[Freeipa-devel] [PATCH] Add {user, host, sourcehost}Category to HBAC and make accessTime multivalue.
Rob Crittenden
rcritten at redhat.com
Tue Dec 1 15:40:14 UTC 2009
Pavel Zůna wrote:
> Rob Crittenden wrote:
>> Pavel Zuna wrote:
>>> Rob Crittenden wrote:
>>>> Pavel Zuna wrote:
>>>>> Due to the format of accessTime (it has commas and spaces in it),
>>>>> we can't use the List parameter type. I made it so that accessTime
>>>>> values have to be entered one by one using new commands.
>>>>>
>>>>> We also agreed, that we're going to rename GeneralizedTime
>>>>> parameter to AccessTime to prevent confusion with RFC 4517
>>>>> standard. I attached a separate patch for clarity.
>>>>>
>>>>> Pavel
>>>>
>>>> A couple of questions:
>>>>
>>>> - Would it make sense to leave time in as an option that takes a
>>>> singular value? If someone wants multiple times they can use the new
>>>> add interface, right?
>>> It would and I think it's a good idea, updated patch attached.
>>>
>>>> - What are these new enums for? If there is only one choice do you
>>>> really have a choice?
>>> Well for now, we only have the 'all' in categories, but the list is
>>> expected to grow. At first I didn't include categories in the plugin,
>>> because of this, but Sumit wanted it to be complete.
>>>
>>>> - We still need some tests for GeneralizedTime/AccessTime.
>>> Ok, added to my TODO list.
>>
>> The patch isn't applying for me:
>>
>> $ patch -p1 --dry-run < 0003-Fix-takes_options-in-automount-plugin.patch
>> patching file ipalib/plugins/hbac.py
>> patching file tests/test_xmlrpc/test_hbac_plugin.py
>> Hunk #1 FAILED at 52.
>> Hunk #2 FAILED at 84.
>> 2 out of 3 hunks FAILED -- saving rejects to file
>> tests/test_xmlrpc/test_hbac_plugin.py.rej
>>
>> Since you have to mess with this anyway, can you:
>>
>> - add another test to also test adding the access time on the add. You
>> added back the capability but the tests are still removed AFAICT.
>>
>> - add a FUTURE or FIXME comment indicating that the enumerators are
>> future-proofing things by making them a 1-option enumerator for now?
>>
>> rob
> Fixed patch attached.
>
> Pavel
>
ack x2, push master x2
More information about the Freeipa-devel
mailing list