[Freeipa-devel] [PATCH] 267 Filter groups by type (normal, posix, external)

Petr Vobornik pvoborni at redhat.com
Tue Apr 9 16:45:25 UTC 2013 

On 04/09/2013 05:06 PM, Martin Kosek wrote:
> On 04/09/2013 04:38 PM, Petr Vobornik wrote:
>> On 04/04/2013 12:02 PM, Martin Kosek wrote:
>>> Thanks Tomas for your opinion, I can agree with that. To make it more in an
>>> actual design, this is API following this discussion that I would propose:
>>>
>>> This is API we already have in IPA:
>>> ipa group-add --external
>>> ipa group-add --nonposix
>>> ipa group-find --private
>>>
>>> This is API that I would propose to add to be consistent with what we already
>>> have:
>>> ipa group-find --nonposix
>>> ipa group-find --posix
>>> ipa group-find --external
>>>
>>> --nonposix would only match groups added with --nonposix flag in group-add,
>>> i.e. no --external groups.
>>>
>>> As Tomas said, these should also be close together. We can even add a specific
>>> option group for them, like there are with ipa dnsrecord-add, named for example
>>> "Group Types". We may also raise OptionError when these option are used
>>> together to make this less confusing - e.g. OptionError("group type options
>>> (--nonposix, --posix and --external) are mutually exclusive").
>>>
>>> Martin
>>>
>> New version attached.
>>
>
> 1) default=False parameter for Flag is redundant:
>
> +        Flag('external',
> +             cli_name='external',
> +             doc=_('search for groups with support of external non-IPA members
> from trusted domains'),
> +             default=False,
> +        ),
>
>
> 2) No need to import StrEnum:
> +from ipalib import Int, Str, StrEnum
>
> 3) This can be simplified:
> +        if len(filters):
> TO:
> +        if filters:
>
>
> Besides these minor issues, that patch works fine and I think we can push a
> fixed version.
>
> Thanks,
> Martin
>

Additional self-nack.

4) original filter is ignored when some of the new options is used. It 
prevents from effective searching and also shows private groups when 
--posix is used.

All fixed, new unit test added. New version attached.

The fix doesn't touch usage of --private because it's a special case - 
private groups don't have ipausergroup oc and therefore they are 
incompatible with original filter.
-- 
Petr Vobornik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvoborni-0267-2-Filter-groups-by-type-POSIX-non-POSIX-external.patch
Type: text/x-patch
Size: 12108 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130409/c24e99de/attachment.bin>

More information about the Freeipa-devel mailing list