Misleading Keytab field

The 'Keytab' field in output of all 'user-*' commands was changed
to 'Kerberos keys available'. In order to do this change for 'user-*'
commands only, the flag 'has_keytab' had to be removed from common
output parametrs in ipalib/baseldap.py. This change also affected the
host.py and service.py, where the 'has_keytab' flag was added to their
local output params. Both host.py and service.py holds the old field
caption - 'Keytab' - because of compatibility with older clients.

https://fedorahosted.org/freeipa/ticket/1961

ipalib/plugins/baseldap.py

@@ -36,9 +36,6 @@ from ipalib.util import json_serialize
 from ipalib.dn import *
 
 global_output_params = (
-    Flag('has_keytab',
-        label=_('Keytab'),
-    ),
     Flag('has_password',
         label=_('Password'),
     ),

ipalib/plugins/host.py

@@ -162,6 +162,9 @@ def remove_fwd_ptr(ipaddr, host, domain, recordtype):
         pass
 
 host_output_params = (
+    Flag('has_keytab',
+        label=_('Keytab'),
+    ),
     Str('managedby_host',
         label='Managed by',
     ),

ipalib/plugins/service.py

@@ -84,6 +84,9 @@ EXAMPLES:
 """)
 
 output_params = (
+    Flag('has_keytab',
+        label=_('Keytab'),
+    ),
     Str('managedby_host',
         label='Managed by',
     ),
@@ -358,6 +361,7 @@ class service_find(LDAPSearch):
     member_attributes = ['managedby']
     takes_options = LDAPSearch.takes_options
     has_output_params = LDAPSearch.has_output_params + output_params
+
     def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *args, **options):
         # lisp style!
         custom_filter = '(&(objectclass=ipaService)' \
@@ -392,6 +396,7 @@ class service_show(LDAPRetrieve):
             doc=_('file to store certificate in'),
         ),
     )
+    has_output_params = LDAPRetrieve.has_output_params + output_params
 
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
         self.obj.get_password_attributes(ldap, dn, entry_attrs)

ipalib/plugins/user.py

@@ -68,6 +68,12 @@ EXAMPLES:
 
 NO_UPG_MAGIC = '__no_upg__'
 
+user_output_params = (
+    Flag('has_keytab',
+        label=_('Kerberos keys available'),
+    ),
+   )
+
 def validate_nsaccountlock(entry_attrs):
     if 'nsaccountlock' in entry_attrs:
         nsaccountlock = entry_attrs['nsaccountlock']
@@ -352,6 +358,8 @@ class user_add(LDAPCreate):
 
     msg_summary = _('Added user "%(value)s"')
 
+    has_output_params = LDAPCreate.has_output_params + user_output_params
+
     takes_options = LDAPCreate.takes_options + (
         Flag('noprivate',
             cli_name='noprivate',
@@ -477,6 +485,8 @@ class user_mod(LDAPUpdate):
 
     msg_summary = _('Modified user "%(value)s"')
 
+    has_output_params = LDAPUpdate.has_output_params + user_output_params
+
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
         if 'mail' in entry_attrs:
             entry_attrs['mail'] = self.obj._normalize_email(entry_attrs['mail'])
@@ -498,6 +508,7 @@ class user_find(LDAPSearch):
     __doc__ = _('Search for users.')
 
     member_attributes = ['memberof']
+    has_output_params = LDAPSearch.has_output_params + user_output_params
 
     takes_options = LDAPSearch.takes_options + (
         Flag('whoami',
@@ -532,6 +543,8 @@ api.register(user_find)
 class user_show(LDAPRetrieve):
     __doc__ = _('Display information about a user.')
 
+    has_output_params = LDAPRetrieve.has_output_params + user_output_params
+
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
         convert_nsaccountlock(entry_attrs)
         self.obj._convert_manager(entry_attrs, **options)
@@ -566,6 +579,7 @@ class user_enable(LDAPQuery):
     __doc__ = _('Enable a user account.')
 
     has_output = output.standard_value
+    has_output_params = LDAPQuery.has_output_params + user_output_params
     msg_summary = _('Enabled user account "%(value)s"')
 
     def execute(self, *keys, **options):