[Freeipa-devel] [PATCH] 938 consolidate external member code

Martin Kosek mkosek at redhat.com
Wed Feb 8 08:17:03 UTC 2012 

On Tue, 2012-02-07 at 16:49 -0500, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Wed, 2012-02-01 at 16:45 -0500, Rob Crittenden wrote:
> >> We had code all over the place to handle adding and removing external
> >> members from a variety of attributes. I consolidated these all into two
> >> functions in baseldap.py.
> >>
> >> This obsoletes my patch 920 but this patch includes the improved error
> >> reporting that was present.
> >>
> >> rob
> >
> > Hm, good patch! 89 insertions and 283 deletions, I like that.
> >
> > Still, I saw some minor issues that this patch introduced:
> >
> > 1) Extraneous line in failed list:
> >
> > # ipa hbacrule-show foo
> >    Rule name: foo
> >    Enabled: TRUE
> >    External host: foo.example.com
> > # ipa hbacrule-add-sourcehost foo --hosts=foo.example.com
> >    Rule name: foo
> >    Enabled: TRUE
> >    External host: foo.example.com
> >    Failed source hosts/hostgroups:
> >      member host: foo.example.com: This entry is already a member
> >      member host group:<<<<<<<<
> > -------------------------
> > Number of members added 0
> > -------------------------
> >
> > 2) Empty external host list when all of its values was removed:
> >
> > # ipa hbacrule-remove-sourcehost foo --hosts=foo.example.com
> >    Rule name: foo
> >    Enabled: TRUE
> >    External host:<<<<<<<<  Empty list
> > ---------------------------
> > Number of members removed 1
> > ---------------------------
> >
> > 3) sudorule-{add|remove}-runasuser does not show failed additions:
> >
> > # ipa sudorule-add-runasuser foo --users=admin,foo --groups=admins
> >    Rule name: foo
> >    Enabled: TRUE
> >    RunAs Users: admin
> >    Groups of RunAs Users: admins
> >    RunAs External User: foo
> > -------------------------
> > Number of members added 3
> > -------------------------
> >
> > # ipa sudorule-add-runasuser foo --users=admin,foo --groups=admins,foo
> >    Rule name: foo
> >    Enabled: TRUE
> >    RunAs Users: admin
> >    Groups of RunAs Users: admins
> > -------------------------
> > Number of members added 0<<<<  Error messages missing
> > -------------------------
> >
> > 4) The same issue is with sudorule-{add|remove}-runasgroup:
> > # ipa sudorule-remove-runasgroup foo --groups=admins,foo
> >    Rule name: foo
> >    Enabled: TRUE
> > ---------------------------
> > Number of members removed 0
> > ---------------------------
> >
> > Although this problem was there before your patch, we may create a
> > separate ticket if you want.
> >
> > Martin
> >
> 
> It was just missing labels. I added this to the patch:
> 
> diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
> index 90863ae..fbfb76f 100644
> --- a/ipalib/plugins/baseldap.py
> +++ b/ipalib/plugins/baseldap.py
> @@ -178,6 +178,12 @@ global_output_params = (
>           label=_('Failed to remove'),
>           flags=['suppress_empty'],
>       ),
> +    Str('ipasudorunas',
> +        label=_('Failed RunAs'),
> +    ),
> +    Str('ipasudorunasgroup',
> +        label=_('Failed RunAsGroup'),
> +    ),
>   )
> 
> The empty list in #2 is to show that the last member of that type was 
> removed and it is now empty.
> 
> rob

I think the patches are Ok now, also sudo failed members show now.

ACK. Pushed to master, ipa-2-2.

Martin

More information about the Freeipa-devel mailing list