diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2016-05-30 18:42:01 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-06-13 17:50:54 +0200 |
commit | 5f7086e7183f0fcfece2bdd5be3d1ea17384717b (patch) | |
tree | 27dab7bd3dae33d40c160f208db09d3d3ad54c6b /ipaserver/plugins/vault.py | |
parent | b9aa31191b3067aced1432daa06d18b4382cd77f (diff) | |
download | freeipa-5f7086e7183f0fcfece2bdd5be3d1ea17384717b.tar.gz freeipa-5f7086e7183f0fcfece2bdd5be3d1ea17384717b.tar.xz freeipa-5f7086e7183f0fcfece2bdd5be3d1ea17384717b.zip |
Server Roles: make *config-show consume relevant roles/attributes
This patch modifies config objects so that the roles/attributes relevant to
the configuration are shown in the output:
* config-{show,mod} will show list of all IPA masters, CA servers and CA
renewal master
* dnsconfig-{show,mod} will list all DNS server and DNS key master
* trustconfig-{show,mod} will list all AD trust controllers and agents
* vaultconfig-show will list all Key Recovery Agents
http://www.freeipa.org/page/V4/Server_Roles
https://fedorahosted.org/freeipa/ticket/5181
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
Diffstat (limited to 'ipaserver/plugins/vault.py')
-rw-r--r-- | ipaserver/plugins/vault.py | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/ipaserver/plugins/vault.py b/ipaserver/plugins/vault.py index 05db63cdc..380e4d478 100644 --- a/ipaserver/plugins/vault.py +++ b/ipaserver/plugins/vault.py @@ -959,6 +959,12 @@ class vaultconfig(Object): 'transport_cert', label=_('Transport Certificate'), ), + Str( + 'kra_server_server*', + label=_('IPA KRA servers'), + doc=_('IPA servers configured as key recovery agents'), + flags={'virtual_attribute', 'no_create', 'no_update'} + ) ) @@ -981,10 +987,13 @@ class vaultconfig_show(Retrieve): kra_client = self.api.Backend.kra.get_client() transport_cert = kra_client.system_certs.get_transport_cert() + config = {'transport_cert': transport_cert.binary} + config.update( + self.api.Backend.serverroles.config_retrieve("KRA server") + ) + return { - 'result': { - 'transport_cert': transport_cert.binary - }, + 'result': config, 'value': None, } |