[Freeipa-devel] [PATCH] 938 consolidate external member code
Rob Crittenden
rcritten at redhat.com
Tue Feb 7 21:49:09 UTC 2012
Martin Kosek wrote:
> On Wed, 2012-02-01 at 16:45 -0500, Rob Crittenden wrote:
>> We had code all over the place to handle adding and removing external
>> members from a variety of attributes. I consolidated these all into two
>> functions in baseldap.py.
>>
>> This obsoletes my patch 920 but this patch includes the improved error
>> reporting that was present.
>>
>> rob
>
> Hm, good patch! 89 insertions and 283 deletions, I like that.
>
> Still, I saw some minor issues that this patch introduced:
>
> 1) Extraneous line in failed list:
>
> # ipa hbacrule-show foo
> Rule name: foo
> Enabled: TRUE
> External host: foo.example.com
> # ipa hbacrule-add-sourcehost foo --hosts=foo.example.com
> Rule name: foo
> Enabled: TRUE
> External host: foo.example.com
> Failed source hosts/hostgroups:
> member host: foo.example.com: This entry is already a member
> member host group:<<<<<<<<
> -------------------------
> Number of members added 0
> -------------------------
>
> 2) Empty external host list when all of its values was removed:
>
> # ipa hbacrule-remove-sourcehost foo --hosts=foo.example.com
> Rule name: foo
> Enabled: TRUE
> External host:<<<<<<<< Empty list
> ---------------------------
> Number of members removed 1
> ---------------------------
>
> 3) sudorule-{add|remove}-runasuser does not show failed additions:
>
> # ipa sudorule-add-runasuser foo --users=admin,foo --groups=admins
> Rule name: foo
> Enabled: TRUE
> RunAs Users: admin
> Groups of RunAs Users: admins
> RunAs External User: foo
> -------------------------
> Number of members added 3
> -------------------------
>
> # ipa sudorule-add-runasuser foo --users=admin,foo --groups=admins,foo
> Rule name: foo
> Enabled: TRUE
> RunAs Users: admin
> Groups of RunAs Users: admins
> -------------------------
> Number of members added 0<<<< Error messages missing
> -------------------------
>
> 4) The same issue is with sudorule-{add|remove}-runasgroup:
> # ipa sudorule-remove-runasgroup foo --groups=admins,foo
> Rule name: foo
> Enabled: TRUE
> ---------------------------
> Number of members removed 0
> ---------------------------
>
> Although this problem was there before your patch, we may create a
> separate ticket if you want.
>
> Martin
>
It was just missing labels. I added this to the patch:
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 90863ae..fbfb76f 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -178,6 +178,12 @@ global_output_params = (
label=_('Failed to remove'),
flags=['suppress_empty'],
),
+ Str('ipasudorunas',
+ label=_('Failed RunAs'),
+ ),
+ Str('ipasudorunasgroup',
+ label=_('Failed RunAsGroup'),
+ ),
)
The empty list in #2 is to show that the last member of that type was
removed and it is now empty.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-938-2-external.patch
Type: application/mbox
Size: 26091 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120207/f10c2a7f/attachment.mbox>
More information about the Freeipa-devel
mailing list