On 12/01/2014 02:33 PM, Jan Cholasta wrote:
Hi,
Dne 1.12.2014 v 14:17 Petr Vobornik napsal(a):
`--hosts` option added to:
* service-allow-create-keytab
* service-allow-retrieve-keytab
* service-disallow-create-keytab
* service-disallow-retrieve-keytab
* host-allow-create-keytab
* host-allow-retrieve-keytab
* host-disallow-create-keytab
* host-disallow-retrieve-keytab
in order to allow hosts to retrieve keytab of their services or related
hosts as described on http://www.freeipa.org/page/V4/Keytab_Retrieval
design page
https://fedorahosted.org/freeipa/ticket/4777
Since groups of users are supported with "group" members, we should
probably also support groups of hosts with "hostgroup" members, for
consistency.
--hostgroup options added.
I'm pondering how to handle Web UI. I'm not font of adding a third pair
of tables to host and service details pages because the amount of space
on the page required for the keytab management is much bigger than its
importance compared to other fields.
Honza
--
Petr Vobornik
From aed7cb6a62ee55a982dcf8aca7da9ac1cd747833 Mon Sep 17 00:00:00 2001
From: Petr Vobornik
Date: Mon, 1 Dec 2014 10:15:21 +0100
Subject: [PATCH] add --hosts and --hostgroup options to allow/retrieve keytab
methods
`--hosts` and `--hostgroup` options added to:
* service-allow-create-keytab
* service-allow-retrieve-keytab
* service-disallow-create-keytab
* service-disallow-retrieve-keytab
* host-allow-create-keytab
* host-allow-retrieve-keytab
* host-disallow-create-keytab
* host-disallow-retrieve-keytab
in order to allow hosts to retrieve keytab of their services or related hosts as described on http://www.freeipa.org/page/V4/Keytab_Retrieval design page
https://fedorahosted.org/freeipa/ticket/4777
---
API.txt | 32 ++--
VERSION | 4 +-
ipalib/plugins/host.py | 28 +--
ipalib/plugins/service.py | 28 +--
ipatests/test_xmlrpc/test_host_plugin.py| 109 ++--
ipatests/test_xmlrpc/test_service_plugin.py | 92 ---
6 files changed, 257 insertions(+), 36 deletions(-)
diff --git a/API.txt b/API.txt
index 2a63f1e2349f0df69433fa7cb742e269cd42d79f..e9768bf1e87d6679c439b98ed696b720937099d2 100644
--- a/API.txt
+++ b/API.txt
@@ -1826,10 +1826,12 @@ output: Output('completed', , None)
output: Output('failed', , None)
output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
command: host_allow_create_keytab
-args: 1,6,3
+args: 1,8,3
arg: Str('fqdn', attribute=True, cli_name='hostname', multivalue=False, primary_key=True, query=True, required=True)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('group*', alwaysask=True, cli_name='groups', csv=True)
+option: Str('host*', alwaysask=True, cli_name='hosts', csv=True)
+option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups', csv=True)
option: Flag('no_members', autofill=True, default=False, exclude='webui')
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Str('user*', alwaysask=True, cli_name='users', csv=True)
@@ -1838,10 +1840,12 @@ output: Output('completed', , None)
output: Output('failed', , None)
output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
command: host_allow_retrieve_keytab
-args: 1,6,3
+args: 1,8,3
arg: Str('fqdn', attribute=True, cli_name='hostname', multivalue=False, primary_key=True, query=True, required=True)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('group*', alwaysask=True, cli_name='groups', csv=True)
+option: Str('host*', alwaysask=True, cli_name='hosts', csv=True)
+option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups', csv=True)
option: Flag('no_members', autofill=True, default=False, exclude='webui')
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Str('user*', alwaysask=True, cli_name='users', csv=True)
@@ -1866,10 +1870,12 @@ output: Output('result', , None)
output: Output('summary', (, ), None)
output: PrimaryKey('value', None, None)
command: host_disallow_create_keytab
-args: 1,6,3
+args: 1,8,3
arg: Str('fqdn', attribute=True, cli_name='hostname', multivalue=False, primary_key=True, query=True, required=True)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('group*', alwaysask=True, cli_name='groups', csv=True)
+option: Str('host*', alwaysask=True, cli_name='hosts', csv=True)
+option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups', csv=True)
option: Flag('no_members', autofill=True, default=False, exclude='webui')
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Str('user*', alwaysask=True, cli_name='users', csv=True)
@@ -1