#5172 Missing CLI param and ACL for vault service operations
Closed: Fixed None Opened 8 years ago by edewata.

The current implementation is missing a CLI param and an ACL to support vault operations as described in this page:
http://www.freeipa.org/page/V4/Password_Vault_1.0#Service_Operations

There are two issues:

  1. Currently the CLI to manage the vault owners/members can only accept users and groups. It should also accept services so that the admin can create a vault then allow the services to access the vault.

  2. There should be an ACL to allow a service to create its own service container (/services/<service name>/). This is similar to the current ACL that allows a user to create its own user container (/users/<username>/). This way a service can create private service vaults. Otherwise a service vault can only be created by the admin as described in #1 (which might be sufficient).

Proposed milestone: 4.2.1


freeipa-edewata-0369-Added-CLI-param-and-ACL-for-vault-service-operations.patch
freeipa-edewata-0369-Added-CLI-param-and-ACL-for-vault-service-operations.patch

freeipa-edewata-0369-1-Added-CLI-param-and-ACL-for-vault-service-operations.patch
freeipa-edewata-0369-1-Added-CLI-param-and-ACL-for-vault-service-operations.patch

master:

  • 0dd95a1 Added CLI param and ACL for vault service operations.

ipa-4-2:

  • f211747 Added CLI param and ACL for vault service operations.

Metadata Update from @edewata:
- Issue assigned to edewata
- Issue set to the milestone: FreeIPA 4.2.1

7 years ago

Login to comment on this ticket.

Metadata