[Freeipa-devel] [PATCH 0090] show optionally configured components in server-find/show command output
Martin Babinsky
mbabinsk at redhat.com
Mon Oct 26 12:41:46 UTC 2015
On 10/22/2015 04:13 PM, Martin Basti wrote:
>
>
> On 22.10.2015 10:44, Martin Babinsky wrote:
>> https://fedorahosted.org/freeipa/ticket/5181
>>
>>
>>
>
> Thank you for the patch.
>
> 1)
> +OPTIONAL_SERVICES = {
> + 'DNS',
> + 'CA',
> + 'KRA',
> + 'ADTRUST',
> + 'EXTID',
> + 'DNSKeyExporter',
> + 'DNSSEC',
> + 'DNSKeySync',
> +}
>
> This did not scale well, maybe we should improve it to use some general
> solution for whole IPA to distinct mandratory and optionl service, but I
> do not know how (or if it is possible)
>
Yes this does not scale well. After some playing around with relocating
the SERVICE_LIST object in 'ipaserver/install/service.py' I found out
that more refactoring would be needed to improve the layout and
availability of LDAP service names to both server and client code. I
have put the list of core services to ipalib/constants.py for now, and I
suggest to open a separate ticket for more general solution.
> 2)
> + search_filter=('(&(objectclass=ipaConfigObject)'
> + '(ipaConfigString=enabledService))')
>
> Common user cannot read ipaConfigString, so this will work only for
> admins, I do not see any limitations of access in code for other users.
>
I think that you agreed with Petr^2 that this filter is OK. I left it as
it is but I have rewritten it as a call to ldap.make_filter to improve
readability and/or potential extensibility a bit.
> 3)
> + opt_components = [
> + r['cn'][0] for r in result if r['cn'][0] in OPTIONAL_SERVICES
> + ]
> Probably instead of indexing, you may use result.single_value['cn']
>
> Martin^2
Attaching updated patch.
--
Martin^3 Babinsky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbabinsk-0090.1-show-optionally-configured-components-in-server-find.patch
Type: text/x-patch
Size: 3421 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151026/f13aba5e/attachment.bin>
More information about the Freeipa-devel
mailing list