class plugins(LocalOrRemote):
__doc__ = _('Show all loaded plugins.')
msg_summary = ngettext('%(count)d plugin loaded',
'%(count)d plugins loaded', 0)
takes_options = LocalOrRemote.takes_options + (Flag(
'all',
cli_name='all',
doc=_('retrieve and print all attributes from the server. '
'Affects command output.'),
exclude='webui',
flags=['no_option', 'no_output'],
default=True,
), )
has_output = (
Output('result', dict, 'Dictionary mapping plugin names to bases'),
Output(
'count',
type=int,
doc=_('Number of plugins loaded'),
),
summary,
)
def execute(self, **options):
result = {}
for namespace in self.api:
for plugin in self.api[namespace]():
cls = type(plugin)
key = '{}.{}'.format(cls.__module__, cls.__name__)
result.setdefault(key, []).append(namespace)
return dict(result=result, )
class plugins(LocalOrRemote):
__doc__ = _('Show all loaded plugins.')
msg_summary = ngettext('%(count)d plugin loaded',
'%(count)d plugins loaded', 0)
takes_options = LocalOrRemote.takes_options + (Flag(
'all',
cli_name='all',
doc=
_('retrieve and print all attributes from the server. Affects command output.'
),
exclude='webui',
flags=['no_output'],
default=True,
), )
has_output = (
Output('result', dict, 'Dictionary mapping plugin names to bases'),
Output(
'count',
type=int,
doc=_('Number of plugins loaded'),
),
summary,
)
def execute(self, **options):
plugins = sorted(self.api.plugins, key=lambda o: o.plugin)
return dict(
result=dict((p.plugin, p.bases) for p in plugins),
count=len(plugins),
)
def _iter_output(self):
if type(self.has_output) is not tuple:
raise TypeError('%s.has_output: need a %r; got a %r: %r' % (
self.name, tuple, type(self.has_output), self.has_output)
)
for (i, o) in enumerate(self.has_output):
if isinstance(o, str):
o = Output(o)
if not isinstance(o, Output):
raise TypeError('%s.has_output[%d]: need a %r; got a %r: %r' % (
self.name, i, (str, Output), type(o), o)
)
yield o
def _create_output(self, api, schema):
if schema.get('multivalue', False):
type_type = (tuple, list)
if not schema.get('required', True):
type_type = type_type + (type(None), )
else:
try:
type_type = _TYPES[schema['type']]
except KeyError:
type_type = None
else:
if not schema.get('required', True):
type_type = (type_type, type(None))
kwargs = {}
kwargs['type'] = type_type
if 'doc' in schema:
kwargs['doc'] = schema['doc']
if schema.get('no_display', False):
kwargs['flags'] = ('no_display', )
return Output(str(schema['name']), **kwargs)
class batch(Command):
NO_CLI = True
takes_args = (
Any('methods*',
doc=_('Nested Methods to execute'),
),
)
take_options = (
Str('version',
cli_name='version',
doc=_('Client version. Used to determine if server will accept request.'),
exclude='webui',
flags=['no_option', 'no_output'],
default=API_VERSION,
autofill=True,
),
)
has_output = (
Output('count', int, doc=''),
Output('results', (list, tuple), doc='')
)
def execute(self, *args, **options):
results = []
for arg in args[0]:
params = dict()
name = None
try:
if 'method' not in arg:
raise errors.RequirementError(name='method')
if 'params' not in arg:
raise errors.RequirementError(name='params')
name = arg['method']
if name not in self.Command:
raise errors.CommandError(name=name)
a, kw = arg['params']
newkw = dict((str(k), v) for k, v in kw.items())
params = api.Command[name].args_options_2_params(*a, **newkw)
newkw.setdefault('version', options['version'])
result = api.Command[name](*a, **newkw)
self.info(
'%s: batch: %s(%s): SUCCESS', context.principal, name, ', '.join(api.Command[name]._repr_iter(**params))
)
result['error']=None
except Exception as e:
if isinstance(e, errors.RequirementError) or \
isinstance(e, errors.CommandError):
self.info(
'%s: batch: %s',
context.principal, # pylint: disable=no-member
e.__class__.__name__
)
else:
self.info(
'%s: batch: %s(%s): %s',
context.principal, name, # pylint: disable=no-member
', '.join(api.Command[name]._repr_iter(**params)),
e.__class__.__name__
)
if isinstance(e, errors.PublicError):
reported_error = e
else:
reported_error = errors.InternalError()
result = dict(
error=reported_error.strerror,
error_code=reported_error.errno,
error_name=unicode(type(reported_error).__name__),
)
results.append(result)
return dict(count=len(results) , results=results)
class json_metadata(Command):
__doc__ = _('Export plugin meta-data for the webUI.')
NO_CLI = True
takes_args = (
Str('objname?',
doc=_('Name of object to export'),
),
Str('methodname?',
doc=_('Name of method to export'),
),
)
takes_options = (
Str('object?',
doc=_('Name of object to export'),
),
Str('method?',
doc=_('Name of method to export'),
),
Str('command?',
doc=_('Name of command to export'),
),
)
has_output = (
Output('objects', dict, doc=_('Dict of JSON encoded IPA Objects')),
Output('methods', dict, doc=_('Dict of JSON encoded IPA Methods')),
Output('commands', dict, doc=_('Dict of JSON encoded IPA Commands')),
)
def execute(self, objname=None, methodname=None, **options):
objects = dict()
methods = dict()
commands = dict()
empty = True
try:
if not objname:
objname = options['object']
if objname in self.api.Object:
o = self.api.Object[objname]
objects = dict([(o.name, json_serialize(o))])
elif objname == "all":
objects = dict(
(o.name, json_serialize(o)) for o in self.api.Object()
if o is self.api.Object[o.name]
)
empty = False
except KeyError:
pass
try:
if not methodname:
methodname = options['method']
if (methodname in self.api.Method and
not isinstance(self.api.Method[methodname], Local)):
m = self.api.Method[methodname]
methods = dict([(m.name, json_serialize(m))])
elif methodname == "all":
methods = dict(
(m.name, json_serialize(m)) for m in self.api.Method()
if (m is self.api.Method[m.name] and
not isinstance(m, Local))
)
empty = False
except KeyError:
pass
try:
cmdname = options['command']
if (cmdname in self.api.Command and
not isinstance(self.api.Command[cmdname], Local)):
c = self.api.Command[cmdname]
commands = dict([(c.name, json_serialize(c))])
elif cmdname == "all":
commands = dict(
(c.name, json_serialize(c)) for c in self.api.Command()
if (c is self.api.Command[c.name] and
not isinstance(c, Local))
)
empty = False
except KeyError:
pass
if empty:
objects = dict(
(o.name, json_serialize(o)) for o in self.api.Object()
if o is self.api.Object[o.name]
)
methods = dict(
(m.name, json_serialize(m)) for m in self.api.Method()
if (m is self.api.Method[m.name] and
not isinstance(m, Local))
)
commands = dict(
(c.name, json_serialize(c)) for c in self.api.Command()
if (c is self.api.Command[c.name] and
not isinstance(c, Local))
)
retval = dict([
("objects", objects),
("methods", methods),
("commands", commands),
])
return retval
class i18n_messages(Command):
__doc__ = _('Internationalization messages')
NO_CLI = True
messages = {
"ajax": {
"401": {
"message": _("Your session has expired. Please log in again."),
},
},
"actions": {
"apply": _("Apply"),
"automember_rebuild": _("Rebuild auto membership"),
"automember_rebuild_confirm": _("Are you sure you want to rebuild auto membership?"),
"automember_rebuild_success": _("Automember rebuild membership task completed"),
"confirm": _("Are you sure you want to proceed with the action?"),
"delete_confirm": _("Are you sure you want to delete ${object}?"),
"disable_confirm": _("Are you sure you want to disable ${object}?"),
"enable_confirm": _("Are you sure you want to enable ${object}?"),
"title": _("Actions"),
},
"association": {
"add": {
"ipasudorunas": _("Add RunAs ${other_entity} into ${entity} ${primary_key}"),
"ipasudorunasgroup": _("Add RunAs Groups into ${entity} ${primary_key}"),
"managedby": _("Add ${other_entity} Managing ${entity} ${primary_key}"),
"member": _("Add ${other_entity} into ${entity} ${primary_key}"),
"memberallowcmd": _("Add Allow ${other_entity} into ${entity} ${primary_key}"),
"memberdenycmd": _("Add Deny ${other_entity} into ${entity} ${primary_key}"),
"memberof": _("Add ${entity} ${primary_key} into ${other_entity}"),
},
"added": _("${count} item(s) added"),
"direct_membership": _("Direct Membership"),
"filter_placeholder": _("Filter available ${other_entity}"),
"indirect_membership": _("Indirect Membership"),
"no_entries": _("No entries."),
"paging": _("Showing ${start} to ${end} of ${total} entries."),
"remove": {
"ipasudorunas": _("Remove RunAs ${other_entity} from ${entity} ${primary_key}"),
"ipasudorunasgroup": _("Remove RunAs Groups from ${entity} ${primary_key}"),
"managedby": _("Remove ${other_entity} Managing ${entity} ${primary_key}"),
"member": _("Remove ${other_entity} from ${entity} ${primary_key}"),
"memberallowcmd": _("Remove Allow ${other_entity} from ${entity} ${primary_key}"),
"memberdenycmd": _("Remove Deny ${other_entity} from ${entity} ${primary_key}"),
"memberof": _("Remove ${entity} ${primary_key} from ${other_entity}"),
},
"removed": _("${count} item(s) removed"),
"show_results": _("Show Results"),
},
"authtype": {
"auth_indicators": _("Authentication indicators"),
"auth_indicator": _("Authentication indicator"),
"config_tooltip": _("<p>Implicit method (password) will be used if no method is chosen.</p><p><strong>Password + Two-factor:</strong> LDAP and Kerberos allow authentication with either one of the authentication types but Kerberos uses pre-authentication method which requires to use armor ccache.</p><p><strong>RADIUS with another type:</strong> Kerberos always use RADIUS, but LDAP never does. LDAP only recognize the password and two-factor authentication options.</p>"),
"custom_auth_ind_title": _("Add Custom Authentication Indicator"),
"otp": _("OTP"),
"type_otp": _("Two factor authentication (password + OTP)"),
"type_password": _("Password"),
"type_radius": _("RADIUS"),
"type_disabled": _("Disable per-user override"),
"user_tooltip": _("<p>Per-user setting, overwrites the global setting if any option is checked.</p><p><strong>Password + Two-factor:</strong> LDAP and Kerberos allow authentication with either one of the authentication types but Kerberos uses pre-authentication method which requires to use armor ccache.</p><p><strong>RADIUS with another type:</strong> Kerberos always use RADIUS, but LDAP never does. LDAP only recognize the password and two-factor authentication options.</p>"),
},
"buttons": {
"about": _("About"),
"activate": _("Activate"),
"add": _("Add"),
"add_and_add_another": _("Add and Add Another"),
"add_and_close": _("Add and Close"),
"add_and_edit": _("Add and Edit"),
"add_many": _("Add Many"),
"apply": _("Apply"),
"back": _("Back"),
"cancel": _("Cancel"),
"clear": _("Clear"),
"clear_title": _("Clear all fields on the page."),
"close": _("Close"),
"disable": _("Disable"),
"download": _("Download"),
"download_title": _("Download certificate as PEM formatted file."),
"edit": _("Edit"),
"enable": _("Enable"),
"filter": _("Filter"),
"find": _("Find"),
"get": _("Get"),
"hide": _("Hide"),
"issue": _("Issue"),
"match": _("Match"),
"match_title": _("Match users according to certificate."),
"ok": _("OK"),
"refresh": _("Refresh"),
"refresh_title": _("Reload current settings from the server."),
"remove": _("Delete"),
"remove_hold": _("Remove hold"),
"reset": _("Reset"),
"reset_password_and_login": _("Reset Password and Login"),
"restore": _("Restore"),
"retry": _("Retry"),
"revert": _("Revert"),
"revert_title": ("Undo all unsaved changes."),
"revoke": _("Revoke"),
"save": _("Save"),
"set": _("Set"),
"show": _("Show"),
"stage": _("Stage"),
"unapply": ("Un-apply"),
"update": _("Update"),
"view": _("View"),
},
"customization": {
"customization": _("Customization"),
"table_pagination": _("Pagination Size"),
},
"details": {
"collapse_all": _("Collapse All"),
"expand_all": _("Expand All"),
"general": _("General"),
"identity": _("Identity Settings"),
"settings": _("${entity} ${primary_key} Settings"),
"to_top": _("Back to Top"),
"updated": _("${entity} ${primary_key} updated"),
},
"dialogs": {
"add_confirmation": _("${entity} successfully added"),
"add_custom_value": _("Add custom value"),
"add_title": _("Add ${entity}"),
"available": _("Available"),
"batch_error_message": _("Some operations failed."),
"batch_error_title": _("Operations Error"),
"confirmation": _("Confirmation"),
"custom_value": _("Custom value"),
"dirty_message": _("This page has unsaved changes. Please save or revert."),
"dirty_title": _("Unsaved Changes"),
"edit_title": _("Edit ${entity}"),
"hide_details": _("Hide details"),
"about_title": _("About"),
"about_message": _("${product}, version: ${version}"),
"prospective": _("Prospective"),
"redirection": _("Redirection"),
"remove_empty": _("Select entries to be removed."),
"remove_title": _("Remove ${entity}"),
"result": _("Result"),
"show_details": _("Show details"),
"success": _("Success"),
"validation_title": _("Validation error"),
"validation_message": _("Input form contains invalid or missing values."),
},
"error_report": {
"options": _("Please try the following options:"),
"problem_persists": _("If the problem persists please contact the system administrator."),
"refresh": _("Refresh the page."),
"reload": _("Reload the browser."),
"main_page": _("Return to the main page and retry the operation"),
"title": _("An error has occurred (${error})"),
},
"errors": {
"error": _("Error"),
"http_error": _("HTTP Error"),
"internal_error": _("Internal Error"),
"ipa_error": _("IPA Error"),
"no_response": _("No response"),
"unknown_error": _("Unknown Error"),
"url": _("URL"),
},
"facet_groups": {
"managedby": _("${primary_key} is managed by:"),
"member": _("${primary_key} members:"),
"memberof": _("${primary_key} is a member of:"),
},
"facets": {
"details": _("Settings"),
"search": _("Search"),
},
"false": _("False"),
"keytab": {
"add_create": _("Allow ${other_entity} to create keytab of ${primary_key}"),
"add_retrive": _("Allow ${other_entity} to retrieve keytab of ${primary_key}"),
"allowed_to_create": _("Allowed to create keytab"),
"allowed_to_retrieve": _("Allowed to retrieve keytab"),
"remove_create": _("Disallow ${other_entity} to create keytab of ${primary_key}"),
"remove_retrieve": _("Disallow ${other_entity} to retrieve keytab of ${primary_key}"),
},
"krbaliases": {
"adder_title": _("Add Kerberos Principal Alias"),
"add_krbal_label": _("New kerberos principal alias"),
"remove_title": _("Remove Kerberos Alias"),
"remove_message": _("Do you want to remove kerberos alias ${alias}?"),
},
"krbauthzdata": {
"inherited": _("Inherited from server configuration"),
"mspac": _("MS-PAC"),
"override": _("Override inherited settings"),
"pad": _("PAD"),
},
"login": {
"authenticating": _("Authenticating"),
"form_auth": _(
"<i class=\"fa fa-info-circle\"></i> To log in with "
"<strong>username and password</strong>, enter them in the "
"corresponding fields, then click 'Log in'."),
"header": _("Logged In As"),
"krb_auth_msg": _(
"<i class=\"fa fa-info-circle\"></i> To log in with "
"<strong>Kerberos</strong>, please make sure you have valid "
"tickets (obtainable via kinit) and <a href='http://${host}/"
"ipa/config/ssbrowser.html'>configured</a> the browser "
"correctly, then click 'Log in'."),
"loading": _("Loading"),
"loading_md": _("Loading data"),
"login": _("Log in"),
"login_certificate": _("Log In Using Certificate"),
"login_certificate_desc": _("Log in using personal certificate"),
"logout": _("Log out"),
"logout_error": _("Log out error"),
"password": _("Password"),
"password_and_otp": _("Password or Password+One-Time-Password"),
"sync_otp_token": _("Sync OTP Token"),
"synchronizing": _("Synchronizing"),
"username": _("Username"),
},
"measurement_units": {
"number_of_passwords": _("number of passwords"),
"seconds": _("seconds"),
},
"objects": {
"aci": {
"attribute": _("Attribute"),
},
"automember": {
"add_condition": _("Add Condition into ${pkey}"),
"add_rule": _("Add Rule"),
"attribute": _("Attribute"),
"default_host_group": _("Default host group"),
"default_user_group": _("Default user group"),
"exclusive": _("Exclusive"),
"expression": _("Expression"),
"hostgrouprule": _("Host group rule"),
"hostgrouprules": _("Host group rules"),
"inclusive": _("Inclusive"),
"usergrouprule": _("User group rule"),
"usergrouprules": _("User group rules"),
},
"automountkey": {
},
"automountlocation": {
"identity": _("Automount Location Settings")
},
"automountmap": {
"map_type": _("Map Type"),
"direct": _("Direct"),
"indirect": _("Indirect"),
},
"caacl": {
"all": _("All"),
"any_ca": _("Any CA"),
"any_host": _("Any Host"),
"any_service": _("Any Service"),
"any_profile": _("Any Profile"),
"anyone": _("Anyone"),
"ipaenabledflag": _("Rule status"),
"no_ca_msg": _("If no CAs are specified, requests to the default CA are allowed."),
"profile": _("Profiles"),
"specified_cas": _("Specified CAs"),
"specified_hosts": _("Specified Hosts and Groups"),
"specified_profiles": _("Specified Profiles"),
"specified_services": _("Specified Services and Groups"),
"specified_users": _("Specified Users and Groups"),
"who": _("Permitted to have certificates issued"),
},
"cert": {
"aa_compromise": _("AA Compromise"),
"add_principal": _("Add principal"),
"affiliation_changed": _("Affiliation Changed"),
"ca": _("CA"),
"ca_compromise": _("CA Compromise"),
"certificate": _("Certificate"),
"certificates": _("Certificates"),
"certificate_hold": _("Certificate Hold"),
"cessation_of_operation": _("Cessation of Operation"),
"common_name": _("Common Name"),
"download": _("Download"),
"delete_cert_end": _("the certificate with serial number "),
"expires_on": _("Expires On"),
"find_issuedon_from": _("Issued on from"),
"find_issuedon_to": _("Issued on to"),
"find_max_serial_number": _("Maximum serial number"),
"find_min_serial_number": _("Minimum serial number"),
"find_revocation_reason": _("Revocation reason"),
"find_revokedon_from": _("Revoked on from"),
"find_revokedon_to": _("Revoked on to"),
"find_subject": _("Subject"),
"find_validnotafter_from": _("Valid not after from"),
"find_validnotafter_to": _("Valid not after to"),
"find_validnotbefore_from": _("Valid not before from"),
"find_validnotbefore_to": _("Valid not before to"),
"fingerprints": _("Fingerprints"),
"get_certificate": _("Get Certificate"),
"hold_removed": _("Certificate Hold Removed"),
"issue_certificate": _("Issue New Certificate for ${entity} ${primary_key}"),
"issue_certificate_generic": _("Issue New Certificate"),
"issued_by": _("Issued By"),
"issued_on": _("Issued On"),
"issued_to": _("Issued To"),
"key_compromise": _("Key Compromise"),
"missing": _("No Valid Certificate"),
"new_certificate": _("New Certificate"),
"new_cert_format": _("Certificate in base64 or PEM format"),
"note": _("Note"),
"organization": _("Organization"),
"organizational_unit": _("Organizational Unit"),
"present": _("${count} certificate(s) present"),
"privilege_withdrawn": _("Privilege Withdrawn"),
"reason": _("Reason for Revocation"),
"remove_hold": _("Remove Hold"),
"remove_certificate_hold": _("Remove Certificate Hold for ${entity} ${primary_key}"),
"remove_certificate_hold_simple": _("Remove Certificate Hold"),
"remove_certificate_hold_confirmation": _("Do you want to remove the certificate hold?"),
"remove_from_crl": _("Remove from CRL"),
"request_message": _("<ol> <li>Create a certificate database or use an existing one. To create a new database:<br/> <code># certutil -N -d <database path></code> </li> <li>Create a CSR with subject <em>CN=<${cn_name}>,O=<realm></em>, for example:<br/> <code># certutil -R -d <database path> -a -g <key size> -s 'CN=${cn},O=${realm}'${san}</code> </li> <li> Copy and paste the CSR (from <em>-----BEGIN NEW CERTIFICATE REQUEST-----</em> to <em>-----END NEW CERTIFICATE REQUEST-----</em>) into the text area below: </li> </ol>"),
"request_message_san": _(" -8 '${cn}'"),
"requested": _("Certificate requested"),
"revocation_reason": _("Revocation reason"),
"revoke_certificate": _("Revoke Certificate for ${entity} ${primary_key}"),
"revoke_certificate_simple": _("Revoke Certificate"),
"revoke_confirmation": _("Do you want to revoke this certificate? Select a reason from the pull-down list."),
"revoked": _("Certificate Revoked"),
"revoked_status": _("REVOKED"),
"serial_number": _("Serial Number"),
"serial_number_hex": _("Serial Number (hex)"),
"sha1_fingerprint": _("SHA1 Fingerprint"),
"sha256_fingerprint": _("SHA256 Fingerprint"),
"status": _("Status"),
"superseded": _("Superseded"),
"unspecified": _("Unspecified"),
"valid": _("Valid Certificate Present"),
"valid_from": _("Valid from"),
"valid_to": _("Valid to"),
"validity": _("Validity"),
"view_certificate": _("Certificate for ${entity} ${primary_key}"),
"view_certificate_btn": _("View Certificate"),
},
"certmap_match": {
"cert_data": _("Certificate Data"),
"cert_for_match": _("Certificate For Match"),
"facet_label": _("Certificate Mapping Match"),
"domain": _("Domain"),
"matched_users": _("Matched Users"),
"userlogin": _("User Login"),
},
"certmap": {
"adder_title": _("Add Certificate Mapping Data"),
"data_label": _("Certificate mapping data"),
"certificate": _("Certificate"),
"conf_str": _("Configuration string"),
"deleter_content": _("Do you want to remove certificate mapping data ${data}?"),
"deleter_title": _("Remove Certificate Mapping Data"),
"issuer": _("Issuer"),
"issuer_subject": _("Issuer and subject"),
"subject": _("Subject"),
"version": _("Version"),
},
"config": {
"group": _("Group Options"),
"search": _("Search Options"),
"selinux": _("SELinux Options"),
"service": _("Service Options"),
"user": _("User Options"),
},
"delegation": {
},
"dnsconfig": {
"forward_first": _("Forward first"),
"forward_none": _("Forwarding disabled"),
"forward_only": _("Forward only"),
"options": _("Options"),
"update_dns": _("Update System DNS Records"),
"update_dns_dialog_msg": _("Do you want to update system DNS records?"),
"updated_dns": _("System DNS records updated"),
},
"dnsrecord": {
"data": _("Data"),
"deleted_no_data": _("DNS record was deleted because it contained no data."),
"other": _("Other Record Types"),
"ptr_redir_address_err": _("Address not valid, can't redirect"),
"ptr_redir_create": _("Create dns record"),
"ptr_redir_creating": _("Creating record."),
"ptr_redir_creating_err": _("Record creation failed."),
"ptr_redir_record": _("Checking if record exists."),
"ptr_redir_record_err": _("Record not found."),
"ptr_redir_title": _("Redirection to PTR record"),
"ptr_redir_zone": _("Zone found: ${zone}"),
"ptr_redir_zone_err": _("Target reverse zone not found."),
"ptr_redir_zones": _("Fetching DNS zones."),
"ptr_redir_zones_err": _("An error occurred while fetching dns zones."),
"redirection_dnszone": _("You will be redirected to DNS Zone."),
"standard": _("Standard Record Types"),
"title": _("Records for DNS Zone"),
"type": _("Record Type"),
},
"dnszone": {
"identity": _("DNS Zone Settings"),
"add_permission":_("Add Permission"),
"add_permission_confirm":_("Are you sure you want to add permission for DNS Zone ${object}?"),
"remove_permission": _("Remove Permission"),
"remove_permission_confirm": _("Are you sure you want to remove permission for DNS Zone ${object}?"),
"skip_dns_check": _("Skip DNS check"),
"skip_overlap_check": _("Skip overlap check"),
"soamname_change_message": _("Do you want to check if new authoritative nameserver address is in DNS"),
"soamname_change_title": _("Authoritative nameserver change"),
},
"domainlevel": {
"label": _("Domain Level"),
"label_singular": _("Domain Level"),
"ipadomainlevel": _("Level"),
"set": _("Set Domain Level"),
},
"group": {
"details": _("Group Settings"),
"external": _("External"),
"groups": _("Groups"),
"group_categories": _("Group categories"),
"make_external": _("Change to external group"),
"make_posix": _("Change to POSIX group"),
"nonposix": _("Non-POSIX"),
"posix": _("POSIX"),
"type": _("Group Type"),
"user_groups": _("User Groups"),
},
"hbacrule": {
"any_host": _("Any Host"),
"any_service": _("Any Service"),
"anyone": _("Anyone"),
"host": _("Accessing"),
"ipaenabledflag": _("Rule status"),
"service": _("Via Service"),
"specified_hosts": _("Specified Hosts and Groups"),
"specified_services": _("Specified Services and Groups"),
"specified_users": _("Specified Users and Groups"),
"user": _("Who"),
},
"hbacsvc": {
},
"hbacsvcgroup": {
"services": _("Services"),
},
"hbactest": {
"access_denied": _("Access Denied"),
"access_granted": _("Access Granted"),
"include_disabled": _("Include Disabled"),
"include_enabled": _("Include Enabled"),
"label": _("HBAC Test"),
"matched": _("Matched"),
"missing_values": _("Missing values: "),
"new_test": _("New Test"),
"rules": _("Rules"),
"run_test": _("Run Test"),
"specify_external": _("Specify external ${entity}"),
"unmatched": _("Unmatched"),
},
"host": {
"certificate": _("Host Certificate"),
"cn": _("Host Name"),
"delete_key_unprovision": _("Delete Key, Unprovision"),
"details": _("Host Settings"),
"enrolled": _("Enrolled"),
"enrollment": _("Enrollment"),
"fqdn": _("Fully Qualified Host Name"),
"generate_otp": _("Generate OTP"),
"generated_otp": _("Generated OTP"),
"keytab": _("Kerberos Key"),
"keytab_missing": _("Kerberos Key Not Present"),
"keytab_present": _("Kerberos Key Present, Host Provisioned"),
"password": _("One-Time-Password"),
"password_missing": _("One-Time-Password Not Present"),
"password_present": _("One-Time-Password Present"),
"password_reset_button": _("Reset OTP"),
"password_reset_title": _("Reset One-Time-Password"),
"password_set_button": _("Set OTP"),
"password_set_success": _("OTP set"),
"password_set_title": _("Set One-Time-Password"),
"status": _("Status"),
"unprovision": _("Unprovision"),
"unprovision_confirmation": _("Are you sure you want to unprovision this host?"),
"unprovision_title": _("Unprovisioning ${entity}"),
"unprovisioned": _("Host unprovisioned"),
},
"hostgroup": {
"host_group": _("Host Groups"),
"identity": _("Host Group Settings"),
},
"idoverrideuser": {
"anchor_label": _("User to override"),
"anchor_tooltip": _("Enter trusted or IPA user login. Note: search doesn't list users from trusted domains."),
"anchor_tooltip_ad": _("Enter trusted user login."),
"profile": _("Profile"),
},
"idoverridegroup": {
"anchor_label": _("Group to override"),
"anchor_tooltip": _("Enter trusted or IPA group name. Note: search doesn't list groups from trusted domains."),
"anchor_tooltip_ad": _("Enter trusted group name."),
},
"idview": {
"appliesto_tab": _("${primary_key} applies to:"),
"appliedtohosts": _("Applied to hosts"),
"appliedtohosts_title": _("Applied to hosts"),
"apply_hostgroups": _("Apply to host groups"),
"apply_hostgroups_title": _("Apply ID View ${primary_key} on hosts of ${entity}"),
"apply_hosts": _("Apply to hosts"),
"apply_hosts_title": _("Apply ID view ${primary_key} on ${entity}"),
"ipaassignedidview": _("Assigned ID View"),
"overrides_tab": _("${primary_key} overrides:"),
"unapply_hostgroups": _("Un-apply from host groups"),
"unapply_hostgroups_all_title": _("Un-apply ID Views from hosts of hostgroups"),
"unapply_hostgroups_title": _("Un-apply ID View ${primary_key} from hosts of ${entity}"),
"unapply_hosts": _("Un-apply"),
"unapply_hosts_all": _("Un-apply from hosts"),
"unapply_hosts_all_title": _("Un-apply ID Views from hosts"),
"unapply_hosts_confirm": _("Are you sure you want to un-apply ID view from selected entries?"),
"unapply_hosts_title": _("Un-apply ID View ${primary_key} from hosts"),
},
"krbtpolicy": {
"identity": _("Kerberos Ticket Policy"),
},
"netgroup": {
"any_host": _("Any Host"),
"anyone": _("Anyone"),
"external": _("External"),
"host": _("Host"),
"hostgroups": _("Host Groups"),
"hosts": _("Hosts"),
"identity": _("Netgroup Settings"),
"netgroups": _("Netgroups"),
"specified_hosts": _("Specified Hosts and Groups"),
"specified_users": _("Specified Users and Groups"),
"user": _("User"),
"usergroups": _("User Groups"),
"users": _("Users"),
},
"otptoken": {
"add_token": _("Add OTP Token"),
"app_link": _("You can use <a href=\"${link}\" target=\"_blank\">FreeOTP<a/> as a software OTP token application."),
"config_title": _("Configure your token"),
"config_instructions": _("Configure your token by scanning the QR code below. Click on the QR code if you see this on the device you want to configure."),
"details": _("OTP Token Settings"),
"disable": _("Disable token"),
"enable": _("Enable token"),
"show_qr": _("Show QR code"),
"show_uri": _("Show configuration uri"),
"type_hotp": _("Counter-based (HOTP)"),
"type_totp": _("Time-based (TOTP)"),
},
"permission": {
"add_custom_attr": _("Add Custom Attribute"),
"attribute": _("Attribute"),
"filter": _("Filter"),
"identity": _("Permission settings"),
"managed": _("Attribute breakdown"),
"target": _("Target"),
},
"privilege": {
"identity": _("Privilege Settings"),
},
"publickey": {
"set_dialog_help": _("Public key:"),
"set_dialog_title": _("Set public key"),
"show_set_key": _("Show/Set key"),
"status_mod_ns": _("Modified: key not set"),
"status_mod_s": _("Modified"),
"status_new_ns": _("New: key not set"),
"status_new_s": _("New: key set"),
},
"pwpolicy": {
"identity": _("Password Policy"),
},
"idrange": {
"details": _("Range Settings"),
"ipabaseid": _("Base ID"),
"ipabaserid": _("Primary RID base"),
"ipaidrangesize": _("Range size"),
"ipanttrusteddomainsid": _("Domain SID"),
"ipasecondarybaserid": _("Secondary RID base"),
"type": _("Range type"),
"type_ad": _("Active Directory domain"),
"type_ad_posix": _("Active Directory domain with POSIX attributes"),
"type_detect": _("Detect"),
"type_local": _("Local domain"),
"type_ipa": _("IPA trust"),
"type_winsync": _("Active Directory winsync"),
},
"radiusproxy": {
"details": _("RADIUS Proxy Server Settings"),
},
"realmdomains": {
"identity": _("Realm Domains"),
"check_dns": _("Check DNS"),
"check_dns_confirmation": _("Do you also want to perform DNS check?"),
"force_update": _("Force Update"),
},
"role": {
"identity": _("Role Settings"),
},
"selfservice": {
},
"selinuxusermap": {
"any_host": _("Any Host"),
"anyone": _("Anyone"),
"host": _("Host"),
"specified_hosts": _("Specified Hosts and Groups"),
"specified_users": _("Specified Users and Groups"),
"user": _("User"),
},
"server_role": {
"label": _("Server Roles"),
"label_singular": _("Server Role"),
},
"servers": {
"svc_warning_title": _("Warning: Consider service replication"),
"svc_warning_message": _("It is strongly recommended to keep the following services installed on more than one server:"),
"remove_server": _("Delete Server"),
"remove_server_msg": _("Deleting a server removes it permanently from the topology. Note that this is a non-reversible action.")
},
"service": {
"certificate": _("Service Certificate"),
"delete_key_unprovision": _("Delete Key, Unprovision"),
"details": _("Service Settings"),
"host": _("Host Name"),
"missing": _("Kerberos Key Not Present"),
"provisioning": _("Provisioning"),
"service": _("Service"),
"status": _("Status"),
"unprovision": _("Unprovision"),
"unprovision_confirmation": _("Are you sure you want to unprovision this service?"),
"unprovision_title": _("Unprovisioning ${entity}"),
"unprovisioned": _("Service unprovisioned"),
"valid": _("Kerberos Key Present, Service Provisioned"),
},
"sshkeystore": {
"keys": _("SSH public keys"),
"set_dialog_help": _("SSH public key:"),
"set_dialog_title": _("Set SSH key"),
"show_set_key": _("Show/Set key"),
"status_mod_ns": _("Modified: key not set"),
"status_mod_s": _("Modified"),
"status_new_ns": _("New: key not set"),
"status_new_s": _("New: key set"),
},
"stageuser": {
"activate_confirm": _("Are you sure you want to activate selected users?"),
"activate_one_confirm": _("Are you sure you want to activate ${object}?"),
"activate_success": _("${count} user(s) activated"),
"label": _("Stage users"),
"preserved_label": _("Preserved users"),
"stage_confirm": _("Are you sure you want to stage selected users?"),
"stage_success": _("${count} users(s) staged"),
"stage_one_confirm": _("Are you sure you want to stage ${object}?"),
"undel_confirm": _("Are you sure you want to restore selected users?"),
"undel_one_confirm": _("Are you sure you want to restore ${object}?"),
"undel_success": _("${count} user(s) restored"),
"user_categories": _("User categories"),
},
"sudocmd": {
"groups": _("Groups"),
},
"sudocmdgroup": {
"commands": _("Commands"),
},
"sudorule": {
"allow": _("Allow"),
"any_command": _("Any Command"),
"any_group": _("Any Group"),
"any_host": _("Any Host"),
"anyone": _("Anyone"),
"command": _("Run Commands"),
"deny": _("Deny"),
"external": _("External"),
"host": _("Access this host"),
"ipaenabledflag": _("Rule status"),
"option_added": _("Option added"),
"option_removed": _("${count} option(s) removed"),
"options": _("Options"),
"runas": _("As Whom"),
"specified_commands": _("Specified Commands and Groups"),
"specified_groups": _("Specified Groups"),
"specified_hosts": _("Specified Hosts and Groups"),
"specified_users": _("Specified Users and Groups"),
"user": _("Who"),
},
"topology": {
"autogenerated": _("Autogenerated"),
"segment_details": _("Segment details"),
"replication_config": _("Replication configuration"),
"insufficient_domain_level" : _("Managed topology requires minimal domain level ${domainlevel}"),
},
"trust": {
"account": _("Account"),
"admin_account": _("Administrative account"),
"blacklists": _("SID blacklists"),
"details": _("Trust Settings"),
"domain": _("Domain"),
"establish_using": _("Establish using"),
"fetch_domains": _("Fetch domains"),
"ipantflatname": _("Domain NetBIOS name"),
"ipanttrusteddomainsid": _("Domain Security Identifier"),
"preshared_password": _("Pre-shared password"),
"trustdirection": _("Trust direction"),
"truststatus": _("Trust status"),
"trusttype": _("Trust type"),
"ipantadditionalsuffixes": _("Alternative UPN suffixes"),
},
"trustconfig": {
"options": _("Options"),
},
"user": {
"account": _("Account Settings"),
"account_status": _("Account Status"),
"activeuser_label": _("Active users"),
"contact": _("Contact Settings"),
"delete_mode": _("Delete mode"),
"employee": _("Employee Information"),
"error_changing_status": _("Error changing account status"),
"krbpasswordexpiration": _("Password expiration"),
"mailing": _("Mailing Address"),
"misc": _("Misc. Information"),
"mode_delete": _("delete"),
"mode_preserve": _("preserve"),
"noprivate": _("No private group"),
"status_confirmation": _("Are you sure you want to ${action} the user?<br/>The change will take effect immediately."),
"status_link": _("Click to ${action}"),
"unlock": _("Unlock"),
"unlock_confirm": _("Are you sure you want to unlock user ${object}?"),
},
"vault": {
"add_warn_arch_ret": _(
"Secrets can be added/retrieved to vault only by using "
"vault-archive and vault-retrieve from CLI."
),
"add_warn_standard": _(
"Content of 'standard' vaults can be seen by users with "
"higher privileges (admins)."
),
"asymmetric_type": _("Asymmetric"),
"config_title": _("Vaults Config"),
"group": _("Group"),
"members": _("Members"),
"my_vaults_title": _("My User Vaults"),
"owners": _("Owners"),
"service": _("Service"),
"service_vaults_title": _("Service Vaults"),
"shared": _("Shared"),
"shared_vaults_title": _("Shared Vaults"),
"standard_type": _("Standard"),
"symmetric_type": _("Symmetric"),
"type": _("Vault Type"),
"type_tooltip": _(
"Only standard vaults can be created in WebUI, use CLI "
"for other types of vaults."
),
"user": _("User"),
"user_vaults_title": _("User Vaults"),
},
},
"password": {
"current_password": _("Current Password"),
"current_password_required": _("Current password is required"),
"expires_in": _("Your password expires in ${days} days."),
"first_otp": _("First OTP"),
"invalid_password": _("The password or username you entered is incorrect."),
"new_password": _("New Password"),
"new_password_required": _("New password is required"),
"otp": _("OTP"),
"otp_info": _("<i class=\"fa fa-info-circle\"></i> <strong>One-Time-Password(OTP):</strong> Generate new OTP code for each OTP field."),
"otp_long": _("One-Time-Password"),
"otp_sync_fail": _("Token synchronization failed"),
"otp_sync_invalid": _("The username, password or token codes are not correct"),
"otp_sync_success":_("Token was synchronized"),
"password": _("Password"),
"password_and_otp": _("Password or Password+One-Time-Password"),
"password_change_complete": _("Password change complete"),
"password_must_match": _("Passwords must match"),
"reset_failure": _("Password reset was not successful."),
"reset_password": _("Reset Password"),
"reset_password_sentence": _("Reset your password."),
"second_otp": _("Second OTP"),
"token_id": _("Token ID"),
"verify_password": _("Verify Password"),
},
"profile-menu": {
"about": _("About"),
"configuration": _("Customization"),
"logout": _("Log out"),
"password_reset": _("Change password"),
"profile": _("Profile"),
},
"search": {
"delete_confirm": _("Are you sure you want to delete selected entries?"),
"deleted": _("${count} item(s) deleted"),
"disable_confirm": _("Are you sure you want to disable selected entries?"),
"disabled": _("${count} item(s) disabled"),
"enable_confirm": _("Are you sure you want to enable selected entries?"),
"enabled": _("${count} item(s) enabled"),
"partial_delete": _("Some entries were not deleted"),
"placeholder": _("Search"),
"placeholder_filter": _("Filter"),
"quick_links": _("Quick Links"),
"select_all": _("Select All"),
"truncated": _("Query returned more results than the configured size limit. Displaying the first ${counter} results."),
"unselect_all": _("Unselect All"),
},
"status": {
"disable": _("Disable"),
"disabled": _("Disabled"),
"enable": _("Enable"),
"enabled": _("Enabled"),
"label": _("Status"),
"working": _("Working"),
},
"tabs": {
"audit": _("Audit"),
"authentication": _("Authentication"),
"automember": _("Automember"),
"automount": _("Automount"),
"cert": _("Certificates"),
"dns": _("DNS"),
"hbac": _("Host-Based Access Control"),
"identity": _("Identity"),
"ipaserver": _("IPA Server"),
"network_services": _("Network Services"),
"policy": _("Policy"),
"role": _("Role-Based Access Control"),
"sudo": _("Sudo"),
"topology": _("Topology"),
"trust": _("Trusts"),
},
"true": _("True"),
"widget": {
"api_browser": _("API Browser"),
"first": _("First"),
"last": _("Last"),
"next": _("Next"),
"page": _("Page"),
"prev": _("Prev"),
"undo": _("Undo"),
"undo_title": _("Undo this change."),
"undo_all": _("Undo All"),
"undo_all_title": _("Undo all changes in this field."),
"validation": {
"error": _("Text does not match field pattern"),
"datetime": _("Must be an UTC date/time value (e.g., \"2014-01-20 17:58:01Z\")"),
"decimal": _("Must be a decimal number"),
"format": _("Format error"),
"integer": _("Must be an integer"),
"ip_address": _('Not a valid IP address'),
"ip_v4_address": _('Not a valid IPv4 address'),
"ip_v6_address": _('Not a valid IPv6 address'),
"max_value": _("Maximum value is ${value}"),
"min_value": _("Minimum value is ${value}"),
"net_address": _("Not a valid network address (examples: 2001:db8::/64, 192.0.2.0/24)"),
"parse": _("Parse error"),
"positive_number": _("Must be a positive number"),
"port": _("'${port}' is not a valid port"),
"required": _("Required field"),
"unsupported": _("Unsupported value"),
},
},
}
has_output = (
Output('texts', dict, doc=_('Dict of I18N messages')),
)
def execute(self, **options):
return dict(texts=json_serialize(self.messages))
class env(LocalOrRemote):
__doc__ = _('Show environment variables.')
msg_summary = _('%(count)d variables')
takes_args = ('variables*', )
takes_options = LocalOrRemote.takes_options + (Flag(
'all',
cli_name='all',
doc=
_('retrieve and print all attributes from the server. Affects command output.'
),
exclude='webui',
flags=['no_output'],
default=True,
), )
has_output = (
Output(
'result',
type=dict,
doc=_('Dictionary mapping variable name to value'),
),
Output(
'total',
type=int,
doc=_('Total number of variables env (>= count)'),
flags=['no_display'],
),
Output(
'count',
type=int,
doc=_('Number of variables returned (<= total)'),
flags=['no_display'],
),
summary,
)
def __find_keys(self, variables):
keys = set()
for query in variables:
if '*' in query:
pat = re.compile(query.replace('*', '.*') + '$')
for key in self.env:
if pat.match(key):
keys.add(key)
elif query in self.env:
keys.add(query)
return keys
def execute(self, variables, **options):
if variables is None:
keys = self.env
else:
keys = self.__find_keys(variables)
ret = dict(
result=dict((key, self.env[key]) for key in keys),
count=len(keys),
total=len(self.env),
)
if len(keys) > 1:
ret['summary'] = self.msg_summary % ret
else:
ret['summary'] = None
return ret
class batch(Command):
NO_CLI = True
takes_args = (Dict(
'methods*',
doc=_('Nested Methods to execute'),
), )
take_options = (Str(
'version',
cli_name='version',
doc=_(
'Client version. Used to determine if server will accept request.'
),
exclude='webui',
flags=['no_option', 'no_output'],
default=API_VERSION,
autofill=True,
), )
has_output = (Output('count', int,
doc=''), Output('results', (list, tuple), doc=''))
def execute(self, methods=None, **options):
results = []
for arg in (methods or []):
params = dict()
name = None
try:
if 'method' not in arg:
raise errors.RequirementError(name='method')
if 'params' not in arg:
raise errors.RequirementError(name='params')
name = arg['method']
if (name not in self.api.Command
or isinstance(self.api.Command[name], Local)):
raise errors.CommandError(name=name)
# If params are not formated as a tuple(list, dict)
# the following lines will raise an exception
# that triggers an internal server error
# Raise a ConversionError instead to report the issue
# to the client
try:
a, kw = arg['params']
newkw = dict((str(k), v) for k, v in kw.items())
params = api.Command[name].args_options_2_params(
*a, **newkw)
except (AttributeError, ValueError, TypeError):
raise errors.ConversionError(
name='params',
error=_(u'must contain a tuple (list, dict)'))
newkw.setdefault('version', options['version'])
result = api.Command[name](*a, **newkw)
self.info('%s: batch: %s(%s): SUCCESS',
getattr(context, 'principal', 'UNKNOWN'), name,
', '.join(api.Command[name]._repr_iter(**params)))
result['error'] = None
except Exception as e:
if isinstance(e, errors.RequirementError) or \
isinstance(e, errors.CommandError):
self.info(
'%s: batch: %s',
context.principal, # pylint: disable=no-member
e.__class__.__name__)
else:
self.info(
'%s: batch: %s(%s): %s',
context.principal,
name, # pylint: disable=no-member
', '.join(api.Command[name]._repr_iter(**params)),
e.__class__.__name__)
if isinstance(e, errors.PublicError):
reported_error = e
else:
reported_error = errors.InternalError()
result = dict(
error=reported_error.strerror,
error_code=reported_error.errno,
error_name=unicode(type(reported_error).__name__),
error_kw=reported_error.kw,
)
results.append(result)
return dict(count=len(results), results=results)
class cert_request(VirtualCommand):
__doc__ = _('Submit a certificate signing request.')
takes_args = (File(
'csr',
validate_csr,
label=_('CSR'),
cli_name='csr_file',
normalizer=normalize_csr,
), )
operation = "request certificate"
takes_options = (
Str(
'principal',
label=_('Principal'),
doc=
_('Service principal for this certificate (e.g. HTTP/test.example.com)'
),
),
Str(
'request_type',
default=u'pkcs10',
autofill=True,
),
Flag('add',
doc=_("automatically add the principal if it doesn't exist"),
default=False,
autofill=True),
)
has_output_params = (
Str(
'certificate',
label=_('Certificate'),
),
Str(
'subject',
label=_('Subject'),
),
Str(
'issuer',
label=_('Issuer'),
),
Str(
'valid_not_before',
label=_('Not Before'),
),
Str(
'valid_not_after',
label=_('Not After'),
),
Str(
'md5_fingerprint',
label=_('Fingerprint (MD5)'),
),
Str(
'sha1_fingerprint',
label=_('Fingerprint (SHA1)'),
),
Str(
'serial_number',
label=_('Serial number'),
),
Str(
'serial_number_hex',
label=_('Serial number (hex)'),
),
)
has_output = (Output(
'result',
type=dict,
doc=_('Dictionary mapping variable name to value'),
), )
def execute(self, csr, **kw):
ldap = self.api.Backend.ldap2
principal = kw.get('principal')
add = kw.get('add')
del kw['principal']
del kw['add']
service = None
"""
Access control is partially handled by the ACI titled
'Hosts can modify service userCertificate'. This is for the case
where a machine binds using a host/ prinicpal. It can only do the
request if the target hostname is in the managedBy attribute which
is managed using the add/del member commands.
Binding with a user principal one needs to be in the request_certs
taskgroup (directly or indirectly via role membership).
"""
bind_principal = getattr(context, 'principal')
# Can this user request certs?
if not bind_principal.startswith('host/'):
self.check_access()
# FIXME: add support for subject alt name
# Ensure that the hostname in the CSR matches the principal
subject_host = get_csr_hostname(csr)
(servicename, hostname, realm) = split_principal(principal)
if subject_host.lower() != hostname.lower():
raise errors.ACIError(
info=_("hostname in subject of request '%(subject_host)s' "
"does not match principal hostname '%(hostname)s'") %
dict(subject_host=subject_host, hostname=hostname))
dn = None
service = None
# See if the service exists and punt if it doesn't and we aren't
# going to add it
try:
if not principal.startswith('host/'):
service = api.Command['service_show'](principal,
all=True,
raw=True)['result']
dn = service['dn']
else:
hostname = get_host_from_principal(principal)
service = api.Command['host_show'](hostname,
all=True,
raw=True)['result']
dn = service['dn']
except errors.NotFound, e:
if not add:
raise errors.NotFound(reason=_("The service principal for "
"this request doesn't exist."))
try:
service = api.Command['service_add'](principal, **{
'force': True
})['result']
dn = service['dn']
except errors.ACIError:
raise errors.ACIError(
info=_('You need to be a member of '
'the serviceadmin role to add services'))
# We got this far so the service entry exists, can we write it?
if not ldap.can_write(dn, "usercertificate"):
raise errors.ACIError(
info=_("Insufficient 'write' privilege "
"to the 'userCertificate' attribute of entry '%s'.") %
dn)
# Validate the subject alt name, if any
request = pkcs10.load_certificate_request(csr)
subjectaltname = pkcs10.get_subjectaltname(request)
if subjectaltname is not None:
for name in subjectaltname:
name = unicode(name)
try:
hostentry = api.Command['host_show'](name,
all=True,
raw=True)['result']
hostdn = hostentry['dn']
except errors.NotFound:
# We don't want to issue any certificates referencing
# machines we don't know about. Nothing is stored in this
# host record related to this certificate.
raise errors.NotFound(reason=_(
'no host record for '
'subject alt name %s in certificate request') % name)
authprincipal = getattr(context, 'principal')
if authprincipal.startswith("host/"):
if not hostdn in service.get('managedby', []):
raise errors.ACIError(info=_(
"Insufficient privilege to create a certificate "
"with subject alt name '%s'.") % name)
if 'usercertificate' in service:
serial = x509.get_serial_number(service['usercertificate'][0],
datatype=x509.DER)
# revoke the certificate and remove it from the service
# entry before proceeding. First we retrieve the certificate to
# see if it is already revoked, if not then we revoke it.
try:
result = api.Command['cert_show'](unicode(serial))['result']
if 'revocation_reason' not in result:
try:
api.Command['cert_revoke'](unicode(serial),
revocation_reason=4)
except errors.NotImplementedError:
# some CA's might not implement revoke
pass
except errors.NotImplementedError:
# some CA's might not implement get
pass
if not principal.startswith('host/'):
api.Command['service_mod'](principal, usercertificate=None)
else:
hostname = get_host_from_principal(principal)
api.Command['host_mod'](hostname, usercertificate=None)
# Request the certificate
result = self.Backend.ra.request_certificate(csr, **kw)
cert = x509.load_certificate(result['certificate'])
result['issuer'] = unicode(cert.issuer)
result['valid_not_before'] = unicode(cert.valid_not_before_str)
result['valid_not_after'] = unicode(cert.valid_not_after_str)
result['md5_fingerprint'] = unicode(
nss.data_to_hex(nss.md5_digest(cert.der_data), 64)[0])
result['sha1_fingerprint'] = unicode(
nss.data_to_hex(nss.sha1_digest(cert.der_data), 64)[0])
# Success? Then add it to the service entry.
if 'certificate' in result:
if not principal.startswith('host/'):
skw = {"usercertificate": str(result.get('certificate'))}
api.Command['service_mod'](principal, **skw)
else:
hostname = get_host_from_principal(principal)
skw = {"usercertificate": str(result.get('certificate'))}
api.Command['host_mod'](hostname, **skw)
return dict(result=result)
class json_metadata(Command):
"""
Export plugin meta-data for the webUI.
"""
NO_CLI = True
takes_args = (
Str(
'objname?',
doc=_('Name of object to export'),
),
Str(
'methodname?',
doc=_('Name of method to export'),
),
)
takes_options = (
Str(
'object?',
doc=_('Name of object to export'),
),
Str(
'method?',
doc=_('Name of method to export'),
),
Str(
'command?',
doc=_('Name of command to export'),
),
)
has_output = (
Output('objects', dict, doc=_('Dict of JSON encoded IPA Objects')),
Output('methods', dict, doc=_('Dict of JSON encoded IPA Methods')),
Output('commands', dict, doc=_('Dict of JSON encoded IPA Commands')),
)
def execute(self, objname, methodname, **options):
objects = dict()
methods = dict()
commands = dict()
empty = True
try:
if not objname:
objname = options['object']
if objname in self.api.Object:
o = self.api.Object[objname]
objects = dict([(o.name, json_serialize(o))])
elif objname == "all":
objects = dict(
(o.name, json_serialize(o)) for o in self.api.Object())
empty = False
except KeyError:
pass
try:
if not methodname:
methodname = options['method']
if methodname in self.api.Method:
m = self.api.Method[methodname]
methods = dict([(m.name, json_serialize(m))])
elif methodname == "all":
methods = dict(
(m.name, json_serialize(m)) for m in self.api.Method())
empty = False
except KeyError:
pass
try:
cmdname = options['command']
if cmdname in self.api.Command:
c = self.api.Command[cmdname]
commands = dict([(c.name, json_serialize(c))])
elif cmdname == "all":
commands = dict(
(c.name, json_serialize(c)) for c in self.api.Command())
empty = False
except KeyError:
pass
if empty:
objects = dict(
(o.name, json_serialize(o)) for o in self.api.Object())
methods = dict(
(m.name, json_serialize(m)) for m in self.api.Method())
commands = dict(
(c.name, json_serialize(c)) for c in self.api.Command())
retval = dict([
("objects", objects),
("methods", methods),
("commands", commands),
])
return retval
def output_for_cli(self, textui, result, *args, **options):
print(json.dumps(result, default=json_serialize))
class i18n_messages(Command):
NO_CLI = True
messages = {
"ajax": {
"401": {
"message": _("Your session has expired. Please re-login."),
},
},
"actions": {
"apply": _("Apply"),
"confirm": _("Are you sure you want to proceed with the action."),
"delete_confirm": _("Are you sure you want to delete ${object}"),
"disable_confirm": _("Are you sure you want to disable ${object}"),
"enable_confirm": _("Are you sure you want to enable ${object}"),
"title": _("Actions"),
},
"association": {
"add": {
"ipasudorunas":
_("Add RunAs ${other_entity} into ${entity} ${primary_key}"),
"ipasudorunasgroup":
_("Add RunAs Groups into ${entity} ${primary_key}"),
"managedby":
_("Add ${other_entity} Managing ${entity} ${primary_key}"),
"member":
_("Add ${other_entity} into ${entity} ${primary_key}"),
"memberallowcmd":
_("Add Allow ${other_entity} into ${entity} ${primary_key}"),
"memberdenycmd":
_("Add Deny ${other_entity} into ${entity} ${primary_key}"),
"memberof":
_("Add ${entity} ${primary_key} into ${other_entity}"),
},
"added": _("Items added"),
"direct_membership": _("Direct Membership"),
"indirect_membership": _("Indirect Membership"),
"no_entries": _("No entries."),
"paging": _("Showing ${start} to ${end} of ${total} entries."),
"remove": {
"ipasudorunas":
_("Remove RunAs ${other_entity} from ${entity} ${primary_key}"
),
"ipasudorunasgroup":
_("Remove RunAs Groups from ${entity} ${primary_key}"),
"managedby":
_("Remove ${other_entity} Managing ${entity} ${primary_key}"),
"member":
_("Remove ${other_entity} from ${entity} ${primary_key}"),
"memberallowcmd":
_("Remove Allow ${other_entity} from ${entity} ${primary_key}"
),
"memberdenycmd":
_("Remove Deny ${other_entity} from ${entity} ${primary_key}"),
"memberof":
_("Remove ${entity} ${primary_key} from ${other_entity}"),
},
"removed": _("Items removed"),
"show_results": _("Show Results"),
},
"buttons": {
"add": _("Add"),
"add_and_add_another": _("Add and Add Another"),
"add_and_close": _("Add and Close"),
"add_and_edit": _("Add and Edit"),
"add_many": _("Add Many"),
"back": _("Back"),
"cancel": _("Cancel"),
"close": _("Close"),
"disable": _("Disable"),
"edit": _("Edit"),
"enable": _("Enable"),
"find": _("Find"),
"get": _("Get"),
"issue": _("Issue"),
"ok": _("OK"),
"refresh": _("Refresh"),
"remove": _("Delete"),
"reset": _("Reset"),
"reset_password_and_login": _("Reset Password and Login"),
"restore": _("Restore"),
"retry": _("Retry"),
"revoke": _("Revoke"),
"set": _("Set"),
"update": _("Update"),
"view": _("View"),
},
"details": {
"collapse_all": _("Collapse All"),
"expand_all": _("Expand All"),
"general": _("General"),
"identity": _("Identity Settings"),
"settings": _("${entity} ${primary_key} Settings"),
"to_top": _("Back to Top"),
"updated": _("${entity} ${primary_key} updated"),
},
"dialogs": {
"add_confirmation":
_("${entity} successfully added"),
"add_title":
_("Add ${entity}"),
"available":
_("Available"),
"batch_error_message":
_("Some operations failed."),
"batch_error_title":
_("Operations Error"),
"confirmation":
_("Confirmation"),
"dirty_message":
_("This page has unsaved changes. Please save or revert."),
"dirty_title":
_("Unsaved Changes"),
"edit_title":
_("Edit ${entity}"),
"hide_details":
_("Hide details"),
"prospective":
_("Prospective"),
"redirection":
_("Redirection"),
"remove_empty":
_("Select entries to be removed."),
"remove_title":
_("Remove ${entity}"),
"show_details":
_("Show details"),
"validation_title":
_("Validation error"),
"validation_message":
_("Input form contains invalid or missing values."),
},
"error_report": {
"options":
_("Please try the following options:"),
"problem_persists":
_("If the problem persists please contact the system administrator."
),
"refresh":
_("Refresh the page."),
"reload":
_("Reload the browser."),
"main_page":
_("Return to the main page and retry the operation"),
"title":
_("An error has occurred (${error})"),
},
"errors": {
"error": _("Error"),
"http_error": _("HTTP Error"),
"internal_error": _("Internal Error"),
"ipa_error": _("IPA Error"),
"no_response": _("No response"),
"unknown_error": _("Unknown Error"),
"url": _("URL"),
},
"facet_groups": {
"managedby": _("${primary_key} is managed by:"),
"member": _("${primary_key} members:"),
"memberof": _("${primary_key} is a member of:"),
},
"facets": {
"details": _("Settings"),
"search": _("Search"),
},
"false": _("False"),
"login": {
"form_auth":
_("To login with username and password, enter them in the fields below then click Login."
),
"header":
_("Logged In As"),
"krb_auth_msg":
_("To login with Kerberos, please make sure you have valid tickets (obtainable via kinit) and <a href='http://${host}/ipa/config/unauthorized.html'>configured</a> the browser correctly, then click Login."
),
"login":
_("Login"),
"logout":
_("Logout"),
"logout_error":
_("Logout error"),
"password":
_("Password"),
"username":
_("Username"),
},
"measurement_units": {
"number_of_passwords": _("number of passwords"),
"seconds": _("seconds"),
},
"objects": {
"aci": {
"attribute": _("Attribute"),
},
"automember": {
"add_condition": _("Add Condition into ${pkey}"),
"add_rule": _("Add Rule"),
"attribute": _("Attribute"),
"default_host_group": _("Default host group"),
"default_user_group": _("Default user group"),
"exclusive": _("Exclusive"),
"expression": _("Expression"),
"hostgrouprule": _("Host group rule"),
"hostgrouprules": _("Host group rules"),
"inclusive": _("Inclusive"),
"usergrouprule": _("User group rule"),
"usergrouprules": _("User group rules"),
},
"automountkey": {},
"automountlocation": {
"identity": _("Automount Location Settings")
},
"automountmap": {
"map_type": _("Map Type"),
"direct": _("Direct"),
"indirect": _("Indirect"),
},
"cert": {
"aa_compromise":
_("AA Compromise"),
"affiliation_changed":
_("Affiliation Changed"),
"ca_compromise":
_("CA Compromise"),
"certificate_hold":
_("Certificate Hold"),
"cessation_of_operation":
_("Cessation of Operation"),
"common_name":
_("Common Name"),
"expires_on":
_("Expires On"),
"fingerprints":
_("Fingerprints"),
"issue_certificate":
_("Issue New Certificate for ${entity} ${primary_key}"),
"issued_by":
_("Issued By"),
"issued_on":
_("Issued On"),
"issued_to":
_("Issued To"),
"key_compromise":
_("Key Compromise"),
"md5_fingerprint":
_("MD5 Fingerprint"),
"missing":
_("No Valid Certificate"),
"new_certificate":
_("New Certificate"),
"note":
_("Note"),
"organization":
_("Organization"),
"organizational_unit":
_("Organizational Unit"),
"privilege_withdrawn":
_("Privilege Withdrawn"),
"reason":
_("Reason for Revocation"),
"remove_from_crl":
_("Remove from CRL"),
"request_message":
_("<ol> <li>Create a certificate database or use an existing one. To create a new database:<br/> <code># certutil -N -d <database path></code> </li> <li>Create a CSR with subject <em>CN=<hostname>,O=<realm></em>, for example:<br/> <code># certutil -R -d <database path> -a -g <key size> -s 'CN=${hostname},O=${realm}'</code> </li> <li> Copy and paste the CSR (from <em>-----BEGIN NEW CERTIFICATE REQUEST-----</em> to <em>-----END NEW CERTIFICATE REQUEST-----</em>) into the text area below: </li> </ol>"
),
"requested":
_("Certificate requested"),
"restore_certificate":
_("Restore Certificate for ${entity} ${primary_key}"),
"restore_confirmation":
_("To confirm your intention to restore this certificate, click the \"Restore\" button."
),
"restored":
_("Certificate restored"),
"revoke_certificate":
_("Revoke Certificate for ${entity} ${primary_key}"),
"revoke_confirmation":
_("To confirm your intention to revoke this certificate, select a reason from the pull-down list, and click the \"Revoke\" button."
),
"revoked":
_("Certificate Revoked"),
"serial_number":
_("Serial Number"),
"serial_number_hex":
_("Serial Number (hex)"),
"sha1_fingerprint":
_("SHA1 Fingerprint"),
"superseded":
_("Superseded"),
"unspecified":
_("Unspecified"),
"valid":
_("Valid Certificate Present"),
"validity":
_("Validity"),
"view_certificate":
_("Certificate for ${entity} ${primary_key}"),
},
"config": {
"group": _("Group Options"),
"search": _("Search Options"),
"selinux": _("SELinux Options"),
"service": _("Service Options"),
"user": _("User Options"),
},
"delegation": {},
"dnsconfig": {
"forward_first": _("Forward first"),
"forward_none": _("Forwarding disabled"),
"forward_only": _("Forward only"),
"options": _("Options"),
},
"dnsrecord": {
"data":
_("Data"),
"deleted_no_data":
_("DNS record was deleted because it contained no data."),
"other":
_("Other Record Types"),
"ptr_redir_address_err":
_("Address not valid, can't redirect"),
"ptr_redir_create":
_("Create dns record"),
"ptr_redir_creating":
_("Creating record."),
"ptr_redir_creating_err":
_("Record creation failed."),
"ptr_redir_record":
_("Checking if record exists."),
"ptr_redir_record_err":
_("Record not found."),
"ptr_redir_title":
_("Redirection to PTR record"),
"ptr_redir_zone":
_("Zone found: ${zone}"),
"ptr_redir_zone_err":
_("Target reverse zone not found."),
"ptr_redir_zones":
_("Fetching DNS zones."),
"ptr_redir_zones_err":
_("An error occurred while fetching dns zones."),
"redirection_dnszone":
_("You will be redirected to DNS Zone."),
"standard":
_("Standard Record Types"),
"title":
_("Records for DNS Zone"),
"type":
_("Record Type"),
},
"dnszone": {
"identity": _("DNS Zone Settings"),
"add_permission": _("Add Permission"),
"remove_permission": _("Remove Permission"),
},
"group": {
"details": _("Group Settings"),
"external": _("External"),
"make_external": _("Change to external group"),
"make_posix": _("Change to POSIX group"),
"normal": _("Normal"),
"posix": _("POSIX"),
"type": _("Group Type"),
},
"hbacrule": {
"any_host": _("Any Host"),
"any_service": _("Any Service"),
"anyone": _("Anyone"),
"host": _("Accessing"),
"ipaenabledflag": _("Rule status"),
"service": _("Via Service"),
"specified_hosts": _("Specified Hosts and Groups"),
"specified_services": _("Specified Services and Groups"),
"specified_users": _("Specified Users and Groups"),
"user": _("Who"),
},
"hbacsvc": {},
"hbacsvcgroup": {
"services": _("Services"),
},
"hbactest": {
"access_denied": _("Access Denied"),
"access_granted": _("Access Granted"),
"include_disabled": _("Include Disabled"),
"include_enabled": _("Include Enabled"),
"label": _("HBAC Test"),
"matched": _("Matched"),
"missing_values": _("Missing values: "),
"new_test": _("New Test"),
"rules": _("Rules"),
"run_test": _("Run Test"),
"specify_external": _("Specify external ${entity}"),
"unmatched": _("Unmatched"),
},
"host": {
"certificate":
_("Host Certificate"),
"cn":
_("Host Name"),
"delete_key_unprovision":
_("Delete Key, Unprovision"),
"details":
_("Host Settings"),
"enrolled":
_("Enrolled"),
"enrollment":
_("Enrollment"),
"fqdn":
_("Fully Qualified Host Name"),
"keytab":
_("Kerberos Key"),
"keytab_missing":
_("Kerberos Key Not Present"),
"keytab_present":
_("Kerberos Key Present, Host Provisioned"),
"password":
_("One-Time-Password"),
"password_missing":
_("One-Time-Password Not Present"),
"password_present":
_("One-Time-Password Present"),
"password_reset_button":
_("Reset OTP"),
"password_reset_title":
_("Reset One-Time-Password"),
"password_set_button":
_("Set OTP"),
"password_set_success":
_("OTP set"),
"password_set_title":
_("Set One-Time-Password"),
"status":
_("Status"),
"unprovision":
_("Unprovision"),
"unprovision_confirmation":
_("Are you sure you want to unprovision this host?"),
"unprovision_title":
_("Unprovisioning ${entity}"),
"unprovisioned":
_("Host unprovisioned"),
},
"hostgroup": {
"identity": _("Host Group Settings"),
},
"krbtpolicy": {
"identity": _("Kerberos Ticket Policy"),
},
"netgroup": {
"any_host": _("Any Host"),
"anyone": _("Anyone"),
"external": _("External"),
"host": _("Host"),
"hostgroups": _("Host Groups"),
"hosts": _("Hosts"),
"identity": _("Netgroup Settings"),
"specified_hosts": _("Specified Hosts and Groups"),
"specified_users": _("Specified Users and Groups"),
"user": _("User"),
"usergroups": _("User Groups"),
"users": _("Users"),
},
"permission": {
"identity": _("Identity"),
"invalid_target":
_("Permission with invalid target specification"),
"rights": _("Rights"),
"target": _("Target"),
},
"privilege": {
"identity": _("Privilege Settings"),
},
"pwpolicy": {
"identity": _("Password Policy"),
},
"idrange": {
"details": _("Range Settings"),
"ipabaseid": _("Base ID"),
"ipabaserid": _("Primary RID base"),
"ipaidrangesize": _("Range size"),
"ipanttrusteddomainsid": _("Domain SID"),
"ipasecondarybaserid": _("Secondary RID base"),
"type": _("Range type"),
"type_ad": _("Active Directory domain"),
"type_local": _("Local domain"),
},
"role": {
"identity": _("Role Settings"),
},
"selfservice": {},
"selinuxusermap": {
"any_host": _("Any Host"),
"anyone": _("Anyone"),
"host": _("Host"),
"specified_hosts": _("Specified Hosts and Groups"),
"specified_users": _("Specified Users and Groups"),
"user": _("User"),
},
"service": {
"certificate":
_("Service Certificate"),
"delete_key_unprovision":
_("Delete Key, Unprovision"),
"details":
_("Service Settings"),
"host":
_("Host Name"),
"missing":
_("Kerberos Key Not Present"),
"provisioning":
_("Provisioning"),
"service":
_("Service"),
"status":
_("Status"),
"unprovision":
_("Unprovision"),
"unprovision_confirmation":
_("Are you sure you want to unprovision this service?"),
"unprovision_title":
_("Unprovisioning ${entity}"),
"unprovisioned":
_("Service unprovisioned"),
"valid":
_("Kerberos Key Present, Service Provisioned"),
},
"sshkeystore": {
"keys": _("SSH public keys"),
"set_dialog_help": _("SSH public key:"),
"set_dialog_title": _("Set SSH key"),
"show_set_key": _("Show/Set key"),
"status_mod_ns": _("Modified: key not set"),
"status_mod_s": _("Modified"),
"status_new_ns": _("New: key not set"),
"status_new_s": _("New: key set"),
},
"sudocmd": {
"groups": _("Groups"),
},
"sudocmdgroup": {
"commands": _("Commands"),
},
"sudorule": {
"allow": _("Allow"),
"any_command": _("Any Command"),
"any_group": _("Any Group"),
"any_host": _("Any Host"),
"anyone": _("Anyone"),
"command": _("Run Commands"),
"deny": _("Deny"),
"external": _("External"),
"host": _("Access this host"),
"ipaenabledflag": _("Rule status"),
"option_added": _("Option added"),
"option_removed": _("Option(s) removed"),
"options": _("Options"),
"runas": _("As Whom"),
"specified_commands": _("Specified Commands and Groups"),
"specified_groups": _("Specified Groups"),
"specified_hosts": _("Specified Hosts and Groups"),
"specified_users": _("Specified Users and Groups"),
"user": _("Who"),
},
"trust": {
"account": _("Account"),
"admin_account": _("Administrative account"),
"details": _("Trust Settings"),
"domain": _("Domain"),
"establish_using": _("Establish using"),
"ipantflatname": _("Domain NetBIOS name"),
"ipanttrusteddomainsid": _("Domain Security Identifier"),
"preshared_password": _("Pre-shared password"),
"trustdirection": _("Trust direction"),
"truststatus": _("Trust status"),
"trusttype": _("Trust type"),
},
"user": {
"account":
_("Account Settings"),
"account_status":
_("Account Status"),
"contact":
_("Contact Settings"),
"employee":
_("Employee Information"),
"error_changing_status":
_("Error changing account status"),
"krbpasswordexpiration":
_("Password expiration"),
"mailing":
_("Mailing Address"),
"misc":
_("Misc. Information"),
"status_confirmation":
_("Are you sure you want to ${action} the user?<br/>The change will take effect immediately."
),
"status_link":
_("Click to ${action}"),
},
},
"password": {
"current_password":
_("Current Password"),
"current_password_required":
_("Current password is required"),
"expires_in":
_("Your password expires in ${days} days."),
"invalid_password":
_("The password or username you entered is incorrect."),
"new_password":
_("New Password"),
"new_password_required":
_("New password is required"),
"password":
_("Password"),
"password_change_complete":
_("Password change complete"),
"password_must_match":
_("Passwords must match"),
"reset_failure":
_("Password reset was not successful."),
"reset_password":
_("Reset Password"),
"reset_password_sentence":
_("Reset your password."),
"verify_password":
_("Verify Password"),
},
"search": {
"delete_confirm":
_("Are you sure you want to delete selected entries?"),
"deleted":
_("Selected entries were deleted."),
"disable_confirm":
_("Are you sure you want to disable selected entries?"),
"disabled":
_("${count} items were disabled"),
"enable_confirm":
_("Are you sure you want to enable selected entries?"),
"enabled":
_("${count} items were enabled"),
"partial_delete":
_("Some entries were not deleted"),
"quick_links":
_("Quick Links"),
"select_all":
_("Select All"),
"truncated":
_("Query returned more results than the configured size limit. Displaying the first ${counter} results."
),
"unselect_all":
_("Unselect All"),
},
"status": {
"disable": _("Disable"),
"disabled": _("Disabled"),
"enable": _("Enable"),
"enabled": _("Enabled"),
"label": _("Status"),
},
"tabs": {
"audit": _("Audit"),
"automember": _("Automember"),
"automount": _("Automount"),
"dns": _("DNS"),
"hbac": _("Host Based Access Control"),
"identity": _("Identity"),
"ipaserver": _("IPA Server"),
"policy": _("Policy"),
"role": _("Role Based Access Control"),
"sudo": _("Sudo"),
},
"true": _("True"),
"widget": {
"next": _("Next"),
"page": _("Page"),
"prev": _("Prev"),
"undo": _("undo"),
"undo_all": _("undo all"),
"validation": {
"error": _("Text does not match field pattern"),
"decimal": _("Must be a decimal number"),
"integer": _("Must be an integer"),
"ip_address": _('Not a valid IP address'),
"ip_v4_address": _('Not a valid IPv4 address'),
"ip_v6_address": _('Not a valid IPv6 address'),
"max_value": _("Maximum value is ${value}"),
"min_value": _("Minimum value is ${value}"),
"net_address": _("Not a valid network address"),
"port": _("'${port}' is not a valid port"),
"required": _("Required field"),
"unsupported": _("Unsupported value"),
},
},
}
has_output = (Output('messages', dict, doc=_('Dict of I18N messages')), )
def execute(self):
return dict([("messages", json_serialize(self.messages))])
def output_for_cli(self, textui, result, *args, **options):
print json.dumps(result, default=json_serialize)
class batch(Command):
__doc__ = _('Make multiple ipa calls via one remote procedure call')
NO_CLI = True
takes_args = (Dict(
'methods*',
doc=_('Nested Methods to execute'),
), )
take_options = (Str(
'version',
cli_name='version',
doc=_(
'Client version. Used to determine if server will accept request.'
),
exclude='webui',
flags=['no_option', 'no_output'],
default=API_VERSION,
autofill=True,
), )
has_output = (Output('count', int,
doc=''), Output('results', (list, tuple), doc=''))
def _validate_request(self, request):
"""
Check that an individual request in a batch is parseable and the
commands exists.
"""
if 'method' not in request:
raise errors.RequirementError(name='method')
if 'params' not in request:
raise errors.RequirementError(name='params')
name = request['method']
if (name not in self.api.Command
or isinstance(self.api.Command[name], Local)):
raise errors.CommandError(name=name)
# If params are not formated as a tuple(list, dict)
# the following lines will raise an exception
# that triggers an internal server error
# Raise a ConversionError instead to report the issue
# to the client
try:
a, kw = request['params']
newkw = dict((str(k), v) for k, v in kw.items())
api.Command[name].args_options_2_params(*a, **newkw)
except (AttributeError, ValueError, TypeError):
raise errors.ConversionError(
name='params', error=_(u'must contain a tuple (list, dict)'))
except Exception as e:
raise errors.ConversionError(name='params', error=str(e))
def _repr_iter(self, **params):
"""
Iterate through the request and use the Command _repr_intr so
that sensitive information (passwords) is not exposed.
In case of a malformatted request redact the entire thing.
"""
exceptions = False
for arg in (params.get('methods', [])):
try:
self._validate_request(arg)
except Exception:
# redact the whole request since we don't know what's in it
exceptions = True
yield u'********'
continue
name = arg['method']
a, kw = arg['params']
newkw = dict((str(k), v) for k, v in kw.items())
param = api.Command[name].args_options_2_params(*a, **newkw)
yield '{}({})'.format(
api.Command[name].name,
', '.join(api.Command[name]._repr_iter(**param)))
if exceptions:
logger.debug('batch: %s',
', '.join(super(batch, self)._repr_iter(**params)))
def execute(self, methods=None, **options):
results = []
for arg in (methods or []):
params = dict()
name = None
try:
self._validate_request(arg)
name = arg['method']
a, kw = arg['params']
newkw = dict((str(k), v) for k, v in kw.items())
params = api.Command[name].args_options_2_params(*a, **newkw)
newkw.setdefault('version', options['version'])
result = api.Command[name](*a, **newkw)
logger.info('%s: batch: %s(%s): SUCCESS',
getattr(context, 'principal', 'UNKNOWN'), name,
', '.join(api.Command[name]._repr_iter(**params)))
result['error'] = None
except Exception as e:
if (isinstance(e, errors.RequirementError)
or isinstance(e, errors.CommandError)
or isinstance(e, errors.ConversionError)):
logger.info(
'%s: batch: %s',
context.principal, # pylint: disable=no-member
e.__class__.__name__)
else:
logger.info(
'%s: batch: %s(%s): %s',
context.principal,
name, # pylint: disable=no-member
', '.join(api.Command[name]._repr_iter(**params)),
e.__class__.__name__)
if isinstance(e, errors.PublicError):
reported_error = e
else:
reported_error = errors.InternalError()
result = dict(
error=reported_error.strerror,
error_code=reported_error.errno,
error_name=unicode(type(reported_error).__name__),
error_kw=reported_error.kw,
)
results.append(result)
return dict(count=len(results), results=results)
