[Freeipa-devel] [PATCH] Add {user, host, sourcehost}Category to HBAC and make accessTime multivalue.

[Rob Crittenden]

Pavel Zuna wrote:
> Rob Crittenden wrote:
>> Pavel Zuna wrote:
>>> Due to the format of accessTime (it has commas and spaces in it), we 
>>> can't use the List parameter type. I made it so that accessTime 
>>> values have to be entered one by one using new commands.
>>>
>>> We also agreed, that we're going to rename GeneralizedTime parameter 
>>> to AccessTime to prevent confusion with RFC 4517 standard. I attached 
>>> a separate patch for clarity.
>>>
>>> Pavel
>>
>> A couple of questions:
>>
>> - Would it make sense to leave time in as an option that takes a 
>> singular value? If someone wants multiple times they can use the new 
>> add interface, right?
> It would and I think it's a good idea, updated patch attached.
> 
>> - What are these new enums for? If there is only one choice do you 
>> really have a choice?
> Well for now, we only have the 'all' in categories, but the list is
> expected to grow. At first I didn't include categories in the plugin,
> because of this, but Sumit wanted it to be complete.
> 
>> - We still need some tests for GeneralizedTime/AccessTime.
> Ok, added to my TODO list.

The patch isn't applying for me:

$ patch -p1 --dry-run <  0003-Fix-takes_options-in-automount-plugin.patch
patching file ipalib/plugins/hbac.py
patching file tests/test_xmlrpc/test_hbac_plugin.py
Hunk #1 FAILED at 52.
Hunk #2 FAILED at 84.
2 out of 3 hunks FAILED -- saving rejects to file 
tests/test_xmlrpc/test_hbac_plugin.py.rej

Since you have to mess with this anyway, can you:

- add another test to also test adding the access time on the add. You 
added back the capability but the tests are still removed AFAICT.

- add a FUTURE or FIXME comment indicating that the enumerators are 
future-proofing things by making them a 1-option enumerator for now?

rob