From aae0cc2fdaeead8ff33ade93e73d6aba25704659 Mon Sep 17 00:00:00 2001

From: Alexander Bokovoy <abokovoy@redhat.com>

Date: Fri, 17 Nov 2017 17:25:57 +0200

Subject: [PATCH] ipaserver/plugins/trust.py: pep8 compliance

Reviewed-By: Christian Heimes <cheimes@redhat.com>

Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>

---

 ipaserver/plugins/trust.py | 356 +++++++++++++++++++++++++++------------------

 1 file changed, 214 insertions(+), 142 deletions(-)

diff --git a/ipaserver/plugins/trust.py b/ipaserver/plugins/trust.py

index d01529ee022d4a4f9b671a8f06156ed450326041..73e137abcec9625997a619fe64d4f615743247b1 100644

--- a/ipaserver/plugins/trust.py

+++ b/ipaserver/plugins/trust.py

@@ -81,10 +81,10 @@ Cross-realm trusts

 Manage trust relationship between IPA and Active Directory domains.

-In order to allow users from a remote domain to access resources in IPA

-domain, trust relationship needs to be established. Currently IPA supports

-only trusts between IPA and Active Directory domains under control of Windows

-Server 2008 or later, with functional level 2008 or later.

+In order to allow users from a remote domain to access resources in IPA domain,

+trust relationship needs to be established. Currently IPA supports only trusts

+between IPA and Active Directory domains under control of Windows Server 2008

+or later, with functional level 2008 or later.

 Please note that DNS on both IPA and Active Directory domain sides should be

 configured properly to discover each other. Trust relationship relies on

@@ -95,7 +95,8 @@ Examples:

 1. Establish cross-realm trust with Active Directory using AD administrator

    credentials:

-   ipa trust-add --type=ad <ad.domain> --admin <AD domain administrator> --password

+   ipa trust-add --type=ad <ad.domain> --admin <AD domain administrator> \

+           --password

 2. List all existing trust relationships:

@@ -110,35 +111,39 @@ Examples:

    ipa trust-del <ad.domain>

 Once trust relationship is established, remote users will need to be mapped

-to local POSIX groups in order to actually use IPA resources. The mapping should

-be done via use of external membership of non-POSIX group and then this group

-should be included into one of local POSIX groups.

+to local POSIX groups in order to actually use IPA resources. The mapping

+should be done via use of external membership of non-POSIX group and then

+this group should be included into one of local POSIX groups.

 Example:

-1. Create group for the trusted domain admins' mapping and their local POSIX group:

+1. Create group for the trusted domain admins' mapping and their local POSIX

+group:

-   ipa group-add --desc='<ad.domain> admins external map' ad_admins_external --external

+   ipa group-add --desc='<ad.domain> admins external map' \

+           ad_admins_external --external

    ipa group-add --desc='<ad.domain> admins' ad_admins

-2. Add security identifier of Domain Admins of the <ad.domain> to the ad_admins_external

-   group:

+2. Add security identifier of Domain Admins of the <ad.domain> to the

+   ad_admins_external group:

    ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'

-3. Allow members of ad_admins_external group to be associated with ad_admins POSIX group:

+3. Allow members of ad_admins_external group to be associated with

+   ad_admins POSIX group:

    ipa group-add-member ad_admins --groups ad_admins_external

-4. List members of external members of ad_admins_external group to see their SIDs:

+4. List members of external members of ad_admins_external group to see

+   their SIDs:

    ipa group-show ad_admins_external

 GLOBAL TRUST CONFIGURATION

-When IPA AD trust subpackage is installed and ipa-adtrust-install is run,

-a local domain configuration (SID, GUID, NetBIOS name) is generated. These

+When IPA AD trust subpackage is installed and ipa-adtrust-install is run, a

+local domain configuration (SID, GUID, NetBIOS name) is generated. These

 identifiers are then used when communicating with a trusted domain of the

 particular type.

@@ -147,11 +152,11 @@ particular type.

    ipa trustconfig-show --type ad

 2. Modify global configuration for all trusts of Active Directory type and set

-   a different fallback primary group (fallback primary group GID is used as

-   a primary user GID if user authenticating to IPA domain does not have any other

-   primary GID already set):

+   a different fallback primary group (fallback primary group GID is used as a

+   primary user GID if user authenticating to IPA domain does not have any

+   other primary GID already set):

-   ipa trustconfig-mod --type ad --fallback-primary-group "alternative AD group"

+   ipa trustconfig-mod --type ad --fallback-primary-group "another AD group"

 3. Change primary fallback group back to default hidden group (any group with

    posixGroup object class is allowed):

@@ -185,6 +190,7 @@ def make_trust_dn(env, trust_type, dn):

         return DN(dn, container_dn)

     return dn

+

 def find_adtrust_masters(ldap, api):

     """

     Returns a list of names of IPA servers with ADTRUST component configured.

@@ -200,6 +206,7 @@ def find_adtrust_masters(ldap, api):

     return [entry.dn[1].value for entry in entries]

+

 def verify_samba_component_presence(ldap, api):

     """

     Verifies that Samba is installed and configured on this particular master.

@@ -233,7 +240,7 @@ def verify_samba_component_presence(ldap, api):

     # First check for packages missing

     elif not _bindings_installed:

-        error_message=_(

+        error_message = _(

             'Cannot perform the selected command without Samba 4 support '

             'installed. Make sure you have installed server-trust-ad '

             'sub-package of IPA.'

@@ -243,7 +250,7 @@ def verify_samba_component_presence(ldap, api):

     # Packages present, but ADTRUST instance is not configured

     elif not adtrust_present:

-        error_message=_(

+        error_message = _(

             'Cannot perform the selected command without Samba 4 instance '

             'configured on this machine. Make sure you have run '

             'ipa-adtrust-install on this server.'

@@ -263,7 +270,8 @@ def generate_creds(trustinstance, style, **options):

        **options     -- options with realm_admin and realm_passwd keys

     Result:

-       a string representing credentials with first % separating username and password

+       a string representing credentials with first % separating

+       username and password

        None is returned if realm_passwd key returns nothing from options

     """

     creds = None

@@ -284,8 +292,9 @@ def generate_creds(trustinstance, style, **options):

             else:

                 sp = admin_name.split(sep)

             if len(sp) == 1:

-                sp.append(trustinstance.remote_domain

-                          .info['dns_domain'].upper())

+                sp.append(

+                    trustinstance.remote_domain.info['dns_domain'].upper()

+                )

         creds = u"{name}%{password}".format(name=sep.join(sp),

                                             password=password)

     return creds

@@ -334,7 +343,8 @@ def add_range(myapi, trustinstance, range_name, dom_sid, *keys, **options):

         creds = None

         if trustinstance:

             # Re-use AD administrator credentials if they were provided

-            creds = generate_creds(trustinstance, style=CRED_STYLE_KERBEROS, **options)

+            creds = generate_creds(trustinstance,

+                                   style=CRED_STYLE_KERBEROS, **options)

             if creds:

                 domain_validator._admin_creds = creds

         # KDC might not get refreshed data at the first time,

@@ -417,21 +427,32 @@ def fetch_trusted_domains_over_dbus(myapi, log, forest_name):

         _stdout = ''

         _stderr = ''

         bus = dbus.SystemBus()

-        intf = bus.get_object(DBUS_IFACE_TRUST,"/", follow_name_owner_changes=True)

-        fetch_domains_method = intf.get_dbus_method('fetch_domains', dbus_interface=DBUS_IFACE_TRUST)

+        intf = bus.get_object(DBUS_IFACE_TRUST, "/",

+                              follow_name_owner_changes=True)

+        fetch_domains_method = intf.get_dbus_method(

+                'fetch_domains',

+                dbus_interface=DBUS_IFACE_TRUST)

         (_ret, _stdout, _stderr) = fetch_domains_method(forest_name)

     except dbus.DBusException as e:

-        log.error('Failed to call %(iface)s.fetch_domains helper.'

-                       'DBus exception is %(exc)s.' % dict(iface=DBUS_IFACE_TRUST, exc=str(e)))

+        log.error(

+            'Failed to call %(iface)s.fetch_domains helper. '

+            'DBus exception is %(exc)s.' % dict(iface=DBUS_IFACE_TRUST, exc=str(e))

+        )

         if _ret != 0:

-            log.error('Helper was called for forest %(forest)s, return code is %(ret)d' % dict(forest=forest_name, ret=_ret))

-            log.error('Standard output from the helper:\n%s---\n' % (_stdout))

-            log.error('Error output from the helper:\n%s--\n' % (_stderr))

-        raise errors.ServerCommandError(server=myapi.env.host,

-                                        error=_('Fetching domains from trusted forest failed. '

-                                                'See details in the error_log'))

+            log.error(

+                'Helper was called for forest %s, return code is %d',

+                forest_name, _ret

+            )

+            log.error('Standard output from the helper:\n%s---\n', _stdout)

+            log.error('Error output from the helper:\n%s--\n', _stderr)

+        raise errors.ServerCommandError(

+            server=myapi.env.host,

+            error=_('Fetching domains from trusted forest failed. '

+                    'See details in the error_log')

+        )

     return

+

 @register()

 class trust(LDAPObject):

     """

@@ -538,8 +559,8 @@ class trust(LDAPObject):

                 continue

             for value in values:

                 if not ipaserver.dcerpc.is_sid_valid(value):

-                    raise errors.ValidationError(name=attr,

-                            error=_("invalid SID: %(value)s") % dict(value=value))

+                    err = unicode(_("invalid SID: {SID}")).format(SID=value)

+                    raise errors.ValidationError(name=attr, error=err)

     def get_dn(self, *keys, **kwargs):

         trust_type = kwargs.get('trust_type')

@@ -600,7 +621,8 @@ class trust(LDAPObject):

                 add_message(

                     options['version'],

                     result,

-                    BrokenTrust(domain=entry.single_value['cn']))

+                    BrokenTrust(domain=entry.single_value['cn'])

+                )

 @register()

@@ -622,7 +644,7 @@ sides.

     range_types = {

         u'ipa-ad-trust': unicode(_('Active Directory domain range')),

         u'ipa-ad-trust-posix': unicode(_('Active Directory trust range with '

-                                        'POSIX attributes')),

+                                         'POSIX attributes')),

                   }

     takes_options = LDAPCreate.takes_options + (

@@ -720,9 +742,10 @@ sides.

         trust_filter = "cn=%s" % result['value']

         trusts, _truncated = ldap.find_entries(

-                         base_dn=DN(self.api.env.container_trusts, self.api.env.basedn),

-                         filter=trust_filter,

-                         attrs_list=attrs_list)

+            base_dn=DN(self.api.env.container_trusts, self.api.env.basedn),

+            filter=trust_filter,

+            attrs_list=attrs_list

+        )

         result['result'] = entry_to_dict(trusts[0], **options)

@@ -731,10 +754,11 @@ sides.

         # Note that add_new_domains_from_trust will add needed ranges for

         # the algorithmic ID mapping case.

         if (options.get('trust_type') == u'ad' and

-            options.get('trust_secret') is None):

+                options.get('trust_secret') is None):

+

             if options.get('bidirectional') == True:

-                # Bidirectional trust allows us to use cross-realm TGT, so we can

-                # run the call under original user's credentials

+                # Bidirectional trust allows us to use cross-realm TGT,

+                # so we can run the call under original user's credentials

                 res = fetch_domains_from_trust(self.api, self.trustinstance,

                                                **options)

                 add_new_domains_from_trust(

@@ -790,7 +814,9 @@ sides.

         # If domain name and realm does not match, IPA server is not be able

         # to establish trust with Active Directory.

-        realm_not_matching_domain = (self.api.env.domain.upper() != self.api.env.realm)

+        realm_not_matching_domain = (

+            self.api.env.domain.upper() != self.api.env.realm

+        )

         if options['trust_type'] == u'ad' and realm_not_matching_domain:

             raise errors.ValidationError(

@@ -917,11 +943,12 @@ sides.

                 )

             if range_type and range_type != old_range_type:

-                raise errors.ValidationError(name=_('range type change'),

-                    error=_('ID range for the trusted domain already exists, '

-                            'but it has a different type. Please remove the '

-                            'old range manually, or do not enforce type '

-                            'via --range-type option.'))

+                raise errors.ValidationError(

+                    name=_('range type change'),

+                    error=_('ID range for the trusted domain already '

+                            'exists, but it has a different type. Please '

+                            'remove the old range manually, or do not '

+                            'enforce type via --range-type option.'))

         return old_range, range_name, dom_sid

@@ -956,33 +983,55 @@ sides.

                     trust_type

                 )

             except errors.NotFound:

-                error_message=_("Unable to resolve domain controller for '%s' domain. ") % (keys[-1])

-                instructions=[]

+                _message = _("Unable to resolve domain controller for "

+                             "{domain} domain. ")

+                error_message = unicode(_message).format(domain=keys[-1])

+                instructions = []

+

                 if dns_container_exists(self.obj.backend):

                     try:

-                        dns_zone = self.api.Command.dnszone_show(keys[-1])['result']

-                        if ('idnsforwardpolicy' in dns_zone) and dns_zone['idnsforwardpolicy'][0] == u'only':

-                            instructions.append(_("Forward policy is defined for it in IPA DNS, "

-                                                   "perhaps forwarder points to incorrect host?"))

+                        dns_zone = self.api.Command.dnszone_show(

+                            keys[-1])['result']

+

+                        if (('idnsforwardpolicy' in dns_zone) and

+                                dns_zone['idnsforwardpolicy'][0] == u'only'):

+

+                            instructions.append(

+                                _("Forward policy is defined for it in "

+                                  "IPA DNS, perhaps forwarder points to "

+                                  "incorrect host?")

+                            )

                     except (errors.NotFound, KeyError):

-                        instructions.append(_("IPA manages DNS, please verify "

-                                              "your DNS configuration and "

-                                              "make sure that service records "

-                                              "of the '%(domain)s' domain can "

-                                              "be resolved. Examples how to "

-                                              "configure DNS with CLI commands "

-                                              "or the Web UI can be found in "

-                                              "the documentation. " ) %

-                                              dict(domain=keys[-1]))

+                        _instruction = _(

+                            "IPA manages DNS, please verify your DNS "

+                            "configuration and make sure that service "

+                            "records of the '{domain}' domain can be "

+                            "resolved. Examples how to configure DNS "

+                            "with CLI commands or the Web UI can be "

+                            "found in the documentation. "

+                        )

+                        instructions.append(

+                            unicode(_instruction).format(domain=keys[-1])

+                        )

                 else:

-                    instructions.append(_("Since IPA does not manage DNS records, ensure DNS "

-                                           "is configured to resolve '%(domain)s' domain from "

-                                           "IPA hosts and back.") % dict(domain=keys[-1]))

-                raise errors.NotFound(reason=error_message, instructions=instructions)

+                    _instruction = _(

+                        "Since IPA does not manage DNS records, ensure "

+                        "DNS is configured to resolve '{domain}' "

+                        "domain from IPA hosts and back."

+                    )

+                    instructions.append(

+                        unicode(_instruction).format(domain=keys[-1])

+                    )

+                raise errors.NotFound(

+                    reason=error_message,

+                    instructions=instructions

+                )

             if result is None:

-                raise errors.ValidationError(name=_('AD Trust setup'),

-                                             error=_('Unable to verify write permissions to the AD'))

+                raise errors.ValidationError(

+                    name=_('AD Trust setup'),

+                    error=_('Unable to verify write permissions to the AD')

+                )

             ret = dict(

                 value=pkey_to_value(

@@ -1019,12 +1068,14 @@ sides.

                 error=_('Not enough arguments specified to perform trust '

                         'setup'))

+

 @register()

 class trust_del(LDAPDelete):

     __doc__ = _('Delete a trust.')

     msg_summary = _('Deleted trust "%(value)s"')

+

 @register()

 class trust_mod(LDAPUpdate):

     __doc__ = _("""

@@ -1037,13 +1088,14 @@ class trust_mod(LDAPUpdate):

     msg_summary = _('Modified trust "%(value)s" '

                     '(change will be effective in 60 seconds)')

-    def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):

+    def pre_callback(self, ldap, dn, e_attrs, attrs_list, *keys, **options):

         assert isinstance(dn, DN)

-        self.obj.validate_sid_blacklists(entry_attrs)

+        self.obj.validate_sid_blacklists(e_attrs)

         return dn

+

 @register()

 class trust_find(LDAPSearch):

     __doc__ = _('Search for trusts.')

@@ -1054,9 +1106,10 @@ class trust_find(LDAPSearch):

         '%(count)d trust matched', '%(count)d trusts matched', 0

     )

-    # Since all trusts types are stored within separate containers under 'cn=trusts',

-    # search needs to be done on a sub-tree scope

-    def pre_callback(self, ldap, filters, attrs_list, base_dn, scope, *args, **options):

+    # Since all trusts types are stored within separate containers

+    # under 'cn=trusts', search needs to be done on a sub-tree scope

+    def pre_callback(self, ldap, filters, attrs_list,

+                     base_dn, scope, *args, **options):

         # list only trust, not trust domains

         return (filters, base_dn, ldap.SCOPE_SUBTREE)

@@ -1076,13 +1129,16 @@ class trust_find(LDAPSearch):

             trust_type = attrs.single_value.get('ipanttrusttype', None)

             attributes = attrs.single_value.get('ipanttrustattributes', 0)

             if not options.get('raw', False) and trust_type is not None:

-                attrs['trusttype'] = [trust_type_string(trust_type, attributes)]

+                attrs['trusttype'] = [

+                    trust_type_string(trust_type, attributes)

+                ]

                 del attrs['ipanttrusttype']

                 if attributes:

                     del attrs['ipanttrustattributes']

         return truncated

+

 @register()

 class trust_show(LDAPRetrieve):

     __doc__ = _('Display information about a trust.')

@@ -1098,7 +1154,7 @@ class trust_show(LDAPRetrieve):

         return result

-    def post_callback(self, ldap, dn, entry_attrs, *keys, **options):

+    def post_callback(self, ldap, dn, e_attrs, *keys, **options):

         assert isinstance(dn, DN)

         # Translate ipanttrusttype to trusttype

@@ -1106,25 +1162,28 @@ class trust_show(LDAPRetrieve):

         # if --raw not used

         if not options.get('raw', False):

-            trust_type = entry_attrs.single_value.get('ipanttrusttype', None)

-            attributes = entry_attrs.single_value.get('ipanttrustattributes', 0)

+            trust_type = e_attrs.single_value.get('ipanttrusttype', None)

+            attributes = e_attrs.single_value.get('ipanttrustattributes', 0)

             if trust_type is not None:

-                entry_attrs['trusttype'] = [trust_type_string(trust_type, attributes)]

-                del entry_attrs['ipanttrusttype']

+                e_attrs['trusttype'] = [

+                    trust_type_string(trust_type, attributes)

+                ]

+                del e_attrs['ipanttrusttype']

-            dir_str = entry_attrs.single_value.get('ipanttrustdirection', None)

+            dir_str = e_attrs.single_value.get('ipanttrustdirection', None)

             if dir_str is not None:

-                entry_attrs['trustdirection'] = [trust_direction_string(dir_str)]

-                del entry_attrs['ipanttrustdirection']

+                e_attrs['trustdirection'] = [trust_direction_string(dir_str)]

+                del e_attrs['ipanttrustdirection']

             if attributes:

-                del entry_attrs['ipanttrustattributes']

+                del e_attrs['ipanttrustattributes']

         return dn

 _trustconfig_dn = {

-    u'ad': DN(('cn', api.env.domain), api.env.container_cifsdomains, api.env.basedn),

+    u'ad': DN(('cn', api.env.domain),

+              api.env.container_cifsdomains, api.env.basedn),

 }

@@ -1184,8 +1243,10 @@ class trustconfig(LDAPObject):

         try:

             return _trustconfig_dn[kwargs['trust_type']]

         except KeyError:

-            raise errors.ValidationError(name='trust_type',

-                error=_("unsupported trust type"))

+            raise errors.ValidationError(

+                name='trust_type',

+                error=_("unsupported trust type")

+            )

     def _normalize_groupdn(self, entry_attrs):

         """

@@ -1254,8 +1315,8 @@ class trustconfig_mod(LDAPUpdate):

     msg_summary = _('Modified "%(value)s" trust configuration')

     has_output = output.simple_entry

-    def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):

-        self.obj._normalize_groupdn(entry_attrs)

+    def pre_callback(self, ldap, dn, e_attrs, attrs_list, *keys, **options):

+        self.obj._normalize_groupdn(e_attrs)

         return dn

     def execute(self, *keys, **options):

@@ -1263,14 +1324,13 @@ class trustconfig_mod(LDAPUpdate):

         result['value'] = pkey_to_value(options['trust_type'], options)

         return result

-    def post_callback(self, ldap, dn, entry_attrs, *keys, **options):

-        self.obj._convert_groupdn(entry_attrs, options)

+    def post_callback(self, ldap, dn, e_attrs, *keys, **options):

+        self.obj._convert_groupdn(e_attrs, options)

         self.api.Object.config.show_servroles_attributes(

-            entry_attrs, "AD trust agent", "AD trust controller", **options)

+            e_attrs, "AD trust agent", "AD trust controller", **options)

         return dn

-

 @register()

 class trustconfig_show(LDAPRetrieve):

     __doc__ = _('Show global trust configuration.')

@@ -1293,18 +1353,21 @@ class trustconfig_show(LDAPRetrieve):

 if _nss_idmap_installed:

     _idmap_type_dict = {

-        pysss_nss_idmap.ID_USER  : 'user',

-        pysss_nss_idmap.ID_GROUP : 'group',

-        pysss_nss_idmap.ID_BOTH  : 'both',

+        pysss_nss_idmap.ID_USER: 'user',

+        pysss_nss_idmap.ID_GROUP: 'group',

+        pysss_nss_idmap.ID_BOTH: 'both',

     }

+

     def idmap_type_string(level):

         string = _idmap_type_dict.get(int(level), 'unknown')

         return unicode(string)

+

 @register()

 class trust_resolve(Command):

     NO_CLI = True

-    __doc__ = _('Resolve security identifiers of users and groups in trusted domains')

+    __doc__ = _('Resolve security identifiers of users and groups '

+                'in trusted domains')

     takes_options = (

         Str('sids+',

@@ -1313,8 +1376,8 @@ class trust_resolve(Command):

     )

     has_output_params = (

-        Str('name', label= _('Name')),

-        Str('sid', label= _('SID')),

+        Str('name', label=_('Name')),

+        Str('sid', label=_('SID')),

     )

     has_output = (

@@ -1326,13 +1389,15 @@ class trust_resolve(Command):

         if not _nss_idmap_installed:

             return dict(result=result)

         try:

+            NAME_KEY = pysss_nss_idmap.NAME_KEY

+            TYPE_KEY = pysss_nss_idmap.TYPE_KEY

             sids = [str(x) for x in options['sids']]

             xlate = pysss_nss_idmap.getnamebysid(sids)

             for sid in xlate:

                 entry = dict()

                 entry['sid'] = [unicode(sid)]

-                entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]

-                entry['type'] = [idmap_type_string(xlate[sid][pysss_nss_idmap.TYPE_KEY])]

+                entry['name'] = [unicode(xlate[sid][NAME_KEY])]

+                entry['type'] = [idmap_type_string(xlate[sid][TYPE_KEY])]

                 result.append(entry)

         except ValueError:

             pass

@@ -1340,7 +1405,6 @@ class trust_resolve(Command):

         return dict(result=result)

-

 @register()

 class adtrust_is_enabled(Command):

     NO_CLI = True

@@ -1367,7 +1431,6 @@ class adtrust_is_enabled(Command):

         return dict(result=True)

-

 @register()

 class compat_is_enabled(Command):

     NO_CLI = True

@@ -1411,7 +1474,6 @@ class compat_is_enabled(Command):

         return dict(result=True)

-

 @register()

 class sidgen_was_run(Command):

     """

@@ -1461,7 +1523,7 @@ class trustdomain(LDAPObject):

     Object representing a domain of the AD trust.

     """

     parent_object = 'trust'

-    trust_type_idx = {'2':u'ad'}

+    trust_type_idx = {'2': u'ad'}

     object_name = _('trust domain')

     object_name_plural = _('trust domains')

     object_class = ['ipaNTTrustedDomain']

@@ -1478,40 +1540,39 @@ class trustdomain(LDAPObject):

         Str('cn',

             label=_('Domain name'),

             cli_name='domain',

-            primary_key=True

-        ),

+            primary_key=True),

         Str('ipantflatname?',

             cli_name='flat_name',

-            label=_('Domain NetBIOS name'),

-        ),

+            label=_('Domain NetBIOS name')),

         Str('ipanttrusteddomainsid?',

             cli_name='sid',

-            label=_('Domain Security Identifier'),

-        ),

+            label=_('Domain Security Identifier')),

         Flag('domain_enabled',

-            label=_('Domain enabled'),

-            flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},

-        ),

+             label=_('Domain enabled'),

+             flags={'virtual_attribute',

+                    'no_create', 'no_update', 'no_search'}),

     )

-    # LDAPObject.get_dn() only passes all but last element of keys and no kwargs

-    # to the parent object's get_dn() no matter what you pass to it. Make own get_dn()

-    # as we really need all elements to construct proper dn.

+    # LDAPObject.get_dn() only passes all but last element of keys and no

+    # kwargs to the parent object's get_dn() no matter what you pass to it.

+    # Make own get_dn() as we really need all elements to construct proper dn.

     def get_dn(self, *keys, **kwargs):

         sdn = [('cn', x) for x in keys]

         sdn.reverse()

         trust_type = kwargs.get('trust_type')

         if not trust_type:

-            trust_type=u'ad'

+            trust_type = u'ad'

-        dn=make_trust_dn(self.env, trust_type, DN(*sdn))

+        dn = make_trust_dn(self.env, trust_type, DN(*sdn))

         return dn

+

 @register()

 class trustdomain_find(LDAPSearch):

     __doc__ = _('Search domains of the trust')

-    def pre_callback(self, ldap, filters, attrs_list, base_dn, scope, *args, **options):

+    def pre_callback(self, ldap, filters, attrs_list, base_dn,

+                     scope, *args, **options):

         return (filters, base_dn, ldap.SCOPE_SUBTREE)

     def post_callback(self, ldap, entries, truncated, *args, **options):

@@ -1532,7 +1593,6 @@ class trustdomain_find(LDAPSearch):

         return truncated

-

 @register()

 class trustdomain_mod(LDAPUpdate):

     __doc__ = _('Modify trustdomain of the trust')

@@ -1540,31 +1600,36 @@ class trustdomain_mod(LDAPUpdate):

     NO_CLI = True

     takes_options = LDAPUpdate.takes_options + (_trust_type_option,)

+

 @register()

 class trustdomain_add(LDAPCreate):

     __doc__ = _('Allow access from the trusted domain')

     NO_CLI = True

     takes_options = LDAPCreate.takes_options + (_trust_type_option,)

-    def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):

-        # ipaNTTrustPartner must always be set to the name of the trusted domain

-        # See MS-ADTS 6.1.6.7.13

-        entry_attrs['ipanttrustpartner'] = [dn[0]['cn']]

+

+    def pre_callback(self, ldap, dn, e_attrs, attrs_list, *keys, **options):

+        # ipaNTTrustPartner must always be set to the name of the trusted

+        # domain. See MS-ADTS 6.1.6.7.13

+        e_attrs['ipanttrustpartner'] = [dn[0]['cn']]

         return dn

 @register()

 class trustdomain_del(LDAPDelete):

-    __doc__ = _('Remove information about the domain associated with the trust.')

+    __doc__ = _('Remove information about the domain associated '

+                'with the trust.')

-    msg_summary = _('Removed information about the trusted domain "%(value)s"')

+    msg_summary = _('Removed information about the trusted domain '

+                    '"%(value)s"')

     def execute(self, *keys, **options):