[Freeipa-devel] [PATCH] 34 Create FreeIPA CLI Plugin for the 389 Auto Membership plugin
Martin Kosek
mkosek at redhat.com
Fri Jul 15 11:50:10 UTC 2011
On Thu, 2011-07-14 at 23:05 +0000, JR Aquino wrote:
> On Jul 14, 2011, at 11:55 AM, wrote:
>
> > https://fedorahosted.org/freeipa/ticket/1272
> >
> > * Added new container in etc to hold the automembership configs.
> > * Modified constants to point to the new container
> > * Modified dsinstance to create the container
> > * Modified hostgroup.py to add the new commands
> > * Added xmlrpc test to verify functionality
>
> Minor adjustment:
> Auto Membership Plugin isn't available until 1.2.9-0.2+
>
> Modified freeipa.spec.in:
> BuildRequires: 389-ds-base-devel >= 1.2.9-0.2
I have reviewed your patch. Basic functionality is OK but I have some
concerns.
1) I am not sure with the command name, it is not really clear to me
what this command does. But I know from my experience that inventing a
cool name for something new may be the most difficult task at all :-)
Maybe command name "hostgrouprule" or "hostgroupauto" would be more
clear?
2) Overloading execute method in functions
hostgroupclarity_add_condition and hostgroupclarity_remove_condition is
an over-kill for me. I think we could just read current
inclusive/exclusive regexes in pre_callback, modify them and let
LDAPUpdate class do the standard LDAP operations.
3) I miss hostgroupclarity-mod module. What would I do if I want to
update Description?
4) I didn't like this construct in the code, its error prone to
potential future parameter changes.
+ if len(options) == 2: # 'all' and 'raw' are always sent
+ raise errors.EmptyModlist()
I know it's in baseldap.py but I still wouldn't like to see this in
plugins.
5) Test test_clarityrule_plugin.py: reference to inexistent python
module:
+Test the `ipalib/plugins/clarityrule.py` module.
Then I did some real testing of the new command:
6) Invalid examples, fqdn is not supposed to be a part of regex
$ ipa hostgroupclarity-add --inclusive-hostname-regex=fqdn=^www[1-9]+\.example\.com webservers
Hostgroup Clarity Rule: webservers
Inclusive Regex: fqdn=fqdn=^www[1-9]+.example.com
7) It does not make sense to have a rule with only an exclusive regex:
$ ipa hostgroupclarity-add --exclusive-hostname-regex=^www5+\.example\.com webservers
Hostgroup Clarity Rule: webservers
$ ipa host-add --force foo.example.co
$ ipa hostgroup-show webservers
Host-group: webservers
Description: Web Servers
Member hosts: www1.example.com
I think we should 1) hide exclusive regex option in hostgroupclarity-add
and 2) check that there is at least one inclusive regex in the rule when
running hostgroupclarity-add-condition and
hostgroupclarity-remove-condition.
8) Plugin incorrectly handles a situation when both inclusive and exclusive regex-es are being added:
$ ipa hostgroupclarity-add --inclusive-hostname-regex=^www[1-9]+\.example\.com webservers
Hostgroup Clarity Rule: webservers
Inclusive Regex: fqdn=^www[1-9]+.example.com
$ ipa hostgroupclarity-add-condition --inclusive-hostname-regex=^web[1-9]+\.example\.com --exclusive-hostname-regex=www5\.example\.com webservers
Inclusive Regex: fqdn=^web[1-9]+.example.com, fqdn=^www[1-9]+.example.com
Exclusive Regex: www5.example.com
Exclusive regex misses fqdn.
9) Removing multiple conditions also works incorrectly:
$ ipa hostgroupclarity-show webservers
Hostgroup Clarity Rule: webservers
Inclusive Regex: fqdn=^www[1-9]+.example.com, fqdn=^web[1-9]+.example.com
Exclusive Regex: fqdn=www5.example.com
$ ipa hostgroupclarity-remove-condition webservers --inclusive-hostname-regex=^www[1-9]+\.example\.com --exclusive-hostname-regex=www5\.example\.com
Inclusive Regex: fqdn=^web[1-9]+.example.com
$ ipa hostgroupclarity-show webservers
Hostgroup Clarity Rule: webservers
Inclusive Regex: fqdn=^web[1-9]+.example.com
Exclusive Regex: fqdn=www5.example.com
10) When removing nonexistent regex I would expect more explaining error message:
$ ipa hostgroupclarity-show webservers
Hostgroup Clarity Rule: webservers
Inclusive Regex: fqdn=^web[1-9]+.example.com
Exclusive Regex: fqdn=www5.example.com
$ ipa hostgroupclarity-remove-condition webservers --inclusive-hostname-regex=foo
ipa: ERROR: no modifications to be performed
Martin
More information about the Freeipa-devel
mailing list