[Freeipa-devel] [PATCH] 0010 Show full error message for selinuxusermap-add-hostgroup

Jan Cholasta jcholast at redhat.com
Wed Jul 20 08:50:07 UTC 2016 

On 20.7.2016 10:26, Florence Blanc-Renaud wrote:
> On 07/18/2016 02:52 PM, Florence Blanc-Renaud wrote:
>> On 07/18/2016 08:20 AM, Jan Cholasta wrote:
>>> Hi,
>>>
>>> On 7.7.2016 16:40, Florence Blanc-Renaud wrote:
>>>> On 07/07/2016 01:23 PM, Petr Vobornik wrote:
>>>>> On 07/05/2016 02:38 PM, Florence Blanc-Renaud wrote:
>>>>>> Hi,
>>>>>>
>>>>>> the output of ipa selinuxusermap-add-hostgroup and
>>>>>> selinuxusermap-add-user does not display any more the host/host
>>>>>> group or
>>>>>> user/group that could not be added. This patch fixes this
>>>>>> regression by
>>>>>> adding the labels host/hostgroup/user/group to the list of
>>>>>> _failed_member_output_params of the class ClientMethod.
>>>>>>
>>>>>>
>>>>>> https://fedorahosted.org/freeipa/ticket/6026
>>>>>>
>>>>>
>>>>> I've a feeling that this issue is more general and multiple commands
>>>>> regressed. Would be good to check other member options, e.g. also in
>>>>> user plugin.
>>>>>
>>>> Hi Petr,
>>>>
>>>> you are right, a lot of other commands regressed. So far I checked only
>>>> user and sudocmd but it is likely to be a long task. Are there
>>>> regression tests that could help me make sure that the fix is
>>>> exhaustive?
>>>>
>>>> Flo
>>>
>>> See attachment for a patch with an universal fix.
>>>
>>> Honza
>>>
>> Hi Honza,
>>
>> the patch fixes most of the issues. I still see some CLI that do not
>> print everything (while they used to before the regression):
>> ipa servicedelegationrule-add-member
>> ipa servicedelegationrule-remove-member
>> ipa servicedelegationtarget-add-member
>> ipa servicedelegationtarget-remove-member
>>
>> And the following CLI do not print the failed members (but they never
>> did):
>> ipa automember-add-condition
>> ipa automember-remove-condition
>> ipa sudorule-add-allow-command
>> ipa sudorule-remove-allow-command
>> ipa sudorule-add-deny-command
>> ipa sudorule-remove-deny-command
>>
>> It is probably ok to commit this patch and investigate in another ticket
>> the remaining issues,
>> Flo.
>>
>
> Hi,
> please find a new version of the patch, thanks to Jan's help. This
> version also fixes servicedelegation commands.

I would rather keep the patches separate, as the fixes are different. 
Otherwise LGTM.

-- 
Jan Cholasta

More information about the Freeipa-devel mailing list