class selinuxusermap(Object):
takes_params = (
parameters.Str(
'cn',
primary_key=True,
label=_(u'Rule name'),
),
parameters.Str(
'ipaselinuxuser',
label=_(u'SELinux User'),
),
parameters.Str(
'seealso',
required=False,
label=_(u'HBAC Rule'),
doc=_(u'HBAC Rule that defines the users, groups and hostgroups'),
),
parameters.Str(
'usercategory',
required=False,
label=_(u'User category'),
doc=_(u'User category the rule applies to'),
),
parameters.Str(
'hostcategory',
required=False,
label=_(u'Host category'),
doc=_(u'Host category the rule applies to'),
),
parameters.Str(
'description',
required=False,
label=_(u'Description'),
),
parameters.Bool(
'ipaenabledflag',
required=False,
label=_(u'Enabled'),
),
parameters.Str(
'memberuser_user',
required=False,
label=_(u'Users'),
),
parameters.Str(
'memberuser_group',
required=False,
label=_(u'User Groups'),
),
parameters.Str(
'memberhost_host',
required=False,
label=_(u'Hosts'),
),
parameters.Str(
'memberhost_hostgroup',
required=False,
label=_(u'Host Groups'),
),
)
class certprofile_import(Method):
__doc__ = _("Import a Certificate Profile.")
takes_args = (
parameters.Str(
'cn',
cli_name='id',
label=_(u'Profile ID'),
doc=_(u'Profile ID for referring to this profile'),
),
)
takes_options = (
parameters.Str(
'description',
cli_name='desc',
label=_(u'Profile description'),
doc=_(u'Brief description of this profile'),
),
parameters.Bool(
'ipacertprofilestoreissued',
cli_name='store',
label=_(u'Store issued certificates'),
doc=_(u'Whether to store certs issued using this profile'),
default=True,
),
parameters.Str(
'file',
label=_(u'Filename of a raw profile. The XML format is not supported.'),
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry(
'result',
),
output.PrimaryKey(
'value',
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class certprofile(Object):
takes_params = (
parameters.Str(
'cn',
primary_key=True,
label=_(u'Profile ID'),
doc=_(u'Profile ID for referring to this profile'),
),
parameters.Str(
'description',
label=_(u'Profile description'),
doc=_(u'Brief description of this profile'),
),
parameters.Bool(
'ipacertprofilestoreissued',
label=_(u'Store issued certificates'),
doc=_(u'Whether to store certs issued using this profile'),
),
)
class migrate_ds(Command):
__doc__ = _("Migrate users and groups from DS to IPA.")
takes_args = (
parameters.Str(
'ldapuri',
cli_name='ldap_uri',
label=_(u'LDAP URI'),
doc=_(u'LDAP URI of DS server to migrate from'),
),
parameters.Password(
'bindpw',
cli_name='password',
label=_(u'Password'),
doc=_(u'bind password'),
),
)
takes_options = (
parameters.DNParam(
'binddn',
required=False,
cli_name='bind_dn',
label=_(u'Bind DN'),
default=DN(u'cn=directory manager'),
autofill=True,
),
parameters.DNParam(
'usercontainer',
cli_name='user_container',
label=_(u'User container'),
doc=_(u'DN of container for users in DS relative to base DN'),
default=DN(u'ou=people'),
autofill=True,
),
parameters.DNParam(
'groupcontainer',
cli_name='group_container',
label=_(u'Group container'),
doc=_(u'DN of container for groups in DS relative to base DN'),
default=DN(u'ou=groups'),
autofill=True,
),
parameters.Str(
'userobjectclass',
multivalue=True,
cli_name='user_objectclass',
label=_(u'User object class'),
doc=_(u'Objectclasses used to search for user entries in DS'),
default=(u'person',),
autofill=True,
),
parameters.Str(
'groupobjectclass',
multivalue=True,
cli_name='group_objectclass',
label=_(u'Group object class'),
doc=_(u'Objectclasses used to search for group entries in DS'),
default=(u'groupOfUniqueNames', u'groupOfNames'),
autofill=True,
),
parameters.Str(
'userignoreobjectclass',
required=False,
multivalue=True,
cli_name='user_ignore_objectclass',
label=_(u'Ignore user object class'),
doc=_(u'Objectclasses to be ignored for user entries in DS'),
default=(),
autofill=True,
),
parameters.Str(
'userignoreattribute',
required=False,
multivalue=True,
cli_name='user_ignore_attribute',
label=_(u'Ignore user attribute'),
doc=_(u'Attributes to be ignored for user entries in DS'),
default=(),
autofill=True,
),
parameters.Str(
'groupignoreobjectclass',
required=False,
multivalue=True,
cli_name='group_ignore_objectclass',
label=_(u'Ignore group object class'),
doc=_(u'Objectclasses to be ignored for group entries in DS'),
default=(),
autofill=True,
),
parameters.Str(
'groupignoreattribute',
required=False,
multivalue=True,
cli_name='group_ignore_attribute',
label=_(u'Ignore group attribute'),
doc=_(u'Attributes to be ignored for group entries in DS'),
default=(),
autofill=True,
),
parameters.Flag(
'groupoverwritegid',
cli_name='group_overwrite_gid',
label=_(u'Overwrite GID'),
doc=_(u'When migrating a group already existing in IPA domain overwrite the group GID and report as success'),
default=False,
autofill=True,
),
parameters.Str(
'schema',
required=False,
cli_metavar="['RFC2307bis', 'RFC2307']",
label=_(u'LDAP schema'),
doc=_(u'The schema used on the LDAP server. Supported values are RFC2307 and RFC2307bis. The default is RFC2307bis'),
default=u'RFC2307bis',
autofill=True,
),
parameters.Flag(
'continue',
required=False,
label=_(u'Continue'),
doc=_(u'Continuous operation mode. Errors are reported but the process continues'),
default=False,
autofill=True,
),
parameters.DNParam(
'basedn',
required=False,
cli_name='base_dn',
label=_(u'Base DN'),
doc=_(u'Base DN on remote LDAP server'),
),
parameters.Flag(
'compat',
required=False,
cli_name='with_compat',
label=_(u'Ignore compat plugin'),
doc=_(u'Allows migration despite the usage of compat plugin'),
default=False,
autofill=True,
),
parameters.Str(
'cacertfile',
required=False,
cli_name='ca_cert_file',
label=_(u'CA certificate'),
doc=_(u'Load CA certificate of LDAP server from FILE'),
),
parameters.Bool(
'use_def_group',
required=False,
cli_name='use_default_group',
label=_(u'Add to default group'),
doc=_(u'Add migrated users without a group to a default group (default: true)'),
default=True,
autofill=True,
),
parameters.Str(
'scope',
cli_metavar="['base', 'subtree', 'onelevel']",
label=_(u'Search scope'),
doc=_(u'LDAP search scope for users and groups: base, onelevel, or subtree. Defaults to onelevel'),
default=u'onelevel',
autofill=True,
),
parameters.Str(
'exclude_groups',
required=False,
multivalue=True,
doc=_(u'groups to exclude from migration'),
default=(),
autofill=True,
),
parameters.Str(
'exclude_users',
required=False,
multivalue=True,
doc=_(u'users to exclude from migration'),
default=(),
autofill=True,
),
)
has_output = (
output.Output(
'result',
dict,
doc=_(u'Lists of objects migrated; categorized by type.'),
),
output.Output(
'failed',
dict,
doc=_(u'Lists of objects that could not be migrated; categorized by type.'),
),
output.Output(
'enabled',
bool,
doc=_(u'False if migration mode was disabled.'),
),
output.Output(
'compat',
bool,
doc=_(u'False if migration fails because the compatibility plug-in is enabled.'),
),
)
class sudorule_find(Method):
__doc__ = _("Search for Sudo Rule.")
takes_args = (parameters.Str(
'criteria',
required=False,
doc=_(u'A string searched in all relevant object attributes'),
), )
takes_options = (
parameters.Str(
'cn',
required=False,
cli_name='sudorule_name',
label=_(u'Rule name'),
),
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Description'),
),
parameters.Bool(
'ipaenabledflag',
required=False,
label=_(u'Enabled'),
exclude=('cli', 'webui'),
),
parameters.Str(
'usercategory',
required=False,
cli_name='usercat',
cli_metavar="['all']",
label=_(u'User category'),
doc=_(u'User category the rule applies to'),
),
parameters.Str(
'hostcategory',
required=False,
cli_name='hostcat',
cli_metavar="['all']",
label=_(u'Host category'),
doc=_(u'Host category the rule applies to'),
),
parameters.Str(
'cmdcategory',
required=False,
cli_name='cmdcat',
cli_metavar="['all']",
label=_(u'Command category'),
doc=_(u'Command category the rule applies to'),
),
parameters.Str(
'ipasudorunasusercategory',
required=False,
cli_name='runasusercat',
cli_metavar="['all']",
label=_(u'RunAs User category'),
doc=_(u'RunAs User category the rule applies to'),
),
parameters.Str(
'ipasudorunasgroupcategory',
required=False,
cli_name='runasgroupcat',
cli_metavar="['all']",
label=_(u'RunAs Group category'),
doc=_(u'RunAs Group category the rule applies to'),
),
parameters.Int(
'sudoorder',
required=False,
cli_name='order',
label=_(u'Sudo order'),
doc=_(u'integer to order the Sudo rules'),
default=0,
),
parameters.Str(
'externaluser',
required=False,
label=_(u'External User'),
doc=_(u'External User the rule applies to (sudorule-find only)'),
),
parameters.Str(
'ipasudorunasextuser',
required=False,
cli_name='runasexternaluser',
label=_(u'RunAs External User'),
doc=_(
u'External User the commands can run as (sudorule-find only)'),
),
parameters.Str(
'ipasudorunasextgroup',
required=False,
cli_name='runasexternalgroup',
label=_(u'RunAs External Group'),
doc=_(
u'External Group the commands can run as (sudorule-find only)'
),
),
parameters.Str(
'externalhost',
required=False,
multivalue=True,
label=_(u'External host'),
exclude=('cli', 'webui'),
),
parameters.Int(
'timelimit',
required=False,
label=_(u'Time Limit'),
doc=_(u'Time limit of search in seconds'),
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=_(u'Maximum number of entries returned'),
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'pkey_only',
required=False,
label=_(u'Primary key only'),
doc=
_(u'Results should contain primary key attribute only ("sudorule-name")'
),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries('result', ),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class config(Object):
takes_params = (
parameters.Int(
'ipamaxusernamelength',
label=_(u'Maximum username length'),
),
parameters.Str(
'ipahomesrootdir',
label=_(u'Home directory base'),
doc=_(u'Default location of home directories'),
),
parameters.Str(
'ipadefaultloginshell',
label=_(u'Default shell'),
doc=_(u'Default shell for new users'),
),
parameters.Str(
'ipadefaultprimarygroup',
label=_(u'Default users group'),
doc=_(u'Default group for new users'),
),
parameters.Str(
'ipadefaultemaildomain',
required=False,
label=_(u'Default e-mail domain'),
),
parameters.Int(
'ipasearchtimelimit',
label=_(u'Search time limit'),
doc=
_(u'Maximum amount of time (seconds) for a search (> 0, or -1 for unlimited)'
),
),
parameters.Int(
'ipasearchrecordslimit',
label=_(u'Search size limit'),
doc=_(u'Maximum number of records to search (-1 is unlimited)'),
),
parameters.Str(
'ipausersearchfields',
label=_(u'User search fields'),
doc=
_(u'A comma-separated list of fields to search in when searching for users'
),
),
parameters.Str(
'ipagroupsearchfields',
label=_(u'Group search fields'),
doc=
_(u'A comma-separated list of fields to search in when searching for groups'
),
),
parameters.Bool(
'ipamigrationenabled',
label=_(u'Enable migration mode'),
),
parameters.DNParam(
'ipacertificatesubjectbase',
label=_(u'Certificate Subject base'),
doc=_(u'Base for certificate subjects (OU=Test,O=Example)'),
),
parameters.Str(
'ipagroupobjectclasses',
multivalue=True,
label=_(u'Default group objectclasses'),
doc=_(u'Default group objectclasses (comma-separated list)'),
),
parameters.Str(
'ipauserobjectclasses',
multivalue=True,
label=_(u'Default user objectclasses'),
doc=_(u'Default user objectclasses (comma-separated list)'),
),
parameters.Int(
'ipapwdexpadvnotify',
label=_(u'Password Expiration Notification (days)'),
doc=_(u"Number of days's notice of impending password expiration"),
),
parameters.Str(
'ipaconfigstring',
required=False,
multivalue=True,
label=_(u'Password plugin features'),
doc=_(u'Extra hashes to generate in password plug-in'),
),
parameters.Str(
'ipaselinuxusermaporder',
label=_(u'SELinux user map order'),
doc=_(
u'Order in increasing priority of SELinux users, delimited by $'
),
),
parameters.Str(
'ipaselinuxusermapdefault',
required=False,
label=_(u'Default SELinux user'),
doc=
_(u'Default SELinux user when no match is found in SELinux map rule'
),
),
parameters.Str(
'ipakrbauthzdata',
required=False,
multivalue=True,
label=_(u'Default PAC types'),
doc=_(u'Default types of PAC supported for services'),
),
)
class certprofile_find(Method):
__doc__ = _("Search for Certificate Profiles.")
takes_args = (parameters.Str(
'criteria',
required=False,
doc=_(u'A string searched in all relevant object attributes'),
), )
takes_options = (
parameters.Str(
'cn',
required=False,
cli_name='id',
label=_(u'Profile ID'),
doc=_(u'Profile ID for referring to this profile'),
),
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Profile description'),
doc=_(u'Brief description of this profile'),
),
parameters.Bool(
'ipacertprofilestoreissued',
required=False,
cli_name='store',
label=_(u'Store issued certificates'),
doc=_(u'Whether to store certs issued using this profile'),
default=True,
),
parameters.Int(
'timelimit',
required=False,
label=_(u'Time Limit'),
doc=_(u'Time limit of search in seconds (0 is unlimited)'),
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=_(u'Maximum number of entries returned (0 is unlimited)'),
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'pkey_only',
required=False,
label=_(u'Primary key only'),
doc=_(u'Results should contain primary key attribute only ("id")'),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries('result', ),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class hbacrule(Object):
takes_params = (
parameters.Str(
'cn',
primary_key=True,
label=_(u'Rule name'),
),
parameters.Str(
'accessruletype',
label=_(u'Rule type'),
doc=_(u'Rule type (allow)'),
exclude=('webui', 'cli'),
),
parameters.Str(
'usercategory',
required=False,
label=_(u'User category'),
doc=_(u'User category the rule applies to'),
),
parameters.Str(
'hostcategory',
required=False,
label=_(u'Host category'),
doc=_(u'Host category the rule applies to'),
),
parameters.Str(
'sourcehostcategory',
required=False,
),
parameters.Str(
'servicecategory',
required=False,
label=_(u'Service category'),
doc=_(u'Service category the rule applies to'),
),
parameters.Str(
'description',
required=False,
label=_(u'Description'),
),
parameters.Bool(
'ipaenabledflag',
required=False,
label=_(u'Enabled'),
),
parameters.Str(
'memberuser_user',
required=False,
label=_(u'Users'),
),
parameters.Str(
'memberuser_group',
required=False,
label=_(u'User Groups'),
),
parameters.Str(
'memberhost_host',
required=False,
label=_(u'Hosts'),
),
parameters.Str(
'memberhost_hostgroup',
required=False,
label=_(u'Host Groups'),
),
parameters.Str(
'sourcehost_host',
required=False,
),
parameters.Str(
'sourcehost_hostgroup',
required=False,
),
parameters.Str(
'memberservice_hbacsvc',
required=False,
label=_(u'Services'),
),
parameters.Str(
'memberservice_hbacsvcgroup',
required=False,
label=_(u'Service Groups'),
),
parameters.Str(
'externalhost',
required=False,
multivalue=True,
label=_(u'External host'),
),
)
class otptoken_add(Method):
__doc__ = _("Add a new OTP token.")
takes_args = (parameters.Str(
'ipatokenuniqueid',
required=False,
cli_name='id',
label=_(u'Unique ID'),
), )
takes_options = (
parameters.Str(
'type',
required=False,
cli_metavar="['totp', 'hotp', 'TOTP', 'HOTP']",
label=_(u'Type'),
doc=_(u'Type of the token'),
default=u'totp',
autofill=True,
),
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Description'),
doc=_(u'Token description (informational only)'),
),
parameters.Str(
'ipatokenowner',
required=False,
cli_name='owner',
label=_(u'Owner'),
doc=_(u'Assigned user of the token (default: self)'),
),
parameters.Bool(
'ipatokendisabled',
required=False,
cli_name='disabled',
label=_(u'Disabled'),
doc=_(u'Mark the token as disabled (default: false)'),
),
parameters.DateTime(
'ipatokennotbefore',
required=False,
cli_name='not_before',
label=_(u'Validity start'),
doc=_(u'First date/time the token can be used'),
),
parameters.DateTime(
'ipatokennotafter',
required=False,
cli_name='not_after',
label=_(u'Validity end'),
doc=_(u'Last date/time the token can be used'),
),
parameters.Str(
'ipatokenvendor',
required=False,
cli_name='vendor',
label=_(u'Vendor'),
doc=_(u'Token vendor name (informational only)'),
),
parameters.Str(
'ipatokenmodel',
required=False,
cli_name='model',
label=_(u'Model'),
doc=_(u'Token model (informational only)'),
),
parameters.Str(
'ipatokenserial',
required=False,
cli_name='serial',
label=_(u'Serial'),
doc=_(u'Token serial (informational only)'),
),
parameters.Bytes(
'ipatokenotpkey',
required=False,
cli_name='key',
label=_(u'Key'),
doc=_(u'Token secret (Base32; default: random)'),
default_from=DefaultFrom(lambda: None),
# FIXME:
# lambda: os.urandom(KEY_LENGTH)
autofill=True,
),
parameters.Str(
'ipatokenotpalgorithm',
required=False,
cli_name='algo',
cli_metavar="['sha1', 'sha256', 'sha384', 'sha512']",
label=_(u'Algorithm'),
doc=_(u'Token hash algorithm'),
default=u'sha1',
autofill=True,
),
parameters.Int(
'ipatokenotpdigits',
required=False,
cli_name='digits',
cli_metavar="['6', '8']",
label=_(u'Digits'),
doc=_(u'Number of digits each token code will have'),
default=6,
autofill=True,
),
parameters.Int(
'ipatokentotpclockoffset',
required=False,
cli_name='offset',
label=_(u'Clock offset'),
doc=_(u'TOTP token / IPA server time difference'),
default=0,
autofill=True,
),
parameters.Int(
'ipatokentotptimestep',
required=False,
cli_name='interval',
label=_(u'Clock interval'),
doc=_(u'Length of TOTP token code validity'),
default=30,
autofill=True,
),
parameters.Int(
'ipatokenhotpcounter',
required=False,
cli_name='counter',
label=_(u'Counter'),
doc=_(u'Initial counter for the HOTP token'),
default=0,
autofill=True,
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=
_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'
),
exclude=('webui', ),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=
_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'
),
exclude=('webui', ),
),
parameters.Flag(
'qrcode',
required=False,
label=_(u'(deprecated)'),
exclude=('cli', 'webui'),
default=False,
autofill=True,
),
parameters.Flag(
'no_qrcode',
label=_(u'Do not display QR code'),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry('result', ),
output.PrimaryKey(
'value',
doc=_(
u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class aci_find(Method):
__doc__ = _("""
Search for ACIs.
Returns a list of ACIs
EXAMPLES:
To find all ACIs that apply directly to members of the group ipausers:
ipa aci-find --memberof=ipausers
To find all ACIs that grant add access:
ipa aci-find --permissions=add
Note that the find command only looks for the given text in the set of
ACIs, it does not evaluate the ACIs to see if something would apply.
For example, searching on memberof=ipausers will find all ACIs that
have ipausers as a memberof. There may be other ACIs that apply to
members of that group indirectly.
""")
NO_CLI = True
takes_args = (parameters.Str(
'criteria',
required=False,
doc=_(u'A string searched in all relevant object attributes'),
), )
takes_options = (
parameters.Str(
'aciname',
required=False,
cli_name='name',
label=_(u'ACI name'),
),
parameters.Str(
'permission',
required=False,
label=_(u'Permission'),
doc=_(u'Permission ACI grants access to'),
),
parameters.Str(
'group',
required=False,
label=_(u'User group'),
doc=_(u'User group ACI grants access to'),
),
parameters.Str(
'permissions',
required=False,
multivalue=True,
label=_(u'Permissions'),
doc=_(u'Permissions to grant(read, write, add, delete, all)'),
no_convert=True,
),
parameters.Str(
'attrs',
required=False,
multivalue=True,
label=_(u'Attributes to which the permission applies'),
doc=_(u'Attributes'),
),
parameters.Str(
'type',
required=False,
cli_metavar=
"['user', 'group', 'host', 'service', 'hostgroup', 'netgroup', 'dnsrecord']",
label=_(u'Type'),
doc=
_(u'type of IPA object (user, group, host, hostgroup, service, netgroup)'
),
),
parameters.Str(
'memberof',
required=False,
label=_(u'Member of'),
doc=_(u'Member of a group'),
),
parameters.Str(
'filter',
required=False,
label=_(u'Filter'),
doc=_(u'Legal LDAP filter (e.g. ou=Engineering)'),
),
parameters.Str(
'subtree',
required=False,
label=_(u'Subtree'),
doc=_(u'Subtree to apply ACI to'),
),
parameters.Str(
'targetgroup',
required=False,
label=_(u'Target group'),
doc=_(u'Group to apply ACI to'),
),
parameters.Bool(
'selfaci',
required=False,
cli_name='self',
label=_(u'Target your own entry (self)'),
doc=_(u'Apply ACI to your own entry (self)'),
default=False,
),
parameters.Str(
'aciprefix',
required=False,
cli_name='prefix',
cli_metavar="['permission', 'delegation', 'selfservice', 'none']",
label=_(u'ACI prefix'),
doc=
_(u'Prefix used to distinguish ACI types (permission, delegation, selfservice, none)'
),
),
parameters.Flag(
'pkey_only',
required=False,
label=_(u'Primary key only'),
doc=_(
u'Results should contain primary key attribute only ("name")'),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries('result', ),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class user_mod(Method):
__doc__ = _("Modify a user.")
takes_args = (parameters.Str(
'uid',
cli_name='login',
label=_(u'User login'),
default_from=DefaultFrom(lambda givenname, sn: givenname[0] + sn,
'principal'),
no_convert=True,
), )
takes_options = (
parameters.Str(
'givenname',
required=False,
cli_name='first',
label=_(u'First name'),
),
parameters.Str(
'sn',
required=False,
cli_name='last',
label=_(u'Last name'),
),
parameters.Str(
'cn',
required=False,
label=_(u'Full name'),
default_from=DefaultFrom(
lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
),
parameters.Str(
'displayname',
required=False,
label=_(u'Display name'),
default_from=DefaultFrom(
lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
),
parameters.Str(
'initials',
required=False,
label=_(u'Initials'),
default_from=DefaultFrom(
lambda givenname, sn: '%c%c' % (givenname[0], sn[0]),
'principal'),
),
parameters.Str(
'homedirectory',
required=False,
cli_name='homedir',
label=_(u'Home directory'),
),
parameters.Str(
'gecos',
required=False,
label=_(u'GECOS field'),
default_from=DefaultFrom(
lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
),
parameters.Str(
'loginshell',
required=False,
cli_name='shell',
label=_(u'Login shell'),
),
parameters.Str(
'mail',
required=False,
multivalue=True,
cli_name='email',
label=_(u'Email address'),
),
parameters.Password(
'userpassword',
required=False,
cli_name='password',
label=_(u'Password'),
doc=_(u'Prompt to set the user password'),
exclude=('webui', ),
confirm=True,
),
parameters.Flag(
'random',
required=False,
doc=_(u'Generate a random user password'),
default=False,
autofill=True,
),
parameters.Int(
'uidnumber',
required=False,
cli_name='uid',
label=_(u'UID'),
doc=_(u'User ID Number (system will assign one if not provided)'),
default=999,
),
parameters.Int(
'gidnumber',
required=False,
label=_(u'GID'),
doc=_(u'Group ID Number'),
default=999,
),
parameters.Str(
'street',
required=False,
label=_(u'Street address'),
),
parameters.Str(
'l',
required=False,
cli_name='city',
label=_(u'City'),
),
parameters.Str(
'st',
required=False,
cli_name='state',
label=_(u'State/Province'),
),
parameters.Str(
'postalcode',
required=False,
label=_(u'ZIP'),
),
parameters.Str(
'telephonenumber',
required=False,
multivalue=True,
cli_name='phone',
label=_(u'Telephone Number'),
),
parameters.Str(
'mobile',
required=False,
multivalue=True,
label=_(u'Mobile Telephone Number'),
),
parameters.Str(
'pager',
required=False,
multivalue=True,
label=_(u'Pager Number'),
),
parameters.Str(
'facsimiletelephonenumber',
required=False,
multivalue=True,
cli_name='fax',
label=_(u'Fax Number'),
),
parameters.Str(
'ou',
required=False,
cli_name='orgunit',
label=_(u'Org. Unit'),
),
parameters.Str(
'title',
required=False,
label=_(u'Job Title'),
),
parameters.Str(
'manager',
required=False,
label=_(u'Manager'),
),
parameters.Str(
'carlicense',
required=False,
label=_(u'Car License'),
),
parameters.Bool(
'nsaccountlock',
required=False,
label=_(u'Account disabled'),
exclude=('cli', 'webui'),
),
parameters.Str(
'ipasshpubkey',
required=False,
multivalue=True,
cli_name='sshpubkey',
label=_(u'SSH public key'),
no_convert=True,
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=
_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'
),
exclude=('webui', ),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=
_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'
),
exclude=('webui', ),
),
parameters.Str(
'delattr',
required=False,
multivalue=True,
doc=
_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'
),
exclude=('webui', ),
),
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=
_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'
),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Str(
'rename',
required=False,
label=_(u'Rename'),
doc=_(u'Rename the user object'),
default_from=DefaultFrom(lambda givenname, sn: givenname[0] + sn,
'principal'),
no_convert=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry('result', ),
output.Output(
'value',
unicode,
doc=_(
u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class user(Object):
takes_params = (
parameters.Str(
'uid',
primary_key=True,
label=_(u'User login'),
),
parameters.Str(
'givenname',
label=_(u'First name'),
),
parameters.Str(
'sn',
label=_(u'Last name'),
),
parameters.Str(
'cn',
label=_(u'Full name'),
),
parameters.Str(
'displayname',
required=False,
label=_(u'Display name'),
),
parameters.Str(
'initials',
required=False,
label=_(u'Initials'),
),
parameters.Str(
'homedirectory',
required=False,
label=_(u'Home directory'),
),
parameters.Str(
'gecos',
required=False,
label=_(u'GECOS field'),
),
parameters.Str(
'loginshell',
required=False,
label=_(u'Login shell'),
),
parameters.Str(
'krbprincipalname',
required=False,
label=_(u'Kerberos principal'),
),
parameters.Str(
'mail',
required=False,
multivalue=True,
label=_(u'Email address'),
),
parameters.Password(
'userpassword',
required=False,
label=_(u'Password'),
doc=_(u'Prompt to set the user password'),
exclude=('webui', ),
),
parameters.Flag(
'random',
required=False,
doc=_(u'Generate a random user password'),
),
parameters.Str(
'randompassword',
required=False,
label=_(u'Random password'),
),
parameters.Int(
'uidnumber',
label=_(u'UID'),
doc=_(u'User ID Number (system will assign one if not provided)'),
),
parameters.Int(
'gidnumber',
label=_(u'GID'),
doc=_(u'Group ID Number'),
),
parameters.Str(
'street',
required=False,
label=_(u'Street address'),
),
parameters.Str(
'l',
required=False,
label=_(u'City'),
),
parameters.Str(
'st',
required=False,
label=_(u'State/Province'),
),
parameters.Str(
'postalcode',
required=False,
label=_(u'ZIP'),
),
parameters.Str(
'telephonenumber',
required=False,
multivalue=True,
label=_(u'Telephone Number'),
),
parameters.Str(
'mobile',
required=False,
multivalue=True,
label=_(u'Mobile Telephone Number'),
),
parameters.Str(
'pager',
required=False,
multivalue=True,
label=_(u'Pager Number'),
),
parameters.Str(
'facsimiletelephonenumber',
required=False,
multivalue=True,
label=_(u'Fax Number'),
),
parameters.Str(
'ou',
required=False,
label=_(u'Org. Unit'),
),
parameters.Str(
'title',
required=False,
label=_(u'Job Title'),
),
parameters.Str(
'manager',
required=False,
label=_(u'Manager'),
),
parameters.Str(
'carlicense',
required=False,
label=_(u'Car License'),
),
parameters.Bool(
'nsaccountlock',
required=False,
label=_(u'Account disabled'),
),
parameters.Str(
'ipasshpubkey',
required=False,
multivalue=True,
label=_(u'SSH public key'),
),
parameters.Flag(
'has_password',
label=_(u'Password'),
),
parameters.Str(
'memberof_group',
required=False,
label=_(u'Member of groups'),
),
parameters.Str(
'memberof_role',
required=False,
label=_(u'Roles'),
),
parameters.Str(
'memberof_netgroup',
required=False,
label=_(u'Member of netgroups'),
),
parameters.Str(
'memberof_sudorule',
required=False,
label=_(u'Member of Sudo rule'),
),
parameters.Str(
'memberof_hbacrule',
required=False,
label=_(u'Member of HBAC rule'),
),
parameters.Str(
'memberofindirect_group',
required=False,
label=_(u'Indirect Member of group'),
),
parameters.Str(
'memberofindirect_netgroup',
required=False,
label=_(u'Indirect Member of netgroup'),
),
parameters.Str(
'memberofindirect_role',
required=False,
label=_(u'Indirect Member of role'),
),
parameters.Str(
'memberofindirect_sudorule',
required=False,
label=_(u'Indirect Member of Sudo rule'),
),
parameters.Str(
'memberofindirect_hbacrule',
required=False,
label=_(u'Indirect Member of HBAC rule'),
),
parameters.Flag(
'has_keytab',
label=_(u'Kerberos keys available'),
),
)
class user_find(Method):
__doc__ = _("Search for users.")
takes_args = (parameters.Str(
'criteria',
required=False,
doc=_(u'A string searched in all relevant object attributes'),
), )
takes_options = (
parameters.Str(
'uid',
required=False,
cli_name='login',
label=_(u'User login'),
default_from=DefaultFrom(lambda givenname, sn: givenname[0] + sn,
'principal'),
no_convert=True,
),
parameters.Str(
'givenname',
required=False,
cli_name='first',
label=_(u'First name'),
),
parameters.Str(
'sn',
required=False,
cli_name='last',
label=_(u'Last name'),
),
parameters.Str(
'cn',
required=False,
label=_(u'Full name'),
default_from=DefaultFrom(
lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
),
parameters.Str(
'displayname',
required=False,
label=_(u'Display name'),
default_from=DefaultFrom(
lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
),
parameters.Str(
'initials',
required=False,
label=_(u'Initials'),
default_from=DefaultFrom(
lambda givenname, sn: '%c%c' % (givenname[0], sn[0]),
'principal'),
),
parameters.Str(
'homedirectory',
required=False,
cli_name='homedir',
label=_(u'Home directory'),
),
parameters.Str(
'gecos',
required=False,
label=_(u'GECOS field'),
default_from=DefaultFrom(
lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
),
parameters.Str(
'loginshell',
required=False,
cli_name='shell',
label=_(u'Login shell'),
),
parameters.Str(
'krbprincipalname',
required=False,
cli_name='principal',
label=_(u'Kerberos principal'),
default_from=DefaultFrom(
lambda uid: '%s@%s' % (uid.lower(), api.env.realm),
'principal'),
no_convert=True,
),
parameters.Str(
'mail',
required=False,
multivalue=True,
cli_name='email',
label=_(u'Email address'),
),
parameters.Password(
'userpassword',
required=False,
cli_name='password',
label=_(u'Password'),
doc=_(u'Prompt to set the user password'),
exclude=('webui', ),
confirm=True,
),
parameters.Int(
'uidnumber',
required=False,
cli_name='uid',
label=_(u'UID'),
doc=_(u'User ID Number (system will assign one if not provided)'),
default=999,
),
parameters.Int(
'gidnumber',
required=False,
label=_(u'GID'),
doc=_(u'Group ID Number'),
default=999,
),
parameters.Str(
'street',
required=False,
label=_(u'Street address'),
),
parameters.Str(
'l',
required=False,
cli_name='city',
label=_(u'City'),
),
parameters.Str(
'st',
required=False,
cli_name='state',
label=_(u'State/Province'),
),
parameters.Str(
'postalcode',
required=False,
label=_(u'ZIP'),
),
parameters.Str(
'telephonenumber',
required=False,
multivalue=True,
cli_name='phone',
label=_(u'Telephone Number'),
),
parameters.Str(
'mobile',
required=False,
multivalue=True,
label=_(u'Mobile Telephone Number'),
),
parameters.Str(
'pager',
required=False,
multivalue=True,
label=_(u'Pager Number'),
),
parameters.Str(
'facsimiletelephonenumber',
required=False,
multivalue=True,
cli_name='fax',
label=_(u'Fax Number'),
),
parameters.Str(
'ou',
required=False,
cli_name='orgunit',
label=_(u'Org. Unit'),
),
parameters.Str(
'title',
required=False,
label=_(u'Job Title'),
),
parameters.Str(
'manager',
required=False,
label=_(u'Manager'),
),
parameters.Str(
'carlicense',
required=False,
label=_(u'Car License'),
),
parameters.Bool(
'nsaccountlock',
required=False,
label=_(u'Account disabled'),
exclude=('cli', 'webui'),
),
parameters.Int(
'timelimit',
required=False,
label=_(u'Time Limit'),
doc=_(u'Time limit of search in seconds'),
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=_(u'Maximum number of entries returned'),
),
parameters.Flag(
'whoami',
label=_(u'Self'),
doc=_(u'Display user record for current Kerberos principal'),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'pkey_only',
required=False,
label=_(u'Primary key only'),
doc=_(
u'Results should contain primary key attribute only ("login")'
),
default=False,
autofill=True,
),
parameters.Str(
'in_group',
required=False,
multivalue=True,
cli_name='in_groups',
label=_(u'group'),
doc=_(u'Search for users with these member of groups.'),
),
parameters.Str(
'not_in_group',
required=False,
multivalue=True,
cli_name='not_in_groups',
label=_(u'group'),
doc=_(u'Search for users without these member of groups.'),
),
parameters.Str(
'in_netgroup',
required=False,
multivalue=True,
cli_name='in_netgroups',
label=_(u'netgroup'),
doc=_(u'Search for users with these member of netgroups.'),
),
parameters.Str(
'not_in_netgroup',
required=False,
multivalue=True,
cli_name='not_in_netgroups',
label=_(u'netgroup'),
doc=_(u'Search for users without these member of netgroups.'),
),
parameters.Str(
'in_role',
required=False,
multivalue=True,
cli_name='in_roles',
label=_(u'role'),
doc=_(u'Search for users with these member of roles.'),
),
parameters.Str(
'not_in_role',
required=False,
multivalue=True,
cli_name='not_in_roles',
label=_(u'role'),
doc=_(u'Search for users without these member of roles.'),
),
parameters.Str(
'in_hbacrule',
required=False,
multivalue=True,
cli_name='in_hbacrules',
label=_(u'HBAC rule'),
doc=_(u'Search for users with these member of HBAC rules.'),
),
parameters.Str(
'not_in_hbacrule',
required=False,
multivalue=True,
cli_name='not_in_hbacrules',
label=_(u'HBAC rule'),
doc=_(u'Search for users without these member of HBAC rules.'),
),
parameters.Str(
'in_sudorule',
required=False,
multivalue=True,
cli_name='in_sudorules',
label=_(u'sudo rule'),
doc=_(u'Search for users with these member of sudo rules.'),
),
parameters.Str(
'not_in_sudorule',
required=False,
multivalue=True,
cli_name='not_in_sudorules',
label=_(u'sudo rule'),
doc=_(u'Search for users without these member of sudo rules.'),
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries('result', ),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class stageuser_add(Method):
__doc__ = _("Add a new stage user.")
takes_args = (parameters.Str(
'uid',
cli_name='login',
label=_(u'User login'),
default_from=DefaultFrom(lambda givenname, sn: givenname[0] + sn,
'principal'),
no_convert=True,
), )
takes_options = (
parameters.Str(
'givenname',
cli_name='first',
label=_(u'First name'),
),
parameters.Str(
'sn',
cli_name='last',
label=_(u'Last name'),
),
parameters.Str(
'cn',
label=_(u'Full name'),
default_from=DefaultFrom(
lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
autofill=True,
),
parameters.Str(
'displayname',
required=False,
label=_(u'Display name'),
default_from=DefaultFrom(
lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
autofill=True,
),
parameters.Str(
'initials',
required=False,
label=_(u'Initials'),
default_from=DefaultFrom(
lambda givenname, sn: '%c%c' % (givenname[0], sn[0]),
'principal'),
autofill=True,
),
parameters.Str(
'homedirectory',
required=False,
cli_name='homedir',
label=_(u'Home directory'),
),
parameters.Str(
'gecos',
required=False,
label=_(u'GECOS'),
default_from=DefaultFrom(
lambda givenname, sn: '%s %s' % (givenname, sn), 'principal'),
autofill=True,
),
parameters.Str(
'loginshell',
required=False,
cli_name='shell',
label=_(u'Login shell'),
),
parameters.Str(
'krbprincipalname',
required=False,
cli_name='principal',
label=_(u'Kerberos principal'),
default_from=DefaultFrom(
lambda uid: '%s@%s' % (uid.lower(), api.env.realm),
'principal'),
autofill=True,
no_convert=True,
),
parameters.DateTime(
'krbprincipalexpiration',
required=False,
cli_name='principal_expiration',
label=_(u'Kerberos principal expiration'),
),
parameters.Str(
'mail',
required=False,
multivalue=True,
cli_name='email',
label=_(u'Email address'),
),
parameters.Password(
'userpassword',
required=False,
cli_name='password',
label=_(u'Password'),
doc=_(u'Prompt to set the user password'),
exclude=('webui', ),
confirm=True,
),
parameters.Flag(
'random',
required=False,
doc=_(u'Generate a random user password'),
default=False,
autofill=True,
),
parameters.Int(
'uidnumber',
required=False,
cli_name='uid',
label=_(u'UID'),
doc=_(u'User ID Number (system will assign one if not provided)'),
),
parameters.Int(
'gidnumber',
required=False,
label=_(u'GID'),
doc=_(u'Group ID Number'),
),
parameters.Str(
'street',
required=False,
label=_(u'Street address'),
),
parameters.Str(
'l',
required=False,
cli_name='city',
label=_(u'City'),
),
parameters.Str(
'st',
required=False,
cli_name='state',
label=_(u'State/Province'),
),
parameters.Str(
'postalcode',
required=False,
label=_(u'ZIP'),
),
parameters.Str(
'telephonenumber',
required=False,
multivalue=True,
cli_name='phone',
label=_(u'Telephone Number'),
),
parameters.Str(
'mobile',
required=False,
multivalue=True,
label=_(u'Mobile Telephone Number'),
),
parameters.Str(
'pager',
required=False,
multivalue=True,
label=_(u'Pager Number'),
),
parameters.Str(
'facsimiletelephonenumber',
required=False,
multivalue=True,
cli_name='fax',
label=_(u'Fax Number'),
),
parameters.Str(
'ou',
required=False,
cli_name='orgunit',
label=_(u'Org. Unit'),
),
parameters.Str(
'title',
required=False,
label=_(u'Job Title'),
),
parameters.Str(
'manager',
required=False,
label=_(u'Manager'),
),
parameters.Str(
'carlicense',
required=False,
multivalue=True,
label=_(u'Car License'),
),
parameters.Str(
'ipasshpubkey',
required=False,
multivalue=True,
cli_name='sshpubkey',
label=_(u'SSH public key'),
no_convert=True,
),
parameters.Str(
'ipauserauthtype',
required=False,
multivalue=True,
cli_name='user_auth_type',
cli_metavar="['password', 'radius', 'otp']",
label=_(u'User authentication types'),
doc=_(u'Types of supported user authentication'),
),
parameters.Str(
'userclass',
required=False,
multivalue=True,
cli_name='class',
label=_(u'Class'),
doc=
_(u'User category (semantics placed on this attribute are for local interpretation)'
),
),
parameters.Str(
'ipatokenradiusconfiglink',
required=False,
cli_name='radius',
label=_(u'RADIUS proxy configuration'),
),
parameters.Str(
'ipatokenradiususername',
required=False,
cli_name='radius_username',
label=_(u'RADIUS proxy username'),
),
parameters.Str(
'departmentnumber',
required=False,
multivalue=True,
label=_(u'Department Number'),
),
parameters.Str(
'employeenumber',
required=False,
label=_(u'Employee Number'),
),
parameters.Str(
'employeetype',
required=False,
label=_(u'Employee Type'),
),
parameters.Str(
'preferredlanguage',
required=False,
label=_(u'Preferred Language'),
),
parameters.Bytes(
'usercertificate',
required=False,
multivalue=True,
cli_name='certificate',
label=_(u'Certificate'),
doc=_(u'Base-64 encoded server certificate'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=
_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'
),
exclude=('webui', ),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=
_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'
),
exclude=('webui', ),
),
parameters.Bool(
'from_delete',
required=False,
deprecated=True,
doc=_(u'Create Stage user in from a delete user'),
exclude=('cli', 'webui'),
default=False,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry('result', ),
output.PrimaryKey(
'value',
doc=_(
u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class trust_add(Method):
__doc__ = _("""
Add new trust to use.
This command establishes trust relationship to another domain
which becomes 'trusted'. As result, users of the trusted domain
may access resources of this domain.
Only trusts to Active Directory domains are supported right now.
The command can be safely run multiple times against the same domain,
this will cause change to trust relationship credentials on both
sides.
""")
takes_args = (parameters.Str(
'cn',
cli_name='realm',
label=_(u'Realm name'),
), )
takes_options = (
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=
_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'
),
exclude=('webui', ),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=
_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'
),
exclude=('webui', ),
),
parameters.Str(
'trust_type',
cli_name='type',
cli_metavar="['ad']",
label=_(u'Trust type (ad for Active Directory, default)'),
default=u'ad',
autofill=True,
),
parameters.Str(
'realm_admin',
required=False,
cli_name='admin',
label=_(u'Active Directory domain administrator'),
),
parameters.Password(
'realm_passwd',
required=False,
cli_name='password',
label=_(u"Active Directory domain administrator's password"),
),
parameters.Str(
'realm_server',
required=False,
cli_name='server',
label=_(
u'Domain controller for the Active Directory domain (optional)'
),
),
parameters.Password(
'trust_secret',
required=False,
label=_(u'Shared secret for the trust'),
),
parameters.Int(
'base_id',
required=False,
label=_(
u'First Posix ID of the range reserved for the trusted domain'
),
),
parameters.Int(
'range_size',
required=False,
label=_(u'Size of the ID range reserved for the trusted domain'),
),
parameters.Str(
'range_type',
required=False,
cli_metavar="['ipa-ad-trust-posix', 'ipa-ad-trust']",
label=_(u'Range type'),
doc=
_(u'Type of trusted domain ID range, one of ipa-ad-trust-posix, ipa-ad-trust'
),
),
parameters.Bool(
'bidirectional',
required=False,
cli_name='two_way',
label=_(u'Two-way trust'),
doc=
_(u'Establish bi-directional trust. By default trust is inbound one-way only.'
),
default=False,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry('result', ),
output.PrimaryKey(
'value',
doc=_(
u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class selinuxusermap_add(Method):
__doc__ = _("Create a new SELinux User Map.")
takes_args = (
parameters.Str(
'cn',
cli_name='name',
label=_(u'Rule name'),
),
)
takes_options = (
parameters.Str(
'ipaselinuxuser',
cli_name='selinuxuser',
label=_(u'SELinux User'),
),
parameters.Str(
'seealso',
required=False,
cli_name='hbacrule',
label=_(u'HBAC Rule'),
doc=_(u'HBAC Rule that defines the users, groups and hostgroups'),
),
parameters.Str(
'usercategory',
required=False,
cli_name='usercat',
cli_metavar="['all']",
label=_(u'User category'),
doc=_(u'User category the rule applies to'),
),
parameters.Str(
'hostcategory',
required=False,
cli_name='hostcat',
cli_metavar="['all']",
label=_(u'Host category'),
doc=_(u'Host category the rule applies to'),
),
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Description'),
),
parameters.Bool(
'ipaenabledflag',
required=False,
label=_(u'Enabled'),
exclude=('cli', 'webui'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
exclude=('webui',),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
exclude=('webui',),
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry(
'result',
),
output.Output(
'value',
unicode,
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class selinuxusermap_find(Method):
__doc__ = _("Search for SELinux User Maps.")
takes_args = (
parameters.Str(
'criteria',
required=False,
doc=_(u'A string searched in all relevant object attributes'),
),
)
takes_options = (
parameters.Str(
'cn',
required=False,
cli_name='name',
label=_(u'Rule name'),
),
parameters.Str(
'ipaselinuxuser',
required=False,
cli_name='selinuxuser',
label=_(u'SELinux User'),
),
parameters.Str(
'seealso',
required=False,
cli_name='hbacrule',
label=_(u'HBAC Rule'),
doc=_(u'HBAC Rule that defines the users, groups and hostgroups'),
),
parameters.Str(
'usercategory',
required=False,
cli_name='usercat',
cli_metavar="['all']",
label=_(u'User category'),
doc=_(u'User category the rule applies to'),
),
parameters.Str(
'hostcategory',
required=False,
cli_name='hostcat',
cli_metavar="['all']",
label=_(u'Host category'),
doc=_(u'Host category the rule applies to'),
),
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Description'),
),
parameters.Bool(
'ipaenabledflag',
required=False,
label=_(u'Enabled'),
exclude=('cli', 'webui'),
),
parameters.Int(
'timelimit',
required=False,
label=_(u'Time Limit'),
doc=_(u'Time limit of search in seconds'),
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=_(u'Maximum number of entries returned'),
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'pkey_only',
required=False,
label=_(u'Primary key only'),
doc=_(u'Results should contain primary key attribute only ("name")'),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries(
'result',
),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class otptoken(Object):
takes_params = (
parameters.Str(
'ipatokenuniqueid',
primary_key=True,
label=_(u'Unique ID'),
),
parameters.Str(
'type',
required=False,
label=_(u'Type'),
doc=_(u'Type of the token'),
),
parameters.Str(
'description',
required=False,
label=_(u'Description'),
doc=_(u'Token description (informational only)'),
),
parameters.Str(
'ipatokenowner',
required=False,
label=_(u'Owner'),
doc=_(u'Assigned user of the token (default: self)'),
),
parameters.Str(
'managedby_user',
required=False,
label=_(u'Manager'),
doc=_(u'Assigned manager of the token (default: self)'),
),
parameters.Bool(
'ipatokendisabled',
required=False,
label=_(u'Disabled'),
doc=_(u'Mark the token as disabled (default: false)'),
),
parameters.DateTime(
'ipatokennotbefore',
required=False,
label=_(u'Validity start'),
doc=_(u'First date/time the token can be used'),
),
parameters.DateTime(
'ipatokennotafter',
required=False,
label=_(u'Validity end'),
doc=_(u'Last date/time the token can be used'),
),
parameters.Str(
'ipatokenvendor',
required=False,
label=_(u'Vendor'),
doc=_(u'Token vendor name (informational only)'),
),
parameters.Str(
'ipatokenmodel',
required=False,
label=_(u'Model'),
doc=_(u'Token model (informational only)'),
),
parameters.Str(
'ipatokenserial',
required=False,
label=_(u'Serial'),
doc=_(u'Token serial (informational only)'),
),
parameters.Bytes(
'ipatokenotpkey',
required=False,
label=_(u'Key'),
doc=_(u'Token secret (Base32; default: random)'),
),
parameters.Str(
'ipatokenotpalgorithm',
required=False,
label=_(u'Algorithm'),
doc=_(u'Token hash algorithm'),
),
parameters.Int(
'ipatokenotpdigits',
required=False,
label=_(u'Digits'),
doc=_(u'Number of digits each token code will have'),
),
parameters.Int(
'ipatokentotpclockoffset',
required=False,
label=_(u'Clock offset'),
doc=_(u'TOTP token / IPA server time difference'),
),
parameters.Int(
'ipatokentotptimestep',
required=False,
label=_(u'Clock interval'),
doc=_(u'Length of TOTP token code validity'),
),
parameters.Int(
'ipatokenhotpcounter',
required=False,
label=_(u'Counter'),
doc=_(u'Initial counter for the HOTP token'),
),
)
class hbacrule_find(Method):
__doc__ = _("Search for HBAC rules.")
takes_args = (parameters.Str(
'criteria',
required=False,
doc=_(u'A string searched in all relevant object attributes'),
), )
takes_options = (
parameters.Str(
'cn',
required=False,
cli_name='name',
label=_(u'Rule name'),
),
parameters.Str(
'accessruletype',
required=False,
cli_name='type',
cli_metavar="['allow', 'deny']",
label=_(u'Rule type'),
doc=_(u'Rule type (allow)'),
exclude=('webui', 'cli'),
default=u'allow',
),
parameters.Str(
'usercategory',
required=False,
cli_name='usercat',
cli_metavar="['all']",
label=_(u'User category'),
doc=_(u'User category the rule applies to'),
),
parameters.Str(
'hostcategory',
required=False,
cli_name='hostcat',
cli_metavar="['all']",
label=_(u'Host category'),
doc=_(u'Host category the rule applies to'),
),
parameters.Str(
'sourcehostcategory',
required=False,
deprecated=True,
exclude=('cli', 'webui'),
),
parameters.Str(
'servicecategory',
required=False,
cli_name='servicecat',
cli_metavar="['all']",
label=_(u'Service category'),
doc=_(u'Service category the rule applies to'),
),
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Description'),
),
parameters.Bool(
'ipaenabledflag',
required=False,
label=_(u'Enabled'),
exclude=('cli', 'webui'),
),
parameters.Str(
'sourcehost_host',
required=False,
deprecated=True,
exclude=('cli', 'webui'),
),
parameters.Str(
'sourcehost_hostgroup',
required=False,
deprecated=True,
exclude=('cli', 'webui'),
),
parameters.Str(
'externalhost',
required=False,
multivalue=True,
label=_(u'External host'),
exclude=('cli', 'webui'),
),
parameters.Int(
'timelimit',
required=False,
label=_(u'Time Limit'),
doc=_(u'Time limit of search in seconds'),
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=_(u'Maximum number of entries returned'),
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
parameters.Flag(
'pkey_only',
required=False,
label=_(u'Primary key only'),
doc=_(
u'Results should contain primary key attribute only ("name")'),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries('result', ),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class otptoken_find(Method):
__doc__ = _("Search for OTP token.")
takes_args = (parameters.Str(
'criteria',
required=False,
doc=_(u'A string searched in all relevant object attributes'),
), )
takes_options = (
parameters.Str(
'ipatokenuniqueid',
required=False,
cli_name='id',
label=_(u'Unique ID'),
),
parameters.Str(
'type',
required=False,
cli_metavar="['totp', 'hotp', 'TOTP', 'HOTP']",
label=_(u'Type'),
doc=_(u'Type of the token'),
default=u'totp',
),
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Description'),
doc=_(u'Token description (informational only)'),
),
parameters.Str(
'ipatokenowner',
required=False,
cli_name='owner',
label=_(u'Owner'),
doc=_(u'Assigned user of the token (default: self)'),
),
parameters.Bool(
'ipatokendisabled',
required=False,
cli_name='disabled',
label=_(u'Disabled'),
doc=_(u'Mark the token as disabled (default: false)'),
),
parameters.DateTime(
'ipatokennotbefore',
required=False,
cli_name='not_before',
label=_(u'Validity start'),
doc=_(u'First date/time the token can be used'),
),
parameters.DateTime(
'ipatokennotafter',
required=False,
cli_name='not_after',
label=_(u'Validity end'),
doc=_(u'Last date/time the token can be used'),
),
parameters.Str(
'ipatokenvendor',
required=False,
cli_name='vendor',
label=_(u'Vendor'),
doc=_(u'Token vendor name (informational only)'),
),
parameters.Str(
'ipatokenmodel',
required=False,
cli_name='model',
label=_(u'Model'),
doc=_(u'Token model (informational only)'),
),
parameters.Str(
'ipatokenserial',
required=False,
cli_name='serial',
label=_(u'Serial'),
doc=_(u'Token serial (informational only)'),
),
parameters.Str(
'ipatokenotpalgorithm',
required=False,
cli_name='algo',
cli_metavar="['sha1', 'sha256', 'sha384', 'sha512']",
label=_(u'Algorithm'),
doc=_(u'Token hash algorithm'),
default=u'sha1',
),
parameters.Int(
'ipatokenotpdigits',
required=False,
cli_name='digits',
cli_metavar="['6', '8']",
label=_(u'Digits'),
doc=_(u'Number of digits each token code will have'),
default=6,
),
parameters.Int(
'ipatokentotpclockoffset',
required=False,
cli_name='offset',
label=_(u'Clock offset'),
doc=_(u'TOTP token / IPA server time difference'),
default=0,
),
parameters.Int(
'ipatokentotptimestep',
required=False,
cli_name='interval',
label=_(u'Clock interval'),
doc=_(u'Length of TOTP token code validity'),
default=30,
),
parameters.Int(
'ipatokenhotpcounter',
required=False,
cli_name='counter',
label=_(u'Counter'),
doc=_(u'Initial counter for the HOTP token'),
default=0,
),
parameters.Int(
'timelimit',
required=False,
label=_(u'Time Limit'),
doc=_(u'Time limit of search in seconds (0 is unlimited)'),
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=_(u'Maximum number of entries returned (0 is unlimited)'),
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
parameters.Flag(
'pkey_only',
required=False,
label=_(u'Primary key only'),
doc=_(u'Results should contain primary key attribute only ("id")'),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries('result', ),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class hbacrule_mod(Method):
__doc__ = _("Modify an HBAC rule.")
takes_args = (parameters.Str(
'cn',
cli_name='name',
label=_(u'Rule name'),
), )
takes_options = (
parameters.Str(
'accessruletype',
required=False,
cli_name='type',
cli_metavar="['allow', 'deny']",
label=_(u'Rule type'),
doc=_(u'Rule type (allow)'),
exclude=('webui', 'cli'),
default=u'allow',
),
parameters.Str(
'usercategory',
required=False,
cli_name='usercat',
cli_metavar="['all']",
label=_(u'User category'),
doc=_(u'User category the rule applies to'),
),
parameters.Str(
'hostcategory',
required=False,
cli_name='hostcat',
cli_metavar="['all']",
label=_(u'Host category'),
doc=_(u'Host category the rule applies to'),
),
parameters.Str(
'sourcehostcategory',
required=False,
deprecated=True,
exclude=('cli', 'webui'),
),
parameters.Str(
'servicecategory',
required=False,
cli_name='servicecat',
cli_metavar="['all']",
label=_(u'Service category'),
doc=_(u'Service category the rule applies to'),
),
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Description'),
),
parameters.Bool(
'ipaenabledflag',
required=False,
label=_(u'Enabled'),
exclude=('cli', 'webui'),
),
parameters.Str(
'sourcehost_host',
required=False,
deprecated=True,
exclude=('cli', 'webui'),
),
parameters.Str(
'sourcehost_hostgroup',
required=False,
deprecated=True,
exclude=('cli', 'webui'),
),
parameters.Str(
'externalhost',
required=False,
multivalue=True,
label=_(u'External host'),
exclude=('cli', 'webui'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=
_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'
),
exclude=('webui', ),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=
_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'
),
exclude=('webui', ),
),
parameters.Str(
'delattr',
required=False,
multivalue=True,
doc=
_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'
),
exclude=('webui', ),
),
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=
_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'
),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry('result', ),
output.PrimaryKey(
'value',
doc=_(
u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class otptoken_mod(Method):
__doc__ = _("Modify a OTP token.")
takes_args = (parameters.Str(
'ipatokenuniqueid',
cli_name='id',
label=_(u'Unique ID'),
), )
takes_options = (
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Description'),
doc=_(u'Token description (informational only)'),
),
parameters.Str(
'ipatokenowner',
required=False,
cli_name='owner',
label=_(u'Owner'),
doc=_(u'Assigned user of the token (default: self)'),
),
parameters.Bool(
'ipatokendisabled',
required=False,
cli_name='disabled',
label=_(u'Disabled'),
doc=_(u'Mark the token as disabled (default: false)'),
),
parameters.DateTime(
'ipatokennotbefore',
required=False,
cli_name='not_before',
label=_(u'Validity start'),
doc=_(u'First date/time the token can be used'),
),
parameters.DateTime(
'ipatokennotafter',
required=False,
cli_name='not_after',
label=_(u'Validity end'),
doc=_(u'Last date/time the token can be used'),
),
parameters.Str(
'ipatokenvendor',
required=False,
cli_name='vendor',
label=_(u'Vendor'),
doc=_(u'Token vendor name (informational only)'),
),
parameters.Str(
'ipatokenmodel',
required=False,
cli_name='model',
label=_(u'Model'),
doc=_(u'Token model (informational only)'),
),
parameters.Str(
'ipatokenserial',
required=False,
cli_name='serial',
label=_(u'Serial'),
doc=_(u'Token serial (informational only)'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=
_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'
),
exclude=('webui', ),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=
_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'
),
exclude=('webui', ),
),
parameters.Str(
'delattr',
required=False,
multivalue=True,
doc=
_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'
),
exclude=('webui', ),
),
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=
_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'
),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
parameters.Str(
'rename',
required=False,
label=_(u'Rename'),
doc=_(u'Rename the OTP token object'),
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry('result', ),
output.PrimaryKey(
'value',
doc=_(
u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class certprofile_mod(Method):
__doc__ = _("Modify Certificate Profile configuration.")
takes_args = (parameters.Str(
'cn',
cli_name='id',
label=_(u'Profile ID'),
doc=_(u'Profile ID for referring to this profile'),
), )
takes_options = (
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Profile description'),
doc=_(u'Brief description of this profile'),
),
parameters.Bool(
'ipacertprofilestoreissued',
required=False,
cli_name='store',
label=_(u'Store issued certificates'),
doc=_(u'Whether to store certs issued using this profile'),
default=True,
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=
_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'
),
exclude=('webui', ),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=
_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'
),
exclude=('webui', ),
),
parameters.Str(
'delattr',
required=False,
multivalue=True,
doc=
_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'
),
exclude=('webui', ),
),
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=
_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'
),
default=False,
autofill=True,
),
parameters.Str(
'file',
required=False,
label=_(u'File containing profile configuration'),
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry('result', ),
output.PrimaryKey(
'value',
doc=_(
u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class service(Object):
takes_params = (
parameters.Str(
'krbprincipalname',
primary_key=True,
label=_(u'Principal'),
doc=_(u'Service principal'),
),
parameters.Bytes(
'usercertificate',
required=False,
multivalue=True,
label=_(u'Certificate'),
doc=_(u'Base-64 encoded server certificate'),
),
parameters.Str(
'ipakrbauthzdata',
required=False,
multivalue=True,
label=_(u'PAC type'),
doc=_(u"Override default list of supported PAC types. Use 'NONE' to disable PAC support for this service, e.g. this might be necessary for NFS services."),
),
parameters.Bool(
'ipakrbrequirespreauth',
required=False,
label=_(u'Requires pre-authentication'),
doc=_(u'Pre-authentication is required for the service'),
),
parameters.Bool(
'ipakrbokasdelegate',
required=False,
label=_(u'Trusted for delegation'),
doc=_(u'Client credentials may be delegated to the service'),
),
parameters.Str(
'memberof_role',
required=False,
label=_(u'Roles'),
),
parameters.Flag(
'has_keytab',
label=_(u'Keytab'),
),
parameters.Str(
'managedby_host',
label=_(u'Managed by'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_user',
label=_(u'Users allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_group',
label=_(u'Groups allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_host',
label=_(u'Hosts allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_hostgroup',
label=_(u'Host Groups allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_user',
label=_(u'Users allowed to create keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_group',
label=_(u'Groups allowed to create keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_host',
label=_(u'Hosts allowed to create keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_hostgroup',
label=_(u'Host Groups allowed to create keytab'),
),
)
class config_mod(Method):
__doc__ = _("Modify configuration options.")
takes_options = (
parameters.Int(
'ipamaxusernamelength',
required=False,
cli_name='maxusername',
label=_(u'Maximum username length'),
),
parameters.Str(
'ipahomesrootdir',
required=False,
cli_name='homedirectory',
label=_(u'Home directory base'),
doc=_(u'Default location of home directories'),
),
parameters.Str(
'ipadefaultloginshell',
required=False,
cli_name='defaultshell',
label=_(u'Default shell'),
doc=_(u'Default shell for new users'),
),
parameters.Str(
'ipadefaultprimarygroup',
required=False,
cli_name='defaultgroup',
label=_(u'Default users group'),
doc=_(u'Default group for new users'),
),
parameters.Str(
'ipadefaultemaildomain',
required=False,
cli_name='emaildomain',
label=_(u'Default e-mail domain'),
),
parameters.Int(
'ipasearchtimelimit',
required=False,
cli_name='searchtimelimit',
label=_(u'Search time limit'),
doc=
_(u'Maximum amount of time (seconds) for a search (> 0, or -1 for unlimited)'
),
),
parameters.Int(
'ipasearchrecordslimit',
required=False,
cli_name='searchrecordslimit',
label=_(u'Search size limit'),
doc=_(u'Maximum number of records to search (-1 is unlimited)'),
),
parameters.Str(
'ipausersearchfields',
required=False,
cli_name='usersearch',
label=_(u'User search fields'),
doc=
_(u'A comma-separated list of fields to search in when searching for users'
),
),
parameters.Str(
'ipagroupsearchfields',
required=False,
cli_name='groupsearch',
label=_(u'Group search fields'),
doc=
_(u'A comma-separated list of fields to search in when searching for groups'
),
),
parameters.Bool(
'ipamigrationenabled',
required=False,
cli_name='enable_migration',
label=_(u'Enable migration mode'),
),
parameters.Str(
'ipagroupobjectclasses',
required=False,
multivalue=True,
cli_name='groupobjectclasses',
label=_(u'Default group objectclasses'),
doc=_(u'Default group objectclasses (comma-separated list)'),
),
parameters.Str(
'ipauserobjectclasses',
required=False,
multivalue=True,
cli_name='userobjectclasses',
label=_(u'Default user objectclasses'),
doc=_(u'Default user objectclasses (comma-separated list)'),
),
parameters.Int(
'ipapwdexpadvnotify',
required=False,
cli_name='pwdexpnotify',
label=_(u'Password Expiration Notification (days)'),
doc=_(u"Number of days's notice of impending password expiration"),
),
parameters.Str(
'ipaconfigstring',
required=False,
multivalue=True,
cli_metavar=
"['AllowLMhash', 'AllowNThash', 'KDC:Disable Last Success', 'KDC:Disable Lockout']",
label=_(u'Password plugin features'),
doc=_(u'Extra hashes to generate in password plug-in'),
),
parameters.Str(
'ipaselinuxusermaporder',
required=False,
label=_(u'SELinux user map order'),
doc=_(
u'Order in increasing priority of SELinux users, delimited by $'
),
),
parameters.Str(
'ipaselinuxusermapdefault',
required=False,
label=_(u'Default SELinux user'),
doc=
_(u'Default SELinux user when no match is found in SELinux map rule'
),
),
parameters.Str(
'ipakrbauthzdata',
required=False,
multivalue=True,
cli_name='pac_type',
cli_metavar="['MS-PAC', 'PAD']",
label=_(u'Default PAC types'),
doc=_(u'Default types of PAC supported for services'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=
_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'
),
exclude=('webui', ),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=
_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'
),
exclude=('webui', ),
),
parameters.Str(
'delattr',
required=False,
multivalue=True,
doc=
_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'
),
exclude=('webui', ),
),
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=
_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'
),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry('result', ),
output.Output(
'value',
unicode,
doc=_(
u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class service_mod(Method):
__doc__ = _("Modify an existing IPA service.")
takes_args = (
parameters.Str(
'krbprincipalname',
cli_name='principal',
label=_(u'Principal'),
doc=_(u'Service principal'),
no_convert=True,
),
)
takes_options = (
parameters.Bytes(
'usercertificate',
required=False,
multivalue=True,
cli_name='certificate',
label=_(u'Certificate'),
doc=_(u'Base-64 encoded server certificate'),
),
parameters.Str(
'ipakrbauthzdata',
required=False,
multivalue=True,
cli_name='pac_type',
cli_metavar="['MS-PAC', 'PAD', 'NONE']",
label=_(u'PAC type'),
doc=_(u"Override default list of supported PAC types. Use 'NONE' to disable PAC support for this service, e.g. this might be necessary for NFS services."),
),
parameters.Bool(
'ipakrbrequirespreauth',
required=False,
cli_name='requires_pre_auth',
label=_(u'Requires pre-authentication'),
doc=_(u'Pre-authentication is required for the service'),
),
parameters.Bool(
'ipakrbokasdelegate',
required=False,
cli_name='ok_as_delegate',
label=_(u'Trusted for delegation'),
doc=_(u'Client credentials may be delegated to the service'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
exclude=('webui',),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
exclude=('webui',),
),
parameters.Str(
'delattr',
required=False,
multivalue=True,
doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
exclude=('webui',),
),
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry(
'result',
),
output.PrimaryKey(
'value',
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class sudorule(Object):
takes_params = (
parameters.Str(
'cn',
primary_key=True,
label=_(u'Rule name'),
),
parameters.Str(
'description',
required=False,
label=_(u'Description'),
),
parameters.Bool(
'ipaenabledflag',
required=False,
label=_(u'Enabled'),
),
parameters.Str(
'usercategory',
required=False,
label=_(u'User category'),
doc=_(u'User category the rule applies to'),
),
parameters.Str(
'hostcategory',
required=False,
label=_(u'Host category'),
doc=_(u'Host category the rule applies to'),
),
parameters.Str(
'cmdcategory',
required=False,
label=_(u'Command category'),
doc=_(u'Command category the rule applies to'),
),
parameters.Str(
'ipasudorunasusercategory',
required=False,
label=_(u'RunAs User category'),
doc=_(u'RunAs User category the rule applies to'),
),
parameters.Str(
'ipasudorunasgroupcategory',
required=False,
label=_(u'RunAs Group category'),
doc=_(u'RunAs Group category the rule applies to'),
),
parameters.Int(
'sudoorder',
required=False,
label=_(u'Sudo order'),
doc=_(u'integer to order the Sudo rules'),
),
parameters.Str(
'memberuser_user',
required=False,
label=_(u'Users'),
),
parameters.Str(
'memberuser_group',
required=False,
label=_(u'User Groups'),
),
parameters.Str(
'memberhost_host',
required=False,
label=_(u'Hosts'),
),
parameters.Str(
'memberhost_hostgroup',
required=False,
label=_(u'Host Groups'),
),
parameters.Str(
'memberallowcmd_sudocmd',
required=False,
label=_(u'Sudo Allow Commands'),
),
parameters.Str(
'memberdenycmd_sudocmd',
required=False,
label=_(u'Sudo Deny Commands'),
),
parameters.Str(
'memberallowcmd_sudocmdgroup',
required=False,
label=_(u'Sudo Allow Command Groups'),
),
parameters.Str(
'memberdenycmd_sudocmdgroup',
required=False,
label=_(u'Sudo Deny Command Groups'),
),
parameters.Str(
'ipasudorunas_user',
required=False,
label=_(u'RunAs Users'),
doc=_(u'Run as a user'),
),
parameters.Str(
'ipasudorunas_group',
required=False,
label=_(u'Groups of RunAs Users'),
doc=_(u'Run as any user within a specified group'),
),
parameters.Str(
'externaluser',
required=False,
label=_(u'External User'),
doc=_(u'External User the rule applies to (sudorule-find only)'),
),
parameters.Str(
'ipasudorunasextuser',
required=False,
label=_(u'RunAs External User'),
doc=_(
u'External User the commands can run as (sudorule-find only)'),
),
parameters.Str(
'ipasudorunasextgroup',
required=False,
label=_(u'RunAs External Group'),
doc=_(
u'External Group the commands can run as (sudorule-find only)'
),
),
parameters.Str(
'ipasudoopt',
required=False,
label=_(u'Sudo Option'),
),
parameters.Str(
'ipasudorunasgroup_group',
required=False,
label=_(u'RunAs Groups'),
doc=_(u'Run with the gid of a specified POSIX group'),
),
parameters.Str(
'externalhost',
required=False,
multivalue=True,
label=_(u'External host'),
),
)
class host_add(Method):
__doc__ = _("Add a new host.")
takes_args = (
parameters.Str(
'fqdn',
cli_name='hostname',
label=_(u'Host name'),
no_convert=True,
),
)
takes_options = (
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Description'),
doc=_(u'A description of this host'),
),
parameters.Str(
'l',
required=False,
cli_name='locality',
label=_(u'Locality'),
doc=_(u'Host locality (e.g. "Baltimore, MD")'),
),
parameters.Str(
'nshostlocation',
required=False,
cli_name='location',
label=_(u'Location'),
doc=_(u'Host location (e.g. "Lab 2")'),
),
parameters.Str(
'nshardwareplatform',
required=False,
cli_name='platform',
label=_(u'Platform'),
doc=_(u'Host hardware platform (e.g. "Lenovo T61")'),
),
parameters.Str(
'nsosversion',
required=False,
cli_name='os',
label=_(u'Operating system'),
doc=_(u'Host operating system and version (e.g. "Fedora 9")'),
),
parameters.Str(
'userpassword',
required=False,
cli_name='password',
label=_(u'User password'),
doc=_(u'Password used in bulk enrollment'),
),
parameters.Flag(
'random',
required=False,
doc=_(u'Generate a random password to be used in bulk enrollment'),
default=False,
autofill=True,
),
parameters.Bytes(
'usercertificate',
required=False,
cli_name='certificate',
label=_(u'Certificate'),
doc=_(u'Base-64 encoded server certificate'),
),
parameters.Str(
'macaddress',
required=False,
multivalue=True,
label=_(u'MAC address'),
doc=_(u'Hardware MAC address(es) on this host'),
no_convert=True,
),
parameters.Str(
'ipasshpubkey',
required=False,
multivalue=True,
cli_name='sshpubkey',
label=_(u'SSH public key'),
no_convert=True,
),
parameters.Str(
'userclass',
required=False,
multivalue=True,
cli_name='class',
label=_(u'Class'),
doc=_(u'Host category (semantics placed on this attribute are for local interpretation)'),
),
parameters.Str(
'ipaassignedidview',
required=False,
label=_(u'Assigned ID View'),
exclude=('cli', 'webui'),
),
parameters.Bool(
'ipakrbrequirespreauth',
required=False,
cli_name='requires_pre_auth',
label=_(u'Requires pre-authentication'),
doc=_(u'Pre-authentication is required for the service'),
),
parameters.Bool(
'ipakrbokasdelegate',
required=False,
cli_name='ok_as_delegate',
label=_(u'Trusted for delegation'),
doc=_(u'Client credentials may be delegated to the service'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
exclude=('webui',),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
exclude=('webui',),
),
parameters.Flag(
'force',
label=_(u'Force'),
doc=_(u'force host name even if not in DNS'),
default=False,
autofill=True,
),
parameters.Flag(
'no_reverse',
doc=_(u'skip reverse DNS detection'),
default=False,
autofill=True,
),
parameters.Str(
'ip_address',
required=False,
label=_(u'IP Address'),
doc=_(u'Add the host to DNS with this IP address'),
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry(
'result',
),
output.PrimaryKey(
'value',
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class sudorule_mod(Method):
__doc__ = _("Modify Sudo Rule.")
takes_args = (parameters.Str(
'cn',
cli_name='sudorule_name',
label=_(u'Rule name'),
), )
takes_options = (
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Description'),
),
parameters.Bool(
'ipaenabledflag',
required=False,
label=_(u'Enabled'),
exclude=('cli', 'webui'),
),
parameters.Str(
'usercategory',
required=False,
cli_name='usercat',
cli_metavar="['all']",
label=_(u'User category'),
doc=_(u'User category the rule applies to'),
),
parameters.Str(
'hostcategory',
required=False,
cli_name='hostcat',
cli_metavar="['all']",
label=_(u'Host category'),
doc=_(u'Host category the rule applies to'),
),
parameters.Str(
'cmdcategory',
required=False,
cli_name='cmdcat',
cli_metavar="['all']",
label=_(u'Command category'),
doc=_(u'Command category the rule applies to'),
),
parameters.Str(
'ipasudorunasusercategory',
required=False,
cli_name='runasusercat',
cli_metavar="['all']",
label=_(u'RunAs User category'),
doc=_(u'RunAs User category the rule applies to'),
),
parameters.Str(
'ipasudorunasgroupcategory',
required=False,
cli_name='runasgroupcat',
cli_metavar="['all']",
label=_(u'RunAs Group category'),
doc=_(u'RunAs Group category the rule applies to'),
),
parameters.Int(
'sudoorder',
required=False,
cli_name='order',
label=_(u'Sudo order'),
doc=_(u'integer to order the Sudo rules'),
default=0,
),
parameters.Str(
'externaluser',
required=False,
label=_(u'External User'),
doc=_(u'External User the rule applies to (sudorule-find only)'),
),
parameters.Str(
'ipasudorunasextuser',
required=False,
cli_name='runasexternaluser',
label=_(u'RunAs External User'),
doc=_(
u'External User the commands can run as (sudorule-find only)'),
),
parameters.Str(
'ipasudorunasextgroup',
required=False,
cli_name='runasexternalgroup',
label=_(u'RunAs External Group'),
doc=_(
u'External Group the commands can run as (sudorule-find only)'
),
),
parameters.Str(
'externalhost',
required=False,
multivalue=True,
label=_(u'External host'),
exclude=('cli', 'webui'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=
_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'
),
exclude=('webui', ),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=
_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'
),
exclude=('webui', ),
),
parameters.Str(
'delattr',
required=False,
multivalue=True,
doc=
_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'
),
exclude=('webui', ),
),
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=
_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'
),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry('result', ),
output.Output(
'value',
unicode,
doc=_(
u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class host(Object):
takes_params = (
parameters.Str(
'fqdn',
primary_key=True,
label=_(u'Host name'),
),
parameters.Str(
'description',
required=False,
label=_(u'Description'),
doc=_(u'A description of this host'),
),
parameters.Str(
'l',
required=False,
label=_(u'Locality'),
doc=_(u'Host locality (e.g. "Baltimore, MD")'),
),
parameters.Str(
'nshostlocation',
required=False,
label=_(u'Location'),
doc=_(u'Host location (e.g. "Lab 2")'),
),
parameters.Str(
'nshardwareplatform',
required=False,
label=_(u'Platform'),
doc=_(u'Host hardware platform (e.g. "Lenovo T61")'),
),
parameters.Str(
'nsosversion',
required=False,
label=_(u'Operating system'),
doc=_(u'Host operating system and version (e.g. "Fedora 9")'),
),
parameters.Str(
'userpassword',
required=False,
label=_(u'User password'),
doc=_(u'Password used in bulk enrollment'),
),
parameters.Flag(
'random',
required=False,
doc=_(u'Generate a random password to be used in bulk enrollment'),
),
parameters.Str(
'randompassword',
required=False,
label=_(u'Random password'),
),
parameters.Bytes(
'usercertificate',
required=False,
label=_(u'Certificate'),
doc=_(u'Base-64 encoded server certificate'),
),
parameters.Str(
'krbprincipalname',
required=False,
label=_(u'Principal name'),
),
parameters.Str(
'macaddress',
required=False,
multivalue=True,
label=_(u'MAC address'),
doc=_(u'Hardware MAC address(es) on this host'),
),
parameters.Str(
'ipasshpubkey',
required=False,
multivalue=True,
label=_(u'SSH public key'),
),
parameters.Str(
'userclass',
required=False,
multivalue=True,
label=_(u'Class'),
doc=_(u'Host category (semantics placed on this attribute are for local interpretation)'),
),
parameters.Str(
'ipaassignedidview',
required=False,
label=_(u'Assigned ID View'),
),
parameters.Bool(
'ipakrbrequirespreauth',
required=False,
label=_(u'Requires pre-authentication'),
doc=_(u'Pre-authentication is required for the service'),
),
parameters.Bool(
'ipakrbokasdelegate',
required=False,
label=_(u'Trusted for delegation'),
doc=_(u'Client credentials may be delegated to the service'),
),
parameters.Flag(
'has_password',
label=_(u'Password'),
),
parameters.Str(
'memberof_hostgroup',
required=False,
label=_(u'Member of host-groups'),
),
parameters.Str(
'memberof_role',
required=False,
label=_(u'Roles'),
),
parameters.Str(
'memberof_netgroup',
required=False,
label=_(u'Member of netgroups'),
),
parameters.Str(
'memberof_sudorule',
required=False,
label=_(u'Member of Sudo rule'),
),
parameters.Str(
'memberof_hbacrule',
required=False,
label=_(u'Member of HBAC rule'),
),
parameters.Str(
'memberofindirect_netgroup',
required=False,
label=_(u'Indirect Member of netgroup'),
),
parameters.Str(
'memberofindirect_hostgroup',
required=False,
label=_(u'Indirect Member of host-group'),
),
parameters.Str(
'memberofindirect_role',
required=False,
label=_(u'Indirect Member of role'),
),
parameters.Str(
'memberofindirect_sudorule',
required=False,
label=_(u'Indirect Member of Sudo rule'),
),
parameters.Str(
'memberofindirect_hbacrule',
required=False,
label=_(u'Indirect Member of HBAC rule'),
),
parameters.Flag(
'has_keytab',
label=_(u'Keytab'),
),
parameters.Str(
'managedby_host',
label=_(u'Managed by'),
),
parameters.Str(
'managing_host',
label=_(u'Managing'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_user',
label=_(u'Users allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_group',
label=_(u'Groups allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_host',
label=_(u'Hosts allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_hostgroup',
label=_(u'Host Groups allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_user',
label=_(u'Users allowed to create keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_group',
label=_(u'Groups allowed to create keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_host',
label=_(u'Hosts allowed to create keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_hostgroup',
label=_(u'Host Groups allowed to create keytab'),
),
)
