Populate nshardwareplatform and nsosversion during join operation

Fixes: https://pagure.io/freeipa/issue/8370
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>

ACI.txt

@@ -141,7 +141,7 @@ aci: (targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System
 dn: cn=computers,cn=accounts,dc=ipa,dc=example
 aci: (targetattr = "krbprincipalname")(targetfilter = "(&(!(krbprincipalname=*))(objectclass=ipahost))")(version 3.0;acl "permission:System: Add krbPrincipalName to a Host";allow (write) groupdn = "ldap:///cn=System: Add krbPrincipalName to a Host,cn=permissions,cn=pbac,dc=ipa,dc=example";)
 dn: cn=computers,cn=accounts,dc=ipa,dc=example
-aci: (targetattr = "enrolledby || objectclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Enroll a Host";allow (write) groupdn = "ldap:///cn=System: Enroll a Host,cn=permissions,cn=pbac,dc=ipa,dc=example";)
+aci: (targetattr = "enrolledby || nshardwareplatform || nsosversion || objectclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Enroll a Host";allow (write) groupdn = "ldap:///cn=System: Enroll a Host,cn=permissions,cn=pbac,dc=ipa,dc=example";)
 dn: cn=computers,cn=accounts,dc=ipa,dc=example
 aci: (targetattr = "usercertificate")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Certificates";allow (write) groupdn = "ldap:///cn=System: Manage Host Certificates,cn=permissions,cn=pbac,dc=ipa,dc=example";)
 dn: cn=computers,cn=accounts,dc=ipa,dc=example

ipaserver/plugins/host.py

@@ -361,7 +361,9 @@ class host(LDAPObject):
         },
         'System: Enroll a Host': {
             'ipapermright': {'write'},
-            'ipapermdefaultattr': {'objectclass', 'enrolledby'},
+            'ipapermdefaultattr': {
+                'objectclass', 'enrolledby', 'nshardwareplatform', 'nsosversion'
+            },
             'replaces': [
                 '(targetattr = "objectclass")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Enroll a host";allow (write) groupdn = "ldap:///cn=Enroll a host,cn=permissions,cn=pbac,$SUFFIX";)',
                 '(targetattr = "enrolledby || objectclass")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Enroll a host";allow (write) groupdn = "ldap:///cn=Enroll a host,cn=permissions,cn=pbac,$SUFFIX";)',

ipaserver/plugins/join.py

@@ -97,10 +97,13 @@ class join(Command):
         assert 'cn' not in kw
         ldap = self.api.Backend.ldap2
 
+        # realm parameter is not supported by host_{add,mod}
+        kw.pop('realm', None)
+
         try:
             # First see if the host exists
-            kw = {'fqdn': hostname, 'all': True}
-            attrs_list = api.Command['host_show'](**kw)['result']
+            show_kw = {'fqdn': hostname, 'all': True}
+            attrs_list = api.Command['host_show'](**show_kw)['result']
             dn = attrs_list['dn']
 
             # No error raised so far means that host entry exists
@@ -112,7 +115,8 @@ class join(Command):
             # one.
             if 'krbprincipalname' not in attrs_list:
                 service = "host/%s@%s" % (hostname, api.env.realm)
-                api.Command['host_mod'](hostname, krbprincipalname=service)
+                api.Command['host_mod'](hostname, **kw,
+                                        krbprincipalname=service)
                 logger.info('No principal set, setting to %s', service)
 
             # It exists, can we write the password attributes?
@@ -122,12 +126,11 @@ class join(Command):
                     "to the 'krbLastPwdChange' attribute of entry '%s'.") % dn)
 
             # Reload the attrs_list and dn so that we return update values
-            kw = {'fqdn': hostname, 'all': True}
-            attrs_list = api.Command['host_show'](**kw)['result']
+            attrs_list = api.Command['host_show'](**show_kw)['result']
             dn = attrs_list['dn']
 
         except errors.NotFound:
-            attrs_list = api.Command['host_add'](hostname,
+            attrs_list = api.Command['host_add'](hostname, **kw,
                                                  force=True)['result']
             dn = attrs_list['dn']
 
@@ -135,4 +138,4 @@ class join(Command):
         attrs_list['ipacertificatesubjectbase'] =\
             config['ipacertificatesubjectbase']
 
-        return (dn, attrs_list)
+        return dn, attrs_list