[Freeipa-devel] [PATCH] 0007 Add command to test HBAC rules
Jakub Hrozek
jhrozek at redhat.com
Wed Jul 27 15:37:05 UTC 2011
On 07/27/2011 03:12 PM, Alexander Bokovoy wrote:
> + for ipa_rule in rules:
> + try:
> + res = request.evaluate([ipa_rule])
> + if res == pyhbac.HBAC_EVAL_ALLOW:
> + matched_rules.append(ipa_rule.name)
> + if res == pyhbac.HBAC_EVAL_DENY:
> + notmatched_rules.append(ipa_rule.name)
> + except pyhbac.HbacError as (code, rule_name):
> + if code == pyhbac.HBAC_EVAL_ERROR:
> + error_rules.append(rule_name)
> + except (TypeError, IOError) as (info):
> + self.log.error('Native IPA HBAC module error: %s' % (info))
> +
I think this is OK. The only other exception the bindings might raise is
a MemoryError, but I think this should just propagate all the way up..
One suggestion might be to extend the branch that catches
pyhbac.HbacError with a string representation of the error. Something like:
self.log.error("Error while evaluating rule %s: %s" % (rule_name,
hbac_result_string(core))
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110727/98c48d6e/attachment.sig>
More information about the Freeipa-devel
mailing list