[Freeipa-devel] [PATCH 0473-0476, 0478-0482]DNS Locations: Prologue
Petr Spacek
pspacek at redhat.com
Thu Jun 2 12:06:32 UTC 2016
On 1.6.2016 18:00, Martin Basti wrote:
> <snip>
>
> updated patches attached
>
> freeipa-mbasti-0473.6-DNS-Locations-Always-create-DNS-related-privileges.patch
>
>
> From 549379a36281d80818fca4ec929d499efafda044 Mon Sep 17 00:00:00 2001
> From: Martin Basti <mbasti at redhat.com>
> Date: Wed, 4 May 2016 17:33:52 +0200
> Subject: [PATCH 1/4] DNS Locations: Always create DNS related privileges
>
> DNS privileges are important for handling DNS locations which can be
> created without DNS servers in IPA topology. We will also need this
> privileges presented for future feature 'External DNS support'
>
> https://fedorahosted.org/freeipa/ticket/2008
> ---
> install/share/delegation.ldif | 16 ++++++++++++++++
> install/share/dns.ldif | 16 ----------------
> install/updates/37-locations.update | 0
> install/updates/40-delegation.update | 16 ++++++++++++++++
> 4 files changed, 32 insertions(+), 16 deletions(-)
> create mode 100644 install/updates/37-locations.update
>
> diff --git a/install/share/delegation.ldif b/install/share/delegation.ldif
> index 067b4d26a8be8f4d1b699c15b027ed7f260ddb5b..064078306560528842fa76176152ac594db077c8 100644
> --- a/install/share/delegation.ldif
> +++ b/install/share/delegation.ldif
> @@ -80,6 +80,22 @@ objectClass: nestedgroup
> cn: Delegation Administrator
> description: Role administration
>
> +dn: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
> +changetype: add
> +objectClass: top
> +objectClass: groupofnames
> +objectClass: nestedgroup
> +cn: DNS Administrators
> +description: DNS Administrators
> +
> +dn: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX
> +changetype: add
> +objectClass: top
> +objectClass: groupofnames
> +objectClass: nestedgroup
> +cn: DNS Servers
> +description: DNS Servers
> +
> dn: cn=Service Administrators,cn=privileges,cn=pbac,$SUFFIX
> changetype: add
> objectClass: top
> diff --git a/install/share/dns.ldif b/install/share/dns.ldif
> index bd5cc57f90ed66066699af06a74e1426cc8f9a59..6cee478674af191350cf24e0aef74c5e418f392e 100644
> --- a/install/share/dns.ldif
> +++ b/install/share/dns.ldif
> @@ -12,19 +12,3 @@ aci: (targetattr = "*")(version 3.0; acl "Allow read access"; allow (read,search
> aci: (target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Add DNS entries in a zone";allow (add) userattr = "parent[1].managedby#GROUPDN";)
> aci: (target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Remove DNS entries from a zone";allow (delete) userattr = "parent[1].managedby#GROUPDN";)
> aci: (targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || mdrecord || minforecord || mxrecord || naptrrecord || nsecrecord || nsec3paramrecord || nsrecord || nxtrecord || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord ")(target = "ldap:///idnsname=*,cn=dns,$SUFFIX")(version 3.0;acl "Update DNS entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)
> -
> -dn: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
> -changetype: add
> -objectClass: top
> -objectClass: groupofnames
> -objectClass: nestedgroup
> -cn: DNS Administrators
> -description: DNS Administrators
> -
> -dn: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX
> -changetype: add
> -objectClass: top
> -objectClass: groupofnames
> -objectClass: nestedgroup
> -cn: DNS Servers
> -description: DNS Servers
> diff --git a/install/updates/37-locations.update b/install/updates/37-locations.update
> new file mode 100644
> index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
> diff --git a/install/updates/40-delegation.update b/install/updates/40-delegation.update
> index f0431b92d707b17607fe873efbfe2fcccd3efce1..259cbdbdab9eef69e29dba117db36a9e3e0c5f66 100644
> --- a/install/updates/40-delegation.update
> +++ b/install/updates/40-delegation.update
> @@ -274,3 +274,19 @@ default:objectClass: groupofnames
> default:objectClass: top
> default:cn: Vault Administrators
> default:description: Vault Administrators
> +
> +
> +# Locations - always create DNS related privileges
> +dn: cn=DNS Administrators,cn=privileges,cn=pbac,$SUFFIX
> +default:objectClass: top
> +default:objectClass: groupofnames
> +default:objectClass: nestedgroup
> +default:cn: DNS Administrators
> +default:description: DNS Administrators
> +
> +dn: cn=DNS Servers,cn=privileges,cn=pbac,$SUFFIX
> +default:objectClass: top
> +default:objectClass: groupofnames
> +default:objectClass: nestedgroup
> +default:cn: DNS Servers
> +default:description: DNS Servers
> -- 2.5.5
>
>
> freeipa-mbasti-0474.6-DNS-Locations-add-new-attributes-and-objectclasses.patch
>
>
> From 4363fd4823efcf173f9cc6b56769771bf7867170 Mon Sep 17 00:00:00 2001
> From: Martin Basti <mbasti at redhat.com>
> Date: Thu, 12 May 2016 10:53:37 +0200
> Subject: [PATCH 2/4] DNS Locations: add new attributes and objectclasses
>
> http://www.freeipa.org/page/V4/DNS_Location_Mechanism
>
> https://fedorahosted.org/freeipa/ticket/2008
> ---
> install/share/60ipadns.ldif | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/install/share/60ipadns.ldif b/install/share/60ipadns.ldif
> index 71b99d4d03c34591dc83a5706d300727f3f77f30..5bfed905566bdbfe4e011e218c328701ce854943 100644
> --- a/install/share/60ipadns.ldif
> +++ b/install/share/60ipadns.ldif
> @@ -71,6 +71,8 @@ attributeTypes: ( 2.16.840.1.113730.3.8.5.26 NAME 'idnsSecKeySep' DESC 'DNSKEY S
> attributeTypes: ( 2.16.840.1.113730.3.8.5.27 NAME 'idnsSecAlgorithm' DESC 'DNSKEY algorithm: string used as mnemonic' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
> attributeTypes: ( 2.16.840.1.113730.3.8.5.28 NAME 'idnsSecKeyRef' DESC 'PKCS#11 URI of the key' EQUALITY caseExactMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v4.1' )
> attributeTypes: ( 2.16.840.1.113730.3.8.11.74 NAME 'ipaDNSVersion' DESC 'IPA DNS data version' EQUALITY integerMatch ORDERING integerOrderingMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'IPA v4.3' )
> +attributeTypes: ( 2.16.840.1.113730.3.8.5.32 NAME 'ipaLocation' DESC 'Reference to IPA location' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'IPA v4.4' )
> +attributeTypes: ( 2.16.840.1.113730.3.8.5.33 NAME 'ipaLocationWeight' DESC 'Weight for the server in IPA location' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v4.4' )
> objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $ idnsAllowDynUpdate $ dNSTTL $ dNSClass $ aRecord $ aAAARecord $ a6Record $ nSRecord $ cNAMERecord $ pTRRecord $ sRVRecord $ tXTRecord $ mXRecord $ mDRecord $ hInfoRecord $ mInfoRecord $ aFSDBRecord $ SigRecord $ KeyRecord $ LocRecord $ nXTRecord $ nAPTRRecord $ kXRecord $ certRecord $ dNameRecord $ dSRecord $ sSHFPRecord $ rRSIGRecord $ nSECRecord $ DLVRecord $ TLSARecord $ UnknownRecord $ RPRecord $ APLRecord $ IPSECKEYRecord $ DHCIDRecord $ HIPRecord $ SPFRecord ) )
> objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $ idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum ) MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $ idnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders $ idnsSecInlineSigning $ nSEC3PARAMRecord ) )
> objectClasses: ( 2.16.840.1.113730.3.8.6.2 NAME 'idnsConfigObject' DESC 'DNS global config options' STRUCTURAL MAY ( idnsForwardPolicy $ idnsForwarders $ idnsAllowSyncPTR $ idnsZoneRefresh $ idnsPersistentSearch ) )
> @@ -78,3 +80,5 @@ objectClasses: ( 2.16.840.1.113730.3.8.12.18 NAME 'ipaDNSZone' SUP top AUXILIARY
> objectClasses: ( 2.16.840.1.113730.3.8.6.3 NAME 'idnsForwardZone' DESC 'Forward Zone class' SUP top STRUCTURAL MUST ( idnsName $ idnsZoneActive ) MAY ( idnsForwarders $ idnsForwardPolicy ) )
> objectClasses: ( 2.16.840.1.113730.3.8.6.4 NAME 'idnsSecKey' DESC 'DNSSEC key metadata' STRUCTURAL MUST ( idnsSecKeyRef $ idnsSecKeyCreated $ idnsSecAlgorithm ) MAY ( idnsSecKeyPublish $ idnsSecKeyActivate $ idnsSecKeyInactive $ idnsSecKeyDelete $ idnsSecKeyZone $ idnsSecKeyRevoke $ idnsSecKeySep $ cn ) X-ORIGIN 'IPA v4.1' )
> objectClasses: ( 2.16.840.1.113730.3.8.12.36 NAME 'ipaDNSContainer' DESC 'IPA DNS container' AUXILIARY MUST ( ipaDNSVersion ) X-ORIGIN 'IPA v4.3' )
> +objectClasses: ( 2.16.840.1.113730.3.8.6.7 NAME 'ipaLocationObject' DESC 'Object for storing IPA server location' STRUCTURAL MUST ( idnsName ) MAY ( description ) X-ORIGIN 'IPA v4.4' )
> +objectClasses: ( 2.16.840.1.113730.3.8.6.8 NAME 'ipaLocationMember' DESC 'Member object of IPA location' AUXILIARY MAY ( ipaLocation $ ipaLocationWeight ) X-ORIGIN 'IPA v4.4' )
> -- 2.5.5
>
>
> freeipa-mbasti-0475.6-DNS-Locations-location-commands.patch
>
>
> From c353f0ecbb0e97d9ff28e38ddea27168e69f9ac5 Mon Sep 17 00:00:00 2001
> From: Martin Basti <mbasti at redhat.com>
> Date: Thu, 12 May 2016 10:54:20 +0200
> Subject: [PATCH 3/4] DNS Locations: location-* commands
>
> http://www.freeipa.org/page/V4/DNS_Location_Mechanism
>
> https://fedorahosted.org/freeipa/ticket/2008
> ---
> ACI.txt | 8 ++
> API.txt | 59 ++++++++++++++
> VERSION | 4 +-
> install/share/bootstrap-template.ldif | 6 ++
> install/updates/37-locations.update | 4 +
> install/updates/Makefile.am | 1 +
> ipalib/constants.py | 1 +
> ipalib/plugins/location.py | 149 ++++++++++++++++++++++++++++++++++
> 8 files changed, 230 insertions(+), 2 deletions(-)
> create mode 100644 ipalib/plugins/location.py
>
> diff --git a/ACI.txt b/ACI.txt
> index cea814a0ceb7aea48b709236f0f88677e851ac92..2226eccc74ec6d25c1f6fcc93f3e1c7d636b8146 100644
> --- a/ACI.txt
> +++ b/ACI.txt
> @@ -158,6 +158,14 @@ dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example
> aci: (targetattr = "createtimestamp || entryusn || krbdefaultencsalttypes || krbmaxrenewableage || krbmaxticketlife || krbsupportedencsalttypes || modifytimestamp || objectclass")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read Default Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Default Kerberos Ticket
> Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";)
> dn: cn=users,cn=accounts,dc=ipa,dc=example
> aci: (targetattr = "krbmaxrenewableage || krbmaxticketlife")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read User Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User Kerberos Ticket
> Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";)
> +dn: cn=locations,cn=etc,dc=ipa,dc=example
> +aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System: Add IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
> +dn: cn=locations,cn=etc,dc=ipa,dc=example
> +aci: (targetattr = "description")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write) groupdn = "ldap:///cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
> +dn: cn=locations,cn=etc,dc=ipa,dc=example
> +aci: (targetattr = "createtimestamp || description || entryusn || idnsname || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,read,search) groupdn = "ldap:///cn=System: Read IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
> +dn: cn=locations,cn=etc,dc=ipa,dc=example
> +aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=System: Remove IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
> dn: cn=ng,cn=alt,dc=ipa,dc=example
> aci: (targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Add Netgroups";allow (add) groupdn = "ldap:///cn=System: Add Netgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
> dn: cn=ng,cn=alt,dc=ipa,dc=example
> diff --git a/API.txt b/API.txt
> index 3ad250e74f48ef3c54494ba6bd2d398a7c5d1b69..0568a6573236ca25c7b2353832f949c95b353758 100644
> --- a/API.txt
> +++ b/API.txt
> @@ -2759,6 +2759,65 @@ option: Str('version?')
> output: Entry('result')
> output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
> output: PrimaryKey('value')
> +command: location_add
> +args: 1,6,3
> +arg: DNSNameParam('idnsname', cli_name='name')
> +option: Str('addattr*', cli_name='addattr')
> +option: Flag('all', autofill=True, cli_name='all', default=False)
> +option: Str('description?')
> +option: Flag('raw', autofill=True, cli_name='raw', default=False)
> +option: Str('setattr*', cli_name='setattr')
> +option: Str('version?')
> +output: Entry('result')
> +output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
> +output: PrimaryKey('value')
> +command: location_del
> +args: 1,2,3
> +arg: DNSNameParam('idnsname+', cli_name='name')
> +option: Flag('continue', autofill=True, cli_name='continue', default=False)
> +option: Str('version?')
> +output: Output('result', type=[<type 'dict'>])
> +output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
> +output: ListOfPrimaryKeys('value')
> +command: location_find
> +args: 1,8,4
> +arg: Str('criteria?')
> +option: Flag('all', autofill=True, cli_name='all', default=False)
> +option: Str('description?', autofill=False)
> +option: DNSNameParam('idnsname?', autofill=False, cli_name='name')
> +option: Flag('pkey_only?', autofill=True, default=False)
> +option: Flag('raw', autofill=True, cli_name='raw', default=False)
> +option: Int('sizelimit?', autofill=False)
> +option: Int('timelimit?', autofill=False)
> +option: Str('version?')
> +output: Output('count', type=[<type 'int'>])
> +output: ListOfEntries('result')
> +output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
> +output: Output('truncated', type=[<type 'bool'>])
> +command: location_mod
> +args: 1,8,3
> +arg: DNSNameParam('idnsname', cli_name='name')
> +option: Str('addattr*', cli_name='addattr')
> +option: Flag('all', autofill=True, cli_name='all', default=False)
> +option: Str('delattr*', cli_name='delattr')
> +option: Str('description?', autofill=False)
> +option: Flag('raw', autofill=True, cli_name='raw', default=False)
> +option: Flag('rights', autofill=True, default=False)
> +option: Str('setattr*', cli_name='setattr')
> +option: Str('version?')
> +output: Entry('result')
> +output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
> +output: PrimaryKey('value')
> +command: location_show
> +args: 1,4,3
> +arg: DNSNameParam('idnsname', cli_name='name')
> +option: Flag('all', autofill=True, cli_name='all', default=False)
> +option: Flag('raw', autofill=True, cli_name='raw', default=False)
> +option: Flag('rights', autofill=True, default=False)
> +option: Str('version?')
> +output: Entry('result')
> +output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
> +output: PrimaryKey('value')
> command: migrate_ds
> args: 2,20,4
> arg: Str('ldapuri', cli_name='ldap_uri')
> diff --git a/VERSION b/VERSION
> index 45fdb09788dbc6496272da786bb6d6afa45bf118..03908580e3008b5011588588ad41083310d24095 100644
> --- a/VERSION
> +++ b/VERSION
> @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
> # #
> ########################################################
> IPA_API_VERSION_MAJOR=2
> -IPA_API_VERSION_MINOR=170
> -# Last change: mbasti - *-find: do not search for members by default
> +IPA_API_VERSION_MINOR=171
> +# Last change: mbasti - location-* commands
> diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
> index 628a8e2e0f5483b9f6f565b0c7d11eb000a5912d..83be4399508a905f8eae7e2f59140a6b4051b661 100644
> --- a/install/share/bootstrap-template.ldif
> +++ b/install/share/bootstrap-template.ldif
> @@ -119,6 +119,12 @@ objectClass: nsContainer
> objectClass: top
> cn: etc
>
> +dn: cn=locations,cn=etc,$SUFFIX
> +changetype: add
> +objectClass: nsContainer
> +objectClass: top
> +cn: locations
> +
> dn: cn=sysaccounts,cn=etc,$SUFFIX
> changetype: add
> objectClass: nsContainer
> diff --git a/install/updates/37-locations.update b/install/updates/37-locations.update
> index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..cf47e6d6296af830a76aad2c9b9f5a6ea5d9f3a1 100644
> --- a/install/updates/37-locations.update
> +++ b/install/updates/37-locations.update
> @@ -0,0 +1,4 @@
> +dn: cn=locations,cn=etc,$SUFFIX
> +default: objectClass: nsContainer
> +default: objectClass: top
> +default: cn: locations
> diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
> index 3edc21473d676bd282e9ea2b88769c097fb8a63a..737a8bbbd1a4915a6aefec2d273b90bb3ca31710 100644
> --- a/install/updates/Makefile.am
> +++ b/install/updates/Makefile.am
> @@ -28,6 +28,7 @@ app_DATA = \
> 25-referint.update \
> 30-provisioning.update \
> 30-s4u2proxy.update \
> + 37-locations.update \
> 40-delegation.update \
> 40-realm_domains.update \
> 40-replication.update \
> diff --git a/ipalib/constants.py b/ipalib/constants.py
> index 021f18cd366b821427bdbfcc5e354d2047ef39b1..d1c9ccf68d01ef1dc032559ca8a353eede7a0e09 100644
> --- a/ipalib/constants.py
> +++ b/ipalib/constants.py
> @@ -121,6 +121,7 @@ DEFAULT_CONFIG = (
> ('container_certprofile', DN(('cn', 'certprofiles'), ('cn', 'ca'))),
> ('container_topology', DN(('cn', 'topology'), ('cn', 'ipa'), ('cn', 'etc'))),
> ('container_caacl', DN(('cn', 'caacls'), ('cn', 'ca'))),
> + ('container_locations', DN(('cn', 'locations'), ('cn', 'etc'))),
>
> # Ports, hosts, and URIs:
> ('xmlrpc_uri', 'http://localhost:8888/ipa/xml'),
> diff --git a/ipalib/plugins/location.py b/ipalib/plugins/location.py
> new file mode 100644
> index 0000000000000000000000000000000000000000..efba55aa75e342f566a40a0d10887e173b8a83fc
> --- /dev/null
> +++ b/ipalib/plugins/location.py
> @@ -0,0 +1,149 @@
> +#
> +# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
> +#
> +
> +from __future__ import absolute_import
> +
> +from ipalib import (
> + _,
> + ngettext,
> + api,
> + Str,
> + DNSNameParam
> +)
> +from ipalib.plugable import Registry
> +from ipalib.plugins.baseldap import (
> + LDAPCreate,
> + LDAPSearch,
> + LDAPRetrieve,
> + LDAPDelete,
> + LDAPObject,
> + LDAPUpdate,
> +)
> +from ipapython.dnsutil import DNSName
> +
> +__doc__ = _("""
> +IPA locations
> +""") + _("""
> +Manipulate DNS locations
> +""") + _("""
> +EXAMPLES:
> +""") + _("""
> + Find all locations:
> + ipa location-find
> +""") + _("""
> + Show specific location:
> + ipa location-show location
> +""") + _("""
> + Add location:
> + ipa location-add location --description 'My location'
> +""") + _("""
> + Delete location:
> + ipa location-del location
> +""")
> +
> +register = Registry()
> +
> +
> + at register()
> +class location(LDAPObject):
> + """
> + IPA locations
> + """
> + container_dn = api.env.container_locations
> + object_name = _('location')
> + object_name_plural = _('locations')
> + object_class = ['ipaLocationObject']
> + search_attributes = ['idnsName']
> + default_attributes = [
> + 'idnsname', 'description'
> + ]
> + label = _('IPA Locations')
> + label_singular = _('IPA Location')
> +
> + permission_filter_objectclasses = ['ipaLocationObject']
> + managed_permissions = {
> + 'System: Read IPA Locations': {
> + 'ipapermright': {'read', 'search', 'compare'},
> + 'ipapermdefaultattr': {
> + 'objectclass', 'idnsname', 'description',
> + },
> + 'default_privileges': {'DNS Administrators'},
> + },
> + 'System: Add IPA Locations': {
> + 'ipapermright': {'add'},
> + 'default_privileges': {'DNS Administrators'},
> + },
> + 'System: Remove IPA Locations': {
> + 'ipapermright': {'delete'},
> + 'default_privileges': {'DNS Administrators'},
> + },
> + 'System: Modify IPA Locations': {
> + 'ipapermright': {'write'},
> + 'ipapermdefaultattr': {
> + 'description',
> + },
> + 'default_privileges': {'DNS Administrators'},
> + },
> + }
> +
> + takes_params = (
> + DNSNameParam(
> + 'idnsname',
> + cli_name='name',
> + primary_key=True,
> + label=_('Location name'),
> + doc=_('IPA location name'),
> + # dns name must be relative, we will put it into middle of
> + # location domain name for location records
> + only_relative=True,
> + ),
> + Str(
> + 'description?',
> + label=_('Description'),
> + doc=_('IPA Location description'),
> + ),
> + )
> +
> + def get_dn(self, *keys, **options):
> + loc = keys[-1]
> + assert isinstance(loc, DNSName)
> + loc_a = loc.ToASCII()
> +
> + return super(location, self).get_dn(loc_a, **options)
> +
> +
> + at register()
> +class location_add(LDAPCreate):
> + __doc__ = _('Add a new IPA location.')
> +
> + msg_summary = _('Added IPA location "%(value)s"')
> +
> +
> + at register()
> +class location_del(LDAPDelete):
> + __doc__ = _('Delete an IPA location.')
> +
> + msg_summary = _('Deleted IPA location "%(value)s"')
> +
> +
> + at register()
> +class location_mod(LDAPUpdate):
> + __doc__ = _('Modify information about an IPA location .')
Typo - redundant ' ' at the end.
Conditional NACK, warnings mentioned in
http://www.freeipa.org/page/V4/DNS_Location_Mechanism#CLI
are not there.
I'm open to changing this to ACK if you open a separate ticket for this
omission so we do not forget to add them later on.
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list