[Freeipa-devel] [PATCH] 938 consolidate external member code

Rob Crittenden rcritten at redhat.com
Mon Feb 6 14:28:42 UTC 2012 

Martin Kosek wrote:
> On Wed, 2012-02-01 at 16:45 -0500, Rob Crittenden wrote:
>> We had code all over the place to handle adding and removing external
>> members from a variety of attributes. I consolidated these all into two
>> functions in baseldap.py.
>>
>> This obsoletes my patch 920 but this patch includes the improved error
>> reporting that was present.
>>
>> rob
>
> Hm, good patch! 89 insertions and 283 deletions, I like that.
>
> Still, I saw some minor issues that this patch introduced:
>
> 1) Extraneous line in failed list:
>
> # ipa hbacrule-show foo
>    Rule name: foo
>    Enabled: TRUE
>    External host: foo.example.com
> # ipa hbacrule-add-sourcehost foo --hosts=foo.example.com
>    Rule name: foo
>    Enabled: TRUE
>    External host: foo.example.com
>    Failed source hosts/hostgroups:
>      member host: foo.example.com: This entry is already a member
>      member host group:<<<<<<<<
> -------------------------
> Number of members added 0
> -------------------------
>
> 2) Empty external host list when all of its values was removed:
>
> # ipa hbacrule-remove-sourcehost foo --hosts=foo.example.com
>    Rule name: foo
>    Enabled: TRUE
>    External host:<<<<<<<<  Empty list
> ---------------------------
> Number of members removed 1
> ---------------------------
>
> 3) sudorule-{add|remove}-runasuser does not show failed additions:
>
> # ipa sudorule-add-runasuser foo --users=admin,foo --groups=admins
>    Rule name: foo
>    Enabled: TRUE
>    RunAs Users: admin
>    Groups of RunAs Users: admins
>    RunAs External User: foo
> -------------------------
> Number of members added 3
> -------------------------
>
> # ipa sudorule-add-runasuser foo --users=admin,foo --groups=admins,foo
>    Rule name: foo
>    Enabled: TRUE
>    RunAs Users: admin
>    Groups of RunAs Users: admins
> -------------------------
> Number of members added 0<<<<  Error messages missing
> -------------------------
>
> 4) The same issue is with sudorule-{add|remove}-runasgroup:
> # ipa sudorule-remove-runasgroup foo --groups=admins,foo
>    Rule name: foo
>    Enabled: TRUE
> ---------------------------
> Number of members removed 0
> ---------------------------
>
> Although this problem was there before your patch, we may create a
> separate ticket if you want.
>
> Martin
>

I don't think that #1 and #2 are problems. It is extraneous perhaps.

I don't see any failures in #3, what errors would you expect?

In any case I don't think any of of these are caused by my changes, I'd 
prefer to open new tickets on them (and we'll have only one place to fix 
some of them).

rob

More information about the Freeipa-devel mailing list