mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-27 08:36:41 -06:00
c93fa491f6
OpenLDAP 2.6+ finally deprecated -h and -p options in all its command line tools. They are not allowed anymore and cause ldap* tools to stop hard with 'unknown option' error. Fix this by always using -H url option instead. Deriving default value for -H url from the configuration file still works, it is only -h and -p that were deprecated. See also: https://bugs.openldap.org/show_bug.cgi?id=8618 Fixes: https://pagure.io/freeipa/issue/9106 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
1777 lines
49 KiB
Python
1777 lines
49 KiB
Python
#
|
|
# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
|
|
#
|
|
|
|
# pylint: disable=unused-import
|
|
import six
|
|
|
|
from . import Command, Method, Object
|
|
from ipalib import api, parameters, output
|
|
from ipalib.parameters import DefaultFrom
|
|
from ipalib.plugable import Registry
|
|
from ipalib.text import _
|
|
from ipapython.dn import DN
|
|
from ipapython.dnsutil import DNSName
|
|
|
|
if six.PY3:
|
|
unicode = str
|
|
|
|
__doc__ = _("""
|
|
Sudo Rules
|
|
|
|
Sudo (su "do") allows a system administrator to delegate authority to
|
|
give certain users (or groups of users) the ability to run some (or all)
|
|
commands as root or another user while providing an audit trail of the
|
|
commands and their arguments.
|
|
|
|
IPA provides a means to configure the various aspects of Sudo:
|
|
Users: The user(s)/group(s) allowed to invoke Sudo.
|
|
Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke Sudo.
|
|
Allow Command: The specific command(s) permitted to be run via Sudo.
|
|
Deny Command: The specific command(s) prohibited to be run via Sudo.
|
|
RunAsUser: The user(s) or group(s) of users whose rights Sudo will be invoked with.
|
|
RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.
|
|
Options: The various Sudoers Options that can modify Sudo's behavior.
|
|
|
|
An order can be added to a sudorule to control the order in which they
|
|
are evaluated (if the client supports it). This order is an integer and
|
|
must be unique.
|
|
|
|
IPA provides a designated binddn to use with Sudo located at:
|
|
uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
|
|
|
|
To enable the binddn run the following command to set the password:
|
|
LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W \\
|
|
-H ldap://ipa.example.com -ZZ -D "cn=Directory Manager" \\
|
|
uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
|
|
|
|
EXAMPLES:
|
|
|
|
Create a new rule:
|
|
ipa sudorule-add readfiles
|
|
|
|
Add sudo command object and add it as allowed command in the rule:
|
|
ipa sudocmd-add /usr/bin/less
|
|
ipa sudorule-add-allow-command readfiles --sudocmds /usr/bin/less
|
|
|
|
Add a host to the rule:
|
|
ipa sudorule-add-host readfiles --hosts server.example.com
|
|
|
|
Add a user to the rule:
|
|
ipa sudorule-add-user readfiles --users jsmith
|
|
|
|
Add a special Sudo rule for default Sudo server configuration:
|
|
ipa sudorule-add defaults
|
|
|
|
Set a default Sudo option:
|
|
ipa sudorule-add-option defaults --sudooption '!authenticate'
|
|
""")
|
|
|
|
register = Registry()
|
|
|
|
|
|
@register()
|
|
class sudorule(Object):
|
|
takes_params = (
|
|
parameters.Str(
|
|
'cn',
|
|
primary_key=True,
|
|
label=_(u'Rule name'),
|
|
),
|
|
parameters.Str(
|
|
'description',
|
|
required=False,
|
|
label=_(u'Description'),
|
|
),
|
|
parameters.Bool(
|
|
'ipaenabledflag',
|
|
required=False,
|
|
label=_(u'Enabled'),
|
|
),
|
|
parameters.Str(
|
|
'usercategory',
|
|
required=False,
|
|
label=_(u'User category'),
|
|
doc=_(u'User category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'hostcategory',
|
|
required=False,
|
|
label=_(u'Host category'),
|
|
doc=_(u'Host category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'cmdcategory',
|
|
required=False,
|
|
label=_(u'Command category'),
|
|
doc=_(u'Command category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasusercategory',
|
|
required=False,
|
|
label=_(u'RunAs User category'),
|
|
doc=_(u'RunAs User category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasgroupcategory',
|
|
required=False,
|
|
label=_(u'RunAs Group category'),
|
|
doc=_(u'RunAs Group category the rule applies to'),
|
|
),
|
|
parameters.Int(
|
|
'sudoorder',
|
|
required=False,
|
|
label=_(u'Sudo order'),
|
|
doc=_(u'integer to order the Sudo rules'),
|
|
),
|
|
parameters.Str(
|
|
'memberuser_user',
|
|
required=False,
|
|
label=_(u'Users'),
|
|
),
|
|
parameters.Str(
|
|
'memberuser_group',
|
|
required=False,
|
|
label=_(u'User Groups'),
|
|
),
|
|
parameters.Str(
|
|
'externaluser',
|
|
required=False,
|
|
label=_(u'External User'),
|
|
doc=_(u'External User the rule applies to (sudorule-find only)'),
|
|
),
|
|
parameters.Str(
|
|
'memberhost_host',
|
|
required=False,
|
|
label=_(u'Hosts'),
|
|
),
|
|
parameters.Str(
|
|
'memberhost_hostgroup',
|
|
required=False,
|
|
label=_(u'Host Groups'),
|
|
),
|
|
parameters.Str(
|
|
'hostmask',
|
|
multivalue=True,
|
|
label=_(u'Host Masks'),
|
|
),
|
|
parameters.Str(
|
|
'externalhost',
|
|
required=False,
|
|
multivalue=True,
|
|
label=_(u'External host'),
|
|
),
|
|
parameters.Str(
|
|
'memberallowcmd_sudocmd',
|
|
required=False,
|
|
label=_(u'Sudo Allow Commands'),
|
|
),
|
|
parameters.Str(
|
|
'memberdenycmd_sudocmd',
|
|
required=False,
|
|
label=_(u'Sudo Deny Commands'),
|
|
),
|
|
parameters.Str(
|
|
'memberallowcmd_sudocmdgroup',
|
|
required=False,
|
|
label=_(u'Sudo Allow Command Groups'),
|
|
),
|
|
parameters.Str(
|
|
'memberdenycmd_sudocmdgroup',
|
|
required=False,
|
|
label=_(u'Sudo Deny Command Groups'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunas_user',
|
|
required=False,
|
|
label=_(u'RunAs Users'),
|
|
doc=_(u'Run as a user'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunas_group',
|
|
required=False,
|
|
label=_(u'Groups of RunAs Users'),
|
|
doc=_(u'Run as any user within a specified group'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasextuser',
|
|
required=False,
|
|
label=_(u'RunAs External User'),
|
|
doc=_(u'External User the commands can run as (sudorule-find only)'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasextusergroup',
|
|
required=False,
|
|
label=_(u'External Groups of RunAs Users'),
|
|
doc=_(u'External Groups of users that the command can run as'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasgroup_group',
|
|
required=False,
|
|
label=_(u'RunAs Groups'),
|
|
doc=_(u'Run with the gid of a specified POSIX group'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasextgroup',
|
|
required=False,
|
|
label=_(u'RunAs External Group'),
|
|
doc=_(u'External Group the commands can run as (sudorule-find only)'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudoopt',
|
|
required=False,
|
|
label=_(u'Sudo Option'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_add(Method):
|
|
__doc__ = _("Create new Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Str(
|
|
'description',
|
|
required=False,
|
|
cli_name='desc',
|
|
label=_(u'Description'),
|
|
),
|
|
parameters.Bool(
|
|
'ipaenabledflag',
|
|
required=False,
|
|
label=_(u'Enabled'),
|
|
exclude=('cli', 'webui'),
|
|
),
|
|
parameters.Str(
|
|
'usercategory',
|
|
required=False,
|
|
cli_name='usercat',
|
|
cli_metavar="['all']",
|
|
label=_(u'User category'),
|
|
doc=_(u'User category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'hostcategory',
|
|
required=False,
|
|
cli_name='hostcat',
|
|
cli_metavar="['all']",
|
|
label=_(u'Host category'),
|
|
doc=_(u'Host category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'cmdcategory',
|
|
required=False,
|
|
cli_name='cmdcat',
|
|
cli_metavar="['all']",
|
|
label=_(u'Command category'),
|
|
doc=_(u'Command category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasusercategory',
|
|
required=False,
|
|
cli_name='runasusercat',
|
|
cli_metavar="['all']",
|
|
label=_(u'RunAs User category'),
|
|
doc=_(u'RunAs User category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasgroupcategory',
|
|
required=False,
|
|
cli_name='runasgroupcat',
|
|
cli_metavar="['all']",
|
|
label=_(u'RunAs Group category'),
|
|
doc=_(u'RunAs Group category the rule applies to'),
|
|
),
|
|
parameters.Int(
|
|
'sudoorder',
|
|
required=False,
|
|
cli_name='order',
|
|
label=_(u'Sudo order'),
|
|
doc=_(u'integer to order the Sudo rules'),
|
|
default=0,
|
|
),
|
|
parameters.Str(
|
|
'externaluser',
|
|
required=False,
|
|
label=_(u'External User'),
|
|
doc=_(u'External User the rule applies to (sudorule-find only)'),
|
|
),
|
|
parameters.Str(
|
|
'externalhost',
|
|
required=False,
|
|
multivalue=True,
|
|
label=_(u'External host'),
|
|
exclude=('cli', 'webui'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasextuser',
|
|
required=False,
|
|
cli_name='runasexternaluser',
|
|
label=_(u'RunAs External User'),
|
|
doc=_(u'External User the commands can run as (sudorule-find only)'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasextgroup',
|
|
required=False,
|
|
cli_name='runasexternalgroup',
|
|
label=_(u'RunAs External Group'),
|
|
doc=_(u'External Group the commands can run as (sudorule-find only)'),
|
|
),
|
|
parameters.Str(
|
|
'setattr',
|
|
required=False,
|
|
multivalue=True,
|
|
doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
|
|
exclude=('webui',),
|
|
),
|
|
parameters.Str(
|
|
'addattr',
|
|
required=False,
|
|
multivalue=True,
|
|
doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
|
|
exclude=('webui',),
|
|
),
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Output(
|
|
'summary',
|
|
(unicode, type(None)),
|
|
doc=_(u'User-friendly description of action performed'),
|
|
),
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.PrimaryKey(
|
|
'value',
|
|
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_add_allow_command(Method):
|
|
__doc__ = _("Add commands and sudo command groups affected by Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Str(
|
|
'sudocmd',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='sudocmds',
|
|
label=_(u'member sudo command'),
|
|
doc=_(u'sudo commands to add'),
|
|
alwaysask=True,
|
|
),
|
|
parameters.Str(
|
|
'sudocmdgroup',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='sudocmdgroups',
|
|
label=_(u'member sudo command group'),
|
|
doc=_(u'sudo command groups to add'),
|
|
alwaysask=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.Output(
|
|
'failed',
|
|
dict,
|
|
doc=_(u'Members that could not be added'),
|
|
),
|
|
output.Output(
|
|
'completed',
|
|
int,
|
|
doc=_(u'Number of members added'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_add_deny_command(Method):
|
|
__doc__ = _("Add commands and sudo command groups affected by Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Str(
|
|
'sudocmd',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='sudocmds',
|
|
label=_(u'member sudo command'),
|
|
doc=_(u'sudo commands to add'),
|
|
alwaysask=True,
|
|
),
|
|
parameters.Str(
|
|
'sudocmdgroup',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='sudocmdgroups',
|
|
label=_(u'member sudo command group'),
|
|
doc=_(u'sudo command groups to add'),
|
|
alwaysask=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.Output(
|
|
'failed',
|
|
dict,
|
|
doc=_(u'Members that could not be added'),
|
|
),
|
|
output.Output(
|
|
'completed',
|
|
int,
|
|
doc=_(u'Number of members added'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_add_host(Method):
|
|
__doc__ = _("Add hosts and hostgroups affected by Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Str(
|
|
'host',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='hosts',
|
|
label=_(u'member host'),
|
|
doc=_(u'hosts to add'),
|
|
alwaysask=True,
|
|
),
|
|
parameters.Str(
|
|
'hostgroup',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='hostgroups',
|
|
label=_(u'member host group'),
|
|
doc=_(u'host groups to add'),
|
|
alwaysask=True,
|
|
),
|
|
parameters.Str(
|
|
'hostmask',
|
|
required=False,
|
|
multivalue=True,
|
|
label=_(u'host masks of allowed hosts'),
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.Output(
|
|
'failed',
|
|
dict,
|
|
doc=_(u'Members that could not be added'),
|
|
),
|
|
output.Output(
|
|
'completed',
|
|
int,
|
|
doc=_(u'Number of members added'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_add_option(Method):
|
|
__doc__ = _("Add an option to the Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Str(
|
|
'ipasudoopt',
|
|
cli_name='sudooption',
|
|
label=_(u'Sudo Option'),
|
|
),
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Output(
|
|
'summary',
|
|
(unicode, type(None)),
|
|
doc=_(u'User-friendly description of action performed'),
|
|
),
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.PrimaryKey(
|
|
'value',
|
|
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_add_runasgroup(Method):
|
|
__doc__ = _("Add group for Sudo to execute as.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Str(
|
|
'group',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='groups',
|
|
label=_(u'member group'),
|
|
doc=_(u'groups to add'),
|
|
alwaysask=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.Output(
|
|
'failed',
|
|
dict,
|
|
doc=_(u'Members that could not be added'),
|
|
),
|
|
output.Output(
|
|
'completed',
|
|
int,
|
|
doc=_(u'Number of members added'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_add_runasuser(Method):
|
|
__doc__ = _("Add users and groups for Sudo to execute as.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Str(
|
|
'user',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='users',
|
|
label=_(u'member user'),
|
|
doc=_(u'users to add'),
|
|
alwaysask=True,
|
|
),
|
|
parameters.Str(
|
|
'group',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='groups',
|
|
label=_(u'member group'),
|
|
doc=_(u'groups to add'),
|
|
alwaysask=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.Output(
|
|
'failed',
|
|
dict,
|
|
doc=_(u'Members that could not be added'),
|
|
),
|
|
output.Output(
|
|
'completed',
|
|
int,
|
|
doc=_(u'Number of members added'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_add_user(Method):
|
|
__doc__ = _("Add users and groups affected by Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Str(
|
|
'user',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='users',
|
|
label=_(u'member user'),
|
|
doc=_(u'users to add'),
|
|
alwaysask=True,
|
|
),
|
|
parameters.Str(
|
|
'group',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='groups',
|
|
label=_(u'member group'),
|
|
doc=_(u'groups to add'),
|
|
alwaysask=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.Output(
|
|
'failed',
|
|
dict,
|
|
doc=_(u'Members that could not be added'),
|
|
),
|
|
output.Output(
|
|
'completed',
|
|
int,
|
|
doc=_(u'Number of members added'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_del(Method):
|
|
__doc__ = _("Delete Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
multivalue=True,
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Flag(
|
|
'continue',
|
|
doc=_(u"Continuous mode: Don't stop on errors."),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Output(
|
|
'summary',
|
|
(unicode, type(None)),
|
|
doc=_(u'User-friendly description of action performed'),
|
|
),
|
|
output.Output(
|
|
'result',
|
|
dict,
|
|
doc=_(u'List of deletions that failed'),
|
|
),
|
|
output.ListOfPrimaryKeys(
|
|
'value',
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_disable(Method):
|
|
__doc__ = _("Disable a Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
)
|
|
has_output = (
|
|
output.Output(
|
|
'result',
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_enable(Method):
|
|
__doc__ = _("Enable a Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
)
|
|
has_output = (
|
|
output.Output(
|
|
'result',
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_find(Method):
|
|
__doc__ = _("Search for Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'criteria',
|
|
required=False,
|
|
doc=_(u'A string searched in all relevant object attributes'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Str(
|
|
'cn',
|
|
required=False,
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
parameters.Str(
|
|
'description',
|
|
required=False,
|
|
cli_name='desc',
|
|
label=_(u'Description'),
|
|
),
|
|
parameters.Bool(
|
|
'ipaenabledflag',
|
|
required=False,
|
|
label=_(u'Enabled'),
|
|
exclude=('cli', 'webui'),
|
|
),
|
|
parameters.Str(
|
|
'usercategory',
|
|
required=False,
|
|
cli_name='usercat',
|
|
cli_metavar="['all']",
|
|
label=_(u'User category'),
|
|
doc=_(u'User category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'hostcategory',
|
|
required=False,
|
|
cli_name='hostcat',
|
|
cli_metavar="['all']",
|
|
label=_(u'Host category'),
|
|
doc=_(u'Host category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'cmdcategory',
|
|
required=False,
|
|
cli_name='cmdcat',
|
|
cli_metavar="['all']",
|
|
label=_(u'Command category'),
|
|
doc=_(u'Command category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasusercategory',
|
|
required=False,
|
|
cli_name='runasusercat',
|
|
cli_metavar="['all']",
|
|
label=_(u'RunAs User category'),
|
|
doc=_(u'RunAs User category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasgroupcategory',
|
|
required=False,
|
|
cli_name='runasgroupcat',
|
|
cli_metavar="['all']",
|
|
label=_(u'RunAs Group category'),
|
|
doc=_(u'RunAs Group category the rule applies to'),
|
|
),
|
|
parameters.Int(
|
|
'sudoorder',
|
|
required=False,
|
|
cli_name='order',
|
|
label=_(u'Sudo order'),
|
|
doc=_(u'integer to order the Sudo rules'),
|
|
default=0,
|
|
),
|
|
parameters.Str(
|
|
'externaluser',
|
|
required=False,
|
|
label=_(u'External User'),
|
|
doc=_(u'External User the rule applies to (sudorule-find only)'),
|
|
),
|
|
parameters.Str(
|
|
'externalhost',
|
|
required=False,
|
|
multivalue=True,
|
|
label=_(u'External host'),
|
|
exclude=('cli', 'webui'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasextuser',
|
|
required=False,
|
|
cli_name='runasexternaluser',
|
|
label=_(u'RunAs External User'),
|
|
doc=_(u'External User the commands can run as (sudorule-find only)'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasextgroup',
|
|
required=False,
|
|
cli_name='runasexternalgroup',
|
|
label=_(u'RunAs External Group'),
|
|
doc=_(u'External Group the commands can run as (sudorule-find only)'),
|
|
),
|
|
parameters.Int(
|
|
'timelimit',
|
|
required=False,
|
|
label=_(u'Time Limit'),
|
|
doc=_(u'Time limit of search in seconds (0 is unlimited)'),
|
|
),
|
|
parameters.Int(
|
|
'sizelimit',
|
|
required=False,
|
|
label=_(u'Size Limit'),
|
|
doc=_(u'Maximum number of entries returned (0 is unlimited)'),
|
|
),
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'pkey_only',
|
|
required=False,
|
|
label=_(u'Primary key only'),
|
|
doc=_(u'Results should contain primary key attribute only ("sudorule-name")'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Output(
|
|
'summary',
|
|
(unicode, type(None)),
|
|
doc=_(u'User-friendly description of action performed'),
|
|
),
|
|
output.ListOfEntries(
|
|
'result',
|
|
),
|
|
output.Output(
|
|
'count',
|
|
int,
|
|
doc=_(u'Number of entries returned'),
|
|
),
|
|
output.Output(
|
|
'truncated',
|
|
bool,
|
|
doc=_(u'True if not all results were returned'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_mod(Method):
|
|
__doc__ = _("Modify Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Str(
|
|
'description',
|
|
required=False,
|
|
cli_name='desc',
|
|
label=_(u'Description'),
|
|
),
|
|
parameters.Bool(
|
|
'ipaenabledflag',
|
|
required=False,
|
|
label=_(u'Enabled'),
|
|
exclude=('cli', 'webui'),
|
|
),
|
|
parameters.Str(
|
|
'usercategory',
|
|
required=False,
|
|
cli_name='usercat',
|
|
cli_metavar="['all']",
|
|
label=_(u'User category'),
|
|
doc=_(u'User category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'hostcategory',
|
|
required=False,
|
|
cli_name='hostcat',
|
|
cli_metavar="['all']",
|
|
label=_(u'Host category'),
|
|
doc=_(u'Host category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'cmdcategory',
|
|
required=False,
|
|
cli_name='cmdcat',
|
|
cli_metavar="['all']",
|
|
label=_(u'Command category'),
|
|
doc=_(u'Command category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasusercategory',
|
|
required=False,
|
|
cli_name='runasusercat',
|
|
cli_metavar="['all']",
|
|
label=_(u'RunAs User category'),
|
|
doc=_(u'RunAs User category the rule applies to'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasgroupcategory',
|
|
required=False,
|
|
cli_name='runasgroupcat',
|
|
cli_metavar="['all']",
|
|
label=_(u'RunAs Group category'),
|
|
doc=_(u'RunAs Group category the rule applies to'),
|
|
),
|
|
parameters.Int(
|
|
'sudoorder',
|
|
required=False,
|
|
cli_name='order',
|
|
label=_(u'Sudo order'),
|
|
doc=_(u'integer to order the Sudo rules'),
|
|
default=0,
|
|
),
|
|
parameters.Str(
|
|
'externaluser',
|
|
required=False,
|
|
label=_(u'External User'),
|
|
doc=_(u'External User the rule applies to (sudorule-find only)'),
|
|
),
|
|
parameters.Str(
|
|
'externalhost',
|
|
required=False,
|
|
multivalue=True,
|
|
label=_(u'External host'),
|
|
exclude=('cli', 'webui'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasextuser',
|
|
required=False,
|
|
cli_name='runasexternaluser',
|
|
label=_(u'RunAs External User'),
|
|
doc=_(u'External User the commands can run as (sudorule-find only)'),
|
|
),
|
|
parameters.Str(
|
|
'ipasudorunasextgroup',
|
|
required=False,
|
|
cli_name='runasexternalgroup',
|
|
label=_(u'RunAs External Group'),
|
|
doc=_(u'External Group the commands can run as (sudorule-find only)'),
|
|
),
|
|
parameters.Str(
|
|
'setattr',
|
|
required=False,
|
|
multivalue=True,
|
|
doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
|
|
exclude=('webui',),
|
|
),
|
|
parameters.Str(
|
|
'addattr',
|
|
required=False,
|
|
multivalue=True,
|
|
doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
|
|
exclude=('webui',),
|
|
),
|
|
parameters.Str(
|
|
'delattr',
|
|
required=False,
|
|
multivalue=True,
|
|
doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
|
|
exclude=('webui',),
|
|
),
|
|
parameters.Flag(
|
|
'rights',
|
|
label=_(u'Rights'),
|
|
doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Output(
|
|
'summary',
|
|
(unicode, type(None)),
|
|
doc=_(u'User-friendly description of action performed'),
|
|
),
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.PrimaryKey(
|
|
'value',
|
|
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_remove_allow_command(Method):
|
|
__doc__ = _("Remove commands and sudo command groups affected by Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Str(
|
|
'sudocmd',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='sudocmds',
|
|
label=_(u'member sudo command'),
|
|
doc=_(u'sudo commands to remove'),
|
|
alwaysask=True,
|
|
),
|
|
parameters.Str(
|
|
'sudocmdgroup',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='sudocmdgroups',
|
|
label=_(u'member sudo command group'),
|
|
doc=_(u'sudo command groups to remove'),
|
|
alwaysask=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.Output(
|
|
'failed',
|
|
dict,
|
|
doc=_(u'Members that could not be removed'),
|
|
),
|
|
output.Output(
|
|
'completed',
|
|
int,
|
|
doc=_(u'Number of members removed'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_remove_deny_command(Method):
|
|
__doc__ = _("Remove commands and sudo command groups affected by Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Str(
|
|
'sudocmd',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='sudocmds',
|
|
label=_(u'member sudo command'),
|
|
doc=_(u'sudo commands to remove'),
|
|
alwaysask=True,
|
|
),
|
|
parameters.Str(
|
|
'sudocmdgroup',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='sudocmdgroups',
|
|
label=_(u'member sudo command group'),
|
|
doc=_(u'sudo command groups to remove'),
|
|
alwaysask=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.Output(
|
|
'failed',
|
|
dict,
|
|
doc=_(u'Members that could not be removed'),
|
|
),
|
|
output.Output(
|
|
'completed',
|
|
int,
|
|
doc=_(u'Number of members removed'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_remove_host(Method):
|
|
__doc__ = _("Remove hosts and hostgroups affected by Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Str(
|
|
'host',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='hosts',
|
|
label=_(u'member host'),
|
|
doc=_(u'hosts to remove'),
|
|
alwaysask=True,
|
|
),
|
|
parameters.Str(
|
|
'hostgroup',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='hostgroups',
|
|
label=_(u'member host group'),
|
|
doc=_(u'host groups to remove'),
|
|
alwaysask=True,
|
|
),
|
|
parameters.Str(
|
|
'hostmask',
|
|
required=False,
|
|
multivalue=True,
|
|
label=_(u'host masks of allowed hosts'),
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.Output(
|
|
'failed',
|
|
dict,
|
|
doc=_(u'Members that could not be removed'),
|
|
),
|
|
output.Output(
|
|
'completed',
|
|
int,
|
|
doc=_(u'Number of members removed'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_remove_option(Method):
|
|
__doc__ = _("Remove an option from Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Str(
|
|
'ipasudoopt',
|
|
cli_name='sudooption',
|
|
label=_(u'Sudo Option'),
|
|
),
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Output(
|
|
'summary',
|
|
(unicode, type(None)),
|
|
doc=_(u'User-friendly description of action performed'),
|
|
),
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.PrimaryKey(
|
|
'value',
|
|
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_remove_runasgroup(Method):
|
|
__doc__ = _("Remove group for Sudo to execute as.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Str(
|
|
'group',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='groups',
|
|
label=_(u'member group'),
|
|
doc=_(u'groups to remove'),
|
|
alwaysask=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.Output(
|
|
'failed',
|
|
dict,
|
|
doc=_(u'Members that could not be removed'),
|
|
),
|
|
output.Output(
|
|
'completed',
|
|
int,
|
|
doc=_(u'Number of members removed'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_remove_runasuser(Method):
|
|
__doc__ = _("Remove users and groups for Sudo to execute as.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Str(
|
|
'user',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='users',
|
|
label=_(u'member user'),
|
|
doc=_(u'users to remove'),
|
|
alwaysask=True,
|
|
),
|
|
parameters.Str(
|
|
'group',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='groups',
|
|
label=_(u'member group'),
|
|
doc=_(u'groups to remove'),
|
|
alwaysask=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.Output(
|
|
'failed',
|
|
dict,
|
|
doc=_(u'Members that could not be removed'),
|
|
),
|
|
output.Output(
|
|
'completed',
|
|
int,
|
|
doc=_(u'Number of members removed'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_remove_user(Method):
|
|
__doc__ = _("Remove users and groups affected by Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Str(
|
|
'user',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='users',
|
|
label=_(u'member user'),
|
|
doc=_(u'users to remove'),
|
|
alwaysask=True,
|
|
),
|
|
parameters.Str(
|
|
'group',
|
|
required=False,
|
|
multivalue=True,
|
|
cli_name='groups',
|
|
label=_(u'member group'),
|
|
doc=_(u'groups to remove'),
|
|
alwaysask=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.Output(
|
|
'failed',
|
|
dict,
|
|
doc=_(u'Members that could not be removed'),
|
|
),
|
|
output.Output(
|
|
'completed',
|
|
int,
|
|
doc=_(u'Number of members removed'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class sudorule_show(Method):
|
|
__doc__ = _("Display Sudo Rule.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'cn',
|
|
cli_name='sudorule_name',
|
|
label=_(u'Rule name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Flag(
|
|
'rights',
|
|
label=_(u'Rights'),
|
|
doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'no_members',
|
|
doc=_(u'Suppress processing of membership attributes.'),
|
|
exclude=('webui', 'cli'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Output(
|
|
'summary',
|
|
(unicode, type(None)),
|
|
doc=_(u'User-friendly description of action performed'),
|
|
),
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.PrimaryKey(
|
|
'value',
|
|
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
|
|
),
|
|
)
|