diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2015-06-23 13:42:01 +0200 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-07-02 14:43:44 +0000 |
commit | 76eea85701af80dc972c47e14aecc7a688b9c846 (patch) | |
tree | 00b7cbb9a64c6bf3dea2a905ae22fc88c97a3553 /ipalib/plugins/service.py | |
parent | 53b11b611766d79015e17298f2354b7688437e20 (diff) | |
download | freeipa-76eea85701af80dc972c47e14aecc7a688b9c846.tar.gz freeipa-76eea85701af80dc972c47e14aecc7a688b9c846.tar.xz freeipa-76eea85701af80dc972c47e14aecc7a688b9c846.zip |
new commands to manage user/host/service certificates
A new group of commands is introduced that simplifies adding and removing
binary certificates to entries. A general form of the command is
ipa [user/host/service]-[add/remove]-cert [pkey] --certificate=[BASE64 BLOB]
Part of http://www.freeipa.org/page/V4/User_Certificates and
https://fedorahosted.org/freeipa/ticket/4238
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipalib/plugins/service.py')
-rw-r--r-- | ipalib/plugins/service.py | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 18d7b3e54..a5e10921b 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -861,3 +861,24 @@ class service_disable(LDAPQuery): value=pkey_to_value(keys[0], options), ) + +@register() +class service_add_cert(LDAPAddAttribute): + __doc__ = _('Add new certificates to a service') + msg_summary = _('Added certificates to service principal "%(value)s"') + attribute = 'usercertificate' + + +@register() +class service_remove_cert(LDAPRemoveAttribute): + __doc__ = _('Remove certificates from a service') + msg_summary = _('Removed certificates from service principal "%(value)s"') + attribute = 'usercertificate' + + def post_callback(self, ldap, dn, entry_attrs, *keys, **options): + assert isinstance(dn, DN) + + if 'usercertificate' in options: + revoke_certs(options['usercertificate'], self.log) + + return dn |