summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/vault.py
Commit message (Collapse)AuthorAgeFilesLines
* vault: fix private service vault creationJan Cholasta2015-10-131-2/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/5361 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: add permissions and administrator privilegeJan Cholasta2015-09-171-0/+98
| | | | | | https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: set owner to current user on container creationJan Cholasta2015-09-171-20/+1
| | | | | | | | This reverts commit 419754b1c11139435ae5b5082a51026da0d5e730. https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: add vault container commandsPetr Vobornik2015-09-171-21/+222
| | | | | | | | | | | | | | | | adds commands: * vaultcontainer-show [--service <service>|--user <user>|--shared ] * vaultcontainer-del [--service <service>|--user <user>|--shared ] * vaultcontainer-add-owner [--service <service>|--user <user>|--shared ] [--users <users>] [--groups <groups>] [--services <services>] * vaultcontainer-remove-owner [--service <service>|--user <user>|--shared ] [--users <users>] [--groups <groups>] [--services <services>] https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Use the print functionPetr Viktorin2015-09-011-1/+3
| | | | | | | | | In Python 3, `print` is no longer a statement. Call it as a function everywhere, and include the future import to remove the statement in Python 2 code as well. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* vault: Limit size of data stored in vaultDavid Kupka2015-08-261-1/+20
| | | | | | https://fedorahosted.org/freeipa/ticket/5231 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix: Remove leftover krbV referenceMartin Basti2015-08-261-1/+1
| | | | Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* vault: change default vault type to symmetricPetr Vobornik2015-08-261-3/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/5251 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Port from python-krbV to python-gssapiMichael Simacek2015-08-261-4/+3
| | | | | | | | | | | | | | | | | | python-krbV library is deprecated and doesn't work with python 3. Replacing all it's usages with python-gssapi. - Removed Backend.krb and KRB5_CCache classes They were wrappers around krbV classes that cannot really work without them - Added few utility functions for querying GSSAPI credentials in krb_utils module. They provide replacements for KRB5_CCache. - Merged two kinit_keytab functions - Changed ldap plugin connection defaults to match ipaldap - Unified getting default realm Using api.env.realm instead of krbV call Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Added support for changing vault encryption.Endi S. Dewata2015-08-251-12/+221
| | | | | | | | | | | | The vault-mod command has been modified to support changing vault encryption attributes (i.e. type, password, public/private keys) in addition to normal attributes (i.e. description). Changing the encryption requires retrieving the stored secret with the old attributes and rearchiving it with the new attributes. https://fedorahosted.org/freeipa/ticket/5176 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Change internal rsa_(public|private)_key variable namesChristian Heimes2015-08-241-4/+4
| | | | | | | | | | In two places the vault plugin refers to rsa public or rsa private key although the code can handle just any kind of asymmetric algorithms, e.g. ECDSA. The patch just renames the occurences to avoid more confusion in the future. Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add flag to list all service and user vaultsChristian Heimes2015-08-191-15/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The vault-find plugin has two additional arguments to list all service vaults or user vaults. Since the name of a vault is only unique for a particular user or service, the commands also print the vault user or vault service. The virtual attributes were added in rev 01dd951ddc0181b559eb3dd5ff0336c81e245628. Example: $ ipa vault-find --users ---------------- 2 vaults matched ---------------- Vault name: myvault Type: standard Vault user: admin Vault name: UserVault Type: standard Vault user: admin ---------------------------- Number of entries returned 2 ---------------------------- $ ipa vault-find --services ---------------- 2 vaults matched ---------------- Vault name: myvault Type: standard Vault service: HTTP/ipatest.freeipa.local@FREEIPA.LOCAL Vault name: myvault Type: standard Vault service: ldap/ipatest.freeipa.local@FREEIPA.LOCAL ---------------------------- Number of entries returned 2 ---------------------------- https://fedorahosted.org/freeipa/ticket/5150 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* vault: Add container information to vault command resultsJan Cholasta2015-08-191-0/+44
| | | | | | https://fedorahosted.org/freeipa/ticket/5150 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: Fix vault-find with criteriaJan Cholasta2015-08-191-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/5212 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: validate vault typePetr Vobornik2015-08-181-2/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/5211 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* vault: normalize service principal in service vault operationsPetr Vobornik2015-08-181-0/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/5233 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fixed vault container ownership.Endi S. Dewata2015-08-181-2/+23
| | | | | | | | | | The vault-add command has been fixed such that if the user/service private vault container does not exist yet it will be created and owned by the user/service instead of the vault creator. https://fedorahosted.org/freeipa/ticket/5194 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* vault: Fix param labels in output of vault owner commandsJan Cholasta2015-08-181-0/+12
| | | | | | https://fedorahosted.org/freeipa/ticket/5214 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Added CLI param and ACL for vault service operations.Endi S. Dewata2015-08-171-94/+83
| | | | | | | | | | | | | The CLIs to manage vault owners and members have been modified to accept services with a new parameter. A new ACL has been added to allow a service to create its own service container. https://fedorahosted.org/freeipa/ticket/5172 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Asymmetric vault: validate public key in clientChristian Heimes2015-08-131-0/+13
| | | | | | | | | | | | The ipa vault commands now load and validate the public key for asymmetric encryption, before sending it to the server. This prevents invalid vaults and prohibits accidental exposure of private key material. https://fedorahosted.org/freeipa/ticket/5142 https://fedorahosted.org/freeipa/ticket/5143 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-121-1/+1
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* validate mutually exclusive options in vault-addPetr Vobornik2015-08-121-0/+12
| | | | | | https://fedorahosted.org/freeipa/ticket/5195 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Validate vault's file parametersChristian Heimes2015-07-311-12/+47
| | | | | | | | | | | A user can pass file names for password, public and private key files to the vault plugin. The plugin attempts to read from these files. If any file can't be, an internal error was raised. The patch wraps all reads and turns any IOError and UnicodeError into a ValidationError. https://fedorahosted.org/freeipa/ticket/5155 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix minor typosYuri Chornoivan2015-07-171-1/+1
| | | | | | | | | | | | | <ame> -> <name> overriden -> overridden ablity -> ability enties -> entries the the -> the https://fedorahosted.org/freeipa/ticket/5109 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Added vault access control.Endi S. Dewata2015-07-081-6/+112
| | | | | | | | | | | New LDAP ACIs have been added to allow vault owners to manage the vaults and to allow members to access the vaults. New CLIs have been added to manage the owner and member list. The LDAP schema has been updated as well. https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Added ipaVaultPublicKey attribute.Endi S. Dewata2015-07-071-8/+8
| | | | | | | | | A new attribute ipaVaultPublicKey has been added to replace the existing ipaPublicKey used to store the vault public key. https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Added symmetric and asymmetric vaults.Endi S. Dewata2015-07-071-35/+548
| | | | | | | | | | | The vault plugin has been modified to support symmetric and asymmetric vaults to provide additional security over the standard vault by encrypting the data before it's sent to the server. The encryption functionality is implemented using the python-cryptography library. https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* vault: Fix ipa-kra-installJan Cholasta2015-06-101-9/+29
| | | | | | | | | Use state in LDAP rather than local state to check if KRA is installed. Use correct log file names. https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: David Kupka <dkupka@redhat.com>
* Added vault-archive and vault-retrieve commands.Endi S. Dewata2015-06-081-1/+495
| | | | | | | | | | New commands have been added to archive and retrieve data into and from a vault, also to retrieve the transport certificate. https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Added vault plugin.Endi S. Dewata2015-05-251-0/+321
A new plugin has been added to manage vaults. Test scripts have also been added to verify the functionality. https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
generated by cgit (git 2.34.1) at 2025-08-31 16:33:11 +0000