The vault-find plugin has two additional arguments to list all service vaults or user vaults. Since the name of a vault is only unique for a particular user or service, the commands also print the vault user or vault service. The virtual attributes were added in rev 01dd951ddc0181b559eb3dd5ff0336c81e245628.
Example: $ ipa vault-find --users ---------------- 2 vaults matched ---------------- Vault name: myvault Type: standard Vault user: admin Vault name: UserVault Type: standard Vault user: admin ---------------------------- Number of entries returned 2 ---------------------------- $ ipa vault-find --services ---------------- 2 vaults matched ---------------- Vault name: myvault Type: standard Vault service: HTTP/ipatest.freeipa.local@FREEIPA.LOCAL Vault name: myvault Type: standard Vault service: ldap/ipatest.freeipa.local@FREEIPA.LOCAL ---------------------------- Number of entries returned 2 ---------------------------- https://fedorahosted.org/freeipa/ticket/5150
From 513e4ab2e02e3b5f72b5a83a176b74ee0acba631 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 19 Aug 2015 13:32:01 +0200 Subject: [PATCH] Add flag to list all service and user vaults The vault-find plugin has two additional arguments to list all service vaults or user vaults. Since the name of a vault is only unique for a particular user or service, the commands also print the vault user or vault service. The virtual attributes were added in rev 01dd951ddc0181b559eb3dd5ff0336c81e245628. Example: $ ipa vault-find --users ---------------- 2 vaults matched ---------------- Vault name: myvault Type: standard Vault user: admin Vault name: UserVault Type: standard Vault user: admin ---------------------------- Number of entries returned 2 ---------------------------- $ ipa vault-find --services ---------------- 2 vaults matched ---------------- Vault name: myvault Type: standard Vault service: HTTP/ipatest.freeipa.local@FREEIPA.LOCAL Vault name: myvault Type: standard Vault service: ldap/ipatest.freeipa.local@FREEIPA.LOCAL ---------------------------- Number of entries returned 2 ---------------------------- https://fedorahosted.org/freeipa/ticket/5150 --- ipalib/plugins/vault.py | 39 +++++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/ipalib/plugins/vault.py b/ipalib/plugins/vault.py index 712e2d5ddfa723eb84b80a261289a7cf1c75674f..0b22a5375b71dbdcb374d6b284c12a5f49a7638e 100644 --- a/ipalib/plugins/vault.py +++ b/ipalib/plugins/vault.py @@ -343,24 +343,17 @@ class vault(LDAPObject): """ Generates vault DN from parameters. """ - service = options.get('service') + services = options.get('services') shared = options.get('shared') user = options.get('username') + users = options.get('users') - count = 0 - if service: - count += 1 - - if shared: - count += 1 - - if user: - count += 1 - + count = (bool(service) + bool(services) + bool(shared) + + bool(user) + bool(users)) if count > 1: raise errors.MutuallyExclusiveError( - reason=_('Service, shared, and user options ' + + reason=_('Service(s), shared, and user(s) options ' + 'cannot be specified simultaneously')) # TODO: create container_dn after object initialization then reuse it @@ -385,10 +378,16 @@ class vault(LDAPObject): if service: parent_dn = DN(('cn', service), ('cn', 'services'), container_dn) + elif services: + parent_dn = DN(('cn', 'services'), container_dn) elif shared: parent_dn = DN(('cn', 'shared'), container_dn) - else: + elif user: parent_dn = DN(('cn', user), ('cn', 'users'), container_dn) + elif users: + parent_dn = DN(('cn', 'users'), container_dn) + else: + raise RuntimeError return DN(rdns, parent_dn) @@ -814,7 +813,16 @@ class vault_del(LDAPDelete): class vault_find(LDAPSearch): __doc__ = _('Search for vaults.') - takes_options = LDAPSearch.takes_options + vault_options + takes_options = LDAPSearch.takes_options + vault_options + ( + Flag( + 'services?', + doc=_('List all service vaults'), + ), + Flag( + 'users?', + doc=_('List all user vaults'), + ), + ) has_output_params = LDAPSearch.has_output_params @@ -832,6 +840,9 @@ class vault_find(LDAPSearch): raise errors.InvocationError( format=_('KRA service is not enabled')) + if options.get('users') or options.get('services'): + scope = ldap.SCOPE_SUBTREE + base_dn = self.obj.get_dn(None, **options) return (filter, base_dn, scope) -- 2.4.3
signature.asc
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
