[Freeipa-devel] [PATCH] 938 consolidate external member code
Martin Kosek
mkosek at redhat.com
Wed Feb 8 08:17:03 UTC 2012
On Tue, 2012-02-07 at 16:49 -0500, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Wed, 2012-02-01 at 16:45 -0500, Rob Crittenden wrote:
> >> We had code all over the place to handle adding and removing external
> >> members from a variety of attributes. I consolidated these all into two
> >> functions in baseldap.py.
> >>
> >> This obsoletes my patch 920 but this patch includes the improved error
> >> reporting that was present.
> >>
> >> rob
> >
> > Hm, good patch! 89 insertions and 283 deletions, I like that.
> >
> > Still, I saw some minor issues that this patch introduced:
> >
> > 1) Extraneous line in failed list:
> >
> > # ipa hbacrule-show foo
> > Rule name: foo
> > Enabled: TRUE
> > External host: foo.example.com
> > # ipa hbacrule-add-sourcehost foo --hosts=foo.example.com
> > Rule name: foo
> > Enabled: TRUE
> > External host: foo.example.com
> > Failed source hosts/hostgroups:
> > member host: foo.example.com: This entry is already a member
> > member host group:<<<<<<<<
> > -------------------------
> > Number of members added 0
> > -------------------------
> >
> > 2) Empty external host list when all of its values was removed:
> >
> > # ipa hbacrule-remove-sourcehost foo --hosts=foo.example.com
> > Rule name: foo
> > Enabled: TRUE
> > External host:<<<<<<<< Empty list
> > ---------------------------
> > Number of members removed 1
> > ---------------------------
> >
> > 3) sudorule-{add|remove}-runasuser does not show failed additions:
> >
> > # ipa sudorule-add-runasuser foo --users=admin,foo --groups=admins
> > Rule name: foo
> > Enabled: TRUE
> > RunAs Users: admin
> > Groups of RunAs Users: admins
> > RunAs External User: foo
> > -------------------------
> > Number of members added 3
> > -------------------------
> >
> > # ipa sudorule-add-runasuser foo --users=admin,foo --groups=admins,foo
> > Rule name: foo
> > Enabled: TRUE
> > RunAs Users: admin
> > Groups of RunAs Users: admins
> > -------------------------
> > Number of members added 0<<<< Error messages missing
> > -------------------------
> >
> > 4) The same issue is with sudorule-{add|remove}-runasgroup:
> > # ipa sudorule-remove-runasgroup foo --groups=admins,foo
> > Rule name: foo
> > Enabled: TRUE
> > ---------------------------
> > Number of members removed 0
> > ---------------------------
> >
> > Although this problem was there before your patch, we may create a
> > separate ticket if you want.
> >
> > Martin
> >
>
> It was just missing labels. I added this to the patch:
>
> diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
> index 90863ae..fbfb76f 100644
> --- a/ipalib/plugins/baseldap.py
> +++ b/ipalib/plugins/baseldap.py
> @@ -178,6 +178,12 @@ global_output_params = (
> label=_('Failed to remove'),
> flags=['suppress_empty'],
> ),
> + Str('ipasudorunas',
> + label=_('Failed RunAs'),
> + ),
> + Str('ipasudorunasgroup',
> + label=_('Failed RunAsGroup'),
> + ),
> )
>
> The empty list in #2 is to show that the last member of that type was
> removed and it is now empty.
>
> rob
I think the patches are Ok now, also sudo failed members show now.
ACK. Pushed to master, ipa-2-2.
Martin
More information about the Freeipa-devel
mailing list