Server Roles: make *config-show consume relevant roles/attributes

This patch modifies config objects so that the roles/attributes relevant to
the configuration are shown in the output:

* config-{show,mod} will show list of all IPA masters, CA servers and CA
  renewal master

* dnsconfig-{show,mod} will list all DNS server and DNS key master

* trustconfig-{show,mod} will list all AD trust controllers and agents

* vaultconfig-show will list all Key Recovery Agents

http://www.freeipa.org/page/V4/Server_Roles
https://fedorahosted.org/freeipa/ticket/5181

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>

1 files changed, 12 insertions, 3 deletions

diff --git a/ipaserver/plugins/vault.py b/ipaserver/plugins/vault.py
index 05db63cdc..380e4d478 100644
--- a/ipaserver/plugins/vault.py
+++ b/ipaserver/plugins/vault.py
@@ -959,6 +959,12 @@ class vaultconfig(Object):
             'transport_cert',
             label=_('Transport Certificate'),
         ),
+        Str(
+            'kra_server_server*',
+            label=_('IPA KRA servers'),
+            doc=_('IPA servers configured as key recovery agents'),
+            flags={'virtual_attribute', 'no_create', 'no_update'}
+        )
     )
 
 
@@ -981,10 +987,13 @@ class vaultconfig_show(Retrieve):
 
         kra_client = self.api.Backend.kra.get_client()
         transport_cert = kra_client.system_certs.get_transport_cert()
+        config = {'transport_cert': transport_cert.binary}
+        config.update(
+            self.api.Backend.serverroles.config_retrieve("KRA server")
+        )
+
         return {
-            'result': {
-                'transport_cert': transport_cert.binary
-            },
+            'result': config,
             'value': None,
         }