[config-model-users] [augeas-devel] Re: Semantic problem in augeas sshd lens ?

Dominique Dumont dominique.dumont at hp.com
Thu Sep 4 12:19:46 UTC 2008 

David Lutterkort <lutter at redhat.com> writes:

> If there are no HostKey entries yet and you say
> 'set /files/etc/ssh/sshd_config/HostKey foo', it will be added as the
> last node under /files/etc/ssh/sshd_config, which may violate the schema
> if you have 'Match' sections.
>
> So you need to insert the entry explicitly, for example with
>         insert HostKey before /files/etc/ssh/sshd_config/Match[1]
>         set /files/etc/ssh/sshd_config/HostKey[last()] foo

Furthermore, one must use 'set' only if the entry already exists...

Look like Augeas users are not completely shielded from syntactic
idiosyncrasies.

This also means that mapping Config::Model representation to augeas
representation will not be straightforward. At least in sshd_config's
case. Some adaptative code will be needed. So be it.

>> > I would map that into
>> >
>> >         { "Match"
>> >           { "Condition" { "User" = "sarko" }}
>> >           { "Condition" { "Group" = "pres.*" }}
>> >           { "Banner" = "/etc/bienvenue.txt" }
>> >           { "X11Forwarding" = "no" } }
>> 
>> Which is fine unless a future version of OpenSSH defines a Condition
>> keyword that can be used within a Match block. Such a change would
>> break the lens. And changing the lens would break the API as seen by
>> sshd lens users.
>> 
>> So should we be more future proof at the expense of a slightly more
>> complicated sshd lens ?
>
> Or use a label that can't be a valid keyword for sshd config, like
> '.Condition' instead of 'Condition'

I'm somewhat reluctant to mix Augeas defined keyword with OpenSSH
keywords at the same structural level. How about :

     { "Match"
       { "Condition" { "User" = "sarko" }}
       { "Condition" { "Group" = "pres.*" }}
       { "Payload"   { "Banner" = "/etc/bienvenue.txt" }
                     { "X11Forwarding" = "no" } 
                     }

Then, the effect of the Match'ed condition are explicit in the Payload
lens.

What do you think ? 

All the best.

-- 
Dominique Dumont 
"Delivering successful solutions requires giving people what they
need, not what they want." Kurt Bittner

More information about the augeas-devel mailing list