mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
netcmd: silo command uses more consistent naming for policy args
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
c22400fd8e
commit
15fb8a5f2e
@ -1101,21 +1101,21 @@
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>--user-policy</term>
|
||||
<term>--user-authentication-policy</term>
|
||||
<listitem><para>
|
||||
User account policy.
|
||||
User account authentication policy.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>--service-policy</term>
|
||||
<term>--service-authentication-policy</term>
|
||||
<listitem><para>
|
||||
Managed Service Account policy.
|
||||
Managed service account authentication policy.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>--computer-policy</term>
|
||||
<term>--computer-authentication-policy</term>
|
||||
<listitem><para>
|
||||
Computer Account policy.
|
||||
Computer authentication policy.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -1188,21 +1188,21 @@
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>--user-policy</term>
|
||||
<term>--user-authentication-policy</term>
|
||||
<listitem><para>
|
||||
User account policy.
|
||||
User account authentication policy.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>--service-policy</term>
|
||||
<term>--service-authentication-policy</term>
|
||||
<listitem><para>
|
||||
Managed Service Account policy.
|
||||
Managed service account authentication policy.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>--computer-policy</term>
|
||||
<term>--computer-authentication-policy</term>
|
||||
<listitem><para>
|
||||
Computer Account policy.
|
||||
Computer authentication policy.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -115,15 +115,15 @@ class cmd_domain_auth_silo_create(Command):
|
||||
Option("--description",
|
||||
help="Optional description for authentication silo.",
|
||||
dest="description", action="store", type=str),
|
||||
Option("--user-policy",
|
||||
help="User account policy.",
|
||||
dest="user_policy", action="store", type=str),
|
||||
Option("--service-policy",
|
||||
help="Managed Service Account policy.",
|
||||
dest="service_policy", action="store", type=str),
|
||||
Option("--computer-policy",
|
||||
help="Computer account policy.",
|
||||
dest="computer_policy", action="store", type=str),
|
||||
Option("--user-authentication-policy",
|
||||
help="User account authentication policy.",
|
||||
dest="user_authentication_policy", action="store", type=str),
|
||||
Option("--service-authentication-policy",
|
||||
help="Managed service account authentication policy.",
|
||||
dest="service_authentication_policy", action="store", type=str),
|
||||
Option("--computer-authentication-policy",
|
||||
help="Computer authentication policy.",
|
||||
dest="computer_authentication_policy", action="store", type=str),
|
||||
Option("--protect",
|
||||
help="Protect authentication silo from accidental deletion.",
|
||||
dest="protect", action="store_true"),
|
||||
@ -150,10 +150,13 @@ class cmd_domain_auth_silo_create(Command):
|
||||
except (LookupError, ValueError) as e:
|
||||
raise CommandError(e)
|
||||
|
||||
def run(self, hostopts=None, sambaopts=None, credopts=None, name=None,
|
||||
description=None, user_policy=None, service_policy=None,
|
||||
computer_policy=None, protect=None, unprotect=None, audit=None,
|
||||
enforce=None):
|
||||
def run(self, hostopts=None, sambaopts=None, credopts=None,
|
||||
name=None, description=None,
|
||||
user_authentication_policy=None,
|
||||
service_authentication_policy=None,
|
||||
computer_authentication_policy=None,
|
||||
protect=None, unprotect=None,
|
||||
audit=None, enforce=None):
|
||||
|
||||
if protect and unprotect:
|
||||
raise CommandError("--protect and --unprotect cannot be used together.")
|
||||
@ -175,16 +178,19 @@ class cmd_domain_auth_silo_create(Command):
|
||||
silo = AuthenticationSilo(cn=name, description=description)
|
||||
|
||||
# Set user policy
|
||||
if user_policy:
|
||||
silo.user_policy = self.get_policy(ldb, user_policy).dn
|
||||
if user_authentication_policy:
|
||||
silo.user_authentication_policy = \
|
||||
self.get_policy(ldb, user_authentication_policy).dn
|
||||
|
||||
# Set service policy
|
||||
if service_policy:
|
||||
silo.service_policy = self.get_policy(ldb, service_policy).dn
|
||||
if service_authentication_policy:
|
||||
silo.service_authentication_policy = \
|
||||
self.get_policy(ldb, service_authentication_policy).dn
|
||||
|
||||
# Set computer policy
|
||||
if computer_policy:
|
||||
silo.computer_policy = self.get_policy(ldb, computer_policy).dn
|
||||
if computer_authentication_policy:
|
||||
silo.computer_authentication_policy = \
|
||||
self.get_policy(ldb, computer_authentication_policy).dn
|
||||
|
||||
# Either --enforce will be set or --audit but never both.
|
||||
# The default if both are missing is enforce=True.
|
||||
@ -223,15 +229,15 @@ class cmd_domain_auth_silo_modify(Command):
|
||||
Option("--description",
|
||||
help="Optional description for authentication silo.",
|
||||
dest="description", action="store", type=str),
|
||||
Option("--user-policy",
|
||||
help="Set User account policy.",
|
||||
dest="user_policy", action="store", type=str),
|
||||
Option("--service-policy",
|
||||
help="Set Managed Service Account policy.",
|
||||
dest="service_policy", action="store", type=str),
|
||||
Option("--computer-policy",
|
||||
help="Set Computer Account policy.",
|
||||
dest="computer_policy", action="store", type=str),
|
||||
Option("--user-authentication-policy",
|
||||
help="User account authentication policy.",
|
||||
dest="user_authentication_policy", action="store", type=str),
|
||||
Option("--service-authentication-policy",
|
||||
help="Managed service account authentication policy.",
|
||||
dest="service_authentication_policy", action="store", type=str),
|
||||
Option("--computer-authentication-policy",
|
||||
help="Computer authentication policy.",
|
||||
dest="computer_authentication_policy", action="store", type=str),
|
||||
Option("--protect",
|
||||
help="Protect authentication silo from accidental deletion.",
|
||||
dest="protect", action="store_true"),
|
||||
@ -258,10 +264,13 @@ class cmd_domain_auth_silo_modify(Command):
|
||||
except (LookupError, ModelError, ValueError) as e:
|
||||
raise CommandError(e)
|
||||
|
||||
def run(self, hostopts=None, sambaopts=None, credopts=None, name=None,
|
||||
description=None, user_policy=None, service_policy=None,
|
||||
computer_policy=None, protect=None, unprotect=None, audit=None,
|
||||
enforce=None):
|
||||
def run(self, hostopts=None, sambaopts=None, credopts=None,
|
||||
name=None, description=None,
|
||||
user_authentication_policy=None,
|
||||
service_authentication_policy=None,
|
||||
computer_authentication_policy=None,
|
||||
protect=None, unprotect=None,
|
||||
audit=None, enforce=None):
|
||||
|
||||
if audit and enforce:
|
||||
raise CommandError("--audit and --enforce cannot be used together.")
|
||||
@ -290,22 +299,25 @@ class cmd_domain_auth_silo_modify(Command):
|
||||
silo.description = description
|
||||
|
||||
# Set or unset user policy.
|
||||
if user_policy == "":
|
||||
silo.user_policy = None
|
||||
elif user_policy:
|
||||
silo.user_policy = self.get_policy(ldb, user_policy).dn
|
||||
if user_authentication_policy == "":
|
||||
silo.user_authentication_policy = None
|
||||
elif user_authentication_policy:
|
||||
silo.user_authentication_policy = \
|
||||
self.get_policy(ldb, user_authentication_policy).dn
|
||||
|
||||
# Set or unset service policy.
|
||||
if service_policy == "":
|
||||
silo.service_policy = None
|
||||
elif service_policy:
|
||||
silo.service_policy = self.get_policy(ldb, service_policy).dn
|
||||
if service_authentication_policy == "":
|
||||
silo.service_authentication_policy = None
|
||||
elif service_authentication_policy:
|
||||
silo.service_authentication_policy = \
|
||||
self.get_policy(ldb, service_authentication_policy).dn
|
||||
|
||||
# Set or unset computer policy.
|
||||
if computer_policy == "":
|
||||
silo.computer_policy = None
|
||||
elif computer_policy:
|
||||
silo.computer_policy = self.get_policy(ldb, computer_policy).dn
|
||||
if computer_authentication_policy == "":
|
||||
silo.computer_authentication_policy = None
|
||||
elif computer_authentication_policy:
|
||||
silo.computer_authentication_policy = \
|
||||
self.get_policy(ldb, computer_authentication_policy).dn
|
||||
|
||||
# Update silo
|
||||
try:
|
||||
|
@ -30,9 +30,9 @@ from .model import Model
|
||||
class AuthenticationSilo(Model):
|
||||
description = StringField("description")
|
||||
enforced = BooleanField("msDS-AuthNPolicySiloEnforced")
|
||||
user_policy = DnField("msDS-UserAuthNPolicy")
|
||||
service_policy = DnField("msDS-ServiceAuthNPolicy")
|
||||
computer_policy = DnField("msDS-ComputerAuthNPolicy")
|
||||
user_authentication_policy = DnField("msDS-UserAuthNPolicy")
|
||||
service_authentication_policy = DnField("msDS-ServiceAuthNPolicy")
|
||||
computer_authentication_policy = DnField("msDS-ComputerAuthNPolicy")
|
||||
members = DnField("msDS-AuthNPolicySiloMembers", many=True)
|
||||
|
||||
@staticmethod
|
||||
|
@ -44,17 +44,20 @@ class BaseAuthCmdTest(SambaToolCmdTest):
|
||||
cls.create_authentication_policy(name="Service Policy")
|
||||
cls.create_authentication_policy(name="Computer Policy")
|
||||
|
||||
cls.create_authentication_silo(name="Developers",
|
||||
description="Developers, Developers",
|
||||
user_policy="User Policy")
|
||||
cls.create_authentication_silo(name="Managers",
|
||||
description="Managers",
|
||||
user_policy="User Policy")
|
||||
cls.create_authentication_silo(name="QA",
|
||||
description="Quality Assurance",
|
||||
user_policy="User Policy",
|
||||
service_policy="Service Policy",
|
||||
computer_policy="Computer Policy")
|
||||
cls.create_authentication_silo(
|
||||
name="Developers",
|
||||
description="Developers, Developers",
|
||||
user_authentication_policy="User Policy")
|
||||
cls.create_authentication_silo(
|
||||
name="Managers",
|
||||
description="Managers",
|
||||
user_authentication_policy="User Policy")
|
||||
cls.create_authentication_silo(
|
||||
name="QA",
|
||||
description="Quality Assurance",
|
||||
user_authentication_policy="User Policy",
|
||||
service_authentication_policy="Service Policy",
|
||||
computer_authentication_policy="Computer Policy")
|
||||
|
||||
def get_services_dn(self):
|
||||
"""Returns Services DN."""
|
||||
@ -147,21 +150,25 @@ class BaseAuthCmdTest(SambaToolCmdTest):
|
||||
|
||||
@classmethod
|
||||
def create_authentication_silo(cls, name, description=None,
|
||||
user_policy=None, service_policy=None,
|
||||
computer_policy=None, audit=False,
|
||||
protect=False):
|
||||
user_authentication_policy=None,
|
||||
service_authentication_policy=None,
|
||||
computer_authentication_policy=None,
|
||||
audit=False, protect=False):
|
||||
"""Create an authentication silo using the samba-tool command."""
|
||||
|
||||
# Base command for create authentication policy.
|
||||
cmd = ["domain", "auth", "silo", "create", "--name", name]
|
||||
|
||||
# Authentication policies.
|
||||
if user_policy:
|
||||
cmd += ["--user-policy", user_policy]
|
||||
if service_policy:
|
||||
cmd += ["--service-policy", service_policy]
|
||||
if computer_policy:
|
||||
cmd += ["--computer-policy", computer_policy]
|
||||
if user_authentication_policy:
|
||||
cmd += ["--user-authentication-policy",
|
||||
user_authentication_policy]
|
||||
if service_authentication_policy:
|
||||
cmd += ["--service-authentication-policy",
|
||||
service_authentication_policy]
|
||||
if computer_authentication_policy:
|
||||
cmd += ["--computer-authentication-policy",
|
||||
computer_authentication_policy]
|
||||
|
||||
# Other optional attributes.
|
||||
if description is not None:
|
||||
|
@ -94,7 +94,7 @@ class AuthSiloCmdTestCase(BaseAuthCmdTest):
|
||||
|
||||
result, out, err = self.runcmd("domain", "auth", "silo", "create",
|
||||
"--name", "singlePolicy",
|
||||
"--user-policy", "User Policy")
|
||||
"--user-authentication-policy", "User Policy")
|
||||
self.assertIsNone(result, msg=err)
|
||||
|
||||
# Check silo that was created
|
||||
@ -110,9 +110,12 @@ class AuthSiloCmdTestCase(BaseAuthCmdTest):
|
||||
|
||||
result, out, err = self.runcmd("domain", "auth", "silo", "create",
|
||||
"--name", "multiplePolicies",
|
||||
"--user-policy", "User Policy",
|
||||
"--service-policy", "Service Policy",
|
||||
"--computer-policy", "Computer Policy")
|
||||
"--user-authentication-policy",
|
||||
"User Policy",
|
||||
"--service-authentication-policy",
|
||||
"Service Policy",
|
||||
"--computer-authentication-policy",
|
||||
"Computer Policy")
|
||||
self.assertIsNone(result, msg=err)
|
||||
|
||||
# Check silo that was created.
|
||||
@ -132,7 +135,7 @@ class AuthSiloCmdTestCase(BaseAuthCmdTest):
|
||||
|
||||
result, out, err = self.runcmd("domain", "auth", "silo", "create",
|
||||
"--name", "singlePolicyDN",
|
||||
"--user-policy", policy["dn"])
|
||||
"--user-authentication-policy", policy["dn"])
|
||||
self.assertIsNone(result, msg=err)
|
||||
|
||||
# Check silo that was created
|
||||
@ -145,14 +148,14 @@ class AuthSiloCmdTestCase(BaseAuthCmdTest):
|
||||
"""Test creating a new authentication silo that already exists."""
|
||||
result, out, err = self.runcmd("domain", "auth", "silo", "create",
|
||||
"--name", "Developers",
|
||||
"--user-policy", "User Policy")
|
||||
"--user-authentication-policy", "User Policy")
|
||||
self.assertEqual(result, -1)
|
||||
self.assertIn("Authentication silo Developers already exists.", err)
|
||||
|
||||
def test_authentication_silo_create_name_missing(self):
|
||||
"""Test create authentication silo without --name argument."""
|
||||
result, out, err = self.runcmd("domain", "auth", "silo", "create",
|
||||
"--user-policy", "User Policy")
|
||||
"--user-authentication-policy", "User Policy")
|
||||
self.assertEqual(result, -1)
|
||||
self.assertIn("Argument --name is required.", err)
|
||||
|
||||
@ -163,7 +166,7 @@ class AuthSiloCmdTestCase(BaseAuthCmdTest):
|
||||
|
||||
result, out, err = self.runcmd("domain", "auth", "silo", "create",
|
||||
"--name", "auditPolicies",
|
||||
"--user-policy", "User Policy",
|
||||
"--user-authentication-policy", "User Policy",
|
||||
"--audit")
|
||||
self.assertIsNone(result, msg=err)
|
||||
|
||||
@ -178,7 +181,7 @@ class AuthSiloCmdTestCase(BaseAuthCmdTest):
|
||||
|
||||
result, out, err = self.runcmd("domain", "auth", "silo", "create",
|
||||
"--name", "enforcePolicies",
|
||||
"--user-policy", "User Policy",
|
||||
"--user-authentication-policy", "User Policy",
|
||||
"--enforce")
|
||||
self.assertIsNone(result, msg=err)
|
||||
|
||||
@ -190,7 +193,7 @@ class AuthSiloCmdTestCase(BaseAuthCmdTest):
|
||||
"""Test create authentication silo using both --audit and --enforce."""
|
||||
result, out, err = self.runcmd("domain", "auth", "silo", "create",
|
||||
"--name", "enforceTogether",
|
||||
"--user-policy", "User Policy",
|
||||
"--user-authentication-policy", "User Policy",
|
||||
"--audit", "--enforce")
|
||||
self.assertEqual(result, -1)
|
||||
self.assertIn("--audit and --enforce cannot be used together.", err)
|
||||
@ -199,7 +202,7 @@ class AuthSiloCmdTestCase(BaseAuthCmdTest):
|
||||
"""Test create authentication silo using --protect and --unprotect."""
|
||||
result, out, err = self.runcmd("domain", "auth", "silo",
|
||||
"create", "--name", "protectTogether",
|
||||
"--user-policy", "User Policy",
|
||||
"--user-authentication-policy", "User Policy",
|
||||
"--protect", "--unprotect")
|
||||
self.assertEqual(result, -1)
|
||||
self.assertIn("--protect and --unprotect cannot be used together.", err)
|
||||
@ -208,7 +211,7 @@ class AuthSiloCmdTestCase(BaseAuthCmdTest):
|
||||
"""Test create authentication silo with a policy that doesn't exist."""
|
||||
result, out, err = self.runcmd("domain", "auth", "silo", "create",
|
||||
"--name", "policyNotFound",
|
||||
"--user-policy", "Invalid Policy")
|
||||
"--user-authentication-policy", "Invalid Policy")
|
||||
self.assertEqual(result, -1)
|
||||
self.assertIn("Authentication policy Invalid Policy not found.", err)
|
||||
|
||||
@ -219,7 +222,7 @@ class AuthSiloCmdTestCase(BaseAuthCmdTest):
|
||||
add_mock.side_effect = ModelError("Custom error message")
|
||||
result, out, err = self.runcmd("domain", "auth", "silo", "create",
|
||||
"--name", "createFails",
|
||||
"--user-policy", "User Policy")
|
||||
"--user-authentication-policy", "User Policy")
|
||||
self.assertEqual(result, -1)
|
||||
self.assertIn("Custom error message", err)
|
||||
|
||||
@ -341,7 +344,7 @@ class AuthSiloCmdTestCase(BaseAuthCmdTest):
|
||||
# Create non-protected authentication silo.
|
||||
result, out, err = self.runcmd("domain", "auth", "silo", "create",
|
||||
"--name=deleteTest",
|
||||
"--user-policy", "User Policy")
|
||||
"--user-authentication-policy", "User Policy")
|
||||
self.assertIsNone(result, msg=err)
|
||||
silo = self.get_authentication_silo("deleteTest")
|
||||
self.assertIsNotNone(silo)
|
||||
@ -360,7 +363,7 @@ class AuthSiloCmdTestCase(BaseAuthCmdTest):
|
||||
# Create protected authentication silo.
|
||||
result, out, err = self.runcmd("domain", "auth", "silo", "create",
|
||||
"--name=deleteProtected",
|
||||
"--user-policy", "User Policy",
|
||||
"--user-authentication-policy", "User Policy",
|
||||
"--protect")
|
||||
self.assertIsNone(result, msg=err)
|
||||
silo = self.get_authentication_silo("deleteProtected")
|
||||
@ -402,7 +405,7 @@ class AuthSiloCmdTestCase(BaseAuthCmdTest):
|
||||
# Create protected authentication silo.
|
||||
result, out, err = self.runcmd("domain", "auth", "silo", "create",
|
||||
"--name=deleteForceFail",
|
||||
"--user-policy", "User Policy",
|
||||
"--user-authentication-policy", "User Policy",
|
||||
"--protect")
|
||||
self.assertIsNone(result, msg=err)
|
||||
silo = self.get_authentication_silo("deleteForceFail")
|
||||
@ -423,7 +426,7 @@ class AuthSiloCmdTestCase(BaseAuthCmdTest):
|
||||
# Create regular authentication silo.
|
||||
result, out, err = self.runcmd("domain", "auth", "silo", "create",
|
||||
"--name=regularSilo",
|
||||
"--user-policy", "User Policy")
|
||||
"--user-authentication-policy", "User Policy")
|
||||
self.assertIsNone(result, msg=err)
|
||||
silo = self.get_authentication_silo("regularSilo")
|
||||
self.assertIsNotNone(silo)
|
||||
@ -444,7 +447,7 @@ class AuthSiloCmdTestCase(BaseAuthCmdTest):
|
||||
# Create protected authentication silo.
|
||||
result, out, err = self.runcmd("domain", "auth", "silo", "create",
|
||||
"--name=protectedSilo",
|
||||
"--user-policy", "User Policy",
|
||||
"--user-authentication-policy", "User Policy",
|
||||
"--protect")
|
||||
self.assertIsNone(result, msg=err)
|
||||
silo = self.get_authentication_silo("protectedSilo")
|
||||
|
Loading…
Reference in New Issue
Block a user