The vault-find plugin has two additional arguments to list all
service vaults or user vaults. Since the name of a vault is only unique
for a particular user or service, the commands also print the vault user
or vault service. The virtual attributes were added in rev
01dd951ddc0181b559eb3dd5ff0336c81e245628.

Example:

$ ipa vault-find --users
----------------
2 vaults matched
----------------
  Vault name: myvault
  Type: standard
  Vault user: admin

  Vault name: UserVault
  Type: standard
  Vault user: admin
----------------------------
Number of entries returned 2
----------------------------

$ ipa vault-find --services
----------------
2 vaults matched
----------------
  Vault name: myvault
  Type: standard
  Vault service: HTTP/ipatest.freeipa.local@FREEIPA.LOCAL

  Vault name: myvault
  Type: standard
  Vault service: ldap/ipatest.freeipa.local@FREEIPA.LOCAL
----------------------------
Number of entries returned 2
----------------------------

https://fedorahosted.org/freeipa/ticket/5150
From 513e4ab2e02e3b5f72b5a83a176b74ee0acba631 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Wed, 19 Aug 2015 13:32:01 +0200
Subject: [PATCH] Add flag to list all service and user vaults

The vault-find plugin has two additional arguments to list all
service vaults or user vaults. Since the name of a vault is only unique
for a particular user or service, the commands also print the vault user
or vault service. The virtual attributes were added in rev
01dd951ddc0181b559eb3dd5ff0336c81e245628.

Example:

$ ipa vault-find --users
----------------
2 vaults matched
----------------
  Vault name: myvault
  Type: standard
  Vault user: admin

  Vault name: UserVault
  Type: standard
  Vault user: admin
----------------------------
Number of entries returned 2
----------------------------

$ ipa vault-find --services
----------------
2 vaults matched
----------------
  Vault name: myvault
  Type: standard
  Vault service: HTTP/ipatest.freeipa.local@FREEIPA.LOCAL

  Vault name: myvault
  Type: standard
  Vault service: ldap/ipatest.freeipa.local@FREEIPA.LOCAL
----------------------------
Number of entries returned 2
----------------------------

https://fedorahosted.org/freeipa/ticket/5150
---
 ipalib/plugins/vault.py | 39 +++++++++++++++++++++++++--------------
 1 file changed, 25 insertions(+), 14 deletions(-)

diff --git a/ipalib/plugins/vault.py b/ipalib/plugins/vault.py
index 712e2d5ddfa723eb84b80a261289a7cf1c75674f..0b22a5375b71dbdcb374d6b284c12a5f49a7638e 100644
--- a/ipalib/plugins/vault.py
+++ b/ipalib/plugins/vault.py
@@ -343,24 +343,17 @@ class vault(LDAPObject):
         """
         Generates vault DN from parameters.
         """
-
         service = options.get('service')
+        services = options.get('services')
         shared = options.get('shared')
         user = options.get('username')
+        users = options.get('users')
 
-        count = 0
-        if service:
-            count += 1
-
-        if shared:
-            count += 1
-
-        if user:
-            count += 1
-
+        count = (bool(service) + bool(services) + bool(shared)
+                 + bool(user) + bool(users))
         if count > 1:
             raise errors.MutuallyExclusiveError(
-                reason=_('Service, shared, and user options ' +
+                reason=_('Service(s), shared, and user(s) options ' +
                          'cannot be specified simultaneously'))
 
         # TODO: create container_dn after object initialization then reuse it
@@ -385,10 +378,16 @@ class vault(LDAPObject):
 
         if service:
             parent_dn = DN(('cn', service), ('cn', 'services'), container_dn)
+        elif services:
+            parent_dn = DN(('cn', 'services'), container_dn)
         elif shared:
             parent_dn = DN(('cn', 'shared'), container_dn)
-        else:
+        elif user:
             parent_dn = DN(('cn', user), ('cn', 'users'), container_dn)
+        elif users:
+            parent_dn = DN(('cn', 'users'), container_dn)
+        else:
+            raise RuntimeError
 
         return DN(rdns, parent_dn)
 
@@ -814,7 +813,16 @@ class vault_del(LDAPDelete):
 class vault_find(LDAPSearch):
     __doc__ = _('Search for vaults.')
 
-    takes_options = LDAPSearch.takes_options + vault_options
+    takes_options = LDAPSearch.takes_options + vault_options + (
+        Flag(
+            'services?',
+            doc=_('List all service vaults'),
+        ),
+        Flag(
+            'users?',
+            doc=_('List all user vaults'),
+        ),
+    )
 
     has_output_params = LDAPSearch.has_output_params
 
@@ -832,6 +840,9 @@ class vault_find(LDAPSearch):
             raise errors.InvocationError(
                 format=_('KRA service is not enabled'))
 
+        if options.get('users') or options.get('services'):
+            scope = ldap.SCOPE_SUBTREE
+
         base_dn = self.obj.get_dn(None, **options)
 
         return (filter, base_dn, scope)
-- 
2.4.3

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to