IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Server Roles: make *config-show consume relevant roles/attributes

Browse Source 
This patch modifies config objects so that the roles/attributes relevant to
the configuration are shown in the output:

* config-{show,mod} will show list of all IPA masters, CA servers and CA
  renewal master

* dnsconfig-{show,mod} will list all DNS server and DNS key master

* trustconfig-{show,mod} will list all AD trust controllers and agents

* vaultconfig-show will list all Key Recovery Agents

http://www.freeipa.org/page/V4/Server_Roles
https://fedorahosted.org/freeipa/ticket/5181

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
This commit is contained in:
Martin Babinsky 2016-05-30 18:42:01 +02:00 committed by Martin Basti
parent b9aa31191b
commit 5f7086e718
5 changed files with 117 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ipaserver/install/bindinstance.py
View File

@ -1230,8 +1230,12 @@ class BindInstance(service.Service):
set and thus overrides his configured options in named.conf.
"""
result = self.api.Command.dnsconfig_show()
global_conf_set = any(param in result['result'] for \
param in self.api.Object['dnsconfig'].params)
global_conf_set = any(
param.name in result['result'] for param in
self.api.Object['dnsconfig'].params() if
u'virtual_attribute' not in param.flags
)
if not global_conf_set:
print("Global DNS configuration in LDAP server is empty")

35
ipaserver/plugins/config.py
View File

@ -227,11 +227,40 @@ class config(LDAPObject):
doc=_('Default types of supported user authentication'),
values=(u'password', u'radius', u'otp', u'disabled'),
),
Str(
'ipa_master_server*',
label=_('IPA masters'),
doc=_('List of all IPA masters'),
flags={'virtual_attribute', 'no_create', 'no_update'}
),
Str(
'ca_server_server*',
label=_('IPA CA servers'),
doc=_('IPA servers configured as certificate authority'),
flags={'virtual_attribute', 'no_create', 'no_update'}
),
Str(
'ca_renewal_master_server?',
label=_('IPA CA renewal master'),
doc=_('Renewal master for IPA certificate authority'),
flags={'virtual_attribute', 'no_create', 'no_update'}
)
)
def get_dn(self, *keys, **kwargs):
return DN(('cn', 'ipaconfig'), ('cn', 'etc'), api.env.basedn)
def show_servroles_attributes(self, entry_attrs, **options):
if options.get('raw', False):
return
backend = self.api.Backend.serverroles
ca_config = backend.config_retrieve("CA server")
master_config = backend.config_retrieve("IPA master")
entry_attrs.update(ca_config)
entry_attrs.update(master_config)
@register()
@ -350,9 +379,15 @@ class config_mod(LDAPUpdate):
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
self.obj.show_servroles_attributes(entry_attrs, **options)
return dn
@register()
class config_show(LDAPRetrieve):
__doc__ = _('Show the current configuration.')
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
self.obj.show_servroles_attributes(entry_attrs, **options)
return dn

34
ipaserver/plugins/dns.py
View File

@ -4064,6 +4064,18 @@ class dnsconfig(LDAPObject):
Int('ipadnsversion?', # available only in installer/upgrade
label=_('IPA DNS version'),
),
Str(
'dns_server_server*',
label=_('IPA DNS servers'),
doc=_('List of IPA masters configured as DNS servers'),
flags={'virtual_attribute', 'no_create', 'no_update'}
),
Str(
'dnssec_key_master_server?',
label=_('IPA DNSSec key master'),
doc=_('IPA server configured as DNSSec key master'),
flags={'virtual_attribute', 'no_create', 'no_update'}
)
)
managed_permissions = {
'System: Write DNS Configuration': {
@ -4107,9 +4119,22 @@ class dnsconfig(LDAPObject):
return entry
def postprocess_result(self, result):
if not any(param in result['result'] for param in self.params):
is_config_empty = not any(
param.name in result['result'] for param in self.params() if
u'virtual_attribute' not in param.flags
)
if is_config_empty:
result['summary'] = unicode(_('Global DNS configuration is empty'))
def show_servroles_attributes(self, entry_attrs, **options):
if options.get('raw', False):
return
backend = self.api.Backend.serverroles
entry_attrs.update(
backend.config_retrieve("DNS server")
)
@register()
class dnsconfig_mod(LDAPUpdate):
@ -4163,6 +4188,9 @@ class dnsconfig_mod(LDAPUpdate):
return result
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
self.obj.show_servroles_attributes(entry_attrs, **options)
return dn
@register()
@ -4174,6 +4202,10 @@ class dnsconfig_show(LDAPRetrieve):
self.obj.postprocess_result(result)
return result
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
self.obj.show_servroles_attributes(entry_attrs, **options)
return dn
@register()

31
ipaserver/plugins/trust.py
View File

@ -1179,6 +1179,18 @@ class trustconfig(LDAPObject):
cli_name='fallback_primary_group',
label=_('Fallback primary group'),
),
Str(
'ad_trust_agent_server*',
label=_('IPA AD trust agents'),
doc=_('IPA servers configured as AD trust agents'),
flags={'virtual_attribute', 'no_create', 'no_update'}
),
Str(
'ad_trust_controller_server*',
label=_('IPA AD trust controllers'),
doc=_('IPA servers configured as AD trust controllers'),
flags={'virtual_attribute', 'no_create', 'no_update'}
),
)
def get_dn(self, *keys, **kwargs):
@ -1249,6 +1261,22 @@ class trustconfig(LDAPObject):
entry_attrs['ipantfallbackprimarygroup'] = [groupdn[0][0].value]
def show_servroles(self, entry_attrs, **options):
if options.get('raw', False):
return
backend = self.api.Backend.serverroles
adtrust_agents = backend.config_retrieve(
"AD trust agent"
)
adtrust_controllers = backend.config_retrieve(
"AD trust controller"
)
entry_attrs.update(adtrust_agents)
entry_attrs.update(adtrust_controllers)
@register()
class trustconfig_mod(LDAPUpdate):
@ -1268,6 +1296,7 @@ class trustconfig_mod(LDAPUpdate):
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
self.obj._convert_groupdn(entry_attrs, options)
self.obj.show_servroles(entry_attrs, **options)
return dn
@ -1285,6 +1314,8 @@ class trustconfig_show(LDAPRetrieve):
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
self.obj._convert_groupdn(entry_attrs, options)
self.obj.show_servroles(entry_attrs, **options)
return dn

15
ipaserver/plugins/vault.py
View File

@ -959,6 +959,12 @@ class vaultconfig(Object):
'transport_cert',
label=_('Transport Certificate'),
),
Str(
'kra_server_server*',
label=_('IPA KRA servers'),
doc=_('IPA servers configured as key recovery agents'),
flags={'virtual_attribute', 'no_create', 'no_update'}
)
)
@ -981,10 +987,13 @@ class vaultconfig_show(Retrieve):
kra_client = self.api.Backend.kra.get_client()
transport_cert = kra_client.system_certs.get_transport_cert()
config = {'transport_cert': transport_cert.binary}
config.update(
self.api.Backend.serverroles.config_retrieve("KRA server")
)
return {
'result': {
'transport_cert': transport_cert.binary
},
'result': config,
'value': None,
}