summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2016-06-30 15:51:29 +0200
committerJan Cholasta <jcholast@redhat.com>2016-07-01 09:40:04 +0200
commit2cf7c7b4ac2a71457d026d6312cf4fd57b55062b (patch)
tree577732b8c373e377dd66517b9f0c7f72654ed7c8
parentcf713ac28362c40e6414e9bf9701e58e36c07deb (diff)
downloadfreeipa-2cf7c7b4ac2a71457d026d6312cf4fd57b55062b.zip
freeipa-2cf7c7b4ac2a71457d026d6312cf4fd57b55062b.tar.gz
freeipa-2cf7c7b4ac2a71457d026d6312cf4fd57b55062b.tar.xz
client: add support for pre-schema servers
Bundle remote plugin interface definitions for servers which lack API schema support. These server API versions are included: * 2.49: IPA 3.1.0 on RHEL/CentOS 6.5+, * 2.114: IPA 4.1.4 on Fedora 22, * 2.156: IPA 4.2.0 on RHEL/CentOS 7.2 and IPA 4.2.4 on Fedora 23, * 2.164: IPA 4.3.1 on Fedora 23. For servers with other API versions, the closest lower API version is used. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
-rw-r--r--freeipa.spec.in3
-rw-r--r--ipaclient/frontend.py106
-rw-r--r--ipaclient/remote_plugins/2_114/__init__.py15
-rw-r--r--ipaclient/remote_plugins/2_114/aci.py812
-rw-r--r--ipaclient/remote_plugins/2_114/automember.py827
-rw-r--r--ipaclient/remote_plugins/2_114/automount.py1228
-rw-r--r--ipaclient/remote_plugins/2_114/batch.py71
-rw-r--r--ipaclient/remote_plugins/2_114/cert.py376
-rw-r--r--ipaclient/remote_plugins/2_114/config.py408
-rw-r--r--ipaclient/remote_plugins/2_114/delegation.py383
-rw-r--r--ipaclient/remote_plugins/2_114/dns.py5373
-rw-r--r--ipaclient/remote_plugins/2_114/group.py912
-rw-r--r--ipaclient/remote_plugins/2_114/hbacrule.py1305
-rw-r--r--ipaclient/remote_plugins/2_114/hbacsvc.py413
-rw-r--r--ipaclient/remote_plugins/2_114/hbacsvcgroup.py528
-rw-r--r--ipaclient/remote_plugins/2_114/hbactest.py284
-rw-r--r--ipaclient/remote_plugins/2_114/host.py1556
-rw-r--r--ipaclient/remote_plugins/2_114/hostgroup.py709
-rw-r--r--ipaclient/remote_plugins/2_114/idrange.py620
-rw-r--r--ipaclient/remote_plugins/2_114/idviews.py1411
-rw-r--r--ipaclient/remote_plugins/2_114/internal.py92
-rw-r--r--ipaclient/remote_plugins/2_114/join.py64
-rw-r--r--ipaclient/remote_plugins/2_114/krbtpolicy.py266
-rw-r--r--ipaclient/remote_plugins/2_114/migration.py302
-rw-r--r--ipaclient/remote_plugins/2_114/misc.py113
-rw-r--r--ipaclient/remote_plugins/2_114/netgroup.py865
-rw-r--r--ipaclient/remote_plugins/2_114/otpconfig.py206
-rw-r--r--ipaclient/remote_plugins/2_114/otptoken.py893
-rw-r--r--ipaclient/remote_plugins/2_114/otptoken_yubikey.py33
-rw-r--r--ipaclient/remote_plugins/2_114/passwd.py93
-rw-r--r--ipaclient/remote_plugins/2_114/permission.py1045
-rw-r--r--ipaclient/remote_plugins/2_114/ping.py62
-rw-r--r--ipaclient/remote_plugins/2_114/pkinit.py63
-rw-r--r--ipaclient/remote_plugins/2_114/privilege.py656
-rw-r--r--ipaclient/remote_plugins/2_114/pwpolicy.py937
-rw-r--r--ipaclient/remote_plugins/2_114/radiusproxy.py521
-rw-r--r--ipaclient/remote_plugins/2_114/realmdomains.py195
-rw-r--r--ipaclient/remote_plugins/2_114/role.py758
-rw-r--r--ipaclient/remote_plugins/2_114/selfservice.py338
-rw-r--r--ipaclient/remote_plugins/2_114/selinuxusermap.py905
-rw-r--r--ipaclient/remote_plugins/2_114/service.py1100
-rw-r--r--ipaclient/remote_plugins/2_114/session.py626
-rw-r--r--ipaclient/remote_plugins/2_114/sudocmd.py394
-rw-r--r--ipaclient/remote_plugins/2_114/sudocmdgroup.py540
-rw-r--r--ipaclient/remote_plugins/2_114/sudorule.py1774
-rw-r--r--ipaclient/remote_plugins/2_114/trust.py1250
-rw-r--r--ipaclient/remote_plugins/2_114/user.py1623
-rw-r--r--ipaclient/remote_plugins/2_156/__init__.py15
-rw-r--r--ipaclient/remote_plugins/2_156/aci.py812
-rw-r--r--ipaclient/remote_plugins/2_156/automember.py827
-rw-r--r--ipaclient/remote_plugins/2_156/automount.py1228
-rw-r--r--ipaclient/remote_plugins/2_156/batch.py71
-rw-r--r--ipaclient/remote_plugins/2_156/caacl.py1155
-rw-r--r--ipaclient/remote_plugins/2_156/cert.py382
-rw-r--r--ipaclient/remote_plugins/2_156/certprofile.py431
-rw-r--r--ipaclient/remote_plugins/2_156/config.py408
-rw-r--r--ipaclient/remote_plugins/2_156/delegation.py383
-rw-r--r--ipaclient/remote_plugins/2_156/dns.py5148
-rw-r--r--ipaclient/remote_plugins/2_156/domainlevel.py64
-rw-r--r--ipaclient/remote_plugins/2_156/group.py912
-rw-r--r--ipaclient/remote_plugins/2_156/hbacrule.py1305
-rw-r--r--ipaclient/remote_plugins/2_156/hbacsvc.py413
-rw-r--r--ipaclient/remote_plugins/2_156/hbacsvcgroup.py528
-rw-r--r--ipaclient/remote_plugins/2_156/hbactest.py284
-rw-r--r--ipaclient/remote_plugins/2_156/host.py1680
-rw-r--r--ipaclient/remote_plugins/2_156/hostgroup.py709
-rw-r--r--ipaclient/remote_plugins/2_156/idrange.py639
-rw-r--r--ipaclient/remote_plugins/2_156/idviews.py1491
-rw-r--r--ipaclient/remote_plugins/2_156/internal.py92
-rw-r--r--ipaclient/remote_plugins/2_156/join.py64
-rw-r--r--ipaclient/remote_plugins/2_156/krbtpolicy.py266
-rw-r--r--ipaclient/remote_plugins/2_156/migration.py319
-rw-r--r--ipaclient/remote_plugins/2_156/misc.py113
-rw-r--r--ipaclient/remote_plugins/2_156/netgroup.py865
-rw-r--r--ipaclient/remote_plugins/2_156/otpconfig.py206
-rw-r--r--ipaclient/remote_plugins/2_156/otptoken.py893
-rw-r--r--ipaclient/remote_plugins/2_156/otptoken_yubikey.py33
-rw-r--r--ipaclient/remote_plugins/2_156/passwd.py93
-rw-r--r--ipaclient/remote_plugins/2_156/permission.py1099
-rw-r--r--ipaclient/remote_plugins/2_156/ping.py62
-rw-r--r--ipaclient/remote_plugins/2_156/pkinit.py63
-rw-r--r--ipaclient/remote_plugins/2_156/privilege.py656
-rw-r--r--ipaclient/remote_plugins/2_156/pwpolicy.py937
-rw-r--r--ipaclient/remote_plugins/2_156/radiusproxy.py521
-rw-r--r--ipaclient/remote_plugins/2_156/realmdomains.py195
-rw-r--r--ipaclient/remote_plugins/2_156/role.py758
-rw-r--r--ipaclient/remote_plugins/2_156/selfservice.py338
-rw-r--r--ipaclient/remote_plugins/2_156/selinuxusermap.py905
-rw-r--r--ipaclient/remote_plugins/2_156/server.py246
-rw-r--r--ipaclient/remote_plugins/2_156/service.py1225
-rw-r--r--ipaclient/remote_plugins/2_156/servicedelegation.py907
-rw-r--r--ipaclient/remote_plugins/2_156/session.py34
-rw-r--r--ipaclient/remote_plugins/2_156/stageuser.py1492
-rw-r--r--ipaclient/remote_plugins/2_156/sudocmd.py394
-rw-r--r--ipaclient/remote_plugins/2_156/sudocmdgroup.py540
-rw-r--r--ipaclient/remote_plugins/2_156/sudorule.py1774
-rw-r--r--ipaclient/remote_plugins/2_156/topology.py1026
-rw-r--r--ipaclient/remote_plugins/2_156/trust.py1264
-rw-r--r--ipaclient/remote_plugins/2_156/user.py1869
-rw-r--r--ipaclient/remote_plugins/2_156/vault.py1680
-rw-r--r--ipaclient/remote_plugins/2_164/__init__.py15
-rw-r--r--ipaclient/remote_plugins/2_164/aci.py812
-rw-r--r--ipaclient/remote_plugins/2_164/automember.py827
-rw-r--r--ipaclient/remote_plugins/2_164/automount.py1228
-rw-r--r--ipaclient/remote_plugins/2_164/batch.py71
-rw-r--r--ipaclient/remote_plugins/2_164/caacl.py1155
-rw-r--r--ipaclient/remote_plugins/2_164/cert.py382
-rw-r--r--ipaclient/remote_plugins/2_164/certprofile.py431
-rw-r--r--ipaclient/remote_plugins/2_164/config.py408
-rw-r--r--ipaclient/remote_plugins/2_164/delegation.py383
-rw-r--r--ipaclient/remote_plugins/2_164/dns.py5167
-rw-r--r--ipaclient/remote_plugins/2_164/domainlevel.py60
-rw-r--r--ipaclient/remote_plugins/2_164/group.py912
-rw-r--r--ipaclient/remote_plugins/2_164/hbacrule.py1305
-rw-r--r--ipaclient/remote_plugins/2_164/hbacsvc.py413
-rw-r--r--ipaclient/remote_plugins/2_164/hbacsvcgroup.py528
-rw-r--r--ipaclient/remote_plugins/2_164/hbactest.py284
-rw-r--r--ipaclient/remote_plugins/2_164/host.py1680
-rw-r--r--ipaclient/remote_plugins/2_164/hostgroup.py709
-rw-r--r--ipaclient/remote_plugins/2_164/idrange.py639
-rw-r--r--ipaclient/remote_plugins/2_164/idviews.py1491
-rw-r--r--ipaclient/remote_plugins/2_164/internal.py92
-rw-r--r--ipaclient/remote_plugins/2_164/join.py62
-rw-r--r--ipaclient/remote_plugins/2_164/krbtpolicy.py266
-rw-r--r--ipaclient/remote_plugins/2_164/migration.py319
-rw-r--r--ipaclient/remote_plugins/2_164/misc.py113
-rw-r--r--ipaclient/remote_plugins/2_164/netgroup.py865
-rw-r--r--ipaclient/remote_plugins/2_164/otpconfig.py206
-rw-r--r--ipaclient/remote_plugins/2_164/otptoken.py893
-rw-r--r--ipaclient/remote_plugins/2_164/otptoken_yubikey.py33
-rw-r--r--ipaclient/remote_plugins/2_164/passwd.py93
-rw-r--r--ipaclient/remote_plugins/2_164/permission.py1099
-rw-r--r--ipaclient/remote_plugins/2_164/ping.py62
-rw-r--r--ipaclient/remote_plugins/2_164/pkinit.py63
-rw-r--r--ipaclient/remote_plugins/2_164/privilege.py656
-rw-r--r--ipaclient/remote_plugins/2_164/pwpolicy.py937
-rw-r--r--ipaclient/remote_plugins/2_164/radiusproxy.py521
-rw-r--r--ipaclient/remote_plugins/2_164/realmdomains.py195
-rw-r--r--ipaclient/remote_plugins/2_164/role.py758
-rw-r--r--ipaclient/remote_plugins/2_164/selfservice.py338
-rw-r--r--ipaclient/remote_plugins/2_164/selinuxusermap.py905
-rw-r--r--ipaclient/remote_plugins/2_164/server.py317
-rw-r--r--ipaclient/remote_plugins/2_164/service.py1225
-rw-r--r--ipaclient/remote_plugins/2_164/servicedelegation.py907
-rw-r--r--ipaclient/remote_plugins/2_164/session.py34
-rw-r--r--ipaclient/remote_plugins/2_164/stageuser.py1616
-rw-r--r--ipaclient/remote_plugins/2_164/sudocmd.py394
-rw-r--r--ipaclient/remote_plugins/2_164/sudocmdgroup.py540
-rw-r--r--ipaclient/remote_plugins/2_164/sudorule.py1774
-rw-r--r--ipaclient/remote_plugins/2_164/topology.py1055
-rw-r--r--ipaclient/remote_plugins/2_164/trust.py1264
-rw-r--r--ipaclient/remote_plugins/2_164/user.py1993
-rw-r--r--ipaclient/remote_plugins/2_164/vault.py1680
-rw-r--r--ipaclient/remote_plugins/2_49/__init__.py15
-rw-r--r--ipaclient/remote_plugins/2_49/aci.py811
-rw-r--r--ipaclient/remote_plugins/2_49/automember.py758
-rw-r--r--ipaclient/remote_plugins/2_49/automount.py1225
-rw-r--r--ipaclient/remote_plugins/2_49/batch.py69
-rw-r--r--ipaclient/remote_plugins/2_49/cert.py209
-rw-r--r--ipaclient/remote_plugins/2_49/config.py394
-rw-r--r--ipaclient/remote_plugins/2_49/delegation.py384
-rw-r--r--ipaclient/remote_plugins/2_49/dns.py5063
-rw-r--r--ipaclient/remote_plugins/2_49/entitle.py383
-rw-r--r--ipaclient/remote_plugins/2_49/group.py854
-rw-r--r--ipaclient/remote_plugins/2_49/hbacrule.py1198
-rw-r--r--ipaclient/remote_plugins/2_49/hbacsvc.py390
-rw-r--r--ipaclient/remote_plugins/2_49/hbacsvcgroup.py493
-rw-r--r--ipaclient/remote_plugins/2_49/hbactest.py213
-rw-r--r--ipaclient/remote_plugins/2_49/host.py1030
-rw-r--r--ipaclient/remote_plugins/2_49/hostgroup.py670
-rw-r--r--ipaclient/remote_plugins/2_49/idrange.py609
-rw-r--r--ipaclient/remote_plugins/2_49/internal.py90
-rw-r--r--ipaclient/remote_plugins/2_49/join.py64
-rw-r--r--ipaclient/remote_plugins/2_49/krbtpolicy.py269
-rw-r--r--ipaclient/remote_plugins/2_49/migration.py295
-rw-r--r--ipaclient/remote_plugins/2_49/misc.py113
-rw-r--r--ipaclient/remote_plugins/2_49/netgroup.py826
-rw-r--r--ipaclient/remote_plugins/2_49/passwd.py86
-rw-r--r--ipaclient/remote_plugins/2_49/permission.py751
-rw-r--r--ipaclient/remote_plugins/2_49/ping.py60
-rw-r--r--ipaclient/remote_plugins/2_49/pkinit.py61
-rw-r--r--ipaclient/remote_plugins/2_49/privilege.py603
-rw-r--r--ipaclient/remote_plugins/2_49/pwpolicy.py947
-rw-r--r--ipaclient/remote_plugins/2_49/role.py682
-rw-r--r--ipaclient/remote_plugins/2_49/selfservice.py337
-rw-r--r--ipaclient/remote_plugins/2_49/selinuxusermap.py852
-rw-r--r--ipaclient/remote_plugins/2_49/service.py621
-rw-r--r--ipaclient/remote_plugins/2_49/session.py624
-rw-r--r--ipaclient/remote_plugins/2_49/sudocmd.py371
-rw-r--r--ipaclient/remote_plugins/2_49/sudocmdgroup.py501
-rw-r--r--ipaclient/remote_plugins/2_49/sudorule.py1561
-rw-r--r--ipaclient/remote_plugins/2_49/trust.py685
-rw-r--r--ipaclient/remote_plugins/2_49/user.py1372
-rw-r--r--ipaclient/remote_plugins/__init__.py12
-rw-r--r--ipaclient/remote_plugins/compat.py76
-rw-r--r--ipaclient/remote_plugins/schema.py120
-rw-r--r--ipaclient/setup.py.in4
-rw-r--r--ipalib/frontend.py6
198 files changed, 139695 insertions, 105 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in
index b04f819..6893d70 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -1300,6 +1300,7 @@ fi
%{python_sitelib}/ipaclient/*.py*
%{python_sitelib}/ipaclient/plugins/*.py*
%{python_sitelib}/ipaclient/remote_plugins/*.py*
+%{python_sitelib}/ipaclient/remote_plugins/2_*/*.py*
%{python_sitelib}/ipaclient-*.egg-info
@@ -1316,6 +1317,8 @@ fi
%{python3_sitelib}/ipaclient/plugins/__pycache__/*.py*
%{python3_sitelib}/ipaclient/remote_plugins/*.py
%{python3_sitelib}/ipaclient/remote_plugins/__pycache__/*.py*
+%{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py
+%{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__/*.py*
%{python3_sitelib}/ipaclient-*.egg-info
%endif # with_python3
diff --git a/ipaclient/frontend.py b/ipaclient/frontend.py
index 94d6946..e8eacc0 100644
--- a/ipaclient/frontend.py
+++ b/ipaclient/frontend.py
@@ -3,6 +3,104 @@
#
from ipalib.frontend import Command, Method
+from ipalib.parameters import Str
+from ipalib.text import _
+
+
+class ClientCommand(Command):
+ def get_options(self):
+ skip = set()
+ for option in super(ClientCommand, self).get_options():
+ if option.name in skip:
+ continue
+ if option.name in ('all', 'raw'):
+ skip.add(option.name)
+ yield option
+
+
+class ClientMethod(ClientCommand, Method):
+ _failed_member_output_params = (
+ # baseldap
+ Str(
+ 'member',
+ label=_("Failed members"),
+ ),
+ Str(
+ 'sourcehost',
+ label=_("Failed source hosts/hostgroups"),
+ ),
+ Str(
+ 'memberhost',
+ label=_("Failed hosts/hostgroups"),
+ ),
+ Str(
+ 'memberuser',
+ label=_("Failed users/groups"),
+ ),
+ Str(
+ 'memberservice',
+ label=_("Failed service/service groups"),
+ ),
+ Str(
+ 'failed',
+ label=_("Failed to remove"),
+ flags=['suppress_empty'],
+ ),
+ Str(
+ 'ipasudorunas',
+ label=_("Failed RunAs"),
+ ),
+ Str(
+ 'ipasudorunasgroup',
+ label=_("Failed RunAsGroup"),
+ ),
+ # caacl
+ Str(
+ 'ipamembercertprofile',
+ label=_("Failed profiles"),
+ ),
+ Str(
+ 'ipamemberca',
+ label=_("Failed CAs"),
+ ),
+ # host
+ Str(
+ 'managedby',
+ label=_("Failed managedby"),
+ ),
+ # service
+ Str(
+ 'ipaallowedtoperform_read_keys',
+ label=_("Failed allowed to retrieve keytab"),
+ ),
+ Str(
+ 'ipaallowedtoperform_write_keys',
+ label=_("Failed allowed to create keytab"),
+ ),
+ # servicedelegation
+ Str(
+ 'failed_memberprincipal',
+ label=_("Failed members"),
+ ),
+ Str(
+ 'ipaallowedtarget',
+ label=_("Failed targets"),
+ ),
+ # vault
+ Str(
+ 'owner?',
+ label=_("Failed owners"),
+ ),
+ )
+
+ def get_output_params(self):
+ seen = set()
+ for output_param in super(ClientMethod, self).get_output_params():
+ seen.add(output_param.name)
+ yield output_param
+ for output_param in self._failed_member_output_params:
+ if output_param.name not in seen:
+ yield output_param
class CommandOverride(Command):
@@ -24,6 +122,14 @@ class CommandOverride(Command):
def topic(self):
return self.next.topic
+ @property
+ def forwarded_name(self):
+ return self.next.forwarded_name
+
+ @property
+ def api_version(self):
+ return self.next.api_version
+
def _on_finalize(self):
self.next.finalize()
diff --git a/ipaclient/remote_plugins/2_114/__init__.py b/ipaclient/remote_plugins/2_114/__init__.py
new file mode 100644
index 0000000..f1e2d03
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/__init__.py
@@ -0,0 +1,15 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+from ..compat import CompatCommand, CompatMethod, CompatObject
+
+Object = CompatObject
+
+
+class Command(CompatCommand):
+ api_version = u'2.114'
+
+
+class Method(Command, CompatMethod):
+ pass
diff --git a/ipaclient/remote_plugins/2_114/aci.py b/ipaclient/remote_plugins/2_114/aci.py
new file mode 100644
index 0000000..316abeb
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/aci.py
@@ -0,0 +1,812 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Directory Server Access Control Instructions (ACIs)
+
+ACIs are used to allow or deny access to information. This module is
+currently designed to allow, not deny, access.
+
+The aci commands are designed to grant permissions that allow updating
+existing entries or adding or deleting new ones. The goal of the ACIs
+that ship with IPA is to provide a set of low-level permissions that
+grant access to special groups called taskgroups. These low-level
+permissions can be combined into roles that grant broader access. These
+roles are another type of group, roles.
+
+For example, if you have taskgroups that allow adding and modifying users you
+could create a role, useradmin. You would assign users to the useradmin
+role to allow them to do the operations defined by the taskgroups.
+
+You can create ACIs that delegate permission so users in group A can write
+attributes on group B.
+
+The type option is a map that applies to all entries in the users, groups or
+host location. It is primarily designed to be used when granting add
+permissions (to write new entries).
+
+An ACI consists of three parts:
+1. target
+2. permissions
+3. bind rules
+
+The target is a set of rules that define which LDAP objects are being
+targeted. This can include a list of attributes, an area of that LDAP
+tree or an LDAP filter.
+
+The targets include:
+- attrs: list of attributes affected
+- type: an object type (user, group, host, service, etc)
+- memberof: members of a group
+- targetgroup: grant access to modify a specific group. This is primarily
+ designed to enable users to add or remove members of a specific group.
+- filter: A legal LDAP filter used to narrow the scope of the target.
+- subtree: Used to apply a rule across an entire set of objects. For example,
+ to allow adding users you need to grant "add" permission to the subtree
+ ldap://uid=*,cn=users,cn=accounts,dc=example,dc=com. The subtree option
+ is a fail-safe for objects that may not be covered by the type option.
+
+The permissions define what the ACI is allowed to do, and are one or
+more of:
+1. write - write one or more attributes
+2. read - read one or more attributes
+3. add - add a new entry to the tree
+4. delete - delete an existing entry
+5. all - all permissions are granted
+
+Note the distinction between attributes and entries. The permissions are
+independent, so being able to add a user does not mean that the user will
+be editable.
+
+The bind rule defines who this ACI grants permissions to. The LDAP server
+allows this to be any valid LDAP entry but we encourage the use of
+taskgroups so that the rights can be easily shared through roles.
+
+For a more thorough description of access controls see
+http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control.html
+
+EXAMPLES:
+
+NOTE: ACIs are now added via the permission plugin. These examples are to
+demonstrate how the various options work but this is done via the permission
+command-line now (see last example).
+
+ Add an ACI so that the group "secretaries" can update the address on any user:
+ ipa group-add --desc="Office secretaries" secretaries
+ ipa aci-add --attrs=streetAddress --memberof=ipausers --group=secretaries --permissions=write --prefix=none "Secretaries write addresses"
+
+ Show the new ACI:
+ ipa aci-show --prefix=none "Secretaries write addresses"
+
+ Add an ACI that allows members of the "addusers" permission to add new users:
+ ipa aci-add --type=user --permission=addusers --permissions=add --prefix=none "Add new users"
+
+ Add an ACI that allows members of the editors manage members of the admins group:
+ ipa aci-add --permissions=write --attrs=member --targetgroup=admins --group=editors --prefix=none "Editors manage admins"
+
+ Add an ACI that allows members of the admins group to manage the street and zip code of those in the editors group:
+ ipa aci-add --permissions=write --memberof=editors --group=admins --attrs=street --attrs=postalcode --prefix=none "admins edit the address of editors"
+
+ Add an ACI that allows the admins group manage the street and zipcode of those who work for the boss:
+ ipa aci-add --permissions=write --group=admins --attrs=street --attrs=postalcode --filter="(manager=uid=boss,cn=users,cn=accounts,dc=example,dc=com)" --prefix=none "Edit the address of those who work for the boss"
+
+ Add an entirely new kind of record to IPA that isn't covered by any of the --type options, creating a permission:
+ ipa permission-add --permissions=add --subtree="cn=*,cn=orange,cn=accounts,dc=example,dc=com" --desc="Add Orange Entries" add_orange
+
+
+The show command shows the raw 389-ds ACI.
+
+IMPORTANT: When modifying the target attributes of an existing ACI you
+must include all existing attributes as well. When doing an aci-mod the
+targetattr REPLACES the current attributes, it does not add to them.
+""")
+
+register = Registry()
+
+
+@register()
+class aci(Object):
+ takes_params = (
+ parameters.Str(
+ 'aciname',
+ primary_key=True,
+ label=_(u'ACI name'),
+ ),
+ parameters.Str(
+ 'permission',
+ required=False,
+ label=_(u'Permission'),
+ doc=_(u'Permission ACI grants access to'),
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ label=_(u'User group'),
+ doc=_(u'User group ACI grants access to'),
+ ),
+ parameters.Str(
+ 'permissions',
+ multivalue=True,
+ label=_(u'Permissions'),
+ doc=_(u'Permissions to grant(read, write, add, delete, all)'),
+ ),
+ parameters.Str(
+ 'attrs',
+ required=False,
+ multivalue=True,
+ label=_(u'Attributes to which the permission applies'),
+ doc=_(u'Attributes'),
+ ),
+ parameters.Str(
+ 'type',
+ required=False,
+ label=_(u'Type'),
+ doc=_(u'type of IPA object (user, group, host, hostgroup, service, netgroup)'),
+ ),
+ parameters.Str(
+ 'memberof',
+ required=False,
+ label=_(u'Member of'),
+ doc=_(u'Member of a group'),
+ ),
+ parameters.Str(
+ 'filter',
+ required=False,
+ label=_(u'Filter'),
+ doc=_(u'Legal LDAP filter (e.g. ou=Engineering)'),
+ ),
+ parameters.Str(
+ 'subtree',
+ required=False,
+ label=_(u'Subtree'),
+ doc=_(u'Subtree to apply ACI to'),
+ ),
+ parameters.Str(
+ 'targetgroup',
+ required=False,
+ label=_(u'Target group'),
+ doc=_(u'Group to apply ACI to'),
+ ),
+ parameters.Flag(
+ 'selfaci',
+ required=False,
+ label=_(u'Target your own entry (self)'),
+ doc=_(u'Apply ACI to your own entry (self)'),
+ ),
+ )
+
+
+@register()
+class aci_add(Method):
+ __doc__ = _("Create new ACI.")
+
+ NO_CLI = True
+
+ takes_args = (
+ parameters.Str(
+ 'aciname',
+ cli_name='name',
+ label=_(u'ACI name'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'permission',
+ required=False,
+ label=_(u'Permission'),
+ doc=_(u'Permission ACI grants access to'),
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ label=_(u'User group'),
+ doc=_(u'User group ACI grants access to'),
+ ),
+ parameters.Str(
+ 'permissions',
+ multivalue=True,
+ label=_(u'Permissions'),
+ doc=_(u'Permissions to grant(read, write, add, delete, all)'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'attrs',
+ required=False,
+ multivalue=True,
+ label=_(u'Attributes to which the permission applies'),
+ doc=_(u'Attributes'),
+ ),
+ parameters.Str(
+ 'type',
+ required=False,
+ cli_metavar="['user', 'group', 'host', 'service', 'hostgroup', 'netgroup', 'dnsrecord']",
+ label=_(u'Type'),
+ doc=_(u'type of IPA object (user, group, host, hostgroup, service, netgroup)'),
+ ),
+ parameters.Str(
+ 'memberof',
+ required=False,
+ label=_(u'Member of'),
+ doc=_(u'Member of a group'),
+ ),
+ parameters.Str(
+ 'filter',
+ required=False,
+ label=_(u'Filter'),
+ doc=_(u'Legal LDAP filter (e.g. ou=Engineering)'),
+ ),
+ parameters.Str(
+ 'subtree',
+ required=False,
+ label=_(u'Subtree'),
+ doc=_(u'Subtree to apply ACI to'),
+ ),
+ parameters.Str(
+ 'targetgroup',
+ required=False,
+ label=_(u'Target group'),
+ doc=_(u'Group to apply ACI to'),
+ ),
+ parameters.Flag(
+ 'selfaci',
+ required=False,
+ cli_name='self',
+ label=_(u'Target your own entry (self)'),
+ doc=_(u'Apply ACI to your own entry (self)'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'aciprefix',
+ cli_name='prefix',
+ cli_metavar="['permission', 'delegation', 'selfservice', 'none']",
+ label=_(u'ACI prefix'),
+ doc=_(u'Prefix used to distinguish ACI types (permission, delegation, selfservice, none)'),
+ ),
+ parameters.Flag(
+ 'test',
+ required=False,
+ doc=_(u"Test the ACI syntax but don't write anything"),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class aci_del(Method):
+ __doc__ = _("Delete ACI.")
+
+ NO_CLI = True
+
+ takes_args = (
+ parameters.Str(
+ 'aciname',
+ cli_name='name',
+ label=_(u'ACI name'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'aciprefix',
+ cli_name='prefix',
+ cli_metavar="['permission', 'delegation', 'selfservice', 'none']",
+ label=_(u'ACI prefix'),
+ doc=_(u'Prefix used to distinguish ACI types (permission, delegation, selfservice, none)'),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class aci_find(Method):
+ __doc__ = _("""
+Search for ACIs.
+
+ Returns a list of ACIs
+
+ EXAMPLES:
+
+ To find all ACIs that apply directly to members of the group ipausers:
+ ipa aci-find --memberof=ipausers
+
+ To find all ACIs that grant add access:
+ ipa aci-find --permissions=add
+
+ Note that the find command only looks for the given text in the set of
+ ACIs, it does not evaluate the ACIs to see if something would apply.
+ For example, searching on memberof=ipausers will find all ACIs that
+ have ipausers as a memberof. There may be other ACIs that apply to
+ members of that group indirectly.
+ """)
+
+ NO_CLI = True
+
+ takes_args = (
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'aciname',
+ required=False,
+ cli_name='name',
+ label=_(u'ACI name'),
+ ),
+ parameters.Str(
+ 'permission',
+ required=False,
+ label=_(u'Permission'),
+ doc=_(u'Permission ACI grants access to'),
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ label=_(u'User group'),
+ doc=_(u'User group ACI grants access to'),
+ ),
+ parameters.Str(
+ 'permissions',
+ required=False,
+ multivalue=True,
+ label=_(u'Permissions'),
+ doc=_(u'Permissions to grant(read, write, add, delete, all)'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'attrs',
+ required=False,
+ multivalue=True,
+ label=_(u'Attributes to which the permission applies'),
+ doc=_(u'Attributes'),
+ ),
+ parameters.Str(
+ 'type',
+ required=False,
+ cli_metavar="['user', 'group', 'host', 'service', 'hostgroup', 'netgroup', 'dnsrecord']",
+ label=_(u'Type'),
+ doc=_(u'type of IPA object (user, group, host, hostgroup, service, netgroup)'),
+ ),
+ parameters.Str(
+ 'memberof',
+ required=False,
+ label=_(u'Member of'),
+ doc=_(u'Member of a group'),
+ ),
+ parameters.Str(
+ 'filter',
+ required=False,
+ label=_(u'Filter'),
+ doc=_(u'Legal LDAP filter (e.g. ou=Engineering)'),
+ ),
+ parameters.Str(
+ 'subtree',
+ required=False,
+ label=_(u'Subtree'),
+ doc=_(u'Subtree to apply ACI to'),
+ ),
+ parameters.Str(
+ 'targetgroup',
+ required=False,
+ label=_(u'Target group'),
+ doc=_(u'Group to apply ACI to'),
+ ),
+ parameters.Bool(
+ 'selfaci',
+ required=False,
+ cli_name='self',
+ label=_(u'Target your own entry (self)'),
+ doc=_(u'Apply ACI to your own entry (self)'),
+ default=False,
+ ),
+ parameters.Str(
+ 'aciprefix',
+ required=False,
+ cli_name='prefix',
+ cli_metavar="['permission', 'delegation', 'selfservice', 'none']",
+ label=_(u'ACI prefix'),
+ doc=_(u'Prefix used to distinguish ACI types (permission, delegation, selfservice, none)'),
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("name")'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class aci_mod(Method):
+ __doc__ = _("Modify ACI.")
+
+ NO_CLI = True
+
+ takes_args = (
+ parameters.Str(
+ 'aciname',
+ cli_name='name',
+ label=_(u'ACI name'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'permission',
+ required=False,
+ label=_(u'Permission'),
+ doc=_(u'Permission ACI grants access to'),
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ label=_(u'User group'),
+ doc=_(u'User group ACI grants access to'),
+ ),
+ parameters.Str(
+ 'permissions',
+ required=False,
+ multivalue=True,
+ label=_(u'Permissions'),
+ doc=_(u'Permissions to grant(read, write, add, delete, all)'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'attrs',
+ required=False,
+ multivalue=True,
+ label=_(u'Attributes to which the permission applies'),
+ doc=_(u'Attributes'),
+ ),
+ parameters.Str(
+ 'type',
+ required=False,
+ cli_metavar="['user', 'group', 'host', 'service', 'hostgroup', 'netgroup', 'dnsrecord']",
+ label=_(u'Type'),
+ doc=_(u'type of IPA object (user, group, host, hostgroup, service, netgroup)'),
+ ),
+ parameters.Str(
+ 'memberof',
+ required=False,
+ label=_(u'Member of'),
+ doc=_(u'Member of a group'),
+ ),
+ parameters.Str(
+ 'filter',
+ required=False,
+ label=_(u'Filter'),
+ doc=_(u'Legal LDAP filter (e.g. ou=Engineering)'),
+ ),
+ parameters.Str(
+ 'subtree',
+ required=False,
+ label=_(u'Subtree'),
+ doc=_(u'Subtree to apply ACI to'),
+ ),
+ parameters.Str(
+ 'targetgroup',
+ required=False,
+ label=_(u'Target group'),
+ doc=_(u'Group to apply ACI to'),
+ ),
+ parameters.Flag(
+ 'selfaci',
+ required=False,
+ cli_name='self',
+ label=_(u'Target your own entry (self)'),
+ doc=_(u'Apply ACI to your own entry (self)'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'aciprefix',
+ cli_name='prefix',
+ cli_metavar="['permission', 'delegation', 'selfservice', 'none']",
+ label=_(u'ACI prefix'),
+ doc=_(u'Prefix used to distinguish ACI types (permission, delegation, selfservice, none)'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class aci_rename(Method):
+ __doc__ = _("Rename an ACI.")
+
+ NO_CLI = True
+
+ takes_args = (
+ parameters.Str(
+ 'aciname',
+ cli_name='name',
+ label=_(u'ACI name'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'permission',
+ required=False,
+ label=_(u'Permission'),
+ doc=_(u'Permission ACI grants access to'),
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ label=_(u'User group'),
+ doc=_(u'User group ACI grants access to'),
+ ),
+ parameters.Str(
+ 'permissions',
+ required=False,
+ multivalue=True,
+ label=_(u'Permissions'),
+ doc=_(u'Permissions to grant(read, write, add, delete, all)'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'attrs',
+ required=False,
+ multivalue=True,
+ label=_(u'Attributes to which the permission applies'),
+ doc=_(u'Attributes'),
+ ),
+ parameters.Str(
+ 'type',
+ required=False,
+ cli_metavar="['user', 'group', 'host', 'service', 'hostgroup', 'netgroup', 'dnsrecord']",
+ label=_(u'Type'),
+ doc=_(u'type of IPA object (user, group, host, hostgroup, service, netgroup)'),
+ ),
+ parameters.Str(
+ 'memberof',
+ required=False,
+ label=_(u'Member of'),
+ doc=_(u'Member of a group'),
+ ),
+ parameters.Str(
+ 'filter',
+ required=False,
+ label=_(u'Filter'),
+ doc=_(u'Legal LDAP filter (e.g. ou=Engineering)'),
+ ),
+ parameters.Str(
+ 'subtree',
+ required=False,
+ label=_(u'Subtree'),
+ doc=_(u'Subtree to apply ACI to'),
+ ),
+ parameters.Str(
+ 'targetgroup',
+ required=False,
+ label=_(u'Target group'),
+ doc=_(u'Group to apply ACI to'),
+ ),
+ parameters.Flag(
+ 'selfaci',
+ required=False,
+ cli_name='self',
+ label=_(u'Target your own entry (self)'),
+ doc=_(u'Apply ACI to your own entry (self)'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'aciprefix',
+ cli_name='prefix',
+ cli_metavar="['permission', 'delegation', 'selfservice', 'none']",
+ label=_(u'ACI prefix'),
+ doc=_(u'Prefix used to distinguish ACI types (permission, delegation, selfservice, none)'),
+ ),
+ parameters.Str(
+ 'newname',
+ doc=_(u'New ACI name'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class aci_show(Method):
+ __doc__ = _("Display a single ACI given an ACI name.")
+
+ NO_CLI = True
+
+ takes_args = (
+ parameters.Str(
+ 'aciname',
+ cli_name='name',
+ label=_(u'ACI name'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'aciprefix',
+ cli_name='prefix',
+ cli_metavar="['permission', 'delegation', 'selfservice', 'none']",
+ label=_(u'ACI prefix'),
+ doc=_(u'Prefix used to distinguish ACI types (permission, delegation, selfservice, none)'),
+ ),
+ parameters.DNParam(
+ 'location',
+ required=False,
+ label=_(u'Location of the ACI'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/automember.py b/ipaclient/remote_plugins/2_114/automember.py
new file mode 100644
index 0000000..09b5a8d
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/automember.py
@@ -0,0 +1,827 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Auto Membership Rule.
+
+Bring clarity to the membership of hosts and users by configuring inclusive
+or exclusive regex patterns, you can automatically assign a new entries into
+a group or hostgroup based upon attribute information.
+
+A rule is directly associated with a group by name, so you cannot create
+a rule without an accompanying group or hostgroup.
+
+A condition is a regular expression used by 389-ds to match a new incoming
+entry with an automember rule. If it matches an inclusive rule then the
+entry is added to the appropriate group or hostgroup.
+
+A default group or hostgroup could be specified for entries that do not
+match any rule. In case of user entries this group will be a fallback group
+because all users are by default members of group specified in IPA config.
+
+The automember-rebuild command can be used to retroactively run automember rules
+against existing entries, thus rebuilding their membership.
+
+EXAMPLES:
+
+ Add the initial group or hostgroup:
+ ipa hostgroup-add --desc="Web Servers" webservers
+ ipa group-add --desc="Developers" devel
+
+ Add the initial rule:
+ ipa automember-add --type=hostgroup webservers
+ ipa automember-add --type=group devel
+
+ Add a condition to the rule:
+ ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-regex=^web[1-9]+\.example\.com webservers
+ ipa automember-add-condition --key=manager --type=group --inclusive-regex=^uid=mscott devel
+
+ Add an exclusive condition to the rule to prevent auto assignment:
+ ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-regex=^web5\.example\.com webservers
+
+ Add a host:
+ ipa host-add web1.example.com
+
+ Add a user:
+ ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott
+
+ Verify automembership:
+ ipa hostgroup-show webservers
+ Host-group: webservers
+ Description: Web Servers
+ Member hosts: web1.example.com
+
+ ipa group-show devel
+ Group name: devel
+ Description: Developers
+ GID: 1004200000
+ Member users: tuser
+
+ Remove a condition from the rule:
+ ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-regex=^web[1-9]+\.example\.com webservers
+
+ Modify the automember rule:
+ ipa automember-mod
+
+ Set the default (fallback) target group:
+ ipa automember-default-group-set --default-group=webservers --type=hostgroup
+ ipa automember-default-group-set --default-group=ipausers --type=group
+
+ Remove the default (fallback) target group:
+ ipa automember-default-group-remove --type=hostgroup
+ ipa automember-default-group-remove --type=group
+
+ Show the default (fallback) target group:
+ ipa automember-default-group-show --type=hostgroup
+ ipa automember-default-group-show --type=group
+
+ Find all of the automember rules:
+ ipa automember-find
+
+ Display a automember rule:
+ ipa automember-show --type=hostgroup webservers
+ ipa automember-show --type=group devel
+
+ Delete an automember rule:
+ ipa automember-del --type=hostgroup webservers
+ ipa automember-del --type=group devel
+
+ Rebuild membership for all users:
+ ipa automember-rebuild --type=group
+
+ Rebuild membership for all hosts:
+ ipa automember-rebuild --type=hostgroup
+
+ Rebuild membership for specified users:
+ ipa automember-rebuild --users=tuser1 --users=tuser2
+
+ Rebuild membership for specified hosts:
+ ipa automember-rebuild --hosts=web1.example.com --hosts=web2.example.com
+""")
+
+register = Registry()
+
+
+@register()
+class automember(Object):
+ takes_params = (
+ parameters.Str(
+ 'description',
+ required=False,
+ label=_(u'Description'),
+ doc=_(u'A description of this auto member rule'),
+ ),
+ parameters.Str(
+ 'automemberdefaultgroup',
+ required=False,
+ label=_(u'Default (fallback) Group'),
+ doc=_(u'Default group for entries to land'),
+ ),
+ )
+
+
+@register()
+class automember_add(Method):
+ __doc__ = _("Add an automember rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='automember_rule',
+ label=_(u'Automember Rule'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'A description of this auto member rule'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'type',
+ cli_metavar="['group', 'hostgroup']",
+ label=_(u'Grouping Type'),
+ doc=_(u'Grouping to which the rule applies'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class automember_add_condition(Method):
+ __doc__ = _("Add conditions to an automember rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='automember_rule',
+ label=_(u'Automember Rule'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'A description of this auto member rule'),
+ ),
+ parameters.Str(
+ 'automemberinclusiveregex',
+ required=False,
+ multivalue=True,
+ cli_name='inclusive_regex',
+ label=_(u'Inclusive Regex'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'automemberexclusiveregex',
+ required=False,
+ multivalue=True,
+ cli_name='exclusive_regex',
+ label=_(u'Exclusive Regex'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'key',
+ label=_(u'Attribute Key'),
+ doc=_(u'Attribute to filter via regex. For example fqdn for a host, or manager for a user'),
+ ),
+ parameters.Str(
+ 'type',
+ cli_metavar="['group', 'hostgroup']",
+ label=_(u'Grouping Type'),
+ doc=_(u'Grouping to which the rule applies'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Conditions that could not be added'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of conditions added'),
+ ),
+ )
+
+
+@register()
+class automember_default_group_remove(Method):
+ __doc__ = _("Remove default (fallback) group for all unmatched entries.")
+
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'A description of this auto member rule'),
+ ),
+ parameters.Str(
+ 'type',
+ cli_metavar="['group', 'hostgroup']",
+ label=_(u'Grouping Type'),
+ doc=_(u'Grouping to which the rule applies'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class automember_default_group_set(Method):
+ __doc__ = _("Set default (fallback) group for all unmatched entries.")
+
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'A description of this auto member rule'),
+ ),
+ parameters.Str(
+ 'automemberdefaultgroup',
+ cli_name='default_group',
+ label=_(u'Default (fallback) Group'),
+ doc=_(u'Default (fallback) group for entries to land'),
+ ),
+ parameters.Str(
+ 'type',
+ cli_metavar="['group', 'hostgroup']",
+ label=_(u'Grouping Type'),
+ doc=_(u'Grouping to which the rule applies'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class automember_default_group_show(Method):
+ __doc__ = _("Display information about the default (fallback) automember groups.")
+
+ takes_options = (
+ parameters.Str(
+ 'type',
+ cli_metavar="['group', 'hostgroup']",
+ label=_(u'Grouping Type'),
+ doc=_(u'Grouping to which the rule applies'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class automember_del(Method):
+ __doc__ = _("Delete an automember rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='automember_rule',
+ label=_(u'Automember Rule'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'type',
+ cli_metavar="['group', 'hostgroup']",
+ label=_(u'Grouping Type'),
+ doc=_(u'Grouping to which the rule applies'),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class automember_find(Method):
+ __doc__ = _("Search for automember rules.")
+
+ takes_args = (
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'A description of this auto member rule'),
+ ),
+ parameters.Str(
+ 'type',
+ cli_metavar="['group', 'hostgroup']",
+ label=_(u'Grouping Type'),
+ doc=_(u'Grouping to which the rule applies'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class automember_mod(Method):
+ __doc__ = _("Modify an automember rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='automember_rule',
+ label=_(u'Automember Rule'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'A description of this auto member rule'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'type',
+ cli_metavar="['group', 'hostgroup']",
+ label=_(u'Grouping Type'),
+ doc=_(u'Grouping to which the rule applies'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class automember_rebuild(Command):
+ __doc__ = _("Rebuild auto membership.")
+
+ takes_options = (
+ parameters.Str(
+ 'type',
+ required=False,
+ cli_metavar="['group', 'hostgroup']",
+ label=_(u'Rebuild membership for all members of a grouping'),
+ doc=_(u'Grouping to which the rule applies'),
+ ),
+ parameters.Str(
+ 'users',
+ required=False,
+ multivalue=True,
+ label=_(u'Users'),
+ doc=_(u'Rebuild membership for specified users'),
+ ),
+ parameters.Str(
+ 'hosts',
+ required=False,
+ multivalue=True,
+ label=_(u'Hosts'),
+ doc=_(u'Rebuild membership for specified hosts'),
+ ),
+ parameters.Flag(
+ 'no_wait',
+ required=False,
+ label=_(u'No wait'),
+ doc=_(u"Don't wait for rebuilding membership"),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class automember_remove_condition(Method):
+ __doc__ = _("Remove conditions from an automember rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='automember_rule',
+ label=_(u'Automember Rule'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'A description of this auto member rule'),
+ ),
+ parameters.Str(
+ 'automemberinclusiveregex',
+ required=False,
+ multivalue=True,
+ cli_name='inclusive_regex',
+ label=_(u'Inclusive Regex'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'automemberexclusiveregex',
+ required=False,
+ multivalue=True,
+ cli_name='exclusive_regex',
+ label=_(u'Exclusive Regex'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'key',
+ label=_(u'Attribute Key'),
+ doc=_(u'Attribute to filter via regex. For example fqdn for a host, or manager for a user'),
+ ),
+ parameters.Str(
+ 'type',
+ cli_metavar="['group', 'hostgroup']",
+ label=_(u'Grouping Type'),
+ doc=_(u'Grouping to which the rule applies'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Conditions that could not be removed'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of conditions removed'),
+ ),
+ )
+
+
+@register()
+class automember_show(Method):
+ __doc__ = _("Display information about an automember rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='automember_rule',
+ label=_(u'Automember Rule'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'type',
+ cli_metavar="['group', 'hostgroup']",
+ label=_(u'Grouping Type'),
+ doc=_(u'Grouping to which the rule applies'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/automount.py b/ipaclient/remote_plugins/2_114/automount.py
new file mode 100644
index 0000000..c2fcd6c
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/automount.py
@@ -0,0 +1,1228 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Automount
+
+Stores automount(8) configuration for autofs(8) in IPA.
+
+The base of an automount configuration is the configuration file auto.master.
+This is also the base location in IPA. Multiple auto.master configurations
+can be stored in separate locations. A location is implementation-specific
+with the default being a location named 'default'. For example, you can have
+locations by geographic region, by floor, by type, etc.
+
+Automount has three basic object types: locations, maps and keys.
+
+A location defines a set of maps anchored in auto.master. This allows you
+to store multiple automount configurations. A location in itself isn't
+very interesting, it is just a point to start a new automount map.
+
+A map is roughly equivalent to a discrete automount file and provides
+storage for keys.
+
+A key is a mount point associated with a map.
+
+When a new location is created, two maps are automatically created for
+it: auto.master and auto.direct. auto.master is the root map for all
+automount maps for the location. auto.direct is the default map for
+direct mounts and is mounted on /-.
+
+An automount map may contain a submount key. This key defines a mount
+location within the map that references another map. This can be done
+either using automountmap-add-indirect --parentmap or manually
+with automountkey-add and setting info to "-type=autofs :<mapname>".
+
+EXAMPLES:
+
+Locations:
+
+ Create a named location, "Baltimore":
+ ipa automountlocation-add baltimore
+
+ Display the new location:
+ ipa automountlocation-show baltimore
+
+ Find available locations:
+ ipa automountlocation-find
+
+ Remove a named automount location:
+ ipa automountlocation-del baltimore
+
+ Show what the automount maps would look like if they were in the filesystem:
+ ipa automountlocation-tofiles baltimore
+
+ Import an existing configuration into a location:
+ ipa automountlocation-import baltimore /etc/auto.master
+
+ The import will fail if any duplicate entries are found. For
+ continuous operation where errors are ignored, use the --continue
+ option.
+
+Maps:
+
+ Create a new map, "auto.share":
+ ipa automountmap-add baltimore auto.share
+
+ Display the new map:
+ ipa automountmap-show baltimore auto.share
+
+ Find maps in the location baltimore:
+ ipa automountmap-find baltimore
+
+ Create an indirect map with auto.share as a submount:
+ ipa automountmap-add-indirect baltimore --parentmap=auto.share --mount=sub auto.man
+
+ This is equivalent to:
+
+ ipa automountmap-add-indirect baltimore --mount=/man auto.man
+ ipa automountkey-add baltimore auto.man --key=sub --info="-fstype=autofs ldap:auto.share"
+
+ Remove the auto.share map:
+ ipa automountmap-del baltimore auto.share
+
+Keys:
+
+ Create a new key for the auto.share map in location baltimore. This ties
+ the map we previously created to auto.master:
+ ipa automountkey-add baltimore auto.master --key=/share --info=auto.share
+
+ Create a new key for our auto.share map, an NFS mount for man pages:
+ ipa automountkey-add baltimore auto.share --key=man --info="-ro,soft,rsize=8192,wsize=8192 ipa.example.com:/shared/man"
+
+ Find all keys for the auto.share map:
+ ipa automountkey-find baltimore auto.share
+
+ Find all direct automount keys:
+ ipa automountkey-find baltimore --key=/-
+
+ Remove the man key from the auto.share map:
+ ipa automountkey-del baltimore auto.share --key=man
+""")
+
+register = Registry()
+
+
+@register()
+class automountkey(Object):
+ takes_params = (
+ parameters.Str(
+ 'automountkey',
+ label=_(u'Key'),
+ doc=_(u'Automount key name.'),
+ ),
+ parameters.Str(
+ 'automountinformation',
+ label=_(u'Mount information'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ primary_key=True,
+ label=_(u'description'),
+ exclude=('webui', 'cli'),
+ ),
+ )
+
+
+@register()
+class automountlocation(Object):
+ takes_params = (
+ parameters.Str(
+ 'cn',
+ primary_key=True,
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ )
+
+
+@register()
+class automountmap(Object):
+ takes_params = (
+ parameters.Str(
+ 'automountmapname',
+ primary_key=True,
+ label=_(u'Map'),
+ doc=_(u'Automount map name.'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ label=_(u'Description'),
+ ),
+ )
+
+
+@register()
+class automountkey_add(Method):
+ __doc__ = _("Create a new automount key.")
+
+ takes_args = (
+ parameters.Str(
+ 'automountlocationcn',
+ cli_name='automountlocation',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ parameters.Str(
+ 'automountmapautomountmapname',
+ cli_name='automountmap',
+ label=_(u'Map'),
+ doc=_(u'Automount map name.'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'automountkey',
+ cli_name='key',
+ label=_(u'Key'),
+ doc=_(u'Automount key name.'),
+ ),
+ parameters.Str(
+ 'automountinformation',
+ cli_name='info',
+ label=_(u'Mount information'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class automountkey_del(Method):
+ __doc__ = _("Delete an automount key.")
+
+ takes_args = (
+ parameters.Str(
+ 'automountlocationcn',
+ cli_name='automountlocation',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ parameters.Str(
+ 'automountmapautomountmapname',
+ cli_name='automountmap',
+ label=_(u'Map'),
+ doc=_(u'Automount map name.'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'automountkey',
+ cli_name='key',
+ label=_(u'Key'),
+ doc=_(u'Automount key name.'),
+ ),
+ parameters.Str(
+ 'automountinformation',
+ required=False,
+ cli_name='info',
+ label=_(u'Mount information'),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class automountkey_find(Method):
+ __doc__ = _("Search for an automount key.")
+
+ takes_args = (
+ parameters.Str(
+ 'automountlocationcn',
+ cli_name='automountlocation',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ parameters.Str(
+ 'automountmapautomountmapname',
+ cli_name='automountmap',
+ label=_(u'Map'),
+ doc=_(u'Automount map name.'),
+ ),
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'automountkey',
+ required=False,
+ cli_name='key',
+ label=_(u'Key'),
+ doc=_(u'Automount key name.'),
+ ),
+ parameters.Str(
+ 'automountinformation',
+ required=False,
+ cli_name='info',
+ label=_(u'Mount information'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class automountkey_mod(Method):
+ __doc__ = _("Modify an automount key.")
+
+ takes_args = (
+ parameters.Str(
+ 'automountlocationcn',
+ cli_name='automountlocation',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ parameters.Str(
+ 'automountmapautomountmapname',
+ cli_name='automountmap',
+ label=_(u'Map'),
+ doc=_(u'Automount map name.'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'automountkey',
+ cli_name='key',
+ label=_(u'Key'),
+ doc=_(u'Automount key name.'),
+ ),
+ parameters.Str(
+ 'automountinformation',
+ required=False,
+ cli_name='info',
+ label=_(u'Mount information'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'newautomountinformation',
+ required=False,
+ cli_name='newinfo',
+ label=_(u'New mount information'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'rename',
+ required=False,
+ label=_(u'Rename'),
+ doc=_(u'Rename the automount key object'),
+ exclude=('webui',),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class automountkey_show(Method):
+ __doc__ = _("Display an automount key.")
+
+ takes_args = (
+ parameters.Str(
+ 'automountlocationcn',
+ cli_name='automountlocation',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ parameters.Str(
+ 'automountmapautomountmapname',
+ cli_name='automountmap',
+ label=_(u'Map'),
+ doc=_(u'Automount map name.'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'automountkey',
+ cli_name='key',
+ label=_(u'Key'),
+ doc=_(u'Automount key name.'),
+ ),
+ parameters.Str(
+ 'automountinformation',
+ required=False,
+ cli_name='info',
+ label=_(u'Mount information'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class automountlocation_add(Method):
+ __doc__ = _("Create a new automount location.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='location',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class automountlocation_del(Method):
+ __doc__ = _("Delete an automount location.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ multivalue=True,
+ cli_name='location',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class automountlocation_find(Method):
+ __doc__ = _("Search for an automount location.")
+
+ takes_args = (
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'cn',
+ required=False,
+ cli_name='location',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("location")'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class automountlocation_show(Method):
+ __doc__ = _("Display an automount location.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='location',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class automountlocation_tofiles(Method):
+ __doc__ = _("Generate automount files for a specific location.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='location',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'result',
+ ),
+ )
+
+
+@register()
+class automountmap_add(Method):
+ __doc__ = _("Create a new automount map.")
+
+ takes_args = (
+ parameters.Str(
+ 'automountlocationcn',
+ cli_name='automountlocation',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ parameters.Str(
+ 'automountmapname',
+ cli_name='map',
+ label=_(u'Map'),
+ doc=_(u'Automount map name.'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class automountmap_add_indirect(Method):
+ __doc__ = _("Create a new indirect mount point.")
+
+ takes_args = (
+ parameters.Str(
+ 'automountlocationcn',
+ cli_name='automountlocation',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ parameters.Str(
+ 'automountmapname',
+ cli_name='map',
+ label=_(u'Map'),
+ doc=_(u'Automount map name.'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'key',
+ cli_name='mount',
+ label=_(u'Mount point'),
+ ),
+ parameters.Str(
+ 'parentmap',
+ required=False,
+ label=_(u'Parent map'),
+ doc=_(u'Name of parent automount map (default: auto.master).'),
+ default=u'auto.master',
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class automountmap_del(Method):
+ __doc__ = _("Delete an automount map.")
+
+ takes_args = (
+ parameters.Str(
+ 'automountlocationcn',
+ cli_name='automountlocation',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ parameters.Str(
+ 'automountmapname',
+ multivalue=True,
+ cli_name='map',
+ label=_(u'Map'),
+ doc=_(u'Automount map name.'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class automountmap_find(Method):
+ __doc__ = _("Search for an automount map.")
+
+ takes_args = (
+ parameters.Str(
+ 'automountlocationcn',
+ cli_name='automountlocation',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'automountmapname',
+ required=False,
+ cli_name='map',
+ label=_(u'Map'),
+ doc=_(u'Automount map name.'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("map")'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class automountmap_mod(Method):
+ __doc__ = _("Modify an automount map.")
+
+ takes_args = (
+ parameters.Str(
+ 'automountlocationcn',
+ cli_name='automountlocation',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ parameters.Str(
+ 'automountmapname',
+ cli_name='map',
+ label=_(u'Map'),
+ doc=_(u'Automount map name.'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class automountmap_show(Method):
+ __doc__ = _("Display an automount map.")
+
+ takes_args = (
+ parameters.Str(
+ 'automountlocationcn',
+ cli_name='automountlocation',
+ label=_(u'Location'),
+ doc=_(u'Automount location name.'),
+ ),
+ parameters.Str(
+ 'automountmapname',
+ cli_name='map',
+ label=_(u'Map'),
+ doc=_(u'Automount map name.'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/batch.py b/ipaclient/remote_plugins/2_114/batch.py
new file mode 100644
index 0000000..4a613b6
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/batch.py
@@ -0,0 +1,71 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Plugin to make multiple ipa calls via one remote procedure call
+
+To run this code in the lite-server
+
+curl -H "Content-Type:application/json" -H "Accept:application/json" -H "Accept-Language:en" --negotiate -u : --cacert /etc/ipa/ca.crt -d @batch_request.json -X POST http://localhost:8888/ipa/json
+
+where the contents of the file batch_request.json follow the below example
+
+{"method":"batch","params":[[
+ {"method":"group_find","params":[[],{}]},
+ {"method":"user_find","params":[[],{"whoami":"true","all":"true"}]},
+ {"method":"user_show","params":[["admin"],{"all":true}]}
+ ],{}],"id":1}
+
+The format of the response is nested the same way. At the top you will see
+ "error": null,
+ "id": 1,
+ "result": {
+ "count": 3,
+ "results": [
+
+
+And then a nested response for each IPA command method sent in the request
+""")
+
+register = Registry()
+
+
+@register()
+class batch(Command):
+ NO_CLI = True
+
+ takes_args = (
+ parameters.Str(
+ 'methods',
+ required=False,
+ multivalue=True,
+ doc=_(u'Nested Methods to execute'),
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'count',
+ int,
+ ),
+ output.Output(
+ 'results',
+ (list, tuple),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/cert.py b/ipaclient/remote_plugins/2_114/cert.py
new file mode 100644
index 0000000..763f63e
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/cert.py
@@ -0,0 +1,376 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+IPA certificate operations
+
+Implements a set of commands for managing server SSL certificates.
+
+Certificate requests exist in the form of a Certificate Signing Request (CSR)
+in PEM format.
+
+The dogtag CA uses just the CN value of the CSR and forces the rest of the
+subject to values configured in the server.
+
+A certificate is stored with a service principal and a service principal
+needs a host.
+
+In order to request a certificate:
+
+* The host must exist
+* The service must exist (or you use the --add option to automatically add it)
+
+SEARCHING:
+
+Certificates may be searched on by certificate subject, serial number,
+revocation reason, validity dates and the issued date.
+
+When searching on dates the _from date does a >= search and the _to date
+does a <= search. When combined these are done as an AND.
+
+Dates are treated as GMT to match the dates in the certificates.
+
+The date format is YYYY-mm-dd.
+
+EXAMPLES:
+
+ Request a new certificate and add the principal:
+ ipa cert-request --add --principal=HTTP/lion.example.com example.csr
+
+ Retrieve an existing certificate:
+ ipa cert-show 1032
+
+ Revoke a certificate (see RFC 5280 for reason details):
+ ipa cert-revoke --revocation-reason=6 1032
+
+ Remove a certificate from revocation hold status:
+ ipa cert-remove-hold 1032
+
+ Check the status of a signing request:
+ ipa cert-status 10
+
+ Search for certificates by hostname:
+ ipa cert-find --subject=ipaserver.example.com
+
+ Search for revoked certificates by reason:
+ ipa cert-find --revocation-reason=5
+
+ Search for certificates based on issuance date
+ ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07
+
+IPA currently immediately issues (or declines) all certificate requests so
+the status of a request is not normally useful. This is for future use
+or the case where a CA does not immediately issue a certificate.
+
+The following revocation reasons are supported:
+
+ * 0 - unspecified
+ * 1 - keyCompromise
+ * 2 - cACompromise
+ * 3 - affiliationChanged
+ * 4 - superseded
+ * 5 - cessationOfOperation
+ * 6 - certificateHold
+ * 8 - removeFromCRL
+ * 9 - privilegeWithdrawn
+ * 10 - aACompromise
+
+Note that reason code 7 is not used. See RFC 5280 for more details:
+
+http://www.ietf.org/rfc/rfc5280.txt
+""")
+
+register = Registry()
+
+
+@register()
+class ca_is_enabled(Command):
+ __doc__ = _("Checks if any of the servers has the CA service enabled.")
+
+ NO_CLI = True
+
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class cert_find(Command):
+ __doc__ = _("Search for existing certificates.")
+
+ takes_options = (
+ parameters.Str(
+ 'subject',
+ required=False,
+ label=_(u'Subject'),
+ ),
+ parameters.Int(
+ 'revocation_reason',
+ required=False,
+ label=_(u'Reason'),
+ doc=_(u'Reason for revoking the certificate (0-10)'),
+ ),
+ parameters.Int(
+ 'min_serial_number',
+ required=False,
+ doc=_(u'minimum serial number'),
+ ),
+ parameters.Int(
+ 'max_serial_number',
+ required=False,
+ doc=_(u'maximum serial number'),
+ ),
+ parameters.Flag(
+ 'exactly',
+ required=False,
+ doc=_(u'match the common name exactly'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'validnotafter_from',
+ required=False,
+ doc=_(u'Valid not after from this date (YYYY-mm-dd)'),
+ ),
+ parameters.Str(
+ 'validnotafter_to',
+ required=False,
+ doc=_(u'Valid not after to this date (YYYY-mm-dd)'),
+ ),
+ parameters.Str(
+ 'validnotbefore_from',
+ required=False,
+ doc=_(u'Valid not before from this date (YYYY-mm-dd)'),
+ ),
+ parameters.Str(
+ 'validnotbefore_to',
+ required=False,
+ doc=_(u'Valid not before to this date (YYYY-mm-dd)'),
+ ),
+ parameters.Str(
+ 'issuedon_from',
+ required=False,
+ doc=_(u'Issued on from this date (YYYY-mm-dd)'),
+ ),
+ parameters.Str(
+ 'issuedon_to',
+ required=False,
+ doc=_(u'Issued on to this date (YYYY-mm-dd)'),
+ ),
+ parameters.Str(
+ 'revokedon_from',
+ required=False,
+ doc=_(u'Revoked on from this date (YYYY-mm-dd)'),
+ ),
+ parameters.Str(
+ 'revokedon_to',
+ required=False,
+ doc=_(u'Revoked on to this date (YYYY-mm-dd)'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of certs returned'),
+ default=100,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class cert_remove_hold(Command):
+ __doc__ = _("Take a revoked certificate off hold.")
+
+ takes_args = (
+ parameters.Str(
+ 'serial_number',
+ label=_(u'Serial number'),
+ doc=_(u'Serial number in decimal or if prefixed with 0x in hexadecimal'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'result',
+ ),
+ )
+
+
+@register()
+class cert_request(Command):
+ __doc__ = _("Submit a certificate signing request.")
+
+ takes_args = (
+ parameters.Str(
+ 'csr',
+ cli_name='csr_file',
+ label=_(u'CSR'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'principal',
+ label=_(u'Principal'),
+ doc=_(u'Service principal for this certificate (e.g. HTTP/test.example.com)'),
+ ),
+ parameters.Str(
+ 'request_type',
+ default=u'pkcs10',
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'add',
+ doc=_(u"automatically add the principal if it doesn't exist"),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'Dictionary mapping variable name to value'),
+ ),
+ )
+
+
+@register()
+class cert_revoke(Command):
+ __doc__ = _("Revoke a certificate.")
+
+ takes_args = (
+ parameters.Str(
+ 'serial_number',
+ label=_(u'Serial number'),
+ doc=_(u'Serial number in decimal or if prefixed with 0x in hexadecimal'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Int(
+ 'revocation_reason',
+ label=_(u'Reason'),
+ doc=_(u'Reason for revoking the certificate (0-10)'),
+ default=0,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'result',
+ ),
+ )
+
+
+@register()
+class cert_show(Command):
+ __doc__ = _("Retrieve an existing certificate.")
+
+ takes_args = (
+ parameters.Str(
+ 'serial_number',
+ label=_(u'Serial number'),
+ doc=_(u'Serial number in decimal or if prefixed with 0x in hexadecimal'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'out',
+ required=False,
+ label=_(u'Output filename'),
+ doc=_(u'File to store the certificate in.'),
+ exclude=('webui',),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'result',
+ ),
+ )
+
+
+@register()
+class cert_status(Command):
+ __doc__ = _("Check the status of a certificate signing request.")
+
+ takes_args = (
+ parameters.Str(
+ 'request_id',
+ label=_(u'Request id'),
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'result',
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/config.py b/ipaclient/remote_plugins/2_114/config.py
new file mode 100644
index 0000000..b559516
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/config.py
@@ -0,0 +1,408 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Server configuration
+
+Manage the default values that IPA uses and some of its tuning parameters.
+
+NOTES:
+
+The password notification value (--pwdexpnotify) is stored here so it will
+be replicated. It is not currently used to notify users in advance of an
+expiring password.
+
+Some attributes are read-only, provided only for information purposes. These
+include:
+
+Certificate Subject base: the configured certificate subject base,
+ e.g. O=EXAMPLE.COM. This is configurable only at install time.
+Password plug-in features: currently defines additional hashes that the
+ password will generate (there may be other conditions).
+
+When setting the order list for mapping SELinux users you may need to
+quote the value so it isn't interpreted by the shell.
+
+EXAMPLES:
+
+ Show basic server configuration:
+ ipa config-show
+
+ Show all configuration options:
+ ipa config-show --all
+
+ Change maximum username length to 99 characters:
+ ipa config-mod --maxusername=99
+
+ Increase default time and size limits for maximum IPA server search:
+ ipa config-mod --searchtimelimit=10 --searchrecordslimit=2000
+
+ Set default user e-mail domain:
+ ipa config-mod --emaildomain=example.com
+
+ Enable migration mode to make "ipa migrate-ds" command operational:
+ ipa config-mod --enable-migration=TRUE
+
+ Define SELinux user map order:
+ ipa config-mod --ipaselinuxusermaporder='guest_u:s0$xguest_u:s0$user_u:s0-s0:c0.c1023$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'
+""")
+
+register = Registry()
+
+
+@register()
+class config(Object):
+ takes_params = (
+ parameters.Int(
+ 'ipamaxusernamelength',
+ label=_(u'Maximum username length'),
+ ),
+ parameters.Str(
+ 'ipahomesrootdir',
+ label=_(u'Home directory base'),
+ doc=_(u'Default location of home directories'),
+ ),
+ parameters.Str(
+ 'ipadefaultloginshell',
+ label=_(u'Default shell'),
+ doc=_(u'Default shell for new users'),
+ ),
+ parameters.Str(
+ 'ipadefaultprimarygroup',
+ label=_(u'Default users group'),
+ doc=_(u'Default group for new users'),
+ ),
+ parameters.Str(
+ 'ipadefaultemaildomain',
+ required=False,
+ label=_(u'Default e-mail domain'),
+ ),
+ parameters.Int(
+ 'ipasearchtimelimit',
+ label=_(u'Search time limit'),
+ doc=_(u'Maximum amount of time (seconds) for a search (> 0, or -1 for unlimited)'),
+ ),
+ parameters.Int(
+ 'ipasearchrecordslimit',
+ label=_(u'Search size limit'),
+ doc=_(u'Maximum number of records to search (-1 is unlimited)'),
+ ),
+ parameters.Str(
+ 'ipausersearchfields',
+ label=_(u'User search fields'),
+ doc=_(u'A comma-separated list of fields to search in when searching for users'),
+ ),
+ parameters.Str(
+ 'ipagroupsearchfields',
+ label=_(u'Group search fields'),
+ doc=_(u'A comma-separated list of fields to search in when searching for groups'),
+ ),
+ parameters.Bool(
+ 'ipamigrationenabled',
+ label=_(u'Enable migration mode'),
+ ),
+ parameters.DNParam(
+ 'ipacertificatesubjectbase',
+ label=_(u'Certificate Subject base'),
+ doc=_(u'Base for certificate subjects (OU=Test,O=Example)'),
+ ),
+ parameters.Str(
+ 'ipagroupobjectclasses',
+ multivalue=True,
+ label=_(u'Default group objectclasses'),
+ doc=_(u'Default group objectclasses (comma-separated list)'),
+ ),
+ parameters.Str(
+ 'ipauserobjectclasses',
+ multivalue=True,
+ label=_(u'Default user objectclasses'),
+ doc=_(u'Default user objectclasses (comma-separated list)'),
+ ),
+ parameters.Int(
+ 'ipapwdexpadvnotify',
+ label=_(u'Password Expiration Notification (days)'),
+ doc=_(u"Number of days's notice of impending password expiration"),
+ ),
+ parameters.Str(
+ 'ipaconfigstring',
+ required=False,
+ multivalue=True,
+ label=_(u'Password plugin features'),
+ doc=_(u'Extra hashes to generate in password plug-in'),
+ ),
+ parameters.Str(
+ 'ipaselinuxusermaporder',
+ label=_(u'SELinux user map order'),
+ doc=_(u'Order in increasing priority of SELinux users, delimited by $'),
+ ),
+ parameters.Str(
+ 'ipaselinuxusermapdefault',
+ required=False,
+ label=_(u'Default SELinux user'),
+ doc=_(u'Default SELinux user when no match is found in SELinux map rule'),
+ ),
+ parameters.Str(
+ 'ipakrbauthzdata',
+ required=False,
+ multivalue=True,
+ label=_(u'Default PAC types'),
+ doc=_(u'Default types of PAC supported for services'),
+ ),
+ parameters.Str(
+ 'ipauserauthtype',
+ required=False,
+ multivalue=True,
+ label=_(u'Default user authentication types'),
+ doc=_(u'Default types of supported user authentication'),
+ ),
+ )
+
+
+@register()
+class config_mod(Method):
+ __doc__ = _("Modify configuration options.")
+
+ takes_options = (
+ parameters.Int(
+ 'ipamaxusernamelength',
+ required=False,
+ cli_name='maxusername',
+ label=_(u'Maximum username length'),
+ ),
+ parameters.Str(
+ 'ipahomesrootdir',
+ required=False,
+ cli_name='homedirectory',
+ label=_(u'Home directory base'),
+ doc=_(u'Default location of home directories'),
+ ),
+ parameters.Str(
+ 'ipadefaultloginshell',
+ required=False,
+ cli_name='defaultshell',
+ label=_(u'Default shell'),
+ doc=_(u'Default shell for new users'),
+ ),
+ parameters.Str(
+ 'ipadefaultprimarygroup',
+ required=False,
+ cli_name='defaultgroup',
+ label=_(u'Default users group'),
+ doc=_(u'Default group for new users'),
+ ),
+ parameters.Str(
+ 'ipadefaultemaildomain',
+ required=False,
+ cli_name='emaildomain',
+ label=_(u'Default e-mail domain'),
+ ),
+ parameters.Int(
+ 'ipasearchtimelimit',
+ required=False,
+ cli_name='searchtimelimit',
+ label=_(u'Search time limit'),
+ doc=_(u'Maximum amount of time (seconds) for a search (> 0, or -1 for unlimited)'),
+ ),
+ parameters.Int(
+ 'ipasearchrecordslimit',
+ required=False,
+ cli_name='searchrecordslimit',
+ label=_(u'Search size limit'),
+ doc=_(u'Maximum number of records to search (-1 is unlimited)'),
+ ),
+ parameters.Str(
+ 'ipausersearchfields',
+ required=False,
+ cli_name='usersearch',
+ label=_(u'User search fields'),
+ doc=_(u'A comma-separated list of fields to search in when searching for users'),
+ ),
+ parameters.Str(
+ 'ipagroupsearchfields',
+ required=False,
+ cli_name='groupsearch',
+ label=_(u'Group search fields'),
+ doc=_(u'A comma-separated list of fields to search in when searching for groups'),
+ ),
+ parameters.Bool(
+ 'ipamigrationenabled',
+ required=False,
+ cli_name='enable_migration',
+ label=_(u'Enable migration mode'),
+ ),
+ parameters.Str(
+ 'ipagroupobjectclasses',
+ required=False,
+ multivalue=True,
+ cli_name='groupobjectclasses',
+ label=_(u'Default group objectclasses'),
+ doc=_(u'Default group objectclasses (comma-separated list)'),
+ ),
+ parameters.Str(
+ 'ipauserobjectclasses',
+ required=False,
+ multivalue=True,
+ cli_name='userobjectclasses',
+ label=_(u'Default user objectclasses'),
+ doc=_(u'Default user objectclasses (comma-separated list)'),
+ ),
+ parameters.Int(
+ 'ipapwdexpadvnotify',
+ required=False,
+ cli_name='pwdexpnotify',
+ label=_(u'Password Expiration Notification (days)'),
+ doc=_(u"Number of days's notice of impending password expiration"),
+ ),
+ parameters.Str(
+ 'ipaconfigstring',
+ required=False,
+ multivalue=True,
+ cli_metavar="['AllowNThash', 'KDC:Disable Last Success', 'KDC:Disable Lockout']",
+ label=_(u'Password plugin features'),
+ doc=_(u'Extra hashes to generate in password plug-in'),
+ ),
+ parameters.Str(
+ 'ipaselinuxusermaporder',
+ required=False,
+ label=_(u'SELinux user map order'),
+ doc=_(u'Order in increasing priority of SELinux users, delimited by $'),
+ ),
+ parameters.Str(
+ 'ipaselinuxusermapdefault',
+ required=False,
+ label=_(u'Default SELinux user'),
+ doc=_(u'Default SELinux user when no match is found in SELinux map rule'),
+ ),
+ parameters.Str(
+ 'ipakrbauthzdata',
+ required=False,
+ multivalue=True,
+ cli_name='pac_type',
+ cli_metavar="['MS-PAC', 'PAD', 'nfs:NONE']",
+ label=_(u'Default PAC types'),
+ doc=_(u'Default types of PAC supported for services'),
+ ),
+ parameters.Str(
+ 'ipauserauthtype',
+ required=False,
+ multivalue=True,
+ cli_name='user_auth_type',
+ cli_metavar="['password', 'radius', 'otp']",
+ label=_(u'Default user authentication types'),
+ doc=_(u'Default types of supported user authentication'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class config_show(Method):
+ __doc__ = _("Show the current configuration.")
+
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/delegation.py b/ipaclient/remote_plugins/2_114/delegation.py
new file mode 100644
index 0000000..8749611
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/delegation.py
@@ -0,0 +1,383 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Group to Group Delegation
+
+A permission enables fine-grained delegation of permissions. Access Control
+Rules, or instructions (ACIs), grant permission to permissions to perform
+given tasks such as adding a user, modifying a group, etc.
+
+Group to Group Delegations grants the members of one group to update a set
+of attributes of members of another group.
+
+EXAMPLES:
+
+ Add a delegation rule to allow managers to edit employee's addresses:
+ ipa delegation-add --attrs=street --group=managers --membergroup=employees "managers edit employees' street"
+
+ When managing the list of attributes you need to include all attributes
+ in the list, including existing ones. Add postalCode to the list:
+ ipa delegation-mod --attrs=street --attrs=postalCode --group=managers --membergroup=employees "managers edit employees' street"
+
+ Display our updated rule:
+ ipa delegation-show "managers edit employees' street"
+
+ Delete a rule:
+ ipa delegation-del "managers edit employees' street"
+""")
+
+register = Registry()
+
+
+@register()
+class delegation(Object):
+ takes_params = (
+ parameters.Str(
+ 'aciname',
+ primary_key=True,
+ label=_(u'Delegation name'),
+ ),
+ parameters.Str(
+ 'permissions',
+ required=False,
+ multivalue=True,
+ label=_(u'Permissions'),
+ doc=_(u'Permissions to grant (read, write). Default is write.'),
+ ),
+ parameters.Str(
+ 'attrs',
+ multivalue=True,
+ label=_(u'Attributes'),
+ doc=_(u'Attributes to which the delegation applies'),
+ ),
+ parameters.Str(
+ 'memberof',
+ label=_(u'Member user group'),
+ doc=_(u'User group to apply delegation to'),
+ ),
+ parameters.Str(
+ 'group',
+ label=_(u'User group'),
+ doc=_(u'User group ACI grants access to'),
+ ),
+ )
+
+
+@register()
+class delegation_add(Method):
+ __doc__ = _("Add a new delegation.")
+
+ takes_args = (
+ parameters.Str(
+ 'aciname',
+ cli_name='name',
+ label=_(u'Delegation name'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'permissions',
+ required=False,
+ multivalue=True,
+ label=_(u'Permissions'),
+ doc=_(u'Permissions to grant (read, write). Default is write.'),
+ ),
+ parameters.Str(
+ 'attrs',
+ multivalue=True,
+ label=_(u'Attributes'),
+ doc=_(u'Attributes to which the delegation applies'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'memberof',
+ cli_name='membergroup',
+ label=_(u'Member user group'),
+ doc=_(u'User group to apply delegation to'),
+ ),
+ parameters.Str(
+ 'group',
+ label=_(u'User group'),
+ doc=_(u'User group ACI grants access to'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class delegation_del(Method):
+ __doc__ = _("Delete a delegation.")
+
+ takes_args = (
+ parameters.Str(
+ 'aciname',
+ cli_name='name',
+ label=_(u'Delegation name'),
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class delegation_find(Method):
+ __doc__ = _("Search for delegations.")
+
+ takes_args = (
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'aciname',
+ required=False,
+ cli_name='name',
+ label=_(u'Delegation name'),
+ ),
+ parameters.Str(
+ 'permissions',
+ required=False,
+ multivalue=True,
+ label=_(u'Permissions'),
+ doc=_(u'Permissions to grant (read, write). Default is write.'),
+ ),
+ parameters.Str(
+ 'attrs',
+ required=False,
+ multivalue=True,
+ label=_(u'Attributes'),
+ doc=_(u'Attributes to which the delegation applies'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'memberof',
+ required=False,
+ cli_name='membergroup',
+ label=_(u'Member user group'),
+ doc=_(u'User group to apply delegation to'),
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ label=_(u'User group'),
+ doc=_(u'User group ACI grants access to'),
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("name")'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class delegation_mod(Method):
+ __doc__ = _("Modify a delegation.")
+
+ takes_args = (
+ parameters.Str(
+ 'aciname',
+ cli_name='name',
+ label=_(u'Delegation name'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'permissions',
+ required=False,
+ multivalue=True,
+ label=_(u'Permissions'),
+ doc=_(u'Permissions to grant (read, write). Default is write.'),
+ ),
+ parameters.Str(
+ 'attrs',
+ required=False,
+ multivalue=True,
+ label=_(u'Attributes'),
+ doc=_(u'Attributes to which the delegation applies'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'memberof',
+ required=False,
+ cli_name='membergroup',
+ label=_(u'Member user group'),
+ doc=_(u'User group to apply delegation to'),
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ label=_(u'User group'),
+ doc=_(u'User group ACI grants access to'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class delegation_show(Method):
+ __doc__ = _("Display information about a delegation.")
+
+ takes_args = (
+ parameters.Str(
+ 'aciname',
+ cli_name='name',
+ label=_(u'Delegation name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/dns.py b/ipaclient/remote_plugins/2_114/dns.py
new file mode 100644
index 0000000..5d91dbc
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/dns.py
@@ -0,0 +1,5373 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Domain Name System (DNS)
+
+Manage DNS zone and resource records.
+
+SUPPORTED ZONE TYPES
+
+ * Master zone (dnszone-*), contains authoritative data.
+ * Forward zone (dnsforwardzone-*), forwards queries to configured forwarders
+ (a set of DNS servers).
+
+USING STRUCTURED PER-TYPE OPTIONS
+
+There are many structured DNS RR types where DNS data stored in LDAP server
+is not just a scalar value, for example an IP address or a domain name, but
+a data structure which may be often complex. A good example is a LOC record
+[RFC1876] which consists of many mandatory and optional parts (degrees,
+minutes, seconds of latitude and longitude, altitude or precision).
+
+It may be difficult to manipulate such DNS records without making a mistake
+and entering an invalid value. DNS module provides an abstraction over these
+raw records and allows to manipulate each RR type with specific options. For
+each supported RR type, DNS module provides a standard option to manipulate
+a raw records with format --<rrtype>-rec, e.g. --mx-rec, and special options
+for every part of the RR structure with format --<rrtype>-<partname>, e.g.
+--mx-preference and --mx-exchanger.
+
+When adding a record, either RR specific options or standard option for a raw
+value can be used, they just should not be combined in one add operation. When
+modifying an existing entry, new RR specific options can be used to change
+one part of a DNS record, where the standard option for raw value is used
+to specify the modified value. The following example demonstrates
+a modification of MX record preference from 0 to 1 in a record without
+modifying the exchanger:
+ipa dnsrecord-mod --mx-rec="0 mx.example.com." --mx-preference=1
+
+
+EXAMPLES:
+
+ Add new zone:
+ ipa dnszone-add example.com --admin-email=admin@example.com
+
+ Add system permission that can be used for per-zone privilege delegation:
+ ipa dnszone-add-permission example.com
+
+ Modify the zone to allow dynamic updates for hosts own records in realm EXAMPLE.COM:
+ ipa dnszone-mod example.com --dynamic-update=TRUE
+
+ This is the equivalent of:
+ ipa dnszone-mod example.com --dynamic-update=TRUE \
+ --update-policy="grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * AAAA; grant EXAMPLE.COM krb5-self * SSHFP;"
+
+ Modify the zone to allow zone transfers for local network only:
+ ipa dnszone-mod example.com --allow-transfer=192.0.2.0/24
+
+ Add new reverse zone specified by network IP address:
+ ipa dnszone-add --name-from-ip=192.0.2.0/24
+
+ Add second nameserver for example.com:
+ ipa dnsrecord-add example.com @ --ns-rec=nameserver2.example.com
+
+ Add a mail server for example.com:
+ ipa dnsrecord-add example.com @ --mx-rec="10 mail1"
+
+ Add another record using MX record specific options:
+ ipa dnsrecord-add example.com @ --mx-preference=20 --mx-exchanger=mail2
+
+ Add another record using interactive mode (started when dnsrecord-add, dnsrecord-mod,
+ or dnsrecord-del are executed with no options):
+ ipa dnsrecord-add example.com @
+ Please choose a type of DNS resource record to be added
+ The most common types for this type of zone are: NS, MX, LOC
+
+ DNS resource record type: MX
+ MX Preference: 30
+ MX Exchanger: mail3
+ Record name: example.com
+ MX record: 10 mail1, 20 mail2, 30 mail3
+ NS record: nameserver.example.com., nameserver2.example.com.
+
+ Delete previously added nameserver from example.com:
+ ipa dnsrecord-del example.com @ --ns-rec=nameserver2.example.com.
+
+ Add LOC record for example.com:
+ ipa dnsrecord-add example.com @ --loc-rec="49 11 42.4 N 16 36 29.6 E 227.64m"
+
+ Add new A record for www.example.com. Create a reverse record in appropriate
+ reverse zone as well. In this case a PTR record "2" pointing to www.example.com
+ will be created in zone 2.0.192.in-addr.arpa.
+ ipa dnsrecord-add example.com www --a-rec=192.0.2.2 --a-create-reverse
+
+ Add new PTR record for www.example.com
+ ipa dnsrecord-add 2.0.192.in-addr.arpa. 2 --ptr-rec=www.example.com.
+
+ Add new SRV records for LDAP servers. Three quarters of the requests
+ should go to fast.example.com, one quarter to slow.example.com. If neither
+ is available, switch to backup.example.com.
+ ipa dnsrecord-add example.com _ldap._tcp --srv-rec="0 3 389 fast.example.com"
+ ipa dnsrecord-add example.com _ldap._tcp --srv-rec="0 1 389 slow.example.com"
+ ipa dnsrecord-add example.com _ldap._tcp --srv-rec="1 1 389 backup.example.com"
+
+ The interactive mode can be used for easy modification:
+ ipa dnsrecord-mod example.com _ldap._tcp
+ No option to modify specific record provided.
+ Current DNS record contents:
+
+ SRV record: 0 3 389 fast.example.com, 0 1 389 slow.example.com, 1 1 389 backup.example.com
+
+ Modify SRV record '0 3 389 fast.example.com'? Yes/No (default No):
+ Modify SRV record '0 1 389 slow.example.com'? Yes/No (default No): y
+ SRV Priority [0]: (keep the default value)
+ SRV Weight [1]: 2 (modified value)
+ SRV Port [389]: (keep the default value)
+ SRV Target [slow.example.com]: (keep the default value)
+ 1 SRV record skipped. Only one value per DNS record type can be modified at one time.
+ Record name: _ldap._tcp
+ SRV record: 0 3 389 fast.example.com, 1 1 389 backup.example.com, 0 2 389 slow.example.com
+
+ After this modification, three fifths of the requests should go to
+ fast.example.com and two fifths to slow.example.com.
+
+ An example of the interactive mode for dnsrecord-del command:
+ ipa dnsrecord-del example.com www
+ No option to delete specific record provided.
+ Delete all? Yes/No (default No): (do not delete all records)
+ Current DNS record contents:
+
+ A record: 192.0.2.2, 192.0.2.3
+
+ Delete A record '192.0.2.2'? Yes/No (default No):
+ Delete A record '192.0.2.3'? Yes/No (default No): y
+ Record name: www
+ A record: 192.0.2.2 (A record 192.0.2.3 has been deleted)
+
+ Show zone example.com:
+ ipa dnszone-show example.com
+
+ Find zone with "example" in its domain name:
+ ipa dnszone-find example
+
+ Find records for resources with "www" in their name in zone example.com:
+ ipa dnsrecord-find example.com www
+
+ Find A records with value 192.0.2.2 in zone example.com
+ ipa dnsrecord-find example.com --a-rec=192.0.2.2
+
+ Show records for resource www in zone example.com
+ ipa dnsrecord-show example.com www
+
+ Delegate zone sub.example to another nameserver:
+ ipa dnsrecord-add example.com ns.sub --a-rec=203.0.113.1
+ ipa dnsrecord-add example.com sub --ns-rec=ns.sub.example.com.
+
+ Delete zone example.com with all resource records:
+ ipa dnszone-del example.com
+
+ If a global forwarder is configured, all queries for which this server is not
+ authoritative (e.g. sub.example.com) will be routed to the global forwarder.
+ Global forwarding configuration can be overridden per-zone.
+
+ Semantics of forwarding in IPA matches BIND semantics and depends on the type
+ of zone:
+ * Master zone: local BIND replies authoritatively to queries for data in
+ the given zone (including authoritative NXDOMAIN answers) and forwarding
+ affects only queries for names below zone cuts (NS records) of locally
+ served zones.
+
+ * Forward zone: forward zone contains no authoritative data. BIND forwards
+ queries, which cannot be answered from its local cache, to configured
+ forwarders.
+
+ Semantics of the --forwarder-policy option:
+ * none - disable forwarding for the given zone.
+ * first - forward all queries to configured forwarders. If they fail,
+ do resolution using DNS root servers.
+ * only - forward all queries to configured forwarders and if they fail,
+ return failure.
+
+ Disable global forwarding for given sub-tree:
+ ipa dnszone-mod example.com --forward-policy=none
+
+ This configuration forwards all queries for names outside the example.com
+ sub-tree to global forwarders. Normal recursive resolution process is used
+ for names inside the example.com sub-tree (i.e. NS records are followed etc.).
+
+ Forward all requests for the zone external.example.com to another forwarder
+ using a "first" policy (it will send the queries to the selected forwarder
+ and if not answered it will use global root servers):
+ ipa dnsforwardzone-add external.example.com --forward-policy=first \
+ --forwarder=203.0.113.1
+
+ Change forward-policy for external.example.com:
+ ipa dnsforwardzone-mod external.example.com --forward-policy=only
+
+ Show forward zone external.example.com:
+ ipa dnsforwardzone-show external.example.com
+
+ List all forward zones:
+ ipa dnsforwardzone-find
+
+ Delete forward zone external.example.com:
+ ipa dnsforwardzone-del external.example.com
+
+ Resolve a host name to see if it exists (will add default IPA domain
+ if one is not included):
+ ipa dns-resolve www.example.com
+ ipa dns-resolve www
+
+
+GLOBAL DNS CONFIGURATION
+
+DNS configuration passed to command line install script is stored in a local
+configuration file on each IPA server where DNS service is configured. These
+local settings can be overridden with a common configuration stored in LDAP
+server:
+
+ Show global DNS configuration:
+ ipa dnsconfig-show
+
+ Modify global DNS configuration and set a list of global forwarders:
+ ipa dnsconfig-mod --forwarder=203.0.113.113
+""")
+
+register = Registry()
+
+
+@register()
+class dnsconfig(Object):
+ takes_params = (
+ parameters.Str(
+ 'idnsforwarders',
+ required=False,
+ multivalue=True,
+ label=_(u'Global forwarders'),
+ doc=_(u'Global forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"'),
+ ),
+ parameters.Str(
+ 'idnsforwardpolicy',
+ required=False,
+ label=_(u'Forward policy'),
+ doc=_(u'Global forwarding policy. Set to "none" to disable any configured global forwarders.'),
+ ),
+ parameters.Bool(
+ 'idnsallowsyncptr',
+ required=False,
+ label=_(u'Allow PTR sync'),
+ doc=_(u'Allow synchronization of forward (A, AAAA) and reverse (PTR) records'),
+ ),
+ parameters.Int(
+ 'idnszonerefresh',
+ required=False,
+ label=_(u'Zone refresh interval'),
+ ),
+ )
+
+
+@register()
+class dnsforwardzone(Object):
+ takes_params = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ primary_key=True,
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ ),
+ parameters.Str(
+ 'name_from_ip',
+ required=False,
+ label=_(u'Reverse zone IP network'),
+ doc=_(u'IP network to create reverse zone name from'),
+ ),
+ parameters.Bool(
+ 'idnszoneactive',
+ required=False,
+ label=_(u'Active zone'),
+ doc=_(u'Is zone active?'),
+ ),
+ parameters.Str(
+ 'idnsforwarders',
+ required=False,
+ multivalue=True,
+ label=_(u'Zone forwarders'),
+ doc=_(u'Per-zone forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"'),
+ ),
+ parameters.Str(
+ 'idnsforwardpolicy',
+ required=False,
+ label=_(u'Forward policy'),
+ doc=_(u'Per-zone conditional forwarding policy. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded.'),
+ ),
+ )
+
+
+@register()
+class dnsrecord(Object):
+ takes_params = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ primary_key=True,
+ label=_(u'Record name'),
+ ),
+ parameters.Int(
+ 'dnsttl',
+ required=False,
+ label=_(u'Time to live'),
+ ),
+ parameters.Str(
+ 'dnsclass',
+ required=False,
+ ),
+ parameters.Str(
+ 'dnsrecords',
+ required=False,
+ label=_(u'Records'),
+ ),
+ parameters.Str(
+ 'dnstype',
+ required=False,
+ label=_(u'Record type'),
+ ),
+ parameters.Str(
+ 'dnsdata',
+ required=False,
+ label=_(u'Record data'),
+ ),
+ parameters.Str(
+ 'arecord',
+ required=False,
+ multivalue=True,
+ label=_(u'A record'),
+ doc=_(u'Raw A records'),
+ ),
+ parameters.Str(
+ 'a_part_ip_address',
+ required=False,
+ label=_(u'A IP Address'),
+ doc=_(u'IP Address'),
+ ),
+ parameters.Flag(
+ 'a_extra_create_reverse',
+ required=False,
+ label=_(u'A Create reverse'),
+ doc=_(u'Create reverse record for this IP Address'),
+ ),
+ parameters.Str(
+ 'aaaarecord',
+ required=False,
+ multivalue=True,
+ label=_(u'AAAA record'),
+ doc=_(u'Raw AAAA records'),
+ ),
+ parameters.Str(
+ 'aaaa_part_ip_address',
+ required=False,
+ label=_(u'AAAA IP Address'),
+ doc=_(u'IP Address'),
+ ),
+ parameters.Flag(
+ 'aaaa_extra_create_reverse',
+ required=False,
+ label=_(u'AAAA Create reverse'),
+ doc=_(u'Create reverse record for this IP Address'),
+ ),
+ parameters.Str(
+ 'a6record',
+ required=False,
+ multivalue=True,
+ label=_(u'A6 record'),
+ doc=_(u'Raw A6 records'),
+ ),
+ parameters.Str(
+ 'a6_part_data',
+ required=False,
+ label=_(u'A6 Record data'),
+ doc=_(u'Record data'),
+ ),
+ parameters.Str(
+ 'afsdbrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'AFSDB record'),
+ doc=_(u'Raw AFSDB records'),
+ ),
+ parameters.Int(
+ 'afsdb_part_subtype',
+ required=False,
+ label=_(u'AFSDB Subtype'),
+ doc=_(u'Subtype'),
+ ),
+ parameters.DNSNameParam(
+ 'afsdb_part_hostname',
+ required=False,
+ label=_(u'AFSDB Hostname'),
+ doc=_(u'Hostname'),
+ ),
+ parameters.Str(
+ 'aplrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'APL record'),
+ doc=_(u'Raw APL records'),
+ ),
+ parameters.Str(
+ 'certrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'CERT record'),
+ doc=_(u'Raw CERT records'),
+ ),
+ parameters.Int(
+ 'cert_part_type',
+ required=False,
+ label=_(u'CERT Certificate Type'),
+ doc=_(u'Certificate Type'),
+ ),
+ parameters.Int(
+ 'cert_part_key_tag',
+ required=False,
+ label=_(u'CERT Key Tag'),
+ doc=_(u'Key Tag'),
+ ),
+ parameters.Int(
+ 'cert_part_algorithm',
+ required=False,
+ label=_(u'CERT Algorithm'),
+ doc=_(u'Algorithm'),
+ ),
+ parameters.Str(
+ 'cert_part_certificate_or_crl',
+ required=False,
+ label=_(u'CERT Certificate/CRL'),
+ doc=_(u'Certificate/CRL'),
+ ),
+ parameters.Str(
+ 'cnamerecord',
+ required=False,
+ multivalue=True,
+ label=_(u'CNAME record'),
+ doc=_(u'Raw CNAME records'),
+ ),
+ parameters.DNSNameParam(
+ 'cname_part_hostname',
+ required=False,
+ label=_(u'CNAME Hostname'),
+ doc=_(u'A hostname which this alias hostname points to'),
+ ),
+ parameters.Str(
+ 'dhcidrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'DHCID record'),
+ doc=_(u'Raw DHCID records'),
+ ),
+ parameters.Str(
+ 'dlvrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'DLV record'),
+ doc=_(u'Raw DLV records'),
+ ),
+ parameters.Int(
+ 'dlv_part_key_tag',
+ required=False,
+ label=_(u'DLV Key Tag'),
+ doc=_(u'Key Tag'),
+ ),
+ parameters.Int(
+ 'dlv_part_algorithm',
+ required=False,
+ label=_(u'DLV Algorithm'),
+ doc=_(u'Algorithm'),
+ ),
+ parameters.Int(
+ 'dlv_part_digest_type',
+ required=False,
+ label=_(u'DLV Digest Type'),
+ doc=_(u'Digest Type'),
+ ),
+ parameters.Str(
+ 'dlv_part_digest',
+ required=False,
+ label=_(u'DLV Digest'),
+ doc=_(u'Digest'),
+ ),
+ parameters.Str(
+ 'dnamerecord',
+ required=False,
+ multivalue=True,
+ label=_(u'DNAME record'),
+ doc=_(u'Raw DNAME records'),
+ ),
+ parameters.DNSNameParam(
+ 'dname_part_target',
+ required=False,
+ label=_(u'DNAME Target'),
+ doc=_(u'Target'),
+ ),
+ parameters.Str(
+ 'dnskeyrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'DNSKEY record'),
+ doc=_(u'Raw DNSKEY records'),
+ ),
+ parameters.Str(
+ 'dsrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'DS record'),
+ doc=_(u'Raw DS records'),
+ ),
+ parameters.Int(
+ 'ds_part_key_tag',
+ required=False,
+ label=_(u'DS Key Tag'),
+ doc=_(u'Key Tag'),
+ ),
+ parameters.Int(
+ 'ds_part_algorithm',
+ required=False,
+ label=_(u'DS Algorithm'),
+ doc=_(u'Algorithm'),
+ ),
+ parameters.Int(
+ 'ds_part_digest_type',
+ required=False,
+ label=_(u'DS Digest Type'),
+ doc=_(u'Digest Type'),
+ ),
+ parameters.Str(
+ 'ds_part_digest',
+ required=False,
+ label=_(u'DS Digest'),
+ doc=_(u'Digest'),
+ ),
+ parameters.Str(
+ 'hiprecord',
+ required=False,
+ multivalue=True,
+ label=_(u'HIP record'),
+ doc=_(u'Raw HIP records'),
+ ),
+ parameters.Str(
+ 'ipseckeyrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'IPSECKEY record'),
+ doc=_(u'Raw IPSECKEY records'),
+ ),
+ parameters.Str(
+ 'keyrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'KEY record'),
+ doc=_(u'Raw KEY records'),
+ ),
+ parameters.Str(
+ 'kxrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'KX record'),
+ doc=_(u'Raw KX records'),
+ ),
+ parameters.Int(
+ 'kx_part_preference',
+ required=False,
+ label=_(u'KX Preference'),
+ doc=_(u'Preference given to this exchanger. Lower values are more preferred'),
+ ),
+ parameters.DNSNameParam(
+ 'kx_part_exchanger',
+ required=False,
+ label=_(u'KX Exchanger'),
+ doc=_(u'A host willing to act as a key exchanger'),
+ ),
+ parameters.Str(
+ 'locrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'LOC record'),
+ doc=_(u'Raw LOC records'),
+ ),
+ parameters.Int(
+ 'loc_part_lat_deg',
+ required=False,
+ label=_(u'LOC Degrees Latitude'),
+ doc=_(u'Degrees Latitude'),
+ ),
+ parameters.Int(
+ 'loc_part_lat_min',
+ required=False,
+ label=_(u'LOC Minutes Latitude'),
+ doc=_(u'Minutes Latitude'),
+ ),
+ parameters.Decimal(
+ 'loc_part_lat_sec',
+ required=False,
+ label=_(u'LOC Seconds Latitude'),
+ doc=_(u'Seconds Latitude'),
+ ),
+ parameters.Str(
+ 'loc_part_lat_dir',
+ required=False,
+ label=_(u'LOC Direction Latitude'),
+ doc=_(u'Direction Latitude'),
+ ),
+ parameters.Int(
+ 'loc_part_lon_deg',
+ required=False,
+ label=_(u'LOC Degrees Longitude'),
+ doc=_(u'Degrees Longitude'),
+ ),
+ parameters.Int(
+ 'loc_part_lon_min',
+ required=False,
+ label=_(u'LOC Minutes Longitude'),
+ doc=_(u'Minutes Longitude'),
+ ),
+ parameters.Decimal(
+ 'loc_part_lon_sec',
+ required=False,
+ label=_(u'LOC Seconds Longitude'),
+ doc=_(u'Seconds Longitude'),
+ ),
+ parameters.Str(
+ 'loc_part_lon_dir',
+ required=False,
+ label=_(u'LOC Direction Longitude'),
+ doc=_(u'Direction Longitude'),
+ ),
+ parameters.Decimal(
+ 'loc_part_altitude',
+ required=False,
+ label=_(u'LOC Altitude'),
+ doc=_(u'Altitude'),
+ ),
+ parameters.Decimal(
+ 'loc_part_size',
+ required=False,
+ label=_(u'LOC Size'),
+ doc=_(u'Size'),
+ ),
+ parameters.Decimal(
+ 'loc_part_h_precision',
+ required=False,
+ label=_(u'LOC Horizontal Precision'),
+ doc=_(u'Horizontal Precision'),
+ ),
+ parameters.Decimal(
+ 'loc_part_v_precision',
+ required=False,
+ label=_(u'LOC Vertical Precision'),
+ doc=_(u'Vertical Precision'),
+ ),
+ parameters.Str(
+ 'mxrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'MX record'),
+ doc=_(u'Raw MX records'),
+ ),
+ parameters.Int(
+ 'mx_part_preference',
+ required=False,
+ label=_(u'MX Preference'),
+ doc=_(u'Preference given to this exchanger. Lower values are more preferred'),
+ ),
+ parameters.DNSNameParam(
+ 'mx_part_exchanger',
+ required=False,
+ label=_(u'MX Exchanger'),
+ doc=_(u'A host willing to act as a mail exchanger'),
+ ),
+ parameters.Str(
+ 'naptrrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'NAPTR record'),
+ doc=_(u'Raw NAPTR records'),
+ ),
+ parameters.Int(
+ 'naptr_part_order',
+ required=False,
+ label=_(u'NAPTR Order'),
+ doc=_(u'Order'),
+ ),
+ parameters.Int(
+ 'naptr_part_preference',
+ required=False,
+ label=_(u'NAPTR Preference'),
+ doc=_(u'Preference'),
+ ),
+ parameters.Str(
+ 'naptr_part_flags',
+ required=False,
+ label=_(u'NAPTR Flags'),
+ doc=_(u'Flags'),
+ ),
+ parameters.Str(
+ 'naptr_part_service',
+ required=False,
+ label=_(u'NAPTR Service'),
+ doc=_(u'Service'),
+ ),
+ parameters.Str(
+ 'naptr_part_regexp',
+ required=False,
+ label=_(u'NAPTR Regular Expression'),
+ doc=_(u'Regular Expression'),
+ ),
+ parameters.Str(
+ 'naptr_part_replacement',
+ required=False,
+ label=_(u'NAPTR Replacement'),
+ doc=_(u'Replacement'),
+ ),
+ parameters.Str(
+ 'nsrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'NS record'),
+ doc=_(u'Raw NS records'),
+ ),
+ parameters.DNSNameParam(
+ 'ns_part_hostname',
+ required=False,
+ label=_(u'NS Hostname'),
+ doc=_(u'Hostname'),
+ ),
+ parameters.Str(
+ 'nsecrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'NSEC record'),
+ doc=_(u'Raw NSEC records'),
+ ),
+ parameters.Str(
+ 'nsec3record',
+ required=False,
+ multivalue=True,
+ label=_(u'NSEC3 record'),
+ doc=_(u'Raw NSEC3 records'),
+ ),
+ parameters.Str(
+ 'ptrrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'PTR record'),
+ doc=_(u'Raw PTR records'),
+ ),
+ parameters.DNSNameParam(
+ 'ptr_part_hostname',
+ required=False,
+ label=_(u'PTR Hostname'),
+ doc=_(u'The hostname this reverse record points to'),
+ ),
+ parameters.Str(
+ 'rrsigrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'RRSIG record'),
+ doc=_(u'Raw RRSIG records'),
+ ),
+ parameters.Str(
+ 'rprecord',
+ required=False,
+ multivalue=True,
+ label=_(u'RP record'),
+ doc=_(u'Raw RP records'),
+ ),
+ parameters.Str(
+ 'sigrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'SIG record'),
+ doc=_(u'Raw SIG records'),
+ ),
+ parameters.Str(
+ 'spfrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'SPF record'),
+ doc=_(u'Raw SPF records'),
+ ),
+ parameters.Str(
+ 'srvrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'SRV record'),
+ doc=_(u'Raw SRV records'),
+ ),
+ parameters.Int(
+ 'srv_part_priority',
+ required=False,
+ label=_(u'SRV Priority'),
+ doc=_(u'Priority'),
+ ),
+ parameters.Int(
+ 'srv_part_weight',
+ required=False,
+ label=_(u'SRV Weight'),
+ doc=_(u'Weight'),
+ ),
+ parameters.Int(
+ 'srv_part_port',
+ required=False,
+ label=_(u'SRV Port'),
+ doc=_(u'Port'),
+ ),
+ parameters.DNSNameParam(
+ 'srv_part_target',
+ required=False,
+ label=_(u'SRV Target'),
+ doc=_(u"The domain name of the target host or '.' if the service is decidedly not available at this domain"),
+ ),
+ parameters.Str(
+ 'sshfprecord',
+ required=False,
+ multivalue=True,
+ label=_(u'SSHFP record'),
+ doc=_(u'Raw SSHFP records'),
+ ),
+ parameters.Int(
+ 'sshfp_part_algorithm',
+ required=False,
+ label=_(u'SSHFP Algorithm'),
+ doc=_(u'Algorithm'),
+ ),
+ parameters.Int(
+ 'sshfp_part_fp_type',
+ required=False,
+ label=_(u'SSHFP Fingerprint Type'),
+ doc=_(u'Fingerprint Type'),
+ ),
+ parameters.Str(
+ 'sshfp_part_fingerprint',
+ required=False,
+ label=_(u'SSHFP Fingerprint'),
+ doc=_(u'Fingerprint'),
+ ),
+ parameters.Str(
+ 'tarecord',
+ required=False,
+ multivalue=True,
+ label=_(u'TA record'),
+ doc=_(u'Raw TA records'),
+ ),
+ parameters.Str(
+ 'tlsarecord',
+ required=False,
+ multivalue=True,
+ label=_(u'TLSA record'),
+ doc=_(u'Raw TLSA records'),
+ ),
+ parameters.Int(
+ 'tlsa_part_cert_usage',
+ required=False,
+ label=_(u'TLSA Certificate Usage'),
+ doc=_(u'Certificate Usage'),
+ ),
+ parameters.Int(
+ 'tlsa_part_selector',
+ required=False,
+ label=_(u'TLSA Selector'),
+ doc=_(u'Selector'),
+ ),
+ parameters.Int(
+ 'tlsa_part_matching_type',
+ required=False,
+ label=_(u'TLSA Matching Type'),
+ doc=_(u'Matching Type'),
+ ),
+ parameters.Str(
+ 'tlsa_part_cert_association_data',
+ required=False,
+ label=_(u'TLSA Certificate Association Data'),
+ doc=_(u'Certificate Association Data'),
+ ),
+ parameters.Str(
+ 'tkeyrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'TKEY record'),
+ doc=_(u'Raw TKEY records'),
+ ),
+ parameters.Str(
+ 'tsigrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'TSIG record'),
+ doc=_(u'Raw TSIG records'),
+ ),
+ parameters.Str(
+ 'txtrecord',
+ required=False,
+ multivalue=True,
+ label=_(u'TXT record'),
+ doc=_(u'Raw TXT records'),
+ ),
+ parameters.Str(
+ 'txt_part_data',
+ required=False,
+ label=_(u'TXT Text Data'),
+ doc=_(u'Text Data'),
+ ),
+ )
+
+
+@register()
+class dnszone(Object):
+ takes_params = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ primary_key=True,
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ ),
+ parameters.Str(
+ 'name_from_ip',
+ required=False,
+ label=_(u'Reverse zone IP network'),
+ doc=_(u'IP network to create reverse zone name from'),
+ ),
+ parameters.Bool(
+ 'idnszoneactive',
+ required=False,
+ label=_(u'Active zone'),
+ doc=_(u'Is zone active?'),
+ ),
+ parameters.Str(
+ 'idnsforwarders',
+ required=False,
+ multivalue=True,
+ label=_(u'Zone forwarders'),
+ doc=_(u'Per-zone forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"'),
+ ),
+ parameters.Str(
+ 'idnsforwardpolicy',
+ required=False,
+ label=_(u'Forward policy'),
+ doc=_(u'Per-zone conditional forwarding policy. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded.'),
+ ),
+ parameters.DNSNameParam(
+ 'idnssoamname',
+ required=False,
+ label=_(u'Authoritative nameserver'),
+ doc=_(u'Authoritative nameserver domain name'),
+ ),
+ parameters.DNSNameParam(
+ 'idnssoarname',
+ label=_(u'Administrator e-mail address'),
+ ),
+ parameters.Int(
+ 'idnssoaserial',
+ label=_(u'SOA serial'),
+ doc=_(u'SOA record serial number'),
+ ),
+ parameters.Int(
+ 'idnssoarefresh',
+ label=_(u'SOA refresh'),
+ doc=_(u'SOA record refresh time'),
+ ),
+ parameters.Int(
+ 'idnssoaretry',
+ label=_(u'SOA retry'),
+ doc=_(u'SOA record retry time'),
+ ),
+ parameters.Int(
+ 'idnssoaexpire',
+ label=_(u'SOA expire'),
+ doc=_(u'SOA record expire time'),
+ ),
+ parameters.Int(
+ 'idnssoaminimum',
+ label=_(u'SOA minimum'),
+ doc=_(u'How long should negative responses be cached'),
+ ),
+ parameters.Int(
+ 'dnsttl',
+ required=False,
+ label=_(u'Time to live'),
+ doc=_(u'Time to live for records at zone apex'),
+ ),
+ parameters.Str(
+ 'dnsclass',
+ required=False,
+ ),
+ parameters.Str(
+ 'idnsupdatepolicy',
+ required=False,
+ label=_(u'BIND update policy'),
+ ),
+ parameters.Bool(
+ 'idnsallowdynupdate',
+ required=False,
+ label=_(u'Dynamic update'),
+ doc=_(u'Allow dynamic updates.'),
+ ),
+ parameters.Str(
+ 'idnsallowquery',
+ required=False,
+ label=_(u'Allow query'),
+ doc=_(u'Semicolon separated list of IP addresses or networks which are allowed to issue queries'),
+ ),
+ parameters.Str(
+ 'idnsallowtransfer',
+ required=False,
+ label=_(u'Allow transfer'),
+ doc=_(u'Semicolon separated list of IP addresses or networks which are allowed to transfer the zone'),
+ ),
+ parameters.Bool(
+ 'idnsallowsyncptr',
+ required=False,
+ label=_(u'Allow PTR sync'),
+ doc=_(u'Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the zone'),
+ ),
+ parameters.Bool(
+ 'idnssecinlinesigning',
+ required=False,
+ label=_(u'Allow in-line DNSSEC signing'),
+ doc=_(u'Allow inline DNSSEC signing of records in the zone'),
+ ),
+ parameters.Str(
+ 'nsec3paramrecord',
+ required=False,
+ label=_(u'NSEC3PARAM record'),
+ doc=_(u'NSEC3PARAM record for zone in format: hash_algorithm flags iterations salt'),
+ ),
+ )
+
+
+@register()
+class dns_is_enabled(Command):
+ __doc__ = _("Checks if any of the servers has the DNS service enabled.")
+
+ NO_CLI = True
+
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dns_resolve(Command):
+ __doc__ = _("Resolve a host name in DNS.")
+
+ takes_args = (
+ parameters.Str(
+ 'hostname',
+ label=_(u'Hostname'),
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dnsconfig_mod(Method):
+ __doc__ = _("Modify global DNS configuration.")
+
+ takes_options = (
+ parameters.Str(
+ 'idnsforwarders',
+ required=False,
+ multivalue=True,
+ cli_name='forwarder',
+ label=_(u'Global forwarders'),
+ doc=_(u'Global forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"'),
+ ),
+ parameters.Str(
+ 'idnsforwardpolicy',
+ required=False,
+ cli_name='forward_policy',
+ cli_metavar="['only', 'first', 'none']",
+ label=_(u'Forward policy'),
+ doc=_(u'Global forwarding policy. Set to "none" to disable any configured global forwarders.'),
+ ),
+ parameters.Bool(
+ 'idnsallowsyncptr',
+ required=False,
+ cli_name='allow_sync_ptr',
+ label=_(u'Allow PTR sync'),
+ doc=_(u'Allow synchronization of forward (A, AAAA) and reverse (PTR) records'),
+ ),
+ parameters.Int(
+ 'idnszonerefresh',
+ required=False,
+ deprecated=True,
+ cli_name='zone_refresh',
+ label=_(u'Zone refresh interval'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dnsconfig_show(Method):
+ __doc__ = _("Show the current global DNS configuration.")
+
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dnsforwardzone_add(Method):
+ __doc__ = _("Create new DNS forward zone.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'name_from_ip',
+ required=False,
+ label=_(u'Reverse zone IP network'),
+ doc=_(u'IP network to create reverse zone name from'),
+ ),
+ parameters.Str(
+ 'idnsforwarders',
+ required=False,
+ multivalue=True,
+ cli_name='forwarder',
+ label=_(u'Zone forwarders'),
+ doc=_(u'Per-zone forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"'),
+ ),
+ parameters.Str(
+ 'idnsforwardpolicy',
+ required=False,
+ cli_name='forward_policy',
+ cli_metavar="['only', 'first', 'none']",
+ label=_(u'Forward policy'),
+ doc=_(u'Per-zone conditional forwarding policy. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded.'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dnsforwardzone_add_permission(Method):
+ __doc__ = _("Add a permission for per-forward zone access delegation.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.Output(
+ 'value',
+ unicode,
+ doc=_(u'Permission value'),
+ ),
+ )
+
+
+@register()
+class dnsforwardzone_del(Method):
+ __doc__ = _("Delete DNS forward zone.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ multivalue=True,
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class dnsforwardzone_disable(Method):
+ __doc__ = _("Disable DNS Forward Zone.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dnsforwardzone_enable(Method):
+ __doc__ = _("Enable DNS Forward Zone.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dnsforwardzone_find(Method):
+ __doc__ = _("Search for DNS forward zones.")
+
+ takes_args = (
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ required=False,
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'name_from_ip',
+ required=False,
+ label=_(u'Reverse zone IP network'),
+ doc=_(u'IP network to create reverse zone name from'),
+ ),
+ parameters.Bool(
+ 'idnszoneactive',
+ required=False,
+ cli_name='zone_active',
+ label=_(u'Active zone'),
+ doc=_(u'Is zone active?'),
+ ),
+ parameters.Str(
+ 'idnsforwarders',
+ required=False,
+ multivalue=True,
+ cli_name='forwarder',
+ label=_(u'Zone forwarders'),
+ doc=_(u'Per-zone forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"'),
+ ),
+ parameters.Str(
+ 'idnsforwardpolicy',
+ required=False,
+ cli_name='forward_policy',
+ cli_metavar="['only', 'first', 'none']",
+ label=_(u'Forward policy'),
+ doc=_(u'Per-zone conditional forwarding policy. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded.'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("name")'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class dnsforwardzone_mod(Method):
+ __doc__ = _("Modify DNS forward zone.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'name_from_ip',
+ required=False,
+ label=_(u'Reverse zone IP network'),
+ doc=_(u'IP network to create reverse zone name from'),
+ ),
+ parameters.Str(
+ 'idnsforwarders',
+ required=False,
+ multivalue=True,
+ cli_name='forwarder',
+ label=_(u'Zone forwarders'),
+ doc=_(u'Per-zone forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"'),
+ ),
+ parameters.Str(
+ 'idnsforwardpolicy',
+ required=False,
+ cli_name='forward_policy',
+ cli_metavar="['only', 'first', 'none']",
+ label=_(u'Forward policy'),
+ doc=_(u'Per-zone conditional forwarding policy. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded.'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dnsforwardzone_remove_permission(Method):
+ __doc__ = _("Remove a permission for per-forward zone access delegation.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.Output(
+ 'value',
+ unicode,
+ doc=_(u'Permission value'),
+ ),
+ )
+
+
+@register()
+class dnsforwardzone_show(Method):
+ __doc__ = _("Display information about a DNS forward zone.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dnsrecord_add(Method):
+ __doc__ = _("Add new DNS resource record.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'dnszoneidnsname',
+ cli_name='dnszone',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Record name'),
+ ),
+ )
+ takes_options = (
+ parameters.Int(
+ 'dnsttl',
+ required=False,
+ cli_name='ttl',
+ label=_(u'Time to live'),
+ ),
+ parameters.Str(
+ 'dnsclass',
+ required=False,
+ cli_name='class',
+ cli_metavar="['IN', 'CS', 'CH', 'HS']",
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'arecord',
+ required=False,
+ multivalue=True,
+ cli_name='a_rec',
+ option_group=u'A Record',
+ label=_(u'A record'),
+ doc=_(u'Raw A records'),
+ ),
+ parameters.Str(
+ 'a_part_ip_address',
+ required=False,
+ cli_name='a_ip_address',
+ option_group=u'A Record',
+ label=_(u'A IP Address'),
+ doc=_(u'IP Address'),
+ ),
+ parameters.Flag(
+ 'a_extra_create_reverse',
+ required=False,
+ cli_name='a_create_reverse',
+ option_group=u'A Record',
+ label=_(u'A Create reverse'),
+ doc=_(u'Create reverse record for this IP Address'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'aaaarecord',
+ required=False,
+ multivalue=True,
+ cli_name='aaaa_rec',
+ option_group=u'AAAA Record',
+ label=_(u'AAAA record'),
+ doc=_(u'Raw AAAA records'),
+ ),
+ parameters.Str(
+ 'aaaa_part_ip_address',
+ required=False,
+ cli_name='aaaa_ip_address',
+ option_group=u'AAAA Record',
+ label=_(u'AAAA IP Address'),
+ doc=_(u'IP Address'),
+ ),
+ parameters.Flag(
+ 'aaaa_extra_create_reverse',
+ required=False,
+ cli_name='aaaa_create_reverse',
+ option_group=u'AAAA Record',
+ label=_(u'AAAA Create reverse'),
+ doc=_(u'Create reverse record for this IP Address'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'a6record',
+ required=False,
+ multivalue=True,
+ cli_name='a6_rec',
+ option_group=u'A6 Record',
+ label=_(u'A6 record'),
+ doc=_(u'Raw A6 records'),
+ ),
+ parameters.Str(
+ 'a6_part_data',
+ required=False,
+ cli_name='a6_data',
+ option_group=u'A6 Record',
+ label=_(u'A6 Record data'),
+ doc=_(u'Record data'),
+ ),
+ parameters.Str(
+ 'afsdbrecord',
+ required=False,
+ multivalue=True,
+ cli_name='afsdb_rec',
+ option_group=u'AFSDB Record',
+ label=_(u'AFSDB record'),
+ doc=_(u'Raw AFSDB records'),
+ ),
+ parameters.Int(
+ 'afsdb_part_subtype',
+ required=False,
+ cli_name='afsdb_subtype',
+ option_group=u'AFSDB Record',
+ label=_(u'AFSDB Subtype'),
+ doc=_(u'Subtype'),
+ ),
+ parameters.DNSNameParam(
+ 'afsdb_part_hostname',
+ required=False,
+ cli_name='afsdb_hostname',
+ option_group=u'AFSDB Record',
+ label=_(u'AFSDB Hostname'),
+ doc=_(u'Hostname'),
+ ),
+ parameters.Str(
+ 'aplrecord',
+ required=False,
+ multivalue=True,
+ cli_name='apl_rec',
+ option_group=u'APL Record',
+ label=_(u'APL record'),
+ doc=_(u'Raw APL records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'certrecord',
+ required=False,
+ multivalue=True,
+ cli_name='cert_rec',
+ option_group=u'CERT Record',
+ label=_(u'CERT record'),
+ doc=_(u'Raw CERT records'),
+ ),
+ parameters.Int(
+ 'cert_part_type',
+ required=False,
+ cli_name='cert_type',
+ option_group=u'CERT Record',
+ label=_(u'CERT Certificate Type'),
+ doc=_(u'Certificate Type'),
+ ),
+ parameters.Int(
+ 'cert_part_key_tag',
+ required=False,
+ cli_name='cert_key_tag',
+ option_group=u'CERT Record',
+ label=_(u'CERT Key Tag'),
+ doc=_(u'Key Tag'),
+ ),
+ parameters.Int(
+ 'cert_part_algorithm',
+ required=False,
+ cli_name='cert_algorithm',
+ option_group=u'CERT Record',
+ label=_(u'CERT Algorithm'),
+ doc=_(u'Algorithm'),
+ ),
+ parameters.Str(
+ 'cert_part_certificate_or_crl',
+ required=False,
+ cli_name='cert_certificate_or_crl',
+ option_group=u'CERT Record',
+ label=_(u'CERT Certificate/CRL'),
+ doc=_(u'Certificate/CRL'),
+ ),
+ parameters.Str(
+ 'cnamerecord',
+ required=False,
+ multivalue=True,
+ cli_name='cname_rec',
+ option_group=u'CNAME Record',
+ label=_(u'CNAME record'),
+ doc=_(u'Raw CNAME records'),
+ ),
+ parameters.DNSNameParam(
+ 'cname_part_hostname',
+ required=False,
+ cli_name='cname_hostname',
+ option_group=u'CNAME Record',
+ label=_(u'CNAME Hostname'),
+ doc=_(u'A hostname which this alias hostname points to'),
+ ),
+ parameters.Str(
+ 'dhcidrecord',
+ required=False,
+ multivalue=True,
+ cli_name='dhcid_rec',
+ option_group=u'DHCID Record',
+ label=_(u'DHCID record'),
+ doc=_(u'Raw DHCID records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'dlvrecord',
+ required=False,
+ multivalue=True,
+ cli_name='dlv_rec',
+ option_group=u'DLV Record',
+ label=_(u'DLV record'),
+ doc=_(u'Raw DLV records'),
+ ),
+ parameters.Int(
+ 'dlv_part_key_tag',
+ required=False,
+ cli_name='dlv_key_tag',
+ option_group=u'DLV Record',
+ label=_(u'DLV Key Tag'),
+ doc=_(u'Key Tag'),
+ ),
+ parameters.Int(
+ 'dlv_part_algorithm',
+ required=False,
+ cli_name='dlv_algorithm',
+ option_group=u'DLV Record',
+ label=_(u'DLV Algorithm'),
+ doc=_(u'Algorithm'),
+ ),
+ parameters.Int(
+ 'dlv_part_digest_type',
+ required=False,
+ cli_name='dlv_digest_type',
+ option_group=u'DLV Record',
+ label=_(u'DLV Digest Type'),
+ doc=_(u'Digest Type'),
+ ),
+ parameters.Str(
+ 'dlv_part_digest',
+ required=False,
+ cli_name='dlv_digest',
+ option_group=u'DLV Record',
+ label=_(u'DLV Digest'),
+ doc=_(u'Digest'),
+ ),
+ parameters.Str(
+ 'dnamerecord',
+ required=False,
+ multivalue=True,
+ cli_name='dname_rec',
+ option_group=u'DNAME Record',
+ label=_(u'DNAME record'),
+ doc=_(u'Raw DNAME records'),
+ ),
+ parameters.DNSNameParam(
+ 'dname_part_target',
+ required=False,
+ cli_name='dname_target',
+ option_group=u'DNAME Record',
+ label=_(u'DNAME Target'),
+ doc=_(u'Target'),
+ ),
+ parameters.Str(
+ 'dnskeyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='dnskey_rec',
+ option_group=u'DNSKEY Record',
+ label=_(u'DNSKEY record'),
+ doc=_(u'Raw DNSKEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'dsrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ds_rec',
+ option_group=u'DS Record',
+ label=_(u'DS record'),
+ doc=_(u'Raw DS records'),
+ ),
+ parameters.Int(
+ 'ds_part_key_tag',
+ required=False,
+ cli_name='ds_key_tag',
+ option_group=u'DS Record',
+ label=_(u'DS Key Tag'),
+ doc=_(u'Key Tag'),
+ ),
+ parameters.Int(
+ 'ds_part_algorithm',
+ required=False,
+ cli_name='ds_algorithm',
+ option_group=u'DS Record',
+ label=_(u'DS Algorithm'),
+ doc=_(u'Algorithm'),
+ ),
+ parameters.Int(
+ 'ds_part_digest_type',
+ required=False,
+ cli_name='ds_digest_type',
+ option_group=u'DS Record',
+ label=_(u'DS Digest Type'),
+ doc=_(u'Digest Type'),
+ ),
+ parameters.Str(
+ 'ds_part_digest',
+ required=False,
+ cli_name='ds_digest',
+ option_group=u'DS Record',
+ label=_(u'DS Digest'),
+ doc=_(u'Digest'),
+ ),
+ parameters.Str(
+ 'hiprecord',
+ required=False,
+ multivalue=True,
+ cli_name='hip_rec',
+ option_group=u'HIP Record',
+ label=_(u'HIP record'),
+ doc=_(u'Raw HIP records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'ipseckeyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ipseckey_rec',
+ option_group=u'IPSECKEY Record',
+ label=_(u'IPSECKEY record'),
+ doc=_(u'Raw IPSECKEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'keyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='key_rec',
+ option_group=u'KEY Record',
+ label=_(u'KEY record'),
+ doc=_(u'Raw KEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'kxrecord',
+ required=False,
+ multivalue=True,
+ cli_name='kx_rec',
+ option_group=u'KX Record',
+ label=_(u'KX record'),
+ doc=_(u'Raw KX records'),
+ ),
+ parameters.Int(
+ 'kx_part_preference',
+ required=False,
+ cli_name='kx_preference',
+ option_group=u'KX Record',
+ label=_(u'KX Preference'),
+ doc=_(u'Preference given to this exchanger. Lower values are more preferred'),
+ ),
+ parameters.DNSNameParam(
+ 'kx_part_exchanger',
+ required=False,
+ cli_name='kx_exchanger',
+ option_group=u'KX Record',
+ label=_(u'KX Exchanger'),
+ doc=_(u'A host willing to act as a key exchanger'),
+ ),
+ parameters.Str(
+ 'locrecord',
+ required=False,
+ multivalue=True,
+ cli_name='loc_rec',
+ option_group=u'LOC Record',
+ label=_(u'LOC record'),
+ doc=_(u'Raw LOC records'),
+ ),
+ parameters.Int(
+ 'loc_part_lat_deg',
+ required=False,
+ cli_name='loc_lat_deg',
+ option_group=u'LOC Record',
+ label=_(u'LOC Degrees Latitude'),
+ doc=_(u'Degrees Latitude'),
+ ),
+ parameters.Int(
+ 'loc_part_lat_min',
+ required=False,
+ cli_name='loc_lat_min',
+ option_group=u'LOC Record',
+ label=_(u'LOC Minutes Latitude'),
+ doc=_(u'Minutes Latitude'),
+ ),
+ parameters.Decimal(
+ 'loc_part_lat_sec',
+ required=False,
+ cli_name='loc_lat_sec',
+ option_group=u'LOC Record',
+ label=_(u'LOC Seconds Latitude'),
+ doc=_(u'Seconds Latitude'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'loc_part_lat_dir',
+ required=False,
+ cli_name='loc_lat_dir',
+ option_group=u'LOC Record',
+ cli_metavar="['N', 'S']",
+ label=_(u'LOC Direction Latitude'),
+ doc=_(u'Direction Latitude'),
+ ),
+ parameters.Int(
+ 'loc_part_lon_deg',
+ required=False,
+ cli_name='loc_lon_deg',
+ option_group=u'LOC Record',
+ label=_(u'LOC Degrees Longitude'),
+ doc=_(u'Degrees Longitude'),
+ ),
+ parameters.Int(
+ 'loc_part_lon_min',
+ required=False,
+ cli_name='loc_lon_min',
+ option_group=u'LOC Record',
+ label=_(u'LOC Minutes Longitude'),
+ doc=_(u'Minutes Longitude'),
+ ),
+ parameters.Decimal(
+ 'loc_part_lon_sec',
+ required=False,
+ cli_name='loc_lon_sec',
+ option_group=u'LOC Record',
+ label=_(u'LOC Seconds Longitude'),
+ doc=_(u'Seconds Longitude'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'loc_part_lon_dir',
+ required=False,
+ cli_name='loc_lon_dir',
+ option_group=u'LOC Record',
+ cli_metavar="['E', 'W']",
+ label=_(u'LOC Direction Longitude'),
+ doc=_(u'Direction Longitude'),
+ ),
+ parameters.Decimal(
+ 'loc_part_altitude',
+ required=False,
+ cli_name='loc_altitude',
+ option_group=u'LOC Record',
+ label=_(u'LOC Altitude'),
+ doc=_(u'Altitude'),
+ no_convert=True,
+ ),
+ parameters.Decimal(
+ 'loc_part_size',
+ required=False,
+ cli_name='loc_size',
+ option_group=u'LOC Record',
+ label=_(u'LOC Size'),
+ doc=_(u'Size'),
+ no_convert=True,
+ ),
+ parameters.Decimal(
+ 'loc_part_h_precision',
+ required=False,
+ cli_name='loc_h_precision',
+ option_group=u'LOC Record',
+ label=_(u'LOC Horizontal Precision'),
+ doc=_(u'Horizontal Precision'),
+ no_convert=True,
+ ),
+ parameters.Decimal(
+ 'loc_part_v_precision',
+ required=False,
+ cli_name='loc_v_precision',
+ option_group=u'LOC Record',
+ label=_(u'LOC Vertical Precision'),
+ doc=_(u'Vertical Precision'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'mxrecord',
+ required=False,
+ multivalue=True,
+ cli_name='mx_rec',
+ option_group=u'MX Record',
+ label=_(u'MX record'),
+ doc=_(u'Raw MX records'),
+ ),
+ parameters.Int(
+ 'mx_part_preference',
+ required=False,
+ cli_name='mx_preference',
+ option_group=u'MX Record',
+ label=_(u'MX Preference'),
+ doc=_(u'Preference given to this exchanger. Lower values are more preferred'),
+ ),
+ parameters.DNSNameParam(
+ 'mx_part_exchanger',
+ required=False,
+ cli_name='mx_exchanger',
+ option_group=u'MX Record',
+ label=_(u'MX Exchanger'),
+ doc=_(u'A host willing to act as a mail exchanger'),
+ ),
+ parameters.Str(
+ 'naptrrecord',
+ required=False,
+ multivalue=True,
+ cli_name='naptr_rec',
+ option_group=u'NAPTR Record',
+ label=_(u'NAPTR record'),
+ doc=_(u'Raw NAPTR records'),
+ ),
+ parameters.Int(
+ 'naptr_part_order',
+ required=False,
+ cli_name='naptr_order',
+ option_group=u'NAPTR Record',
+ label=_(u'NAPTR Order'),
+ doc=_(u'Order'),
+ ),
+ parameters.Int(
+ 'naptr_part_preference',
+ required=False,
+ cli_name='naptr_preference',
+ option_group=u'NAPTR Record',
+ label=_(u'NAPTR Preference'),
+ doc=_(u'Preference'),
+ ),
+ parameters.Str(
+ 'naptr_part_flags',
+ required=False,
+ cli_name='naptr_flags',
+ option_group=u'NAPTR Record',
+ label=_(u'NAPTR Flags'),
+ doc=_(u'Flags'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'naptr_part_service',
+ required=False,
+ cli_name='naptr_service',
+ option_group=u'NAPTR Record',
+ label=_(u'NAPTR Service'),
+ doc=_(u'Service'),
+ ),
+ parameters.Str(
+ 'naptr_part_regexp',
+ required=False,
+ cli_name='naptr_regexp',
+ option_group=u'NAPTR Record',
+ label=_(u'NAPTR Regular Expression'),
+ doc=_(u'Regular Expression'),
+ ),
+ parameters.Str(
+ 'naptr_part_replacement',
+ required=False,
+ cli_name='naptr_replacement',
+ option_group=u'NAPTR Record',
+ label=_(u'NAPTR Replacement'),
+ doc=_(u'Replacement'),
+ ),
+ parameters.Str(
+ 'nsrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ns_rec',
+ option_group=u'NS Record',
+ label=_(u'NS record'),
+ doc=_(u'Raw NS records'),
+ ),
+ parameters.DNSNameParam(
+ 'ns_part_hostname',
+ required=False,
+ cli_name='ns_hostname',
+ option_group=u'NS Record',
+ label=_(u'NS Hostname'),
+ doc=_(u'Hostname'),
+ ),
+ parameters.Str(
+ 'nsecrecord',
+ required=False,
+ multivalue=True,
+ cli_name='nsec_rec',
+ option_group=u'NSEC Record',
+ label=_(u'NSEC record'),
+ doc=_(u'Raw NSEC records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'nsec3record',
+ required=False,
+ multivalue=True,
+ cli_name='nsec3_rec',
+ option_group=u'NSEC3 Record',
+ label=_(u'NSEC3 record'),
+ doc=_(u'Raw NSEC3 records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'ptrrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ptr_rec',
+ option_group=u'PTR Record',
+ label=_(u'PTR record'),
+ doc=_(u'Raw PTR records'),
+ ),
+ parameters.DNSNameParam(
+ 'ptr_part_hostname',
+ required=False,
+ cli_name='ptr_hostname',
+ option_group=u'PTR Record',
+ label=_(u'PTR Hostname'),
+ doc=_(u'The hostname this reverse record points to'),
+ ),
+ parameters.Str(
+ 'rrsigrecord',
+ required=False,
+ multivalue=True,
+ cli_name='rrsig_rec',
+ option_group=u'RRSIG Record',
+ label=_(u'RRSIG record'),
+ doc=_(u'Raw RRSIG records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'rprecord',
+ required=False,
+ multivalue=True,
+ cli_name='rp_rec',
+ option_group=u'RP Record',
+ label=_(u'RP record'),
+ doc=_(u'Raw RP records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'sigrecord',
+ required=False,
+ multivalue=True,
+ cli_name='sig_rec',
+ option_group=u'SIG Record',
+ label=_(u'SIG record'),
+ doc=_(u'Raw SIG records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'spfrecord',
+ required=False,
+ multivalue=True,
+ cli_name='spf_rec',
+ option_group=u'SPF Record',
+ label=_(u'SPF record'),
+ doc=_(u'Raw SPF records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'srvrecord',
+ required=False,
+ multivalue=True,
+ cli_name='srv_rec',
+ option_group=u'SRV Record',
+ label=_(u'SRV record'),
+ doc=_(u'Raw SRV records'),
+ ),
+ parameters.Int(
+ 'srv_part_priority',
+ required=False,
+ cli_name='srv_priority',
+ option_group=u'SRV Record',
+ label=_(u'SRV Priority'),
+ doc=_(u'Priority'),
+ ),
+ parameters.Int(
+ 'srv_part_weight',
+ required=False,
+ cli_name='srv_weight',
+ option_group=u'SRV Record',
+ label=_(u'SRV Weight'),
+ doc=_(u'Weight'),
+ ),
+ parameters.Int(
+ 'srv_part_port',
+ required=False,
+ cli_name='srv_port',
+ option_group=u'SRV Record',
+ label=_(u'SRV Port'),
+ doc=_(u'Port'),
+ ),
+ parameters.DNSNameParam(
+ 'srv_part_target',
+ required=False,
+ cli_name='srv_target',
+ option_group=u'SRV Record',
+ label=_(u'SRV Target'),
+ doc=_(u"The domain name of the target host or '.' if the service is decidedly not available at this domain"),
+ ),
+ parameters.Str(
+ 'sshfprecord',
+ required=False,
+ multivalue=True,
+ cli_name='sshfp_rec',
+ option_group=u'SSHFP Record',
+ label=_(u'SSHFP record'),
+ doc=_(u'Raw SSHFP records'),
+ ),
+ parameters.Int(
+ 'sshfp_part_algorithm',
+ required=False,
+ cli_name='sshfp_algorithm',
+ option_group=u'SSHFP Record',
+ label=_(u'SSHFP Algorithm'),
+ doc=_(u'Algorithm'),
+ ),
+ parameters.Int(
+ 'sshfp_part_fp_type',
+ required=False,
+ cli_name='sshfp_fp_type',
+ option_group=u'SSHFP Record',
+ label=_(u'SSHFP Fingerprint Type'),
+ doc=_(u'Fingerprint Type'),
+ ),
+ parameters.Str(
+ 'sshfp_part_fingerprint',
+ required=False,
+ cli_name='sshfp_fingerprint',
+ option_group=u'SSHFP Record',
+ label=_(u'SSHFP Fingerprint'),
+ doc=_(u'Fingerprint'),
+ ),
+ parameters.Str(
+ 'tarecord',
+ required=False,
+ multivalue=True,
+ cli_name='ta_rec',
+ option_group=u'TA Record',
+ label=_(u'TA record'),
+ doc=_(u'Raw TA records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'tlsarecord',
+ required=False,
+ multivalue=True,
+ cli_name='tlsa_rec',
+ option_group=u'TLSA Record',
+ label=_(u'TLSA record'),
+ doc=_(u'Raw TLSA records'),
+ ),
+ parameters.Int(
+ 'tlsa_part_cert_usage',
+ required=False,
+ cli_name='tlsa_cert_usage',
+ option_group=u'TLSA Record',
+ label=_(u'TLSA Certificate Usage'),
+ doc=_(u'Certificate Usage'),
+ ),
+ parameters.Int(
+ 'tlsa_part_selector',
+ required=False,
+ cli_name='tlsa_selector',
+ option_group=u'TLSA Record',
+ label=_(u'TLSA Selector'),
+ doc=_(u'Selector'),
+ ),
+ parameters.Int(
+ 'tlsa_part_matching_type',
+ required=False,
+ cli_name='tlsa_matching_type',
+ option_group=u'TLSA Record',
+ label=_(u'TLSA Matching Type'),
+ doc=_(u'Matching Type'),
+ ),
+ parameters.Str(
+ 'tlsa_part_cert_association_data',
+ required=False,
+ cli_name='tlsa_cert_association_data',
+ option_group=u'TLSA Record',
+ label=_(u'TLSA Certificate Association Data'),
+ doc=_(u'Certificate Association Data'),
+ ),
+ parameters.Str(
+ 'tkeyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='tkey_rec',
+ option_group=u'TKEY Record',
+ label=_(u'TKEY record'),
+ doc=_(u'Raw TKEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'tsigrecord',
+ required=False,
+ multivalue=True,
+ cli_name='tsig_rec',
+ option_group=u'TSIG Record',
+ label=_(u'TSIG record'),
+ doc=_(u'Raw TSIG records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'txtrecord',
+ required=False,
+ multivalue=True,
+ cli_name='txt_rec',
+ option_group=u'TXT Record',
+ label=_(u'TXT record'),
+ doc=_(u'Raw TXT records'),
+ ),
+ parameters.Str(
+ 'txt_part_data',
+ required=False,
+ cli_name='txt_data',
+ option_group=u'TXT Record',
+ label=_(u'TXT Text Data'),
+ doc=_(u'Text Data'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'force',
+ label=_(u'Force'),
+ doc=_(u'force NS record creation even if its hostname is not in DNS'),
+ exclude=('cli', 'webui'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'structured',
+ label=_(u'Structured'),
+ doc=_(u'Parse all raw DNS records and return them in a structured way'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dnsrecord_del(Method):
+ __doc__ = _("Delete DNS resource record.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'dnszoneidnsname',
+ cli_name='dnszone',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Record name'),
+ ),
+ )
+ takes_options = (
+ parameters.Int(
+ 'dnsttl',
+ required=False,
+ cli_name='ttl',
+ label=_(u'Time to live'),
+ ),
+ parameters.Str(
+ 'dnsclass',
+ required=False,
+ cli_name='class',
+ cli_metavar="['IN', 'CS', 'CH', 'HS']",
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'arecord',
+ required=False,
+ multivalue=True,
+ cli_name='a_rec',
+ label=_(u'A record'),
+ doc=_(u'Raw A records'),
+ ),
+ parameters.Str(
+ 'aaaarecord',
+ required=False,
+ multivalue=True,
+ cli_name='aaaa_rec',
+ label=_(u'AAAA record'),
+ doc=_(u'Raw AAAA records'),
+ ),
+ parameters.Str(
+ 'a6record',
+ required=False,
+ multivalue=True,
+ cli_name='a6_rec',
+ label=_(u'A6 record'),
+ doc=_(u'Raw A6 records'),
+ ),
+ parameters.Str(
+ 'afsdbrecord',
+ required=False,
+ multivalue=True,
+ cli_name='afsdb_rec',
+ label=_(u'AFSDB record'),
+ doc=_(u'Raw AFSDB records'),
+ ),
+ parameters.Str(
+ 'aplrecord',
+ required=False,
+ multivalue=True,
+ cli_name='apl_rec',
+ label=_(u'APL record'),
+ doc=_(u'Raw APL records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'certrecord',
+ required=False,
+ multivalue=True,
+ cli_name='cert_rec',
+ label=_(u'CERT record'),
+ doc=_(u'Raw CERT records'),
+ ),
+ parameters.Str(
+ 'cnamerecord',
+ required=False,
+ multivalue=True,
+ cli_name='cname_rec',
+ label=_(u'CNAME record'),
+ doc=_(u'Raw CNAME records'),
+ ),
+ parameters.Str(
+ 'dhcidrecord',
+ required=False,
+ multivalue=True,
+ cli_name='dhcid_rec',
+ label=_(u'DHCID record'),
+ doc=_(u'Raw DHCID records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'dlvrecord',
+ required=False,
+ multivalue=True,
+ cli_name='dlv_rec',
+ label=_(u'DLV record'),
+ doc=_(u'Raw DLV records'),
+ ),
+ parameters.Str(
+ 'dnamerecord',
+ required=False,
+ multivalue=True,
+ cli_name='dname_rec',
+ label=_(u'DNAME record'),
+ doc=_(u'Raw DNAME records'),
+ ),
+ parameters.Str(
+ 'dnskeyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='dnskey_rec',
+ label=_(u'DNSKEY record'),
+ doc=_(u'Raw DNSKEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'dsrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ds_rec',
+ label=_(u'DS record'),
+ doc=_(u'Raw DS records'),
+ ),
+ parameters.Str(
+ 'hiprecord',
+ required=False,
+ multivalue=True,
+ cli_name='hip_rec',
+ label=_(u'HIP record'),
+ doc=_(u'Raw HIP records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'ipseckeyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ipseckey_rec',
+ label=_(u'IPSECKEY record'),
+ doc=_(u'Raw IPSECKEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'keyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='key_rec',
+ label=_(u'KEY record'),
+ doc=_(u'Raw KEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'kxrecord',
+ required=False,
+ multivalue=True,
+ cli_name='kx_rec',
+ label=_(u'KX record'),
+ doc=_(u'Raw KX records'),
+ ),
+ parameters.Str(
+ 'locrecord',
+ required=False,
+ multivalue=True,
+ cli_name='loc_rec',
+ label=_(u'LOC record'),
+ doc=_(u'Raw LOC records'),
+ ),
+ parameters.Str(
+ 'mxrecord',
+ required=False,
+ multivalue=True,
+ cli_name='mx_rec',
+ label=_(u'MX record'),
+ doc=_(u'Raw MX records'),
+ ),
+ parameters.Str(
+ 'naptrrecord',
+ required=False,
+ multivalue=True,
+ cli_name='naptr_rec',
+ label=_(u'NAPTR record'),
+ doc=_(u'Raw NAPTR records'),
+ ),
+ parameters.Str(
+ 'nsrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ns_rec',
+ label=_(u'NS record'),
+ doc=_(u'Raw NS records'),
+ ),
+ parameters.Str(
+ 'nsecrecord',
+ required=False,
+ multivalue=True,
+ cli_name='nsec_rec',
+ label=_(u'NSEC record'),
+ doc=_(u'Raw NSEC records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'nsec3record',
+ required=False,
+ multivalue=True,
+ cli_name='nsec3_rec',
+ label=_(u'NSEC3 record'),
+ doc=_(u'Raw NSEC3 records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'ptrrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ptr_rec',
+ label=_(u'PTR record'),
+ doc=_(u'Raw PTR records'),
+ ),
+ parameters.Str(
+ 'rrsigrecord',
+ required=False,
+ multivalue=True,
+ cli_name='rrsig_rec',
+ label=_(u'RRSIG record'),
+ doc=_(u'Raw RRSIG records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'rprecord',
+ required=False,
+ multivalue=True,
+ cli_name='rp_rec',
+ label=_(u'RP record'),
+ doc=_(u'Raw RP records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'sigrecord',
+ required=False,
+ multivalue=True,
+ cli_name='sig_rec',
+ label=_(u'SIG record'),
+ doc=_(u'Raw SIG records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'spfrecord',
+ required=False,
+ multivalue=True,
+ cli_name='spf_rec',
+ label=_(u'SPF record'),
+ doc=_(u'Raw SPF records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'srvrecord',
+ required=False,
+ multivalue=True,
+ cli_name='srv_rec',
+ label=_(u'SRV record'),
+ doc=_(u'Raw SRV records'),
+ ),
+ parameters.Str(
+ 'sshfprecord',
+ required=False,
+ multivalue=True,
+ cli_name='sshfp_rec',
+ label=_(u'SSHFP record'),
+ doc=_(u'Raw SSHFP records'),
+ ),
+ parameters.Str(
+ 'tarecord',
+ required=False,
+ multivalue=True,
+ cli_name='ta_rec',
+ label=_(u'TA record'),
+ doc=_(u'Raw TA records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'tlsarecord',
+ required=False,
+ multivalue=True,
+ cli_name='tlsa_rec',
+ label=_(u'TLSA record'),
+ doc=_(u'Raw TLSA records'),
+ ),
+ parameters.Str(
+ 'tkeyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='tkey_rec',
+ label=_(u'TKEY record'),
+ doc=_(u'Raw TKEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'tsigrecord',
+ required=False,
+ multivalue=True,
+ cli_name='tsig_rec',
+ label=_(u'TSIG record'),
+ doc=_(u'Raw TSIG records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'txtrecord',
+ required=False,
+ multivalue=True,
+ cli_name='txt_rec',
+ label=_(u'TXT record'),
+ doc=_(u'Raw TXT records'),
+ ),
+ parameters.Flag(
+ 'del_all',
+ label=_(u'Delete all associated records'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'structured',
+ label=_(u'Structured'),
+ doc=_(u'Parse all raw DNS records and return them in a structured way'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class dnsrecord_delentry(Method):
+ __doc__ = _("Delete DNS record entry.")
+
+ NO_CLI = True
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'dnszoneidnsname',
+ cli_name='dnszone',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ parameters.DNSNameParam(
+ 'idnsname',
+ multivalue=True,
+ cli_name='name',
+ label=_(u'Record name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class dnsrecord_find(Method):
+ __doc__ = _("Search for DNS resources.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'dnszoneidnsname',
+ cli_name='dnszone',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ required=False,
+ cli_name='name',
+ label=_(u'Record name'),
+ ),
+ parameters.Int(
+ 'dnsttl',
+ required=False,
+ cli_name='ttl',
+ label=_(u'Time to live'),
+ ),
+ parameters.Str(
+ 'dnsclass',
+ required=False,
+ cli_name='class',
+ cli_metavar="['IN', 'CS', 'CH', 'HS']",
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'arecord',
+ required=False,
+ multivalue=True,
+ cli_name='a_rec',
+ label=_(u'A record'),
+ doc=_(u'Raw A records'),
+ ),
+ parameters.Str(
+ 'aaaarecord',
+ required=False,
+ multivalue=True,
+ cli_name='aaaa_rec',
+ label=_(u'AAAA record'),
+ doc=_(u'Raw AAAA records'),
+ ),
+ parameters.Str(
+ 'a6record',
+ required=False,
+ multivalue=True,
+ cli_name='a6_rec',
+ label=_(u'A6 record'),
+ doc=_(u'Raw A6 records'),
+ ),
+ parameters.Str(
+ 'afsdbrecord',
+ required=False,
+ multivalue=True,
+ cli_name='afsdb_rec',
+ label=_(u'AFSDB record'),
+ doc=_(u'Raw AFSDB records'),
+ ),
+ parameters.Str(
+ 'aplrecord',
+ required=False,
+ multivalue=True,
+ cli_name='apl_rec',
+ label=_(u'APL record'),
+ doc=_(u'Raw APL records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'certrecord',
+ required=False,
+ multivalue=True,
+ cli_name='cert_rec',
+ label=_(u'CERT record'),
+ doc=_(u'Raw CERT records'),
+ ),
+ parameters.Str(
+ 'cnamerecord',
+ required=False,
+ multivalue=True,
+ cli_name='cname_rec',
+ label=_(u'CNAME record'),
+ doc=_(u'Raw CNAME records'),
+ ),
+ parameters.Str(
+ 'dhcidrecord',
+ required=False,
+ multivalue=True,
+ cli_name='dhcid_rec',
+ label=_(u'DHCID record'),
+ doc=_(u'Raw DHCID records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'dlvrecord',
+ required=False,
+ multivalue=True,
+ cli_name='dlv_rec',
+ label=_(u'DLV record'),
+ doc=_(u'Raw DLV records'),
+ ),
+ parameters.Str(
+ 'dnamerecord',
+ required=False,
+ multivalue=True,
+ cli_name='dname_rec',
+ label=_(u'DNAME record'),
+ doc=_(u'Raw DNAME records'),
+ ),
+ parameters.Str(
+ 'dnskeyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='dnskey_rec',
+ label=_(u'DNSKEY record'),
+ doc=_(u'Raw DNSKEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'dsrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ds_rec',
+ label=_(u'DS record'),
+ doc=_(u'Raw DS records'),
+ ),
+ parameters.Str(
+ 'hiprecord',
+ required=False,
+ multivalue=True,
+ cli_name='hip_rec',
+ label=_(u'HIP record'),
+ doc=_(u'Raw HIP records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'ipseckeyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ipseckey_rec',
+ label=_(u'IPSECKEY record'),
+ doc=_(u'Raw IPSECKEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'keyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='key_rec',
+ label=_(u'KEY record'),
+ doc=_(u'Raw KEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'kxrecord',
+ required=False,
+ multivalue=True,
+ cli_name='kx_rec',
+ label=_(u'KX record'),
+ doc=_(u'Raw KX records'),
+ ),
+ parameters.Str(
+ 'locrecord',
+ required=False,
+ multivalue=True,
+ cli_name='loc_rec',
+ label=_(u'LOC record'),
+ doc=_(u'Raw LOC records'),
+ ),
+ parameters.Str(
+ 'mxrecord',
+ required=False,
+ multivalue=True,
+ cli_name='mx_rec',
+ label=_(u'MX record'),
+ doc=_(u'Raw MX records'),
+ ),
+ parameters.Str(
+ 'naptrrecord',
+ required=False,
+ multivalue=True,
+ cli_name='naptr_rec',
+ label=_(u'NAPTR record'),
+ doc=_(u'Raw NAPTR records'),
+ ),
+ parameters.Str(
+ 'nsrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ns_rec',
+ label=_(u'NS record'),
+ doc=_(u'Raw NS records'),
+ ),
+ parameters.Str(
+ 'nsecrecord',
+ required=False,
+ multivalue=True,
+ cli_name='nsec_rec',
+ label=_(u'NSEC record'),
+ doc=_(u'Raw NSEC records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'nsec3record',
+ required=False,
+ multivalue=True,
+ cli_name='nsec3_rec',
+ label=_(u'NSEC3 record'),
+ doc=_(u'Raw NSEC3 records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'ptrrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ptr_rec',
+ label=_(u'PTR record'),
+ doc=_(u'Raw PTR records'),
+ ),
+ parameters.Str(
+ 'rrsigrecord',
+ required=False,
+ multivalue=True,
+ cli_name='rrsig_rec',
+ label=_(u'RRSIG record'),
+ doc=_(u'Raw RRSIG records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'rprecord',
+ required=False,
+ multivalue=True,
+ cli_name='rp_rec',
+ label=_(u'RP record'),
+ doc=_(u'Raw RP records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'sigrecord',
+ required=False,
+ multivalue=True,
+ cli_name='sig_rec',
+ label=_(u'SIG record'),
+ doc=_(u'Raw SIG records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'spfrecord',
+ required=False,
+ multivalue=True,
+ cli_name='spf_rec',
+ label=_(u'SPF record'),
+ doc=_(u'Raw SPF records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'srvrecord',
+ required=False,
+ multivalue=True,
+ cli_name='srv_rec',
+ label=_(u'SRV record'),
+ doc=_(u'Raw SRV records'),
+ ),
+ parameters.Str(
+ 'sshfprecord',
+ required=False,
+ multivalue=True,
+ cli_name='sshfp_rec',
+ label=_(u'SSHFP record'),
+ doc=_(u'Raw SSHFP records'),
+ ),
+ parameters.Str(
+ 'tarecord',
+ required=False,
+ multivalue=True,
+ cli_name='ta_rec',
+ label=_(u'TA record'),
+ doc=_(u'Raw TA records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'tlsarecord',
+ required=False,
+ multivalue=True,
+ cli_name='tlsa_rec',
+ label=_(u'TLSA record'),
+ doc=_(u'Raw TLSA records'),
+ ),
+ parameters.Str(
+ 'tkeyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='tkey_rec',
+ label=_(u'TKEY record'),
+ doc=_(u'Raw TKEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'tsigrecord',
+ required=False,
+ multivalue=True,
+ cli_name='tsig_rec',
+ label=_(u'TSIG record'),
+ doc=_(u'Raw TSIG records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'txtrecord',
+ required=False,
+ multivalue=True,
+ cli_name='txt_rec',
+ label=_(u'TXT record'),
+ doc=_(u'Raw TXT records'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'structured',
+ label=_(u'Structured'),
+ doc=_(u'Parse all raw DNS records and return them in a structured way'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("name")'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class dnsrecord_mod(Method):
+ __doc__ = _("Modify a DNS resource record.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'dnszoneidnsname',
+ cli_name='dnszone',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Record name'),
+ ),
+ )
+ takes_options = (
+ parameters.Int(
+ 'dnsttl',
+ required=False,
+ cli_name='ttl',
+ label=_(u'Time to live'),
+ ),
+ parameters.Str(
+ 'dnsclass',
+ required=False,
+ cli_name='class',
+ cli_metavar="['IN', 'CS', 'CH', 'HS']",
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'arecord',
+ required=False,
+ multivalue=True,
+ cli_name='a_rec',
+ option_group=u'A Record',
+ label=_(u'A record'),
+ doc=_(u'Raw A records'),
+ ),
+ parameters.Str(
+ 'a_part_ip_address',
+ required=False,
+ cli_name='a_ip_address',
+ option_group=u'A Record',
+ label=_(u'A IP Address'),
+ doc=_(u'IP Address'),
+ ),
+ parameters.Str(
+ 'aaaarecord',
+ required=False,
+ multivalue=True,
+ cli_name='aaaa_rec',
+ option_group=u'AAAA Record',
+ label=_(u'AAAA record'),
+ doc=_(u'Raw AAAA records'),
+ ),
+ parameters.Str(
+ 'aaaa_part_ip_address',
+ required=False,
+ cli_name='aaaa_ip_address',
+ option_group=u'AAAA Record',
+ label=_(u'AAAA IP Address'),
+ doc=_(u'IP Address'),
+ ),
+ parameters.Str(
+ 'a6record',
+ required=False,
+ multivalue=True,
+ cli_name='a6_rec',
+ option_group=u'A6 Record',
+ label=_(u'A6 record'),
+ doc=_(u'Raw A6 records'),
+ ),
+ parameters.Str(
+ 'a6_part_data',
+ required=False,
+ cli_name='a6_data',
+ option_group=u'A6 Record',
+ label=_(u'A6 Record data'),
+ doc=_(u'Record data'),
+ ),
+ parameters.Str(
+ 'afsdbrecord',
+ required=False,
+ multivalue=True,
+ cli_name='afsdb_rec',
+ option_group=u'AFSDB Record',
+ label=_(u'AFSDB record'),
+ doc=_(u'Raw AFSDB records'),
+ ),
+ parameters.Int(
+ 'afsdb_part_subtype',
+ required=False,
+ cli_name='afsdb_subtype',
+ option_group=u'AFSDB Record',
+ label=_(u'AFSDB Subtype'),
+ doc=_(u'Subtype'),
+ ),
+ parameters.DNSNameParam(
+ 'afsdb_part_hostname',
+ required=False,
+ cli_name='afsdb_hostname',
+ option_group=u'AFSDB Record',
+ label=_(u'AFSDB Hostname'),
+ doc=_(u'Hostname'),
+ ),
+ parameters.Str(
+ 'aplrecord',
+ required=False,
+ multivalue=True,
+ cli_name='apl_rec',
+ option_group=u'APL Record',
+ label=_(u'APL record'),
+ doc=_(u'Raw APL records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'certrecord',
+ required=False,
+ multivalue=True,
+ cli_name='cert_rec',
+ option_group=u'CERT Record',
+ label=_(u'CERT record'),
+ doc=_(u'Raw CERT records'),
+ ),
+ parameters.Int(
+ 'cert_part_type',
+ required=False,
+ cli_name='cert_type',
+ option_group=u'CERT Record',
+ label=_(u'CERT Certificate Type'),
+ doc=_(u'Certificate Type'),
+ ),
+ parameters.Int(
+ 'cert_part_key_tag',
+ required=False,
+ cli_name='cert_key_tag',
+ option_group=u'CERT Record',
+ label=_(u'CERT Key Tag'),
+ doc=_(u'Key Tag'),
+ ),
+ parameters.Int(
+ 'cert_part_algorithm',
+ required=False,
+ cli_name='cert_algorithm',
+ option_group=u'CERT Record',
+ label=_(u'CERT Algorithm'),
+ doc=_(u'Algorithm'),
+ ),
+ parameters.Str(
+ 'cert_part_certificate_or_crl',
+ required=False,
+ cli_name='cert_certificate_or_crl',
+ option_group=u'CERT Record',
+ label=_(u'CERT Certificate/CRL'),
+ doc=_(u'Certificate/CRL'),
+ ),
+ parameters.Str(
+ 'cnamerecord',
+ required=False,
+ multivalue=True,
+ cli_name='cname_rec',
+ option_group=u'CNAME Record',
+ label=_(u'CNAME record'),
+ doc=_(u'Raw CNAME records'),
+ ),
+ parameters.DNSNameParam(
+ 'cname_part_hostname',
+ required=False,
+ cli_name='cname_hostname',
+ option_group=u'CNAME Record',
+ label=_(u'CNAME Hostname'),
+ doc=_(u'A hostname which this alias hostname points to'),
+ ),
+ parameters.Str(
+ 'dhcidrecord',
+ required=False,
+ multivalue=True,
+ cli_name='dhcid_rec',
+ option_group=u'DHCID Record',
+ label=_(u'DHCID record'),
+ doc=_(u'Raw DHCID records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'dlvrecord',
+ required=False,
+ multivalue=True,
+ cli_name='dlv_rec',
+ option_group=u'DLV Record',
+ label=_(u'DLV record'),
+ doc=_(u'Raw DLV records'),
+ ),
+ parameters.Int(
+ 'dlv_part_key_tag',
+ required=False,
+ cli_name='dlv_key_tag',
+ option_group=u'DLV Record',
+ label=_(u'DLV Key Tag'),
+ doc=_(u'Key Tag'),
+ ),
+ parameters.Int(
+ 'dlv_part_algorithm',
+ required=False,
+ cli_name='dlv_algorithm',
+ option_group=u'DLV Record',
+ label=_(u'DLV Algorithm'),
+ doc=_(u'Algorithm'),
+ ),
+ parameters.Int(
+ 'dlv_part_digest_type',
+ required=False,
+ cli_name='dlv_digest_type',
+ option_group=u'DLV Record',
+ label=_(u'DLV Digest Type'),
+ doc=_(u'Digest Type'),
+ ),
+ parameters.Str(
+ 'dlv_part_digest',
+ required=False,
+ cli_name='dlv_digest',
+ option_group=u'DLV Record',
+ label=_(u'DLV Digest'),
+ doc=_(u'Digest'),
+ ),
+ parameters.Str(
+ 'dnamerecord',
+ required=False,
+ multivalue=True,
+ cli_name='dname_rec',
+ option_group=u'DNAME Record',
+ label=_(u'DNAME record'),
+ doc=_(u'Raw DNAME records'),
+ ),
+ parameters.DNSNameParam(
+ 'dname_part_target',
+ required=False,
+ cli_name='dname_target',
+ option_group=u'DNAME Record',
+ label=_(u'DNAME Target'),
+ doc=_(u'Target'),
+ ),
+ parameters.Str(
+ 'dnskeyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='dnskey_rec',
+ option_group=u'DNSKEY Record',
+ label=_(u'DNSKEY record'),
+ doc=_(u'Raw DNSKEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'dsrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ds_rec',
+ option_group=u'DS Record',
+ label=_(u'DS record'),
+ doc=_(u'Raw DS records'),
+ ),
+ parameters.Int(
+ 'ds_part_key_tag',
+ required=False,
+ cli_name='ds_key_tag',
+ option_group=u'DS Record',
+ label=_(u'DS Key Tag'),
+ doc=_(u'Key Tag'),
+ ),
+ parameters.Int(
+ 'ds_part_algorithm',
+ required=False,
+ cli_name='ds_algorithm',
+ option_group=u'DS Record',
+ label=_(u'DS Algorithm'),
+ doc=_(u'Algorithm'),
+ ),
+ parameters.Int(
+ 'ds_part_digest_type',
+ required=False,
+ cli_name='ds_digest_type',
+ option_group=u'DS Record',
+ label=_(u'DS Digest Type'),
+ doc=_(u'Digest Type'),
+ ),
+ parameters.Str(
+ 'ds_part_digest',
+ required=False,
+ cli_name='ds_digest',
+ option_group=u'DS Record',
+ label=_(u'DS Digest'),
+ doc=_(u'Digest'),
+ ),
+ parameters.Str(
+ 'hiprecord',
+ required=False,
+ multivalue=True,
+ cli_name='hip_rec',
+ option_group=u'HIP Record',
+ label=_(u'HIP record'),
+ doc=_(u'Raw HIP records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'ipseckeyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ipseckey_rec',
+ option_group=u'IPSECKEY Record',
+ label=_(u'IPSECKEY record'),
+ doc=_(u'Raw IPSECKEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'keyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='key_rec',
+ option_group=u'KEY Record',
+ label=_(u'KEY record'),
+ doc=_(u'Raw KEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'kxrecord',
+ required=False,
+ multivalue=True,
+ cli_name='kx_rec',
+ option_group=u'KX Record',
+ label=_(u'KX record'),
+ doc=_(u'Raw KX records'),
+ ),
+ parameters.Int(
+ 'kx_part_preference',
+ required=False,
+ cli_name='kx_preference',
+ option_group=u'KX Record',
+ label=_(u'KX Preference'),
+ doc=_(u'Preference given to this exchanger. Lower values are more preferred'),
+ ),
+ parameters.DNSNameParam(
+ 'kx_part_exchanger',
+ required=False,
+ cli_name='kx_exchanger',
+ option_group=u'KX Record',
+ label=_(u'KX Exchanger'),
+ doc=_(u'A host willing to act as a key exchanger'),
+ ),
+ parameters.Str(
+ 'locrecord',
+ required=False,
+ multivalue=True,
+ cli_name='loc_rec',
+ option_group=u'LOC Record',
+ label=_(u'LOC record'),
+ doc=_(u'Raw LOC records'),
+ ),
+ parameters.Int(
+ 'loc_part_lat_deg',
+ required=False,
+ cli_name='loc_lat_deg',
+ option_group=u'LOC Record',
+ label=_(u'LOC Degrees Latitude'),
+ doc=_(u'Degrees Latitude'),
+ ),
+ parameters.Int(
+ 'loc_part_lat_min',
+ required=False,
+ cli_name='loc_lat_min',
+ option_group=u'LOC Record',
+ label=_(u'LOC Minutes Latitude'),
+ doc=_(u'Minutes Latitude'),
+ ),
+ parameters.Decimal(
+ 'loc_part_lat_sec',
+ required=False,
+ cli_name='loc_lat_sec',
+ option_group=u'LOC Record',
+ label=_(u'LOC Seconds Latitude'),
+ doc=_(u'Seconds Latitude'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'loc_part_lat_dir',
+ required=False,
+ cli_name='loc_lat_dir',
+ option_group=u'LOC Record',
+ cli_metavar="['N', 'S']",
+ label=_(u'LOC Direction Latitude'),
+ doc=_(u'Direction Latitude'),
+ ),
+ parameters.Int(
+ 'loc_part_lon_deg',
+ required=False,
+ cli_name='loc_lon_deg',
+ option_group=u'LOC Record',
+ label=_(u'LOC Degrees Longitude'),
+ doc=_(u'Degrees Longitude'),
+ ),
+ parameters.Int(
+ 'loc_part_lon_min',
+ required=False,
+ cli_name='loc_lon_min',
+ option_group=u'LOC Record',
+ label=_(u'LOC Minutes Longitude'),
+ doc=_(u'Minutes Longitude'),
+ ),
+ parameters.Decimal(
+ 'loc_part_lon_sec',
+ required=False,
+ cli_name='loc_lon_sec',
+ option_group=u'LOC Record',
+ label=_(u'LOC Seconds Longitude'),
+ doc=_(u'Seconds Longitude'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'loc_part_lon_dir',
+ required=False,
+ cli_name='loc_lon_dir',
+ option_group=u'LOC Record',
+ cli_metavar="['E', 'W']",
+ label=_(u'LOC Direction Longitude'),
+ doc=_(u'Direction Longitude'),
+ ),
+ parameters.Decimal(
+ 'loc_part_altitude',
+ required=False,
+ cli_name='loc_altitude',
+ option_group=u'LOC Record',
+ label=_(u'LOC Altitude'),
+ doc=_(u'Altitude'),
+ no_convert=True,
+ ),
+ parameters.Decimal(
+ 'loc_part_size',
+ required=False,
+ cli_name='loc_size',
+ option_group=u'LOC Record',
+ label=_(u'LOC Size'),
+ doc=_(u'Size'),
+ no_convert=True,
+ ),
+ parameters.Decimal(
+ 'loc_part_h_precision',
+ required=False,
+ cli_name='loc_h_precision',
+ option_group=u'LOC Record',
+ label=_(u'LOC Horizontal Precision'),
+ doc=_(u'Horizontal Precision'),
+ no_convert=True,
+ ),
+ parameters.Decimal(
+ 'loc_part_v_precision',
+ required=False,
+ cli_name='loc_v_precision',
+ option_group=u'LOC Record',
+ label=_(u'LOC Vertical Precision'),
+ doc=_(u'Vertical Precision'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'mxrecord',
+ required=False,
+ multivalue=True,
+ cli_name='mx_rec',
+ option_group=u'MX Record',
+ label=_(u'MX record'),
+ doc=_(u'Raw MX records'),
+ ),
+ parameters.Int(
+ 'mx_part_preference',
+ required=False,
+ cli_name='mx_preference',
+ option_group=u'MX Record',
+ label=_(u'MX Preference'),
+ doc=_(u'Preference given to this exchanger. Lower values are more preferred'),
+ ),
+ parameters.DNSNameParam(
+ 'mx_part_exchanger',
+ required=False,
+ cli_name='mx_exchanger',
+ option_group=u'MX Record',
+ label=_(u'MX Exchanger'),
+ doc=_(u'A host willing to act as a mail exchanger'),
+ ),
+ parameters.Str(
+ 'naptrrecord',
+ required=False,
+ multivalue=True,
+ cli_name='naptr_rec',
+ option_group=u'NAPTR Record',
+ label=_(u'NAPTR record'),
+ doc=_(u'Raw NAPTR records'),
+ ),
+ parameters.Int(
+ 'naptr_part_order',
+ required=False,
+ cli_name='naptr_order',
+ option_group=u'NAPTR Record',
+ label=_(u'NAPTR Order'),
+ doc=_(u'Order'),
+ ),
+ parameters.Int(
+ 'naptr_part_preference',
+ required=False,
+ cli_name='naptr_preference',
+ option_group=u'NAPTR Record',
+ label=_(u'NAPTR Preference'),
+ doc=_(u'Preference'),
+ ),
+ parameters.Str(
+ 'naptr_part_flags',
+ required=False,
+ cli_name='naptr_flags',
+ option_group=u'NAPTR Record',
+ label=_(u'NAPTR Flags'),
+ doc=_(u'Flags'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'naptr_part_service',
+ required=False,
+ cli_name='naptr_service',
+ option_group=u'NAPTR Record',
+ label=_(u'NAPTR Service'),
+ doc=_(u'Service'),
+ ),
+ parameters.Str(
+ 'naptr_part_regexp',
+ required=False,
+ cli_name='naptr_regexp',
+ option_group=u'NAPTR Record',
+ label=_(u'NAPTR Regular Expression'),
+ doc=_(u'Regular Expression'),
+ ),
+ parameters.Str(
+ 'naptr_part_replacement',
+ required=False,
+ cli_name='naptr_replacement',
+ option_group=u'NAPTR Record',
+ label=_(u'NAPTR Replacement'),
+ doc=_(u'Replacement'),
+ ),
+ parameters.Str(
+ 'nsrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ns_rec',
+ option_group=u'NS Record',
+ label=_(u'NS record'),
+ doc=_(u'Raw NS records'),
+ ),
+ parameters.DNSNameParam(
+ 'ns_part_hostname',
+ required=False,
+ cli_name='ns_hostname',
+ option_group=u'NS Record',
+ label=_(u'NS Hostname'),
+ doc=_(u'Hostname'),
+ ),
+ parameters.Str(
+ 'nsecrecord',
+ required=False,
+ multivalue=True,
+ cli_name='nsec_rec',
+ option_group=u'NSEC Record',
+ label=_(u'NSEC record'),
+ doc=_(u'Raw NSEC records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'nsec3record',
+ required=False,
+ multivalue=True,
+ cli_name='nsec3_rec',
+ option_group=u'NSEC3 Record',
+ label=_(u'NSEC3 record'),
+ doc=_(u'Raw NSEC3 records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'ptrrecord',
+ required=False,
+ multivalue=True,
+ cli_name='ptr_rec',
+ option_group=u'PTR Record',
+ label=_(u'PTR record'),
+ doc=_(u'Raw PTR records'),
+ ),
+ parameters.DNSNameParam(
+ 'ptr_part_hostname',
+ required=False,
+ cli_name='ptr_hostname',
+ option_group=u'PTR Record',
+ label=_(u'PTR Hostname'),
+ doc=_(u'The hostname this reverse record points to'),
+ ),
+ parameters.Str(
+ 'rrsigrecord',
+ required=False,
+ multivalue=True,
+ cli_name='rrsig_rec',
+ option_group=u'RRSIG Record',
+ label=_(u'RRSIG record'),
+ doc=_(u'Raw RRSIG records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'rprecord',
+ required=False,
+ multivalue=True,
+ cli_name='rp_rec',
+ option_group=u'RP Record',
+ label=_(u'RP record'),
+ doc=_(u'Raw RP records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'sigrecord',
+ required=False,
+ multivalue=True,
+ cli_name='sig_rec',
+ option_group=u'SIG Record',
+ label=_(u'SIG record'),
+ doc=_(u'Raw SIG records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'spfrecord',
+ required=False,
+ multivalue=True,
+ cli_name='spf_rec',
+ option_group=u'SPF Record',
+ label=_(u'SPF record'),
+ doc=_(u'Raw SPF records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'srvrecord',
+ required=False,
+ multivalue=True,
+ cli_name='srv_rec',
+ option_group=u'SRV Record',
+ label=_(u'SRV record'),
+ doc=_(u'Raw SRV records'),
+ ),
+ parameters.Int(
+ 'srv_part_priority',
+ required=False,
+ cli_name='srv_priority',
+ option_group=u'SRV Record',
+ label=_(u'SRV Priority'),
+ doc=_(u'Priority'),
+ ),
+ parameters.Int(
+ 'srv_part_weight',
+ required=False,
+ cli_name='srv_weight',
+ option_group=u'SRV Record',
+ label=_(u'SRV Weight'),
+ doc=_(u'Weight'),
+ ),
+ parameters.Int(
+ 'srv_part_port',
+ required=False,
+ cli_name='srv_port',
+ option_group=u'SRV Record',
+ label=_(u'SRV Port'),
+ doc=_(u'Port'),
+ ),
+ parameters.DNSNameParam(
+ 'srv_part_target',
+ required=False,
+ cli_name='srv_target',
+ option_group=u'SRV Record',
+ label=_(u'SRV Target'),
+ doc=_(u"The domain name of the target host or '.' if the service is decidedly not available at this domain"),
+ ),
+ parameters.Str(
+ 'sshfprecord',
+ required=False,
+ multivalue=True,
+ cli_name='sshfp_rec',
+ option_group=u'SSHFP Record',
+ label=_(u'SSHFP record'),
+ doc=_(u'Raw SSHFP records'),
+ ),
+ parameters.Int(
+ 'sshfp_part_algorithm',
+ required=False,
+ cli_name='sshfp_algorithm',
+ option_group=u'SSHFP Record',
+ label=_(u'SSHFP Algorithm'),
+ doc=_(u'Algorithm'),
+ ),
+ parameters.Int(
+ 'sshfp_part_fp_type',
+ required=False,
+ cli_name='sshfp_fp_type',
+ option_group=u'SSHFP Record',
+ label=_(u'SSHFP Fingerprint Type'),
+ doc=_(u'Fingerprint Type'),
+ ),
+ parameters.Str(
+ 'sshfp_part_fingerprint',
+ required=False,
+ cli_name='sshfp_fingerprint',
+ option_group=u'SSHFP Record',
+ label=_(u'SSHFP Fingerprint'),
+ doc=_(u'Fingerprint'),
+ ),
+ parameters.Str(
+ 'tarecord',
+ required=False,
+ multivalue=True,
+ cli_name='ta_rec',
+ option_group=u'TA Record',
+ label=_(u'TA record'),
+ doc=_(u'Raw TA records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'tlsarecord',
+ required=False,
+ multivalue=True,
+ cli_name='tlsa_rec',
+ option_group=u'TLSA Record',
+ label=_(u'TLSA record'),
+ doc=_(u'Raw TLSA records'),
+ ),
+ parameters.Int(
+ 'tlsa_part_cert_usage',
+ required=False,
+ cli_name='tlsa_cert_usage',
+ option_group=u'TLSA Record',
+ label=_(u'TLSA Certificate Usage'),
+ doc=_(u'Certificate Usage'),
+ ),
+ parameters.Int(
+ 'tlsa_part_selector',
+ required=False,
+ cli_name='tlsa_selector',
+ option_group=u'TLSA Record',
+ label=_(u'TLSA Selector'),
+ doc=_(u'Selector'),
+ ),
+ parameters.Int(
+ 'tlsa_part_matching_type',
+ required=False,
+ cli_name='tlsa_matching_type',
+ option_group=u'TLSA Record',
+ label=_(u'TLSA Matching Type'),
+ doc=_(u'Matching Type'),
+ ),
+ parameters.Str(
+ 'tlsa_part_cert_association_data',
+ required=False,
+ cli_name='tlsa_cert_association_data',
+ option_group=u'TLSA Record',
+ label=_(u'TLSA Certificate Association Data'),
+ doc=_(u'Certificate Association Data'),
+ ),
+ parameters.Str(
+ 'tkeyrecord',
+ required=False,
+ multivalue=True,
+ cli_name='tkey_rec',
+ option_group=u'TKEY Record',
+ label=_(u'TKEY record'),
+ doc=_(u'Raw TKEY records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'tsigrecord',
+ required=False,
+ multivalue=True,
+ cli_name='tsig_rec',
+ option_group=u'TSIG Record',
+ label=_(u'TSIG record'),
+ doc=_(u'Raw TSIG records'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'txtrecord',
+ required=False,
+ multivalue=True,
+ cli_name='txt_rec',
+ option_group=u'TXT Record',
+ label=_(u'TXT record'),
+ doc=_(u'Raw TXT records'),
+ ),
+ parameters.Str(
+ 'txt_part_data',
+ required=False,
+ cli_name='txt_data',
+ option_group=u'TXT Record',
+ label=_(u'TXT Text Data'),
+ doc=_(u'Text Data'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'structured',
+ label=_(u'Structured'),
+ doc=_(u'Parse all raw DNS records and return them in a structured way'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.DNSNameParam(
+ 'rename',
+ required=False,
+ label=_(u'Rename'),
+ doc=_(u'Rename the DNS resource record object'),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dnsrecord_show(Method):
+ __doc__ = _("Display DNS resource.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'dnszoneidnsname',
+ cli_name='dnszone',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Record name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'structured',
+ label=_(u'Structured'),
+ doc=_(u'Parse all raw DNS records and return them in a structured way'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dnszone_add(Method):
+ __doc__ = _("Create new DNS zone (SOA record).")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'name_from_ip',
+ required=False,
+ label=_(u'Reverse zone IP network'),
+ doc=_(u'IP network to create reverse zone name from'),
+ ),
+ parameters.Str(
+ 'idnsforwarders',
+ required=False,
+ multivalue=True,
+ cli_name='forwarder',
+ label=_(u'Zone forwarders'),
+ doc=_(u'Per-zone forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"'),
+ ),
+ parameters.Str(
+ 'idnsforwardpolicy',
+ required=False,
+ cli_name='forward_policy',
+ cli_metavar="['only', 'first', 'none']",
+ label=_(u'Forward policy'),
+ doc=_(u'Per-zone conditional forwarding policy. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded.'),
+ ),
+ parameters.DNSNameParam(
+ 'idnssoamname',
+ required=False,
+ cli_name='name_server',
+ label=_(u'Authoritative nameserver'),
+ doc=_(u'Authoritative nameserver domain name'),
+ ),
+ parameters.DNSNameParam(
+ 'idnssoarname',
+ cli_name='admin_email',
+ label=_(u'Administrator e-mail address'),
+ default=DNSName(u'hostmaster'),
+ autofill=True,
+ no_convert=True,
+ ),
+ parameters.Int(
+ 'idnssoaserial',
+ cli_name='serial',
+ label=_(u'SOA serial'),
+ doc=_(u'SOA record serial number'),
+ default_from=DefaultFrom(lambda : None),
+ # FIXME:
+ # def _create_zone_serial():
+ # """
+ # Generate serial number for zones. bind-dyndb-ldap expects unix time in
+ # to be used for SOA serial.
+ #
+ # SOA serial in a date format would also work, but it may be set to far
+ # future when many DNS updates are done per day (more than 100). Unix
+ # timestamp is more resilient to this issue.
+ # """
+ # return int(time.time())
+ autofill=True,
+ ),
+ parameters.Int(
+ 'idnssoarefresh',
+ cli_name='refresh',
+ label=_(u'SOA refresh'),
+ doc=_(u'SOA record refresh time'),
+ default=3600,
+ autofill=True,
+ ),
+ parameters.Int(
+ 'idnssoaretry',
+ cli_name='retry',
+ label=_(u'SOA retry'),
+ doc=_(u'SOA record retry time'),
+ default=900,
+ autofill=True,
+ ),
+ parameters.Int(
+ 'idnssoaexpire',
+ cli_name='expire',
+ label=_(u'SOA expire'),
+ doc=_(u'SOA record expire time'),
+ default=1209600,
+ autofill=True,
+ ),
+ parameters.Int(
+ 'idnssoaminimum',
+ cli_name='minimum',
+ label=_(u'SOA minimum'),
+ doc=_(u'How long should negative responses be cached'),
+ default=3600,
+ autofill=True,
+ ),
+ parameters.Int(
+ 'dnsttl',
+ required=False,
+ cli_name='ttl',
+ label=_(u'Time to live'),
+ doc=_(u'Time to live for records at zone apex'),
+ ),
+ parameters.Str(
+ 'dnsclass',
+ required=False,
+ cli_name='class',
+ cli_metavar="['IN', 'CS', 'CH', 'HS']",
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'idnsupdatepolicy',
+ required=False,
+ cli_name='update_policy',
+ label=_(u'BIND update policy'),
+ default_from=DefaultFrom(lambda idnsname: None, 'idnsname'),
+ # FIXME:
+ # lambda idnsname: default_zone_update_policy(idnsname)
+ autofill=True,
+ ),
+ parameters.Bool(
+ 'idnsallowdynupdate',
+ required=False,
+ cli_name='dynamic_update',
+ label=_(u'Dynamic update'),
+ doc=_(u'Allow dynamic updates.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'idnsallowquery',
+ required=False,
+ cli_name='allow_query',
+ label=_(u'Allow query'),
+ doc=_(u'Semicolon separated list of IP addresses or networks which are allowed to issue queries'),
+ default=u'any;',
+ autofill=True,
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'idnsallowtransfer',
+ required=False,
+ cli_name='allow_transfer',
+ label=_(u'Allow transfer'),
+ doc=_(u'Semicolon separated list of IP addresses or networks which are allowed to transfer the zone'),
+ default=u'none;',
+ autofill=True,
+ no_convert=True,
+ ),
+ parameters.Bool(
+ 'idnsallowsyncptr',
+ required=False,
+ cli_name='allow_sync_ptr',
+ label=_(u'Allow PTR sync'),
+ doc=_(u'Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the zone'),
+ ),
+ parameters.Bool(
+ 'idnssecinlinesigning',
+ required=False,
+ cli_name='dnssec',
+ label=_(u'Allow in-line DNSSEC signing'),
+ doc=_(u'Allow inline DNSSEC signing of records in the zone'),
+ default=False,
+ ),
+ parameters.Str(
+ 'nsec3paramrecord',
+ required=False,
+ cli_name='nsec3param_rec',
+ label=_(u'NSEC3PARAM record'),
+ doc=_(u'NSEC3PARAM record for zone in format: hash_algorithm flags iterations salt'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'force',
+ label=_(u'Force'),
+ doc=_(u'Force DNS zone creation even if nameserver is not resolvable.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'ip_address',
+ required=False,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dnszone_add_permission(Method):
+ __doc__ = _("Add a permission for per-zone access delegation.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.Output(
+ 'value',
+ unicode,
+ doc=_(u'Permission value'),
+ ),
+ )
+
+
+@register()
+class dnszone_del(Method):
+ __doc__ = _("Delete DNS zone (SOA record).")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ multivalue=True,
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class dnszone_disable(Method):
+ __doc__ = _("Disable DNS Zone.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dnszone_enable(Method):
+ __doc__ = _("Enable DNS Zone.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dnszone_find(Method):
+ __doc__ = _("Search for DNS zones (SOA records).")
+
+ takes_args = (
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ required=False,
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'name_from_ip',
+ required=False,
+ label=_(u'Reverse zone IP network'),
+ doc=_(u'IP network to create reverse zone name from'),
+ ),
+ parameters.Bool(
+ 'idnszoneactive',
+ required=False,
+ cli_name='zone_active',
+ label=_(u'Active zone'),
+ doc=_(u'Is zone active?'),
+ ),
+ parameters.Str(
+ 'idnsforwarders',
+ required=False,
+ multivalue=True,
+ cli_name='forwarder',
+ label=_(u'Zone forwarders'),
+ doc=_(u'Per-zone forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"'),
+ ),
+ parameters.Str(
+ 'idnsforwardpolicy',
+ required=False,
+ cli_name='forward_policy',
+ cli_metavar="['only', 'first', 'none']",
+ label=_(u'Forward policy'),
+ doc=_(u'Per-zone conditional forwarding policy. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded.'),
+ ),
+ parameters.DNSNameParam(
+ 'idnssoamname',
+ required=False,
+ cli_name='name_server',
+ label=_(u'Authoritative nameserver'),
+ doc=_(u'Authoritative nameserver domain name'),
+ ),
+ parameters.DNSNameParam(
+ 'idnssoarname',
+ required=False,
+ cli_name='admin_email',
+ label=_(u'Administrator e-mail address'),
+ default=DNSName(u'hostmaster'),
+ no_convert=True,
+ ),
+ parameters.Int(
+ 'idnssoaserial',
+ required=False,
+ cli_name='serial',
+ label=_(u'SOA serial'),
+ doc=_(u'SOA record serial number'),
+ default_from=DefaultFrom(lambda : None),
+ # FIXME:
+ # def _create_zone_serial():
+ # """
+ # Generate serial number for zones. bind-dyndb-ldap expects unix time in
+ # to be used for SOA serial.
+ #
+ # SOA serial in a date format would also work, but it may be set to far
+ # future when many DNS updates are done per day (more than 100). Unix
+ # timestamp is more resilient to this issue.
+ # """
+ # return int(time.time())
+ ),
+ parameters.Int(
+ 'idnssoarefresh',
+ required=False,
+ cli_name='refresh',
+ label=_(u'SOA refresh'),
+ doc=_(u'SOA record refresh time'),
+ default=3600,
+ ),
+ parameters.Int(
+ 'idnssoaretry',
+ required=False,
+ cli_name='retry',
+ label=_(u'SOA retry'),
+ doc=_(u'SOA record retry time'),
+ default=900,
+ ),
+ parameters.Int(
+ 'idnssoaexpire',
+ required=False,
+ cli_name='expire',
+ label=_(u'SOA expire'),
+ doc=_(u'SOA record expire time'),
+ default=1209600,
+ ),
+ parameters.Int(
+ 'idnssoaminimum',
+ required=False,
+ cli_name='minimum',
+ label=_(u'SOA minimum'),
+ doc=_(u'How long should negative responses be cached'),
+ default=3600,
+ ),
+ parameters.Int(
+ 'dnsttl',
+ required=False,
+ cli_name='ttl',
+ label=_(u'Time to live'),
+ doc=_(u'Time to live for records at zone apex'),
+ ),
+ parameters.Str(
+ 'dnsclass',
+ required=False,
+ cli_name='class',
+ cli_metavar="['IN', 'CS', 'CH', 'HS']",
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'idnsupdatepolicy',
+ required=False,
+ cli_name='update_policy',
+ label=_(u'BIND update policy'),
+ default_from=DefaultFrom(lambda idnsname: None, 'idnsname'),
+ # FIXME:
+ # lambda idnsname: default_zone_update_policy(idnsname)
+ ),
+ parameters.Bool(
+ 'idnsallowdynupdate',
+ required=False,
+ cli_name='dynamic_update',
+ label=_(u'Dynamic update'),
+ doc=_(u'Allow dynamic updates.'),
+ default=False,
+ ),
+ parameters.Str(
+ 'idnsallowquery',
+ required=False,
+ cli_name='allow_query',
+ label=_(u'Allow query'),
+ doc=_(u'Semicolon separated list of IP addresses or networks which are allowed to issue queries'),
+ default=u'any;',
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'idnsallowtransfer',
+ required=False,
+ cli_name='allow_transfer',
+ label=_(u'Allow transfer'),
+ doc=_(u'Semicolon separated list of IP addresses or networks which are allowed to transfer the zone'),
+ default=u'none;',
+ no_convert=True,
+ ),
+ parameters.Bool(
+ 'idnsallowsyncptr',
+ required=False,
+ cli_name='allow_sync_ptr',
+ label=_(u'Allow PTR sync'),
+ doc=_(u'Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the zone'),
+ ),
+ parameters.Bool(
+ 'idnssecinlinesigning',
+ required=False,
+ cli_name='dnssec',
+ label=_(u'Allow in-line DNSSEC signing'),
+ doc=_(u'Allow inline DNSSEC signing of records in the zone'),
+ default=False,
+ ),
+ parameters.Str(
+ 'nsec3paramrecord',
+ required=False,
+ cli_name='nsec3param_rec',
+ label=_(u'NSEC3PARAM record'),
+ doc=_(u'NSEC3PARAM record for zone in format: hash_algorithm flags iterations salt'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'forward_only',
+ label=_(u'Forward zones only'),
+ doc=_(u'Search for forward zones only'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("name")'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class dnszone_mod(Method):
+ __doc__ = _("Modify DNS zone (SOA record).")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'name_from_ip',
+ required=False,
+ label=_(u'Reverse zone IP network'),
+ doc=_(u'IP network to create reverse zone name from'),
+ ),
+ parameters.Str(
+ 'idnsforwarders',
+ required=False,
+ multivalue=True,
+ cli_name='forwarder',
+ label=_(u'Zone forwarders'),
+ doc=_(u'Per-zone forwarders. A custom port can be specified for each forwarder using a standard format "IP_ADDRESS port PORT"'),
+ ),
+ parameters.Str(
+ 'idnsforwardpolicy',
+ required=False,
+ cli_name='forward_policy',
+ cli_metavar="['only', 'first', 'none']",
+ label=_(u'Forward policy'),
+ doc=_(u'Per-zone conditional forwarding policy. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded.'),
+ ),
+ parameters.DNSNameParam(
+ 'idnssoamname',
+ required=False,
+ cli_name='name_server',
+ label=_(u'Authoritative nameserver'),
+ doc=_(u'Authoritative nameserver domain name'),
+ ),
+ parameters.DNSNameParam(
+ 'idnssoarname',
+ required=False,
+ cli_name='admin_email',
+ label=_(u'Administrator e-mail address'),
+ default=DNSName(u'hostmaster'),
+ no_convert=True,
+ ),
+ parameters.Int(
+ 'idnssoaserial',
+ required=False,
+ cli_name='serial',
+ label=_(u'SOA serial'),
+ doc=_(u'SOA record serial number'),
+ default_from=DefaultFrom(lambda : None),
+ # FIXME:
+ # def _create_zone_serial():
+ # """
+ # Generate serial number for zones. bind-dyndb-ldap expects unix time in
+ # to be used for SOA serial.
+ #
+ # SOA serial in a date format would also work, but it may be set to far
+ # future when many DNS updates are done per day (more than 100). Unix
+ # timestamp is more resilient to this issue.
+ # """
+ # return int(time.time())
+ ),
+ parameters.Int(
+ 'idnssoarefresh',
+ required=False,
+ cli_name='refresh',
+ label=_(u'SOA refresh'),
+ doc=_(u'SOA record refresh time'),
+ default=3600,
+ ),
+ parameters.Int(
+ 'idnssoaretry',
+ required=False,
+ cli_name='retry',
+ label=_(u'SOA retry'),
+ doc=_(u'SOA record retry time'),
+ default=900,
+ ),
+ parameters.Int(
+ 'idnssoaexpire',
+ required=False,
+ cli_name='expire',
+ label=_(u'SOA expire'),
+ doc=_(u'SOA record expire time'),
+ default=1209600,
+ ),
+ parameters.Int(
+ 'idnssoaminimum',
+ required=False,
+ cli_name='minimum',
+ label=_(u'SOA minimum'),
+ doc=_(u'How long should negative responses be cached'),
+ default=3600,
+ ),
+ parameters.Int(
+ 'dnsttl',
+ required=False,
+ cli_name='ttl',
+ label=_(u'Time to live'),
+ doc=_(u'Time to live for records at zone apex'),
+ ),
+ parameters.Str(
+ 'dnsclass',
+ required=False,
+ cli_name='class',
+ cli_metavar="['IN', 'CS', 'CH', 'HS']",
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'idnsupdatepolicy',
+ required=False,
+ cli_name='update_policy',
+ label=_(u'BIND update policy'),
+ default_from=DefaultFrom(lambda idnsname: None, 'idnsname'),
+ # FIXME:
+ # lambda idnsname: default_zone_update_policy(idnsname)
+ ),
+ parameters.Bool(
+ 'idnsallowdynupdate',
+ required=False,
+ cli_name='dynamic_update',
+ label=_(u'Dynamic update'),
+ doc=_(u'Allow dynamic updates.'),
+ default=False,
+ ),
+ parameters.Str(
+ 'idnsallowquery',
+ required=False,
+ cli_name='allow_query',
+ label=_(u'Allow query'),
+ doc=_(u'Semicolon separated list of IP addresses or networks which are allowed to issue queries'),
+ default=u'any;',
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'idnsallowtransfer',
+ required=False,
+ cli_name='allow_transfer',
+ label=_(u'Allow transfer'),
+ doc=_(u'Semicolon separated list of IP addresses or networks which are allowed to transfer the zone'),
+ default=u'none;',
+ no_convert=True,
+ ),
+ parameters.Bool(
+ 'idnsallowsyncptr',
+ required=False,
+ cli_name='allow_sync_ptr',
+ label=_(u'Allow PTR sync'),
+ doc=_(u'Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the zone'),
+ ),
+ parameters.Bool(
+ 'idnssecinlinesigning',
+ required=False,
+ cli_name='dnssec',
+ label=_(u'Allow in-line DNSSEC signing'),
+ doc=_(u'Allow inline DNSSEC signing of records in the zone'),
+ default=False,
+ ),
+ parameters.Str(
+ 'nsec3paramrecord',
+ required=False,
+ cli_name='nsec3param_rec',
+ label=_(u'NSEC3PARAM record'),
+ doc=_(u'NSEC3PARAM record for zone in format: hash_algorithm flags iterations salt'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'force',
+ label=_(u'Force'),
+ doc=_(u'Force nameserver change even if nameserver not in DNS'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class dnszone_remove_permission(Method):
+ __doc__ = _("Remove a permission for per-zone access delegation.")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.Output(
+ 'value',
+ unicode,
+ doc=_(u'Permission value'),
+ ),
+ )
+
+
+@register()
+class dnszone_show(Method):
+ __doc__ = _("Display information about a DNS zone (SOA record).")
+
+ takes_args = (
+ parameters.DNSNameParam(
+ 'idnsname',
+ cli_name='name',
+ label=_(u'Zone name'),
+ doc=_(u'Zone name (FQDN)'),
+ default_from=DefaultFrom(lambda name_from_ip: None, 'name_from_ip'),
+ # FIXME:
+ # lambda name_from_ip: _reverse_zone_name(name_from_ip)
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/group.py b/ipaclient/remote_plugins/2_114/group.py
new file mode 100644
index 0000000..86d8f7d
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/group.py
@@ -0,0 +1,912 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Groups of users
+
+Manage groups of users. By default, new groups are POSIX groups. You
+can add the --nonposix option to the group-add command to mark a new group
+as non-POSIX. You can use the --posix argument with the group-mod command
+to convert a non-POSIX group into a POSIX group. POSIX groups cannot be
+converted to non-POSIX groups.
+
+Every group must have a description.
+
+POSIX groups must have a Group ID (GID) number. Changing a GID is
+supported but can have an impact on your file permissions. It is not necessary
+to supply a GID when creating a group. IPA will generate one automatically
+if it is not provided.
+
+EXAMPLES:
+
+ Add a new group:
+ ipa group-add --desc='local administrators' localadmins
+
+ Add a new non-POSIX group:
+ ipa group-add --nonposix --desc='remote administrators' remoteadmins
+
+ Convert a non-POSIX group to posix:
+ ipa group-mod --posix remoteadmins
+
+ Add a new POSIX group with a specific Group ID number:
+ ipa group-add --gid=500 --desc='unix admins' unixadmins
+
+ Add a new POSIX group and let IPA assign a Group ID number:
+ ipa group-add --desc='printer admins' printeradmins
+
+ Remove a group:
+ ipa group-del unixadmins
+
+ To add the "remoteadmins" group to the "localadmins" group:
+ ipa group-add-member --groups=remoteadmins localadmins
+
+ Add multiple users to the "localadmins" group:
+ ipa group-add-member --users=test1 --users=test2 localadmins
+
+ Remove a user from the "localadmins" group:
+ ipa group-remove-member --users=test2 localadmins
+
+ Display information about a named group.
+ ipa group-show localadmins
+
+External group membership is designed to allow users from trusted domains
+to be mapped to local POSIX groups in order to actually use IPA resources.
+External members should be added to groups that specifically created as
+external and non-POSIX. Such group later should be included into one of POSIX
+groups.
+
+An external group member is currently a Security Identifier (SID) as defined by
+the trusted domain. When adding external group members, it is possible to
+specify them in either SID, or DOM\name, or name@domain format. IPA will attempt
+to resolve passed name to SID with the use of Global Catalog of the trusted domain.
+
+Example:
+
+1. Create group for the trusted domain admins' mapping and their local POSIX group:
+
+ ipa group-add --desc='<ad.domain> admins external map' ad_admins_external --external
+ ipa group-add --desc='<ad.domain> admins' ad_admins
+
+2. Add security identifier of Domain Admins of the <ad.domain> to the ad_admins_external
+ group:
+
+ ipa group-add-member ad_admins_external --external 'AD\Domain Admins'
+
+3. Allow members of ad_admins_external group to be associated with ad_admins POSIX group:
+
+ ipa group-add-member ad_admins --groups ad_admins_external
+
+4. List members of external members of ad_admins_external group to see their SIDs:
+
+ ipa group-show ad_admins_external
+""")
+
+register = Registry()
+
+
+@register()
+class group(Object):
+ takes_params = (
+ parameters.Str(
+ 'cn',
+ primary_key=True,
+ label=_(u'Group name'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ label=_(u'Description'),
+ doc=_(u'Group description'),
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ label=_(u'GID'),
+ doc=_(u'GID (use this option to set it manually)'),
+ ),
+ parameters.Str(
+ 'member_user',
+ required=False,
+ label=_(u'Member users'),
+ ),
+ parameters.Str(
+ 'member_group',
+ required=False,
+ label=_(u'Member groups'),
+ ),
+ parameters.Str(
+ 'memberof_group',
+ required=False,
+ label=_(u'Member of groups'),
+ ),
+ parameters.Str(
+ 'memberof_role',
+ required=False,
+ label=_(u'Roles'),
+ ),
+ parameters.Str(
+ 'memberof_netgroup',
+ required=False,
+ label=_(u'Member of netgroups'),
+ ),
+ parameters.Str(
+ 'memberof_sudorule',
+ required=False,
+ label=_(u'Member of Sudo rule'),
+ ),
+ parameters.Str(
+ 'memberof_hbacrule',
+ required=False,
+ label=_(u'Member of HBAC rule'),
+ ),
+ parameters.Str(
+ 'memberindirect_user',
+ required=False,
+ label=_(u'Indirect Member users'),
+ ),
+ parameters.Str(
+ 'memberindirect_group',
+ required=False,
+ label=_(u'Indirect Member groups'),
+ ),
+ parameters.Str(
+ 'memberofindirect_group',
+ required=False,
+ label=_(u'Indirect Member of group'),
+ ),
+ parameters.Str(
+ 'memberofindirect_netgroup',
+ required=False,
+ label=_(u'Indirect Member of netgroup'),
+ ),
+ parameters.Str(
+ 'memberofindirect_role',
+ required=False,
+ label=_(u'Indirect Member of role'),
+ ),
+ parameters.Str(
+ 'memberofindirect_sudorule',
+ required=False,
+ label=_(u'Indirect Member of Sudo rule'),
+ ),
+ parameters.Str(
+ 'memberofindirect_hbacrule',
+ required=False,
+ label=_(u'Indirect Member of HBAC rule'),
+ ),
+ )
+
+
+@register()
+class group_add(Method):
+ __doc__ = _("Create a new group.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='group_name',
+ label=_(u'Group name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'Group description'),
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ cli_name='gid',
+ label=_(u'GID'),
+ doc=_(u'GID (use this option to set it manually)'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'nonposix',
+ doc=_(u'Create as a non-POSIX group'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'external',
+ doc=_(u'Allow adding external non-IPA members from trusted domains'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class group_add_member(Method):
+ __doc__ = _("Add members to a group.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='group_name',
+ label=_(u'Group name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'ipaexternalmember',
+ required=False,
+ multivalue=True,
+ cli_name='external',
+ label=_(u'External member'),
+ doc=_(u'Members of a trusted domain in DOM\\name or name@domain form'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'user',
+ required=False,
+ multivalue=True,
+ cli_name='users',
+ label=_(u'member user'),
+ doc=_(u'users to add'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ multivalue=True,
+ cli_name='groups',
+ label=_(u'member group'),
+ doc=_(u'groups to add'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be added'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members added'),
+ ),
+ )
+
+
+@register()
+class group_del(Method):
+ __doc__ = _("Delete group.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ multivalue=True,
+ cli_name='group_name',
+ label=_(u'Group name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class group_detach(Method):
+ __doc__ = _("Detach a managed group from a user.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='group_name',
+ label=_(u'Group name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class group_find(Method):
+ __doc__ = _("Search for groups.")
+
+ takes_args = (
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'cn',
+ required=False,
+ cli_name='group_name',
+ label=_(u'Group name'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'Group description'),
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ cli_name='gid',
+ label=_(u'GID'),
+ doc=_(u'GID (use this option to set it manually)'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'private',
+ doc=_(u'search for private groups'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'posix',
+ doc=_(u'search for POSIX groups'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'external',
+ doc=_(u'search for groups with support of external non-IPA members from trusted domains'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'nonposix',
+ doc=_(u'search for non-POSIX groups'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("group-name")'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'user',
+ required=False,
+ multivalue=True,
+ cli_name='users',
+ label=_(u'user'),
+ doc=_(u'Search for groups with these member users.'),
+ ),
+ parameters.Str(
+ 'no_user',
+ required=False,
+ multivalue=True,
+ cli_name='no_users',
+ label=_(u'user'),
+ doc=_(u'Search for groups without these member users.'),
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ multivalue=True,
+ cli_name='groups',
+ label=_(u'group'),
+ doc=_(u'Search for groups with these member groups.'),
+ ),
+ parameters.Str(
+ 'no_group',
+ required=False,
+ multivalue=True,
+ cli_name='no_groups',
+ label=_(u'group'),
+ doc=_(u'Search for groups without these member groups.'),
+ ),
+ parameters.Str(
+ 'in_group',
+ required=False,
+ multivalue=True,
+ cli_name='in_groups',
+ label=_(u'group'),
+ doc=_(u'Search for groups with these member of groups.'),
+ ),
+ parameters.Str(
+ 'not_in_group',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_groups',
+ label=_(u'group'),
+ doc=_(u'Search for groups without these member of groups.'),
+ ),
+ parameters.Str(
+ 'in_netgroup',
+ required=False,
+ multivalue=True,
+ cli_name='in_netgroups',
+ label=_(u'netgroup'),
+ doc=_(u'Search for groups with these member of netgroups.'),
+ ),
+ parameters.Str(
+ 'not_in_netgroup',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_netgroups',
+ label=_(u'netgroup'),
+ doc=_(u'Search for groups without these member of netgroups.'),
+ ),
+ parameters.Str(
+ 'in_role',
+ required=False,
+ multivalue=True,
+ cli_name='in_roles',
+ label=_(u'role'),
+ doc=_(u'Search for groups with these member of roles.'),
+ ),
+ parameters.Str(
+ 'not_in_role',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_roles',
+ label=_(u'role'),
+ doc=_(u'Search for groups without these member of roles.'),
+ ),
+ parameters.Str(
+ 'in_hbacrule',
+ required=False,
+ multivalue=True,
+ cli_name='in_hbacrules',
+ label=_(u'HBAC rule'),
+ doc=_(u'Search for groups with these member of HBAC rules.'),
+ ),
+ parameters.Str(
+ 'not_in_hbacrule',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_hbacrules',
+ label=_(u'HBAC rule'),
+ doc=_(u'Search for groups without these member of HBAC rules.'),
+ ),
+ parameters.Str(
+ 'in_sudorule',
+ required=False,
+ multivalue=True,
+ cli_name='in_sudorules',
+ label=_(u'sudo rule'),
+ doc=_(u'Search for groups with these member of sudo rules.'),
+ ),
+ parameters.Str(
+ 'not_in_sudorule',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_sudorules',
+ label=_(u'sudo rule'),
+ doc=_(u'Search for groups without these member of sudo rules.'),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class group_mod(Method):
+ __doc__ = _("Modify a group.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='group_name',
+ label=_(u'Group name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'Group description'),
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ cli_name='gid',
+ label=_(u'GID'),
+ doc=_(u'GID (use this option to set it manually)'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'posix',
+ doc=_(u'change to a POSIX group'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'external',
+ doc=_(u'change to support external non-IPA members from trusted domains'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'rename',
+ required=False,
+ label=_(u'Rename'),
+ doc=_(u'Rename the group object'),
+ no_convert=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class group_remove_member(Method):
+ __doc__ = _("Remove members from a group.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='group_name',
+ label=_(u'Group name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'ipaexternalmember',
+ required=False,
+ multivalue=True,
+ cli_name='external',
+ label=_(u'External member'),
+ doc=_(u'Members of a trusted domain in DOM\\name or name@domain form'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'user',
+ required=False,
+ multivalue=True,
+ cli_name='users',
+ label=_(u'member user'),
+ doc=_(u'users to remove'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ multivalue=True,
+ cli_name='groups',
+ label=_(u'member group'),
+ doc=_(u'groups to remove'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be removed'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members removed'),
+ ),
+ )
+
+
+@register()
+class group_show(Method):
+ __doc__ = _("Display information about a named group.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='group_name',
+ label=_(u'Group name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/hbacrule.py b/ipaclient/remote_plugins/2_114/hbacrule.py
new file mode 100644
index 0000000..443e5ba
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/hbacrule.py
@@ -0,0 +1,1305 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Host-based access control
+
+Control who can access what services on what hosts. You
+can use HBAC to control which users or groups can
+access a service, or group of services, on a target host.
+
+You can also specify a category of users and target hosts.
+This is currently limited to "all", but might be expanded in the
+future.
+
+Target hosts in HBAC rules must be hosts managed by IPA.
+
+The available services and groups of services are controlled by the
+hbacsvc and hbacsvcgroup plug-ins respectively.
+
+EXAMPLES:
+
+ Create a rule, "test1", that grants all users access to the host "server" from
+ anywhere:
+ ipa hbacrule-add --usercat=all test1
+ ipa hbacrule-add-host --hosts=server.example.com test1
+
+ Display the properties of a named HBAC rule:
+ ipa hbacrule-show test1
+
+ Create a rule for a specific service. This lets the user john access
+ the sshd service on any machine from any machine:
+ ipa hbacrule-add --hostcat=all john_sshd
+ ipa hbacrule-add-user --users=john john_sshd
+ ipa hbacrule-add-service --hbacsvcs=sshd john_sshd
+
+ Create a rule for a new service group. This lets the user john access
+ the FTP service on any machine from any machine:
+ ipa hbacsvcgroup-add ftpers
+ ipa hbacsvc-add sftp
+ ipa hbacsvcgroup-add-member --hbacsvcs=ftp --hbacsvcs=sftp ftpers
+ ipa hbacrule-add --hostcat=all john_ftp
+ ipa hbacrule-add-user --users=john john_ftp
+ ipa hbacrule-add-service --hbacsvcgroups=ftpers john_ftp
+
+ Disable a named HBAC rule:
+ ipa hbacrule-disable test1
+
+ Remove a named HBAC rule:
+ ipa hbacrule-del allow_server
+""")
+
+register = Registry()
+
+
+@register()
+class hbacrule(Object):
+ takes_params = (
+ parameters.Str(
+ 'cn',
+ primary_key=True,
+ label=_(u'Rule name'),
+ ),
+ parameters.Str(
+ 'accessruletype',
+ label=_(u'Rule type'),
+ doc=_(u'Rule type (allow)'),
+ exclude=('webui', 'cli'),
+ ),
+ parameters.Str(
+ 'usercategory',
+ required=False,
+ label=_(u'User category'),
+ doc=_(u'User category the rule applies to'),
+ ),
+ parameters.Str(
+ 'hostcategory',
+ required=False,
+ label=_(u'Host category'),
+ doc=_(u'Host category the rule applies to'),
+ ),
+ parameters.Str(
+ 'sourcehostcategory',
+ required=False,
+ ),
+ parameters.Str(
+ 'servicecategory',
+ required=False,
+ label=_(u'Service category'),
+ doc=_(u'Service category the rule applies to'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ label=_(u'Description'),
+ ),
+ parameters.Bool(
+ 'ipaenabledflag',
+ required=False,
+ label=_(u'Enabled'),
+ ),
+ parameters.Str(
+ 'memberuser_user',
+ required=False,
+ label=_(u'Users'),
+ ),
+ parameters.Str(
+ 'memberuser_group',
+ required=False,
+ label=_(u'User Groups'),
+ ),
+ parameters.Str(
+ 'memberhost_host',
+ required=False,
+ label=_(u'Hosts'),
+ ),
+ parameters.Str(
+ 'memberhost_hostgroup',
+ required=False,
+ label=_(u'Host Groups'),
+ ),
+ parameters.Str(
+ 'sourcehost_host',
+ required=False,
+ ),
+ parameters.Str(
+ 'sourcehost_hostgroup',
+ required=False,
+ ),
+ parameters.Str(
+ 'memberservice_hbacsvc',
+ required=False,
+ label=_(u'Services'),
+ ),
+ parameters.Str(
+ 'memberservice_hbacsvcgroup',
+ required=False,
+ label=_(u'Service Groups'),
+ ),
+ parameters.Str(
+ 'externalhost',
+ required=False,
+ multivalue=True,
+ label=_(u'External host'),
+ ),
+ )
+
+
+@register()
+class hbacrule_add(Method):
+ __doc__ = _("Create a new HBAC rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Rule name'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'accessruletype',
+ cli_name='type',
+ cli_metavar="['allow', 'deny']",
+ label=_(u'Rule type'),
+ doc=_(u'Rule type (allow)'),
+ exclude=('webui', 'cli'),
+ default=u'allow',
+ autofill=True,
+ ),
+ parameters.Str(
+ 'usercategory',
+ required=False,
+ cli_name='usercat',
+ cli_metavar="['all']",
+ label=_(u'User category'),
+ doc=_(u'User category the rule applies to'),
+ ),
+ parameters.Str(
+ 'hostcategory',
+ required=False,
+ cli_name='hostcat',
+ cli_metavar="['all']",
+ label=_(u'Host category'),
+ doc=_(u'Host category the rule applies to'),
+ ),
+ parameters.Str(
+ 'sourcehostcategory',
+ required=False,
+ deprecated=True,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'servicecategory',
+ required=False,
+ cli_name='servicecat',
+ cli_metavar="['all']",
+ label=_(u'Service category'),
+ doc=_(u'Service category the rule applies to'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Bool(
+ 'ipaenabledflag',
+ required=False,
+ label=_(u'Enabled'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'sourcehost_host',
+ required=False,
+ deprecated=True,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'sourcehost_hostgroup',
+ required=False,
+ deprecated=True,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'externalhost',
+ required=False,
+ multivalue=True,
+ label=_(u'External host'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class hbacrule_add_host(Method):
+ __doc__ = _("Add target hosts and hostgroups to an HBAC rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Rule name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'host',
+ required=False,
+ multivalue=True,
+ cli_name='hosts',
+ label=_(u'member host'),
+ doc=_(u'hosts to add'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='hostgroups',
+ label=_(u'member host group'),
+ doc=_(u'host groups to add'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be added'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members added'),
+ ),
+ )
+
+
+@register()
+class hbacrule_add_service(Method):
+ __doc__ = _("Add services to an HBAC rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Rule name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'hbacsvc',
+ required=False,
+ multivalue=True,
+ cli_name='hbacsvcs',
+ label=_(u'member HBAC service'),
+ doc=_(u'HBAC services to add'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'hbacsvcgroup',
+ required=False,
+ multivalue=True,
+ cli_name='hbacsvcgroups',
+ label=_(u'member HBAC service group'),
+ doc=_(u'HBAC service groups to add'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be added'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members added'),
+ ),
+ )
+
+
+@register()
+class hbacrule_add_sourcehost(Method):
+ NO_CLI = True
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Rule name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'host',
+ required=False,
+ multivalue=True,
+ cli_name='hosts',
+ label=_(u'member host'),
+ doc=_(u'hosts to add'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='hostgroups',
+ label=_(u'member host group'),
+ doc=_(u'host groups to add'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be added'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members added'),
+ ),
+ )
+
+
+@register()
+class hbacrule_add_user(Method):
+ __doc__ = _("Add users and groups to an HBAC rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Rule name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'user',
+ required=False,
+ multivalue=True,
+ cli_name='users',
+ label=_(u'member user'),
+ doc=_(u'users to add'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ multivalue=True,
+ cli_name='groups',
+ label=_(u'member group'),
+ doc=_(u'groups to add'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be added'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members added'),
+ ),
+ )
+
+
+@register()
+class hbacrule_del(Method):
+ __doc__ = _("Delete an HBAC rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ multivalue=True,
+ cli_name='name',
+ label=_(u'Rule name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class hbacrule_disable(Method):
+ __doc__ = _("Disable an HBAC rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Rule name'),
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class hbacrule_enable(Method):
+ __doc__ = _("Enable an HBAC rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Rule name'),
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class hbacrule_find(Method):
+ __doc__ = _("Search for HBAC rules.")
+
+ takes_args = (
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'cn',
+ required=False,
+ cli_name='name',
+ label=_(u'Rule name'),
+ ),
+ parameters.Str(
+ 'accessruletype',
+ required=False,
+ cli_name='type',
+ cli_metavar="['allow', 'deny']",
+ label=_(u'Rule type'),
+ doc=_(u'Rule type (allow)'),
+ exclude=('webui', 'cli'),
+ default=u'allow',
+ ),
+ parameters.Str(
+ 'usercategory',
+ required=False,
+ cli_name='usercat',
+ cli_metavar="['all']",
+ label=_(u'User category'),
+ doc=_(u'User category the rule applies to'),
+ ),
+ parameters.Str(
+ 'hostcategory',
+ required=False,
+ cli_name='hostcat',
+ cli_metavar="['all']",
+ label=_(u'Host category'),
+ doc=_(u'Host category the rule applies to'),
+ ),
+ parameters.Str(
+ 'sourcehostcategory',
+ required=False,
+ deprecated=True,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'servicecategory',
+ required=False,
+ cli_name='servicecat',
+ cli_metavar="['all']",
+ label=_(u'Service category'),
+ doc=_(u'Service category the rule applies to'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Bool(
+ 'ipaenabledflag',
+ required=False,
+ label=_(u'Enabled'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'sourcehost_host',
+ required=False,
+ deprecated=True,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'sourcehost_hostgroup',
+ required=False,
+ deprecated=True,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'externalhost',
+ required=False,
+ multivalue=True,
+ label=_(u'External host'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("name")'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class hbacrule_mod(Method):
+ __doc__ = _("Modify an HBAC rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Rule name'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'accessruletype',
+ required=False,
+ cli_name='type',
+ cli_metavar="['allow', 'deny']",
+ label=_(u'Rule type'),
+ doc=_(u'Rule type (allow)'),
+ exclude=('webui', 'cli'),
+ default=u'allow',
+ ),
+ parameters.Str(
+ 'usercategory',
+ required=False,
+ cli_name='usercat',
+ cli_metavar="['all']",
+ label=_(u'User category'),
+ doc=_(u'User category the rule applies to'),
+ ),
+ parameters.Str(
+ 'hostcategory',
+ required=False,
+ cli_name='hostcat',
+ cli_metavar="['all']",
+ label=_(u'Host category'),
+ doc=_(u'Host category the rule applies to'),
+ ),
+ parameters.Str(
+ 'sourcehostcategory',
+ required=False,
+ deprecated=True,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'servicecategory',
+ required=False,
+ cli_name='servicecat',
+ cli_metavar="['all']",
+ label=_(u'Service category'),
+ doc=_(u'Service category the rule applies to'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Bool(
+ 'ipaenabledflag',
+ required=False,
+ label=_(u'Enabled'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'sourcehost_host',
+ required=False,
+ deprecated=True,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'sourcehost_hostgroup',
+ required=False,
+ deprecated=True,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'externalhost',
+ required=False,
+ multivalue=True,
+ label=_(u'External host'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class hbacrule_remove_host(Method):
+ __doc__ = _("Remove target hosts and hostgroups from an HBAC rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Rule name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'host',
+ required=False,
+ multivalue=True,
+ cli_name='hosts',
+ label=_(u'member host'),
+ doc=_(u'hosts to remove'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='hostgroups',
+ label=_(u'member host group'),
+ doc=_(u'host groups to remove'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be removed'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members removed'),
+ ),
+ )
+
+
+@register()
+class hbacrule_remove_service(Method):
+ __doc__ = _("Remove service and service groups from an HBAC rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Rule name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'hbacsvc',
+ required=False,
+ multivalue=True,
+ cli_name='hbacsvcs',
+ label=_(u'member HBAC service'),
+ doc=_(u'HBAC services to remove'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'hbacsvcgroup',
+ required=False,
+ multivalue=True,
+ cli_name='hbacsvcgroups',
+ label=_(u'member HBAC service group'),
+ doc=_(u'HBAC service groups to remove'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be removed'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members removed'),
+ ),
+ )
+
+
+@register()
+class hbacrule_remove_sourcehost(Method):
+ NO_CLI = True
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Rule name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'host',
+ required=False,
+ multivalue=True,
+ cli_name='hosts',
+ label=_(u'member host'),
+ doc=_(u'hosts to remove'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='hostgroups',
+ label=_(u'member host group'),
+ doc=_(u'host groups to remove'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be removed'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members removed'),
+ ),
+ )
+
+
+@register()
+class hbacrule_remove_user(Method):
+ __doc__ = _("Remove users and groups from an HBAC rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Rule name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'user',
+ required=False,
+ multivalue=True,
+ cli_name='users',
+ label=_(u'member user'),
+ doc=_(u'users to remove'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ multivalue=True,
+ cli_name='groups',
+ label=_(u'member group'),
+ doc=_(u'groups to remove'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be removed'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members removed'),
+ ),
+ )
+
+
+@register()
+class hbacrule_show(Method):
+ __doc__ = _("Display the properties of an HBAC rule.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Rule name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/hbacsvc.py b/ipaclient/remote_plugins/2_114/hbacsvc.py
new file mode 100644
index 0000000..ab53d6b
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/hbacsvc.py
@@ -0,0 +1,413 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+HBAC Services
+
+The PAM services that HBAC can control access to. The name used here
+must match the service name that PAM is evaluating.
+
+EXAMPLES:
+
+ Add a new HBAC service:
+ ipa hbacsvc-add tftp
+
+ Modify an existing HBAC service:
+ ipa hbacsvc-mod --desc="TFTP service" tftp
+
+ Search for HBAC services. This example will return two results, the FTP
+ service and the newly-added tftp service:
+ ipa hbacsvc-find ftp
+
+ Delete an HBAC service:
+ ipa hbacsvc-del tftp
+""")
+
+register = Registry()
+
+
+@register()
+class hbacsvc(Object):
+ takes_params = (
+ parameters.Str(
+ 'cn',
+ primary_key=True,
+ label=_(u'Service name'),
+ doc=_(u'HBAC service'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ label=_(u'Description'),
+ doc=_(u'HBAC service description'),
+ ),
+ parameters.Str(
+ 'memberof_hbacsvcgroup',
+ required=False,
+ label=_(u'Member of HBAC service groups'),
+ ),
+ )
+
+
+@register()
+class hbacsvc_add(Method):
+ __doc__ = _("Add a new HBAC service.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='service',
+ label=_(u'Service name'),
+ doc=_(u'HBAC service'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'HBAC service description'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class hbacsvc_del(Method):
+ __doc__ = _("Delete an existing HBAC service.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ multivalue=True,
+ cli_name='service',
+ label=_(u'Service name'),
+ doc=_(u'HBAC service'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class hbacsvc_find(Method):
+ __doc__ = _("Search for HBAC services.")
+
+ takes_args = (
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'cn',
+ required=False,
+ cli_name='service',
+ label=_(u'Service name'),
+ doc=_(u'HBAC service'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'HBAC service description'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("service")'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class hbacsvc_mod(Method):
+ __doc__ = _("Modify an HBAC service.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='service',
+ label=_(u'Service name'),
+ doc=_(u'HBAC service'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'HBAC service description'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class hbacsvc_show(Method):
+ __doc__ = _("Display information about an HBAC service.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='service',
+ label=_(u'Service name'),
+ doc=_(u'HBAC service'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/hbacsvcgroup.py b/ipaclient/remote_plugins/2_114/hbacsvcgroup.py
new file mode 100644
index 0000000..ef987e9
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/hbacsvcgroup.py
@@ -0,0 +1,528 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+HBAC Service Groups
+
+HBAC service groups can contain any number of individual services,
+or "members". Every group must have a description.
+
+EXAMPLES:
+
+ Add a new HBAC service group:
+ ipa hbacsvcgroup-add --desc="login services" login
+
+ Add members to an HBAC service group:
+ ipa hbacsvcgroup-add-member --hbacsvcs=sshd --hbacsvcs=login login
+
+ Display information about a named group:
+ ipa hbacsvcgroup-show login
+
+ Delete an HBAC service group:
+ ipa hbacsvcgroup-del login
+""")
+
+register = Registry()
+
+
+@register()
+class hbacsvcgroup(Object):
+ takes_params = (
+ parameters.Str(
+ 'cn',
+ primary_key=True,
+ label=_(u'Service group name'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ label=_(u'Description'),
+ doc=_(u'HBAC service group description'),
+ ),
+ parameters.Str(
+ 'member_hbacsvc',
+ required=False,
+ label=_(u'Member HBAC service'),
+ ),
+ )
+
+
+@register()
+class hbacsvcgroup_add(Method):
+ __doc__ = _("Add a new HBAC service group.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Service group name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'HBAC service group description'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class hbacsvcgroup_add_member(Method):
+ __doc__ = _("Add members to an HBAC service group.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Service group name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'hbacsvc',
+ required=False,
+ multivalue=True,
+ cli_name='hbacsvcs',
+ label=_(u'member HBAC service'),
+ doc=_(u'HBAC services to add'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be added'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members added'),
+ ),
+ )
+
+
+@register()
+class hbacsvcgroup_del(Method):
+ __doc__ = _("Delete an HBAC service group.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ multivalue=True,
+ cli_name='name',
+ label=_(u'Service group name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class hbacsvcgroup_find(Method):
+ __doc__ = _("Search for an HBAC service group.")
+
+ takes_args = (
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'cn',
+ required=False,
+ cli_name='name',
+ label=_(u'Service group name'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'HBAC service group description'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("name")'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class hbacsvcgroup_mod(Method):
+ __doc__ = _("Modify an HBAC service group.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Service group name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'HBAC service group description'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class hbacsvcgroup_remove_member(Method):
+ __doc__ = _("Remove members from an HBAC service group.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Service group name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'hbacsvc',
+ required=False,
+ multivalue=True,
+ cli_name='hbacsvcs',
+ label=_(u'member HBAC service'),
+ doc=_(u'HBAC services to remove'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be removed'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members removed'),
+ ),
+ )
+
+
+@register()
+class hbacsvcgroup_show(Method):
+ __doc__ = _("Display information about an HBAC service group.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Service group name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/hbactest.py b/ipaclient/remote_plugins/2_114/hbactest.py
new file mode 100644
index 0000000..b0c49b7
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/hbactest.py
@@ -0,0 +1,284 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Simulate use of Host-based access controls
+
+HBAC rules control who can access what services on what hosts.
+You can use HBAC to control which users or groups can access a service,
+or group of services, on a target host.
+
+Since applying HBAC rules implies use of a production environment,
+this plugin aims to provide simulation of HBAC rules evaluation without
+having access to the production environment.
+
+ Test user coming to a service on a named host against
+ existing enabled rules.
+
+ ipa hbactest --user= --host= --service=
+ [--rules=rules-list] [--nodetail] [--enabled] [--disabled]
+ [--sizelimit= ]
+
+ --user, --host, and --service are mandatory, others are optional.
+
+ If --rules is specified simulate enabling of the specified rules and test
+ the login of the user using only these rules.
+
+ If --enabled is specified, all enabled HBAC rules will be added to simulation
+
+ If --disabled is specified, all disabled HBAC rules will be added to simulation
+
+ If --nodetail is specified, do not return information about rules matched/not matched.
+
+ If both --rules and --enabled are specified, apply simulation to --rules _and_
+ all IPA enabled rules.
+
+ If no --rules specified, simulation is run against all IPA enabled rules.
+ By default there is a IPA-wide limit to number of entries fetched, you can change it
+ with --sizelimit option.
+
+EXAMPLES:
+
+ 1. Use all enabled HBAC rules in IPA database to simulate:
+ $ ipa hbactest --user=a1a --host=bar --service=sshd
+ --------------------
+ Access granted: True
+ --------------------
+ Not matched rules: my-second-rule
+ Not matched rules: my-third-rule
+ Not matched rules: myrule
+ Matched rules: allow_all
+
+ 2. Disable detailed summary of how rules were applied:
+ $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail
+ --------------------
+ Access granted: True
+ --------------------
+
+ 3. Test explicitly specified HBAC rules:
+ $ ipa hbactest --user=a1a --host=bar --service=sshd \
+ --rules=myrule --rules=my-second-rule
+ ---------------------
+ Access granted: False
+ ---------------------
+ Not matched rules: my-second-rule
+ Not matched rules: myrule
+
+ 4. Use all enabled HBAC rules in IPA database + explicitly specified rules:
+ $ ipa hbactest --user=a1a --host=bar --service=sshd \
+ --rules=myrule --rules=my-second-rule --enabled
+ --------------------
+ Access granted: True
+ --------------------
+ Not matched rules: my-second-rule
+ Not matched rules: my-third-rule
+ Not matched rules: myrule
+ Matched rules: allow_all
+
+ 5. Test all disabled HBAC rules in IPA database:
+ $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled
+ ---------------------
+ Access granted: False
+ ---------------------
+ Not matched rules: new-rule
+
+ 6. Test all disabled HBAC rules in IPA database + explicitly specified rules:
+ $ ipa hbactest --user=a1a --host=bar --service=sshd \
+ --rules=myrule --rules=my-second-rule --disabled
+ ---------------------
+ Access granted: False
+ ---------------------
+ Not matched rules: my-second-rule
+ Not matched rules: my-third-rule
+ Not matched rules: myrule
+
+ 7. Test all (enabled and disabled) HBAC rules in IPA database:
+ $ ipa hbactest --user=a1a --host=bar --service=sshd \
+ --enabled --disabled
+ --------------------
+ Access granted: True
+ --------------------
+ Not matched rules: my-second-rule
+ Not matched rules: my-third-rule
+ Not matched rules: myrule
+ Not matched rules: new-rule
+ Matched rules: allow_all
+
+
+HBACTEST AND TRUSTED DOMAINS
+
+When an external trusted domain is configured in IPA, HBAC rules are also applied
+on users accessing IPA resources from the trusted domain. Trusted domain users and
+groups (and their SIDs) can be then assigned to external groups which can be
+members of POSIX groups in IPA which can be used in HBAC rules and thus allowing
+access to resources protected by the HBAC system.
+
+hbactest plugin is capable of testing access for both local IPA users and users
+from the trusted domains, either by a fully qualified user name or by user SID.
+Such user names need to have a trusted domain specified as a short name
+(DOMAIN\Administrator) or with a user principal name (UPN), Administrator@ad.test.
+
+Please note that hbactest executed with a trusted domain user as --user parameter
+can be only run by members of "trust admins" group.
+
+EXAMPLES:
+
+ 1. Test if a user from a trusted domain specified by its shortname matches any
+ rule:
+
+ $ ipa hbactest --user 'DOMAIN\Administrator' --host `hostname` --service sshd
+ --------------------
+ Access granted: True
+ --------------------
+ Matched rules: allow_all
+ Matched rules: can_login
+
+ 2. Test if a user from a trusted domain specified by its domain name matches
+ any rule:
+
+ $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --service sshd
+ --------------------
+ Access granted: True
+ --------------------
+ Matched rules: allow_all
+ Matched rules: can_login
+
+ 3. Test if a user from a trusted domain specified by its SID matches any rule:
+
+ $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \
+ --host `hostname` --service sshd
+ --------------------
+ Access granted: True
+ --------------------
+ Matched rules: allow_all
+ Matched rules: can_login
+
+ 4. Test if other user from a trusted domain specified by its SID matches any rule:
+
+ $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \
+ --host `hostname` --service sshd
+ --------------------
+ Access granted: True
+ --------------------
+ Matched rules: allow_all
+ Not matched rules: can_login
+
+ 5. Test if other user from a trusted domain specified by its shortname matches
+ any rule:
+
+ $ ipa hbactest --user 'DOMAIN\Otheruser' --host `hostname` --service sshd
+ --------------------
+ Access granted: True
+ --------------------
+ Matched rules: allow_all
+ Not matched rules: can_login
+""")
+
+register = Registry()
+
+
+@register()
+class hbactest(Command):
+ __doc__ = _("Simulate use of Host-based access controls")
+
+ takes_options = (
+ parameters.Str(
+ 'user',
+ label=_(u'User name'),
+ ),
+ parameters.Str(
+ 'sourcehost',
+ required=False,
+ deprecated=True,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'targethost',
+ cli_name='host',
+ label=_(u'Target host'),
+ ),
+ parameters.Str(
+ 'service',
+ label=_(u'Service'),
+ ),
+ parameters.Str(
+ 'rules',
+ required=False,
+ multivalue=True,
+ label=_(u'Rules to test. If not specified, --enabled is assumed'),
+ ),
+ parameters.Flag(
+ 'nodetail',
+ required=False,
+ label=_(u'Hide details which rules are matched, not matched, or invalid'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'enabled',
+ required=False,
+ label=_(u'Include all enabled IPA rules into test [default]'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'disabled',
+ required=False,
+ label=_(u'Include all disabled IPA rules into test'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of rules to process when no --rules is specified'),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'warning',
+ (list, tuple, type(None)),
+ doc=_(u'Warning'),
+ ),
+ output.Output(
+ 'matched',
+ (list, tuple, type(None)),
+ doc=_(u'Matched rules'),
+ ),
+ output.Output(
+ 'notmatched',
+ (list, tuple, type(None)),
+ doc=_(u'Not matched rules'),
+ ),
+ output.Output(
+ 'error',
+ (list, tuple, type(None)),
+ doc=_(u'Non-existent or invalid rules'),
+ ),
+ output.Output(
+ 'value',
+ bool,
+ doc=_(u'Result of simulation'),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/host.py b/ipaclient/remote_plugins/2_114/host.py
new file mode 100644
index 0000000..527e75b
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/host.py
@@ -0,0 +1,1556 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Hosts/Machines
+
+A host represents a machine. It can be used in a number of contexts:
+- service entries are associated with a host
+- a host stores the host/ service principal
+- a host can be used in Host-based Access Control (HBAC) rules
+- every enrolled client generates a host entry
+
+ENROLLMENT:
+
+There are three enrollment scenarios when enrolling a new client:
+
+1. You are enrolling as a full administrator. The host entry may exist
+ or not. A full administrator is a member of the hostadmin role
+ or the admins group.
+2. You are enrolling as a limited administrator. The host must already
+ exist. A limited administrator is a member a role with the
+ Host Enrollment privilege.
+3. The host has been created with a one-time password.
+
+RE-ENROLLMENT:
+
+Host that has been enrolled at some point, and lost its configuration (e.g. VM
+destroyed) can be re-enrolled.
+
+For more information, consult the manual pages for ipa-client-install.
+
+A host can optionally store information such as where it is located,
+the OS that it runs, etc.
+
+EXAMPLES:
+
+ Add a new host:
+ ipa host-add --location="3rd floor lab" --locality=Dallas test.example.com
+
+ Delete a host:
+ ipa host-del test.example.com
+
+ Add a new host with a one-time password:
+ ipa host-add --os='Fedora 12' --password=Secret123 test.example.com
+
+ Add a new host with a random one-time password:
+ ipa host-add --os='Fedora 12' --random test.example.com
+
+ Modify information about a host:
+ ipa host-mod --os='Fedora 12' test.example.com
+
+ Remove SSH public keys of a host and update DNS to reflect this change:
+ ipa host-mod --sshpubkey= --updatedns test.example.com
+
+ Disable the host Kerberos key, SSL certificate and all of its services:
+ ipa host-disable test.example.com
+
+ Add a host that can manage this host's keytab and certificate:
+ ipa host-add-managedby --hosts=test2 test
+
+ Allow user to create a keytab:
+ ipa host-allow-create-keytab test2 --users=tuser1
+""")
+
+register = Registry()
+
+
+@register()
+class host(Object):
+ takes_params = (
+ parameters.Str(
+ 'fqdn',
+ primary_key=True,
+ label=_(u'Host name'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ label=_(u'Description'),
+ doc=_(u'A description of this host'),
+ ),
+ parameters.Str(
+ 'l',
+ required=False,
+ label=_(u'Locality'),
+ doc=_(u'Host locality (e.g. "Baltimore, MD")'),
+ ),
+ parameters.Str(
+ 'nshostlocation',
+ required=False,
+ label=_(u'Location'),
+ doc=_(u'Host location (e.g. "Lab 2")'),
+ ),
+ parameters.Str(
+ 'nshardwareplatform',
+ required=False,
+ label=_(u'Platform'),
+ doc=_(u'Host hardware platform (e.g. "Lenovo T61")'),
+ ),
+ parameters.Str(
+ 'nsosversion',
+ required=False,
+ label=_(u'Operating system'),
+ doc=_(u'Host operating system and version (e.g. "Fedora 9")'),
+ ),
+ parameters.Str(
+ 'userpassword',
+ required=False,
+ label=_(u'User password'),
+ doc=_(u'Password used in bulk enrollment'),
+ ),
+ parameters.Flag(
+ 'random',
+ required=False,
+ doc=_(u'Generate a random password to be used in bulk enrollment'),
+ ),
+ parameters.Str(
+ 'randompassword',
+ required=False,
+ label=_(u'Random password'),
+ ),
+ parameters.Bytes(
+ 'usercertificate',
+ required=False,
+ label=_(u'Certificate'),
+ doc=_(u'Base-64 encoded server certificate'),
+ ),
+ parameters.Str(
+ 'krbprincipalname',
+ required=False,
+ label=_(u'Principal name'),
+ ),
+ parameters.Str(
+ 'macaddress',
+ required=False,
+ multivalue=True,
+ label=_(u'MAC address'),
+ doc=_(u'Hardware MAC address(es) on this host'),
+ ),
+ parameters.Str(
+ 'ipasshpubkey',
+ required=False,
+ multivalue=True,
+ label=_(u'SSH public key'),
+ ),
+ parameters.Str(
+ 'userclass',
+ required=False,
+ multivalue=True,
+ label=_(u'Class'),
+ doc=_(u'Host category (semantics placed on this attribute are for local interpretation)'),
+ ),
+ parameters.Str(
+ 'ipaassignedidview',
+ required=False,
+ label=_(u'Assigned ID View'),
+ ),
+ parameters.Bool(
+ 'ipakrbrequirespreauth',
+ required=False,
+ label=_(u'Requires pre-authentication'),
+ doc=_(u'Pre-authentication is required for the service'),
+ ),
+ parameters.Bool(
+ 'ipakrbokasdelegate',
+ required=False,
+ label=_(u'Trusted for delegation'),
+ doc=_(u'Client credentials may be delegated to the service'),
+ ),
+ parameters.Flag(
+ 'has_password',
+ label=_(u'Password'),
+ ),
+ parameters.Str(
+ 'memberof_hostgroup',
+ required=False,
+ label=_(u'Member of host-groups'),
+ ),
+ parameters.Str(
+ 'memberof_role',
+ required=False,
+ label=_(u'Roles'),
+ ),
+ parameters.Str(
+ 'memberof_netgroup',
+ required=False,
+ label=_(u'Member of netgroups'),
+ ),
+ parameters.Str(
+ 'memberof_sudorule',
+ required=False,
+ label=_(u'Member of Sudo rule'),
+ ),
+ parameters.Str(
+ 'memberof_hbacrule',
+ required=False,
+ label=_(u'Member of HBAC rule'),
+ ),
+ parameters.Str(
+ 'memberofindirect_netgroup',
+ required=False,
+ label=_(u'Indirect Member of netgroup'),
+ ),
+ parameters.Str(
+ 'memberofindirect_hostgroup',
+ required=False,
+ label=_(u'Indirect Member of host-group'),
+ ),
+ parameters.Str(
+ 'memberofindirect_role',
+ required=False,
+ label=_(u'Indirect Member of role'),
+ ),
+ parameters.Str(
+ 'memberofindirect_sudorule',
+ required=False,
+ label=_(u'Indirect Member of Sudo rule'),
+ ),
+ parameters.Str(
+ 'memberofindirect_hbacrule',
+ required=False,
+ label=_(u'Indirect Member of HBAC rule'),
+ ),
+ parameters.Flag(
+ 'has_keytab',
+ label=_(u'Keytab'),
+ ),
+ parameters.Str(
+ 'managedby_host',
+ label=_(u'Managed by'),
+ ),
+ parameters.Str(
+ 'managing_host',
+ label=_(u'Managing'),
+ ),
+ parameters.Str(
+ 'ipaallowedtoperform_read_keys_user',
+ label=_(u'Users allowed to retrieve keytab'),
+ ),
+ parameters.Str(
+ 'ipaallowedtoperform_read_keys_group',
+ label=_(u'Groups allowed to retrieve keytab'),
+ ),
+ parameters.Str(
+ 'ipaallowedtoperform_read_keys_host',
+ label=_(u'Hosts allowed to retrieve keytab'),
+ ),
+ parameters.Str(
+ 'ipaallowedtoperform_read_keys_hostgroup',
+ label=_(u'Host Groups allowed to retrieve keytab'),
+ ),
+ parameters.Str(
+ 'ipaallowedtoperform_write_keys_user',
+ label=_(u'Users allowed to create keytab'),
+ ),
+ parameters.Str(
+ 'ipaallowedtoperform_write_keys_group',
+ label=_(u'Groups allowed to create keytab'),
+ ),
+ parameters.Str(
+ 'ipaallowedtoperform_write_keys_host',
+ label=_(u'Hosts allowed to create keytab'),
+ ),
+ parameters.Str(
+ 'ipaallowedtoperform_write_keys_hostgroup',
+ label=_(u'Host Groups allowed to create keytab'),
+ ),
+ )
+
+
+@register()
+class host_add(Method):
+ __doc__ = _("Add a new host.")
+
+ takes_args = (
+ parameters.Str(
+ 'fqdn',
+ cli_name='hostname',
+ label=_(u'Host name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'A description of this host'),
+ ),
+ parameters.Str(
+ 'l',
+ required=False,
+ cli_name='locality',
+ label=_(u'Locality'),
+ doc=_(u'Host locality (e.g. "Baltimore, MD")'),
+ ),
+ parameters.Str(
+ 'nshostlocation',
+ required=False,
+ cli_name='location',
+ label=_(u'Location'),
+ doc=_(u'Host location (e.g. "Lab 2")'),
+ ),
+ parameters.Str(
+ 'nshardwareplatform',
+ required=False,
+ cli_name='platform',
+ label=_(u'Platform'),
+ doc=_(u'Host hardware platform (e.g. "Lenovo T61")'),
+ ),
+ parameters.Str(
+ 'nsosversion',
+ required=False,
+ cli_name='os',
+ label=_(u'Operating system'),
+ doc=_(u'Host operating system and version (e.g. "Fedora 9")'),
+ ),
+ parameters.Str(
+ 'userpassword',
+ required=False,
+ cli_name='password',
+ label=_(u'User password'),
+ doc=_(u'Password used in bulk enrollment'),
+ ),
+ parameters.Flag(
+ 'random',
+ required=False,
+ doc=_(u'Generate a random password to be used in bulk enrollment'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Bytes(
+ 'usercertificate',
+ required=False,
+ cli_name='certificate',
+ label=_(u'Certificate'),
+ doc=_(u'Base-64 encoded server certificate'),
+ ),
+ parameters.Str(
+ 'macaddress',
+ required=False,
+ multivalue=True,
+ label=_(u'MAC address'),
+ doc=_(u'Hardware MAC address(es) on this host'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'ipasshpubkey',
+ required=False,
+ multivalue=True,
+ cli_name='sshpubkey',
+ label=_(u'SSH public key'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'userclass',
+ required=False,
+ multivalue=True,
+ cli_name='class',
+ label=_(u'Class'),
+ doc=_(u'Host category (semantics placed on this attribute are for local interpretation)'),
+ ),
+ parameters.Str(
+ 'ipaassignedidview',
+ required=False,
+ label=_(u'Assigned ID View'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Bool(
+ 'ipakrbrequirespreauth',
+ required=False,
+ cli_name='requires_pre_auth',
+ label=_(u'Requires pre-authentication'),
+ doc=_(u'Pre-authentication is required for the service'),
+ ),
+ parameters.Bool(
+ 'ipakrbokasdelegate',
+ required=False,
+ cli_name='ok_as_delegate',
+ label=_(u'Trusted for delegation'),
+ doc=_(u'Client credentials may be delegated to the service'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'force',
+ label=_(u'Force'),
+ doc=_(u'force host name even if not in DNS'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_reverse',
+ doc=_(u'skip reverse DNS detection'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'ip_address',
+ required=False,
+ label=_(u'IP Address'),
+ doc=_(u'Add the host to DNS with this IP address'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class host_add_managedby(Method):
+ __doc__ = _("Add hosts that can manage this host.")
+
+ takes_args = (
+ parameters.Str(
+ 'fqdn',
+ cli_name='hostname',
+ label=_(u'Host name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'host',
+ required=False,
+ multivalue=True,
+ cli_name='hosts',
+ label=_(u'member host'),
+ doc=_(u'hosts to add'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be added'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members added'),
+ ),
+ )
+
+
+@register()
+class host_allow_create_keytab(Method):
+ __doc__ = _("Allow users, groups, hosts or host groups to create a keytab of this host.")
+
+ takes_args = (
+ parameters.Str(
+ 'fqdn',
+ cli_name='hostname',
+ label=_(u'Host name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'user',
+ required=False,
+ multivalue=True,
+ cli_name='users',
+ label=_(u'member user'),
+ doc=_(u'users to add'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ multivalue=True,
+ cli_name='groups',
+ label=_(u'member group'),
+ doc=_(u'groups to add'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'host',
+ required=False,
+ multivalue=True,
+ cli_name='hosts',
+ label=_(u'member host'),
+ doc=_(u'hosts to add'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='hostgroups',
+ label=_(u'member host group'),
+ doc=_(u'host groups to add'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be added'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members added'),
+ ),
+ )
+
+
+@register()
+class host_allow_retrieve_keytab(Method):
+ __doc__ = _("Allow users, groups, hosts or host groups to retrieve a keytab of this host.")
+
+ takes_args = (
+ parameters.Str(
+ 'fqdn',
+ cli_name='hostname',
+ label=_(u'Host name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'user',
+ required=False,
+ multivalue=True,
+ cli_name='users',
+ label=_(u'member user'),
+ doc=_(u'users to add'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ multivalue=True,
+ cli_name='groups',
+ label=_(u'member group'),
+ doc=_(u'groups to add'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'host',
+ required=False,
+ multivalue=True,
+ cli_name='hosts',
+ label=_(u'member host'),
+ doc=_(u'hosts to add'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='hostgroups',
+ label=_(u'member host group'),
+ doc=_(u'host groups to add'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be added'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members added'),
+ ),
+ )
+
+
+@register()
+class host_del(Method):
+ __doc__ = _("Delete a host.")
+
+ takes_args = (
+ parameters.Str(
+ 'fqdn',
+ multivalue=True,
+ cli_name='hostname',
+ label=_(u'Host name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'updatedns',
+ required=False,
+ doc=_(u'Remove entries from DNS'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class host_disable(Method):
+ __doc__ = _("Disable the Kerberos key, SSL certificate and all services of a host.")
+
+ takes_args = (
+ parameters.Str(
+ 'fqdn',
+ cli_name='hostname',
+ label=_(u'Host name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ bool,
+ doc=_(u'True means the operation was successful'),
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class host_disallow_create_keytab(Method):
+ __doc__ = _("Disallow users, groups, hosts or host groups to create a keytab of this host.")
+
+ takes_args = (
+ parameters.Str(
+ 'fqdn',
+ cli_name='hostname',
+ label=_(u'Host name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'user',
+ required=False,
+ multivalue=True,
+ cli_name='users',
+ label=_(u'member user'),
+ doc=_(u'users to remove'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ multivalue=True,
+ cli_name='groups',
+ label=_(u'member group'),
+ doc=_(u'groups to remove'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'host',
+ required=False,
+ multivalue=True,
+ cli_name='hosts',
+ label=_(u'member host'),
+ doc=_(u'hosts to remove'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='hostgroups',
+ label=_(u'member host group'),
+ doc=_(u'host groups to remove'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be removed'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members removed'),
+ ),
+ )
+
+
+@register()
+class host_disallow_retrieve_keytab(Method):
+ __doc__ = _("Disallow users, groups, hosts or host groups to retrieve a keytab of this host.")
+
+ takes_args = (
+ parameters.Str(
+ 'fqdn',
+ cli_name='hostname',
+ label=_(u'Host name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'user',
+ required=False,
+ multivalue=True,
+ cli_name='users',
+ label=_(u'member user'),
+ doc=_(u'users to remove'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'group',
+ required=False,
+ multivalue=True,
+ cli_name='groups',
+ label=_(u'member group'),
+ doc=_(u'groups to remove'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'host',
+ required=False,
+ multivalue=True,
+ cli_name='hosts',
+ label=_(u'member host'),
+ doc=_(u'hosts to remove'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='hostgroups',
+ label=_(u'member host group'),
+ doc=_(u'host groups to remove'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be removed'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members removed'),
+ ),
+ )
+
+
+@register()
+class host_find(Method):
+ __doc__ = _("Search for hosts.")
+
+ takes_args = (
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'fqdn',
+ required=False,
+ cli_name='hostname',
+ label=_(u'Host name'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'A description of this host'),
+ ),
+ parameters.Str(
+ 'l',
+ required=False,
+ cli_name='locality',
+ label=_(u'Locality'),
+ doc=_(u'Host locality (e.g. "Baltimore, MD")'),
+ ),
+ parameters.Str(
+ 'nshostlocation',
+ required=False,
+ cli_name='location',
+ label=_(u'Location'),
+ doc=_(u'Host location (e.g. "Lab 2")'),
+ ),
+ parameters.Str(
+ 'nshardwareplatform',
+ required=False,
+ cli_name='platform',
+ label=_(u'Platform'),
+ doc=_(u'Host hardware platform (e.g. "Lenovo T61")'),
+ ),
+ parameters.Str(
+ 'nsosversion',
+ required=False,
+ cli_name='os',
+ label=_(u'Operating system'),
+ doc=_(u'Host operating system and version (e.g. "Fedora 9")'),
+ ),
+ parameters.Str(
+ 'userpassword',
+ required=False,
+ cli_name='password',
+ label=_(u'User password'),
+ doc=_(u'Password used in bulk enrollment'),
+ ),
+ parameters.Bytes(
+ 'usercertificate',
+ required=False,
+ cli_name='certificate',
+ label=_(u'Certificate'),
+ doc=_(u'Base-64 encoded server certificate'),
+ ),
+ parameters.Str(
+ 'macaddress',
+ required=False,
+ multivalue=True,
+ label=_(u'MAC address'),
+ doc=_(u'Hardware MAC address(es) on this host'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'userclass',
+ required=False,
+ multivalue=True,
+ cli_name='class',
+ label=_(u'Class'),
+ doc=_(u'Host category (semantics placed on this attribute are for local interpretation)'),
+ ),
+ parameters.Str(
+ 'ipaassignedidview',
+ required=False,
+ label=_(u'Assigned ID View'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("hostname")'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'in_hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='in_hostgroups',
+ label=_(u'host group'),
+ doc=_(u'Search for hosts with these member of host groups.'),
+ ),
+ parameters.Str(
+ 'not_in_hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_hostgroups',
+ label=_(u'host group'),
+ doc=_(u'Search for hosts without these member of host groups.'),
+ ),
+ parameters.Str(
+ 'in_netgroup',
+ required=False,
+ multivalue=True,
+ cli_name='in_netgroups',
+ label=_(u'netgroup'),
+ doc=_(u'Search for hosts with these member of netgroups.'),
+ ),
+ parameters.Str(
+ 'not_in_netgroup',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_netgroups',
+ label=_(u'netgroup'),
+ doc=_(u'Search for hosts without these member of netgroups.'),
+ ),
+ parameters.Str(
+ 'in_role',
+ required=False,
+ multivalue=True,
+ cli_name='in_roles',
+ label=_(u'role'),
+ doc=_(u'Search for hosts with these member of roles.'),
+ ),
+ parameters.Str(
+ 'not_in_role',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_roles',
+ label=_(u'role'),
+ doc=_(u'Search for hosts without these member of roles.'),
+ ),
+ parameters.Str(
+ 'in_hbacrule',
+ required=False,
+ multivalue=True,
+ cli_name='in_hbacrules',
+ label=_(u'HBAC rule'),
+ doc=_(u'Search for hosts with these member of HBAC rules.'),
+ ),
+ parameters.Str(
+ 'not_in_hbacrule',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_hbacrules',
+ label=_(u'HBAC rule'),
+ doc=_(u'Search for hosts without these member of HBAC rules.'),
+ ),
+ parameters.Str(
+ 'in_sudorule',
+ required=False,
+ multivalue=True,
+ cli_name='in_sudorules',
+ label=_(u'sudo rule'),
+ doc=_(u'Search for hosts with these member of sudo rules.'),
+ ),
+ parameters.Str(
+ 'not_in_sudorule',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_sudorules',
+ label=_(u'sudo rule'),
+ doc=_(u'Search for hosts without these member of sudo rules.'),
+ ),
+ parameters.Str(
+ 'enroll_by_user',
+ required=False,
+ multivalue=True,
+ cli_name='enroll_by_users',
+ label=_(u'user'),
+ doc=_(u'Search for hosts with these enrolled by users.'),
+ ),
+ parameters.Str(
+ 'not_enroll_by_user',
+ required=False,
+ multivalue=True,
+ cli_name='not_enroll_by_users',
+ label=_(u'user'),
+ doc=_(u'Search for hosts without these enrolled by users.'),
+ ),
+ parameters.Str(
+ 'man_by_host',
+ required=False,
+ multivalue=True,
+ cli_name='man_by_hosts',
+ label=_(u'host'),
+ doc=_(u'Search for hosts with these managed by hosts.'),
+ ),
+ parameters.Str(
+ 'not_man_by_host',
+ required=False,
+ multivalue=True,
+ cli_name='not_man_by_hosts',
+ label=_(u'host'),
+ doc=_(u'Search for hosts without these managed by hosts.'),
+ ),
+ parameters.Str(
+ 'man_host',
+ required=False,
+ multivalue=True,
+ cli_name='man_hosts',
+ label=_(u'host'),
+ doc=_(u'Search for hosts with these managing hosts.'),
+ ),
+ parameters.Str(
+ 'not_man_host',
+ required=False,
+ multivalue=True,
+ cli_name='not_man_hosts',
+ label=_(u'host'),
+ doc=_(u'Search for hosts without these managing hosts.'),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class host_mod(Method):
+ __doc__ = _("Modify information about a host.")
+
+ takes_args = (
+ parameters.Str(
+ 'fqdn',
+ cli_name='hostname',
+ label=_(u'Host name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'A description of this host'),
+ ),
+ parameters.Str(
+ 'l',
+ required=False,
+ cli_name='locality',
+ label=_(u'Locality'),
+ doc=_(u'Host locality (e.g. "Baltimore, MD")'),
+ ),
+ parameters.Str(
+ 'nshostlocation',
+ required=False,
+ cli_name='location',
+ label=_(u'Location'),
+ doc=_(u'Host location (e.g. "Lab 2")'),
+ ),
+ parameters.Str(
+ 'nshardwareplatform',
+ required=False,
+ cli_name='platform',
+ label=_(u'Platform'),
+ doc=_(u'Host hardware platform (e.g. "Lenovo T61")'),
+ ),
+ parameters.Str(
+ 'nsosversion',
+ required=False,
+ cli_name='os',
+ label=_(u'Operating system'),
+ doc=_(u'Host operating system and version (e.g. "Fedora 9")'),
+ ),
+ parameters.Str(
+ 'userpassword',
+ required=False,
+ cli_name='password',
+ label=_(u'User password'),
+ doc=_(u'Password used in bulk enrollment'),
+ ),
+ parameters.Flag(
+ 'random',
+ required=False,
+ doc=_(u'Generate a random password to be used in bulk enrollment'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Bytes(
+ 'usercertificate',
+ required=False,
+ cli_name='certificate',
+ label=_(u'Certificate'),
+ doc=_(u'Base-64 encoded server certificate'),
+ ),
+ parameters.Str(
+ 'macaddress',
+ required=False,
+ multivalue=True,
+ label=_(u'MAC address'),
+ doc=_(u'Hardware MAC address(es) on this host'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'ipasshpubkey',
+ required=False,
+ multivalue=True,
+ cli_name='sshpubkey',
+ label=_(u'SSH public key'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'userclass',
+ required=False,
+ multivalue=True,
+ cli_name='class',
+ label=_(u'Class'),
+ doc=_(u'Host category (semantics placed on this attribute are for local interpretation)'),
+ ),
+ parameters.Str(
+ 'ipaassignedidview',
+ required=False,
+ label=_(u'Assigned ID View'),
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Bool(
+ 'ipakrbrequirespreauth',
+ required=False,
+ cli_name='requires_pre_auth',
+ label=_(u'Requires pre-authentication'),
+ doc=_(u'Pre-authentication is required for the service'),
+ ),
+ parameters.Bool(
+ 'ipakrbokasdelegate',
+ required=False,
+ cli_name='ok_as_delegate',
+ label=_(u'Trusted for delegation'),
+ doc=_(u'Client credentials may be delegated to the service'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'krbprincipalname',
+ required=False,
+ cli_name='principalname',
+ label=_(u'Principal name'),
+ doc=_(u'Kerberos principal name for this host'),
+ ),
+ parameters.Flag(
+ 'updatedns',
+ required=False,
+ doc=_(u'Update DNS entries'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class host_remove_managedby(Method):
+ __doc__ = _("Remove hosts that can manage this host.")
+
+ takes_args = (
+ parameters.Str(
+ 'fqdn',
+ cli_name='hostname',
+ label=_(u'Host name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'host',
+ required=False,
+ multivalue=True,
+ cli_name='hosts',
+ label=_(u'member host'),
+ doc=_(u'hosts to remove'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be removed'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members removed'),
+ ),
+ )
+
+
+@register()
+class host_show(Method):
+ __doc__ = _("Display information about a host.")
+
+ takes_args = (
+ parameters.Str(
+ 'fqdn',
+ cli_name='hostname',
+ label=_(u'Host name'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'out',
+ required=False,
+ doc=_(u'file to store certificate in'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/hostgroup.py b/ipaclient/remote_plugins/2_114/hostgroup.py
new file mode 100644
index 0000000..3b39849
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/hostgroup.py
@@ -0,0 +1,709 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Groups of hosts.
+
+Manage groups of hosts. This is useful for applying access control to a
+number of hosts by using Host-based Access Control.
+
+EXAMPLES:
+
+ Add a new host group:
+ ipa hostgroup-add --desc="Baltimore hosts" baltimore
+
+ Add another new host group:
+ ipa hostgroup-add --desc="Maryland hosts" maryland
+
+ Add members to the hostgroup (using Bash brace expansion):
+ ipa hostgroup-add-member --hosts={box1,box2,box3} baltimore
+
+ Add a hostgroup as a member of another hostgroup:
+ ipa hostgroup-add-member --hostgroups=baltimore maryland
+
+ Remove a host from the hostgroup:
+ ipa hostgroup-remove-member --hosts=box2 baltimore
+
+ Display a host group:
+ ipa hostgroup-show baltimore
+
+ Delete a hostgroup:
+ ipa hostgroup-del baltimore
+""")
+
+register = Registry()
+
+
+@register()
+class hostgroup(Object):
+ takes_params = (
+ parameters.Str(
+ 'cn',
+ primary_key=True,
+ label=_(u'Host-group'),
+ doc=_(u'Name of host-group'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ label=_(u'Description'),
+ doc=_(u'A description of this host-group'),
+ ),
+ parameters.Str(
+ 'member_host',
+ required=False,
+ label=_(u'Member hosts'),
+ ),
+ parameters.Str(
+ 'member_hostgroup',
+ required=False,
+ label=_(u'Member host-groups'),
+ ),
+ parameters.Str(
+ 'memberof_hostgroup',
+ required=False,
+ label=_(u'Member of host-groups'),
+ ),
+ parameters.Str(
+ 'memberof_netgroup',
+ required=False,
+ label=_(u'Member of netgroups'),
+ ),
+ parameters.Str(
+ 'memberof_sudorule',
+ required=False,
+ label=_(u'Member of Sudo rule'),
+ ),
+ parameters.Str(
+ 'memberof_hbacrule',
+ required=False,
+ label=_(u'Member of HBAC rule'),
+ ),
+ parameters.Str(
+ 'memberindirect_host',
+ required=False,
+ label=_(u'Indirect Member hosts'),
+ ),
+ parameters.Str(
+ 'memberindirect_hostgroup',
+ required=False,
+ label=_(u'Indirect Member host-groups'),
+ ),
+ parameters.Str(
+ 'memberofindirect_hostgroup',
+ required=False,
+ label=_(u'Indirect Member of host-group'),
+ ),
+ parameters.Str(
+ 'memberofindirect_sudorule',
+ required=False,
+ label=_(u'Indirect Member of Sudo rule'),
+ ),
+ parameters.Str(
+ 'memberofindirect_hbacrule',
+ required=False,
+ label=_(u'Indirect Member of HBAC rule'),
+ ),
+ )
+
+
+@register()
+class hostgroup_add(Method):
+ __doc__ = _("Add a new hostgroup.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='hostgroup_name',
+ label=_(u'Host-group'),
+ doc=_(u'Name of host-group'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'A description of this host-group'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class hostgroup_add_member(Method):
+ __doc__ = _("Add members to a hostgroup.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='hostgroup_name',
+ label=_(u'Host-group'),
+ doc=_(u'Name of host-group'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'host',
+ required=False,
+ multivalue=True,
+ cli_name='hosts',
+ label=_(u'member host'),
+ doc=_(u'hosts to add'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='hostgroups',
+ label=_(u'member host group'),
+ doc=_(u'host groups to add'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be added'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members added'),
+ ),
+ )
+
+
+@register()
+class hostgroup_del(Method):
+ __doc__ = _("Delete a hostgroup.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ multivalue=True,
+ cli_name='hostgroup_name',
+ label=_(u'Host-group'),
+ doc=_(u'Name of host-group'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class hostgroup_find(Method):
+ __doc__ = _("Search for hostgroups.")
+
+ takes_args = (
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'cn',
+ required=False,
+ cli_name='hostgroup_name',
+ label=_(u'Host-group'),
+ doc=_(u'Name of host-group'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'A description of this host-group'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("hostgroup-name")'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'host',
+ required=False,
+ multivalue=True,
+ cli_name='hosts',
+ label=_(u'host'),
+ doc=_(u'Search for host groups with these member hosts.'),
+ ),
+ parameters.Str(
+ 'no_host',
+ required=False,
+ multivalue=True,
+ cli_name='no_hosts',
+ label=_(u'host'),
+ doc=_(u'Search for host groups without these member hosts.'),
+ ),
+ parameters.Str(
+ 'hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='hostgroups',
+ label=_(u'host group'),
+ doc=_(u'Search for host groups with these member host groups.'),
+ ),
+ parameters.Str(
+ 'no_hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='no_hostgroups',
+ label=_(u'host group'),
+ doc=_(u'Search for host groups without these member host groups.'),
+ ),
+ parameters.Str(
+ 'in_hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='in_hostgroups',
+ label=_(u'host group'),
+ doc=_(u'Search for host groups with these member of host groups.'),
+ ),
+ parameters.Str(
+ 'not_in_hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_hostgroups',
+ label=_(u'host group'),
+ doc=_(u'Search for host groups without these member of host groups.'),
+ ),
+ parameters.Str(
+ 'in_netgroup',
+ required=False,
+ multivalue=True,
+ cli_name='in_netgroups',
+ label=_(u'netgroup'),
+ doc=_(u'Search for host groups with these member of netgroups.'),
+ ),
+ parameters.Str(
+ 'not_in_netgroup',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_netgroups',
+ label=_(u'netgroup'),
+ doc=_(u'Search for host groups without these member of netgroups.'),
+ ),
+ parameters.Str(
+ 'in_hbacrule',
+ required=False,
+ multivalue=True,
+ cli_name='in_hbacrules',
+ label=_(u'HBAC rule'),
+ doc=_(u'Search for host groups with these member of HBAC rules.'),
+ ),
+ parameters.Str(
+ 'not_in_hbacrule',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_hbacrules',
+ label=_(u'HBAC rule'),
+ doc=_(u'Search for host groups without these member of HBAC rules.'),
+ ),
+ parameters.Str(
+ 'in_sudorule',
+ required=False,
+ multivalue=True,
+ cli_name='in_sudorules',
+ label=_(u'sudo rule'),
+ doc=_(u'Search for host groups with these member of sudo rules.'),
+ ),
+ parameters.Str(
+ 'not_in_sudorule',
+ required=False,
+ multivalue=True,
+ cli_name='not_in_sudorules',
+ label=_(u'sudo rule'),
+ doc=_(u'Search for host groups without these member of sudo rules.'),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class hostgroup_mod(Method):
+ __doc__ = _("Modify a hostgroup.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='hostgroup_name',
+ label=_(u'Host-group'),
+ doc=_(u'Name of host-group'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ doc=_(u'A description of this host-group'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class hostgroup_remove_member(Method):
+ __doc__ = _("Remove members from a hostgroup.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='hostgroup_name',
+ label=_(u'Host-group'),
+ doc=_(u'Name of host-group'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'host',
+ required=False,
+ multivalue=True,
+ cli_name='hosts',
+ label=_(u'member host'),
+ doc=_(u'hosts to remove'),
+ alwaysask=True,
+ ),
+ parameters.Str(
+ 'hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='hostgroups',
+ label=_(u'member host group'),
+ doc=_(u'host groups to remove'),
+ alwaysask=True,
+ ),
+ )
+ has_output = (
+ output.Entry(
+ 'result',
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Members that could not be removed'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of members removed'),
+ ),
+ )
+
+
+@register()
+class hostgroup_show(Method):
+ __doc__ = _("Display information about a hostgroup.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='hostgroup_name',
+ label=_(u'Host-group'),
+ doc=_(u'Name of host-group'),
+ no_convert=True,
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'no_members',
+ doc=_(u'Suppress processing of membership attributes.'),
+ exclude=('webui', 'cli'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/idrange.py b/ipaclient/remote_plugins/2_114/idrange.py
new file mode 100644
index 0000000..2de0687
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/idrange.py
@@ -0,0 +1,620 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+ID ranges
+
+Manage ID ranges used to map Posix IDs to SIDs and back.
+
+There are two type of ID ranges which are both handled by this utility:
+
+ - the ID ranges of the local domain
+ - the ID ranges of trusted remote domains
+
+Both types have the following attributes in common:
+
+ - base-id: the first ID of the Posix ID range
+ - range-size: the size of the range
+
+With those two attributes a range object can reserve the Posix IDs starting
+with base-id up to but not including base-id+range-size exclusively.
+
+Additionally an ID range of the local domain may set
+ - rid-base: the first RID(*) of the corresponding RID range
+ - secondary-rid-base: first RID of the secondary RID range
+
+and an ID range of a trusted domain must set
+ - rid-base: the first RID of the corresponding RID range
+ - sid: domain SID of the trusted domain
+
+
+
+EXAMPLE: Add a new ID range for a trusted domain
+
+Since there might be more than one trusted domain the domain SID must be given
+while creating the ID range.
+
+ ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 \
+ --dom-sid=S-1-5-21-123-456-789 trusted_dom_range
+
+This ID range is then used by the IPA server and the SSSD IPA provider to
+assign Posix UIDs to users from the trusted domain.
+
+If e.g a range for a trusted domain is configured with the following values:
+ base-id = 1200000
+ range-size = 200000
+ rid-base = 0
+the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. So
+RID 1000 <-> Posix ID 1201000
+
+
+
+EXAMPLE: Add a new ID range for the local domain
+
+To create an ID range for the local domain it is not necessary to specify a
+domain SID. But since it is possible that a user and a group can have the same
+value as Posix ID a second RID interval is needed to handle conflicts.
+
+ ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 \
+ --secondary-rid-base=1000000 local_range
+
+The data from the ID ranges of the local domain are used by the IPA server
+internally to assign SIDs to IPA users and groups. The SID will then be stored
+in the user or group objects.
+
+If e.g. the ID range for the local domain is configured with the values from
+the example above then a new user with the UID 1200007 will get the RID 1007.
+If this RID is already used by a group the RID will be 1000007. This can only
+happen if a user or a group object was created with a fixed ID because the
+automatic assignment will not assign the same ID twice. Since there are only
+users and groups sharing the same ID namespace it is sufficient to have only
+one fallback range to handle conflicts.
+
+To find the Posix ID for a given RID from the local domain it has to be
+checked first if the RID falls in the primary or secondary RID range and
+the rid-base or the secondary-rid-base has to be subtracted, respectively,
+and the base-id has to be added to get the Posix ID.
+
+Typically the creation of ID ranges happens behind the scenes and this CLI
+must not be used at all. The ID range for the local domain will be created
+during installation or upgrade from an older version. The ID range for a
+trusted domain will be created together with the trust by 'ipa trust-add ...'.
+
+USE CASES:
+
+ Add an ID range from a transitively trusted domain
+
+ If the trusted domain (A) trusts another domain (B) as well and this trust
+ is transitive 'ipa trust-add domain-A' will only create a range for
+ domain A. The ID range for domain B must be added manually.
+
+ Add an additional ID range for the local domain
+
+ If the ID range of the local domain is exhausted, i.e. no new IDs can be
+ assigned to Posix users or groups by the DNA plugin, a new range has to be
+ created to allow new users and groups to be added. (Currently there is no
+ connection between this range CLI and the DNA plugin, but a future version
+ might be able to modify the configuration of the DNS plugin as well)
+
+In general it is not necessary to modify or delete ID ranges. If there is no
+other way to achieve a certain configuration than to modify or delete an ID
+range it should be done with great care. Because UIDs are stored in the file
+system and are used for access control it might be possible that users are
+allowed to access files of other users if an ID range got deleted and reused
+for a different domain.
+
+(*) The RID is typically the last integer of a user or group SID which follows
+the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user from
+this domain has the SID S-1-5-21-123-456-789-1010 then 1010 id the RID of the
+user. RIDs are unique in a domain, 32bit values and are used for users and
+groups.
+
+WARNING:
+
+DNA plugin in 389-ds will allocate IDs based on the ranges configured for the
+local domain. Currently the DNA plugin *cannot* be reconfigured itself based
+on the local ranges set via this family of commands.
+
+Manual configuration change has to be done in the DNA plugin configuration for
+the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix
+IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be
+modified to match the new range.
+""")
+
+register = Registry()
+
+
+@register()
+class idrange(Object):
+ takes_params = (
+ parameters.Str(
+ 'cn',
+ primary_key=True,
+ label=_(u'Range name'),
+ ),
+ parameters.Int(
+ 'ipabaseid',
+ label=_(u'First Posix ID of the range'),
+ ),
+ parameters.Int(
+ 'ipaidrangesize',
+ label=_(u'Number of IDs in the range'),
+ ),
+ parameters.Int(
+ 'ipabaserid',
+ required=False,
+ label=_(u'First RID of the corresponding RID range'),
+ ),
+ parameters.Int(
+ 'ipasecondarybaserid',
+ required=False,
+ label=_(u'First RID of the secondary RID range'),
+ ),
+ parameters.Str(
+ 'ipanttrusteddomainsid',
+ required=False,
+ label=_(u'Domain SID of the trusted domain'),
+ ),
+ parameters.Str(
+ 'ipanttrusteddomainname',
+ required=False,
+ label=_(u'Name of the trusted domain'),
+ ),
+ parameters.Str(
+ 'iparangetype',
+ required=False,
+ label=_(u'Range type'),
+ doc=_(u'ID range type, one of ipa-ad-trust-posix, ipa-ad-trust, ipa-local'),
+ ),
+ )
+
+
+@register()
+class idrange_add(Method):
+ __doc__ = _("""
+Add new ID range.
+
+ To add a new ID range you always have to specify
+
+ --base-id
+ --range-size
+
+ Additionally
+
+ --rid-base
+ --secondary-rid-base
+
+ may be given for a new ID range for the local domain while
+
+ --rid-base
+ --dom-sid
+
+ must be given to add a new range for a trusted AD domain.
+
+ WARNING:
+
+ DNA plugin in 389-ds will allocate IDs based on the ranges configured for the
+ local domain. Currently the DNA plugin *cannot* be reconfigured itself based
+ on the local ranges set via this family of commands.
+
+ Manual configuration change has to be done in the DNA plugin configuration for
+ the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix
+ IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be
+ modified to match the new range.
+ """)
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Range name'),
+ ),
+ )
+ takes_options = (
+ parameters.Int(
+ 'ipabaseid',
+ cli_name='base_id',
+ label=_(u'First Posix ID of the range'),
+ ),
+ parameters.Int(
+ 'ipaidrangesize',
+ cli_name='range_size',
+ label=_(u'Number of IDs in the range'),
+ ),
+ parameters.Int(
+ 'ipabaserid',
+ required=False,
+ cli_name='rid_base',
+ label=_(u'First RID of the corresponding RID range'),
+ ),
+ parameters.Int(
+ 'ipasecondarybaserid',
+ required=False,
+ cli_name='secondary_rid_base',
+ label=_(u'First RID of the secondary RID range'),
+ ),
+ parameters.Str(
+ 'ipanttrusteddomainsid',
+ required=False,
+ cli_name='dom_sid',
+ label=_(u'Domain SID of the trusted domain'),
+ ),
+ parameters.Str(
+ 'ipanttrusteddomainname',
+ required=False,
+ cli_name='dom_name',
+ label=_(u'Name of the trusted domain'),
+ ),
+ parameters.Str(
+ 'iparangetype',
+ required=False,
+ cli_name='type',
+ cli_metavar="['ipa-ad-trust-posix', 'ipa-ad-trust', 'ipa-local']",
+ label=_(u'Range type'),
+ doc=_(u'ID range type, one of ipa-ad-trust-posix, ipa-ad-trust, ipa-local'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class idrange_del(Method):
+ __doc__ = _("Delete an ID range.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ multivalue=True,
+ cli_name='name',
+ label=_(u'Range name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class idrange_find(Method):
+ __doc__ = _("Search for ranges.")
+
+ takes_args = (
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'cn',
+ required=False,
+ cli_name='name',
+ label=_(u'Range name'),
+ ),
+ parameters.Int(
+ 'ipabaseid',
+ required=False,
+ cli_name='base_id',
+ label=_(u'First Posix ID of the range'),
+ ),
+ parameters.Int(
+ 'ipaidrangesize',
+ required=False,
+ cli_name='range_size',
+ label=_(u'Number of IDs in the range'),
+ ),
+ parameters.Int(
+ 'ipabaserid',
+ required=False,
+ cli_name='rid_base',
+ label=_(u'First RID of the corresponding RID range'),
+ ),
+ parameters.Int(
+ 'ipasecondarybaserid',
+ required=False,
+ cli_name='secondary_rid_base',
+ label=_(u'First RID of the secondary RID range'),
+ ),
+ parameters.Str(
+ 'ipanttrusteddomainsid',
+ required=False,
+ cli_name='dom_sid',
+ label=_(u'Domain SID of the trusted domain'),
+ ),
+ parameters.Str(
+ 'iparangetype',
+ required=False,
+ cli_name='type',
+ cli_metavar="['ipa-ad-trust-posix', 'ipa-ad-trust', 'ipa-local']",
+ label=_(u'Range type'),
+ doc=_(u'ID range type, one of ipa-ad-trust-posix, ipa-ad-trust, ipa-local'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("name")'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class idrange_mod(Method):
+ __doc__ = _("Modify ID range.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Range name'),
+ ),
+ )
+ takes_options = (
+ parameters.Int(
+ 'ipabaseid',
+ required=False,
+ cli_name='base_id',
+ label=_(u'First Posix ID of the range'),
+ ),
+ parameters.Int(
+ 'ipaidrangesize',
+ required=False,
+ cli_name='range_size',
+ label=_(u'Number of IDs in the range'),
+ ),
+ parameters.Int(
+ 'ipabaserid',
+ required=False,
+ cli_name='rid_base',
+ label=_(u'First RID of the corresponding RID range'),
+ ),
+ parameters.Int(
+ 'ipasecondarybaserid',
+ required=False,
+ cli_name='secondary_rid_base',
+ label=_(u'First RID of the secondary RID range'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'ipanttrusteddomainsid',
+ required=False,
+ deprecated=True,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'ipanttrusteddomainname',
+ required=False,
+ deprecated=True,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class idrange_show(Method):
+ __doc__ = _("Display information about a range.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'Range name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/idviews.py b/ipaclient/remote_plugins/2_114/idviews.py
new file mode 100644
index 0000000..6bd422c
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/idviews.py
@@ -0,0 +1,1411 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+ID Views
+Manage ID Views
+IPA allows to override certain properties of users and groups per each host.
+This functionality is primarily used to allow migration from older systems or
+other Identity Management solutions.
+""")
+
+register = Registry()
+
+
+@register()
+class idoverridegroup(Object):
+ takes_params = (
+ parameters.Str(
+ 'ipaanchoruuid',
+ primary_key=True,
+ label=_(u'Anchor to override'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ label=_(u'Description'),
+ ),
+ parameters.Str(
+ 'cn',
+ required=False,
+ label=_(u'Group name'),
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ label=_(u'GID'),
+ doc=_(u'Group ID Number'),
+ ),
+ )
+
+
+@register()
+class idoverrideuser(Object):
+ takes_params = (
+ parameters.Str(
+ 'ipaanchoruuid',
+ primary_key=True,
+ label=_(u'Anchor to override'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ label=_(u'Description'),
+ ),
+ parameters.Str(
+ 'uid',
+ required=False,
+ label=_(u'User login'),
+ ),
+ parameters.Int(
+ 'uidnumber',
+ required=False,
+ label=_(u'UID'),
+ doc=_(u'User ID Number'),
+ ),
+ parameters.Str(
+ 'gecos',
+ required=False,
+ label=_(u'GECOS'),
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ label=_(u'GID'),
+ doc=_(u'Group ID Number'),
+ ),
+ parameters.Str(
+ 'homedirectory',
+ required=False,
+ label=_(u'Home directory'),
+ ),
+ parameters.Str(
+ 'loginshell',
+ required=False,
+ label=_(u'Login shell'),
+ ),
+ parameters.Str(
+ 'ipaoriginaluid',
+ required=False,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'ipasshpubkey',
+ required=False,
+ multivalue=True,
+ label=_(u'SSH public key'),
+ ),
+ )
+
+
+@register()
+class idview(Object):
+ takes_params = (
+ parameters.Str(
+ 'cn',
+ primary_key=True,
+ label=_(u'ID View Name'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ label=_(u'Description'),
+ ),
+ )
+
+
+@register()
+class idoverridegroup_add(Method):
+ __doc__ = _("Add a new Group ID override.")
+
+ takes_args = (
+ parameters.Str(
+ 'idviewcn',
+ cli_name='idview',
+ label=_(u'ID View Name'),
+ ),
+ parameters.Str(
+ 'ipaanchoruuid',
+ cli_name='anchor',
+ label=_(u'Anchor to override'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Str(
+ 'cn',
+ required=False,
+ cli_name='group_name',
+ label=_(u'Group name'),
+ no_convert=True,
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ cli_name='gid',
+ label=_(u'GID'),
+ doc=_(u'Group ID Number'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class idoverridegroup_del(Method):
+ __doc__ = _("Delete an Group ID override.")
+
+ takes_args = (
+ parameters.Str(
+ 'idviewcn',
+ cli_name='idview',
+ label=_(u'ID View Name'),
+ ),
+ parameters.Str(
+ 'ipaanchoruuid',
+ multivalue=True,
+ cli_name='anchor',
+ label=_(u'Anchor to override'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class idoverridegroup_find(Method):
+ __doc__ = _("Search for an Group ID override.")
+
+ takes_args = (
+ parameters.Str(
+ 'idviewcn',
+ cli_name='idview',
+ label=_(u'ID View Name'),
+ ),
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'ipaanchoruuid',
+ required=False,
+ cli_name='anchor',
+ label=_(u'Anchor to override'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Str(
+ 'cn',
+ required=False,
+ cli_name='group_name',
+ label=_(u'Group name'),
+ no_convert=True,
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ cli_name='gid',
+ label=_(u'GID'),
+ doc=_(u'Group ID Number'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("anchor")'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class idoverridegroup_mod(Method):
+ __doc__ = _("Modify an Group ID override.")
+
+ takes_args = (
+ parameters.Str(
+ 'idviewcn',
+ cli_name='idview',
+ label=_(u'ID View Name'),
+ ),
+ parameters.Str(
+ 'ipaanchoruuid',
+ cli_name='anchor',
+ label=_(u'Anchor to override'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Str(
+ 'cn',
+ required=False,
+ cli_name='group_name',
+ label=_(u'Group name'),
+ no_convert=True,
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ cli_name='gid',
+ label=_(u'GID'),
+ doc=_(u'Group ID Number'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'rename',
+ required=False,
+ label=_(u'Rename'),
+ doc=_(u'Rename the Group ID override object'),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class idoverridegroup_show(Method):
+ __doc__ = _("Display information about an Group ID override.")
+
+ takes_args = (
+ parameters.Str(
+ 'idviewcn',
+ cli_name='idview',
+ label=_(u'ID View Name'),
+ ),
+ parameters.Str(
+ 'ipaanchoruuid',
+ cli_name='anchor',
+ label=_(u'Anchor to override'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class idoverrideuser_add(Method):
+ __doc__ = _("Add a new User ID override.")
+
+ takes_args = (
+ parameters.Str(
+ 'idviewcn',
+ cli_name='idview',
+ label=_(u'ID View Name'),
+ ),
+ parameters.Str(
+ 'ipaanchoruuid',
+ cli_name='anchor',
+ label=_(u'Anchor to override'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Str(
+ 'uid',
+ required=False,
+ cli_name='login',
+ label=_(u'User login'),
+ no_convert=True,
+ ),
+ parameters.Int(
+ 'uidnumber',
+ required=False,
+ cli_name='uid',
+ label=_(u'UID'),
+ doc=_(u'User ID Number'),
+ ),
+ parameters.Str(
+ 'gecos',
+ required=False,
+ label=_(u'GECOS'),
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ label=_(u'GID'),
+ doc=_(u'Group ID Number'),
+ ),
+ parameters.Str(
+ 'homedirectory',
+ required=False,
+ cli_name='homedir',
+ label=_(u'Home directory'),
+ ),
+ parameters.Str(
+ 'loginshell',
+ required=False,
+ cli_name='shell',
+ label=_(u'Login shell'),
+ ),
+ parameters.Str(
+ 'ipaoriginaluid',
+ required=False,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'ipasshpubkey',
+ required=False,
+ multivalue=True,
+ cli_name='sshpubkey',
+ label=_(u'SSH public key'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class idoverrideuser_del(Method):
+ __doc__ = _("Delete an User ID override.")
+
+ takes_args = (
+ parameters.Str(
+ 'idviewcn',
+ cli_name='idview',
+ label=_(u'ID View Name'),
+ ),
+ parameters.Str(
+ 'ipaanchoruuid',
+ multivalue=True,
+ cli_name='anchor',
+ label=_(u'Anchor to override'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class idoverrideuser_find(Method):
+ __doc__ = _("Search for an User ID override.")
+
+ takes_args = (
+ parameters.Str(
+ 'idviewcn',
+ cli_name='idview',
+ label=_(u'ID View Name'),
+ ),
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'ipaanchoruuid',
+ required=False,
+ cli_name='anchor',
+ label=_(u'Anchor to override'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Str(
+ 'uid',
+ required=False,
+ cli_name='login',
+ label=_(u'User login'),
+ no_convert=True,
+ ),
+ parameters.Int(
+ 'uidnumber',
+ required=False,
+ cli_name='uid',
+ label=_(u'UID'),
+ doc=_(u'User ID Number'),
+ ),
+ parameters.Str(
+ 'gecos',
+ required=False,
+ label=_(u'GECOS'),
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ label=_(u'GID'),
+ doc=_(u'Group ID Number'),
+ ),
+ parameters.Str(
+ 'homedirectory',
+ required=False,
+ cli_name='homedir',
+ label=_(u'Home directory'),
+ ),
+ parameters.Str(
+ 'loginshell',
+ required=False,
+ cli_name='shell',
+ label=_(u'Login shell'),
+ ),
+ parameters.Str(
+ 'ipaoriginaluid',
+ required=False,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("anchor")'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class idoverrideuser_mod(Method):
+ __doc__ = _("Modify an User ID override.")
+
+ takes_args = (
+ parameters.Str(
+ 'idviewcn',
+ cli_name='idview',
+ label=_(u'ID View Name'),
+ ),
+ parameters.Str(
+ 'ipaanchoruuid',
+ cli_name='anchor',
+ label=_(u'Anchor to override'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Str(
+ 'uid',
+ required=False,
+ cli_name='login',
+ label=_(u'User login'),
+ no_convert=True,
+ ),
+ parameters.Int(
+ 'uidnumber',
+ required=False,
+ cli_name='uid',
+ label=_(u'UID'),
+ doc=_(u'User ID Number'),
+ ),
+ parameters.Str(
+ 'gecos',
+ required=False,
+ label=_(u'GECOS'),
+ ),
+ parameters.Int(
+ 'gidnumber',
+ required=False,
+ label=_(u'GID'),
+ doc=_(u'Group ID Number'),
+ ),
+ parameters.Str(
+ 'homedirectory',
+ required=False,
+ cli_name='homedir',
+ label=_(u'Home directory'),
+ ),
+ parameters.Str(
+ 'loginshell',
+ required=False,
+ cli_name='shell',
+ label=_(u'Login shell'),
+ ),
+ parameters.Str(
+ 'ipaoriginaluid',
+ required=False,
+ exclude=('cli', 'webui'),
+ ),
+ parameters.Str(
+ 'ipasshpubkey',
+ required=False,
+ multivalue=True,
+ cli_name='sshpubkey',
+ label=_(u'SSH public key'),
+ no_convert=True,
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'rename',
+ required=False,
+ label=_(u'Rename'),
+ doc=_(u'Rename the User ID override object'),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class idoverrideuser_show(Method):
+ __doc__ = _("Display information about an User ID override.")
+
+ takes_args = (
+ parameters.Str(
+ 'idviewcn',
+ cli_name='idview',
+ label=_(u'ID View Name'),
+ ),
+ parameters.Str(
+ 'ipaanchoruuid',
+ cli_name='anchor',
+ label=_(u'Anchor to override'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class idview_add(Method):
+ __doc__ = _("Add a new ID View.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'ID View Name'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class idview_apply(Method):
+ __doc__ = _("Applies ID View to specified hosts or current members of specified hostgroups. If any other ID View is applied to the host, it is overriden.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'ID View Name'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'host',
+ required=False,
+ multivalue=True,
+ cli_name='hosts',
+ label=_(u'hosts'),
+ doc=_(u'Hosts to apply the ID View to'),
+ ),
+ parameters.Str(
+ 'hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='hostgroups',
+ label=_(u'hostgroups'),
+ doc=_(u'Hostgroups to whose hosts apply the ID View to. Please note that view is not applied automatically to any hosts added to the hostgroup after running the idview-apply command.'),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'succeeded',
+ dict,
+ doc=_(u'Hosts that this ID View was applied to.'),
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Hosts or hostgroups that this ID View could not be applied to.'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of hosts the ID View was applied to:'),
+ ),
+ )
+
+
+@register()
+class idview_del(Method):
+ __doc__ = _("Delete an ID View.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ multivalue=True,
+ cli_name='name',
+ label=_(u'ID View Name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'continue',
+ doc=_(u"Continuous mode: Don't stop on errors."),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'result',
+ dict,
+ doc=_(u'List of deletions that failed'),
+ ),
+ output.ListOfPrimaryKeys(
+ 'value',
+ ),
+ )
+
+
+@register()
+class idview_find(Method):
+ __doc__ = _("Search for an ID View.")
+
+ takes_args = (
+ parameters.Str(
+ 'criteria',
+ required=False,
+ doc=_(u'A string searched in all relevant object attributes'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'cn',
+ required=False,
+ cli_name='name',
+ label=_(u'ID View Name'),
+ ),
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Int(
+ 'timelimit',
+ required=False,
+ label=_(u'Time Limit'),
+ doc=_(u'Time limit of search in seconds'),
+ ),
+ parameters.Int(
+ 'sizelimit',
+ required=False,
+ label=_(u'Size Limit'),
+ doc=_(u'Maximum number of entries returned'),
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'pkey_only',
+ required=False,
+ label=_(u'Primary key only'),
+ doc=_(u'Results should contain primary key attribute only ("name")'),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.ListOfEntries(
+ 'result',
+ ),
+ output.Output(
+ 'count',
+ int,
+ doc=_(u'Number of entries returned'),
+ ),
+ output.Output(
+ 'truncated',
+ bool,
+ doc=_(u'True if not all results were returned'),
+ ),
+ )
+
+
+@register()
+class idview_mod(Method):
+ __doc__ = _("Modify an ID View.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'ID View Name'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'description',
+ required=False,
+ cli_name='desc',
+ label=_(u'Description'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Str(
+ 'rename',
+ required=False,
+ label=_(u'Rename'),
+ doc=_(u'Rename the ID View object'),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class idview_show(Method):
+ __doc__ = _("Display information about an ID View.")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='name',
+ label=_(u'ID View Name'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'show_hosts',
+ required=False,
+ doc=_(u'Enumerate all the hosts the view applies to.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class idview_unapply(Method):
+ __doc__ = _("Clears ID View from specified hosts or current members of specified hostgroups.")
+
+ takes_options = (
+ parameters.Str(
+ 'host',
+ required=False,
+ multivalue=True,
+ cli_name='hosts',
+ label=_(u'hosts'),
+ doc=_(u'Hosts to clear (any) ID View from.'),
+ ),
+ parameters.Str(
+ 'hostgroup',
+ required=False,
+ multivalue=True,
+ cli_name='hostgroups',
+ label=_(u'hostgroups'),
+ doc=_(u'Hostgroups whose hosts should have ID Views cleared. Note that view is not cleared automatically from any host added to the hostgroup after running idview-unapply command.'),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Output(
+ 'succeeded',
+ dict,
+ doc=_(u'Hosts that ID View was cleared from.'),
+ ),
+ output.Output(
+ 'failed',
+ dict,
+ doc=_(u'Hosts or hostgroups that ID View could not be cleared from.'),
+ ),
+ output.Output(
+ 'completed',
+ int,
+ doc=_(u'Number of hosts that had a ID View was unset:'),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/internal.py b/ipaclient/remote_plugins/2_114/internal.py
new file mode 100644
index 0000000..7fec8d2
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/internal.py
@@ -0,0 +1,92 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Plugins not accessible directly through the CLI, commands used internally
+""")
+
+register = Registry()
+
+
+@register()
+class i18n_messages(Command):
+ NO_CLI = True
+
+ takes_options = (
+ )
+ has_output = (
+ output.Output(
+ 'texts',
+ dict,
+ doc=_(u'Dict of I18N messages'),
+ ),
+ )
+
+
+@register()
+class json_metadata(Command):
+ __doc__ = _("Export plugin meta-data for the webUI.")
+
+ NO_CLI = True
+
+ takes_args = (
+ parameters.Str(
+ 'objname',
+ required=False,
+ doc=_(u'Name of object to export'),
+ ),
+ parameters.Str(
+ 'methodname',
+ required=False,
+ doc=_(u'Name of method to export'),
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'object',
+ required=False,
+ doc=_(u'Name of object to export'),
+ ),
+ parameters.Str(
+ 'method',
+ required=False,
+ doc=_(u'Name of method to export'),
+ ),
+ parameters.Str(
+ 'command',
+ required=False,
+ doc=_(u'Name of command to export'),
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'objects',
+ dict,
+ doc=_(u'Dict of JSON encoded IPA Objects'),
+ ),
+ output.Output(
+ 'methods',
+ dict,
+ doc=_(u'Dict of JSON encoded IPA Methods'),
+ ),
+ output.Output(
+ 'commands',
+ dict,
+ doc=_(u'Dict of JSON encoded IPA Commands'),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/join.py b/ipaclient/remote_plugins/2_114/join.py
new file mode 100644
index 0000000..dc0904d
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/join.py
@@ -0,0 +1,64 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Joining an IPA domain
+""")
+
+register = Registry()
+
+
+@register()
+class join(Command):
+ __doc__ = _("Join an IPA domain")
+
+ takes_args = (
+ parameters.Str(
+ 'cn',
+ cli_name='hostname',
+ doc=_(u'The hostname to register as'),
+ default_from=DefaultFrom(lambda : None),
+ # FIXME:
+ # lambda: unicode(installutils.get_fqdn())
+ autofill=True,
+ ),
+ )
+ takes_options = (
+ parameters.Str(
+ 'realm',
+ doc=_(u'The IPA realm'),
+ default_from=DefaultFrom(lambda : None),
+ # FIXME:
+ # lambda: get_realm()
+ autofill=True,
+ ),
+ parameters.Str(
+ 'nshardwareplatform',
+ required=False,
+ cli_name='platform',
+ doc=_(u'Hardware platform of the host (e.g. Lenovo T61)'),
+ ),
+ parameters.Str(
+ 'nsosversion',
+ required=False,
+ cli_name='os',
+ doc=_(u'Operating System and version of the host (e.g. Fedora 9)'),
+ ),
+ )
+ has_output = (
+ )
diff --git a/ipaclient/remote_plugins/2_114/krbtpolicy.py b/ipaclient/remote_plugins/2_114/krbtpolicy.py
new file mode 100644
index 0000000..42a4b2b
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/krbtpolicy.py
@@ -0,0 +1,266 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Kerberos ticket policy
+
+There is a single Kerberos ticket policy. This policy defines the
+maximum ticket lifetime and the maximum renewal age, the period during
+which the ticket is renewable.
+
+You can also create a per-user ticket policy by specifying the user login.
+
+For changes to the global policy to take effect, restarting the KDC service
+is required, which can be achieved using:
+
+service krb5kdc restart
+
+Changes to per-user policies take effect immediately for newly requested
+tickets (e.g. when the user next runs kinit).
+
+EXAMPLES:
+
+ Display the current Kerberos ticket policy:
+ ipa krbtpolicy-show
+
+ Reset the policy to the default:
+ ipa krbtpolicy-reset
+
+ Modify the policy to 8 hours max life, 1-day max renewal:
+ ipa krbtpolicy-mod --maxlife=28800 --maxrenew=86400
+
+ Display effective Kerberos ticket policy for user 'admin':
+ ipa krbtpolicy-show admin
+
+ Reset per-user policy for user 'admin':
+ ipa krbtpolicy-reset admin
+
+ Modify per-user policy for user 'admin':
+ ipa krbtpolicy-mod admin --maxlife=3600
+""")
+
+register = Registry()
+
+
+@register()
+class krbtpolicy(Object):
+ takes_params = (
+ parameters.Str(
+ 'uid',
+ required=False,
+ primary_key=True,
+ label=_(u'User name'),
+ doc=_(u'Manage ticket policy for specific user'),
+ ),
+ parameters.Int(
+ 'krbmaxticketlife',
+ required=False,
+ label=_(u'Max life'),
+ doc=_(u'Maximum ticket life (seconds)'),
+ ),
+ parameters.Int(
+ 'krbmaxrenewableage',
+ required=False,
+ label=_(u'Max renew'),
+ doc=_(u'Maximum renewable age (seconds)'),
+ ),
+ )
+
+
+@register()
+class krbtpolicy_mod(Method):
+ __doc__ = _("Modify Kerberos ticket policy.")
+
+ takes_args = (
+ parameters.Str(
+ 'uid',
+ required=False,
+ cli_name='user',
+ label=_(u'User name'),
+ doc=_(u'Manage ticket policy for specific user'),
+ ),
+ )
+ takes_options = (
+ parameters.Int(
+ 'krbmaxticketlife',
+ required=False,
+ cli_name='maxlife',
+ label=_(u'Max life'),
+ doc=_(u'Maximum ticket life (seconds)'),
+ ),
+ parameters.Int(
+ 'krbmaxrenewableage',
+ required=False,
+ cli_name='maxrenew',
+ label=_(u'Max renew'),
+ doc=_(u'Maximum renewable age (seconds)'),
+ ),
+ parameters.Str(
+ 'setattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'addattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
+ exclude=('webui',),
+ ),
+ parameters.Str(
+ 'delattr',
+ required=False,
+ multivalue=True,
+ doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
+ exclude=('webui',),
+ ),
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class krbtpolicy_reset(Method):
+ __doc__ = _("Reset Kerberos ticket policy to the default values.")
+
+ takes_args = (
+ parameters.Str(
+ 'uid',
+ required=False,
+ cli_name='user',
+ label=_(u'User name'),
+ doc=_(u'Manage ticket policy for specific user'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
+
+
+@register()
+class krbtpolicy_show(Method):
+ __doc__ = _("Display the current Kerberos ticket policy.")
+
+ takes_args = (
+ parameters.Str(
+ 'uid',
+ required=False,
+ cli_name='user',
+ label=_(u'User name'),
+ doc=_(u'Manage ticket policy for specific user'),
+ ),
+ )
+ takes_options = (
+ parameters.Flag(
+ 'rights',
+ label=_(u'Rights'),
+ doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'all',
+ doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ parameters.Flag(
+ 'raw',
+ doc=_(u'Print entries as stored on the server. Only affects output format.'),
+ exclude=('webui',),
+ default=False,
+ autofill=True,
+ ),
+ )
+ has_output = (
+ output.Output(
+ 'summary',
+ (unicode, type(None)),
+ doc=_(u'User-friendly description of action performed'),
+ ),
+ output.Entry(
+ 'result',
+ ),
+ output.PrimaryKey(
+ 'value',
+ doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
+ ),
+ )
diff --git a/ipaclient/remote_plugins/2_114/migration.py b/ipaclient/remote_plugins/2_114/migration.py
new file mode 100644
index 0000000..06c0346
--- /dev/null
+++ b/ipaclient/remote_plugins/2_114/migration.py
@@ -0,0 +1,302 @@
+#
+# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
+#
+
+# pylint: disable=unused-import
+import six
+
+from . import Command, Method, Object
+from ipalib import api, parameters, output
+from ipalib.parameters import DefaultFrom
+from ipalib.plugable import Registry
+from ipalib.text import _
+from ipapython.dn import DN
+from ipapython.dnsutil import DNSName
+
+if six.PY3:
+ unicode = str
+
+__doc__ = _("""
+Migration to IPA
+
+Migrate users and groups from an LDAP server to IPA.
+
+This performs an LDAP query against the remote server searching for
+users and groups in a container. In order to migrate passwords you need
+to bind as a user that can read the userPassword attribute on the remote
+server. This is generally restricted to high-level admins such as
+cn=Directory Manager in 389-ds (this is the default bind user).
+
+The default user container is ou=People.
+
+The default group container is ou=Groups.
+
+Users and groups that already exist on the IPA server are skipped.
+
+Two LDAP schemas define how group members are stored: RFC2307 and
+RFC2307bis. RFC2307bis uses member and uniquemember to specify group
+members, RFC2307 uses memberUid. The default schema is RFC2307bis.
+
+The schema compat feature allows IPA to reformat data for systems that
+do not support RFC2307bis. It is recommended that this feature is disabled
+during migration to reduce system overhead. It can be re-enabled after
+migration. To migrate with it enabled use the "--with-compat" option.
+
+Migrated users do not have Kerberos credentials, they have only their
+LDAP password. To complete the migration process, users need to go
+to http://ipa.example.com/ipa/migration and authenticate using their
+LDAP password in order to generate their Kerberos credentials.
+
+Migration is disabled by default. Use the command ipa config-mod to
+enable it:
+
+ ipa config-mod --enable-migration=TRUE
+
+If a base DN is not provided with --basedn then IPA will use either
+the value of defaultNamingContext if it is set or the first value
+in namingContexts set in the root of the remote LDAP server.
+
+Users are added as members to the default user group. This can be a
+time-int