summaryrefslogtreecommitdiffstats
path: root/install/static/test/data
diff options
context:
space:
mode:
Diffstat (limited to 'install/static/test/data')
-rw-r--r--install/static/test/data/aci_find.json115
-rw-r--r--install/static/test/data/delegation_find.json35
-rw-r--r--install/static/test/data/delegation_list.json35
-rw-r--r--install/static/test/data/delegation_mod.json21
-rw-r--r--install/static/test/data/delegation_show.json20
-rw-r--r--install/static/test/data/ipa_init.json740
-rw-r--r--install/static/test/data/permission_add.json26
-rw-r--r--install/static/test/data/permission_del9
-rw-r--r--install/static/test/data/permission_find.json887
-rw-r--r--install/static/test/data/permission_show.json41
-rw-r--r--install/static/test/data/privilege_find.json215
-rw-r--r--install/static/test/data/privilege_show.json39
-rw-r--r--install/static/test/data/role_find.json20
-rw-r--r--install/static/test/data/role_show.json36
-rw-r--r--install/static/test/data/selfservice_find.json24
-rw-r--r--install/static/test/data/selfservice_show.json21
16 files changed, 2099 insertions, 185 deletions
diff --git a/install/static/test/data/aci_find.json b/install/static/test/data/aci_find.json
index 3f0018c8e..23077876b 100644
--- a/install/static/test/data/aci_find.json
+++ b/install/static/test/data/aci_find.json
@@ -1,64 +1,63 @@
{
- "error": null,
- "id": 0,
+ "error": null,
+ "id": 6,
"result": {
- "count": 54,
+ "count": 53,
"result": [
- "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey\")(version 3.0;acl \"Enable Anonymous access\";allow (read,search,compare) userdn = \"ldap:///anyone\";)",
- "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || ipaUniqueId\")(version 3.0;acl \"Admin can manage any entry\";allow (all) groupdn = \"ldap:///cn=admins,cn=groupss,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword\")(version 3.0;acl \"Self can write own password\";allow (write) userdn = \"ldap:///self\";)",
- "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Admins can write passwords\";allow (add,delete,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Password change service can read/write passwords\";allow (read,write) userdn = \"ldap:///krbprincipalname=kadmin/changepw@AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=kerberos,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"userPassword || krbPrincipalKey || krbPasswordExpiration || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"KDC System Account can access passwords\";allow (all) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"KDC System Account can update some fields\";allow (write) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"Only the KDC System Account has access to kerberos material\";allow (read,search,compare) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr != \"aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaUniqueId\")(targetfilter = \"(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfNames)(objectClass=posixGroup))\")(version 3.0;acl \"Account Admins can manage Users and Groups\";allow (add,delete,read,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength\")(targetfilter = \"(objectClass=krbPwdPolicy)\")(version 3.0;acl \"Admins can write password policies\";allow (read,search,compare,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou\")(version 3.0;acl \"Self service\";allow (write) userdn = \"ldap:///self\";)",
- "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate status,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Get Certificates status from the CA\";allow (write) groupdn = \"ldap:///cn=certificate_status,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hosts\";allow (add) groupdn = \"ldap:///cn=addhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Users\";allow (delete) groupdn = \"ldap:///cn=removeusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify group membership\";allow (write) groupdn = \"ldap:///cn=modifygroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Services\";allow (add) groupdn = \"ldap:///cn=addservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hosts\";allow (write) groupdn = \"ldap:///cn=modifyhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hosts\";allow (add) groupdn = \"ldap:///cn=addhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Groups\";allow (add) groupdn = \"ldap:///cn=addgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Roles\";allow (write) groupdn = \"ldap:///cn=modifyroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"memberhost || externalhost || memberuser || member\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroup membership\";allow (write) groupdn = \"ldap:///cn=modifynetgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"userCertificate\")(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Services\";allow (write) groupdn = \"ldap:///cn=modifyservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount maps\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount keys\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Services\";allow (delete) groupdn = \"ldap:///cn=removeservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Users\";allow (add) groupdn = \"ldap:///cn=addusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou || mepManagedEntry || objectclass\")(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Users\";allow (write) groupdn = \"ldap:///cn=modifyusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"member\")(target = \"ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add user to default group\";allow (write) groupdn = \"ldap:///cn=add_user_to_default_group,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount keys\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Remove entitlement entries\";allow (delete) groupdn = \"ldap:///cn=removeentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
- "(targetattr = \"krbPrincipalName || enrolledBy || objectClass\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Enroll a host\";allow (write) groupdn = \"ldap:///cn=enroll_host,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"change_password\";allow (write) groupdn = \"ldap:///cn=change_password,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove netgroups\";allow (delete) groupdn = \"ldap:///cn=removenetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"description\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroups\";allow (write) groupdn = \"ldap:///cn=modifynetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify role group membership\";allow (write) groupdn = \"ldap:///cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"objectClass\")(target = \"ldap:///cn=request certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Request Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=request_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"userCertificate\")(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Modify entitlements\";allow (write) groupdn = \"ldap:///cn=modifyentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
- "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify task group membership\";allow (write) groupdn = \"ldap:///cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Roles\";allow (add) groupdn = \"ldap:///cn=addroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate remove hold,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Certificate Remove Hold\";allow (write) groupdn = \"ldap:///cn=certificate_remove_hold,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Roles\";allow (delete) groupdn = \"ldap:///cn=removeroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount maps\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"cn || description || l || location || nshardwareplatform || nsosversion\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hosts\";allow (write) groupdn = \"ldap:///cn=modifyhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hosts\";allow (delete) groupdn = \"ldap:///cn=removehostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add netgroups\";allow (add) groupdn = \"ldap:///cn=addnetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hosts\";allow (delete) groupdn = \"ldap:///cn=removehosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Add entitlements\";allow (add) groupdn = \"ldap:///cn=addentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
- "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Groups\";allow (delete) groupdn = \"ldap:///cn=removegroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"objectClass\")(target = \"ldap:///cn=retrieve certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Retrieve Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=retrieve_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"objectClass\")(target = \"ldap:///cn=revoke certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Revoke Certificate\";allow (write) groupdn = \"ldap:///cn=revoke_certificate,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"krbPrincipalKey || krbLastPwdChange\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Manage host keytab\";allow (write) groupdn = \"ldap:///cn=manage_host_keytab,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"cn || description || gidnumber || objectclass || mepManagedBy\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Groups\";allow (write) groupdn = \"ldap:///cn=modifygroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify host group membership\";allow (write) groupdn = \"ldap:///cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey\")(version 3.0;acl \"Enable Anonymous access\";allow (read,search,compare) userdn = \"ldap:///anyone\";)",
+ "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || ipaUniqueId || memberOf || serverHostName || enrolledBy\")(version 3.0;acl \"Admin can manage any entry\";allow (all) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword\")(version 3.0;acl \"Self can write own password\";allow (write) userdn = \"ldap:///self\";)",
+ "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Admins can write passwords\";allow (add,delete,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Password change service can read/write passwords\";allow (read,write) userdn = \"ldap:///krbprincipalname=kadmin/changepw@AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=kerberos,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"userPassword || krbPrincipalKey || krbPasswordExpiration || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"KDC System Account can access passwords\";allow (all) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"KDC System Account can update some fields\";allow (write) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"Only the KDC System Account has access to kerberos material\";allow (read,search,compare) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength\")(targetfilter = \"(objectClass=krbPwdPolicy)\")(version 3.0;acl \"Admins can write password policies\";allow (read,search,compare,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou\")(version 3.0;acl \"Self service\";allow (write) userdn = \"ldap:///self\";)",
+ "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate status,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Get Certificates status from the CA\";allow (write) groupdn = \"ldap:///cn=certificate_status,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Users\";allow (delete) groupdn = \"ldap:///cn=removeusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify group membership\";allow (write) groupdn = \"ldap:///cn=modifygroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Services\";allow (add) groupdn = \"ldap:///cn=addservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"change_password\";allow (write) groupdn = \"ldap:///cn=change_password,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Groups\";allow (add) groupdn = \"ldap:///cn=addgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hostgroups\";allow (write) groupdn = \"ldap:///cn=modifyhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Roles\";allow (write) groupdn = \"ldap:///cn=modifyroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"memberhost || externalhost || memberuser || member\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroup membership\";allow (write) groupdn = \"ldap:///cn=modifynetgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"userCertificate\")(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Services\";allow (write) groupdn = \"ldap:///cn=modifyservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hostgroups\";allow (add) groupdn = \"ldap:///cn=addhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount maps\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount keys\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Services\";allow (delete) groupdn = \"ldap:///cn=removeservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Users\";allow (add) groupdn = \"ldap:///cn=addusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"cn || description || l || location || nshardwareplatform || nsosversion\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hosts\";allow (write) groupdn = \"ldap:///cn=modifyhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"member\")(target = \"ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add user to default group\";allow (write) groupdn = \"ldap:///cn=add_user_to_default_group,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hostgroups\";allow (delete) groupdn = \"ldap:///cn=removehostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Remove entitlement entries\";allow (delete) groupdn = \"ldap:///cn=removeentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
+ "(targetattr = \"krbPrincipalName || enrolledBy || objectClass\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Enroll a host\";allow (write) groupdn = \"ldap:///cn=enroll_host,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hosts\";allow (add) groupdn = \"ldap:///cn=addhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove netgroups\";allow (delete) groupdn = \"ldap:///cn=removenetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"description\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroups\";allow (write) groupdn = \"ldap:///cn=modifynetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify role group membership\";allow (write) groupdn = \"ldap:///cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"objectClass\")(target = \"ldap:///cn=request certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Request Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=request_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"userCertificate\")(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Modify entitlements\";allow (write) groupdn = \"ldap:///cn=modifyentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
+ "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify task group membership\";allow (write) groupdn = \"ldap:///cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Roles\";allow (add) groupdn = \"ldap:///cn=addroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate remove hold,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Certificate Remove Hold\";allow (write) groupdn = \"ldap:///cn=certificate_remove_hold,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Roles\";allow (delete) groupdn = \"ldap:///cn=removeroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount maps\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou || mepManagedEntry || objectclass\")(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Users\";allow (write) groupdn = \"ldap:///cn=modifyusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add netgroups\";allow (add) groupdn = \"ldap:///cn=addnetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hosts\";allow (delete) groupdn = \"ldap:///cn=removehosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Add entitlements\";allow (add) groupdn = \"ldap:///cn=addentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
+ "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount keys\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Groups\";allow (delete) groupdn = \"ldap:///cn=removegroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"objectClass\")(target = \"ldap:///cn=retrieve certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Retrieve Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=retrieve_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"objectClass\")(target = \"ldap:///cn=revoke certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Revoke Certificate\";allow (write) groupdn = \"ldap:///cn=revoke_certificate,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"krbPrincipalKey || krbLastPwdChange\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Manage host keytab\";allow (write) groupdn = \"ldap:///cn=manage_host_keytab,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"cn || description || gidnumber || objectclass || mepManagedBy\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Groups\";allow (write) groupdn = \"ldap:///cn=modifygroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify host group membership\";allow (write) groupdn = \"ldap:///cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"objectClass\")(target = \"ldap:///cn=request certificate different host,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Request Certificates from a different host\";allow (write) groupdn = \"ldap:///cn=request_cert_different_host,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)"
- ],
- "summary": "54 ACIs matched"
+ ],
+ "summary": "53 ACIs matched"
}
} \ No newline at end of file
diff --git a/install/static/test/data/delegation_find.json b/install/static/test/data/delegation_find.json
new file mode 100644
index 000000000..82b31fc58
--- /dev/null
+++ b/install/static/test/data/delegation_find.json
@@ -0,0 +1,35 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "count": 2,
+ "result": [
+ {
+ "aciname": "delegme",
+ "attrs": [
+ "cn"
+ ],
+ "filter": "(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
+ "group": "muppets",
+ "membergroup": "cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "permissions": [
+ "write"
+ ]
+ },
+ {
+ "aciname": "m2m",
+ "attrs": [
+ "title"
+ ],
+ "filter": "(memberOf=cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
+ "group": "muppets",
+ "membergroup": "cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "permissions": [
+ "write"
+ ]
+ }
+ ],
+ "summary": "2 delegations matched",
+ "truncated": false
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/delegation_list.json b/install/static/test/data/delegation_list.json
new file mode 100644
index 000000000..d4d9fc060
--- /dev/null
+++ b/install/static/test/data/delegation_list.json
@@ -0,0 +1,35 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "count": 2,
+ "result": [
+ {
+ "aciname": "delegme",
+ "attrs": [
+ "cn"
+ ],
+ "filter": "(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
+ "group": "muppets",
+ "membergroup": "cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "permissions": [
+ "write"
+ ]
+ },
+ {
+ "aciname": "m2m",
+ "attrs": [
+ "title"
+ ],
+ "filter": "(memberOf=cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
+ "group": "muppets",
+ "membergroup": "cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "permissions": [
+ "write"
+ ]
+ }
+ ],
+ "summary": "2 delegations matched",
+ "truncated": false
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/delegation_mod.json b/install/static/test/data/delegation_mod.json
new file mode 100644
index 000000000..9f7da68bf
--- /dev/null
+++ b/install/static/test/data/delegation_mod.json
@@ -0,0 +1,21 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "result": {
+ "aciname": "m2m",
+ "attrs": [
+ "title"
+ ],
+ "filter": "(memberOf=cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
+ "group": "muppets",
+ "membergroup": "cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "permissions": [
+ "add",
+ "delete"
+ ]
+ },
+ "summary": "Modified delegation \"m2m\"",
+ "value": "m2m"
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/delegation_show.json b/install/static/test/data/delegation_show.json
new file mode 100644
index 000000000..9444c8750
--- /dev/null
+++ b/install/static/test/data/delegation_show.json
@@ -0,0 +1,20 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "result": {
+ "aciname": "delegme",
+ "attrs": [
+ "cn"
+ ],
+ "filter": "(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
+ "group": "muppets",
+ "membergroup": "cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "permissions": [
+ "write"
+ ]
+ },
+ "summary": null,
+ "value": "delegme"
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/ipa_init.json b/install/static/test/data/ipa_init.json
index 606f84823..3a5301e82 100644
--- a/install/static/test/data/ipa_init.json
+++ b/install/static/test/data/ipa_init.json
@@ -52,7 +52,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
- "class": "Str",
+ "class": "IA5Str",
"cli_name": "key",
"cli_short_name": null,
"default": null,
@@ -78,7 +78,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
- "class": "Str",
+ "class": "IA5Str",
"cli_name": "info",
"cli_short_name": null,
"default": null,
@@ -234,7 +234,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
- "class": "Str",
+ "class": "IA5Str",
"cli_name": "map",
"cli_short_name": null,
"default": null,
@@ -295,7 +295,7 @@
"ipahomesrootdir",
"ipadefaultloginshell",
"ipadefaultprimarygroup",
- "ipadefaultdomain",
+ "ipadefaultemaildomain",
"ipasearchtimelimit",
"ipasearchrecordslimit",
"ipausersearchfields",
@@ -347,7 +347,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
- "class": "Str",
+ "class": "IA5Str",
"cli_name": "homedirectory",
"cli_short_name": null,
"default": null,
@@ -497,7 +497,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
- "class": "Str",
+ "class": "IA5Str",
"cli_name": "usersearch",
"cli_short_name": null,
"default": null,
@@ -523,7 +523,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
- "class": "Str",
+ "class": "IA5Str",
"cli_name": "groupsearch",
"cli_short_name": null,
"default": null,
@@ -586,7 +586,9 @@
"default": null,
"doc": "Base for certificate subjects (OU=Test,O=Example)",
"exclude": null,
- "flags": [],
+ "flags": [
+ "no_update"
+ ],
"hint": null,
"include": null,
"label": "Certificate Subject base",
@@ -601,6 +603,103 @@
"query": false,
"required": false,
"type": "unicode"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "List",
+ "cli_name": "groupobjectclasses",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Default group objectclassses (comma-separated list)",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Default group objectclasses",
+ "multivalue": true,
+ "name": "ipagroupobjectclasses",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "separator": ",",
+ "skipspace": true,
+ "type": "tuple"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "List",
+ "cli_name": "userobjectclasses",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Default user objectclassses (comma-separated list)",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Default user objectclasses",
+ "multivalue": true,
+ "name": "ipauserobjectclasses",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "separator": ",",
+ "skipspace": true,
+ "type": "tuple"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Int",
+ "cli_name": "pwdexpnotify",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Password Expiration Notification (days)",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Password Expiration Notification",
+ "maxvalue": null,
+ "minvalue": 0,
+ "multivalue": false,
+ "name": "ipapwdexpadvnotify",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "int"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Str",
+ "cli_name": "ipaconfigstring",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Extra hashes to generate in password plugin",
+ "exclude": null,
+ "flags": [
+ "no_update"
+ ],
+ "hint": null,
+ "include": null,
+ "label": "Password plugin features",
+ "length": null,
+ "maxlength": null,
+ "minlength": null,
+ "multivalue": false,
+ "name": "ipaconfigstring",
+ "pattern": null,
+ "pattern_errmsg": null,
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "unicode"
}
],
"uuid_attribute": ""
@@ -1614,6 +1713,151 @@
],
"uuid_attribute": ""
},
+ "delegation": {
+ "bindable": false,
+ "label": "Delegation",
+ "methods": [
+ "add",
+ "del",
+ "find",
+ "mod",
+ "show"
+ ],
+ "name": "delegation",
+ "object_name": [
+ "delegation"
+ ],
+ "object_name_plural": [
+ "delegation"
+ ],
+ "primary_key": "aciname",
+ "takes_params": [
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Str",
+ "cli_name": "name",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Delegation name",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Delegation name",
+ "length": null,
+ "maxlength": null,
+ "minlength": null,
+ "multivalue": false,
+ "name": "aciname",
+ "pattern": null,
+ "pattern_errmsg": null,
+ "primary_key": true,
+ "query": false,
+ "required": true,
+ "type": "unicode"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "List",
+ "cli_name": "permissions",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Comma-separated list of permissions to grant (read, write). Default is write.",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Permissions",
+ "multivalue": true,
+ "name": "permissions",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "separator": ",",
+ "skipspace": true,
+ "type": "tuple"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "List",
+ "cli_name": "attrs",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Comma-separated list of attributes",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Attributes",
+ "multivalue": true,
+ "name": "attrs",
+ "primary_key": false,
+ "query": false,
+ "required": true,
+ "separator": ",",
+ "skipspace": true,
+ "type": "tuple"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Str",
+ "cli_name": "membergroup",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "User group to apply delegation to",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Member user group",
+ "length": null,
+ "maxlength": null,
+ "minlength": null,
+ "multivalue": false,
+ "name": "memberof",
+ "pattern": null,
+ "pattern_errmsg": null,
+ "primary_key": false,
+ "query": false,
+ "required": true,
+ "type": "unicode"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Str",
+ "cli_name": "group",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "User group ACI grants access to",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "User group",
+ "length": null,
+ "maxlength": null,
+ "minlength": null,
+ "multivalue": false,
+ "name": "group",
+ "pattern": null,
+ "pattern_errmsg": null,
+ "primary_key": false,
+ "query": false,
+ "required": true,
+ "type": "unicode"
+ }
+ ]
+ },
"dns": {
"default_attributes": [
"idnsname",
@@ -4887,7 +5131,7 @@
"objectclass",
"aci"
],
- "label": "Role Groups",
+ "label": "Role",
"methods": [
"add",
"add_member",
@@ -4966,6 +5210,99 @@
],
"uuid_attribute": ""
},
+ "selfservice": {
+ "bindable": false,
+ "label": "Self Service Permissions",
+ "methods": [
+ "add",
+ "del",
+ "find",
+ "mod",
+ "show"
+ ],
+ "name": "selfservice",
+ "object_name": [
+ "selfservice"
+ ],
+ "object_name_plural": [
+ "selfservice"
+ ],
+ "primary_key": "aciname",
+ "takes_params": [
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Str",
+ "cli_name": "name",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Self-Service name",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Self-Service name",
+ "length": null,
+ "maxlength": null,
+ "minlength": null,
+ "multivalue": false,
+ "name": "aciname",
+ "pattern": null,
+ "pattern_errmsg": null,
+ "primary_key": true,
+ "query": false,
+ "required": true,
+ "type": "unicode"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "List",
+ "cli_name": "permissions",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Comma-separated list of permissions to grant (read, write). Default is write.",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Permissions",
+ "multivalue": true,
+ "name": "permissions",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "separator": ",",
+ "skipspace": true,
+ "type": "tuple"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "List",
+ "cli_name": "attrs",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Comma-separated list of attributes",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Attributes",
+ "multivalue": true,
+ "name": "attrs",
+ "primary_key": false,
+ "query": false,
+ "required": true,
+ "separator": ",",
+ "skipspace": true,
+ "type": "tuple"
+ }
+ ]
+ },
"service": {
"aciattrs": [
"ipaUniqueID",
@@ -5388,6 +5725,12 @@
"memberUser"
],
"attribute_members": {
+ "ipasudorunas": [
+ "user"
+ ],
+ "ipasudorunasgroup": [
+ "group"
+ ],
"memberallowcmd": [
"sudocmd",
"sudocmdgroup"
@@ -5409,7 +5752,15 @@
"container_dn": "cn=sudorules",
"default_attributes": [
"cn",
- "description"
+ "ipaenabledflag",
+ "description",
+ "usercategory",
+ "hostcategory",
+ "cmdcategory",
+ "memberuser",
+ "memberhost",
+ "memberallowcmd",
+ "memberdenycmd"
],
"hidden_attributes": [
"objectclass",
@@ -5421,13 +5772,19 @@
"add_allow_command",
"add_deny_command",
"add_host",
+ "add_runasgroup",
+ "add_runasuser",
"add_user",
"del",
+ "disable",
+ "enable",
"find",
"mod",
"remove_allow_command",
"remove_deny_command",
"remove_host",
+ "remove_runasgroup",
+ "remove_runasuser",
"remove_user",
"show"
],
@@ -5498,6 +5855,89 @@
{
"alwaysask": false,
"attribute": false,
+ "autofill": true,
+ "class": "Flag",
+ "cli_name": "ipaenabledflag",
+ "cli_short_name": null,
+ "default": false,
+ "doc": "Enabled",
+ "exclude": null,
+ "falsehoods": [
+ 0,
+ "0",
+ "false"
+ ],
+ "flags": [
+ "no_update",
+ "no_create",
+ "no_search"
+ ],
+ "hint": null,
+ "include": null,
+ "label": "Enabled",
+ "multivalue": false,
+ "name": "ipaenabledflag",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "truths": [
+ "1",
+ 1,
+ "true"
+ ],
+ "type": "bool"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "StrEnum",
+ "cli_name": "usercat",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "User category the rule applies to",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "User category",
+ "multivalue": false,
+ "name": "usercategory",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "unicode",
+ "values": [
+ "all"
+ ]
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "StrEnum",
+ "cli_name": "hostcat",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Host category the rule applies to",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Host category",
+ "multivalue": false,
+ "name": "hostcategory",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "unicode",
+ "values": [
+ "all"
+ ]
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
"autofill": false,
"class": "StrEnum",
"cli_name": "cmdcat",
@@ -5523,6 +5963,54 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
+ "class": "StrEnum",
+ "cli_name": "runasusercat",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Run As User category the rule applies to",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Run As User category",
+ "multivalue": false,
+ "name": "ipasudorunasusercategory",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "unicode",
+ "values": [
+ "all"
+ ]
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "StrEnum",
+ "cli_name": "runasgroupcat",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Run As Group category the rule applies to",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Run As Group category",
+ "multivalue": false,
+ "name": "ipasudorunasgroupcategory",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "unicode",
+ "values": [
+ "all"
+ ]
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
"class": "Str",
"cli_name": "memberuser_user",
"cli_short_name": null,
@@ -5728,6 +6216,66 @@
"query": false,
"required": false,
"type": "unicode"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Str",
+ "cli_name": "ipasudorunas_user",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Run As User",
+ "exclude": null,
+ "flags": [
+ "no_update",
+ "no_create",
+ "no_search"
+ ],
+ "hint": null,
+ "include": null,
+ "label": "Run As User",
+ "length": null,
+ "maxlength": null,
+ "minlength": null,
+ "multivalue": false,
+ "name": "ipasudorunas_user",
+ "pattern": null,
+ "pattern_errmsg": null,
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "unicode"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Str",
+ "cli_name": "ipasudorunasgroup_group",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Run As Group",
+ "exclude": null,
+ "flags": [
+ "no_update",
+ "no_create",
+ "no_search"
+ ],
+ "hint": null,
+ "include": null,
+ "label": "Run As Group",
+ "length": null,
+ "maxlength": null,
+ "minlength": null,
+ "multivalue": false,
+ "name": "ipasudorunasgroup_group",
+ "pattern": null,
+ "pattern_errmsg": null,
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "unicode"
}
],
"uuid_attribute": "ipauniqueid"
@@ -5742,139 +6290,77 @@
"gidNumber",
"uidNumber",
"homeDirectory",
- "radiusRealm",
- "radiusSimultaneousUse",
- "radiusProxyToRealm",
- "radiusReplicateToRealm",
- "radiusStripUserName",
- "dialupAccess",
- "radiusLoginTime",
- "radiusUserCategory",
- "radiusExpiration",
- "radiusCheckItem",
- "roomNumber",
- "photo",
- "mail",
- "krbLastPwdChange",
+ "manager",
+ "userCertificate",
+ "homePostalAddress",
"krbLoginFailedCount",
+ "krbLastSuccessfulAuth",
+ "title",
"userSMIMECertificate",
- "radiusNASIpAddress",
- "radiusReplyItem",
- "jpegPhoto",
- "krbPrincipalAliases",
- "telexNumber",
- "telephoneNumber",
- "facsimileTelephoneNumber",
- "teletexTerminalIdentifier",
- "internationalISDNNumber",
- "x121Address",
- "destinationIndicator",
- "registeredAddress",
- "radiusTunnelType",
- "krbPrincipalKey",
- "radiusTunnelClientEndpoint",
- "radiusVSA",
+ "krbPrincipalExpiration",
+ "roomNumber",
+ "photo",
+ "description",
"krbPrincipalName",
- "displayName",
- "preferredDeliveryMethod",
- "audio",
- "preferredLanguage",
- "krbExtraData",
- "krbCanonicalName",
- "radiusLoginIPHost",
- "krbTicketFlags",
+ "mail",
+ "employeeType",
"krbPwdHistory",
- "pager",
- "mobile",
+ "carLicense",
+ "departmentNumber",
+ "employeeNumber",
+ "inetUserHttpURL",
"memberOf",
- "krbUPEnabled",
- "krbPrincipalType",
- "krbTicketPolicyReference",
- "x500UniqueIdentifier",
- "krbMaxTicketLife",
- "givenName",
- "homePostalAddress",
- "radiusReplyMessage",
- "krbPrincipalExpiration",
- "userPKCS12",
- "radiusFramedProtocol",
- "radiusFramedRoute",
- "radiusFramedIPXNetwork",
- "radiusFramedMTU",
- "radiusFramedIPAddress",
- "radiusFramedIPNetmask",
- "radiusFramedAppleTalkZone",
- "radiusFramedCompression",
- "radiusFramedAppleTalkLink",
- "radiusFramedAppleTalkNetwork",
+ "displayName",
"st",
"street",
"l",
- "inetUserHttpURL",
- "inetUserStatus",
+ "krbMaxRenewableAge",
+ "jpegPhoto",
+ "audio",
+ "pager",
+ "secretary",
+ "preferredLanguage",
+ "krbExtraData",
+ "krbCanonicalName",
"o",
"ou",
- "title",
- "description",
+ "seeAlso",
+ "userPassword",
"businessCategory",
"postalAddress",
"postalCode",
"postOfficeBox",
"physicalDeliveryOfficeName",
+ "mobile",
"krbPwdPolicyReference",
- "secretary",
- "homePhone",
- "radiusLoginLATGroup",
- "krbLastFailedAuth",
- "radiusIdleTimeout",
- "radiusFramedRouting",
- "radiusLoginService",
- "radiusLoginLATService",
- "radiusLoginLATPort",
- "radiusLoginLATNode",
- "radiusPasswordRetry",
- "radiusLoginTCPPort",
- "radiusPortLimit",
- "manager",
- "radiusTerminationAction",
- "radiusTunnelAssignmentId",
- "radiusTunnelMediumType",
- "radiusTunnelPassword",
"labeledURI",
- "radiusPrompt",
- "radiusServiceType",
- "radiusSessionTimeout",
- "employeeType",
- "radiusTunnelPreference",
- "carLicense",
- "departmentNumber",
- "employeeNumber",
- "radiusTunnelPrivateGroupId",
- "userCertificate",
- "radiusTunnelServerEndpoint",
- "seeAlso",
- "userPassword",
- "radiusClientIPAddress",
- "radiusAuthType",
- "radiusHint",
- "radiusGroupName",
- "radiusProfileDn",
- "radiusHuntgroupName",
- "krbMaxRenewableAge",
+ "homePhone",
"krbPasswordExpiration",
- "krbLastSuccessfulAuth",
+ "inetUserStatus",
+ "krbLastPwdChange",
+ "krbMaxTicketLife",
+ "krbUPEnabled",
"loginShell",
+ "x500UniqueIdentifier",
+ "krbLastFailedAuth",
"gecos",
- "radiusCallbackId",
- "radiusCallbackNumber",
- "radiusCalledStationId",
- "radiusCallingStationId",
- "radiusArapFeatures",
- "radiusArapSecurity",
- "radiusArapZoneAccess",
+ "krbPrincipalKey",
+ "krbTicketFlags",
+ "krbPrincipalType",
+ "userPKCS12",
"initials",
- "radiusClass",
- "radiusFilterId"
+ "krbTicketPolicyReference",
+ "givenName",
+ "preferredDeliveryMethod",
+ "krbPrincipalAliases",
+ "telexNumber",
+ "telephoneNumber",
+ "facsimileTelephoneNumber",
+ "teletexTerminalIdentifier",
+ "internationalISDNNumber",
+ "x121Address",
+ "destinationIndicator",
+ "registeredAddress"
],
"attribute_members": {
"memberof": [
@@ -6683,19 +7169,19 @@
"Administrator"
],
"gidnumber": [
- "2120898932"
+ "66000000"
],
"homedirectory": [
"/home/admin"
],
"ipauniqueid": [
- "cc2d5b64-fe52-11df-a795-525400674dcd"
+ "c9e61ada-0703-11e0-addd-525400674dcd"
],
"krblastpwdchange": [
- "20101202203134Z"
+ "20101213215751Z"
],
"krbpasswordexpiration": [
- "20110302203134Z"
+ "20110313215751Z"
],
"krbprincipalname": [
"admin@AYOUNG.BOSTON.DEVEL.REDHAT.COM"
@@ -6729,7 +7215,7 @@
"admin"
],
"uidnumber": [
- "2120898932"
+ "66000000"
]
}
],
diff --git a/install/static/test/data/permission_add.json b/install/static/test/data/permission_add.json
new file mode 100644
index 000000000..2235b74c4
--- /dev/null
+++ b/install/static/test/data/permission_add.json
@@ -0,0 +1,26 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "result": {
+ "cn": [
+ "testperm"
+ ],
+ "description": [
+ "description"
+ ],
+ "dn": "cn=testperm,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "objectclass": [
+ "groupofnames",
+ "top"
+ ],
+ "permissions": [
+ "read",
+ "write"
+ ],
+ "targetgroup": "ipausers"
+ },
+ "summary": "Added permission \"testperm\"",
+ "value": "testperm"
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/permission_del b/install/static/test/data/permission_del
new file mode 100644
index 000000000..c11368986
--- /dev/null
+++ b/install/static/test/data/permission_del
@@ -0,0 +1,9 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "result": true,
+ "summary": "Deleted permission \"testperm\"",
+ "value": "testperm"
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/permission_find.json b/install/static/test/data/permission_find.json
new file mode 100644
index 000000000..0cd4d9884
--- /dev/null
+++ b/install/static/test/data/permission_find.json
@@ -0,0 +1,887 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "count": 47,
+ "result": [
+ {
+ "cn": [
+ "addusers"
+ ],
+ "description": [
+ "Add Users"
+ ],
+ "dn": "cn=addusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "useradmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "type": "user"
+ },
+ {
+ "attrs": [
+ "userPassword",
+ "krbPrincipalKey",
+ "sambaLMPassword",
+ "sambaNTPassword",
+ "passwordHistory"
+ ],
+ "cn": [
+ "change_password"
+ ],
+ "description": [
+ "Change a user password"
+ ],
+ "dn": "cn=change_password,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "useradmin"
+ ],
+ "permissions": [
+ "write"
+ ]
+ },
+ {
+ "attrs": [
+ "member"
+ ],
+ "cn": [
+ "add_user_to_default_group"
+ ],
+ "description": [
+ "Add user to default group"
+ ],
+ "dn": "cn=add_user_to_default_group,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "useradmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "targetgroup": "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "removeusers"
+ ],
+ "description": [
+ "Remove Users"
+ ],
+ "dn": "cn=removeusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "useradmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "type": "user"
+ },
+ {
+ "attrs": [
+ "givenName",
+ "sn",
+ "cn",
+ "displayName",
+ "title",
+ "initials",
+ "loginShell",
+ "gecos",
+ "homePhone",
+ "mobile",
+ "pager",
+ "facsimileTelephoneNumber",
+ "telephoneNumber",
+ "street",
+ "roomNumber",
+ "l",
+ "st",
+ "postalCode",
+ "manager",
+ "secretary",
+ "description",
+ "carLicense",
+ "labeledURI",
+ "inetUserHTTPURL",
+ "seeAlso",
+ "employeeType",
+ "businessCategory",
+ "ou",
+ "mepManagedEntry",
+ "objectclass"
+ ],
+ "cn": [
+ "modifyusers"
+ ],
+ "description": [
+ "Modify Users"
+ ],
+ "dn": "cn=modifyusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "useradmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "user"
+ },
+ {
+ "cn": [
+ "addgroups"
+ ],
+ "description": [
+ "Add Groups"
+ ],
+ "dn": "cn=addgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "groupadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "type": "group"
+ },
+ {
+ "cn": [
+ "removegroups"
+ ],
+ "description": [
+ "Remove Groups"
+ ],
+ "dn": "cn=removegroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "groupadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "type": "group"
+ },
+ {
+ "attrs": [
+ "cn",
+ "description",
+ "gidnumber",
+ "objectclass",
+ "mepManagedBy",
+ "ipaUniqueId"
+ ],
+ "cn": [
+ "modifygroups"
+ ],
+ "description": [
+ "Modify Groups"
+ ],
+ "dn": "cn=modifygroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "groupadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "group"
+ },
+ {
+ "attrs": [
+ "member"
+ ],
+ "cn": [
+ "modifygroupmembership"
+ ],
+ "description": [
+ "Modify Group membership"
+ ],
+ "dn": "cn=modifygroupmembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "groupadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "group"
+ },
+ {
+ "cn": [
+ "addhosts"
+ ],
+ "description": [
+ "Add Hosts"
+ ],
+ "dn": "cn=addhosts,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "type": "host"
+ },
+ {
+ "cn": [
+ "removehosts"
+ ],
+ "description": [
+ "Remove Hosts"
+ ],
+ "dn": "cn=removehosts,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "type": "host"
+ },
+ {
+ "attrs": [
+ "description",
+ "l",
+ "nshostlocation",
+ "nshardwareplatform",
+ "nsosversion"
+ ],
+ "cn": [
+ "modifyhosts"
+ ],
+ "description": [
+ "Modify Hosts"
+ ],
+ "dn": "cn=modifyhosts,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "host"
+ },
+ {
+ "cn": [
+ "addhostgroups"
+ ],
+ "description": [
+ "Add Hostgroups"
+ ],
+ "dn": "cn=addhostgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostgroupadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "type": "hostgroup"
+ },
+ {
+ "cn": [
+ "removehostgroups"
+ ],
+ "description": [
+ "Remove Hostgroups"
+ ],
+ "dn": "cn=removehostgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostgroupadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "type": "hostgroup"
+ },
+ {
+ "attrs": [
+ "cn",
+ "description"
+ ],
+ "cn": [
+ "modifyhostgroups"
+ ],
+ "description": [
+ "Modify Hostgroups"
+ ],
+ "dn": "cn=modifyhostgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostgroupadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "hostgroup"
+ },
+ {
+ "attrs": [
+ "member"
+ ],
+ "cn": [
+ "modifyhostgroupmembership"
+ ],
+ "description": [
+ "Modify Hostgroup membership"
+ ],
+ "dn": "cn=modifyhostgroupmembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostgroupadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "hostgroup"
+ },
+ {
+ "cn": [
+ "addservices"
+ ],
+ "description": [
+ "Add Services"
+ ],
+ "dn": "cn=addservices,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "serviceadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "type": "service"
+ },
+ {
+ "cn": [
+ "removeservices"
+ ],
+ "description": [
+ "Remove Services"
+ ],
+ "dn": "cn=removeservices,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "serviceadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "type": "service"
+ },
+ {
+ "attrs": [
+ "userCertificate"
+ ],
+ "cn": [
+ "modifyservices"
+ ],
+ "description": [
+ "Modify Services"
+ ],
+ "dn": "cn=modifyservices,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "serviceadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "service"
+ },
+ {
+ "cn": [
+ "addroles"
+ ],
+ "description": [
+ "Add Roles"
+ ],
+ "dn": "cn=addroles,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "delegationadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "removeroles"
+ ],
+ "description": [
+ "Remove Roles"
+ ],
+ "dn": "cn=removeroles,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "delegationadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "cn",
+ "description"
+ ],
+ "cn": [
+ "modifyroles"
+ ],
+ "description": [
+ "Modify Roles"
+ ],
+ "dn": "cn=modifyroles,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "delegationadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "member"
+ ],
+ "cn": [
+ "modifyrolemembership"
+ ],
+ "description": [
+ "Modify Role Group membership"
+ ],
+ "dn": "cn=modifyrolemembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "delegationadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "member"
+ ],
+ "cn": [
+ "modifyprivilegemembership"
+ ],
+ "description": [
+ "Modify privilege membership"
+ ],
+ "dn": "cn=modifyprivilegemembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "delegationadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=*,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "addautomountmaps"
+ ],
+ "description": [
+ "Add Automount maps"
+ ],
+ "dn": "cn=addautomountmaps,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "automountadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "subtree": "ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "removeautomountmaps"
+ ],
+ "description": [
+ "Remove Automount maps"
+ ],
+ "dn": "cn=removeautomountmaps,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "automountadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "subtree": "ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "addautomountkeys"
+ ],
+ "description": [
+ "Add Automount keys"
+ ],
+ "dn": "cn=addautomountkeys,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "automountadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "subtree": "ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "removeautomountkeys"
+ ],
+ "description": [
+ "Remove Automount keys"
+ ],
+ "dn": "cn=removeautomountkeys,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "automountadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "subtree": "ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "addnetgroups"
+ ],
+ "description": [
+ "Add netgroups"
+ ],
+ "dn": "cn=addnetgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "netgroupadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "type": "netgroup"
+ },
+ {
+ "cn": [
+ "removenetgroups"
+ ],
+ "description": [
+ "Remove netgroups"
+ ],
+ "dn": "cn=removenetgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "netgroupadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "type": "netgroup"
+ },
+ {
+ "attrs": [
+ "description"
+ ],
+ "cn": [
+ "modifynetgroups"
+ ],
+ "description": [
+ "Modify netgroups"
+ ],
+ "dn": "cn=modifynetgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "netgroupadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "netgroup"
+ },
+ {
+ "attrs": [
+ "memberhost",
+ "externalhost",
+ "memberuser",
+ "member"
+ ],
+ "cn": [
+ "modifynetgroupmembership"
+ ],
+ "description": [
+ "Modify netgroup membership"
+ ],
+ "dn": "cn=modifynetgroupmembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "netgroupadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "netgroup"
+ },
+ {
+ "attrs": [
+ "krbPrincipalKey",
+ "krbLastPwdChange"
+ ],
+ "cn": [
+ "manage_host_keytab"
+ ],
+ "description": [
+ "Manage host keytab"
+ ],
+ "dn": "cn=manage_host_keytab,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostadmin",
+ "enrollhost"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "host"
+ },
+ {
+ "attrs": [
+ "krbPrincipalKey",
+ "krbLastPwdChange"
+ ],
+ "cn": [
+ "manage_service_keytab"
+ ],
+ "description": [
+ "Manage service keytab"
+ ],
+ "dn": "cn=manage_service_keytab,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "serviceadmin",
+ "admins"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "service"
+ },
+ {
+ "attrs": [
+ "enrolledBy",
+ "objectClass"
+ ],
+ "cn": [
+ "enroll_host"
+ ],
+ "description": [
+ "Enroll a host"
+ ],
+ "dn": "cn=enroll_host,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostadmin",
+ "enrollhost"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "host"
+ },
+ {
+ "cn": [
+ "managereplica"
+ ],
+ "description": [
+ "Manage Replication Agreements"
+ ],
+ "dn": "cn=managereplica,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "replicaadmin"
+ ],
+ "memberindirect": [
+ "uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ ]
+ },
+ {
+ "cn": [
+ "deletereplica"
+ ],
+ "description": [
+ "Delete Replication Agreements"
+ ],
+ "dn": "cn=deletereplica,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "replicaadmin"
+ ],
+ "memberindirect": [
+ "uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ ]
+ },
+ {
+ "cn": [
+ "addentitlements"
+ ],
+ "description": [
+ "Add Entitlements"
+ ],
+ "dn": "cn=addentitlements,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "entitlementadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "removeentitlements"
+ ],
+ "description": [
+ "Remove Entitlements"
+ ],
+ "dn": "cn=removeentitlements,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "entitlementadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "userCertificate"
+ ],
+ "cn": [
+ "modifyentitlements"
+ ],
+ "description": [
+ "Modify Entitlements"
+ ],
+ "dn": "cn=modifyentitlements,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "entitlementadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "objectClass"
+ ],
+ "cn": [
+ "retrieve_certs"
+ ],
+ "description": [
+ "Retrieve Certificates from the CA"
+ ],
+ "dn": "cn=retrieve_certs,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "certadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=retrieve certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "objectClass"
+ ],
+ "cn": [
+ "request_certs"
+ ],
+ "description": [
+ "Request Certificates from the CA"
+ ],
+ "dn": "cn=request_certs,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "certadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=request certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "objectClass"
+ ],
+ "cn": [
+ "request_cert_different_host"
+ ],
+ "description": [
+ "Request Certificates from a different host"
+ ],
+ "dn": "cn=request_cert_different_host,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "certadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=request certificate different host,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "objectClass"
+ ],
+ "cn": [
+ "certificate_status"
+ ],
+ "description": [
+ "Get Certificates status from the CA"
+ ],
+ "dn": "cn=certificate_status,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "certadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=certificate status,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "objectClass"
+ ],
+ "cn": [
+ "revoke_certificate"
+ ],
+ "description": [
+ "Revoke Certificate"
+ ],
+ "dn": "cn=revoke_certificate,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "certadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=revoke certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "objectClass"
+ ],
+ "cn": [
+ "certificate_remove_hold"
+ ],
+ "description": [
+ "Certificate Remove Hold"
+ ],
+ "dn": "cn=certificate_remove_hold,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "certadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=certificate remove hold,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "update_dns"
+ ],
+ "description": [
+ "DNS Servers Updates"
+ ],
+ "dn": "cn=update_dns,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "dnsadmin",
+ "dnsserver"
+ ],
+ "memberindirect": [
+ "krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ ]
+ }
+ ],
+ "summary": "47 permissions matched",
+ "truncated": false
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/permission_show.json b/install/static/test/data/permission_show.json
new file mode 100644
index 000000000..ac12ef0e2
--- /dev/null
+++ b/install/static/test/data/permission_show.json
@@ -0,0 +1,41 @@
+{
+ "error": null,
+ "id": 6,
+ "result": {
+ "result": {
+ "attributelevelrights": {
+ "aci": "rscwo",
+ "businesscategory": "rscwo",
+ "cn": "rscwo",
+ "description": "rscwo",
+ "member": "rscwo",
+ "nsaccountlock": "rscwo",
+ "o": "rscwo",
+ "objectclass": "rscwo",
+ "ou": "rscwo",
+ "owner": "rscwo",
+ "seealso": "rscwo"
+ },
+ "cn": [
+ "addusers"
+ ],
+ "description": [
+ "Add Users"
+ ],
+ "dn": "cn=addusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member": [
+ "cn=useradmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ ],
+ "objectclass": [
+ "top",
+ "groupofnames"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "type": "user"
+ },
+ "summary": null,
+ "value": "addusers"
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/privilege_find.json b/install/static/test/data/privilege_find.json
new file mode 100644
index 000000000..c48c4a0e8
--- /dev/null
+++ b/install/static/test/data/privilege_find.json
@@ -0,0 +1,215 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "count": 14,
+ "result": [
+ {
+ "cn": [
+ "useradmin"
+ ],
+ "description": [
+ "User Administrators"
+ ],
+ "dn": "cn=useradmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addusers",
+ "change_password",
+ "add_user_to_default_group",
+ "removeusers",
+ "modifyusers"
+ ]
+ },
+ {
+ "cn": [
+ "groupadmin"
+ ],
+ "description": [
+ "Group Administrators"
+ ],
+ "dn": "cn=groupadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addgroups",
+ "removegroups",
+ "modifygroups",
+ "modifygroupmembership"
+ ]
+ },
+ {
+ "cn": [
+ "hostadmin"
+ ],
+ "description": [
+ "Host Administrators"
+ ],
+ "dn": "cn=hostadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addhosts",
+ "removehosts",
+ "modifyhosts",
+ "manage_host_keytab",
+ "enroll_host"
+ ]
+ },
+ {
+ "cn": [
+ "hostgroupadmin"
+ ],
+ "description": [
+ "Host Group Administrators"
+ ],
+ "dn": "cn=hostgroupadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addhostgroups",
+ "removehostgroups",
+ "modifyhostgroups",
+ "modifyhostgroupmembership"
+ ]
+ },
+ {
+ "cn": [
+ "delegationadmin"
+ ],
+ "description": [
+ "Role administration"
+ ],
+ "dn": "cn=delegationadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addroles",
+ "removeroles",
+ "modifyroles",
+ "modifyrolemembership",
+ "modifyprivilegemembership"
+ ]
+ },
+ {
+ "cn": [
+ "serviceadmin"
+ ],
+ "description": [
+ "Service Administrators"
+ ],
+ "dn": "cn=serviceadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addservices",
+ "removeservices",
+ "modifyservices",
+ "manage_service_keytab"
+ ]
+ },
+ {
+ "cn": [
+ "automountadmin"
+ ],
+ "description": [
+ "Automount Administrators"
+ ],
+ "dn": "cn=automountadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addautomountmaps",
+ "removeautomountmaps",
+ "addautomountkeys",
+ "removeautomountkeys"
+ ]
+ },
+ {
+ "cn": [
+ "netgroupadmin"
+ ],
+ "description": [
+ "Netgroups Administrators"
+ ],
+ "dn": "cn=netgroupadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addnetgroups",
+ "removenetgroups",
+ "modifynetgroups",
+ "modifynetgroupmembership"
+ ]
+ },
+ {
+ "cn": [
+ "certadmin"
+ ],
+ "description": [
+ "Certificate Administrators"
+ ],
+ "dn": "cn=certadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "retrieve_certs",
+ "request_certs",
+ "request_cert_different_host",
+ "certificate_status",
+ "revoke_certificate",
+ "certificate_remove_hold"
+ ]
+ },
+ {
+ "cn": [
+ "replicaadmin"
+ ],
+ "description": [
+ "Replication Administrators"
+ ],
+ "dn": "cn=replicaadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberindirect": [
+ "uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ ],
+ "memberof_permission": [
+ "managereplica",
+ "deletereplica"
+ ]
+ },
+ {
+ "cn": [
+ "enrollhost"
+ ],
+ "description": [
+ "Host Enrollment"
+ ],
+ "dn": "cn=enrollhost,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "manage_host_keytab",
+ "enroll_host"
+ ]
+ },
+ {
+ "cn": [
+ "entitlementadmin"
+ ],
+ "description": [
+ "Entitlement Administrators"
+ ],
+ "dn": "cn=entitlementadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addentitlements",
+ "removeentitlements",
+ "modifyentitlements"
+ ]
+ },
+ {
+ "cn": [
+ "dnsadmin"
+ ],
+ "description": [
+ "DNS Administrators"
+ ],
+ "dn": "cn=dnsadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "dnsserver"
+ ],
+ "description": [
+ "DNS Servers"
+ ],
+ "dn": "cn=dnsserver,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberindirect": [
+ "krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ ]
+ }
+ ],
+ "summary": "14 privileges matched",
+ "truncated": false
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/privilege_show.json b/install/static/test/data/privilege_show.json
new file mode 100644
index 000000000..7d9328aa0
--- /dev/null
+++ b/install/static/test/data/privilege_show.json
@@ -0,0 +1,39 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "result": {
+ "attributelevelrights": {
+ "aci": "rscwo",
+ "businesscategory": "rscwo",
+ "cn": "rscwo",
+ "description": "rscwo",
+ "member": "rscwo",
+ "memberof": "rsc",
+ "nsaccountlock": "rscwo",
+ "o": "rscwo",
+ "objectclass": "rscwo",
+ "ou": "rscwo",
+ "owner": "rscwo",
+ "seealso": "rscwo"
+ },
+ "cn": [
+ "dnsserver"
+ ],
+ "description": [
+ "DNS Servers"
+ ],
+ "dn": "cn=dnsserver,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberindirect": [
+ "krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ ],
+ "objectclass": [
+ "top",
+ "groupofnames",
+ "nestedgroup"
+ ]
+ },
+ "summary": null,
+ "value": "dnsserver"
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/role_find.json b/install/static/test/data/role_find.json
new file mode 100644
index 000000000..af013803c
--- /dev/null
+++ b/install/static/test/data/role_find.json
@@ -0,0 +1,20 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "count": 1,
+ "result": [
+ {
+ "cn": [
+ "helpdesk"
+ ],
+ "description": [
+ "Helpdesk"
+ ],
+ "dn": "cn=helpdesk,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ }
+ ],
+ "summary": "1 role matched",
+ "truncated": false
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/role_show.json b/install/static/test/data/role_show.json
new file mode 100644
index 000000000..9ad8dd689
--- /dev/null
+++ b/install/static/test/data/role_show.json
@@ -0,0 +1,36 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "result": {
+ "attributelevelrights": {
+ "aci": "rscwo",
+ "businesscategory": "rscwo",
+ "cn": "rscwo",
+ "description": "rscwo",
+ "member": "rscwo",
+ "memberof": "rsc",
+ "nsaccountlock": "rscwo",
+ "o": "rscwo",
+ "objectclass": "rscwo",
+ "ou": "rscwo",
+ "owner": "rscwo",
+ "seealso": "rscwo"
+ },
+ "cn": [
+ "helpdesk"
+ ],
+ "description": [
+ "Helpdesk"
+ ],
+ "dn": "cn=helpdesk,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "objectclass": [
+ "top",
+ "groupofnames",
+ "nestedgroup"
+ ]
+ },
+ "summary": null,
+ "value": "helpdesk"
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/selfservice_find.json b/install/static/test/data/selfservice_find.json
new file mode 100644
index 000000000..91db6e40b
--- /dev/null
+++ b/install/static/test/data/selfservice_find.json
@@ -0,0 +1,24 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "count": 1,
+ "result": [
+ {
+ "aciname": "Self can write own password",
+ "attrs": [
+ "userPassword",
+ "krbPrincipalKey",
+ "sambaLMPassword",
+ "sambaNTPassword"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "selfaci": true
+ }
+ ],
+ "summary": "1 selfservice matched",
+ "truncated": false
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/selfservice_show.json b/install/static/test/data/selfservice_show.json
new file mode 100644
index 000000000..358e65924
--- /dev/null
+++ b/install/static/test/data/selfservice_show.json
@@ -0,0 +1,21 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "result": {
+ "aciname": "Self can write own password",
+ "attrs": [
+ "userPassword",
+ "krbPrincipalKey",
+ "sambaLMPassword",
+ "sambaNTPassword"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "selfaci": true
+ },
+ "summary": null,
+ "value": "Self can write own password"
+ }
+} \ No newline at end of file
generated by cgit (git 2.34.1) at 2024-06-12 23:09:10 +0000