration from a v2 server would fail because of our fake memberofindirect attribute. This isn't in any objectclass so would cause entries to fail to migrate. We can safely just remove it. Also remove any limits on time/size when searching for entries on the remote server. Otherwise only the number of entries configured in the local IPA server can be migrated. ticket 1124 rob freeipa-rcrit-768-migrate.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 3 Add ability to specify netmask with IP addresses during installation
Jan Cholasta wrote: On 29.3.2011 22:15, Rob Crittenden wrote: Jan Cholasta wrote: Sorry, forgot to attach the patch. Is this why you have some blind excepts? installutils._IPAddressWithPrefix('192.168.0.1/33') Traceback (most recent call last): File stdin, line 1, in module File ipaserver/install/installutils.py, line 167, in __init__ net = netaddr.IPNetwork(addr) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 919, in __init__ implicit_prefix, flags) File /usr/lib/python2.7/site-packages/netaddr/ip/__init__.py, line 782, in parse_ip_network value = ip._value UnboundLocalError: local variable 'ip' referenced before assignment We should get an upstream bug filed on python-netaddr about this. https://github.com/drkjam/netaddr/issues/closed#issue/5 https://github.com/drkjam/netaddr/issues/closed#issue/6 https://github.com/drkjam/netaddr/issues/closed#issue/8 Apparently it's already been fixed for the next release. IMHO it's not much of an issue for us, because the exception gets caught in parse_ip_address and that's currently the only place where _IPAddressWithPrefix is used. Shoudl parse_ip_address() raise an exception on bad data rather than returning 0.0.0.0? I've been down that road and it would need a rewrite of the fragile IP address handling logic of ipa-server-install, which is something I'd rather avoid. installutils.parse_ip_address('355.555.3.3') _IPAddressWithPrefix('0.0.0.0') or installutils.parse_ip_address('192.168.0.1/55') _IPAddressWithPrefix('0.0.0.0') Should it disallow net addresses like 192.168.0.0? If you mean network and broadcast addresses, it probably should. It might be a good idea to disallow localhost, multicast and/or link-local addresses too. Are you going to resubmit the patch with these added or should we open a separate ticket? rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 042 Password policy commands do not include cospriority
Martin Kosek wrote: On Fri, 2011-04-01 at 13:51 -0400, Rob Crittenden wrote: Martin Kosek wrote: Target branches: master, ipa-2-0 --- Most of the pwpolicy_* commands do include cospriority in the result and potentially in the attribute rights (--all --rights). Especially when --raw output is requested. This patch fixes it for all pwpolicy commands. https://fedorahosted.org/freeipa/ticket/1103 nack. I see a couple of problems. You should test for rights before doing the cosentry_show(). If rights is False then we won't add the data whatever it is so it is more efficient to exit earlier. We have to call cosentry_show every time (except for the case when we pull data for the global policy) because we read cospriority attribute. But the function was indeed not efficient (it called cosentry_show twice), I rewrote it. Same with pwpolicy_name == global_policy_name. I think you should drop the try/except and make it: if not rights or pwpolicy_name == global_policy_name: return ... It should never be the case that the cosentry is not found so I'd let it fail if that does occur. Fixed. I think that keys[-1] can be None so be aware. Fixed. You hardcode rights == False in pwpolicy_find(), a good thing. I think you should add make it explict rights=False and add a comment explaining that you can't get accessrights with a find. Fixed. Fixed patch attached. Martin Looks great, ack. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 760 don't crash when calculating indirect
Martin Kosek wrote: On Wed, 2011-03-30 at 10:46 -0400, Rob Crittenden wrote: Rob Crittenden wrote: This prevents an internal error when calculating direct vs indirect membership. ticket 1133 I accidentally included a change from another patch. Updated patch attached. rob I think it is OK. But I would suggest adding some comment to the code - a reason why we pass the ValueError exception. It may not be self-explanatory when we return to this code in the future. Martin I'm withdrawing this patch. It seems to be covering up for a real problem. JR is doing further investigation. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 767 fix ipa-nis-manage
Does this imply the use of ldap with tls now or just standard ldap? There was a previous ticket that changed this and many other tools such that they used ldapi to accommodate FreeIPA with a minssf set. On Apr 8, 2011, at 7:24 AM, Rob Crittenden rcrit...@redhat.com wrote: ipa-nis-manage was failing because root has very limited capabilities when binding over ldapi because of autobind. So don't use ldapi. Also force this to be run as root since we start/stop and configure/unconfigure services. ticket 1157 rob freeipa-rcrit-767-nis.patch ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 760 don't crash when calculating indirect
On Apr 8, 2011, at 7:32 AM, Rob Crittenden wrote: Martin Kosek wrote: On Wed, 2011-03-30 at 10:46 -0400, Rob Crittenden wrote: Rob Crittenden wrote: This prevents an internal error when calculating direct vs indirect membership. ticket 1133 I accidentally included a change from another patch. Updated patch attached. rob I think it is OK. But I would suggest adding some comment to the code - a reason why we pass the ValueError exception. It may not be self-explanatory when we return to this code in the future. Martin I'm withdrawing this patch. It seems to be covering up for a real problem. JR is doing further investigation. rob Yes, I believe I have identified the root cause of the crashes, and I believe they should be addressed by my patch for https://fedorahosted.org/freeipa/ticket/1139 My patch ensures that only the groups for which a member is a part of, will be searched to determine the object's direct or indirect membership. The only time this should throw an exception after the fix for 1139, should be if the memberOf plugin has failed to provide referential integrity. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 22 Add memberHost and memberUser to default indexes
Dmitri Pal wrote: On 04/01/2011 02:06 PM, Rich Megginson wrote: On 04/01/2011 11:26 AM, Rob Crittenden wrote: JR Aquino wrote: On Mar 30, 2011, at 1:16 PM, JR Aquino wrote: The plugin architecture makes a great deal of calls to search for memberUser and memberHost. These attributes are missing from the index and are greatly slowing down the CLI and WebUI. They should be added as Equality Indexes, as the searches that are performed are meant for enumeration after the exact value is known. freeipa-jraquino-0022-Add-memberHost-and-memberUser-to-default-indexes.patch___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Missed some trailing whitespace. Corrected patch attached. After loading this the 389-ds error logs spit out: [01/Apr/2011:13:26:01 -0400] - The attribute [memberHost] does not have a valid ORDERING matching rule - error 2:s [01/Apr/2011:13:26:01 -0400] - The attribute [memberUser] does not have a valid ORDERING matching rule - error 2:s Looking at the schema in 60basev2.ldif - it looks as though there are many attributes that do not have an ORDERING matching rule specified correctly: attributeTypes: (2.16.840.1.113730.3.8.3.5 NAME 'memberUser' DESC 'Reference to a principal that performs an action (usually user).' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) attributeTypes: (2.16.840.1.113730.3.8.3.7 NAME 'memberHost' DESC 'Reference to a device where the operation takes place (usually host).' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' ) 1.3.6.1.4.1.1466.115.121.1.12 is DN syntax - there is no ORDERING matching rule for DN syntax - is there some reason you want to be able to do range searches on DN values? I thought that ordering is used for the sorting. If you sort things by an attribute. I suspect that there are cases when it makes sense to sort the result set by DN. I think HBAC is one of those. But if ordering is not something that should be used in this case then what shoud? attributeTypes: (2.16.840.1.113730.3.8.3.8 NAME 'hostCategory' DESC 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' ) This should be ORDERING caseIgnoreOrderingMatch - looks like there may be more of these too. This is probably an artifact of me defineing the schema 2 years ago. Can you please file a BZ and a ticket. IMO we should fix the schema inconsistencies ASAP. Please review the rest of the defined attributes and make sure there are no problems like this. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel The IPA schema is more sane now, this patch does the right thing. ack, pushed to master and ipa-2-0 rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 767 fix ipa-nis-manage
JR Aquino wrote: Does this imply the use of ldap with tls now or just standard ldap? There was a previous ticket that changed this and many other tools such that they used ldapi to accommodate FreeIPA with a minssf set. It uses 389, no TLS. rob On Apr 8, 2011, at 7:24 AM, Rob Crittendenrcrit...@redhat.com wrote: ipa-nis-manage was failing because root has very limited capabilities when binding over ldapi because of autobind. So don't use ldapi. Also force this to be run as root since we start/stop and configure/unconfigure services. ticket 1157 rob freeipa-rcrit-767-nis.patch ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 767 fix ipa-nis-manage
On Apr 8, 2011, at 8:03 AM, Rob Crittenden wrote: On Apr 8, 2011, at 7:24 AM, Rob Crittendenrcrit...@redhat.com wrote: ipa-nis-manage was failing because root has very limited capabilities when binding over ldapi because of autobind. So don't use ldapi. Also force this to be run as root since we start/stop and configure/unconfigure services. ticket 1157 rob freeipa-rcrit-767-nis.patch JR Aquino wrote: Does this imply the use of ldap with tls now or just standard ldap? There was a previous ticket that changed this and many other tools such that they used ldapi to accommodate FreeIPA with a minssf set. It uses 389, no TLS. rob Is there a way to solve both problems? #1 Autobind limits root - ldapi #2 IPA Tools should not fail when 389ds:dse.ldif has minssf set? -Fixed the top posting. sorry about that.- ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Add a new user-add flag param to disable the creation of UPG.
On 04/04/2011 03:47 PM, Simo Sorce wrote: On Mon, 28 Mar 2011 15:27:46 -0700 Nathan Kindernkin...@redhat.com wrote: On 03/28/2011 03:20 PM, Dmitri Pal wrote: On 03/28/2011 04:38 PM, Pavel Zůna wrote: This patch handles the issue in a kind of stupid way, but I couldn't think of anything better. It adds a new flag parameter to user-add (--noprivate). With this flag, the command marks the private group about to be created for deletion and is deleted after the user is created. The only exception is when there is a group, that is named the same way as the user, but isn't a private group - then the group is left there. Private groups are created automatically by the managed entry DS plugin and I didn't find a way to disable its creation for a specific user. The idea that comes to mind is to define some magical attribute that the DS plugin would recognize and skip the creation of the managed entry as well as strip the entry of this magic attribute/value. I remember that other plugins might take advantage of the similar approach. Is something like this possible? You are probably thinking of the DNA plug-in and it's use of a magic value used to tell the plug-in to allocate a value from a range. I would not like to use this approach here, as it requires additional coding and complexity that I don't think is needed. I would prefer that we use the originFilter to deal with this. We could have an auxiliary objectclass that IPA usually adds when creating an IPA user. The originFilter can key off of this objectclass to create managed groups. When a user is added with the --noprivate option, this objectclass is not included in the user entry that is added. Rob and I discussed this approach on IRC earlier today. Ack, this sounds like a better approach, although it doesn't necessarily need to be an objectclass it can also be an attribute with a specific value that is checked in the filter as (!(attrib=value)) Simo. New patch with new approach attached. It sets the checked filter to: ((objectclass=posixAccount)(!(description=__no_upg__))) If a user entry is created with the description attribute equal to the string __no_upg__, the DS plugin will not trigger and no UPG is going to be created. After this patch, the user-add plugin adds this description attribute (NO_UPG_MAGIC = __no_upg__) in the pre_callback and deletes it in the post_callback if necessary. I think the description attribute is the best choice, because it's part of the posixAccount objectClass and we don't use it for anything on user entries. Pavel From 57f3b82bc4b3180a8b0a27733cc0632b813a7736 Mon Sep 17 00:00:00 2001 From: Pavel Zuna pz...@redhat.com Date: Mon, 28 Mar 2011 15:10:57 -0400 Subject: [PATCH] Add a new user-add flag param to disable the creation of UPG. Ticket #1131 --- install/share/user_private_groups.ldif |2 +- ipalib/plugins/user.py | 53 --- 2 files changed, 42 insertions(+), 13 deletions(-) diff --git a/install/share/user_private_groups.ldif b/install/share/user_private_groups.ldif index 9df729a..41a78ba 100644 --- a/install/share/user_private_groups.ldif +++ b/install/share/user_private_groups.ldif @@ -15,7 +15,7 @@ changetype: add objectclass: extensibleObject cn: UPG Definition originScope: cn=users,cn=accounts,$SUFFIX -originFilter: objectclass=posixAccount +originFilter: ((objectclass=posixAccount)(!(description=__no_upg__))) managedBase: cn=groups,cn=accounts,$SUFFIX managedTemplate: cn=UPG Template,cn=etc,$SUFFIX diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 9015144..9a658a9 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -63,6 +63,9 @@ from ipalib import _, ngettext from ipalib.request import context from time import gmtime, strftime + +NO_UPG_MAGIC = '__no_upg__' + def validate_nsaccountlock(entry_attrs): if 'nsaccountlock' in entry_attrs: if not isinstance(entry_attrs['nsaccountlock'], basestring): @@ -70,6 +73,7 @@ def validate_nsaccountlock(entry_attrs): if entry_attrs['nsaccountlock'].lower() not in ('true','false'): raise errors.ValidationError(name='nsaccountlock', error='must be TRUE or FALSE') + class user(LDAPObject): User object. @@ -250,22 +254,35 @@ class user_add(LDAPCreate): Add a new user. - msg_summary = _('Added user %(value)s') +takes_options = LDAPCreate.takes_args + ( +Flag('noprivate', +cli_name='noprivate', +doc=_('don\'t create user private group'), +), +) + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): -try: -# The Managed Entries plugin will allow a user to be created -# even if a group has a duplicate name. This would leave a user -# without a private group. Check for both the group and the user. -self.api.Command['group_show'](keys[-1]) +if not
Re: [Freeipa-devel] [PATCH] 767 fix ipa-nis-manage
On Apr 8, 2011, at 8:53 AM, Rob Crittenden rcrit...@redhat.com wrote: JR Aquino wrote: On Apr 8, 2011, at 8:03 AM, Rob Crittenden wrote: On Apr 8, 2011, at 7:24 AM, Rob Crittendenrcrit...@redhat.com wrote: ipa-nis-manage was failing because root has very limited capabilities when binding over ldapi because of autobind. So don't use ldapi. Also force this to be run as root since we start/stop and configure/unconfigure services. ticket 1157 rob freeipa-rcrit-767-nis.patch JR Aquino wrote: Does this imply the use of ldap with tls now or just standard ldap? There was a previous ticket that changed this and many other tools such that they used ldapi to accommodate FreeIPA with a minssf set. It uses 389, no TLS. rob Is there a way to solve both problems? #1 Autobind limits root - ldapi #2 IPA Tools should not fail when 389ds:dse.ldif has minssf set? -Fixed the top posting. sorry about that.- Maybe, I also want to apply an appropriate level of effort. In reality this command is going to be run 1 or 2 times in the lifetime of an IPA server. rob Fair enough. The minssf gate should apply to the pieces that have a higher usage frequency. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 767 fix ipa-nis-manage
On Apr 8, 2011, at 8:56 AM, JR Aquino jr.aqu...@citrix.com wrote: On Apr 8, 2011, at 8:53 AM, Rob Crittenden rcrit...@redhat.com wrote: JR Aquino wrote: On Apr 8, 2011, at 8:03 AM, Rob Crittenden wrote: On Apr 8, 2011, at 7:24 AM, Rob Crittendenrcrit...@redhat.com wrote: ipa-nis-manage was failing because root has very limited capabilities when binding over ldapi because of autobind. So don't use ldapi. Also force this to be run as root since we start/stop and configure/unconfigure services. ticket 1157 rob freeipa-rcrit-767-nis.patch JR Aquino wrote: Does this imply the use of ldap with tls now or just standard ldap? There was a previous ticket that changed this and many other tools such that they used ldapi to accommodate FreeIPA with a minssf set. It uses 389, no TLS. rob Is there a way to solve both problems? #1 Autobind limits root - ldapi #2 IPA Tools should not fail when 389ds:dse.ldif has minssf set? -Fixed the top posting. sorry about that.- Maybe, I also want to apply an appropriate level of effort. In reality this command is going to be run 1 or 2 times in the lifetime of an IPA server. rob Fair enough. The minssf gate should apply to the pieces that have a higher usage frequency. Does the limitation of autobind with root mean that all of the tools that use ldapi need to be revisited and turned back to 389? ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 764 update ipa-client-install man page
Martin Kosek wrote: I don't think it is a good idea to have this option in ipa-client-install --help at all. Since it is not intended to be used by the user and we just use it in our scripts why would we want to have it in ipa-client-install --help or man pages? We could just hide it using help=optparse.SUPPRESS_HELP attribute for the option and document it only in the installation script source. Martin On Mon, 2011-04-04 at 17:23 -0400, Rob Crittenden wrote: Make it clear that --on-master is for install scripts only. ticket 1050 An excellent idea. See new patch. rob freeipa-rcrit-764-2-man.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 767 fix ipa-nis-manage
JR Aquino wrote: On Apr 8, 2011, at 8:56 AM, JR Aquinojr.aqu...@citrix.com wrote: On Apr 8, 2011, at 8:53 AM, Rob Crittendenrcrit...@redhat.com wrote: JR Aquino wrote: On Apr 8, 2011, at 8:03 AM, Rob Crittenden wrote: On Apr 8, 2011, at 7:24 AM, Rob Crittendenrcrit...@redhat.comwrote: ipa-nis-manage was failing because root has very limited capabilities when binding over ldapi because of autobind. So don't use ldapi. Also force this to be run as root since we start/stop and configure/unconfigure services. ticket 1157 rob freeipa-rcrit-767-nis.patch JR Aquino wrote: Does this imply the use of ldap with tls now or just standard ldap? There was a previous ticket that changed this and many other tools such that they used ldapi to accommodate FreeIPA with a minssf set. It uses 389, no TLS. rob Is there a way to solve both problems? #1 Autobind limits root - ldapi #2 IPA Tools should not fail when 389ds:dse.ldif has minssf set? -Fixed the top posting. sorry about that.- Maybe, I also want to apply an appropriate level of effort. In reality this command is going to be run 1 or 2 times in the lifetime of an IPA server. rob Fair enough. The minssf gate should apply to the pieces that have a higher usage frequency. Does the limitation of autobind with root mean that all of the tools that use ldapi need to be revisited and turned back to 389? ipa-host-net-manage and ipa-compat-manage work ok for me with this patch applied. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 767 fix ipa-nis-manage
On Fri, 08 Apr 2011 13:12:22 -0400 Rob Crittenden rcrit...@redhat.com wrote: JR Aquino wrote: Does the limitation of autobind with root mean that all of the tools that use ldapi need to be revisited and turned back to 389? ipa-host-net-manage and ipa-compat-manage work ok for me with this patch applied. NACK autobind comes into play only when SASL_EXTERNAL auth is used, the krb5kdc binds as uid=kdc over ldapi w/o any issue. If these tools are having a problem with ldapi, it is most probably an underlying bug in our ldap wrappers, as thyese tools should bind as Directory Manager using simple auth not doing SASL_EXTERNAL auth. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 046 Improve DNS PTR record validation
Martin Kosek wrote: Current PTR validation is unclear and may misled the user. This patch improves the validation process so that the eventual exception is clearer. New check that the PTR record is fully qualified has been added to ensure that the reverse zone resolution behaves as expected. Additionally, several strings in the DNS plugin were prepared for localization. https://fedorahosted.org/freeipa/ticket/1129 ack ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 131 Refactored action panel and client area.
To improve code readability and extensibility the containers for action panel and client area are now created in IPA.entity.setup(). The 'client area' has been renamed into 'content'. The IPA.facet.create() has been renamed to IPA.facet.create_content(). -- Endi S. Dewata From 578d52609cd4c4de195ffe06f1886d7fe91ff52a Mon Sep 17 00:00:00 2001 From: Endi S. Dewata edew...@redhat.com Date: Thu, 7 Apr 2011 16:14:58 -0500 Subject: [PATCH] Refactored action panel and client area. To improve code readability and extensibility the containers for action panel and client area are now created in IPA.entity.setup(). The 'client area' has been renamed into 'content'. The IPA.facet.create() has been renamed to IPA.facet.create_content(). --- install/ui/associate.js |2 +- install/ui/details.js| 12 - install/ui/dns.js|8 ++ install/ui/entity.js | 50 ++ install/ui/ipa.css | 12 +--- install/ui/search.js |6 +--- install/ui/test/details_tests.js |8 +- install/ui/test/entity_tests.js |8 +- 8 files changed, 56 insertions(+), 50 deletions(-) diff --git a/install/ui/associate.js b/install/ui/associate.js index 050d8f6dbc8267997c8fa47209fab8826dd4118a..b8a7d825a395b8df68566bbf1402229cf82b2ba6 100644 --- a/install/ui/associate.js +++ b/install/ui/associate.js @@ -788,7 +788,7 @@ IPA.association_facet = function (spec) { return pkey != that.pkey; }; -that.create = function(container) { +that.create_content = function(container) { that.pkey = $.bbq.getState(that.entity_name + '-pkey', true) || ''; diff --git a/install/ui/details.js b/install/ui/details.js index 40dd6d4f8389531c7caeec98a8d613fb63eb9506..794e19fd2b4fc18c8db6e4ad6616ffcfb57767de 100644 --- a/install/ui/details.js +++ b/install/ui/details.js @@ -266,7 +266,7 @@ IPA.details_facet = function(spec) { that.label = ( IPA.messages IPA.messages.facets IPA.messages.facets.details) || spec.label; that.is_dirty = spec.is_dirty || is_dirty; -that.create = spec.create || create; +that.create_content = spec.create_content || create_content; that.setup = spec.setup || setup; that.load = spec.load || load; that.update = spec.update || IPA.details_update; @@ -323,9 +323,7 @@ IPA.details_facet = function(spec) { } }; -function create(container) { - -container.attr('title', that.entity_name); +function create_content(container) { var label = IPA.metadata.objects[that.entity_name].label; @@ -338,7 +336,7 @@ IPA.details_facet = function(spec) { appendTo(container); var details = $('div/', { -'class': 'content' +'name': 'details' }).appendTo(container); $('a/', { @@ -430,7 +428,7 @@ IPA.details_facet = function(spec) { }); button.replaceWith(that.update_button); -var details = $('div.content', that.container); +var details = $('div[name=details]', that.container); var expand_all = $('a[name=expand_all]', details); expand_all.click(function() { @@ -528,7 +526,7 @@ IPA.details_facet = function(spec) { } that.details_facet_init = that.init; -that.details_facet_create = that.create; +that.details_facet_create_content = that.create_content; that.details_facet_load = that.load; return that; diff --git a/install/ui/dns.js b/install/ui/dns.js index 1af95f726050e05217fabbc57506f05102f4276d..36ee2d6ef9395ba290defe9b46a67ff195ffca3f 100644 --- a/install/ui/dns.js +++ b/install/ui/dns.js @@ -282,16 +282,14 @@ IPA.records_facet = function (spec){ return pkey != that.pkey || record != that.record; }; -function create(container) { - -container.attr('title', that.entity_name); +function create_content(container) { $('h1/',{ }).append(IPA.create_network_spinner()). appendTo(container); var details = $('div/', { -'class': 'content' +'name': 'details' }).appendTo(container); var div = $('div class=search-controls/div'). @@ -522,7 +520,7 @@ IPA.records_facet = function (spec){ } -that.create = create; +that.create_content = create_content; that.setup = setup; that.refresh = refresh; diff --git a/install/ui/entity.js b/install/ui/entity.js index 9e37a1271dc0602f6f2328160496cc254741520a..75ec32cfaea8069ebca8cfc7fb6bb311eef0c550 100644 --- a/install/ui/entity.js +++ b/install/ui/entity.js @@ -36,7 +36,7 @@ IPA.facet = function (spec) { that._entity_name = spec.entity_name; that.init = spec.init || init; -that.create = spec.create || create; +that.create_content = spec.create_content || create_content; that.setup = spec.setup || setup; that.load = spec.load || load; @@ -71,7 +71,7 @@
[Freeipa-devel] [PATCH] 132 Refactored builder interface.
The IPA.entity_builder has been modified to take a 'factory' parameter in custom facet's and custom dialog's spec. The IPA.dialog has been modified to take an array of fields in the spec. The IPA.search_facet has been modified to take an array of columns in the spec. -- Endi S. Dewata From 1fd43a7ee0e562a7e3ad0c3c64f554dd8bcdaa0d Mon Sep 17 00:00:00 2001 From: Endi S. Dewata edew...@redhat.com Date: Thu, 7 Apr 2011 16:14:58 -0500 Subject: [PATCH] Refactored builder interface. The IPA.entity_builder has been modified to take a 'factory' parameter in custom facet's and custom dialog's spec. The IPA.dialog has been modified to take an array of fields in the spec. The IPA.search_facet has been modified to take an array of columns in the spec. --- install/ui/dialog.js | 19 +++ install/ui/dns.js |5 ++- install/ui/entity.js | 87 + install/ui/group.js |6 ++-- install/ui/hbac.js|5 ++- install/ui/host.js|5 ++- install/ui/search.js | 10 ++ install/ui/service.js | 29 install/ui/sudo.js|5 ++- 9 files changed, 103 insertions(+), 68 deletions(-) diff --git a/install/ui/dialog.js b/install/ui/dialog.js index 17e78af6da42f86b2436e7590067e61f872dff95..964d5f5fcdd4a6012954ac4bdc1098af7d5e7b52 100644 --- a/install/ui/dialog.js +++ b/install/ui/dialog.js @@ -265,6 +265,25 @@ IPA.dialog = function(spec) { that.dialog_setup = that.setup; that.dialog_open = that.open; +var fields = spec.fields || []; +for (var i=0; ifields.length; i++) { +var field_spec = fields[i]; +var field; + +if (field_spec instanceof Object) { +if (field_spec.factory) { +field = field_spec.factory(field_spec); +} else { +field = IPA.text_widget(field_spec); +} +} else { +var field_name = field_spec; +field = IPA.text_widget({ name: field_name, undo: false }); +} + +that.add_field(field); +} + return that; }; diff --git a/install/ui/dns.js b/install/ui/dns.js index 36ee2d6ef9395ba290defe9b46a67ff195ffca3f..d7175a1408a79f2d214697ed3b042aa6dee8fdb5 100644 --- a/install/ui/dns.js +++ b/install/ui/dns.js @@ -48,10 +48,11 @@ IPA.entity_factories.dnszone = function() { 'dnsclass', 'idnsallowdynupdate', 'idnsupdatepolicy']}]}). -facet(IPA.records_facet({ +facet({ +factory: IPA.records_facet, 'name': 'records', 'label': IPA.metadata.objects.dnsrecord.label -})). +}). standard_association_facets(). build(); }; diff --git a/install/ui/entity.js b/install/ui/entity.js index 75ec32cfaea8069ebca8cfc7fb6bb311eef0c550..4db58465d29a36622e475db32426669bbc5e2b63 100644 --- a/install/ui/entity.js +++ b/install/ui/entity.js @@ -539,7 +539,7 @@ IPA.entity_builder = function(){ var that = {}; var entity = null; -var current_facet = null; +var facet = null; function section(spec){ var current_section = null; @@ -555,7 +555,7 @@ IPA.entity_builder = function(){ }else{ current_section = IPA.details_list_section(spec); } -current_facet.add_section(current_section); +facet.add_section(current_section); var fields = spec.fields; if (fields){ var i; @@ -581,8 +581,14 @@ IPA.entity_builder = function(){ return that; }; -that.dialog = function(value){ -current_facet.dialog(value); +that.dialog = function(spec) { +var dialog; +if (spec.factory) { +dialog = spec.factory(spec); +} else { +dialog = IPA.dialog(spec); +} +facet.dialog(dialog); return that; }; @@ -590,8 +596,8 @@ IPA.entity_builder = function(){ var sections = spec.sections; spec.sections = null; spec.entity_name = entity.name; -current_facet =IPA.details_facet(spec); -entity.facet(current_facet); +facet =IPA.details_facet(spec); +entity.facet(facet); var i; for ( i =0; i sections.length; i += 1){ @@ -601,27 +607,19 @@ IPA.entity_builder = function(){ return that; }; -that.facet = function (facet){ -current_facet = facet; +that.facet = function(spec) { +facet = spec.factory(spec); entity.facet(facet); return that; }; that.search_facet = function (spec){ -current_facet = IPA.search_facet({ -entity_name:entity.name, -search_all: spec.search_all || false +facet = IPA.search_facet({ +entity_name: entity.name, +search_all: spec.search_all || false, +columns: spec.columns }); -var columns = spec.columns; -var i; -
[Freeipa-devel] [PATCH] 133 Refactored search facet.
To simplify customization, the add(), remove(), and refresh() methods have been moved from IPA.search_widget into IPA.search_facet. -- Endi S. Dewata From b42223b994364d098e21f960cc37490bc95af0d1 Mon Sep 17 00:00:00 2001 From: Endi S. Dewata edew...@redhat.com Date: Fri, 8 Apr 2011 00:14:16 -0500 Subject: [PATCH] Refactored search facet. To simplify customization, the add(), remove(), and refresh() methods have been moved from IPA.search_widget into IPA.search_facet. --- install/ui/search.js | 370 +- 1 files changed, 185 insertions(+), 185 deletions(-) diff --git a/install/ui/search.js b/install/ui/search.js index ad74b812a1babd4fd0d4055eae95dc7ccbef138c..91ef5bde848e1558c8cf0600df26aa39c472ae23 100644 --- a/install/ui/search.js +++ b/install/ui/search.js @@ -31,7 +31,6 @@ IPA.search_widget = function (spec) { var that = IPA.table_widget(spec); that.entity_name = spec.entity_name; -that.facet = spec.facet; that.search_all = spec.search_all || false; that.create = function(container) { @@ -47,7 +46,7 @@ IPA.search_widget = function (spec) { search_controls.append(IPA.create_network_spinner()); -this.filter = $('input/', { +that.filter = $('input/', { 'type': 'text', 'name': 'search-' + that.entity_name + '-filter' }).appendTo(search_filter); @@ -58,25 +57,6 @@ IPA.search_widget = function (spec) { 'value': IPA.messages.buttons.find }).appendTo(search_filter); -var action_panel = that.facet.get_action_panel(); -var li = $('.action-controls', action_panel); - -var search_buttons = $('span/', { -'class': 'search-buttons' -}).appendTo(li); - -$('input/', { -'type': 'button', -'name': 'remove', -'value': IPA.messages.buttons.remove -}).appendTo(search_buttons); - -$('input/', { -'type': 'button', -'name': 'add', -'value': IPA.messages.buttons.add -}).appendTo(search_buttons); - $('div/', { 'class': 'search-results' }).appendTo(container); @@ -107,173 +87,17 @@ IPA.search_widget = function (spec) { }); button.replaceWith(that.find_button); -var action_panel = that.facet.get_action_panel(); -var search_buttons = $('.search-buttons', action_panel); - -button = $('input[name=remove]', search_buttons); -that.remove_button = IPA.action_button({ -'label': IPA.messages.buttons.remove, -'icon': 'ui-icon-trash' -}); -that.remove_button.addClass('input_link_disabled'); - -button.replaceWith(that.remove_button); - - -button = $('input[name=add]', search_buttons); -that.add_button = IPA.action_button({ -'label': IPA.messages.buttons.add, -'icon': 'ui-icon-plus', -'click': function() { that.add(); } -}); -button.replaceWith(that.add_button); - var filter = $.bbq.getState(that.entity_name + '-filter', true) || ''; -this.filter.val(filter); +that.filter.val(filter); }; that.find = function() { -var filter = this.filter.val(); +var filter = that.filter.val(); var state = {}; state[that.entity_name + '-filter'] = filter; $.bbq.pushState(state); }; -that.add = function() { - -var dialog = that.facet.get_dialog('add'); -dialog.open(that.container); - -return false; -}; - -that.select_changed = function(){ -var count = 0; -var pkey; -$('input[name=select]:checked', that.tbody).each(function(input){ -count += 1; -pkey = $(this).val(); -}); - -var action_panel = that.facet.get_action_panel(); -if(count == 1){ -$('li.entity-facet', action_panel). -removeClass('entity-facet-disabled'); -var state = {}; - $('input[id=pkey]', action_panel).val(pkey); -}else{ -$('li.entity-facet', action_panel). -addClass('entity-facet-disabled'); -$('input', action_panel).val(null); - -} -var remove_button; -if(count === 0){ -remove_button = $('a[title=Delete]', action_panel); -remove_button.addClass('input_link_disabled'); -remove_button.unbind('click'); - -}else{ -remove_button = $('a[title=Delete]', action_panel); -remove_button.click(function() { that.remove(that.container); }); -remove_button.removeClass('input_link_disabled'); -} - -return false; -}; - - -that.remove = function(container) { - -var values = that.get_selected_values(); - -var title; -if (!values.length) { -title =
[Freeipa-devel] [PATCH] 134 Entitlements.
Initial implementation of Entitlements. -- Endi S. Dewata From a408bfe3e443341fc639b0d29e4918899dee705a Mon Sep 17 00:00:00 2001 From: Endi S. Dewata edew...@redhat.com Date: Fri, 8 Apr 2011 01:16:07 -0400 Subject: [PATCH] Entitlements. Initial implementation of Entitlements. --- install/ui/entitle.js | 196 + install/ui/index.html |1 + install/ui/ipa.css|6 +- install/ui/test/data/entitle_consume.json | 24 install/ui/test/data/entitle_find.json| 37 ++ install/ui/test/data/entitle_get.json | 27 install/ui/test/data/ipa_init.json| 57 - install/ui/webui.js |1 + ipalib/plugins/entitle.py |2 + 9 files changed, 349 insertions(+), 2 deletions(-) create mode 100644 install/ui/entitle.js create mode 100644 install/ui/test/data/entitle_consume.json create mode 100644 install/ui/test/data/entitle_find.json create mode 100644 install/ui/test/data/entitle_get.json diff --git a/install/ui/entitle.js b/install/ui/entitle.js new file mode 100644 index ..3f62860c52fdea0cc4a302c23810a2c0c51cea1c --- /dev/null +++ b/install/ui/entitle.js @@ -0,0 +1,196 @@ +/*jsl:import ipa.js */ + +/* Authors: + *Endi S. Dewata edew...@redhat.com + * + * Copyright (C) 2010 Red Hat + * see file 'COPYING' for use and warranty information + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see http://www.gnu.org/licenses/. + */ + +/* REQUIRES: ipa.js, details.js, search.js, add.js, entity.js */ + + +IPA.entitle = {}; + +IPA.entity_factories.entitle = function() { + +var builder = IPA.entity_builder(); + +builder. +entity('entitle'). +facet({ +factory: IPA.entitle.search_facet, +columns: [ +{ +name: 'product', +label: 'Product' +}, +{ +name: 'quantity', +label: 'Quantity' +}, +{ +name: 'start', +label: 'Start' +}, +{ +name: 'end', +label: 'End' +} +], +search_all: true +}). +dialog({ +factory: IPA.entitle.consume_dialog, +name: 'consume', +title: 'Consume Entitlements', +fields: [ +{ +name: 'quantity', +label: 'Quantity', +undo: false +} +] +}). +details_facet({ +sections: [ +{ +name: 'identity', +label: IPA.messages.details.identity, +fields: ['ipaentitlementid'] +} +] +}). +standard_association_facets(); + +return builder.build(); +}; + +IPA.entitle.search_facet = function(spec) { + +spec = spec || {}; + +var that = IPA.search_facet(spec); + +that.create_action_panel = function(container) { + +that.facet_create_action_panel(container); + +var li = $('.action-controls', container); + +var buttons = $('span/', { +'class': 'search-buttons' +}).appendTo(li); + +$('input/', { +type: 'button', +name: 'consume', +value: 'Consume' +}).appendTo(buttons); +}; + +that.setup = function(container) { + +that.search_facet_setup(container); + +var action_panel = that.get_action_panel(); + +var button = $('input[name=consume]', action_panel); +that.consume_button = IPA.action_button({ +label: 'Consume', +icon: 'ui-icon-plus', +click: function() { +var dialog = that.get_dialog('consume'); +dialog.open(that.container); +} +}); +button.replaceWith(that.consume_button); +}; + +that.refresh = function() { + +function on_success(data, text_status, xhr) { + +that.table.empty(); + +var result = data.result.result; +for (var i = 0; iresult.length;