[Freeipa-devel] Web UI refactoring effort ready for review
Petr Vobornik
pvoborni at redhat.com
Wed Apr 24 16:28:50 UTC 2013
On 04/24/2013 06:03 PM, Alexander Bokovoy wrote:
> On Wed, 24 Apr 2013, Petr Vobornik wrote:
>> I've implemented the remaining work. Pushed to the private repo.
>>
>>> Know problems & remaining work
>>> ------------------------------
>>> 1. Change generation of plugin index to dynamical instead of rpm-post
>>
>> The plugin index (plugins.js) is generated by wsgi script. New dir was
>> created: /usr/share/ipa/wsgi to store the script. It has the same
>> attributes as migration dir.
>> Plugins.js should be located in /usr/share/ipa/ui/js/freeipa/ dir. New
>> rewrite rule was added in order to make it work. It has a nice side
>> effect that one could not find out that the file is dynamically
>> generated.
> 1. We should not elevate privileges to wsgi script. Instead, one could
> do plugin list regeneration by running pre-start script in ipa systemd
> unit. Alternatively, we can add ipa-js-plugins.service unit that is run
> one-off and is required by ipa.service.
>
> 2. /usr/share/ipa/wsgi is wrong. In long term Fedora is moving to make
> /usr/share read-only.
>
> I'd rather moved it to /var/cache/ipa/wsgi. wsgi process already knows
> how to reach to /var/cache/ipa/sessions so we are good from SELinux
> perspective as well.
>
The wsgi script doesn't write anything. It just reads a content of
/usr/share/ipa/ui/js/plugins directory, transforms it into JS AMD module
with one array and returns it as an application/javascript http response.
My inspiration was /ipa/migration/migration.py. The difference is that
plugins.py reads dir and migration.py communicates with LDAP through ipalib.
Is the reading of dir content also problematic?
--
Petr Vobornik
More information about the Freeipa-devel
mailing list