[Freeipa-devel] [PATCHES] 0546-0547 Allow alternate "aci" keyword in ACIs
Rob Crittenden
rcritten at redhat.com
Wed Apr 30 17:25:56 UTC 2014
Petr Viktorin wrote:
> Hello,
> The first patch adds "==" to ACI object to simplify comparisons.
> The second patch moves existing "tests" to the test suite.
>
> The third patch adds support for an alternate "aci" keyword that DS
> supports (but I couldn't get any documentaion on it). Dogtag adds ACIs
> with this keyword to cn=config, so we'll need this fix when parsing ACIs
> there.
>
>
> Rob, you wrote the parser; does this look OK to you?
>
ACK.
Only minor quibble is you left a couple of print statements in the tests.
As you note, I had some "tests" that I ran when I was implementing the
aci module. Moving these to formal testing is definitely the right thing
to do.
I do wonder one thing though. In the equality test I had reversed some
ordering of things to ensure that things were normalized in the same
way. For the check_aci_parsing() tests is it worth considering doing
something similar?
I noticed that we are apparently not normalizing target filters because
there is a space in the DN. Something for later.
There is no ticket. Probably fine since this is mostly just shuffling
deck chairs.
rob
More information about the Freeipa-devel
mailing list