On 2015-08-19 14:12, Jan Cholasta wrote:
> The new flags should be handled in vault_find's pre_callback instead of
> vault's get_dn, as they are exclusive to vault_find and worse yet,
> conflict with vault_{add,remove}_{owner,member}'s flags, leading to
> unwanted behavior:
> 
> $ ipa vault-add-member --service testsvc/example.com testvault
> --services testsvc/example.com
> ipa: ERROR: Service(s), shared, and user(s) options cannot be specified
> simultaneously

Here is an updated patch. The new flags are now handled by the
pre_callback method. I have regenerated API.txt, too.

Christian

From a6eb87a73c1462a4de516f19b219b51e415852e5 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Wed, 19 Aug 2015 13:32:01 +0200
Subject: [PATCH] Add flag to list all service and user vaults

The vault-find plugin has two additional arguments to list all
service vaults or user vaults. Since the name of a vault is only unique
for a particular user or service, the commands also print the vault user
or vault service. The virtual attributes were added in rev
01dd951ddc0181b559eb3dd5ff0336c81e245628.

Example:

$ ipa vault-find --users
----------------
2 vaults matched
----------------
  Vault name: myvault
  Type: standard
  Vault user: admin

  Vault name: UserVault
  Type: standard
  Vault user: admin
----------------------------
Number of entries returned 2
----------------------------

$ ipa vault-find --services
----------------
2 vaults matched
----------------
  Vault name: myvault
  Type: standard
  Vault service: HTTP/ipatest.freeipa.local@FREEIPA.LOCAL

  Vault name: myvault
  Type: standard
  Vault service: ldap/ipatest.freeipa.local@FREEIPA.LOCAL
----------------------------
Number of entries returned 2
----------------------------

https://fedorahosted.org/freeipa/ticket/5150
---
 API.txt                 |  4 +++-
 ipalib/plugins/vault.py | 48 +++++++++++++++++++++++++++++++++---------------
 2 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/API.txt b/API.txt
index 4d8d9dc3d3c38d4740bda3574396ecd85877b805..dd6bcc3c39895e6af213fcece85505fa0bd6d2f2 100644
--- a/API.txt
+++ b/API.txt
@@ -5508,7 +5508,7 @@ output: Output('result', <type 'dict'>, None)
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: ListOfPrimaryKeys('value', None, None)
 command: vault_find
-args: 1,13,4
+args: 1,15,4
 arg: Str('criteria?', noextrawhitespace=False)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Str('cn', attribute=True, autofill=False, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=False)
@@ -5518,10 +5518,12 @@ option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Flag('pkey_only?', autofill=True, default=False)
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: Str('service?')
+option: Flag('services?', autofill=True, default=False)
 option: Flag('shared?', autofill=True, default=False)
 option: Int('sizelimit?', autofill=False, minvalue=0)
 option: Int('timelimit?', autofill=False, minvalue=0)
 option: Str('username?', cli_name='user')
+option: Flag('users?', autofill=True, default=False)
 option: Str('version?', exclude='webui')
 output: Output('count', <type 'int'>, None)
 output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None))
diff --git a/ipalib/plugins/vault.py b/ipalib/plugins/vault.py
index 712e2d5ddfa723eb84b80a261289a7cf1c75674f..83dc085b5aadb4e2878e29d17449f0808cc7a9c2 100644
--- a/ipalib/plugins/vault.py
+++ b/ipalib/plugins/vault.py
@@ -343,21 +343,11 @@ class vault(LDAPObject):
         """
         Generates vault DN from parameters.
         """
-
         service = options.get('service')
         shared = options.get('shared')
         user = options.get('username')
 
-        count = 0
-        if service:
-            count += 1
-
-        if shared:
-            count += 1
-
-        if user:
-            count += 1
-
+        count = (bool(service) + bool(shared) + bool(user))
         if count > 1:
             raise errors.MutuallyExclusiveError(
                 reason=_('Service, shared, and user options ' +
@@ -387,8 +377,10 @@ class vault(LDAPObject):
             parent_dn = DN(('cn', service), ('cn', 'services'), container_dn)
         elif shared:
             parent_dn = DN(('cn', 'shared'), container_dn)
-        else:
+        elif user:
             parent_dn = DN(('cn', user), ('cn', 'users'), container_dn)
+        else:
+            raise RuntimeError
 
         return DN(rdns, parent_dn)
 
@@ -814,7 +806,16 @@ class vault_del(LDAPDelete):
 class vault_find(LDAPSearch):
     __doc__ = _('Search for vaults.')
 
-    takes_options = LDAPSearch.takes_options + vault_options
+    takes_options = LDAPSearch.takes_options + vault_options + (
+        Flag(
+            'services?',
+            doc=_('List all service vaults'),
+        ),
+        Flag(
+            'users?',
+            doc=_('List all user vaults'),
+        ),
+    )
 
     has_output_params = LDAPSearch.has_output_params
 
@@ -832,9 +833,26 @@ class vault_find(LDAPSearch):
             raise errors.InvocationError(
                 format=_('KRA service is not enabled'))
 
-        base_dn = self.obj.get_dn(None, **options)
+        if options.get('users') or options.get('services'):
+            mutex = ['service', 'services', 'shared', 'username', 'users']
+            count = sum(bool(options.get(option)) for option in mutex)
+            if count > 1:
+                raise errors.MutuallyExclusiveError(
+                    reason=_('Service(s), shared, and user(s) options ' +
+                             'cannot be specified simultaneously'))
 
-        return (filter, base_dn, scope)
+            scope = ldap.SCOPE_SUBTREE
+            container_dn = DN(self.obj.container_dn,
+                              self.api.env.basedn)
+
+            if options.get('services'):
+                base_dn = DN(('cn', 'services'), container_dn)
+            else:
+                base_dn = DN(('cn', 'users'), container_dn)
+        else:
+            base_dn = self.obj.get_dn(None, **options)
+
+        return filter, base_dn, scope
 
     def post_callback(self, ldap, entries, truncated, *args, **options):
         for entry in entries:
-- 
2.4.3

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to