The current implementation is missing a CLI param and an ACL to support vault operations as described in this page: http://www.freeipa.org/page/V4/Password_Vault_1.0#Service_Operations
There are two issues:
Currently the CLI to manage the vault owners/members can only accept users and groups. It should also accept services so that the admin can create a vault then allow the services to access the vault.
There should be an ACL to allow a service to create its own service container (/services/<service name>/). This is similar to the current ACL that allows a user to create its own user container (/users/<username>/). This way a service can create private service vaults. Otherwise a service vault can only be created by the admin as described in #1 (which might be sufficient).
Proposed milestone: 4.2.1
freeipa-edewata-0369-Added-CLI-param-and-ACL-for-vault-service-operations.patch freeipa-edewata-0369-Added-CLI-param-and-ACL-for-vault-service-operations.patch
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1204501 (Red Hat Enterprise Linux 7)
freeipa-edewata-0369-1-Added-CLI-param-and-ACL-for-vault-service-operations.patch freeipa-edewata-0369-1-Added-CLI-param-and-ACL-for-vault-service-operations.patch
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1252556
master:
ipa-4-2:
Metadata Update from @edewata: - Issue assigned to edewata - Issue set to the milestone: FreeIPA 4.2.1
Login to comment on this ticket.