[Freeipa-devel] [PATCHES] jderose 0009-0019

Rob Crittenden rcritten at redhat.com
Mon Feb 16 21:05:28 UTC 2009 

Rob Crittenden wrote:
> Jason Gerard DeRose wrote:
>> These patches finish my (initial) cleanup and testing of Andrew's
>> request authority plugins.  These have been tested against a CA server
>> Andrew has running (only accessible inside Red Hat firewall).  The tests
>> I ran aren't exhaustive by any means, but it's a start.
>>
>> A few other noteworthy changes:
>>
>> 1) I added a mechanism for an entire plugin module to be conditionally
>> loaded.  Previously individual plugins (classes) could be conditionally
>> registered, but there wasn't a way to conditionally skip the entire
>> module.  Now you can raise errors2.SkipPluginModule.
>>
>> For example, if your plugin is included in the built-in freeIPA plugins
>> but is only optionally enabled, you can use SkipPluginModule so that
>> nothing in your module after the point where you raise SkipPluginModule
>> gets processed:
>>
>>         from ipalib import api, SkipPluginModule
>>         if api.env.enable_ra is not True:
>>             # In this case, abort loading this plugin module...
>>             raise SkipPluginModule(reason='env.enable_ra is not True')
>>                 # The remaining is only processed when env.enable_ra 
>> is True...
>>                 # So we don't get an import error here!
>>         import not_installed_python_package
>>
>> 2) I added a place-holder directory for integration tests: checks/
>> Inside is my still rather hacky check-ra.py script I was using to test
>> the ra backend plugin.  I'll send another email shortly with some
>> thoughts about integration testing.
>>
>>
>> P.S.: I put the patches in a tarball because it seems that Evolution is
>> Windows-ifying the line endings in my attachments.
> 
> I'm having a really hard time reviewing these since the patches aren't 
> cumulative but build upon each other. Since patches 0001-0007 haven't 
> been applied yet it isn't possible to cleanly apply these either.
> 
> I'll see if I can slurp them all in together and make a single, unified 
> patch so I can see what is going on.
> 
> In the meantime we need to get the 1-7 patches imported. I had just a 
> couple of comments.
> 
> rob

Ok, that actually worked out fairy well but I'll have to address things 
indirectly.

I think that all command-arguments should have a help option to describe 
what it does.  This affects all the functions in cert.py.

ipaserver/plugins/ra.py:_request() doesn't close the connection on an 
exception

ipaserver/plugins/ra.py:__create_* should probably verify that 
permissions are appropriate (probably 600).

I think that a lot of things in ra.py will be pulled out at some point 
as they are run-once type functions that will be executed at install time.

rob

More information about the Freeipa-devel mailing list