[Freeipa-devel] [PATCH] 0010 Show full error message for selinuxusermap-add-hostgroup

[Florence Blanc-Renaud]

On 07/18/2016 08:20 AM, Jan Cholasta wrote:
> Hi,
>
> On 7.7.2016 16:40, Florence Blanc-Renaud wrote:
>> On 07/07/2016 01:23 PM, Petr Vobornik wrote:
>>> On 07/05/2016 02:38 PM, Florence Blanc-Renaud wrote:
>>>> Hi,
>>>>
>>>> the output of ipa selinuxusermap-add-hostgroup and
>>>> selinuxusermap-add-user does not display any more the host/host
>>>> group or
>>>> user/group that could not be added. This patch fixes this regression by
>>>> adding the labels host/hostgroup/user/group to the list of
>>>> _failed_member_output_params of the class ClientMethod.
>>>>
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/6026
>>>>
>>>
>>> I've a feeling that this issue is more general and multiple commands
>>> regressed. Would be good to check other member options, e.g. also in
>>> user plugin.
>>>
>> Hi Petr,
>>
>> you are right, a lot of other commands regressed. So far I checked only
>> user and sudocmd but it is likely to be a long task. Are there
>> regression tests that could help me make sure that the fix is exhaustive?
>>
>> Flo
>
> See attachment for a patch with an universal fix.
>
> Honza
>
Hi Honza,

the patch fixes most of the issues. I still see some CLI that do not 
print everything (while they used to before the regression):
ipa servicedelegationrule-add-member
ipa servicedelegationrule-remove-member
ipa servicedelegationtarget-add-member
ipa servicedelegationtarget-remove-member

And the following CLI do not print the failed members (but they never did):
ipa automember-add-condition
ipa automember-remove-condition
ipa sudorule-add-allow-command
ipa sudorule-remove-allow-command
ipa sudorule-add-deny-command
ipa sudorule-remove-deny-command

It is probably ok to commit this patch and investigate in another ticket 
the remaining issues,
Flo.