[Freeipa-devel] [DESIGN] Time-Based HBAC Policies
Alexander Bokovoy
abokovoy at redhat.com
Wed May 18 12:19:03 UTC 2016
On Wed, 18 May 2016, Stanislav Laznicka wrote:
>>>when removal succeeds but addition fails for some reason? The
>>>operation is not atomic anymore.
>>>
>>
>We offline-discussed this with Honza. There should be a new command
>`ipa hbacrule-replace-accesstime rule_name --orig-time=icalstr1
>--new-time=icalstr2`. As it would be derived from LDAPQuery, the
>atomicity is kept. This may not be very nice for CLI but should work
>well for WebUI. Both icalstr1 and icalstr2 need to be encoded as
>newlines that appear so often in iCalendar strings would only make a
>mess here.
>
>Example of use:
>
>ipa hbacrule-replace-accesstime rule_name
>--orig-time="'BEGIN:VCALENDAR\\r\\nPRODID:-//The Company//iCal4j 1.0//EN\\r\\nVERSION:2.0\\r\\nMETHOD:REQUEST\\r\\nBEGIN:VEVENT\\r\\nUID:1 at company.org\\r\\nDTSTAMP:20160406T112129Z\\r\\nDTSTART:20101115T050000Z\\r\\nDTEND:20101115T070000Z\\r\\nRRULE:FREQ=MONTHLY;INTERVAL=5;BYDAY=MO;BYHOUR=5,6\\r\\nEND:VEVENT\\r\\nEND:VCALENDAR\\r\\n'"
>--new-time="'BEGIN:VCALENDAR\\r\\nPRODID:-//The Company//iCal4j 1.0//EN\\r\\nVERSION:2.0\\r\\nMETHOD:REQUEST\\r\\nBEGIN:VEVENT\\r\\nUID:1 at company.org\\r\\nDTSTAMP:20160406T112129Z\\r\\nDTSTART:20101115T050000Z\\r\\nDTEND:20101115T070000Z\\r\\nRRULE:FREQ=MONTHLY;INTERVAL=5;BYDAY=MO,TU;BYHOUR=5,6\\r\\nEND:VEVENT\\r\\nEND:VCALENDAR\\r\\n'"
>
>to add Tuesdays to the timespan defined by the rule.
I would really like to see a file input support here. It would be
simpler to operate in CLI as you would anyway create vCal files -- no
sane person is going to deal with these strings directly on the command
line.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list