[Freeipa-devel] [PATCH] 916 vault: add vault container commands

Petr Vobornik pvoborni at redhat.com
Wed Aug 26 11:22:38 UTC 2015 

On 08/25/2015 08:04 PM, Petr Vobornik wrote:
> adds commands:
> * vaultcontainer-show [--service <service>|--user <user> ]
> * vaultcontainer-add-owner
>       [--service <service>|--user <user> ]
>       [--users <users>]  [--groups <groups>] [--services <services>]
> * vaultcontainer-remove-owner
>       [--service <service>|--user <user> ]
>       [--users <users>]  [--groups <groups>] [--services <services>]
>
> https://fedorahosted.org/freeipa/ticket/5250
>
> Use cases:
> 1. When user/service is deleted, associated vault container looses
> owner. There was no API command to set the owner.
> 2. Change owner of container by admin to manage access.
>
> Show command was added to show current owners.
>
> Find command was not added, should it be?
>
>

There is also a design for vault container ownership handling created by 
Endi - it's for future Vault 2.0.

http://www.freeipa.org/page/V4/Password_Vault_2.0#Adding_container_owner

This patch has a different API than the proposed - different way of 
specifying the container. The design page uses path e.g. /users/foobar. 
This patch uses the same way as vaults e.g. --user=foobar. This means 
that the implementation in this patch cannot manage ownership of parent 
vault containers e.g. cn=users,cn=vaults,cn=kra,$SUFFIX.

Do we want to go with this approach in 4.2?

Attaching also new path which removes setting of owner which doesn't 
exist so that integrity is OK and that it is consistent with removing of 
user.

Updated patch attached - output fix.
-- 
Petr Vobornik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvoborni-0918-vault-set-vaultcontainer-owner-only-if-exists.patch
Type: text/x-patch
Size: 1363 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150826/2e5b73be/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvoborni-0916-1-vault-add-vault-container-commands.patch
Type: text/x-patch
Size: 10066 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150826/2e5b73be/attachment-0001.bin>

More information about the Freeipa-devel mailing list