[Freeipa-devel] [PATCHES 0146-0152] Server Roles v2

Martin Basti mbasti at redhat.com
Mon Jun 13 15:56:57 UTC 2016 


On 13.06.2016 07:26, Jan Cholasta wrote:
> On 12.6.2016 17:29, Martin Babinsky wrote:
>> On 06/10/2016 05:42 PM, Martin Babinsky wrote:
>>> On 06/10/2016 02:22 PM, Jan Cholasta wrote:
>>>> On 9.6.2016 17:06, Martin Babinsky wrote:
>>>>> On 06/09/2016 03:54 PM, Petr Vobornik wrote:
>>>>>> On 06/09/2016 01:02 PM, Martin Babinsky wrote:
>>>>>>> On 06/07/2016 07:01 PM, Pavel Vomacka wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> On 06/07/2016 12:07 PM, Martin Babinsky wrote:
>>>>>>>>> On 06/03/2016 05:25 PM, Martin Babinsky wrote:
>>>>>>>>>> I am sending rebased patches implementing
>>>>>>>>>> http://www.freeipa.org/page/V4/Server_Roles
>>>>>>>>>>
>>>>>>>>>> I hope the patches work since I have had a lot of fun rebasing
>>>>>>>>>> them on
>>>>>>>>>> top of thin client and DNS locations effort.
>>>>>>>>>>
>>>>>>>>>> https://fedorahosted.org/freeipa/ticket/5181
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Sending updated patches according to Jan's interactive review.
>>>>>>>>>
>>>>>>>>> Since the name of attributes returned by API commands and
>>>>>>>>> signature of
>>>>>>>>> `server-role-find` have changed, a small update in WebUI 
>>>>>>>>> patches is
>>>>>>>>> required.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> NACK, why did you remove sizelimit from server_role_find
>>>>>>>> command's? Is
>>>>>>>> it possible to return it back? It breaks WebUI.
>>>>>>>
>>>>>>> Indeed, this was caused by changing the base class of the command.
>>>>>>> It is
>>>>>>> fixed in updated patches.
>>>>>>>
>>>>>>
>>>>>> NACK
>>>>>>
>>>>>> Option timelimit? of command server_role_find in ipalib, not in API
>>>>>> file:
>>>>>> Int('timelimit?', autofill=False)
>>>>>> Option sizelimit? of command server_role_find in ipalib, not in API
>>>>>> file:
>>>>>> Int('sizelimit?', autofill=False)
>>>>>>
>>>>>> There are one or more changes to the API.
>>>>>> Either undo the API changes or update API.txt and increment the 
>>>>>> major
>>>>>> version in VERSION.
>>>>>> Makefile:159: recipe for target 'version-update' failed
>>>>>> make: *** [version-update] Error 1
>>>>>>
>>>>>
>>>>> Oops, seems like a missed API.txt update.
>>>>>
>>>>> Fixed.
>>>>
>>>> "ipa server-role-find" does not return the "IPA master" role for my
>>>> server ("ipa-server-role $HOSTNAME 'IPA master'" does).
>>>>
>>> This is intentional since we discussed during the design phase[1] that
>>> "IPA master" role should be implicit and not shown to the user in
>>> server-show and server-role-find operation. This however does not
>>> preclude you to query its status manually if you know the role name.
>>>
>>> [1] http://www.freeipa.org/page/V4/Server_Roles#Server_Roles
>
> OK. There should be an option to get everything, though (can be added 
> later, I guess).
>
>>>
>>>> I would rather skip the option altogether rather than hide it:
>>>>
>>>> +            # we do not want to test negative membership for roles
>>>> +            # hide it from CLI
>>>> +            elif option.name == 'no_servrole':
>>>> +                option = option.clone(flags={'no_option'})
>>>>
>>> So something like:
>>>
>>>     elif option.name == 'no_servrole':
>>>         continue
>>>
>>> should do the trick?
>
> Correct.
>
>>>> The patches need a rebase (VERSION).
>>>>
>>>> Otherwise LGTM.
>>>>
>>>
>>> Ok I will send fixed patches ASAP.
>>>
>>
>> Attaching rebased patches. 'no_servrole' option is now skipped and does
>> not show in the API.
>
> Good. ACK.
>
Functional tests: ACK

pushed to master:
* 7e2bef0b9f36a90902784be9363cbcb5ba4221b4 Server Roles: definitions of 
server roles and attributes
* d07b7e0f6fe62eb10edcc7d3a4e884e5c8fd1d29 Server Roles: Backend plugin 
to query roles and attributes
* 40d8dded7fc1e71621516da9197c736057c0b6e4 Test suite for `serverroles` 
backend
* 80cbddaa37241e5c762edb656e4c658e652c87ef Server Roles: public API for 
server roles
* b9aa31191b3067aced1432daa06d18b4382cd77f Server Roles: make 
server-{show,find} utilize role information
* 5f7086e7183f0fcfece2bdd5be3d1ea17384717b Server Roles: make 
*config-show consume relevant roles/attributes
* 21def4fde0b09a256fad3231a9042219f707fc8a Server Roles: provide an API 
for setting CA renewal master

More information about the Freeipa-devel mailing list