search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-scripts: Improve update and listing code
[samba4-gss.git] / python / samba / netcmd / service_account / service_account.py
blob8ad6cdd72251a755d4d91cb67f7e0885078b255f
1 # Unix SMB/CIFS implementation.
2 #
3 # Manage service accounts and group managed service accounts.
4 #
5 # Copyright (C) Catalyst.Net Ltd. 2024
6 #
7 # Written by Rob van der Linde <rob@catalyst.net.nz>
8 #
9 # This program is free software; you can redistribute it and/or modify
10 # it under the terms of the GNU General Public License as published by
11 # the Free Software Foundation; either version 3 of the License, or
12 # (at your option) any later version.
13 #
14 # This program is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
18 #
19 # You should have received a copy of the GNU General Public License
20 # along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #
22
23 from samba.domain.models import GroupManagedServiceAccount
24 from samba.domain.models.exceptions import ModelError
25 from samba.getopt import CredentialsOptions, HostOptions, Option, SambaOptions
26 from samba.netcmd import Command, CommandError
27
28
29 class cmd_service_account_list(Command):
30 """List service accounts."""
31
32 synopsis = "%prog -H <URL> [options]"
33
34 takes_optiongroups = {
35 "sambaopts": SambaOptions,
36 "credopts": CredentialsOptions,
37 "hostopts": HostOptions,
38 }
39
40 takes_options = [
41 Option("--json", help="Output results in JSON format.",
42 dest="output_format", action="store_const", const="json"),
43 ]
44
45 def run(self, hostopts=None, sambaopts=None, credopts=None,
46 output_format=None):
47
48 ldb = self.ldb_connect(hostopts, sambaopts, credopts)
49
50 try:
51 accounts = GroupManagedServiceAccount.query(ldb)
52 except ModelError as e:
53 raise CommandError(e)
54
55 if output_format == "json":
56 self.print_json({account.account_name: account for account in accounts})
57 else:
58 for account in accounts:
59 print(account.account_name, file=self.outf)
60
61
62 class cmd_service_account_view(Command):
63 """View a service account on the domain."""
64
65 synopsis = "%prog -H <URL> [options]"
66
67 takes_optiongroups = {
68 "sambaopts": SambaOptions,
69 "credopts": CredentialsOptions,
70 "hostopts": HostOptions,
71 }
72
73 takes_options = [
74 Option("--name",
75 help="Name of managed service account (required).",
76 dest="name", action="store", type=str, required=True),
77 ]
78
79 def run(self, hostopts=None, sambaopts=None, credopts=None, name=None):
80
81 ldb = self.ldb_connect(hostopts, sambaopts, credopts)
82
83 try:
84 account = GroupManagedServiceAccount.find(ldb, name)
85 except ModelError as e:
86 raise CommandError(e)
87
88 if account is None:
89 raise CommandError(f"Group managed service account {name} not found.")
90
91 self.print_json(account.as_dict())
92
93
94 class cmd_service_account_create(Command):
95 """Create a new service account."""
96
97 synopsis = "%prog -H <URL> [options]"
98
99 takes_optiongroups = {
100 "sambaopts": SambaOptions,
101 "credopts": CredentialsOptions,
102 "hostopts": HostOptions,
103 }
104
105 takes_options = [
106 Option("--name", help="Name of managed service account (required).",
107 dest="name", action="store", type=str, required=True),
108 Option("--dns-host-name", help="DNS hostname of this service account (required).",
109 dest="dns_host_name", action="store", type=str, required=True),
110 Option("--group-msa-membership",
111 help="Provide optional Group MSA Membership SDDL.",
112 dest="group_msa_membership", action="store", type=str),
113 Option("--managed-password-interval",
114 help="Managed password refresh interval in days.",
115 dest="managed_password_interval", action="store", type=int),
116 ]
117
118 def run(self, hostopts=None, sambaopts=None, credopts=None, name=None,
119 dns_host_name=None, group_msa_membership=None,
120 managed_password_interval=None):
121
122 ldb = self.ldb_connect(hostopts, sambaopts, credopts)
123
124 gmsa = GroupManagedServiceAccount(
125 name=name,
126 managed_password_interval=managed_password_interval,
127 dns_host_name=dns_host_name,
128 group_msa_membership=group_msa_membership,
129 )
130
131 # Create group managed service account.
132 try:
133 gmsa.save(ldb)
134 except ModelError as e:
135 raise CommandError(e)
136
137 print(f"Created group managed service account: {name}", file=self.outf)
138
139
140 class cmd_service_account_modify(Command):
141 """Modify a managed service account."""
142
143 synopsis = "%prog -H <URL> [options]"
144
145 takes_optiongroups = {
146 "sambaopts": SambaOptions,
147 "credopts": CredentialsOptions,
148 "hostopts": HostOptions,
149 }
150
151 takes_options = [
152 Option("--name", help="Name of managed service account (required).",
153 dest="name", action="store", type=str, required=True),
154 Option("--dns-host-name", help="Update DNS hostname of this service account.",
155 dest="dns_host_name", action="store", type=str),
156 Option("--group-msa-membership",
157 help="Update Group MSA Membership field directly (SDDL).",
158 dest="group_msa_membership", action="store", type=str),
159 ]
160
161 def run(self, hostopts=None, sambaopts=None, credopts=None, name=None,
162 dns_host_name=None, group_msa_membership=None):
163
164 ldb = self.ldb_connect(hostopts, sambaopts, credopts)
165
166 try:
167 gmsa = GroupManagedServiceAccount.find(ldb, name)
168 except ModelError as e:
169 raise CommandError(e)
170
171 if gmsa is None:
172 raise CommandError(f"Group managed service account {name} not found.")
173
174 if dns_host_name is not None:
175 gmsa.dns_host_name = dns_host_name
176
177 if group_msa_membership is not None:
178 gmsa.group_msa_membership = group_msa_membership
179
180 # Update group managed service account.
181 try:
182 gmsa.save(ldb)
183 except ModelError as e:
184 raise CommandError(e)
185
186 print(f"Modified group managed service account: {name}", file=self.outf)
187
188
189 class cmd_service_account_delete(Command):
190 """Delete a managed service account."""
191
192 synopsis = "%prog -H <URL> [options]"
193
194 takes_optiongroups = {
195 "sambaopts": SambaOptions,
196 "credopts": CredentialsOptions,
197 "hostopts": HostOptions,
198 }
199
200 takes_options = [
201 Option("--name", help="Name of managed service account (required).",
202 dest="name", action="store", type=str, required=True),
203 ]
204
205 def run(self, hostopts=None, sambaopts=None, credopts=None, name=None):
206
207 ldb = self.ldb_connect(hostopts, sambaopts, credopts)
208
209 try:
210 account = GroupManagedServiceAccount.find(ldb, name)
211 except ModelError as e:
212 raise CommandError(e)
213
214 if account is None:
215 raise CommandError(f"Group managed service account {name} not found.")
216
217 try:
218 account.delete(ldb)
219 except ModelError as e:
220 raise CommandError(e)
221
222 print(f"Deleted group managed service account: {name}", file=self.outf)
GSS-enabled samba4