diff options
Diffstat (limited to 'ipaclient/remote_plugins/2_164/delegation.py')
-rw-r--r-- | ipaclient/remote_plugins/2_164/delegation.py | 383 |
1 files changed, 383 insertions, 0 deletions
diff --git a/ipaclient/remote_plugins/2_164/delegation.py b/ipaclient/remote_plugins/2_164/delegation.py new file mode 100644 index 000000000..87496117f --- /dev/null +++ b/ipaclient/remote_plugins/2_164/delegation.py @@ -0,0 +1,383 @@ +# +# Copyright (C) 2016 FreeIPA Contributors see COPYING for license +# + +# pylint: disable=unused-import +import six + +from . import Command, Method, Object +from ipalib import api, parameters, output +from ipalib.parameters import DefaultFrom +from ipalib.plugable import Registry +from ipalib.text import _ +from ipapython.dn import DN +from ipapython.dnsutil import DNSName + +if six.PY3: + unicode = str + +__doc__ = _(""" +Group to Group Delegation + +A permission enables fine-grained delegation of permissions. Access Control +Rules, or instructions (ACIs), grant permission to permissions to perform +given tasks such as adding a user, modifying a group, etc. + +Group to Group Delegations grants the members of one group to update a set +of attributes of members of another group. + +EXAMPLES: + + Add a delegation rule to allow managers to edit employee's addresses: + ipa delegation-add --attrs=street --group=managers --membergroup=employees "managers edit employees' street" + + When managing the list of attributes you need to include all attributes + in the list, including existing ones. Add postalCode to the list: + ipa delegation-mod --attrs=street --attrs=postalCode --group=managers --membergroup=employees "managers edit employees' street" + + Display our updated rule: + ipa delegation-show "managers edit employees' street" + + Delete a rule: + ipa delegation-del "managers edit employees' street" +""") + +register = Registry() + + +@register() +class delegation(Object): + takes_params = ( + parameters.Str( + 'aciname', + primary_key=True, + label=_(u'Delegation name'), + ), + parameters.Str( + 'permissions', + required=False, + multivalue=True, + label=_(u'Permissions'), + doc=_(u'Permissions to grant (read, write). Default is write.'), + ), + parameters.Str( + 'attrs', + multivalue=True, + label=_(u'Attributes'), + doc=_(u'Attributes to which the delegation applies'), + ), + parameters.Str( + 'memberof', + label=_(u'Member user group'), + doc=_(u'User group to apply delegation to'), + ), + parameters.Str( + 'group', + label=_(u'User group'), + doc=_(u'User group ACI grants access to'), + ), + ) + + +@register() +class delegation_add(Method): + __doc__ = _("Add a new delegation.") + + takes_args = ( + parameters.Str( + 'aciname', + cli_name='name', + label=_(u'Delegation name'), + ), + ) + takes_options = ( + parameters.Str( + 'permissions', + required=False, + multivalue=True, + label=_(u'Permissions'), + doc=_(u'Permissions to grant (read, write). Default is write.'), + ), + parameters.Str( + 'attrs', + multivalue=True, + label=_(u'Attributes'), + doc=_(u'Attributes to which the delegation applies'), + no_convert=True, + ), + parameters.Str( + 'memberof', + cli_name='membergroup', + label=_(u'Member user group'), + doc=_(u'User group to apply delegation to'), + ), + parameters.Str( + 'group', + label=_(u'User group'), + doc=_(u'User group ACI grants access to'), + ), + parameters.Flag( + 'all', + doc=_(u'Retrieve and print all attributes from the server. Affects command output.'), + exclude=('webui',), + default=False, + autofill=True, + ), + parameters.Flag( + 'raw', + doc=_(u'Print entries as stored on the server. Only affects output format.'), + exclude=('webui',), + default=False, + autofill=True, + ), + ) + has_output = ( + output.Output( + 'summary', + (unicode, type(None)), + doc=_(u'User-friendly description of action performed'), + ), + output.Entry( + 'result', + ), + output.PrimaryKey( + 'value', + doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"), + ), + ) + + +@register() +class delegation_del(Method): + __doc__ = _("Delete a delegation.") + + takes_args = ( + parameters.Str( + 'aciname', + cli_name='name', + label=_(u'Delegation name'), + ), + ) + takes_options = ( + ) + has_output = ( + output.Output( + 'summary', + (unicode, type(None)), + doc=_(u'User-friendly description of action performed'), + ), + output.Output( + 'result', + bool, + doc=_(u'True means the operation was successful'), + ), + output.PrimaryKey( + 'value', + doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"), + ), + ) + + +@register() +class delegation_find(Method): + __doc__ = _("Search for delegations.") + + takes_args = ( + parameters.Str( + 'criteria', + required=False, + doc=_(u'A string searched in all relevant object attributes'), + ), + ) + takes_options = ( + parameters.Str( + 'aciname', + required=False, + cli_name='name', + label=_(u'Delegation name'), + ), + parameters.Str( + 'permissions', + required=False, + multivalue=True, + label=_(u'Permissions'), + doc=_(u'Permissions to grant (read, write). Default is write.'), + ), + parameters.Str( + 'attrs', + required=False, + multivalue=True, + label=_(u'Attributes'), + doc=_(u'Attributes to which the delegation applies'), + no_convert=True, + ), + parameters.Str( + 'memberof', + required=False, + cli_name='membergroup', + label=_(u'Member user group'), + doc=_(u'User group to apply delegation to'), + ), + parameters.Str( + 'group', + required=False, + label=_(u'User group'), + doc=_(u'User group ACI grants access to'), + ), + parameters.Flag( + 'pkey_only', + required=False, + label=_(u'Primary key only'), + doc=_(u'Results should contain primary key attribute only ("name")'), + default=False, + autofill=True, + ), + parameters.Flag( + 'all', + doc=_(u'Retrieve and print all attributes from the server. Affects command output.'), + exclude=('webui',), + default=False, + autofill=True, + ), + parameters.Flag( + 'raw', + doc=_(u'Print entries as stored on the server. Only affects output format.'), + exclude=('webui',), + default=False, + autofill=True, + ), + ) + has_output = ( + output.Output( + 'summary', + (unicode, type(None)), + doc=_(u'User-friendly description of action performed'), + ), + output.ListOfEntries( + 'result', + ), + output.Output( + 'count', + int, + doc=_(u'Number of entries returned'), + ), + output.Output( + 'truncated', + bool, + doc=_(u'True if not all results were returned'), + ), + ) + + +@register() +class delegation_mod(Method): + __doc__ = _("Modify a delegation.") + + takes_args = ( + parameters.Str( + 'aciname', + cli_name='name', + label=_(u'Delegation name'), + ), + ) + takes_options = ( + parameters.Str( + 'permissions', + required=False, + multivalue=True, + label=_(u'Permissions'), + doc=_(u'Permissions to grant (read, write). Default is write.'), + ), + parameters.Str( + 'attrs', + required=False, + multivalue=True, + label=_(u'Attributes'), + doc=_(u'Attributes to which the delegation applies'), + no_convert=True, + ), + parameters.Str( + 'memberof', + required=False, + cli_name='membergroup', + label=_(u'Member user group'), + doc=_(u'User group to apply delegation to'), + ), + parameters.Str( + 'group', + required=False, + label=_(u'User group'), + doc=_(u'User group ACI grants access to'), + ), + parameters.Flag( + 'all', + doc=_(u'Retrieve and print all attributes from the server. Affects command output.'), + exclude=('webui',), + default=False, + autofill=True, + ), + parameters.Flag( + 'raw', + doc=_(u'Print entries as stored on the server. Only affects output format.'), + exclude=('webui',), + default=False, + autofill=True, + ), + ) + has_output = ( + output.Output( + 'summary', + (unicode, type(None)), + doc=_(u'User-friendly description of action performed'), + ), + output.Entry( + 'result', + ), + output.PrimaryKey( + 'value', + doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"), + ), + ) + + +@register() +class delegation_show(Method): + __doc__ = _("Display information about a delegation.") + + takes_args = ( + parameters.Str( + 'aciname', + cli_name='name', + label=_(u'Delegation name'), + ), + ) + takes_options = ( + parameters.Flag( + 'all', + doc=_(u'Retrieve and print all attributes from the server. Affects command output.'), + exclude=('webui',), + default=False, + autofill=True, + ), + parameters.Flag( + 'raw', + doc=_(u'Print entries as stored on the server. Only affects output format.'), + exclude=('webui',), + default=False, + autofill=True, + ), + ) + has_output = ( + output.Output( + 'summary', + (unicode, type(None)), + doc=_(u'User-friendly description of action performed'), + ), + output.Entry( + 'result', + ), + output.PrimaryKey( + 'value', + doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"), + ), + ) |