rpms / pcs

Clone
Source Code
GIT

Blame SOURCES/bz1054491-Add-acl-enable-and-disable-commands-3.patch

c4 c5 c5-plus c6 c6-plus c7 c7-armhfp c7-beta c8 c8-beta c8-init-modify c8s c9 c9-beta
  1.   22e37c2dec687b933cb7f29963ce3e786ba2d76b
  2.   SOURCES
  3.   bz1054491-Add-acl-enable-and-disable-commands-3.patch
Blob History Raw
337c54 
From 3732bb03e2f0b710e85b502c772ad7174d91db80 Mon Sep 17 00:00:00 2001
337c54 
From: Tomas Jelinek <tojeline@redhat.com>
337c54 
Date: Thu, 8 Jan 2015 16:00:47 +0100
337c54 
Subject: [PATCH] Add acl enable and disable commands
337c54
337c54 
* add acl enable and disable commands
337c54 
* display whether acls are enabled in the 'pcs acl' output
337c54 
---
337c54 
 pcs/acl.py           | 19 +++++++++++++
337c54 
 pcs/pcs.8            |  6 ++++
337c54 
 pcs/usage.py         |  6 ++++
337c54 
 pcs/utils.py         |  5 ++++
337c54 
 5 files changed, 92 insertions(+), 21 deletions(-)
337c54
337c54 
diff --git a/pcs/acl.py b/pcs/acl.py
337c54 
index aa07d40..4c2d696 100644
337c54 
--- a/pcs/acl.py
337c54 
+++ b/pcs/acl.py
337c54 
@@ -1,6 +1,7 @@
337c54 
 import sys
337c54 
 import usage
337c54 
 import utils
337c54 
+import prop
337c54
337c54 
 def acl_cmd(argv):
337c54 
     if len(argv) == 0:
337c54 
@@ -18,6 +19,10 @@ def acl_cmd(argv):
337c54 
         acl_show(argv)
337c54 
 #    elif (sub_cmd == "grant"):
337c54 
 #        acl_grant(argv)
337c54 
+    elif (sub_cmd == "enable"):
337c54 
+        acl_enable(argv)
337c54 
+    elif (sub_cmd == "disable"):
337c54 
+        acl_disable(argv)
337c54 
     elif (sub_cmd == "role"):
337c54 
         acl_role(argv)
337c54 
     elif (sub_cmd == "target" or sub_cmd == "user"):
337c54 
@@ -33,10 +38,24 @@ def acl_cmd(argv):
337c54 
 def acl_show(argv):
337c54 
     dom = utils.get_cib_dom()
337c54
337c54 
+    properties = prop.get_set_properties(defaults=prop.get_default_properties())
337c54 
+    acl_enabled = properties.get("enable-acl", "").lower()
337c54 
+    if utils.is_cib_true(acl_enabled):
337c54 
+        print "ACLs are enabled"
337c54 
+    else:
337c54 
+        print "ACLs are disabled, run 'pcs acl enable' to enable"
337c54 
+    print
337c54 
+
337c54 
     print_targets(dom)
337c54 
     print_groups(dom)
337c54 
     print_roles(dom)
337c54
337c54 
+def acl_enable(argv):
337c54 
+    prop.set_property(["enable-acl=true"])
337c54 
+
337c54 
+def acl_disable(argv):
337c54 
+    prop.set_property(["enable-acl=false"])
337c54 
+
337c54 
 def acl_grant(argv):
337c54 
     print "Not yet implemented"
337c54
337c54 
diff --git a/pcs/pcs.8 b/pcs/pcs.8
337c54 
index 00ac11b..14917f7 100644
337c54 
--- a/pcs/pcs.8
337c54 
+++ b/pcs/pcs.8
337c54 
@@ -316,6 +316,12 @@ Confirm that the host specified is currently down.  WARNING: if this node is not
337c54 
 [show]
337c54 
 List all current access control lists
337c54 
 .TP
337c54 
+enable
337c54 
+Enable access control lists
337c54 
+.TP
337c54 
+disable
337c54 
+Disable access control lists
337c54 
+.TP
337c54 
 role create <role name> [description=<description>] [((read | write | deny) (xpath <query> | id <id>))...]
337c54 
 Create a role with the name and (optional) description specified.
337c54 
 Each role can also have an unlimited number of permissions
337c54 
diff --git a/pcs/usage.py b/pcs/usage.py
337c54 
index 7bd3368..2c39901 100644
337c54 
--- a/pcs/usage.py
337c54 
+++ b/pcs/usage.py
337c54 
@@ -969,6 +969,12 @@ Commands:
337c54 
     [show]
337c54 
         List all current access control lists
337c54
337c54 
+    enable
337c54 
+        Enable access control lists
337c54 
+
337c54 
+    disable
337c54 
+        Disable access control lists
337c54 
+
337c54 
     role create <role name> [description=<description>] [((read | write | deny)
337c54 
                                                 (xpath <query> | id <id>))...]
337c54 
         Create a role with the name and (optional) description specified.
337c54 
diff --git a/pcs/utils.py b/pcs/utils.py
337c54 
index 8713c81..de000fa 100644
337c54 
--- a/pcs/utils.py
337c54 
+++ b/pcs/utils.py
337c54 
@@ -2129,6 +2129,11 @@ def is_iso8601_date(var):
337c54 
     output, retVal = run(["iso8601", "-d", var])
337c54 
     return retVal == 0
337c54
337c54 
+# Does pacemaker consider a variable as true in cib?
337c54 
+# See crm_is_true in pacemaker/lib/common/utils.c
337c54 
+def is_cib_true(var):
337c54 
+    return var.lower() in ("true", "on", "yes", "y", "1")
337c54 
+
337c54 
 def is_systemctl():
337c54 
     if os.path.exists('/usr/bin/systemctl'):
337c54 
         return True
337c54 
--
337c54 
1.9.1
337c54

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation