[Freeipa-devel] [PATCH] 0010 Show full error message for selinuxusermap-add-hostgroup
Jan Cholasta
jcholast at redhat.com
Wed Jul 20 11:13:24 UTC 2016
On 20.7.2016 11:46, Florence Blanc-Renaud wrote:
> On 07/20/2016 10:50 AM, Jan Cholasta wrote:
>> On 20.7.2016 10:26, Florence Blanc-Renaud wrote:
>>> On 07/18/2016 02:52 PM, Florence Blanc-Renaud wrote:
>>>> On 07/18/2016 08:20 AM, Jan Cholasta wrote:
>>>>> Hi,
>>>>>
>>>>> On 7.7.2016 16:40, Florence Blanc-Renaud wrote:
>>>>>> On 07/07/2016 01:23 PM, Petr Vobornik wrote:
>>>>>>> On 07/05/2016 02:38 PM, Florence Blanc-Renaud wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> the output of ipa selinuxusermap-add-hostgroup and
>>>>>>>> selinuxusermap-add-user does not display any more the host/host
>>>>>>>> group or
>>>>>>>> user/group that could not be added. This patch fixes this
>>>>>>>> regression by
>>>>>>>> adding the labels host/hostgroup/user/group to the list of
>>>>>>>> _failed_member_output_params of the class ClientMethod.
>>>>>>>>
>>>>>>>>
>>>>>>>> https://fedorahosted.org/freeipa/ticket/6026
>>>>>>>>
>>>>>>>
>>>>>>> I've a feeling that this issue is more general and multiple commands
>>>>>>> regressed. Would be good to check other member options, e.g. also in
>>>>>>> user plugin.
>>>>>>>
>>>>>> Hi Petr,
>>>>>>
>>>>>> you are right, a lot of other commands regressed. So far I checked
>>>>>> only
>>>>>> user and sudocmd but it is likely to be a long task. Are there
>>>>>> regression tests that could help me make sure that the fix is
>>>>>> exhaustive?
>>>>>>
>>>>>> Flo
>>>>>
>>>>> See attachment for a patch with an universal fix.
>>>>>
>>>>> Honza
>>>>>
>>>> Hi Honza,
>>>>
>>>> the patch fixes most of the issues. I still see some CLI that do not
>>>> print everything (while they used to before the regression):
>>>> ipa servicedelegationrule-add-member
>>>> ipa servicedelegationrule-remove-member
>>>> ipa servicedelegationtarget-add-member
>>>> ipa servicedelegationtarget-remove-member
>>>>
>>>> And the following CLI do not print the failed members (but they never
>>>> did):
>>>> ipa automember-add-condition
>>>> ipa automember-remove-condition
>>>> ipa sudorule-add-allow-command
>>>> ipa sudorule-remove-allow-command
>>>> ipa sudorule-add-deny-command
>>>> ipa sudorule-remove-deny-command
>>>>
>>>> It is probably ok to commit this patch and investigate in another
>>>> ticket
>>>> the remaining issues,
>>>> Flo.
>>>>
>>>
>>> Hi,
>>> please find a new version of the patch, thanks to Jan's help. This
>>> version also fixes servicedelegation commands.
>>
>> I would rather keep the patches separate, as the fixes are different.
>> Otherwise LGTM.
>>
> Hi Honza,
>
> please find an updated version which handles only servicedelegation
> issue (I also attached your original patch for reference).
> For the reviewers: both have to be applied to completely fix the ticket.
> Flo.
Thanks, ACK.
Pushed to master: 90704df59dbe996ef1db58d7a11f826c008d08a3
--
Jan Cholasta
More information about the Freeipa-devel
mailing list