[Freeipa-devel] [PATCH] 373 Fixed conflicting vault 'service' option.
Endi Sukma Dewata
edewata at redhat.com
Mon Aug 10 18:48:31 UTC 2015
A new vault API has been added to rename the 'service' option to
'servicename' to avoid conflicts with 'service' member in a future
patch. The old API is retained for backward compatibility, but the
implementation has been changed to invoke the new API.
https://fedorahosted.org/freeipa/ticket/5193
--
Endi S. Dewata
-------------- next part --------------
From 157d38f6954d5453eb494a542f027cc30eb4ea0d Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata at redhat.com>
Date: Thu, 6 Aug 2015 21:46:27 +0200
Subject: [PATCH] Fixed conflicting vault 'service' option.
A new vault API has been added to rename the 'service' option to
'servicename' to avoid conflicts with 'service' member in a future
patch. The old API is retained for backward compatibility, but the
implementation has been changed to invoke the new API.
https://fedorahosted.org/freeipa/ticket/5193
---
API.txt | 230 ++++++++-
VERSION | 4 +-
ipalib/plugins/vault.py | 595 +++++++++++++++++++-----
ipatests/test_xmlrpc/test_vault2_plugin.py | 719 +++++++++++++++++++++++++++++
4 files changed, 1435 insertions(+), 113 deletions(-)
create mode 100644 ipatests/test_xmlrpc/test_vault2_plugin.py
diff --git a/API.txt b/API.txt
index 04f2f894f7667239d94a2a7278d0cc80704afeb5..9a777bd029d88f6882a9db341822544c6d1e7b5a 100644
--- a/API.txt
+++ b/API.txt
@@ -5396,6 +5396,232 @@ option: Str('version?', exclude='webui')
output: Output('result', <type 'bool'>, None)
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: PrimaryKey('value', None, None)
+command: vault2_add
+args: 1,14,3
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=True)
+option: Str('addattr*', cli_name='addattr', exclude='webui')
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('description?', cli_name='desc')
+option: Bytes('ipavaultpublickey?', cli_name='public_key')
+option: Str('ipavaulttype?', cli_name='type')
+option: Str('password?', cli_name='password')
+option: Str('password_file?', cli_name='password_file')
+option: Str('public_key_file?', cli_name='public_key_file')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('servicename?', cli_name='service')
+option: Str('setattr*', cli_name='setattr', exclude='webui')
+option: Flag('shared?', autofill=True, default=False)
+option: Str('username?', cli_name='user')
+option: Str('version?', exclude='webui')
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: PrimaryKey('value', None, None)
+command: vault2_add_internal
+args: 1,13,3
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, required=True)
+option: Str('addattr*', cli_name='addattr', exclude='webui')
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('description', attribute=True, cli_name='desc', multivalue=False, required=False)
+option: Bytes('ipavaultpublickey', attribute=True, cli_name='public_key', multivalue=False, required=False)
+option: Bytes('ipavaultsalt', attribute=True, cli_name='salt', multivalue=False, required=False)
+option: Str('ipavaulttype', attribute=True, autofill=True, cli_name='type', default=u'standard', multivalue=False, required=False)
+option: Flag('no_members', autofill=True, default=False, exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('servicename?', cli_name='service')
+option: Str('setattr*', cli_name='setattr', exclude='webui')
+option: Flag('shared?', autofill=True, default=False)
+option: Str('username?', cli_name='user')
+option: Str('version?', exclude='webui')
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: PrimaryKey('value', None, None)
+command: vault2_add_member
+args: 1,9,3
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=True)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('group*', alwaysask=True, cli_name='groups', csv=True)
+option: Flag('no_members', autofill=True, default=False, exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('servicename?', cli_name='service')
+option: Flag('shared?', autofill=True, default=False)
+option: Str('user*', alwaysask=True, cli_name='users', csv=True)
+option: Str('username?', cli_name='user')
+option: Str('version?', exclude='webui')
+output: Output('completed', <type 'int'>, None)
+output: Output('failed', <type 'dict'>, None)
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+command: vault2_add_owner
+args: 1,9,3
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=True)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('group*', alwaysask=True, cli_name='groups', csv=True)
+option: Flag('no_members', autofill=True, default=False, exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('servicename?', cli_name='service')
+option: Flag('shared?', autofill=True, default=False)
+option: Str('user*', alwaysask=True, cli_name='users', csv=True)
+option: Str('username?', cli_name='user')
+option: Str('version?', exclude='webui')
+output: Output('completed', <type 'int'>, None)
+output: Output('failed', <type 'dict'>, None)
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+command: vault2_archive
+args: 1,10,3
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=True)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Bytes('data?')
+option: Str('in?')
+option: Str('password?', cli_name='password')
+option: Str('password_file?', cli_name='password_file')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('servicename?', cli_name='service')
+option: Flag('shared?', autofill=True, default=False)
+option: Str('username?', cli_name='user')
+option: Str('version?', exclude='webui')
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: PrimaryKey('value', None, None)
+command: vault2_archive_internal
+args: 1,9,3
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=True)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Bytes('nonce')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('servicename?', cli_name='service')
+option: Bytes('session_key')
+option: Flag('shared?', autofill=True, default=False)
+option: Str('username?', cli_name='user')
+option: Bytes('vault_data')
+option: Str('version?', exclude='webui')
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: PrimaryKey('value', None, None)
+command: vault2_del
+args: 1,5,3
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=True, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=True)
+option: Flag('continue', autofill=True, cli_name='continue', default=False)
+option: Str('servicename?', cli_name='service')
+option: Flag('shared?', autofill=True, default=False)
+option: Str('username?', cli_name='user')
+option: Str('version?', exclude='webui')
+output: Output('result', <type 'dict'>, None)
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: ListOfPrimaryKeys('value', None, None)
+command: vault2_find
+args: 1,13,4
+arg: Str('criteria?', noextrawhitespace=False)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('cn', attribute=True, autofill=False, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=False)
+option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False)
+option: Str('ipavaulttype', attribute=True, autofill=False, cli_name='type', default=u'standard', multivalue=False, query=True, required=False)
+option: Flag('no_members', autofill=True, default=False, exclude='webui')
+option: Flag('pkey_only?', autofill=True, default=False)
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('servicename?', cli_name='service')
+option: Flag('shared?', autofill=True, default=False)
+option: Int('sizelimit?', autofill=False, minvalue=0)
+option: Int('timelimit?', autofill=False, minvalue=0)
+option: Str('username?', cli_name='user')
+option: Str('version?', exclude='webui')
+output: Output('count', <type 'int'>, None)
+output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None))
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: Output('truncated', <type 'bool'>, None)
+command: vault2_mod
+args: 1,15,3
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=True)
+option: Str('addattr*', cli_name='addattr', exclude='webui')
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('delattr*', cli_name='delattr', exclude='webui')
+option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False)
+option: Bytes('ipavaultpublickey', attribute=True, autofill=False, cli_name='public_key', multivalue=False, required=False)
+option: Bytes('ipavaultsalt', attribute=True, autofill=False, cli_name='salt', multivalue=False, required=False)
+option: Str('ipavaulttype', attribute=True, autofill=False, cli_name='type', default=u'standard', multivalue=False, required=False)
+option: Flag('no_members', autofill=True, default=False, exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Flag('rights', autofill=True, default=False)
+option: Str('servicename?', cli_name='service')
+option: Str('setattr*', cli_name='setattr', exclude='webui')
+option: Flag('shared?', autofill=True, default=False)
+option: Str('username?', cli_name='user')
+option: Str('version?', exclude='webui')
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: PrimaryKey('value', None, None)
+command: vault2_remove_member
+args: 1,9,3
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=True)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('group*', alwaysask=True, cli_name='groups', csv=True)
+option: Flag('no_members', autofill=True, default=False, exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('servicename?', cli_name='service')
+option: Flag('shared?', autofill=True, default=False)
+option: Str('user*', alwaysask=True, cli_name='users', csv=True)
+option: Str('username?', cli_name='user')
+option: Str('version?', exclude='webui')
+output: Output('completed', <type 'int'>, None)
+output: Output('failed', <type 'dict'>, None)
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+command: vault2_remove_owner
+args: 1,9,3
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=True)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('group*', alwaysask=True, cli_name='groups', csv=True)
+option: Flag('no_members', autofill=True, default=False, exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('servicename?', cli_name='service')
+option: Flag('shared?', autofill=True, default=False)
+option: Str('user*', alwaysask=True, cli_name='users', csv=True)
+option: Str('username?', cli_name='user')
+option: Str('version?', exclude='webui')
+output: Output('completed', <type 'int'>, None)
+output: Output('failed', <type 'dict'>, None)
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+command: vault2_retrieve
+args: 1,11,3
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=True)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Str('out?')
+option: Str('password?', cli_name='password')
+option: Str('password_file?', cli_name='password_file')
+option: Bytes('private_key?', cli_name='private_key')
+option: Str('private_key_file?', cli_name='private_key_file')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('servicename?', cli_name='service')
+option: Flag('shared?', autofill=True, default=False)
+option: Str('username?', cli_name='user')
+option: Str('version?', exclude='webui')
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: PrimaryKey('value', None, None)
+command: vault2_retrieve_internal
+args: 1,7,3
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=True)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Str('servicename?', cli_name='service')
+option: Bytes('session_key')
+option: Flag('shared?', autofill=True, default=False)
+option: Str('username?', cli_name='user')
+option: Str('version?', exclude='webui')
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: PrimaryKey('value', None, None)
+command: vault2_show
+args: 1,8,3
+arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=True)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
+option: Flag('no_members', autofill=True, default=False, exclude='webui')
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
+option: Flag('rights', autofill=True, default=False)
+option: Str('servicename?', cli_name='service')
+option: Flag('shared?', autofill=True, default=False)
+option: Str('username?', cli_name='user')
+option: Str('version?', exclude='webui')
+output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: PrimaryKey('value', None, None)
command: vault_add
args: 1,14,3
arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, query=True, required=True)
@@ -5417,8 +5643,9 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: PrimaryKey('value', None, None)
command: vault_add_internal
-args: 1,11,3
+args: 1,13,3
arg: Str('cn', attribute=True, cli_name='name', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.-]+$', primary_key=True, required=True)
+option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('description', attribute=True, cli_name='desc', multivalue=False, required=False)
option: Bytes('ipavaultpublickey', attribute=True, cli_name='public_key', multivalue=False, required=False)
@@ -5427,6 +5654,7 @@ option: Str('ipavaulttype', attribute=True, autofill=True, cli_name='type', defa
option: Flag('no_members', autofill=True, default=False, exclude='webui')
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Str('service?')
+option: Str('setattr*', cli_name='setattr', exclude='webui')
option: Flag('shared?', autofill=True, default=False)
option: Str('username?', cli_name='user')
option: Str('version?', exclude='webui')
diff --git a/VERSION b/VERSION
index a3d586df47ab6a6136bd38c0151fe43876bf5ab3..e656524418e5fedbd318e6998aa67ffc20750533 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=148
-# Last change: ftweedal - add --out option to user-show
+IPA_API_VERSION_MINOR=149
+# Last change: edewata - Fixed conflicting vault 'service' option.
diff --git a/ipalib/plugins/vault.py b/ipalib/plugins/vault.py
index 423df6b7c0e39c46b20561133be8cd54560bf8b9..e32d378dbdc7118c2fd60aeabe7a3993c2d63c9c 100644
--- a/ipalib/plugins/vault.py
+++ b/ipalib/plugins/vault.py
@@ -257,11 +257,225 @@ vault_options = (
),
)
+vault2_options = (
+ Str(
+ 'servicename?',
+ cli_name='service',
+ doc=_('Service name of the service vault'),
+ ),
+ Flag(
+ 'shared?',
+ doc=_('Shared vault'),
+ ),
+ Str(
+ 'username?',
+ cli_name='user',
+ doc=_('Username of the user vault'),
+ ),
+)
+
+vault_add_options = (
+ Str(
+ 'description?',
+ cli_name='desc',
+ doc=_('Vault description'),
+ ),
+ Str(
+ 'ipavaulttype?',
+ cli_name='type',
+ doc=_('Vault type'),
+ ),
+ Str(
+ 'password?',
+ cli_name='password',
+ doc=_('Vault password'),
+ ),
+ Str( # TODO: use File parameter
+ 'password_file?',
+ cli_name='password_file',
+ doc=_('File containing the vault password'),
+ ),
+ Bytes(
+ 'ipavaultpublickey?',
+ cli_name='public_key',
+ doc=_('Vault public key'),
+ ),
+ Str( # TODO: use File parameter
+ 'public_key_file?',
+ cli_name='public_key_file',
+ doc=_('File containing the vault public key'),
+ ),
+)
+
+vault_archive_options = (
+ Bytes(
+ 'data?',
+ doc=_('Binary data to archive'),
+ ),
+ Str( # TODO: use File parameter
+ 'in?',
+ doc=_('File containing data to archive'),
+ ),
+ Str(
+ 'password?',
+ cli_name='password',
+ doc=_('Vault password'),
+ ),
+ Str( # TODO: use File parameter
+ 'password_file?',
+ cli_name='password_file',
+ doc=_('File containing the vault password'),
+ ),
+)
+
+vault_archive_internal_options = (
+ Bytes(
+ 'session_key',
+ doc=_('Session key wrapped with transport certificate'),
+ ),
+ Bytes(
+ 'vault_data',
+ doc=_('Vault data encrypted with session key'),
+ ),
+ Bytes(
+ 'nonce',
+ doc=_('Nonce'),
+ ),
+)
+
+vault_retrieve_options = (
+ Str(
+ 'out?',
+ doc=_('File to store retrieved data'),
+ ),
+ Str(
+ 'password?',
+ cli_name='password',
+ doc=_('Vault password'),
+ ),
+ Str( # TODO: use File parameter
+ 'password_file?',
+ cli_name='password_file',
+ doc=_('File containing the vault password'),
+ ),
+ Bytes(
+ 'private_key?',
+ cli_name='private_key',
+ doc=_('Vault private key'),
+ ),
+ Str( # TODO: use File parameter
+ 'private_key_file?',
+ cli_name='private_key_file',
+ doc=_('File containing the vault private key'),
+ ),
+)
+
+vault_retrieve_internal_options = (
+ Bytes(
+ 'session_key',
+ doc=_('Session key wrapped with transport certificate'),
+ ),
+)
+
+
+def convert_options(**options):
+ options = options.copy()
+
+ if 'service' in options:
+ options['servicename'] = options.pop('service')
+
+ return options
+
@register()
class vault(LDAPObject):
__doc__ = _("""
- Vault object.
+ Vault 1.0 Plugin.
+ """)
+
+ container_dn = api.env.container_vault
+
+ object_name = _('vault')
+ object_name_plural = _('vaults')
+
+ object_class = ['ipaVault']
+ default_attributes = [
+ 'cn',
+ 'description',
+ 'ipavaulttype',
+ 'ipavaultsalt',
+ 'ipavaultpublickey',
+ 'owner',
+ 'member',
+ ]
+ search_display_attributes = [
+ 'cn',
+ 'description',
+ 'ipavaulttype',
+ ]
+ attribute_members = {
+ 'owner': ['user', 'group'],
+ 'member': ['user', 'group'],
+ }
+
+ label = _('Vaults')
+ label_singular = _('Vault')
+
+ takes_params = (
+ Str(
+ 'cn',
+ cli_name='name',
+ label=_('Vault name'),
+ primary_key=True,
+ pattern='^[a-zA-Z0-9_.-]+$',
+ pattern_errmsg='may only include letters, numbers, _, ., and -',
+ maxlength=255,
+ ),
+ Str(
+ 'description?',
+ cli_name='desc',
+ label=_('Description'),
+ doc=_('Vault description'),
+ ),
+ Str(
+ 'ipavaulttype?',
+ cli_name='type',
+ label=_('Type'),
+ doc=_('Vault type'),
+ default=u'standard',
+ autofill=True,
+ ),
+ Bytes(
+ 'ipavaultsalt?',
+ cli_name='salt',
+ label=_('Salt'),
+ doc=_('Vault salt'),
+ flags=['no_search'],
+ ),
+ Bytes(
+ 'ipavaultpublickey?',
+ cli_name='public_key',
+ label=_('Public key'),
+ doc=_('Vault public key'),
+ flags=['no_search'],
+ ),
+ Str(
+ 'owner_user?',
+ label=_('Owner users'),
+ flags=['no_create', 'no_update', 'no_search'],
+ ),
+ Str(
+ 'owner_group?',
+ label=_('Owner groups'),
+ flags=['no_create', 'no_update', 'no_search'],
+ ),
+ )
+
+
+ at register()
+class vault2(LDAPObject):
+ __doc__ = _("""
+ Vault 1.1 Plugin.
""")
container_dn = api.env.container_vault
@@ -347,7 +561,7 @@ class vault(LDAPObject):
Generates vault DN from parameters.
"""
- service = options.get('service')
+ service = options.get('servicename')
shared = options.get('shared')
user = options.get('username')
@@ -369,7 +583,7 @@ class vault(LDAPObject):
# TODO: create container_dn after object initialization then reuse it
container_dn = DN(self.container_dn, self.api.env.basedn)
- dn = super(vault, self).get_dn(*keys, **options)
+ dn = super(vault2, self).get_dn(*keys, **options)
assert dn.endswith(container_dn)
rdns = DN(*dn[:-len(container_dn)])
@@ -546,38 +760,26 @@ class vault(LDAPObject):
class vault_add(PKQuery, Local):
__doc__ = _('Create a new vault.')
- takes_options = LDAPCreate.takes_options + vault_options + (
- Str(
- 'description?',
- cli_name='desc',
- doc=_('Vault description'),
- ),
- Str(
- 'ipavaulttype?',
- cli_name='type',
- doc=_('Vault type'),
- ),
- Str(
- 'password?',
- cli_name='password',
- doc=_('Vault password'),
- ),
- Str( # TODO: use File parameter
- 'password_file?',
- cli_name='password_file',
- doc=_('File containing the vault password'),
- ),
- Bytes(
- 'ipavaultpublickey?',
- cli_name='public_key',
- doc=_('Vault public key'),
- ),
- Str( # TODO: use File parameter
- 'public_key_file?',
- cli_name='public_key_file',
- doc=_('File containing the vault public key'),
- ),
- )
+ NO_CLI = True
+
+ takes_options = LDAPCreate.takes_options + vault_options + \
+ vault_add_options
+
+ has_output = output.standard_entry
+
+ def forward(self, *args, **options):
+ options = convert_options(**options)
+ return self.api.Command.vault2_add(*args, **options)
+
+
+ at register()
+class vault2_add(PKQuery, Local):
+ __doc__ = _('Create a new vault.')
+
+ CLI_NAME = 'vault-add'
+
+ takes_options = LDAPCreate.takes_options + vault2_options + \
+ vault_add_options
has_output = output.standard_entry
@@ -654,7 +856,7 @@ class vault_add(PKQuery, Local):
error=_('Missing vault public key'))
# create vault
- response = self.api.Command.vault_add_internal(*args, **options)
+ response = self.api.Command.vault2_add_internal(*args, **options)
# prepare parameters for archival
opts = options.copy()
@@ -671,7 +873,7 @@ class vault_add(PKQuery, Local):
del opts['ipavaultpublickey']
# archive blank data
- self.api.Command.vault_archive(*args, **opts)
+ self.api.Command.vault2_archive(*args, **opts)
return response
@@ -681,7 +883,20 @@ class vault_add_internal(LDAPCreate):
NO_CLI = True
- takes_options = vault_options
+ takes_options = LDAPCreate.takes_options + vault_options
+
+ def execute(self, *args, **options):
+ options = convert_options(**options)
+ return self.api.Command.vault2_add_internal(*args, **options)
+
+
+ at register()
+class vault2_add_internal(LDAPCreate):
+ __doc__ = _('Create a new vault.')
+
+ NO_CLI = True
+
+ takes_options = LDAPCreate.takes_options + vault2_options
msg_summary = _('Added vault "%(value)s"')
@@ -715,8 +930,23 @@ class vault_add_internal(LDAPCreate):
class vault_del(LDAPDelete):
__doc__ = _('Delete a vault.')
+ NO_CLI = True
+
takes_options = LDAPDelete.takes_options + vault_options
+ def execute(self, *args, **options):
+ options = convert_options(**options)
+ return self.api.Command.vault2_del(*args, **options)
+
+
+ at register()
+class vault2_del(LDAPDelete):
+ __doc__ = _('Delete a vault.')
+
+ CLI_NAME = 'vault-del'
+
+ takes_options = LDAPDelete.takes_options + vault2_options
+
msg_summary = _('Deleted vault "%(value)s"')
def pre_callback(self, ldap, dn, *keys, **options):
@@ -756,10 +986,27 @@ class vault_del(LDAPDelete):
class vault_find(LDAPSearch):
__doc__ = _('Search for vaults.')
+ NO_CLI = True
+
takes_options = LDAPSearch.takes_options + vault_options
has_output_params = LDAPSearch.has_output_params
+ def execute(self, *args, **options):
+ options = convert_options(**options)
+ return self.api.Command.vault2_find(*args, **options)
+
+
+ at register()
+class vault2_find(LDAPSearch):
+ __doc__ = _('Search for vaults.')
+
+ CLI_NAME = 'vault-find'
+
+ takes_options = LDAPSearch.takes_options + vault2_options
+
+ has_output_params = LDAPSearch.has_output_params
+
msg_summary = ngettext(
'%(count)d vault matched',
'%(count)d vaults matched',
@@ -793,10 +1040,25 @@ class vault_find(LDAPSearch):
class vault_mod(LDAPUpdate):
__doc__ = _('Modify a vault.')
+ NO_CLI = True
+
takes_options = LDAPUpdate.takes_options + vault_options
+ def execute(self, *args, **options):
+ options = convert_options(**options)
+ return self.api.Command.vault2_mod(*args, **options)
+
+
+ at register()
+class vault2_mod(LDAPUpdate):
+ __doc__ = _('Modify a vault.')
+
+ takes_options = LDAPUpdate.takes_options + vault2_options
+
msg_summary = _('Modified vault "%(value)s"')
+ CLI_NAME = 'vault-mod'
+
def pre_callback(self, ldap, dn, entry_attrs, attrs_list,
*keys, **options):
@@ -813,13 +1075,29 @@ class vault_mod(LDAPUpdate):
class vault_show(LDAPRetrieve):
__doc__ = _('Display information about a vault.')
+ NO_CLI = True
+
takes_options = LDAPRetrieve.takes_options + vault_options
has_output_params = LDAPRetrieve.has_output_params
+ def execute(self, *args, **options):
+ options = convert_options(**options)
+ return self.api.Command.vault2_show(*args, **options)
+
+
+ at register()
+class vault2_show(LDAPRetrieve):
+ __doc__ = _('Display information about a vault.')
+
+ CLI_NAME = 'vault-show'
+
+ takes_options = LDAPRetrieve.takes_options + vault2_options
+
+ has_output_params = LDAPRetrieve.has_output_params
+
def pre_callback(self, ldap, dn, attrs_list, *keys, **options):
assert isinstance(dn, DN)
-
if not self.api.Command.kra_is_enabled()['result']:
raise errors.InvocationError(
format=_('KRA service is not enabled'))
@@ -886,26 +1164,24 @@ class vaultconfig_show(Retrieve):
class vault_archive(PKQuery, Local):
__doc__ = _('Archive data into a vault.')
- takes_options = vault_options + (
- Bytes(
- 'data?',
- doc=_('Binary data to archive'),
- ),
- Str( # TODO: use File parameter
- 'in?',
- doc=_('File containing data to archive'),
- ),
- Str(
- 'password?',
- cli_name='password',
- doc=_('Vault password'),
- ),
- Str( # TODO: use File parameter
- 'password_file?',
- cli_name='password_file',
- doc=_('File containing the vault password'),
- ),
- )
+ NO_CLI = True
+
+ takes_options = vault_options + vault_archive_options
+
+ has_output = output.standard_entry
+
+ def forward(self, *args, **options):
+ options = convert_options(**options)
+ return self.api.Command.vault2_archive(*args, **options)
+
+
+ at register()
+class vault2_archive(PKQuery, Local):
+ __doc__ = _('Archive data into a vault.')
+
+ CLI_NAME = 'vault-archive'
+
+ takes_options = vault2_options + vault_archive_options
has_output = output.standard_entry
@@ -948,7 +1224,7 @@ class vault_archive(PKQuery, Local):
backend.connect(ccache=krbV.default_context().default_ccache())
# retrieve vault info
- vault = self.api.Command.vault_show(*args, **options)['result']
+ vault = self.api.Command.vault2_show(*args, **options)['result']
vault_type = vault['ipavaulttype'][0]
@@ -979,7 +1255,7 @@ class vault_archive(PKQuery, Local):
opts = options.copy()
opts['password'] = password
try:
- self.api.Command.vault_retrieve(*args, **opts)
+ self.api.Command.vault2_retrieve(*args, **opts)
except errors.NotFound:
pass
@@ -1063,7 +1339,7 @@ class vault_archive(PKQuery, Local):
options['vault_data'] = wrapped_vault_data
- return self.api.Command.vault_archive_internal(*args, **options)
+ return self.api.Command.vault2_archive_internal(*args, **options)
@register()
@@ -1071,20 +1347,22 @@ class vault_archive_internal(PKQuery):
NO_CLI = True
- takes_options = vault_options + (
- Bytes(
- 'session_key',
- doc=_('Session key wrapped with transport certificate'),
- ),
- Bytes(
- 'vault_data',
- doc=_('Vault data encrypted with session key'),
- ),
- Bytes(
- 'nonce',
- doc=_('Nonce'),
- ),
- )
+ takes_options = vault_options + vault_archive_internal_options
+
+ has_output = output.standard_entry
+
+ def execute(self, *args, **options):
+ options = convert_options(**options)
+ return self.api.Command.vault2_archive_internal(*args, **options)
+
+
+ at register()
+class vault2_archive_internal(PKQuery):
+ __doc__ = _('Archive data into a vault.')
+
+ NO_CLI = True
+
+ takes_options = vault2_options + vault_archive_internal_options
has_output = output.standard_entry
@@ -1101,7 +1379,7 @@ class vault_archive_internal(PKQuery):
wrapped_session_key = options.pop('session_key')
# retrieve vault info
- vault = self.api.Command.vault_show(*args, **options)['result']
+ vault = self.api.Command.vault2_show(*args, **options)['result']
# connect to KRA
kra_client = self.api.Backend.kra.get_client()
@@ -1147,33 +1425,31 @@ class vault_archive_internal(PKQuery):
class vault_retrieve(PKQuery, Local):
__doc__ = _('Retrieve a data from a vault.')
- takes_options = vault_options + (
- Str(
- 'out?',
- doc=_('File to store retrieved data'),
- ),
- Str(
- 'password?',
- cli_name='password',
- doc=_('Vault password'),
- ),
- Str( # TODO: use File parameter
- 'password_file?',
- cli_name='password_file',
- doc=_('File containing the vault password'),
- ),
+ NO_CLI = True
+
+ takes_options = vault_options + vault_retrieve_options
+
+ has_output = output.standard_entry
+ has_output_params = (
Bytes(
- 'private_key?',
- cli_name='private_key',
- doc=_('Vault private key'),
- ),
- Str( # TODO: use File parameter
- 'private_key_file?',
- cli_name='private_key_file',
- doc=_('File containing the vault private key'),
+ 'data',
+ label=_('Data'),
),
)
+ def forward(self, *args, **options):
+ options = convert_options(**options)
+ return self.api.Command.vault2_retrieve(*args, **options)
+
+
+ at register()
+class vault2_retrieve(PKQuery, Local):
+ __doc__ = _('Retrieve a data from a vault.')
+
+ CLI_NAME = 'vault-retrieve'
+
+ takes_options = vault2_options + vault_retrieve_options
+
has_output = output.standard_entry
has_output_params = (
Bytes(
@@ -1213,7 +1489,7 @@ class vault_retrieve(PKQuery, Local):
backend.connect(ccache=krbV.default_context().default_ccache())
# retrieve vault info
- vault = self.api.Command.vault_show(*args, **options)['result']
+ vault = self.api.Command.vault2_show(*args, **options)['result']
vault_type = vault['ipavaulttype'][0]
@@ -1241,7 +1517,7 @@ class vault_retrieve(PKQuery, Local):
# send retrieval request to server
options['session_key'] = wrapped_session_key.data
- response = self.api.Command.vault_retrieve_internal(*args, **options)
+ response = self.api.Command.vault2_retrieve_internal(*args, **options)
result = response['result']
nonce = result['nonce']
@@ -1295,7 +1571,8 @@ class vault_retrieve(PKQuery, Local):
password = self.obj.get_existing_password()
# generate encryption key from password
- encryption_key = self.obj.generate_symmetric_key(password, salt)
+ encryption_key = \
+ self.obj.generate_symmetric_key(password, salt)
# decrypt data with encryption key
data = self.obj.decrypt(data, symmetric_key=encryption_key)
@@ -1347,12 +1624,22 @@ class vault_retrieve_internal(PKQuery):
NO_CLI = True
- takes_options = vault_options + (
- Bytes(
- 'session_key',
- doc=_('Session key wrapped with transport certificate'),
- ),
- )
+ takes_options = vault_options + vault_retrieve_internal_options
+
+ has_output = output.standard_entry
+
+ def execute(self, *args, **options):
+ options = convert_options(**options)
+ return self.api.Command.vault2_retrieve_internal(*args, **options)
+
+
+ at register()
+class vault2_retrieve_internal(PKQuery):
+ __doc__ = _('Retrieve a data from a vault.')
+
+ NO_CLI = True
+
+ takes_options = vault2_options + vault_retrieve_internal_options
has_output = output.standard_entry
@@ -1367,7 +1654,7 @@ class vault_retrieve_internal(PKQuery):
wrapped_session_key = options.pop('session_key')
# retrieve vault info
- vault = self.api.Command.vault_show(*args, **options)['result']
+ vault = self.api.Command.vault2_show(*args, **options)['result']
# connect to KRA
kra_client = self.api.Backend.kra.get_client()
@@ -1411,6 +1698,8 @@ class vault_retrieve_internal(PKQuery):
class vault_add_owner(LDAPAddMember):
__doc__ = _('Add owners to a vault.')
+ NO_CLI = True
+
takes_options = LDAPAddMember.takes_options + vault_options
member_attributes = ['owner']
@@ -1430,11 +1719,40 @@ class vault_add_owner(LDAPAddMember):
),
)
+ def execute(self, *args, **options):
+ options = convert_options(**options)
+ return self.api.Command.vault2_add_owner(*args, **options)
+
+
+ at register()
+class vault2_add_owner(LDAPAddMember):
+ __doc__ = _('Add owners to a vault.')
+
+ CLI_NAME = 'vault-add-owner'
+
+ takes_options = LDAPAddMember.takes_options + vault2_options
+
+ has_output = (
+ output.Entry('result'),
+ output.Output(
+ 'failed',
+ type=dict,
+ doc=_('Owners that could not be added'),
+ ),
+ output.Output(
+ 'completed',
+ type=int,
+ doc=_('Number of owners added'),
+ ),
+ )
+
@register()
class vault_remove_owner(LDAPRemoveMember):
__doc__ = _('Remove owners from a vault.')
+ NO_CLI = True
+
takes_options = LDAPRemoveMember.takes_options + vault_options
member_attributes = ['owner']
@@ -1454,20 +1772,77 @@ class vault_remove_owner(LDAPRemoveMember):
),
)
+ def execute(self, *args, **options):
+ options = convert_options(**options)
+ return self.api.Command.vault2_remove_owner(*args, **options)
+
+
+ at register()
+class vault2_remove_owner(LDAPRemoveMember):
+ __doc__ = _('Remove owners from a vault.')
+
+ CLI_NAME = 'vault-remove-owner'
+
+ takes_options = LDAPRemoveMember.takes_options + vault2_options
+
+ has_output = (
+ output.Entry('result'),
+ output.Output(
+ 'failed',
+ type=dict,
+ doc=_('Owners that could not be removed'),
+ ),
+ output.Output(
+ 'completed',
+ type=int,
+ doc=_('Number of owners removed'),
+ ),
+ )
+
@register()
class vault_add_member(LDAPAddMember):
__doc__ = _('Add members to a vault.')
+ NO_CLI = True
+
takes_options = LDAPAddMember.takes_options + vault_options
+ def execute(self, *args, **options):
+ options = convert_options(**options)
+ return self.api.Command.vault2_add_member(*args, **options)
+
+
+ at register()
+class vault2_add_member(LDAPAddMember):
+ __doc__ = _('Add members to a vault.')
+
+ CLI_NAME = 'vault-add-member'
+
+ takes_options = LDAPAddMember.takes_options + vault2_options
+
@register()
class vault_remove_member(LDAPRemoveMember):
__doc__ = _('Remove members from a vault.')
+ NO_CLI = True
+
takes_options = LDAPRemoveMember.takes_options + vault_options
+ def execute(self, *args, **options):
+ options = convert_options(**options)
+ return self.api.Command.vault2_remove_member(*args, **options)
+
+
+ at register()
+class vault2_remove_member(LDAPRemoveMember):
+ __doc__ = _('Remove members from a vault.')
+
+ CLI_NAME = 'vault-remove-member'
+
+ takes_options = LDAPRemoveMember.takes_options + vault2_options
+
@register()
class kra_is_enabled(Command):
diff --git a/ipatests/test_xmlrpc/test_vault2_plugin.py b/ipatests/test_xmlrpc/test_vault2_plugin.py
new file mode 100644
index 0000000000000000000000000000000000000000..ff025967cb1aad61a4ed44173a780e73c0d5f3ac
--- /dev/null
+++ b/ipatests/test_xmlrpc/test_vault2_plugin.py
@@ -0,0 +1,719 @@
+# Authors:
+# Endi S. Dewata <edewata at redhat.com>
+#
+# Copyright (C) 2015 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Test the `ipalib/plugins/vault.py` module.
+"""
+
+import nose
+from ipalib import api, errors
+from xmlrpc_test import Declarative, fuzzy_string
+
+vault_name = u'test_vault'
+service_name = u'HTTP/server.example.com'
+user_name = u'testuser'
+
+standard_vault_name = u'standard_test_vault'
+symmetric_vault_name = u'symmetric_test_vault'
+asymmetric_vault_name = u'asymmetric_test_vault'
+
+# binary data from \x00 to \xff
+secret = ''.join(map(chr, xrange(0, 256)))
+
+password = u'password'
+
+public_key = """
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnT61EFxUOQgCJdM0tmw/
+pRRPDPGchTClnU1eBtiQD3ItKYf1+weMGwGOSJXPtkto7NlE7Qs8WHAr0UjyeBDe
+k/zeB6nSVdk47OdaW1AHrJL+44r238Jbm/+7VO5lTu6Z4N5p0VqoWNLi0Uh/CkqB
+tsxXaaAgjMp0AGq2U/aO/akeEYWQOYIdqUKVgAEKX5MmIA8tmbmoYIQ+B4Q3vX7N
+otG4eR6c2o9Fyjd+M4Gai5Ce0fSrigRvxAYi8xpRkQ5yQn5gf4WVrn+UKTfOIjLO
+pVThop+Xivcre3SpI0kt6oZPhBw9i8gbMnqifVmGFpVdhq+QVBqp+MVJvTbhRPG6
+3wIDAQAB
+-----END PUBLIC KEY-----
+"""
+
+private_key = """
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAnT61EFxUOQgCJdM0tmw/pRRPDPGchTClnU1eBtiQD3ItKYf1
++weMGwGOSJXPtkto7NlE7Qs8WHAr0UjyeBDek/zeB6nSVdk47OdaW1AHrJL+44r2
+38Jbm/+7VO5lTu6Z4N5p0VqoWNLi0Uh/CkqBtsxXaaAgjMp0AGq2U/aO/akeEYWQ
+OYIdqUKVgAEKX5MmIA8tmbmoYIQ+B4Q3vX7NotG4eR6c2o9Fyjd+M4Gai5Ce0fSr
+igRvxAYi8xpRkQ5yQn5gf4WVrn+UKTfOIjLOpVThop+Xivcre3SpI0kt6oZPhBw9
+i8gbMnqifVmGFpVdhq+QVBqp+MVJvTbhRPG63wIDAQABAoIBAQCD2bXnfxPcMnvi
+jaPwpvoDCPF0EBBHmk/0g5ApO2Qon3uBDJFUqbJwXrCY6o2d9MOJfnGONlKmcYA8
+X+d4h+SqwGjIkjxdYeSauS+Jy6Rzr1ptH/P8EjPQrfG9uJxYQDflV3nxYwwwVrx7
+8kccMPdteRB+8Bb7FzOHufMimmayCNFETnVT5CKH2PrYoPB+fr0itCipWOenDp33
+e73OV+K9U3rclmtHaoRxGohqByKfQRUkipjw4m+T3qfZZc5eN77RGW8J+oL1GVom
+fwtiH7N1HVte0Dmd13nhiASg355kjqRPcIMPsRHvXkOpgg5HRUTKG5elqAyvvm27
+Fzj1YdeRAoGBAMnE61+FYh8qCyEGe8r6RGjO8iuoyk1t+0gBWbmILLBiRnj4K8Tc
+k7HBG/pg3XCNbCuRwiLg8tk3VAAXzn6o+IJr3QnKbNCGa1lKfYU4mt11sBEyuL5V
+NpZcZ8IiPhMlGyDA9cFbTMKOE08RqbOIdxOmTizFt0R5sYZAwOjEvBIZAoGBAMeC
+N/P0bdrScFZGeS51wEdiWme/CO0IyGoqU6saI8L0dbmMJquiaAeIEjIKLqxH1RON
+axhsyk97e0PCcc5QK62Utf50UUAbL/v7CpIG+qdSRYDO4bVHSCkwF32N3pYh/iVU
+EsEBEkZiJi0dWa/0asDbsACutxcHda3RI5pi7oO3AoGAcbGNs/CUHt1xEfX2UaT+
+YVSjb2iYPlNH8gYYygvqqqVl8opdF3v3mYUoP8jPXrnCBzcF/uNk1HNx2O+RQxvx
+lIQ1NGwlLsdfvBvWaPhBg6LqSHadVVrs/IMrUGA9PEp/Y9B3arIIqeSnCrn4Nxsh
+higDCwWKRIKSPwVD7qXVGBkCgYEAu5/CASIRIeYgEXMLSd8hKcDcJo8o1MoauIT/
+1Hyrvw9pm0qrn2QHk3WrLvYWeJzBTTcEzZ6aEG+fN9UodA8/VGnzUc6QDsrCsKWh
+hj0cArlDdeSZrYLQ4TNCFCiUePqU6QQM8weP6TMqlejxTKF+t8qi1bF5rCWuzP1P
+D0UU7DcCgYAUvmEGckugS+FTatop8S/rmkcQ4Bf5M/YCZfsySavucDiHcBt0QtXt
+Swh0XdDsYS3W1yj2XqqsQ7R58KNaffCHjjulWFzb5IiuSvvdxzWtiXHisOpO36MJ
+kUlCMj24a8XsShzYTWBIyW2ngvGe3pQ9PfjkUdm0LGZjYITCBvgOKw==
+-----END RSA PRIVATE KEY-----
+"""
+
+
+class test_vault2_plugin(Declarative):
+
+ @classmethod
+ def setup_class(cls):
+ if not api.Backend.rpcclient.isconnected():
+ api.Backend.rpcclient.connect(fallback=False)
+
+ if not api.Command.kra_is_enabled()['result']:
+ raise nose.SkipTest('KRA service is not enabled')
+
+ super(test_vault2_plugin, cls).setup_class()
+
+ cleanup_commands = [
+ ('vault2_del', [vault_name], {'continue': True}),
+ ('vault2_del', [vault_name], {
+ 'servicename': service_name,
+ 'continue': True
+ }),
+ ('vault2_del', [vault_name], {'shared': True, 'continue': True}),
+ ('vault2_del', [vault_name], {
+ 'username': user_name,
+ 'continue': True
+ }),
+ ('vault2_del', [standard_vault_name], {'continue': True}),
+ ('vault2_del', [symmetric_vault_name], {'continue': True}),
+ ('vault2_del', [asymmetric_vault_name], {'continue': True}),
+ ]
+
+ tests = [
+
+ {
+ 'desc': 'Create private vault',
+ 'command': (
+ 'vault2_add',
+ [vault_name],
+ {},
+ ),
+ 'expected': {
+ 'value': vault_name,
+ 'summary': 'Added vault "%s"' % vault_name,
+ 'result': {
+ 'dn': u'cn=%s,cn=admin,cn=users,cn=vaults,cn=kra,%s'
+ % (vault_name, api.env.basedn),
+ 'objectclass': [u'top', u'ipaVault'],
+ 'cn': [vault_name],
+ 'ipavaulttype': [u'standard'],
+ 'owner_user': [u'admin'],
+ },
+ },
+ },
+
+ {
+ 'desc': 'Find private vaults',
+ 'command': (
+ 'vault2_find',
+ [],
+ {},
+ ),
+ 'expected': {
+ 'count': 1,
+ 'truncated': False,
+ 'summary': u'1 vault matched',
+ 'result': [
+ {
+ 'dn': u'cn=%s,cn=admin,cn=users,cn=vaults,cn=kra,%s'
+ % (vault_name, api.env.basedn),
+ 'cn': [vault_name],
+ 'ipavaulttype': [u'standard'],
+ },
+ ],
+ },
+ },
+
+ {
+ 'desc': 'Show private vault',
+ 'command': (
+ 'vault2_show',
+ [vault_name],
+ {},
+ ),
+ 'expected': {
+ 'value': vault_name,
+ 'summary': None,
+ 'result': {
+ 'dn': u'cn=%s,cn=admin,cn=users,cn=vaults,cn=kra,%s'
+ % (vault_name, api.env.basedn),
+ 'cn': [vault_name],
+ 'ipavaulttype': [u'standard'],
+ 'owner_user': [u'admin'],
+ },
+ },
+ },
+
+ {
+ 'desc': 'Modify private vault',
+ 'command': (
+ 'vault2_mod',
+ [vault_name],
+ {
+ 'description': u'Test vault',
+ },
+ ),
+ 'expected': {
+ 'value': vault_name,
+ 'summary': u'Modified vault "%s"' % vault_name,
+ 'result': {
+ 'cn': [vault_name],
+ 'description': [u'Test vault'],
+ 'ipavaulttype': [u'standard'],
+ 'owner_user': [u'admin'],
+ },
+ },
+ },
+
+ {
+ 'desc': 'Delete private vault',
+ 'command': (
+ 'vault2_del',
+ [vault_name],
+ {},
+ ),
+ 'expected': {
+ 'value': [vault_name],
+ 'summary': u'Deleted vault "%s"' % vault_name,
+ 'result': {
+ 'failed': (),
+ },
+ },
+ },
+
+ {
+ 'desc': 'Create service vault',
+ 'command': (
+ 'vault2_add',
+ [vault_name],
+ {
+ 'servicename': service_name,
+ },
+ ),
+ 'expected': {
+ 'value': vault_name,
+ 'summary': u'Added vault "%s"' % vault_name,
+ 'result': {
+ 'dn': u'cn=%s,cn=%s,cn=services,cn=vaults,cn=kra,%s'
+ % (vault_name, service_name, api.env.basedn),
+ 'objectclass': [u'top', u'ipaVault'],
+ 'cn': [vault_name],
+ 'ipavaulttype': [u'standard'],
+ 'owner_user': [u'admin'],
+ },
+ },
+ },
+
+ {
+ 'desc': 'Find service vaults',
+ 'command': (
+ 'vault2_find',
+ [],
+ {
+ 'servicename': service_name,
+ },
+ ),
+ 'expected': {
+ 'count': 1,
+ 'truncated': False,
+ 'summary': u'1 vault matched',
+ 'result': [
+ {
+ 'dn': u'cn=%s,cn=%s,cn=services,cn=vaults,cn=kra,%s'
+ % (vault_name, service_name, api.env.basedn),
+ 'cn': [vault_name],
+ 'ipavaulttype': [u'standard'],
+ },
+ ],
+ },
+ },
+
+ {
+ 'desc': 'Show service vault',
+ 'command': (
+ 'vault2_show',
+ [vault_name],
+ {
+ 'servicename': service_name,
+ },
+ ),
+ 'expected': {
+ 'value': vault_name,
+ 'summary': None,
+ 'result': {
+ 'dn': u'cn=%s,cn=%s,cn=services,cn=vaults,cn=kra,%s'
+ % (vault_name, service_name, api.env.basedn),
+ 'cn': [vault_name],
+ 'ipavaulttype': [u'standard'],
+ 'owner_user': [u'admin'],
+ },
+ },
+ },
+
+ {
+ 'desc': 'Modify service vault',
+ 'command': (
+ 'vault2_mod',
+ [vault_name],
+ {
+ 'servicename': service_name,
+ 'description': u'Test vault',
+ },
+ ),
+ 'expected': {
+ 'value': vault_name,
+ 'summary': u'Modified vault "%s"' % vault_name,
+ 'result': {
+ 'cn': [vault_name],
+ 'description': [u'Test vault'],
+ 'ipavaulttype': [u'standard'],
+ 'owner_user': [u'admin'],
+ },
+ },
+ },
+
+ {
+ 'desc': 'Delete service vault',
+ 'command': (
+ 'vault2_del',
+ [vault_name],
+ {
+ 'servicename': service_name,
+ },
+ ),
+ 'expected': {
+ 'value': [vault_name],
+ 'summary': u'Deleted vault "%s"' % vault_name,
+ 'result': {
+ 'failed': (),
+ },
+ },
+ },
+
+ {
+ 'desc': 'Create shared vault',
+ 'command': (
+ 'vault2_add',
+ [vault_name],
+ {
+ 'shared': True
+ },
+ ),
+ 'expected': {
+ 'value': vault_name,
+ 'summary': u'Added vault "%s"' % vault_name,
+ 'result': {
+ 'dn': u'cn=%s,cn=shared,cn=vaults,cn=kra,%s'
+ % (vault_name, api.env.basedn),
+ 'objectclass': [u'top', u'ipaVault'],
+ 'cn': [vault_name],
+ 'ipavaulttype': [u'standard'],
+ 'owner_user': [u'admin'],
+ },
+ },
+ },
+
+ {
+ 'desc': 'Find shared vaults',
+ 'command': (
+ 'vault2_find',
+ [],
+ {
+ 'shared': True
+ },
+ ),
+ 'expected': {
+ 'count': 1,
+ 'truncated': False,
+ 'summary': u'1 vault matched',
+ 'result': [
+ {
+ 'dn': u'cn=%s,cn=shared,cn=vaults,cn=kra,%s'
+ % (vault_name, api.env.basedn),
+ 'cn': [vault_name],
+ 'ipavaulttype': [u'standard'],
+ },
+ ],
+ },
+ },
+
+ {
+ 'desc': 'Show shared vault',
+ 'command': (
+ 'vault2_show',
+ [vault_name],
+ {
+ 'shared': True
+ },
+ ),
+ 'expected': {
+ 'value': vault_name,
+ 'summary': None,
+ 'result': {
+ 'dn': u'cn=%s,cn=shared,cn=vaults,cn=kra,%s'
+ % (vault_name, api.env.basedn),
+ 'cn': [vault_name],
+ 'ipavaulttype': [u'standard'],
+ 'owner_user': [u'admin'],
+ },
+ },
+ },
+
+ {
+ 'desc': 'Modify shared vault',
+ 'command': (
+ 'vault2_mod',
+ [vault_name],
+ {
+ 'shared': True,
+ 'description': u'Test vault',
+ },
+ ),
+ 'expected': {
+ 'value': vault_name,
+ 'summary': u'Modified vault "%s"' % vault_name,
+ 'result': {
+ 'cn': [vault_name],
+ 'description': [u'Test vault'],
+ 'ipavaulttype': [u'standard'],
+ 'owner_user': [u'admin'],
+ },
+ },
+ },
+
+ {
+ 'desc': 'Delete shared vault',
+ 'command': (
+ 'vault2_del',
+ [vault_name],
+ {
+ 'shared': True
+ },
+ ),
+ 'expected': {
+ 'value': [vault_name],
+ 'summary': u'Deleted vault "%s"' % vault_name,
+ 'result': {
+ 'failed': (),
+ },
+ },
+ },
+
+ {
+ 'desc': 'Create user vault',
+ 'command': (
+ 'vault2_add',
+ [vault_name],
+ {
+ 'username': user_name,
+ },
+ ),
+ 'expected': {
+ 'value': vault_name,
+ 'summary': u'Added vault "%s"' % vault_name,
+ 'result': {
+ 'dn': u'cn=%s,cn=%s,cn=users,cn=vaults,cn=kra,%s'
+ % (vault_name, user_name, api.env.basedn),
+ 'objectclass': [u'top', u'ipaVault'],
+ 'cn': [vault_name],
+ 'ipavaulttype': [u'standard'],
+ 'owner_user': [u'admin'],
+ },
+ },
+ },
+
+ {
+ 'desc': 'Find user vaults',
+ 'command': (
+ 'vault2_find',
+ [],
+ {
+ 'username': user_name,
+ },
+ ),
+ 'expected': {
+ 'count': 1,
+ 'truncated': False,
+ 'summary': u'1 vault matched',
+ 'result': [
+ {
+ 'dn': u'cn=%s,cn=%s,cn=users,cn=vaults,cn=kra,%s'
+ % (vault_name, user_name, api.env.basedn),
+ 'cn': [vault_name],
+ 'ipavaulttype': [u'standard'],
+ },
+ ],
+ },
+ },
+
+ {
+ 'desc': 'Show user vault',
+ 'command': (
+ 'vault2_show',
+ [vault_name],
+ {
+ 'username': user_name,
+ },
+ ),
+ 'expected': {
+ 'value': vault_name,
+ 'summary': None,
+ 'result': {
+ 'dn': u'cn=%s,cn=%s,cn=users,cn=vaults,cn=kra,%s'
+ % (vault_name, user_name, api.env.basedn),
+ 'cn': [vault_name],
+ 'ipavaulttype': [u'standard'],
+ 'owner_user': [u'admin'],
+ },
+ },
+ },
+
+ {
+ 'desc': 'Modify user vault',
+ 'command': (
+ 'vault2_mod',
+ [vault_name],
+ {
+ 'username': user_name,
+ 'description': u'Test vault',
+ },
+ ),
+ 'expected': {
+ 'value': vault_name,
+ 'summary': u'Modified vault "%s"' % vault_name,
+ 'result': {
+ 'cn': [vault_name],
+ 'description': [u'Test vault'],
+ 'ipavaulttype': [u'standard'],
+ 'owner_user': [u'admin'],
+ },
+ },
+ },
+
+ {
+ 'desc': 'Delete user vault',
+ 'command': (
+ 'vault2_del',
+ [vault_name],
+ {
+ 'username': user_name,
+ },
+ ),
+ 'expected': {
+ 'value': [vault_name],
+ 'summary': u'Deleted vault "%s"' % vault_name,
+ 'result': {
+ 'failed': (),
+ },
+ },
+ },
+
+ {
+ 'desc': 'Create standard vault',
+ 'command': (
+ 'vault2_add',
+ [standard_vault_name],
+ {},
+ ),
+ 'expected': {
+ 'value': standard_vault_name,
+ 'summary': 'Added vault "%s"' % standard_vault_name,
+ 'result': {
+ 'dn': u'cn=%s,cn=admin,cn=users,cn=vaults,cn=kra,%s'
+ % (standard_vault_name, api.env.basedn),
+ 'objectclass': [u'top', u'ipaVault'],
+ 'cn': [standard_vault_name],
+ 'ipavaulttype': [u'standard'],
+ 'owner_user': [u'admin'],
+ },
+ },
+ },
+
+ {
+ 'desc': 'Archive secret into standard vault',
+ 'command': (
+ 'vault2_archive',
+ [standard_vault_name],
+ {
+ 'data': secret,
+ },
+ ),
+ 'expected': {
+ 'value': standard_vault_name,
+ 'summary': 'Archived data into vault "%s"'
+ % standard_vault_name,
+ 'result': {},
+ },
+ },
+
+ {
+ 'desc': 'Retrieve secret from standard vault',
+ 'command': (
+ 'vault2_retrieve',
+ [standard_vault_name],
+ {},
+ ),
+ 'expected': {
+ 'value': standard_vault_name,
+ 'summary': 'Retrieved data from vault "%s"'
+ % standard_vault_name,
+ 'result': {
+ 'data': secret,
+ },
+ },
+ },
+
+ {
+ 'desc': 'Create symmetric vault',
+ 'command': (
+ 'vault2_add',
+ [symmetric_vault_name],
+ {
+ 'ipavaulttype': u'symmetric',
+ 'password': password,
+ },
+ ),
+ 'expected': {
+ 'value': symmetric_vault_name,
+ 'summary': 'Added vault "%s"' % symmetric_vault_name,
+ 'result': {
+ 'dn': u'cn=%s,cn=admin,cn=users,cn=vaults,cn=kra,%s'
+ % (symmetric_vault_name, api.env.basedn),
+ 'objectclass': [u'top', u'ipaVault'],
+ 'cn': [symmetric_vault_name],
+ 'ipavaulttype': [u'symmetric'],
+ 'ipavaultsalt': [fuzzy_string],
+ 'owner_user': [u'admin'],
+ },
+ },
+ },
+
+ {
+ 'desc': 'Archive secret into symmetric vault',
+ 'command': (
+ 'vault2_archive',
+ [symmetric_vault_name],
+ {
+ 'password': password,
+ 'data': secret,
+ },
+ ),
+ 'expected': {
+ 'value': symmetric_vault_name,
+ 'summary': 'Archived data into vault "%s"'
+ % symmetric_vault_name,
+ 'result': {},
+ },
+ },
+
+ {
+ 'desc': 'Retrieve secret from symmetric vault',
+ 'command': (
+ 'vault2_retrieve',
+ [symmetric_vault_name],
+ {
+ 'password': password,
+ },
+ ),
+ 'expected': {
+ 'value': symmetric_vault_name,
+ 'summary': 'Retrieved data from vault "%s"'
+ % symmetric_vault_name,
+ 'result': {
+ 'data': secret,
+ },
+ },
+ },
+
+ {
+ 'desc': 'Create asymmetric vault',
+ 'command': (
+ 'vault2_add',
+ [asymmetric_vault_name],
+ {
+ 'ipavaulttype': u'asymmetric',
+ 'ipavaultpublickey': public_key,
+ },
+ ),
+ 'expected': {
+ 'value': asymmetric_vault_name,
+ 'summary': 'Added vault "%s"' % asymmetric_vault_name,
+ 'result': {
+ 'dn': u'cn=%s,cn=admin,cn=users,cn=vaults,cn=kra,%s'
+ % (asymmetric_vault_name, api.env.basedn),
+ 'objectclass': [u'top', u'ipaVault'],
+ 'cn': [asymmetric_vault_name],
+ 'ipavaulttype': [u'asymmetric'],
+ 'ipavaultpublickey': [public_key],
+ 'owner_user': [u'admin'],
+ },
+ },
+ },
+
+ {
+ 'desc': 'Archive secret into asymmetric vault',
+ 'command': (
+ 'vault2_archive',
+ [asymmetric_vault_name],
+ {
+ 'data': secret,
+ },
+ ),
+ 'expected': {
+ 'value': asymmetric_vault_name,
+ 'summary': 'Archived data into vault "%s"'
+ % asymmetric_vault_name,
+ 'result': {},
+ },
+ },
+
+ {
+ 'desc': 'Retrieve secret from asymmetric vault',
+ 'command': (
+ 'vault2_retrieve',
+ [asymmetric_vault_name],
+ {
+ 'private_key': private_key,
+ },
+ ),
+ 'expected': {
+ 'value': asymmetric_vault_name,
+ 'summary': 'Retrieved data from vault "%s"'
+ % asymmetric_vault_name,
+ 'result': {
+ 'data': secret,
+ },
+ },
+ },
+
+ ]
--
2.4.3
More information about the Freeipa-devel
mailing list