From 0fac76b07e7b15eb46e4db942d5c9890b704549d Mon Sep 17 00:00:00 2001

From: Christian Heimes <cheimes@redhat.com>

Date: Wed, 19 Aug 2015 13:32:01 +0200

Subject: [PATCH] Add flag to list all service and user vaults

The vault-find plugin has two additional arguments to list all

service vaults or user vaults. Since the name of a vault is only unique

for a particular user or service, the commands also print the vault user

or vault service. The virtual attributes were added in rev

01dd951ddc0181b559eb3dd5ff0336c81e245628.

Example:

$ ipa vault-find --users

----------------

2 vaults matched

----------------

  Vault name: myvault

  Type: standard

  Vault user: admin

  Vault name: UserVault

  Type: standard

  Vault user: admin

----------------------------

Number of entries returned 2

----------------------------

$ ipa vault-find --services

----------------

2 vaults matched

----------------

  Vault name: myvault

  Type: standard

  Vault service: HTTP/ipatest.freeipa.local@FREEIPA.LOCAL

  Vault name: myvault

  Type: standard

  Vault service: ldap/ipatest.freeipa.local@FREEIPA.LOCAL

----------------------------

Number of entries returned 2

----------------------------

https://fedorahosted.org/freeipa/ticket/5150

Reviewed-By: Jan Cholasta <jcholast@redhat.com>

---

 API.txt                 |  4 +++-

 VERSION                 |  4 ++--

 ipalib/plugins/vault.py | 48 +++++++++++++++++++++++++++++++++---------------

 3 files changed, 38 insertions(+), 18 deletions(-)

diff --git a/API.txt b/API.txt

index a39b22b602e0baf5d283732d18d83b2a25d5cf50..f23d9a40c647a3c4d209419631794cd36e8e5e2f 100644

--- a/API.txt

+++ b/API.txt

@@ -5508,7 +5508,7 @@ output: Output('result', <type 'dict'>, None)

 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)

 output: ListOfPrimaryKeys('value', None, None)

 command: vault_find

-args: 1,13,4

+args: 1,15,4

 arg: Str('criteria?', noextrawhitespace=False)

 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')

 option: Str('cn', attribute=True, autofill=False, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=False)

@@ -5518,10 +5518,12 @@ option: Flag('no_members', autofill=True, default=False, exclude='webui')

 option: Flag('pkey_only?', autofill=True, default=False)

 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')

 option: Str('service?')

+option: Flag('services?', autofill=True, default=False)

 option: Flag('shared?', autofill=True, default=False)

 option: Int('sizelimit?', autofill=False, minvalue=0)

 option: Int('timelimit?', autofill=False, minvalue=0)

 option: Str('username?', cli_name='user')

+option: Flag('users?', autofill=True, default=False)

 option: Str('version?', exclude='webui')

 output: Output('count', <type 'int'>, None)

 output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None))

diff --git a/VERSION b/VERSION

index 6569eeb70fa4e8065b5abb9dc89bd4cc6d42bd15..31a4af4a819415740e5c8db9259f934e13418cb5 100644

--- a/VERSION

+++ b/VERSION

@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000

 #                                                      #

 ########################################################

 IPA_API_VERSION_MAJOR=2

-IPA_API_VERSION_MINOR=150

-# Last change: pvoborni - change type of vault type option to StrEnum

+IPA_API_VERSION_MINOR=151

+# Last change: cheimes - Add flag to list all service and user vaults

diff --git a/ipalib/plugins/vault.py b/ipalib/plugins/vault.py

index 712e2d5ddfa723eb84b80a261289a7cf1c75674f..83dc085b5aadb4e2878e29d17449f0808cc7a9c2 100644

--- a/ipalib/plugins/vault.py

+++ b/ipalib/plugins/vault.py

@@ -343,21 +343,11 @@ class vault(LDAPObject):

         """

         Generates vault DN from parameters.

         """

-

         service = options.get('service')

         shared = options.get('shared')

         user = options.get('username')

-        count = 0

-        if service:

-            count += 1

-

-        if shared:

-            count += 1

-

-        if user:

-            count += 1

-

+        count = (bool(service) + bool(shared) + bool(user))

         if count > 1:

             raise errors.MutuallyExclusiveError(

                 reason=_('Service, shared, and user options ' +

@@ -387,8 +377,10 @@ class vault(LDAPObject):

             parent_dn = DN(('cn', service), ('cn', 'services'), container_dn)

         elif shared:

             parent_dn = DN(('cn', 'shared'), container_dn)

-        else:

+        elif user:

             parent_dn = DN(('cn', user), ('cn', 'users'), container_dn)

+        else:

+            raise RuntimeError

         return DN(rdns, parent_dn)

@@ -814,7 +806,16 @@ class vault_del(LDAPDelete):

 class vault_find(LDAPSearch):

     __doc__ = _('Search for vaults.')

-    takes_options = LDAPSearch.takes_options + vault_options

+    takes_options = LDAPSearch.takes_options + vault_options + (

+        Flag(

+            'services?',

+            doc=_('List all service vaults'),

+        ),

+        Flag(

+            'users?',

+            doc=_('List all user vaults'),

+        ),

+    )

     has_output_params = LDAPSearch.has_output_params

@@ -832,9 +833,26 @@ class vault_find(LDAPSearch):

             raise errors.InvocationError(

                 format=_('KRA service is not enabled'))

-        base_dn = self.obj.get_dn(None, **options)

+        if options.get('users') or options.get('services'):

+            mutex = ['service', 'services', 'shared', 'username', 'users']

+            count = sum(bool(options.get(option)) for option in mutex)

+            if count > 1:

+                raise errors.MutuallyExclusiveError(

+                    reason=_('Service(s), shared, and user(s) options ' +

+                             'cannot be specified simultaneously'))

+

+            scope = ldap.SCOPE_SUBTREE

+            container_dn = DN(self.obj.container_dn,

+                              self.api.env.basedn)

+

+            if options.get('services'):

+                base_dn = DN(('cn', 'services'), container_dn)

+            else:

+                base_dn = DN(('cn', 'users'), container_dn)

+        else:

+            base_dn = self.obj.get_dn(None, **options)

-        return (filter, base_dn, scope)

+        return filter, base_dn, scope

     def post_callback(self, ldap, entries, truncated, *args, **options):

         for entry in entries:

-- 

2.4.3