def get_dn(self, *keys, **options):
"""
Generates vault DN from parameters.
"""
service = options.get('service')
shared = options.get('shared')
user = options.get('username')
count = 0
if service:
count += 1
if shared:
count += 1
if user:
count += 1
if count > 1:
raise errors.MutuallyExclusiveError(
reason=_('Service, shared, and user options ' +
'cannot be specified simultaneously'))
# TODO: create container_dn after object initialization then reuse it
container_dn = DN(self.container_dn, self.api.env.basedn)
dn = super(vault, self).get_dn(*keys, **options)
assert dn.endswith(container_dn)
rdns = DN(*dn[:-len(container_dn)])
if not count:
principal = getattr(context, 'principal')
if principal.startswith('host/'):
raise errors.NotImplementedError(
reason=_('Host is not supported'))
(name, realm) = split_principal(principal)
if '/' in name:
service = name
else:
user = name
if service:
parent_dn = DN(('cn', service), ('cn', 'services'), container_dn)
elif shared:
parent_dn = DN(('cn', 'shared'), container_dn)
else:
parent_dn = DN(('cn', user), ('cn', 'users'), container_dn)
return DN(rdns, parent_dn)
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys,
**options):
assert isinstance(dn, DN)
if not self.api.Command.kra_is_enabled()['result']:
raise errors.InvocationError(
format=_('KRA service is not enabled'))
principal = getattr(context, 'principal')
(name, realm) = split_principal(principal)
if '/' in name:
owner_dn = self.api.Object.service.get_dn(name)
else:
owner_dn = self.api.Object.user.get_dn(name)
try:
parent_dn = DN(*dn[1:])
self.obj.create_container(parent_dn, owner_dn)
except errors.DuplicateEntry, e:
pass