add --hosts and --hostgroup options to allow/retrieve keytab methods

`--hosts` and `--hostgroup` options added to: * service-allow-create-keytab * service-allow-retrieve-keytab * service-disallow-create-keytab * service-disallow-retrieve-keytab * host-allow-create-keytab * host-allow-retrieve-keytab * host-disallow-create-keytab * host-disallow-retrieve-keytab in order to allow hosts to retrieve keytab of their services or related hosts as described on http://www.freeipa.org/page/V4/Keytab_Retrieval design page https://fedorahosted.org/freeipa/ticket/4777 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Petr Vobornik <pvoborni@redhat.com> 2014-12-01 10:15:21 +0100
committer: Jan Cholasta <jcholast@redhat.com> 2014-12-03 11:34:10 +0000
commit: 026c9eca0920e92e56148b808c851e9bde00ece8 (patch)
tree: 9df18f9c70ce619c73dac66574bf710e2cda488a /ipalib/plugins/host.py
parent: 08f8acd88c1858000f5a15c3838e1bfd78551c55 (diff)
download: freeipa-026c9eca0920e92e56148b808c851e9bde00ece8.tar.gz
freeipa-026c9eca0920e92e56148b808c851e9bde00ece8.tar.xz
freeipa-026c9eca0920e92e56148b808c851e9bde00ece8.zip
1 files changed, 22 insertions, 6 deletions
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index c4d4bdf64..39a7d3c25 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -211,12 +211,24 @@ host_output_params = (
     Str('ipaallowedtoperform_read_keys_group',
         label=_('Groups allowed to retrieve keytab'),
     ),
+    Str('ipaallowedtoperform_read_keys_host',
+        label=_('Hosts allowed to retrieve keytab'),
+    ),
+    Str('ipaallowedtoperform_read_keys_hostgroup',
+        label=_('Host Groups allowed to retrieve keytab'),
+    ),
     Str('ipaallowedtoperform_write_keys_user',
         label=_('Users allowed to create keytab'),
     ),
     Str('ipaallowedtoperform_write_keys_group',
         label=_('Groups allowed to create keytab'),
     ),
+    Str('ipaallowedtoperform_write_keys_host',
+        label=_('Hosts allowed to create keytab'),
+    ),
+    Str('ipaallowedtoperform_write_keys_hostgroup',
+        label=_('Host Groups allowed to create keytab'),
+    ),
     Str('ipaallowedtoperform_read_keys',
         label=_('Failed allowed to retrieve keytab'),
     ),
@@ -284,8 +296,8 @@ class host(LDAPObject):
         'managing': ['host'],
         'memberofindirect': ['hostgroup', 'netgroup', 'role', 'hbacrule',
         'sudorule'],
-        'ipaallowedtoperform_read_keys': ['user', 'group'],
-        'ipaallowedtoperform_write_keys': ['user', 'group'],
+        'ipaallowedtoperform_read_keys': ['user', 'group', 'host', 'hostgroup'],
+        'ipaallowedtoperform_write_keys': ['user', 'group', 'host', 'hostgroup'],
     }
     bindable = True
     relationships = {
@@ -1201,7 +1213,8 @@ class host_remove_managedby(LDAPRemoveMember):
 
 @register()
 class host_allow_retrieve_keytab(LDAPAddMember):
-    __doc__ = _('Allow users or groups to retrieve a keytab of this host.')
+    __doc__ = _('Allow users, groups, hosts or host groups to retrieve a keytab'
+                ' of this host.')
     member_attributes = ['ipaallowedtoperform_read_keys']
     has_output_params = LDAPAddMember.has_output_params + host_output_params
 
@@ -1219,7 +1232,8 @@ class host_allow_retrieve_keytab(LDAPAddMember):
 
 @register()
 class host_disallow_retrieve_keytab(LDAPRemoveMember):
-    __doc__ = _('Disallow users or groups to retrieve a keytab of this host.')
+    __doc__ = _('Disallow users, groups, hosts or host groups to retrieve a '
+                'keytab of this host.')
     member_attributes = ['ipaallowedtoperform_read_keys']
     has_output_params = LDAPRemoveMember.has_output_params + host_output_params
 
@@ -1236,7 +1250,8 @@ class host_disallow_retrieve_keytab(LDAPRemoveMember):
 
 @register()
 class host_allow_create_keytab(LDAPAddMember):
-    __doc__ = _('Allow users or groups to create a keytab of this host.')
+    __doc__ = _('Allow users, groups, hosts or host groups to create a keytab '
+                'of this host.')
     member_attributes = ['ipaallowedtoperform_write_keys']
     has_output_params = LDAPAddMember.has_output_params + host_output_params
 
@@ -1254,7 +1269,8 @@ class host_allow_create_keytab(LDAPAddMember):
 
 @register()
 class host_disallow_create_keytab(LDAPRemoveMember):
-    __doc__ = _('Disallow users or groups to create a keytab of this host.')
+    __doc__ = _('Disallow users, groups, hosts or host groups to create a '
+                'keytab of this host.')
     member_attributes = ['ipaallowedtoperform_write_keys']
     has_output_params = LDAPRemoveMember.has_output_params + host_output_params
author	Petr Vobornik <pvoborni@redhat.com>	2014-12-01 10:15:21 +0100
committer	Jan Cholasta <jcholast@redhat.com>	2014-12-03 11:34:10 +0000
commit	026c9eca0920e92e56148b808c851e9bde00ece8 (patch)
tree	9df18f9c70ce619c73dac66574bf710e2cda488a /ipalib/plugins/host.py
parent	08f8acd88c1858000f5a15c3838e1bfd78551c55 (diff)
download	freeipa-026c9eca0920e92e56148b808c851e9bde00ece8.tar.gz freeipa-026c9eca0920e92e56148b808c851e9bde00ece8.tar.xz freeipa-026c9eca0920e92e56148b808c851e9bde00ece8.zip