[Freeipa-devel] [PATCHES] 0572-0575 Add ACI.txt + default bind rule type
Martin Kosek
mkosek at redhat.com
Tue Jun 10 11:30:25 UTC 2014
On 06/10/2014 10:05 AM, Petr Viktorin wrote:
> On 06/09/2014 08:08 PM, Petr Viktorin wrote:
>> Having another verification tool should help reviewing the permission
>> patches.
>>
>>
>> To avoid conflicts, apply on top of my patches 0568-0570 (Write User
>> permissions).
>>
>>
>> 0572: I tried to make the ACIs generated by the permission plugin as
>> predictable as possible, but I missed one place it's affected by
>> dict/set iteration order (which is undefined). Here's a fix.
>>
>> 0573: Minor refactoring to make the next patch easier.
>>
>> 0574: Add ACI.txt & makeaci. Due to the predictable ACIs, all this needs
>> to do is generate the file; comparing can be done bit-by-bit.
>> I do run the validation results through difflib, but frankly it's easier
>> just to use Git.
>
> On my way home yesterday I remembered I left out an important piece of
> information - the DN where the ACI is. Attaching updated patch 0574.
>
>> 0575: Make 'permission' the default bind rule type for managed
>> permissions. Rationale in the commit message.
>> Run makeaci to verify this doesn't change the result.
This will create some additional burden for you when converting ACIs, but the
idea is good.
The script worked for me, can we just create some more friendly error message
than an assertion traceback?
# ./makeaci --validate
...
Traceback (most recent call last):
File "./makeaci", line 116, in <module>
main(options)
File "./makeaci", line 108, in main
raise AssertionError('validation failed')
AssertionError: validation failed
Martin
More information about the Freeipa-devel
mailing list