diff options
Diffstat (limited to 'install/static/test/data')
-rw-r--r-- | install/static/test/data/aci_find.json | 115 | ||||
-rw-r--r-- | install/static/test/data/delegation_find.json | 35 | ||||
-rw-r--r-- | install/static/test/data/delegation_list.json | 35 | ||||
-rw-r--r-- | install/static/test/data/delegation_mod.json | 21 | ||||
-rw-r--r-- | install/static/test/data/delegation_show.json | 20 | ||||
-rw-r--r-- | install/static/test/data/ipa_init.json | 740 | ||||
-rw-r--r-- | install/static/test/data/permission_add.json | 26 | ||||
-rw-r--r-- | install/static/test/data/permission_del | 9 | ||||
-rw-r--r-- | install/static/test/data/permission_find.json | 887 | ||||
-rw-r--r-- | install/static/test/data/permission_show.json | 41 | ||||
-rw-r--r-- | install/static/test/data/privilege_find.json | 215 | ||||
-rw-r--r-- | install/static/test/data/privilege_show.json | 39 | ||||
-rw-r--r-- | install/static/test/data/role_find.json | 20 | ||||
-rw-r--r-- | install/static/test/data/role_show.json | 36 | ||||
-rw-r--r-- | install/static/test/data/selfservice_find.json | 24 | ||||
-rw-r--r-- | install/static/test/data/selfservice_show.json | 21 |
16 files changed, 2099 insertions, 185 deletions
diff --git a/install/static/test/data/aci_find.json b/install/static/test/data/aci_find.json index 3f0018c8e..23077876b 100644 --- a/install/static/test/data/aci_find.json +++ b/install/static/test/data/aci_find.json @@ -1,64 +1,63 @@ { - "error": null, - "id": 0, + "error": null, + "id": 6, "result": { - "count": 54, + "count": 53, "result": [ - "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey\")(version 3.0;acl \"Enable Anonymous access\";allow (read,search,compare) userdn = \"ldap:///anyone\";)", - "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || ipaUniqueId\")(version 3.0;acl \"Admin can manage any entry\";allow (all) groupdn = \"ldap:///cn=admins,cn=groupss,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword\")(version 3.0;acl \"Self can write own password\";allow (write) userdn = \"ldap:///self\";)", - "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Admins can write passwords\";allow (add,delete,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Password change service can read/write passwords\";allow (read,write) userdn = \"ldap:///krbprincipalname=kadmin/changepw@AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=kerberos,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"userPassword || krbPrincipalKey || krbPasswordExpiration || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"KDC System Account can access passwords\";allow (all) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"KDC System Account can update some fields\";allow (write) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"Only the KDC System Account has access to kerberos material\";allow (read,search,compare) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr != \"aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaUniqueId\")(targetfilter = \"(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfNames)(objectClass=posixGroup))\")(version 3.0;acl \"Account Admins can manage Users and Groups\";allow (add,delete,read,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength\")(targetfilter = \"(objectClass=krbPwdPolicy)\")(version 3.0;acl \"Admins can write password policies\";allow (read,search,compare,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou\")(version 3.0;acl \"Self service\";allow (write) userdn = \"ldap:///self\";)", - "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate status,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Get Certificates status from the CA\";allow (write) groupdn = \"ldap:///cn=certificate_status,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hosts\";allow (add) groupdn = \"ldap:///cn=addhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Users\";allow (delete) groupdn = \"ldap:///cn=removeusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify group membership\";allow (write) groupdn = \"ldap:///cn=modifygroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Services\";allow (add) groupdn = \"ldap:///cn=addservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hosts\";allow (write) groupdn = \"ldap:///cn=modifyhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hosts\";allow (add) groupdn = \"ldap:///cn=addhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Groups\";allow (add) groupdn = \"ldap:///cn=addgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Roles\";allow (write) groupdn = \"ldap:///cn=modifyroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"memberhost || externalhost || memberuser || member\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroup membership\";allow (write) groupdn = \"ldap:///cn=modifynetgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"userCertificate\")(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Services\";allow (write) groupdn = \"ldap:///cn=modifyservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount maps\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount keys\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Services\";allow (delete) groupdn = \"ldap:///cn=removeservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Users\";allow (add) groupdn = \"ldap:///cn=addusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou || mepManagedEntry || objectclass\")(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Users\";allow (write) groupdn = \"ldap:///cn=modifyusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"member\")(target = \"ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add user to default group\";allow (write) groupdn = \"ldap:///cn=add_user_to_default_group,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount keys\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Remove entitlement entries\";allow (delete) groupdn = \"ldap:///cn=removeentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)", - "(targetattr = \"krbPrincipalName || enrolledBy || objectClass\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Enroll a host\";allow (write) groupdn = \"ldap:///cn=enroll_host,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"change_password\";allow (write) groupdn = \"ldap:///cn=change_password,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove netgroups\";allow (delete) groupdn = \"ldap:///cn=removenetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"description\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroups\";allow (write) groupdn = \"ldap:///cn=modifynetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify role group membership\";allow (write) groupdn = \"ldap:///cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"objectClass\")(target = \"ldap:///cn=request certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Request Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=request_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"userCertificate\")(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Modify entitlements\";allow (write) groupdn = \"ldap:///cn=modifyentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)", - "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify task group membership\";allow (write) groupdn = \"ldap:///cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Roles\";allow (add) groupdn = \"ldap:///cn=addroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate remove hold,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Certificate Remove Hold\";allow (write) groupdn = \"ldap:///cn=certificate_remove_hold,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Roles\";allow (delete) groupdn = \"ldap:///cn=removeroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount maps\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"cn || description || l || location || nshardwareplatform || nsosversion\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hosts\";allow (write) groupdn = \"ldap:///cn=modifyhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hosts\";allow (delete) groupdn = \"ldap:///cn=removehostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add netgroups\";allow (add) groupdn = \"ldap:///cn=addnetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hosts\";allow (delete) groupdn = \"ldap:///cn=removehosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Add entitlements\";allow (add) groupdn = \"ldap:///cn=addentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)", - "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Groups\";allow (delete) groupdn = \"ldap:///cn=removegroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"objectClass\")(target = \"ldap:///cn=retrieve certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Retrieve Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=retrieve_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"objectClass\")(target = \"ldap:///cn=revoke certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Revoke Certificate\";allow (write) groupdn = \"ldap:///cn=revoke_certificate,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"krbPrincipalKey || krbLastPwdChange\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Manage host keytab\";allow (write) groupdn = \"ldap:///cn=manage_host_keytab,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"cn || description || gidnumber || objectclass || mepManagedBy\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Groups\";allow (write) groupdn = \"ldap:///cn=modifygroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify host group membership\";allow (write) groupdn = \"ldap:///cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey\")(version 3.0;acl \"Enable Anonymous access\";allow (read,search,compare) userdn = \"ldap:///anyone\";)", + "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || ipaUniqueId || memberOf || serverHostName || enrolledBy\")(version 3.0;acl \"Admin can manage any entry\";allow (all) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword\")(version 3.0;acl \"Self can write own password\";allow (write) userdn = \"ldap:///self\";)", + "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Admins can write passwords\";allow (add,delete,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Password change service can read/write passwords\";allow (read,write) userdn = \"ldap:///krbprincipalname=kadmin/changepw@AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=kerberos,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"userPassword || krbPrincipalKey || krbPasswordExpiration || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"KDC System Account can access passwords\";allow (all) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"KDC System Account can update some fields\";allow (write) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"Only the KDC System Account has access to kerberos material\";allow (read,search,compare) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength\")(targetfilter = \"(objectClass=krbPwdPolicy)\")(version 3.0;acl \"Admins can write password policies\";allow (read,search,compare,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou\")(version 3.0;acl \"Self service\";allow (write) userdn = \"ldap:///self\";)", + "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate status,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Get Certificates status from the CA\";allow (write) groupdn = \"ldap:///cn=certificate_status,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Users\";allow (delete) groupdn = \"ldap:///cn=removeusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify group membership\";allow (write) groupdn = \"ldap:///cn=modifygroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Services\";allow (add) groupdn = \"ldap:///cn=addservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"change_password\";allow (write) groupdn = \"ldap:///cn=change_password,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Groups\";allow (add) groupdn = \"ldap:///cn=addgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hostgroups\";allow (write) groupdn = \"ldap:///cn=modifyhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Roles\";allow (write) groupdn = \"ldap:///cn=modifyroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"memberhost || externalhost || memberuser || member\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroup membership\";allow (write) groupdn = \"ldap:///cn=modifynetgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"userCertificate\")(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Services\";allow (write) groupdn = \"ldap:///cn=modifyservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hostgroups\";allow (add) groupdn = \"ldap:///cn=addhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount maps\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount keys\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Services\";allow (delete) groupdn = \"ldap:///cn=removeservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Users\";allow (add) groupdn = \"ldap:///cn=addusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"cn || description || l || location || nshardwareplatform || nsosversion\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hosts\";allow (write) groupdn = \"ldap:///cn=modifyhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"member\")(target = \"ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add user to default group\";allow (write) groupdn = \"ldap:///cn=add_user_to_default_group,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hostgroups\";allow (delete) groupdn = \"ldap:///cn=removehostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Remove entitlement entries\";allow (delete) groupdn = \"ldap:///cn=removeentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)", + "(targetattr = \"krbPrincipalName || enrolledBy || objectClass\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Enroll a host\";allow (write) groupdn = \"ldap:///cn=enroll_host,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hosts\";allow (add) groupdn = \"ldap:///cn=addhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove netgroups\";allow (delete) groupdn = \"ldap:///cn=removenetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"description\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroups\";allow (write) groupdn = \"ldap:///cn=modifynetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify role group membership\";allow (write) groupdn = \"ldap:///cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"objectClass\")(target = \"ldap:///cn=request certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Request Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=request_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"userCertificate\")(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Modify entitlements\";allow (write) groupdn = \"ldap:///cn=modifyentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)", + "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify task group membership\";allow (write) groupdn = \"ldap:///cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Roles\";allow (add) groupdn = \"ldap:///cn=addroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate remove hold,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Certificate Remove Hold\";allow (write) groupdn = \"ldap:///cn=certificate_remove_hold,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Roles\";allow (delete) groupdn = \"ldap:///cn=removeroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount maps\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou || mepManagedEntry || objectclass\")(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Users\";allow (write) groupdn = \"ldap:///cn=modifyusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add netgroups\";allow (add) groupdn = \"ldap:///cn=addnetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hosts\";allow (delete) groupdn = \"ldap:///cn=removehosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Add entitlements\";allow (add) groupdn = \"ldap:///cn=addentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)", + "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount keys\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Groups\";allow (delete) groupdn = \"ldap:///cn=removegroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"objectClass\")(target = \"ldap:///cn=retrieve certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Retrieve Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=retrieve_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"objectClass\")(target = \"ldap:///cn=revoke certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Revoke Certificate\";allow (write) groupdn = \"ldap:///cn=revoke_certificate,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"krbPrincipalKey || krbLastPwdChange\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Manage host keytab\";allow (write) groupdn = \"ldap:///cn=manage_host_keytab,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"cn || description || gidnumber || objectclass || mepManagedBy\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Groups\";allow (write) groupdn = \"ldap:///cn=modifygroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify host group membership\";allow (write) groupdn = \"ldap:///cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", "(targetattr = \"objectClass\")(target = \"ldap:///cn=request certificate different host,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Request Certificates from a different host\";allow (write) groupdn = \"ldap:///cn=request_cert_different_host,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)" - ], - "summary": "54 ACIs matched" + ], + "summary": "53 ACIs matched" } }
\ No newline at end of file diff --git a/install/static/test/data/delegation_find.json b/install/static/test/data/delegation_find.json new file mode 100644 index 000000000..82b31fc58 --- /dev/null +++ b/install/static/test/data/delegation_find.json @@ -0,0 +1,35 @@ +{ + "error": null, + "id": 0, + "result": { + "count": 2, + "result": [ + { + "aciname": "delegme", + "attrs": [ + "cn" + ], + "filter": "(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)", + "group": "muppets", + "membergroup": "cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "permissions": [ + "write" + ] + }, + { + "aciname": "m2m", + "attrs": [ + "title" + ], + "filter": "(memberOf=cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)", + "group": "muppets", + "membergroup": "cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "permissions": [ + "write" + ] + } + ], + "summary": "2 delegations matched", + "truncated": false + } +}
\ No newline at end of file diff --git a/install/static/test/data/delegation_list.json b/install/static/test/data/delegation_list.json new file mode 100644 index 000000000..d4d9fc060 --- /dev/null +++ b/install/static/test/data/delegation_list.json @@ -0,0 +1,35 @@ +{ + "error": null, + "id": 0, + "result": { + "count": 2, + "result": [ + { + "aciname": "delegme", + "attrs": [ + "cn" + ], + "filter": "(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)", + "group": "muppets", + "membergroup": "cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "permissions": [ + "write" + ] + }, + { + "aciname": "m2m", + "attrs": [ + "title" + ], + "filter": "(memberOf=cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)", + "group": "muppets", + "membergroup": "cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "permissions": [ + "write" + ] + } + ], + "summary": "2 delegations matched", + "truncated": false + } +}
\ No newline at end of file diff --git a/install/static/test/data/delegation_mod.json b/install/static/test/data/delegation_mod.json new file mode 100644 index 000000000..9f7da68bf --- /dev/null +++ b/install/static/test/data/delegation_mod.json @@ -0,0 +1,21 @@ +{ + "error": null, + "id": 0, + "result": { + "result": { + "aciname": "m2m", + "attrs": [ + "title" + ], + "filter": "(memberOf=cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)", + "group": "muppets", + "membergroup": "cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "permissions": [ + "add", + "delete" + ] + }, + "summary": "Modified delegation \"m2m\"", + "value": "m2m" + } +}
\ No newline at end of file diff --git a/install/static/test/data/delegation_show.json b/install/static/test/data/delegation_show.json new file mode 100644 index 000000000..9444c8750 --- /dev/null +++ b/install/static/test/data/delegation_show.json @@ -0,0 +1,20 @@ +{ + "error": null, + "id": 0, + "result": { + "result": { + "aciname": "delegme", + "attrs": [ + "cn" + ], + "filter": "(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)", + "group": "muppets", + "membergroup": "cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "permissions": [ + "write" + ] + }, + "summary": null, + "value": "delegme" + } +}
\ No newline at end of file diff --git a/install/static/test/data/ipa_init.json b/install/static/test/data/ipa_init.json index 606f84823..3a5301e82 100644 --- a/install/static/test/data/ipa_init.json +++ b/install/static/test/data/ipa_init.json @@ -52,7 +52,7 @@ "alwaysask": false, "attribute": false, "autofill": false, - "class": "Str", + "class": "IA5Str", "cli_name": "key", "cli_short_name": null, "default": null, @@ -78,7 +78,7 @@ "alwaysask": false, "attribute": false, "autofill": false, - "class": "Str", + "class": "IA5Str", "cli_name": "info", "cli_short_name": null, "default": null, @@ -234,7 +234,7 @@ "alwaysask": false, "attribute": false, "autofill": false, - "class": "Str", + "class": "IA5Str", "cli_name": "map", "cli_short_name": null, "default": null, @@ -295,7 +295,7 @@ "ipahomesrootdir", "ipadefaultloginshell", "ipadefaultprimarygroup", - "ipadefaultdomain", + "ipadefaultemaildomain", "ipasearchtimelimit", "ipasearchrecordslimit", "ipausersearchfields", @@ -347,7 +347,7 @@ "alwaysask": false, "attribute": false, "autofill": false, - "class": "Str", + "class": "IA5Str", "cli_name": "homedirectory", "cli_short_name": null, "default": null, @@ -497,7 +497,7 @@ "alwaysask": false, "attribute": false, "autofill": false, - "class": "Str", + "class": "IA5Str", "cli_name": "usersearch", "cli_short_name": null, "default": null, @@ -523,7 +523,7 @@ "alwaysask": false, "attribute": false, "autofill": false, - "class": "Str", + "class": "IA5Str", "cli_name": "groupsearch", "cli_short_name": null, "default": null, @@ -586,7 +586,9 @@ "default": null, "doc": "Base for certificate subjects (OU=Test,O=Example)", "exclude": null, - "flags": [], + "flags": [ + "no_update" + ], "hint": null, "include": null, "label": "Certificate Subject base", @@ -601,6 +603,103 @@ "query": false, "required": false, "type": "unicode" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "List", + "cli_name": "groupobjectclasses", + "cli_short_name": null, + "default": null, + "doc": "Default group objectclassses (comma-separated list)", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Default group objectclasses", + "multivalue": true, + "name": "ipagroupobjectclasses", + "primary_key": false, + "query": false, + "required": false, + "separator": ",", + "skipspace": true, + "type": "tuple" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "List", + "cli_name": "userobjectclasses", + "cli_short_name": null, + "default": null, + "doc": "Default user objectclassses (comma-separated list)", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Default user objectclasses", + "multivalue": true, + "name": "ipauserobjectclasses", + "primary_key": false, + "query": false, + "required": false, + "separator": ",", + "skipspace": true, + "type": "tuple" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Int", + "cli_name": "pwdexpnotify", + "cli_short_name": null, + "default": null, + "doc": "Password Expiration Notification (days)", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Password Expiration Notification", + "maxvalue": null, + "minvalue": 0, + "multivalue": false, + "name": "ipapwdexpadvnotify", + "primary_key": false, + "query": false, + "required": false, + "type": "int" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Str", + "cli_name": "ipaconfigstring", + "cli_short_name": null, + "default": null, + "doc": "Extra hashes to generate in password plugin", + "exclude": null, + "flags": [ + "no_update" + ], + "hint": null, + "include": null, + "label": "Password plugin features", + "length": null, + "maxlength": null, + "minlength": null, + "multivalue": false, + "name": "ipaconfigstring", + "pattern": null, + "pattern_errmsg": null, + "primary_key": false, + "query": false, + "required": false, + "type": "unicode" } ], "uuid_attribute": "" @@ -1614,6 +1713,151 @@ ], "uuid_attribute": "" }, + "delegation": { + "bindable": false, + "label": "Delegation", + "methods": [ + "add", + "del", + "find", + "mod", + "show" + ], + "name": "delegation", + "object_name": [ + "delegation" + ], + "object_name_plural": [ + "delegation" + ], + "primary_key": "aciname", + "takes_params": [ + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Str", + "cli_name": "name", + "cli_short_name": null, + "default": null, + "doc": "Delegation name", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Delegation name", + "length": null, + "maxlength": null, + "minlength": null, + "multivalue": false, + "name": "aciname", + "pattern": null, + "pattern_errmsg": null, + "primary_key": true, + "query": false, + "required": true, + "type": "unicode" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "List", + "cli_name": "permissions", + "cli_short_name": null, + "default": null, + "doc": "Comma-separated list of permissions to grant (read, write). Default is write.", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Permissions", + "multivalue": true, + "name": "permissions", + "primary_key": false, + "query": false, + "required": false, + "separator": ",", + "skipspace": true, + "type": "tuple" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "List", + "cli_name": "attrs", + "cli_short_name": null, + "default": null, + "doc": "Comma-separated list of attributes", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Attributes", + "multivalue": true, + "name": "attrs", + "primary_key": false, + "query": false, + "required": true, + "separator": ",", + "skipspace": true, + "type": "tuple" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Str", + "cli_name": "membergroup", + "cli_short_name": null, + "default": null, + "doc": "User group to apply delegation to", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Member user group", + "length": null, + "maxlength": null, + "minlength": null, + "multivalue": false, + "name": "memberof", + "pattern": null, + "pattern_errmsg": null, + "primary_key": false, + "query": false, + "required": true, + "type": "unicode" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Str", + "cli_name": "group", + "cli_short_name": null, + "default": null, + "doc": "User group ACI grants access to", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "User group", + "length": null, + "maxlength": null, + "minlength": null, + "multivalue": false, + "name": "group", + "pattern": null, + "pattern_errmsg": null, + "primary_key": false, + "query": false, + "required": true, + "type": "unicode" + } + ] + }, "dns": { "default_attributes": [ "idnsname", @@ -4887,7 +5131,7 @@ "objectclass", "aci" ], - "label": "Role Groups", + "label": "Role", "methods": [ "add", "add_member", @@ -4966,6 +5210,99 @@ ], "uuid_attribute": "" }, + "selfservice": { + "bindable": false, + "label": "Self Service Permissions", + "methods": [ + "add", + "del", + "find", + "mod", + "show" + ], + "name": "selfservice", + "object_name": [ + "selfservice" + ], + "object_name_plural": [ + "selfservice" + ], + "primary_key": "aciname", + "takes_params": [ + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Str", + "cli_name": "name", + "cli_short_name": null, + "default": null, + "doc": "Self-Service name", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Self-Service name", + "length": null, + "maxlength": null, + "minlength": null, + "multivalue": false, + "name": "aciname", + "pattern": null, + "pattern_errmsg": null, + "primary_key": true, + "query": false, + "required": true, + "type": "unicode" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "List", + "cli_name": "permissions", + "cli_short_name": null, + "default": null, + "doc": "Comma-separated list of permissions to grant (read, write). Default is write.", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Permissions", + "multivalue": true, + "name": "permissions", + "primary_key": false, + "query": false, + "required": false, + "separator": ",", + "skipspace": true, + "type": "tuple" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "List", + "cli_name": "attrs", + "cli_short_name": null, + "default": null, + "doc": "Comma-separated list of attributes", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Attributes", + "multivalue": true, + "name": "attrs", + "primary_key": false, + "query": false, + "required": true, + "separator": ",", + "skipspace": true, + "type": "tuple" + } + ] + }, "service": { "aciattrs": [ "ipaUniqueID", @@ -5388,6 +5725,12 @@ "memberUser" ], "attribute_members": { + "ipasudorunas": [ + "user" + ], + "ipasudorunasgroup": [ + "group" + ], "memberallowcmd": [ "sudocmd", "sudocmdgroup" @@ -5409,7 +5752,15 @@ "container_dn": "cn=sudorules", "default_attributes": [ "cn", - "description" + "ipaenabledflag", + "description", + "usercategory", + "hostcategory", + "cmdcategory", + "memberuser", + "memberhost", + "memberallowcmd", + "memberdenycmd" ], "hidden_attributes": [ "objectclass", @@ -5421,13 +5772,19 @@ "add_allow_command", "add_deny_command", "add_host", + "add_runasgroup", + "add_runasuser", "add_user", "del", + "disable", + "enable", "find", "mod", "remove_allow_command", "remove_deny_command", "remove_host", + "remove_runasgroup", + "remove_runasuser", "remove_user", "show" ], @@ -5498,6 +5855,89 @@ { "alwaysask": false, "attribute": false, + "autofill": true, + "class": "Flag", + "cli_name": "ipaenabledflag", + "cli_short_name": null, + "default": false, + "doc": "Enabled", + "exclude": null, + "falsehoods": [ + 0, + "0", + "false" + ], + "flags": [ + "no_update", + "no_create", + "no_search" + ], + "hint": null, + "include": null, + "label": "Enabled", + "multivalue": false, + "name": "ipaenabledflag", + "primary_key": false, + "query": false, + "required": false, + "truths": [ + "1", + 1, + "true" + ], + "type": "bool" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "StrEnum", + "cli_name": "usercat", + "cli_short_name": null, + "default": null, + "doc": "User category the rule applies to", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "User category", + "multivalue": false, + "name": "usercategory", + "primary_key": false, + "query": false, + "required": false, + "type": "unicode", + "values": [ + "all" + ] + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "StrEnum", + "cli_name": "hostcat", + "cli_short_name": null, + "default": null, + "doc": "Host category the rule applies to", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Host category", + "multivalue": false, + "name": "hostcategory", + "primary_key": false, + "query": false, + "required": false, + "type": "unicode", + "values": [ + "all" + ] + }, + { + "alwaysask": false, + "attribute": false, "autofill": false, "class": "StrEnum", "cli_name": "cmdcat", @@ -5523,6 +5963,54 @@ "alwaysask": false, "attribute": false, "autofill": false, + "class": "StrEnum", + "cli_name": "runasusercat", + "cli_short_name": null, + "default": null, + "doc": "Run As User category the rule applies to", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Run As User category", + "multivalue": false, + "name": "ipasudorunasusercategory", + "primary_key": false, + "query": false, + "required": false, + "type": "unicode", + "values": [ + "all" + ] + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "StrEnum", + "cli_name": "runasgroupcat", + "cli_short_name": null, + "default": null, + "doc": "Run As Group category the rule applies to", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Run As Group category", + "multivalue": false, + "name": "ipasudorunasgroupcategory", + "primary_key": false, + "query": false, + "required": false, + "type": "unicode", + "values": [ + "all" + ] + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, "class": "Str", "cli_name": "memberuser_user", "cli_short_name": null, @@ -5728,6 +6216,66 @@ "query": false, "required": false, "type": "unicode" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Str", + "cli_name": "ipasudorunas_user", + "cli_short_name": null, + "default": null, + "doc": "Run As User", + "exclude": null, + "flags": [ + "no_update", + "no_create", + "no_search" + ], + "hint": null, + "include": null, + "label": "Run As User", + "length": null, + "maxlength": null, + "minlength": null, + "multivalue": false, + "name": "ipasudorunas_user", + "pattern": null, + "pattern_errmsg": null, + "primary_key": false, + "query": false, + "required": false, + "type": "unicode" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Str", + "cli_name": "ipasudorunasgroup_group", + "cli_short_name": null, + "default": null, + "doc": "Run As Group", + "exclude": null, + "flags": [ + "no_update", + "no_create", + "no_search" + ], + "hint": null, + "include": null, + "label": "Run As Group", + "length": null, + "maxlength": null, + "minlength": null, + "multivalue": false, + "name": "ipasudorunasgroup_group", + "pattern": null, + "pattern_errmsg": null, + "primary_key": false, + "query": false, + "required": false, + "type": "unicode" } ], "uuid_attribute": "ipauniqueid" @@ -5742,139 +6290,77 @@ "gidNumber", "uidNumber", "homeDirectory", - "radiusRealm", - "radiusSimultaneousUse", - "radiusProxyToRealm", - "radiusReplicateToRealm", - "radiusStripUserName", - "dialupAccess", - "radiusLoginTime", - "radiusUserCategory", - "radiusExpiration", - "radiusCheckItem", - "roomNumber", - "photo", - "mail", - "krbLastPwdChange", + "manager", + "userCertificate", + "homePostalAddress", "krbLoginFailedCount", + "krbLastSuccessfulAuth", + "title", "userSMIMECertificate", - "radiusNASIpAddress", - "radiusReplyItem", - "jpegPhoto", - "krbPrincipalAliases", - "telexNumber", - "telephoneNumber", - "facsimileTelephoneNumber", - "teletexTerminalIdentifier", - "internationalISDNNumber", - "x121Address", - "destinationIndicator", - "registeredAddress", - "radiusTunnelType", - "krbPrincipalKey", - "radiusTunnelClientEndpoint", - "radiusVSA", + "krbPrincipalExpiration", + "roomNumber", + "photo", + "description", "krbPrincipalName", - "displayName", - "preferredDeliveryMethod", - "audio", - "preferredLanguage", - "krbExtraData", - "krbCanonicalName", - "radiusLoginIPHost", - "krbTicketFlags", + "mail", + "employeeType", "krbPwdHistory", - "pager", - "mobile", + "carLicense", + "departmentNumber", + "employeeNumber", + "inetUserHttpURL", "memberOf", - "krbUPEnabled", - "krbPrincipalType", - "krbTicketPolicyReference", - "x500UniqueIdentifier", - "krbMaxTicketLife", - "givenName", - "homePostalAddress", - "radiusReplyMessage", - "krbPrincipalExpiration", - "userPKCS12", - "radiusFramedProtocol", - "radiusFramedRoute", - "radiusFramedIPXNetwork", - "radiusFramedMTU", - "radiusFramedIPAddress", - "radiusFramedIPNetmask", - "radiusFramedAppleTalkZone", - "radiusFramedCompression", - "radiusFramedAppleTalkLink", - "radiusFramedAppleTalkNetwork", + "displayName", "st", "street", "l", - "inetUserHttpURL", - "inetUserStatus", + "krbMaxRenewableAge", + "jpegPhoto", + "audio", + "pager", + "secretary", + "preferredLanguage", + "krbExtraData", + "krbCanonicalName", "o", "ou", - "title", - "description", + "seeAlso", + "userPassword", "businessCategory", "postalAddress", "postalCode", "postOfficeBox", "physicalDeliveryOfficeName", + "mobile", "krbPwdPolicyReference", - "secretary", - "homePhone", - "radiusLoginLATGroup", - "krbLastFailedAuth", - "radiusIdleTimeout", - "radiusFramedRouting", - "radiusLoginService", - "radiusLoginLATService", - "radiusLoginLATPort", - "radiusLoginLATNode", - "radiusPasswordRetry", - "radiusLoginTCPPort", - "radiusPortLimit", - "manager", - "radiusTerminationAction", - "radiusTunnelAssignmentId", - "radiusTunnelMediumType", - "radiusTunnelPassword", "labeledURI", - "radiusPrompt", - "radiusServiceType", - "radiusSessionTimeout", - "employeeType", - "radiusTunnelPreference", - "carLicense", - "departmentNumber", - "employeeNumber", - "radiusTunnelPrivateGroupId", - "userCertificate", - "radiusTunnelServerEndpoint", - "seeAlso", - "userPassword", - "radiusClientIPAddress", - "radiusAuthType", - "radiusHint", - "radiusGroupName", - "radiusProfileDn", - "radiusHuntgroupName", - "krbMaxRenewableAge", + "homePhone", "krbPasswordExpiration", - "krbLastSuccessfulAuth", + "inetUserStatus", + "krbLastPwdChange", + "krbMaxTicketLife", + "krbUPEnabled", "loginShell", + "x500UniqueIdentifier", + "krbLastFailedAuth", "gecos", - "radiusCallbackId", - "radiusCallbackNumber", - "radiusCalledStationId", - "radiusCallingStationId", - "radiusArapFeatures", - "radiusArapSecurity", - "radiusArapZoneAccess", + "krbPrincipalKey", + "krbTicketFlags", + "krbPrincipalType", + "userPKCS12", "initials", - "radiusClass", - "radiusFilterId" + "krbTicketPolicyReference", + "givenName", + "preferredDeliveryMethod", + "krbPrincipalAliases", + "telexNumber", + "telephoneNumber", + "facsimileTelephoneNumber", + "teletexTerminalIdentifier", + "internationalISDNNumber", + "x121Address", + "destinationIndicator", + "registeredAddress" ], "attribute_members": { "memberof": [ @@ -6683,19 +7169,19 @@ "Administrator" ], "gidnumber": [ - "2120898932" + "66000000" ], "homedirectory": [ "/home/admin" ], "ipauniqueid": [ - "cc2d5b64-fe52-11df-a795-525400674dcd" + "c9e61ada-0703-11e0-addd-525400674dcd" ], "krblastpwdchange": [ - "20101202203134Z" + "20101213215751Z" ], "krbpasswordexpiration": [ - "20110302203134Z" + "20110313215751Z" ], "krbprincipalname": [ "admin@AYOUNG.BOSTON.DEVEL.REDHAT.COM" @@ -6729,7 +7215,7 @@ "admin" ], "uidnumber": [ - "2120898932" + "66000000" ] } ], diff --git a/install/static/test/data/permission_add.json b/install/static/test/data/permission_add.json new file mode 100644 index 000000000..2235b74c4 --- /dev/null +++ b/install/static/test/data/permission_add.json @@ -0,0 +1,26 @@ +{ + "error": null, + "id": 0, + "result": { + "result": { + "cn": [ + "testperm" + ], + "description": [ + "description" + ], + "dn": "cn=testperm,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "objectclass": [ + "groupofnames", + "top" + ], + "permissions": [ + "read", + "write" + ], + "targetgroup": "ipausers" + }, + "summary": "Added permission \"testperm\"", + "value": "testperm" + } +}
\ No newline at end of file diff --git a/install/static/test/data/permission_del b/install/static/test/data/permission_del new file mode 100644 index 000000000..c11368986 --- /dev/null +++ b/install/static/test/data/permission_del @@ -0,0 +1,9 @@ +{ + "error": null, + "id": 0, + "result": { + "result": true, + "summary": "Deleted permission \"testperm\"", + "value": "testperm" + } +}
\ No newline at end of file diff --git a/install/static/test/data/permission_find.json b/install/static/test/data/permission_find.json new file mode 100644 index 000000000..0cd4d9884 --- /dev/null +++ b/install/static/test/data/permission_find.json @@ -0,0 +1,887 @@ +{ + "error": null, + "id": 0, + "result": { + "count": 47, + "result": [ + { + "cn": [ + "addusers" + ], + "description": [ + "Add Users" + ], + "dn": "cn=addusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "useradmin" + ], + "permissions": [ + "add" + ], + "type": "user" + }, + { + "attrs": [ + "userPassword", + "krbPrincipalKey", + "sambaLMPassword", + "sambaNTPassword", + "passwordHistory" + ], + "cn": [ + "change_password" + ], + "description": [ + "Change a user password" + ], + "dn": "cn=change_password,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "useradmin" + ], + "permissions": [ + "write" + ] + }, + { + "attrs": [ + "member" + ], + "cn": [ + "add_user_to_default_group" + ], + "description": [ + "Add user to default group" + ], + "dn": "cn=add_user_to_default_group,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "useradmin" + ], + "permissions": [ + "write" + ], + "targetgroup": "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "removeusers" + ], + "description": [ + "Remove Users" + ], + "dn": "cn=removeusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "useradmin" + ], + "permissions": [ + "delete" + ], + "type": "user" + }, + { + "attrs": [ + "givenName", + "sn", + "cn", + "displayName", + "title", + "initials", + "loginShell", + "gecos", + "homePhone", + "mobile", + "pager", + "facsimileTelephoneNumber", + "telephoneNumber", + "street", + "roomNumber", + "l", + "st", + "postalCode", + "manager", + "secretary", + "description", + "carLicense", + "labeledURI", + "inetUserHTTPURL", + "seeAlso", + "employeeType", + "businessCategory", + "ou", + "mepManagedEntry", + "objectclass" + ], + "cn": [ + "modifyusers" + ], + "description": [ + "Modify Users" + ], + "dn": "cn=modifyusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "useradmin" + ], + "permissions": [ + "write" + ], + "type": "user" + }, + { + "cn": [ + "addgroups" + ], + "description": [ + "Add Groups" + ], + "dn": "cn=addgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "groupadmin" + ], + "permissions": [ + "add" + ], + "type": "group" + }, + { + "cn": [ + "removegroups" + ], + "description": [ + "Remove Groups" + ], + "dn": "cn=removegroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "groupadmin" + ], + "permissions": [ + "delete" + ], + "type": "group" + }, + { + "attrs": [ + "cn", + "description", + "gidnumber", + "objectclass", + "mepManagedBy", + "ipaUniqueId" + ], + "cn": [ + "modifygroups" + ], + "description": [ + "Modify Groups" + ], + "dn": "cn=modifygroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "groupadmin" + ], + "permissions": [ + "write" + ], + "type": "group" + }, + { + "attrs": [ + "member" + ], + "cn": [ + "modifygroupmembership" + ], + "description": [ + "Modify Group membership" + ], + "dn": "cn=modifygroupmembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "groupadmin" + ], + "permissions": [ + "write" + ], + "type": "group" + }, + { + "cn": [ + "addhosts" + ], + "description": [ + "Add Hosts" + ], + "dn": "cn=addhosts,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostadmin" + ], + "permissions": [ + "add" + ], + "type": "host" + }, + { + "cn": [ + "removehosts" + ], + "description": [ + "Remove Hosts" + ], + "dn": "cn=removehosts,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostadmin" + ], + "permissions": [ + "delete" + ], + "type": "host" + }, + { + "attrs": [ + "description", + "l", + "nshostlocation", + "nshardwareplatform", + "nsosversion" + ], + "cn": [ + "modifyhosts" + ], + "description": [ + "Modify Hosts" + ], + "dn": "cn=modifyhosts,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostadmin" + ], + "permissions": [ + "write" + ], + "type": "host" + }, + { + "cn": [ + "addhostgroups" + ], + "description": [ + "Add Hostgroups" + ], + "dn": "cn=addhostgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostgroupadmin" + ], + "permissions": [ + "add" + ], + "type": "hostgroup" + }, + { + "cn": [ + "removehostgroups" + ], + "description": [ + "Remove Hostgroups" + ], + "dn": "cn=removehostgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostgroupadmin" + ], + "permissions": [ + "delete" + ], + "type": "hostgroup" + }, + { + "attrs": [ + "cn", + "description" + ], + "cn": [ + "modifyhostgroups" + ], + "description": [ + "Modify Hostgroups" + ], + "dn": "cn=modifyhostgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostgroupadmin" + ], + "permissions": [ + "write" + ], + "type": "hostgroup" + }, + { + "attrs": [ + "member" + ], + "cn": [ + "modifyhostgroupmembership" + ], + "description": [ + "Modify Hostgroup membership" + ], + "dn": "cn=modifyhostgroupmembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostgroupadmin" + ], + "permissions": [ + "write" + ], + "type": "hostgroup" + }, + { + "cn": [ + "addservices" + ], + "description": [ + "Add Services" + ], + "dn": "cn=addservices,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "serviceadmin" + ], + "permissions": [ + "add" + ], + "type": "service" + }, + { + "cn": [ + "removeservices" + ], + "description": [ + "Remove Services" + ], + "dn": "cn=removeservices,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "serviceadmin" + ], + "permissions": [ + "delete" + ], + "type": "service" + }, + { + "attrs": [ + "userCertificate" + ], + "cn": [ + "modifyservices" + ], + "description": [ + "Modify Services" + ], + "dn": "cn=modifyservices,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "serviceadmin" + ], + "permissions": [ + "write" + ], + "type": "service" + }, + { + "cn": [ + "addroles" + ], + "description": [ + "Add Roles" + ], + "dn": "cn=addroles,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "delegationadmin" + ], + "permissions": [ + "add" + ], + "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "removeroles" + ], + "description": [ + "Remove Roles" + ], + "dn": "cn=removeroles,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "delegationadmin" + ], + "permissions": [ + "delete" + ], + "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "cn", + "description" + ], + "cn": [ + "modifyroles" + ], + "description": [ + "Modify Roles" + ], + "dn": "cn=modifyroles,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "delegationadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "member" + ], + "cn": [ + "modifyrolemembership" + ], + "description": [ + "Modify Role Group membership" + ], + "dn": "cn=modifyrolemembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "delegationadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "member" + ], + "cn": [ + "modifyprivilegemembership" + ], + "description": [ + "Modify privilege membership" + ], + "dn": "cn=modifyprivilegemembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "delegationadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=*,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "addautomountmaps" + ], + "description": [ + "Add Automount maps" + ], + "dn": "cn=addautomountmaps,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "automountadmin" + ], + "permissions": [ + "add" + ], + "subtree": "ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "removeautomountmaps" + ], + "description": [ + "Remove Automount maps" + ], + "dn": "cn=removeautomountmaps,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "automountadmin" + ], + "permissions": [ + "delete" + ], + "subtree": "ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "addautomountkeys" + ], + "description": [ + "Add Automount keys" + ], + "dn": "cn=addautomountkeys,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "automountadmin" + ], + "permissions": [ + "add" + ], + "subtree": "ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "removeautomountkeys" + ], + "description": [ + "Remove Automount keys" + ], + "dn": "cn=removeautomountkeys,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "automountadmin" + ], + "permissions": [ + "delete" + ], + "subtree": "ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "addnetgroups" + ], + "description": [ + "Add netgroups" + ], + "dn": "cn=addnetgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "netgroupadmin" + ], + "permissions": [ + "add" + ], + "type": "netgroup" + }, + { + "cn": [ + "removenetgroups" + ], + "description": [ + "Remove netgroups" + ], + "dn": "cn=removenetgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "netgroupadmin" + ], + "permissions": [ + "delete" + ], + "type": "netgroup" + }, + { + "attrs": [ + "description" + ], + "cn": [ + "modifynetgroups" + ], + "description": [ + "Modify netgroups" + ], + "dn": "cn=modifynetgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "netgroupadmin" + ], + "permissions": [ + "write" + ], + "type": "netgroup" + }, + { + "attrs": [ + "memberhost", + "externalhost", + "memberuser", + "member" + ], + "cn": [ + "modifynetgroupmembership" + ], + "description": [ + "Modify netgroup membership" + ], + "dn": "cn=modifynetgroupmembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "netgroupadmin" + ], + "permissions": [ + "write" + ], + "type": "netgroup" + }, + { + "attrs": [ + "krbPrincipalKey", + "krbLastPwdChange" + ], + "cn": [ + "manage_host_keytab" + ], + "description": [ + "Manage host keytab" + ], + "dn": "cn=manage_host_keytab,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostadmin", + "enrollhost" + ], + "permissions": [ + "write" + ], + "type": "host" + }, + { + "attrs": [ + "krbPrincipalKey", + "krbLastPwdChange" + ], + "cn": [ + "manage_service_keytab" + ], + "description": [ + "Manage service keytab" + ], + "dn": "cn=manage_service_keytab,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "serviceadmin", + "admins" + ], + "permissions": [ + "write" + ], + "type": "service" + }, + { + "attrs": [ + "enrolledBy", + "objectClass" + ], + "cn": [ + "enroll_host" + ], + "description": [ + "Enroll a host" + ], + "dn": "cn=enroll_host,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostadmin", + "enrollhost" + ], + "permissions": [ + "write" + ], + "type": "host" + }, + { + "cn": [ + "managereplica" + ], + "description": [ + "Manage Replication Agreements" + ], + "dn": "cn=managereplica,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "replicaadmin" + ], + "memberindirect": [ + "uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + ] + }, + { + "cn": [ + "deletereplica" + ], + "description": [ + "Delete Replication Agreements" + ], + "dn": "cn=deletereplica,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "replicaadmin" + ], + "memberindirect": [ + "uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + ] + }, + { + "cn": [ + "addentitlements" + ], + "description": [ + "Add Entitlements" + ], + "dn": "cn=addentitlements,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "entitlementadmin" + ], + "permissions": [ + "add" + ], + "subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "removeentitlements" + ], + "description": [ + "Remove Entitlements" + ], + "dn": "cn=removeentitlements,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "entitlementadmin" + ], + "permissions": [ + "delete" + ], + "subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "userCertificate" + ], + "cn": [ + "modifyentitlements" + ], + "description": [ + "Modify Entitlements" + ], + "dn": "cn=modifyentitlements,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "entitlementadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "objectClass" + ], + "cn": [ + "retrieve_certs" + ], + "description": [ + "Retrieve Certificates from the CA" + ], + "dn": "cn=retrieve_certs,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "certadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=retrieve certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "objectClass" + ], + "cn": [ + "request_certs" + ], + "description": [ + "Request Certificates from the CA" + ], + "dn": "cn=request_certs,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "certadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=request certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "objectClass" + ], + "cn": [ + "request_cert_different_host" + ], + "description": [ + "Request Certificates from a different host" + ], + "dn": "cn=request_cert_different_host,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "certadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=request certificate different host,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "objectClass" + ], + "cn": [ + "certificate_status" + ], + "description": [ + "Get Certificates status from the CA" + ], + "dn": "cn=certificate_status,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "certadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=certificate status,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "objectClass" + ], + "cn": [ + "revoke_certificate" + ], + "description": [ + "Revoke Certificate" + ], + "dn": "cn=revoke_certificate,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "certadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=revoke certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "objectClass" + ], + "cn": [ + "certificate_remove_hold" + ], + "description": [ + "Certificate Remove Hold" + ], + "dn": "cn=certificate_remove_hold,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "certadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=certificate remove hold,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "update_dns" + ], + "description": [ + "DNS Servers Updates" + ], + "dn": "cn=update_dns,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "dnsadmin", + "dnsserver" + ], + "memberindirect": [ + "krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + ] + } + ], + "summary": "47 permissions matched", + "truncated": false + } +}
\ No newline at end of file diff --git a/install/static/test/data/permission_show.json b/install/static/test/data/permission_show.json new file mode 100644 index 000000000..ac12ef0e2 --- /dev/null +++ b/install/static/test/data/permission_show.json @@ -0,0 +1,41 @@ +{ + "error": null, + "id": 6, + "result": { + "result": { + "attributelevelrights": { + "aci": "rscwo", + "businesscategory": "rscwo", + "cn": "rscwo", + "description": "rscwo", + "member": "rscwo", + "nsaccountlock": "rscwo", + "o": "rscwo", + "objectclass": "rscwo", + "ou": "rscwo", + "owner": "rscwo", + "seealso": "rscwo" + }, + "cn": [ + "addusers" + ], + "description": [ + "Add Users" + ], + "dn": "cn=addusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member": [ + "cn=useradmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + ], + "objectclass": [ + "top", + "groupofnames" + ], + "permissions": [ + "add" + ], + "type": "user" + }, + "summary": null, + "value": "addusers" + } +}
\ No newline at end of file diff --git a/install/static/test/data/privilege_find.json b/install/static/test/data/privilege_find.json new file mode 100644 index 000000000..c48c4a0e8 --- /dev/null +++ b/install/static/test/data/privilege_find.json @@ -0,0 +1,215 @@ +{ + "error": null, + "id": 0, + "result": { + "count": 14, + "result": [ + { + "cn": [ + "useradmin" + ], + "description": [ + "User Administrators" + ], + "dn": "cn=useradmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addusers", + "change_password", + "add_user_to_default_group", + "removeusers", + "modifyusers" + ] + }, + { + "cn": [ + "groupadmin" + ], + "description": [ + "Group Administrators" + ], + "dn": "cn=groupadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addgroups", + "removegroups", + "modifygroups", + "modifygroupmembership" + ] + }, + { + "cn": [ + "hostadmin" + ], + "description": [ + "Host Administrators" + ], + "dn": "cn=hostadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addhosts", + "removehosts", + "modifyhosts", + "manage_host_keytab", + "enroll_host" + ] + }, + { + "cn": [ + "hostgroupadmin" + ], + "description": [ + "Host Group Administrators" + ], + "dn": "cn=hostgroupadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addhostgroups", + "removehostgroups", + "modifyhostgroups", + "modifyhostgroupmembership" + ] + }, + { + "cn": [ + "delegationadmin" + ], + "description": [ + "Role administration" + ], + "dn": "cn=delegationadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addroles", + "removeroles", + "modifyroles", + "modifyrolemembership", + "modifyprivilegemembership" + ] + }, + { + "cn": [ + "serviceadmin" + ], + "description": [ + "Service Administrators" + ], + "dn": "cn=serviceadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addservices", + "removeservices", + "modifyservices", + "manage_service_keytab" + ] + }, + { + "cn": [ + "automountadmin" + ], + "description": [ + "Automount Administrators" + ], + "dn": "cn=automountadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addautomountmaps", + "removeautomountmaps", + "addautomountkeys", + "removeautomountkeys" + ] + }, + { + "cn": [ + "netgroupadmin" + ], + "description": [ + "Netgroups Administrators" + ], + "dn": "cn=netgroupadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addnetgroups", + "removenetgroups", + "modifynetgroups", + "modifynetgroupmembership" + ] + }, + { + "cn": [ + "certadmin" + ], + "description": [ + "Certificate Administrators" + ], + "dn": "cn=certadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "retrieve_certs", + "request_certs", + "request_cert_different_host", + "certificate_status", + "revoke_certificate", + "certificate_remove_hold" + ] + }, + { + "cn": [ + "replicaadmin" + ], + "description": [ + "Replication Administrators" + ], + "dn": "cn=replicaadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberindirect": [ + "uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + ], + "memberof_permission": [ + "managereplica", + "deletereplica" + ] + }, + { + "cn": [ + "enrollhost" + ], + "description": [ + "Host Enrollment" + ], + "dn": "cn=enrollhost,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "manage_host_keytab", + "enroll_host" + ] + }, + { + "cn": [ + "entitlementadmin" + ], + "description": [ + "Entitlement Administrators" + ], + "dn": "cn=entitlementadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addentitlements", + "removeentitlements", + "modifyentitlements" + ] + }, + { + "cn": [ + "dnsadmin" + ], + "description": [ + "DNS Administrators" + ], + "dn": "cn=dnsadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "dnsserver" + ], + "description": [ + "DNS Servers" + ], + "dn": "cn=dnsserver,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberindirect": [ + "krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + ] + } + ], + "summary": "14 privileges matched", + "truncated": false + } +}
\ No newline at end of file diff --git a/install/static/test/data/privilege_show.json b/install/static/test/data/privilege_show.json new file mode 100644 index 000000000..7d9328aa0 --- /dev/null +++ b/install/static/test/data/privilege_show.json @@ -0,0 +1,39 @@ +{ + "error": null, + "id": 0, + "result": { + "result": { + "attributelevelrights": { + "aci": "rscwo", + "businesscategory": "rscwo", + "cn": "rscwo", + "description": "rscwo", + "member": "rscwo", + "memberof": "rsc", + "nsaccountlock": "rscwo", + "o": "rscwo", + "objectclass": "rscwo", + "ou": "rscwo", + "owner": "rscwo", + "seealso": "rscwo" + }, + "cn": [ + "dnsserver" + ], + "description": [ + "DNS Servers" + ], + "dn": "cn=dnsserver,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberindirect": [ + "krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + ], + "objectclass": [ + "top", + "groupofnames", + "nestedgroup" + ] + }, + "summary": null, + "value": "dnsserver" + } +}
\ No newline at end of file diff --git a/install/static/test/data/role_find.json b/install/static/test/data/role_find.json new file mode 100644 index 000000000..af013803c --- /dev/null +++ b/install/static/test/data/role_find.json @@ -0,0 +1,20 @@ +{ + "error": null, + "id": 0, + "result": { + "count": 1, + "result": [ + { + "cn": [ + "helpdesk" + ], + "description": [ + "Helpdesk" + ], + "dn": "cn=helpdesk,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + } + ], + "summary": "1 role matched", + "truncated": false + } +}
\ No newline at end of file diff --git a/install/static/test/data/role_show.json b/install/static/test/data/role_show.json new file mode 100644 index 000000000..9ad8dd689 --- /dev/null +++ b/install/static/test/data/role_show.json @@ -0,0 +1,36 @@ +{ + "error": null, + "id": 0, + "result": { + "result": { + "attributelevelrights": { + "aci": "rscwo", + "businesscategory": "rscwo", + "cn": "rscwo", + "description": "rscwo", + "member": "rscwo", + "memberof": "rsc", + "nsaccountlock": "rscwo", + "o": "rscwo", + "objectclass": "rscwo", + "ou": "rscwo", + "owner": "rscwo", + "seealso": "rscwo" + }, + "cn": [ + "helpdesk" + ], + "description": [ + "Helpdesk" + ], + "dn": "cn=helpdesk,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "objectclass": [ + "top", + "groupofnames", + "nestedgroup" + ] + }, + "summary": null, + "value": "helpdesk" + } +}
\ No newline at end of file diff --git a/install/static/test/data/selfservice_find.json b/install/static/test/data/selfservice_find.json new file mode 100644 index 000000000..91db6e40b --- /dev/null +++ b/install/static/test/data/selfservice_find.json @@ -0,0 +1,24 @@ +{ + "error": null, + "id": 0, + "result": { + "count": 1, + "result": [ + { + "aciname": "Self can write own password", + "attrs": [ + "userPassword", + "krbPrincipalKey", + "sambaLMPassword", + "sambaNTPassword" + ], + "permissions": [ + "write" + ], + "selfaci": true + } + ], + "summary": "1 selfservice matched", + "truncated": false + } +}
\ No newline at end of file diff --git a/install/static/test/data/selfservice_show.json b/install/static/test/data/selfservice_show.json new file mode 100644 index 000000000..358e65924 --- /dev/null +++ b/install/static/test/data/selfservice_show.json @@ -0,0 +1,21 @@ +{ + "error": null, + "id": 0, + "result": { + "result": { + "aciname": "Self can write own password", + "attrs": [ + "userPassword", + "krbPrincipalKey", + "sambaLMPassword", + "sambaNTPassword" + ], + "permissions": [ + "write" + ], + "selfaci": true + }, + "summary": null, + "value": "Self can write own password" + } +}
\ No newline at end of file |