diff options
author | Christian Heimes <cheimes@redhat.com> | 2015-08-19 13:32:01 +0200 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-08-19 14:47:58 +0200 |
commit | 89c9feaf93299c96bb227b3705246193a1de1d82 (patch) | |
tree | f08bfd7cd0118383ac20ec424dd3173916111bb1 | |
parent | 4fe994b11f7e5978c969626dedc593b7357b7fd2 (diff) | |
download | freeipa-89c9feaf93299c96bb227b3705246193a1de1d82.tar.gz freeipa-89c9feaf93299c96bb227b3705246193a1de1d82.tar.xz freeipa-89c9feaf93299c96bb227b3705246193a1de1d82.zip |
Add flag to list all service and user vaults
The vault-find plugin has two additional arguments to list all
service vaults or user vaults. Since the name of a vault is only unique
for a particular user or service, the commands also print the vault user
or vault service. The virtual attributes were added in rev
01dd951ddc0181b559eb3dd5ff0336c81e245628.
Example:
$ ipa vault-find --users
----------------
2 vaults matched
----------------
Vault name: myvault
Type: standard
Vault user: admin
Vault name: UserVault
Type: standard
Vault user: admin
----------------------------
Number of entries returned 2
----------------------------
$ ipa vault-find --services
----------------
2 vaults matched
----------------
Vault name: myvault
Type: standard
Vault service: HTTP/ipatest.freeipa.local@FREEIPA.LOCAL
Vault name: myvault
Type: standard
Vault service: ldap/ipatest.freeipa.local@FREEIPA.LOCAL
----------------------------
Number of entries returned 2
----------------------------
https://fedorahosted.org/freeipa/ticket/5150
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
-rw-r--r-- | API.txt | 4 | ||||
-rw-r--r-- | VERSION | 4 | ||||
-rw-r--r-- | ipalib/plugins/vault.py | 48 |
3 files changed, 38 insertions, 18 deletions
@@ -5508,7 +5508,7 @@ output: Output('result', <type 'dict'>, None) output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: ListOfPrimaryKeys('value', None, None) command: vault_find -args: 1,13,4 +args: 1,15,4 arg: Str('criteria?', noextrawhitespace=False) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') option: Str('cn', attribute=True, autofill=False, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=False) @@ -5518,10 +5518,12 @@ option: Flag('no_members', autofill=True, default=False, exclude='webui') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Str('service?') +option: Flag('services?', autofill=True, default=False) option: Flag('shared?', autofill=True, default=False) option: Int('sizelimit?', autofill=False, minvalue=0) option: Int('timelimit?', autofill=False, minvalue=0) option: Str('username?', cli_name='user') +option: Flag('users?', autofill=True, default=False) option: Str('version?', exclude='webui') output: Output('count', <type 'int'>, None) output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None)) @@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000 # # ######################################################## IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=150 -# Last change: pvoborni - change type of vault type option to StrEnum +IPA_API_VERSION_MINOR=151 +# Last change: cheimes - Add flag to list all service and user vaults diff --git a/ipalib/plugins/vault.py b/ipalib/plugins/vault.py index 712e2d5dd..83dc085b5 100644 --- a/ipalib/plugins/vault.py +++ b/ipalib/plugins/vault.py @@ -343,21 +343,11 @@ class vault(LDAPObject): """ Generates vault DN from parameters. """ - service = options.get('service') shared = options.get('shared') user = options.get('username') - count = 0 - if service: - count += 1 - - if shared: - count += 1 - - if user: - count += 1 - + count = (bool(service) + bool(shared) + bool(user)) if count > 1: raise errors.MutuallyExclusiveError( reason=_('Service, shared, and user options ' + @@ -387,8 +377,10 @@ class vault(LDAPObject): parent_dn = DN(('cn', service), ('cn', 'services'), container_dn) elif shared: parent_dn = DN(('cn', 'shared'), container_dn) - else: + elif user: parent_dn = DN(('cn', user), ('cn', 'users'), container_dn) + else: + raise RuntimeError return DN(rdns, parent_dn) @@ -814,7 +806,16 @@ class vault_del(LDAPDelete): class vault_find(LDAPSearch): __doc__ = _('Search for vaults.') - takes_options = LDAPSearch.takes_options + vault_options + takes_options = LDAPSearch.takes_options + vault_options + ( + Flag( + 'services?', + doc=_('List all service vaults'), + ), + Flag( + 'users?', + doc=_('List all user vaults'), + ), + ) has_output_params = LDAPSearch.has_output_params @@ -832,9 +833,26 @@ class vault_find(LDAPSearch): raise errors.InvocationError( format=_('KRA service is not enabled')) - base_dn = self.obj.get_dn(None, **options) + if options.get('users') or options.get('services'): + mutex = ['service', 'services', 'shared', 'username', 'users'] + count = sum(bool(options.get(option)) for option in mutex) + if count > 1: + raise errors.MutuallyExclusiveError( + reason=_('Service(s), shared, and user(s) options ' + + 'cannot be specified simultaneously')) + + scope = ldap.SCOPE_SUBTREE + container_dn = DN(self.obj.container_dn, + self.api.env.basedn) + + if options.get('services'): + base_dn = DN(('cn', 'services'), container_dn) + else: + base_dn = DN(('cn', 'users'), container_dn) + else: + base_dn = self.obj.get_dn(None, **options) - return (filter, base_dn, scope) + return filter, base_dn, scope def post_callback(self, ldap, entries, truncated, *args, **options): for entry in entries: |