ipaserver.plugins.sudorule.sudorule

class ipaserver.plugins.sudorule.sudorule(api)[source]

Bases: ipaserver.plugins.baseldap.LDAPObject

Sudo Rule object.

Public Methods:

check_order_uniqueness(*keys, **options)

Inherited from LDAPObject

get_dn(*keys, **kwargs)

Construct an LDAP DN.

get_dn_if_exists(*keys, **kwargs)

get_primary_key_from_dn(dn)

get_ancestor_primary_keys()

has_objectclass(classes, objectclass)

convert_attribute_members(entry_attrs, ...)

get_indirect_members(entry_attrs, attrs_list)

get_memberindirect(group_entry)

Get indirect members

get_memberofindirect(entry)

get_password_attributes(ldap, dn, entry_attrs)

Search on the entry to determine if it has a password or keytab set.

handle_not_found(*keys)

Handle NotFound exception

handle_duplicate_entry(*keys)

__json__()

Inherited from Object

backend

methods

params

primary_key

params_minus_pk

params_minus(*names)

Yield all Param whose name is not in names.

get_dn(*keys, **kwargs)

Construct an LDAP DN.

get_params()

This method gets called by HasParam._create_param_namespace().

__json__()

Inherited from Plugin

__init__(api)

finalize()

Finalize plugin initialization.

ensure_finalized()

Finalize plugin initialization if it has not yet been finalized.

__repr__()

Return 'module_name.class_name()' representation.

Inherited from ReadOnly

__lock__()

Put this instance into a read-only state.

__islocked__()

Return True if instance is locked, otherwise False.

__setattr__(name, value)

If unlocked, set attribute named name to value.

__delattr__(name)

If unlocked, delete attribute named name.

Private Data Attributes:

Inherited from ReadOnly

_ReadOnly__locked

Private Methods:

Inherited from Object

_on_finalize()

Do custom finalization.

_Object__get_attrs(name)

Inherited from HasParam

_get_param_iterable(name[, verb])

Return an iterable of params defined by the attribute named name.

_filter_param_by_context(name[, env])

Filter params on attribute named name by environment env.

_create_param_namespace(name[, env])

Inherited from Plugin

_Plugin__name_getter()

_Plugin__full_name_getter()

_Plugin__bases_getter()

_Plugin__doc_getter()

_Plugin__summary_getter()

_on_finalize()

Do custom finalization.


property Backend
property Command
NO_CLI = False
__annotations__ = {}
__delattr__(name)

If unlocked, delete attribute named name.

If this instance is locked, an AttributeError will be raised.

Parameters

name – Name of attribute to delete.

__dict__ = mappingproxy({'__module__': 'ipaserver.plugins.sudorule', '__doc__': '\n    Sudo Rule object.\n    ', 'container_dn': ipapython.dn.DN('cn=sudorules,cn=sudo'), 'object_name': Gettext('sudo rule', domain='ipa', localedir=None), 'object_name_plural': Gettext('sudo rules', domain='ipa', localedir=None), 'object_class': ['ipaassociation', 'ipasudorule'], 'permission_filter_objectclasses': ['ipasudorule'], 'default_attributes': ['cn', 'ipaenabledflag', 'externaluser', 'description', 'usercategory', 'hostcategory', 'cmdcategory', 'memberuser', 'memberhost', 'memberallowcmd', 'memberdenycmd', 'ipasudoopt', 'ipasudorunas', 'ipasudorunasgroup', 'ipasudorunasusercategory', 'ipasudorunasgroupcategory', 'sudoorder', 'hostmask', 'externalhost', 'ipasudorunasextusergroup', 'ipasudorunasextgroup', 'ipasudorunasextuser'], 'uuid_attribute': 'ipauniqueid', 'rdn_attribute': 'ipauniqueid', 'allow_rename': True, 'attribute_members': {'memberuser': ['user', 'group'], 'memberhost': ['host', 'hostgroup'], 'memberallowcmd': ['sudocmd', 'sudocmdgroup'], 'memberdenycmd': ['sudocmd', 'sudocmdgroup'], 'ipasudorunas': ['user', 'group'], 'ipasudorunasgroup': ['group']}, 'managed_permissions': {'System: Read Sudo Rules': {'replaces_global_anonymous_aci': True, 'ipapermbindruletype': 'all', 'ipapermright': {'read', 'search', 'compare'}, 'ipapermdefaultattr': {'memberallowcmd', 'cmdcategory', 'objectclass', 'ipasudorunasusercategory', 'usercategory', 'externalhost', 'ipasudorunasextusergroup', 'member', 'externaluser', 'memberdenycmd', 'ipaenabledflag', 'ipasudorunasextuser', 'ipasudorunasgroupcategory', 'hostcategory', 'memberuser', 'ipasudorunasextgroup', 'sudonotafter', 'memberhost', 'ipauniqueid', 'ipasudorunas', 'sudonotbefore', 'ipasudorunasgroup', 'sudoorder', 'cn', 'description', 'ipasudoopt', 'hostmask'}}, 'System: Read Sudoers compat tree': {'non_object': True, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermtarget': ipapython.dn.DN('ou=sudoers,dc=ipa,dc=example'), 'ipapermbindruletype': 'anonymous', 'ipapermright': {'read', 'search', 'compare'}, 'ipapermdefaultattr': {'objectclass', 'sudonotafter', 'ou', 'sudorunas', 'sudonotbefore', 'sudorunasuser', 'sudooption', 'sudocommand', 'sudohost', 'description', 'sudoorder', 'cn', 'sudorunasgroup', 'sudouser'}}, 'System: Add Sudo rule': {'ipapermright': {'add'}, 'replaces': ['(target = "ldap:///ipauniqueid=*,cn=sudorules,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Add Sudo rule";allow (add) groupdn = "ldap:///cn=Add Sudo rule,cn=permissions,cn=pbac,$SUFFIX";)'], 'default_privileges': {'Sudo Administrator'}}, 'System: Delete Sudo rule': {'ipapermright': {'delete'}, 'replaces': ['(target = "ldap:///ipauniqueid=*,cn=sudorules,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Delete Sudo rule";allow (delete) groupdn = "ldap:///cn=Delete Sudo rule,cn=permissions,cn=pbac,$SUFFIX";)'], 'default_privileges': {'Sudo Administrator'}}, 'System: Modify Sudo rule': {'ipapermright': {'write'}, 'ipapermdefaultattr': {'memberallowcmd', 'cmdcategory', 'ipasudorunasusercategory', 'usercategory', 'externalhost', 'ipasudorunasextusergroup', 'externaluser', 'memberdenycmd', 'ipaenabledflag', 'ipasudorunasextuser', 'ipasudorunasgroupcategory', 'hostcategory', 'memberuser', 'ipasudorunasextgroup', 'sudonotafter', 'memberhost', 'ipasudorunas', 'sudonotbefore', 'ipasudorunasgroup', 'sudoorder', 'description', 'ipasudoopt', 'hostmask'}, 'replaces': ['(targetattr = "description || ipaenabledflag || usercategory || hostcategory || cmdcategory || ipasudorunasusercategory || ipasudorunasgroupcategory || externaluser || ipasudorunasextuser || ipasudorunasextgroup || memberdenycmd || memberallowcmd || memberuser")(target = "ldap:///ipauniqueid=*,cn=sudorules,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Modify Sudo rule";allow (write) groupdn = "ldap:///cn=Modify Sudo rule,cn=permissions,cn=pbac,$SUFFIX";)'], 'default_privileges': {'Sudo Administrator'}}}, 'label': Gettext('Sudo Rules', domain='ipa', localedir=None), 'label_singular': Gettext('Sudo Rule', domain='ipa', localedir=None), 'takes_params': (Str('cn', cli_name='sudorule_name', label=Gettext('Rule name', domain='ipa', localedir=None), primary_key=True), Str('description?', cli_name='desc', label=Gettext('Description', domain='ipa', localedir=None)), Bool('ipaenabledflag?', flags=[u'no_option'], label=Gettext('Enabled', domain='ipa', localedir=None)), StrEnum('usercategory?', cli_metavar=u"['all']", cli_name='usercat', doc=Gettext('User category the rule applies to', domain='ipa', localedir=None), label=Gettext('User category', domain='ipa', localedir=None), values=[u'all']), StrEnum('hostcategory?', cli_metavar=u"['all']", cli_name='hostcat', doc=Gettext('Host category the rule applies to', domain='ipa', localedir=None), label=Gettext('Host category', domain='ipa', localedir=None), values=[u'all']), StrEnum('cmdcategory?', cli_metavar=u"['all']", cli_name='cmdcat', doc=Gettext('Command category the rule applies to', domain='ipa', localedir=None), label=Gettext('Command category', domain='ipa', localedir=None), values=[u'all']), StrEnum('ipasudorunasusercategory?', cli_metavar=u"['all']", cli_name='runasusercat', doc=Gettext('RunAs User category the rule applies to', domain='ipa', localedir=None), label=Gettext('RunAs User category', domain='ipa', localedir=None), values=[u'all']), StrEnum('ipasudorunasgroupcategory?', cli_metavar=u"['all']", cli_name='runasgroupcat', doc=Gettext('RunAs Group category the rule applies to', domain='ipa', localedir=None), label=Gettext('RunAs Group category', domain='ipa', localedir=None), values=[u'all']), Int('sudoorder?', cli_name='order', default=0, doc=Gettext('integer to order the Sudo rules', domain='ipa', localedir=None), label=Gettext('Sudo order', domain='ipa', localedir=None), minvalue=0), Str('memberuser_user?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Users', domain='ipa', localedir=None)), Str('memberuser_group?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('User Groups', domain='ipa', localedir=None)), Str('externaluser?', validate_externaluser, cli_name='externaluser', doc=Gettext('External User the rule applies to (sudorule-find only)', domain='ipa', localedir=None), label=Gettext('External User', domain='ipa', localedir=None)), Str('memberhost_host?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Hosts', domain='ipa', localedir=None)), Str('memberhost_hostgroup?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Host Groups', domain='ipa', localedir=None)), Str('hostmask+', validate_hostmask, flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Host Masks', domain='ipa', localedir=None), normalizer=<lambda>), Str('externalhost*', validate_externalhost, flags=[u'no_option'], label=Gettext('External host', domain='ipa', localedir=None)), Str('memberallowcmd_sudocmd?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Sudo Allow Commands', domain='ipa', localedir=None)), Str('memberdenycmd_sudocmd?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Sudo Deny Commands', domain='ipa', localedir=None)), Str('memberallowcmd_sudocmdgroup?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Sudo Allow Command Groups', domain='ipa', localedir=None)), Str('memberdenycmd_sudocmdgroup?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Sudo Deny Command Groups', domain='ipa', localedir=None)), Str('ipasudorunas_user?', doc=Gettext('Run as a user', domain='ipa', localedir=None), flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('RunAs Users', domain='ipa', localedir=None)), Str('ipasudorunas_group?', doc=Gettext('Run as any user within a specified group', domain='ipa', localedir=None), flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Groups of RunAs Users', domain='ipa', localedir=None)), Str('ipasudorunasextuser?', validate_runasextuser, cli_name='runasexternaluser', doc=Gettext('External User the commands can run as (sudorule-find only)', domain='ipa', localedir=None), label=Gettext('RunAs External User', domain='ipa', localedir=None)), Str('ipasudorunasextusergroup?', cli_name='runasexternalusergroup', doc=Gettext('External Groups of users that the command can run as', domain='ipa', localedir=None), flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('External Groups of RunAs Users', domain='ipa', localedir=None)), Str('ipasudorunasgroup_group?', doc=Gettext('Run with the gid of a specified POSIX group', domain='ipa', localedir=None), flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('RunAs Groups', domain='ipa', localedir=None)), Str('ipasudorunasextgroup?', validate_runasextgroup, cli_name='runasexternalgroup', doc=Gettext('External Group the commands can run as (sudorule-find only)', domain='ipa', localedir=None), label=Gettext('RunAs External Group', domain='ipa', localedir=None)), Str('ipasudoopt*', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Sudo Option', domain='ipa', localedir=None))), 'order_not_unique_msg': Gettext('order must be a unique value (%(order)d already used by %(rule)s)', domain='ipa', localedir=None), 'check_order_uniqueness': <function sudorule.check_order_uniqueness>, '__annotations__': {}})
__init__(api)
__islocked__()

Return True if instance is locked, otherwise False.

__json__()
__lock__()

Put this instance into a read-only state.

After the instance has been locked, attempting to set or delete an attribute will raise an AttributeError.

__module__ = 'ipaserver.plugins.sudorule'
__repr__()

Return ‘module_name.class_name()’ representation.

This representation could be used to instantiate this Plugin instance given the appropriate environment.

__setattr__(name, value)

If unlocked, set attribute named name to value.

If this instance is locked, an AttributeError will be raised.

Parameters
  • name – Name of attribute to set.

  • value – Value to assign to attribute.

__weakref__

list of weak references to the object (if defined)

_create_param_namespace(name, env=None)
_filter_param_by_context(name, env=None)

Filter params on attribute named name by environment env.

For example:

>>> from ipalib.config import Env
>>> class Example(HasParam):
...
...     takes_args = (
...         Str('foo_only', include=['foo']),
...         Str('not_bar', exclude=['bar']),
...         'both',
...     )
...
...     def get_args(self):
...         return self._get_param_iterable('args')
...
...
>>> eg = Example()
>>> foo = Env(context='foo')
>>> bar = Env(context='bar')
>>> another = Env(context='another')
>>> (foo.context, bar.context, another.context)
(u'foo', u'bar', u'another')
>>> list(eg._filter_param_by_context('args', foo))
[Str('foo_only', include=['foo']), Str('not_bar', exclude=['bar']), Str('both')]
>>> list(eg._filter_param_by_context('args', bar))
[Str('both')]
>>> list(eg._filter_param_by_context('args', another))
[Str('not_bar', exclude=['bar']), Str('both')]
_get_param_iterable(name, verb='takes')

Return an iterable of params defined by the attribute named name.

A sequence of params can be defined one of three ways: as a tuple; as a callable that returns an iterable; or as a param spec (a Param or str instance). This method returns a uniform iterable regardless of how the param sequence was defined.

For example, when defined with a tuple:

>>> class ByTuple(HasParam):
...     takes_args = (Param('foo'), Param('bar'))
...
>>> by_tuple = ByTuple()
>>> list(by_tuple._get_param_iterable('args'))
[Param('foo'), Param('bar')]

Or you can define your param sequence with a callable when you need to reference attributes on your plugin instance (for validation rules, etc.). For example:

>>> class ByCallable(HasParam):
...     def takes_args(self):
...         yield Param('foo', self.validate_foo)
...         yield Param('bar', self.validate_bar)
...
...     def validate_foo(self, _, value, **kw):
...         if value != 'Foo':
...             return _("must be 'Foo'")
...
...     def validate_bar(self, _, value, **kw):
...         if value != 'Bar':
...             return _("must be 'Bar'")
...
>>> by_callable = ByCallable()
>>> list(by_callable._get_param_iterable('args'))
[Param('foo', validate_foo), Param('bar', validate_bar)]

Lastly, as a convenience for when a param sequence contains a single param, your defining attribute may a param spec (either a Param or an str instance). For example:

>>> class BySpec(HasParam):
...     takes_args = Param('foo')
...     takes_options = 'bar?'
...
>>> by_spec = BySpec()
>>> list(by_spec._get_param_iterable('args'))
[Param('foo')]
>>> list(by_spec._get_param_iterable('options'))
['bar?']

For information on how an str param spec is interpreted, see the create_param() and parse_param_spec() functions in the ipalib.parameters module.

Also see HasParam._filter_param_by_context().

_on_finalize()

Do custom finalization.

This method is called from finalize(). Subclasses can override this method in order to add custom finalization.

allow_rename = True
already_exists_msg = Gettext('%(oname)s with name "%(pkey)s" already exists', domain='ipa', localedir=None)
property api

Return API instance passed to __init__().

attribute_members = {'ipasudorunas': ['user', 'group'], 'ipasudorunasgroup': ['group'], 'memberallowcmd': ['sudocmd', 'sudocmdgroup'], 'memberdenycmd': ['sudocmd', 'sudocmdgroup'], 'memberhost': ['host', 'hostgroup'], 'memberuser': ['user', 'group']}
backend = None
backend_name = 'ldap2'
bases = (<class 'ipaserver.plugins.baseldap.LDAPObject'>,)
bindable = False
check_order_uniqueness(*keys, **options)[source]
container_dn = ipapython.dn.DN('cn=sudorules,cn=sudo')
container_not_found_msg = Gettext('container entry (%(container)s) not found', domain='ipa', localedir=None)
property context
convert_attribute_members(entry_attrs, *keys, **options)
default_attributes = ['cn', 'ipaenabledflag', 'externaluser', 'description', 'usercategory', 'hostcategory', 'cmdcategory', 'memberuser', 'memberhost', 'memberallowcmd', 'memberdenycmd', 'ipasudoopt', 'ipasudorunas', 'ipasudorunasgroup', 'ipasudorunasusercategory', 'ipasudorunasgroupcategory', 'sudoorder', 'hostmask', 'externalhost', 'ipasudorunasextusergroup', 'ipasudorunasextgroup', 'ipasudorunasextuser']
disallow_object_classes = []
doc = '\n    Sudo Rule object.\n    '
ensure_finalized()

Finalize plugin initialization if it has not yet been finalized.

property env
finalize()

Finalize plugin initialization.

This method calls _on_finalize() and locks the plugin object.

Subclasses should not override this method. Custom finalization is done in _on_finalize().

class finalize_attr(name, value=None)

Bases: object

Create a stub object for plugin attribute that isn’t set until the finalization of the plugin initialization.

When the stub object is accessed, it calls ensure_finalized() to make sure the plugin initialization is finalized. The stub object is expected to be replaced with the actual attribute value during the finalization (preferably in _on_finalize()), otherwise an AttributeError is raised.

This is used to implement on-demand finalization of plugin initialization.

__annotations__ = {}
__get__(obj, cls)
__init__(name, value=None)
__module__ = 'ipalib.plugable'
__slots__ = ('name', 'value')
name
value
full_name = 'sudorule/1'
get_ancestor_primary_keys()
get_dn(*keys, **kwargs)

Construct an LDAP DN.

get_dn_if_exists(*keys, **kwargs)
get_indirect_members(entry_attrs, attrs_list)
get_memberindirect(group_entry)

Get indirect members

get_memberofindirect(entry)
get_params()

This method gets called by HasParam._create_param_namespace().

get_password_attributes(ldap, dn, entry_attrs)

Search on the entry to determine if it has a password or keytab set.

A tuple is used to determine which attribute is set in entry_attrs. The value is set to True/False whether a given password type is set.

get_primary_key_from_dn(dn)
handle_duplicate_entry(*keys)
handle_not_found(*keys)

Handle NotFound exception

Must raise errors.NotFound again.

has_objectclass(classes, objectclass)
hidden_attributes = ['objectclass', 'aci']
json_friendly_attributes = ('parent_object', 'container_dn', 'object_name', 'object_name_plural', 'object_class', 'object_class_config', 'default_attributes', 'label', 'label_singular', 'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name', 'takes_params', 'rdn_attribute', 'bindable', 'relationships')
label = Gettext('Sudo Rules', domain='ipa', localedir=None)
label_singular = Gettext('Sudo Rule', domain='ipa', localedir=None)
limit_object_classes = []
managed_permissions = {'System: Add Sudo rule': {'default_privileges': {'Sudo Administrator'}, 'ipapermright': {'add'}, 'replaces': ['(target = "ldap:///ipauniqueid=*,cn=sudorules,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Add Sudo rule";allow (add) groupdn = "ldap:///cn=Add Sudo rule,cn=permissions,cn=pbac,$SUFFIX";)']}, 'System: Delete Sudo rule': {'default_privileges': {'Sudo Administrator'}, 'ipapermright': {'delete'}, 'replaces': ['(target = "ldap:///ipauniqueid=*,cn=sudorules,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Delete Sudo rule";allow (delete) groupdn = "ldap:///cn=Delete Sudo rule,cn=permissions,cn=pbac,$SUFFIX";)']}, 'System: Modify Sudo rule': {'default_privileges': {'Sudo Administrator'}, 'ipapermdefaultattr': {'cmdcategory', 'description', 'externalhost', 'externaluser', 'hostcategory', 'hostmask', 'ipaenabledflag', 'ipasudoopt', 'ipasudorunas', 'ipasudorunasextgroup', 'ipasudorunasextuser', 'ipasudorunasextusergroup', 'ipasudorunasgroup', 'ipasudorunasgroupcategory', 'ipasudorunasusercategory', 'memberallowcmd', 'memberdenycmd', 'memberhost', 'memberuser', 'sudonotafter', 'sudonotbefore', 'sudoorder', 'usercategory'}, 'ipapermright': {'write'}, 'replaces': ['(targetattr = "description || ipaenabledflag || usercategory || hostcategory || cmdcategory || ipasudorunasusercategory || ipasudorunasgroupcategory || externaluser || ipasudorunasextuser || ipasudorunasextgroup || memberdenycmd || memberallowcmd || memberuser")(target = "ldap:///ipauniqueid=*,cn=sudorules,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Modify Sudo rule";allow (write) groupdn = "ldap:///cn=Modify Sudo rule,cn=permissions,cn=pbac,$SUFFIX";)']}, 'System: Read Sudo Rules': {'ipapermbindruletype': 'all', 'ipapermdefaultattr': {'cmdcategory', 'cn', 'description', 'externalhost', 'externaluser', 'hostcategory', 'hostmask', 'ipaenabledflag', 'ipasudoopt', 'ipasudorunas', 'ipasudorunasextgroup', 'ipasudorunasextuser', 'ipasudorunasextusergroup', 'ipasudorunasgroup', 'ipasudorunasgroupcategory', 'ipasudorunasusercategory', 'ipauniqueid', 'member', 'memberallowcmd', 'memberdenycmd', 'memberhost', 'memberuser', 'objectclass', 'sudonotafter', 'sudonotbefore', 'sudoorder', 'usercategory'}, 'ipapermright': {'compare', 'read', 'search'}, 'replaces_global_anonymous_aci': True}, 'System: Read Sudoers compat tree': {'ipapermbindruletype': 'anonymous', 'ipapermdefaultattr': {'cn', 'description', 'objectclass', 'ou', 'sudocommand', 'sudohost', 'sudonotafter', 'sudonotbefore', 'sudooption', 'sudoorder', 'sudorunas', 'sudorunasgroup', 'sudorunasuser', 'sudouser'}, 'ipapermlocation': ipapython.dn.DN('dc=ipa,dc=example'), 'ipapermright': {'compare', 'read', 'search'}, 'ipapermtarget': ipapython.dn.DN('ou=sudoers,dc=ipa,dc=example'), 'non_object': True}}
methods = None
name = 'sudorule'
object_class = ['ipaassociation', 'ipasudorule']
object_class_config = None
object_name = Gettext('sudo rule', domain='ipa', localedir=None)
object_name_plural = Gettext('sudo rules', domain='ipa', localedir=None)
object_not_found_msg = Gettext('%(pkey)s: %(oname)s not found', domain='ipa', localedir=None)
order_not_unique_msg = Gettext('order must be a unique value (%(order)d already used by %(rule)s)', domain='ipa', localedir=None)
params = None
params_minus(*names)

Yield all Param whose name is not in names.

params_minus_pk = None
parent_not_found_msg = Gettext('%(parent)s: %(oname)s not found', domain='ipa', localedir=None)
parent_object = ''
password_attributes = []
permission_filter_objectclasses = ['ipasudorule']
possible_objectclasses = []
primary_key = None
rdn_attribute = 'ipauniqueid'
relationships = {'member': ('Member', '', 'no_'), 'memberindirect': ('Indirect Member', None, 'no_indirect_'), 'membermanager': ('Group membership managed by', 'membermanager_', 'not_membermanager_'), 'memberof': ('Member Of', 'in_', 'not_in_'), 'memberofindirect': ('Indirect Member Of', None, 'not_in_indirect_')}
search_attributes = []
search_attributes_config = None
search_display_attributes = []
summary = 'Sudo Rule object.'
takes_params = (Str('cn', cli_name='sudorule_name', label=Gettext('Rule name', domain='ipa', localedir=None), primary_key=True), Str('description?', cli_name='desc', label=Gettext('Description', domain='ipa', localedir=None)), Bool('ipaenabledflag?', flags=[u'no_option'], label=Gettext('Enabled', domain='ipa', localedir=None)), StrEnum('usercategory?', cli_metavar=u"['all']", cli_name='usercat', doc=Gettext('User category the rule applies to', domain='ipa', localedir=None), label=Gettext('User category', domain='ipa', localedir=None), values=[u'all']), StrEnum('hostcategory?', cli_metavar=u"['all']", cli_name='hostcat', doc=Gettext('Host category the rule applies to', domain='ipa', localedir=None), label=Gettext('Host category', domain='ipa', localedir=None), values=[u'all']), StrEnum('cmdcategory?', cli_metavar=u"['all']", cli_name='cmdcat', doc=Gettext('Command category the rule applies to', domain='ipa', localedir=None), label=Gettext('Command category', domain='ipa', localedir=None), values=[u'all']), StrEnum('ipasudorunasusercategory?', cli_metavar=u"['all']", cli_name='runasusercat', doc=Gettext('RunAs User category the rule applies to', domain='ipa', localedir=None), label=Gettext('RunAs User category', domain='ipa', localedir=None), values=[u'all']), StrEnum('ipasudorunasgroupcategory?', cli_metavar=u"['all']", cli_name='runasgroupcat', doc=Gettext('RunAs Group category the rule applies to', domain='ipa', localedir=None), label=Gettext('RunAs Group category', domain='ipa', localedir=None), values=[u'all']), Int('sudoorder?', cli_name='order', default=0, doc=Gettext('integer to order the Sudo rules', domain='ipa', localedir=None), label=Gettext('Sudo order', domain='ipa', localedir=None), minvalue=0), Str('memberuser_user?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Users', domain='ipa', localedir=None)), Str('memberuser_group?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('User Groups', domain='ipa', localedir=None)), Str('externaluser?', validate_externaluser, cli_name='externaluser', doc=Gettext('External User the rule applies to (sudorule-find only)', domain='ipa', localedir=None), label=Gettext('External User', domain='ipa', localedir=None)), Str('memberhost_host?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Hosts', domain='ipa', localedir=None)), Str('memberhost_hostgroup?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Host Groups', domain='ipa', localedir=None)), Str('hostmask+', validate_hostmask, flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Host Masks', domain='ipa', localedir=None), normalizer=<lambda>), Str('externalhost*', validate_externalhost, flags=[u'no_option'], label=Gettext('External host', domain='ipa', localedir=None)), Str('memberallowcmd_sudocmd?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Sudo Allow Commands', domain='ipa', localedir=None)), Str('memberdenycmd_sudocmd?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Sudo Deny Commands', domain='ipa', localedir=None)), Str('memberallowcmd_sudocmdgroup?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Sudo Allow Command Groups', domain='ipa', localedir=None)), Str('memberdenycmd_sudocmdgroup?', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Sudo Deny Command Groups', domain='ipa', localedir=None)), Str('ipasudorunas_user?', doc=Gettext('Run as a user', domain='ipa', localedir=None), flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('RunAs Users', domain='ipa', localedir=None)), Str('ipasudorunas_group?', doc=Gettext('Run as any user within a specified group', domain='ipa', localedir=None), flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Groups of RunAs Users', domain='ipa', localedir=None)), Str('ipasudorunasextuser?', validate_runasextuser, cli_name='runasexternaluser', doc=Gettext('External User the commands can run as (sudorule-find only)', domain='ipa', localedir=None), label=Gettext('RunAs External User', domain='ipa', localedir=None)), Str('ipasudorunasextusergroup?', cli_name='runasexternalusergroup', doc=Gettext('External Groups of users that the command can run as', domain='ipa', localedir=None), flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('External Groups of RunAs Users', domain='ipa', localedir=None)), Str('ipasudorunasgroup_group?', doc=Gettext('Run with the gid of a specified POSIX group', domain='ipa', localedir=None), flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('RunAs Groups', domain='ipa', localedir=None)), Str('ipasudorunasextgroup?', validate_runasextgroup, cli_name='runasexternalgroup', doc=Gettext('External Group the commands can run as (sudorule-find only)', domain='ipa', localedir=None), label=Gettext('RunAs External Group', domain='ipa', localedir=None)), Str('ipasudoopt*', flags=[u'no_create', u'no_search', u'no_update'], label=Gettext('Sudo Option', domain='ipa', localedir=None)))
uuid_attribute = 'ipauniqueid'
version = '1'