[Freeipa-devel] [PATCH] Add {user, host, sourcehost}Category to HBAC and make accessTime multivalue.
Pavel Zůna
pzuna at redhat.com
Tue Dec 1 13:04:55 UTC 2009
Rob Crittenden wrote:
> Pavel Zuna wrote:
>> Rob Crittenden wrote:
>>> Pavel Zuna wrote:
>>>> Due to the format of accessTime (it has commas and spaces in it), we
>>>> can't use the List parameter type. I made it so that accessTime
>>>> values have to be entered one by one using new commands.
>>>>
>>>> We also agreed, that we're going to rename GeneralizedTime parameter
>>>> to AccessTime to prevent confusion with RFC 4517 standard. I
>>>> attached a separate patch for clarity.
>>>>
>>>> Pavel
>>>
>>> A couple of questions:
>>>
>>> - Would it make sense to leave time in as an option that takes a
>>> singular value? If someone wants multiple times they can use the new
>>> add interface, right?
>> It would and I think it's a good idea, updated patch attached.
>>
>>> - What are these new enums for? If there is only one choice do you
>>> really have a choice?
>> Well for now, we only have the 'all' in categories, but the list is
>> expected to grow. At first I didn't include categories in the plugin,
>> because of this, but Sumit wanted it to be complete.
>>
>>> - We still need some tests for GeneralizedTime/AccessTime.
>> Ok, added to my TODO list.
>
> The patch isn't applying for me:
>
> $ patch -p1 --dry-run < 0003-Fix-takes_options-in-automount-plugin.patch
> patching file ipalib/plugins/hbac.py
> patching file tests/test_xmlrpc/test_hbac_plugin.py
> Hunk #1 FAILED at 52.
> Hunk #2 FAILED at 84.
> 2 out of 3 hunks FAILED -- saving rejects to file
> tests/test_xmlrpc/test_hbac_plugin.py.rej
>
> Since you have to mess with this anyway, can you:
>
> - add another test to also test adding the access time on the add. You
> added back the capability but the tests are still removed AFAICT.
>
> - add a FUTURE or FIXME comment indicating that the enumerators are
> future-proofing things by making them a 1-option enumerator for now?
>
> rob
Fixed patch attached.
Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-user-host-sourcehost-Category-to-HBAC-and-make.patch
Type: application/mbox
Size: 6791 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20091201/828e3f38/attachment.mbox>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Rename-GeneralizedTime-to-AccessTime.patch
Type: application/mbox
Size: 3299 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20091201/828e3f38/attachment-0001.mbox>
More information about the Freeipa-devel
mailing list