[Freeipa-devel] [PATCH] 29 Raise DuplicateEntry Error when adding a duplicate sudo option
Rob Crittenden
rcritten at redhat.com
Tue Jun 14 18:06:20 UTC 2011
JR Aquino wrote:
> On Jun 10, 2011, at 3:11 PM, JR Aquino wrote:
>
>> On Jun 9, 2011, at 10:24 AM, Rob Crittenden wrote:
>>
>>> JR Aquino wrote:
>>>> https://fedorahosted.org/freeipa/ticket/1277
>>>>
>>>> Raise DuplicateEntry Error when adding a duplicate sudo option
>>>
>>> nack, this will still fail if no ipasudoopt is passed in.
>>>
>>> Also, is this case-sensitive?
>>
>> Yes, it is case sensitive (Example: sudoOption: env_keep+=SSH_AUTH_SOCK)
>>
>> Here is an adjusted patch to account for no ipasudoopt as well as an empty space.
>>
>> <freeipa-jraquino-0029-Raise-DuplicateEntry-Error-when-adding-a-duplicate.patch>
>
>
> Minor correction: Addressed the 1 character change needed to address #1276
>
> Added notes to indicate this patch fixes:
> #1276 (Removed option from Sudo rule message is displayed even when the given option doesn't exist.)
> #1277 (Added option to Sudo rule message is displayed even when the given option already exists.)
> #1308 (Internal error while removing sudorule option without "--sudooption")
>
NACK
$ ipa sudorule-add test
----------------------
Added sudo rule "test"
----------------------
Rule name: test
Enabled: TRUE
$ ipa sudorule-remove-option test --sudooption=foo
-----------------------
sudorule-remove-option:
-----------------------
Rule name: test
ipa: ERROR: KeyError: 'ipasudoopt'
Traceback (most recent call last):
File "/home/rcrit/redhat/freeipa-master/ipalib/cli.py", line 1141, in run
sys.exit(api.Backend.cli.run(argv))
File "/home/rcrit/redhat/freeipa-master/ipalib/cli.py", line 965, in run
rv = cmd.output_for_cli(self.api.Backend.textui, result, *args,
**options)
File "/home/rcrit/redhat/freeipa-master/ipalib/plugins/sudorule.py",
line 675, in output_for_cli
textui.print_attribute('Sudo Options', result['result']['ipasudoopt'])
KeyError: 'ipasudoopt'
ipa: ERROR: an internal error has occurred
Is this legal?
$ ipa sudorule-add-option test --sudooption=foo
--------------------
sudorule-add-option:
--------------------
Rule name: test
Sudo Options: foo
$ ipa sudorule-add-option test --sudooption=foo
ipa: ERROR: This entry already exists
$ ipa sudorule-add-option test --sudooption=FOO
--------------------
sudorule-add-option:
--------------------
Rule name: test
Sudo Options: foo
Sudo Options: FOO
I also noticed that ipasudoopt doesn't have a label and isn't shown in
the rule by default.
More information about the Freeipa-devel
mailing list