Merge 1919f22 into 709ece0

CHANGES.rst

@@ -4,6 +4,19 @@ History
 1.0b7 (unreleased)
 ------------------
 
+- Use property decorators for ``node.ext.ldap._node.LDAPStorage.changed``
+  and ``node.ext.ldap.session.LDAPSession.baseDN``.
+  [rnix]
+
+- Fix signature of ``node.ext.ldap.interfaces.ILDAPStorage.search`` to match
+  the actual implementation in ``node.ext.ldap._node.LDAPStorage.search``.
+  [rnix]
+
+- Fix signature of ``node.ext.ldap.ugm.LDAPPrincipals.search`` according to
+  ``node.ext.ugm.interfaces.IPrincipals.search``. The implementation exposed
+  LDAP related arguments and has been renamed to ``raw_search``.
+  [rnix]
+
 - Add ``exists`` property to ``LDAPStorage``.
   [rnix]
 

src/node/ext/ldap/_node.py

@@ -56,7 +56,7 @@ def __init__(_next, self, name=None, parent=None):
     @default
     def load(self):
         ldap_node = self.parent
-        # nothong to load
+        # nothing to load
         if not ldap_node.name \
                 or not ldap_node.ldap_session \
                 or ldap_node._action == ACTION_ADD:
@@ -140,7 +140,8 @@ def is_multivalued(self, name):
         return name in self.parent.root._multivalued_attributes
 
 
-AttributesBehavior = LDAPAttributesBehavior  # B/C
+# B/C
+AttributesBehavior = LDAPAttributesBehavior
 deprecated('AttributesBehavior', """
 ``node.ext.ldap._node.AttributesBehavior`` is deprecated as of node.ext.ldap
 1.0 and will be removed in node.ext.ldap 1.1. Use
@@ -164,11 +165,8 @@ def __init__(self, name=None, props=None):
         """LDAP Node expects ``name`` and ``props`` arguments for the root LDAP
         Node or nothing for children.
 
-        name
-            Initial base DN for the root LDAP Node.
-
-        props
-            ``node.ext.ldap.LDAPProps`` object.
+        :param name: Initial base DN for the root LDAP Node.
+        :param props: ``node.ext.ldap.LDAPProps`` instance.
         """
         if (name and not props) or (props and not name):
             raise ValueError(u"Wrong initialization.")
@@ -380,11 +378,14 @@ def DN(self):
     def rdn_attr(self):
         return self.name and self.name.split('=')[0] or None
 
-    def _get_changed(self):
+    @property
+    def changed(self):
         return self._changed
 
-    def _set_changed(self, value):
-        """Set the changed flag
+    @default
+    @changed.setter
+    def changed(self, value):
+        """Set the changed flag.
 
         Set:
             - if self.attrs are changed (attrs set us)
@@ -424,8 +425,6 @@ def _set_changed(self, value):
         if self._changed is not oldval and self.parent is not None:
             self.parent.changed = self._changed
 
-    changed = default(property(_get_changed, _set_changed))
-
     @default
     def child_dn(self, key):
         # return child DN for key
@@ -631,7 +630,6 @@ def _ldap_modify(self):
         # modifies attributs of self on the ldap directory.
         modlist = list()
         orgin = self.attributes_factory(name='__attrs__', parent=self)
-
         for key in orgin:
             # MOD_DELETE
             if key not in self.attrs:

src/node/ext/ldap/interfaces.py

@@ -23,84 +23,87 @@ class ILDAPProps(Interface):
     """LDAP properties configuration interface.
     """
 
-    uri = Attribute(u'LDAP URI')
+    uri = Attribute('LDAP URI')
 
-    user = Attribute(u'LDAP User')
+    user = Attribute('LDAP User')
 
-    password = Attribute(u'Bind Password')
+    password = Attribute('Bind Password')
 
-    cache = Attribute(u'Flag wether to use cache or not')
+    cache = Attribute('Flag wether to use cache or not')
 
-    timeout = Attribute(u'Timeout in seconds')
+    timeout = Attribute('Timeout in seconds')
 
-    start_tls = Attribute(u'TLS enabled')
+    start_tls = Attribute('TLS enabled')
 
-    ignore_cert = Attribute(u'Ignore TLS/SSL certificate errors')
+    ignore_cert = Attribute('Ignore TLS/SSL certificate errors')
 
-    tls_cacertfile = Attribute(u'Name of CA Cert file')
+    tls_cacertfile = Attribute('Name of CA Cert file')
 
-    tls_cacertdir = Attribute(u'Path to CA Cert directory')  # unused
+    # XXX
+    # tls_cacertdir = Attribute('Path to CA Cert directory')
 
-    tls_clcertfile = Attribute(u'Name of CL Cert file')  # unused
+    # XXX
+    # tls_clcertfile = Attribute('Name of CL Cert file')
 
-    tls_clkeyfile = Attribute(u'Path to CL key file')  # unused
+    # XXX
+    # tls_clkeyfile = Attribute('Path to CL key file')
 
-    retry_max = Attribute(u'Retry count')
+    retry_max = Attribute('Retry count')
 
-    retry_delay = Attribute(u'Retry delay in seconds')
+    retry_delay = Attribute('Retry delay in seconds')
 
-    multivalued_attributes = Attribute(u'Attributes considered multi valued')
+    multivalued_attributes = Attribute('Attributes considered multi valued')
 
-    binary_attributes = Attribute(u'Attributes considered binary')
+    binary_attributes = Attribute('Attributes considered binary')
 
-    page_size = Attribute(u'Page size for LDAP queries.')
+    page_size = Attribute('Page size for LDAP queries.')
 
 
 class ILDAPPrincipalsConfig(Interface):
     """LDAP principals configuration interface.
     """
 
-    baseDN = Attribute(u'Principals base DN')
+    baseDN = Attribute('Principals base DN')
 
-    attrmap = Attribute(u'Principals Attribute map as ``odict.odict``')
+    attrmap = Attribute('Principals Attribute map as ``odict.odict``')
 
-    scope = Attribute(u'Search scope for principals')
+    scope = Attribute('Search scope for principals')
 
-    queryFilter = Attribute(u'Search Query filter for principals')
+    queryFilter = Attribute('Search Query filter for principals')
 
     # XXX
-    # member_relation = Attribute(u'Optional member relation to be used to '
-    #                             u'speed up groups search, i.e. '
-    #                             u''uid:memberUid'')
+    # member_relation = Attribute('Optional member relation to be used to '
+    #                             'speed up groups search, i.e. '
+    #                             ''uid:memberUid'')
 
-    objectClasses = Attribute(u'Object classes for new principals.')
+    objectClasses = Attribute('Object classes for new principals.')
 
     defaults = Attribute(
-        u'Dict like object containing default values for principal creation.'
-        u'A value could either be static or a callable. This defaults take'
-        u'precedence to defaults detected via set object classes.'
+        'Dict like object containing default values for principal creation.'
+        'A value could either be static or a callable. This defaults take'
+        'precedence to defaults detected via set object classes.'
     )
 
     strict = Attribute(
-        u'Flag whether to initialize Aliaser for LDAP attributes in strict '
-        u'mode. Defaults to True.'
+        'Flag whether to initialize Aliaser for LDAP attributes in strict '
+        'mode. Defaults to True.'
     )
 
     memberOfSupport = Attribute(
-        u'Flag whether to use "memberOf" attribute (AD) or memberOf overlay '
-        u'(openldap) for Group membership resolution where appropriate.'
+        'Flag whether to use "memberOf" attribute (AD) or memberOf overlay '
+        '(openldap) for Group membership resolution where appropriate.'
     )
 
     # XXX: currently expiresAttr only gets considered for user authentication
     #      group and role expiration is not implemented yet.
     expiresAttr = Attribute(
-        u'Attribute containing an expiration timestamp from epoch in UTC. '
-        u'If None, entry never expires.'
+        'Attribute containing an expiration timestamp from epoch in UTC. '
+        'If None, entry never expires.'
     )
 
     expiresUnit = Attribute(
-        u'Expiration unit. Either ``node.ext.ldap.ugm.EXPIRATION_DAYS`` or '
-        u'``EXPIRATION_SECONDS``. defaults to days.'
+        'Expiration unit. Either ``node.ext.ldap.ugm.EXPIRATION_DAYS`` or '
+        '``EXPIRATION_SECONDS``. Defaults to days.'
     )
 
 
@@ -118,73 +121,82 @@ class ILDAPStorage(IStorage):
     """A LDAP Node.
     """
 
-    ldap_session = Attribute(
-        u'``node.ext.ldap.session.LDAPSession`` instance.'
-    )
+    ldap_session = Attribute('``node.ext.ldap.session.LDAPSession`` instance.')
+
+    DN = Attribute('LDAP object DN.')
 
-    DN = Attribute(u'LDAP object DN.')
+    rdn_attr = Attribute('RDN attribute name.')
 
-    # rdn_attr = Attribute(u'RDN attribute name.')
+    changed = Attribute('Flag whether node has been modified.')
 
-    changed = Attribute(u'Flag whether node has been modified.')
+    search_scope = Attribute('Default child search scope')
 
-    search_scope = Attribute(u'Default child search scope')
+    search_filter = Attribute('Default child search filter')
 
-    search_filter = Attribute(u'Default child search filter')
+    search_criteria = Attribute('Default child search criteria')
 
-    search_criteria = Attribute(u'Default child search criteria')
+    search_relation = Attribute('Default child search relation')
 
-    search_relation = Attribute(u'Default child search relation')
+    child_factory = Attribute('Factory used for child node instanciation.')
 
     child_defaults = Attribute(
-        u'Default child attributes. Will be set to all children attributes'
-        u'on __setitem__ if not present yet.'
+        'Default child attributes. Will be set to all children attributes'
+        'on ``__setitem__`` if not present yet.'
     )
 
     def child_dn(key):
         """Return child DN for ``key``.
+
+        :param key: Child key.
         """
 
-    def search(queryFilter=None, criteria=None, relation=None,
-               attrlist=None, exact_match=False, or_search=False):
+    def search(queryFilter=None, criteria=None, attrlist=None,
+               relation=None, relation_node=None, exact_match=False,
+               or_search=False, or_keys=None, or_values=None,
+               page_size=None, cookie=None, get_nodes=False):
         """Search the directors.
 
         All search criteria are additive and will be ``&``ed. ``queryFilter``
         and ``criteria`` further narrow down the search space defined by
         ``self.search_filter``, ``self.search_criteria`` and
         ``self.search_relation``.
 
-        Returns a list of matching keys if ``attrlist`` is None, otherwise a
-        list of 2-tuples containing (key, attrdict).
-
-        queryFilter
-            ldap queryFilter, e.g. ``(objectClass=foo)``, as string or
-            LDAPFilter instance.
-
-        criteria
-            dictionary of attribute value(s) (string or list of string)
-
-        relation
-            the nodes we search has a relation to us.  A relation is defined as
-            a string of attribute pairs:
-            ``<relation> = '<our_attr>:<child_attr>'``.
-            The value of these attributes must match for relation to match.
-            Multiple pairs can be or-joined with.
-
-        attrlist
-            Normally a list of keys is returned. By defining attrlist the
-            return format will be ``[(key, {attr1: [value1, ...]}), ...]``. To
-            get this format without any attributs, i.e. empty dicts in the
-            tuples, specify an empty attrlist. In addition to the normal ldap
-            attributes you can also the request the DN to be included. DN is
-            also the only value in result set as string instead of list.
-
-        exact_match
-            raise ValueError if not one match, return format is a single key or
-            tuple, if attrlist is specified.
-
-        or_search
-            flag whether criteria should be ORer or ANDed. defaults to False.
+        The search result is a list of matching keys if ``attrlist`` is None,
+        otherwise a list of 2-tuples containing (key, attrdict). If
+        ``get_nodes`` is True, the result is either a list of nodes or a list
+        of 2-tuples containing (node, attrdict).
+
+        :param queryFilter: LDAP queryFilter, e.g. ``(objectClass=foo)``, as
+            string or ``LDAPFilter`` instance.
+        :param criteria: Dictionary of attribute value(s) (string or list of
+            string)
+        :param attrlist: Normally a list of keys is returned. By defining
+            attrlist the return format will be
+            ``[(key, {attr1: [value1, ...]}), ...]``. To get this format
+            without any attributs, i.e. empty dicts in the tuples, specify an
+            empty attrlist. In addition to the normal LDAP attributes you can
+            also the request the DN to be included. DN is also the only value
+            in result set as string instead of list.
+        :param relation: The nodes we search has a relation to us. A relation
+            is defined as a string of attribute pairs
+            ``<relation> = '<our_attr>:<child_attr>'``. The value of these
+            attributes must match for relation to match. Multiple pairs can be
+            or-joined with.
+        :param relation_node: Node instance used to create the relation filter.
+            If not defined, ``self`` is used.
+        :param exact_match: Raise ``ValueError`` if not one match, return
+            format is a single key or tuple, if attrlist is specified.
+        :param or_search: Flag whether criteria should be OR-ed or AND-ed.
+            Defaults to False.
+        :param or_keys: Flag whether criteria keys should be OR-ed or AND-ed.
+            Overrides and defaults to ``or_search``.
+        :param or_values: Flag whether criteria values should be OR-ed or
+            AND-ed. Overrides and defaults to ``or_search``.
+        :param page_size: LDAP pagination search size.
+        :param cookie: LDAP pagination search cookie.
+        :param get_nodes: Flag whether to return LDAP nodes in search result.
+        :return result: If no page size defined, return value is the result,
+            otherwise a tuple containing (cookie, result).
         """