[Freeipa-devel] [SSSD] Proposed changes to the HBAC grammar

Mon Nov 22 21:49:22 UTC 2010

On Mon, Nov 22, 2010 at 1:35 PM, Dmitri Pal <dpal at redhat.com> wrote:
> Stephen Gallagher wrote:
>> On 11/22/2010 12:22 PM, Dmitri Pal wrote
>> >> septet-of-the-month = interval 1-5
>> > The septet is not used any more and should be removed, right?
>>
>> Yeah, I missed removing that. I've deleted it from the page now.
>>
>> >> day-of-the-month-interval = interval day-of-the-month
>> > This should be a plain interval from 1-31 with no negatives since it
>> is used in the M-day rule
>> > I would argue that M-day can be just replaced with
>>
>> > M-day = "day" WSP interval 1-31
>>
>>
>> I disagree. With this construction, we can say:
>>
>> accessTime = periodic monthly day -1 at 0900 + 000800
>>
>> (Read: on the last day of the month from 09:00 to 17:00)
>>
>> This would be useful for e.g. a regularly-scheduled backup task.
>>
>
> I think negative numbers are confusing and it is hard to decipher.
> Why we cant say "last"? it will be much cleaner.

As a user, I disagree. While a "last" statement makes sense, a
negative number makes perfect sense as well. In fact, a negative
number is easier to feed to various scripts and whatnot. I'd actually
prefer -1 to denote the last day of the month or whatnot over last.

>> > Keep in mind that definition of the interval here is as described
>> below:
>> > interval XX-YY = a comma-separated list of items from XX to YY, or
>> dash-separated ranges.
>> > For example, (interval 1-31) 3-7,10,12,15,25-31 with no spaces inside.
>>
>> > So definition of the day-of-the-month-interval can be then removed.
>>
>>
>> Agreed. I've simplified the display of this.
>>
>> >> day-of-the-month-range = "between" WSP day-of-the-month WSP "and"
>> WSP day-of-the-month
>> >>
>> >> day-of-the-month = "-31" to "31"
>>
>> > This notion allows me to enter "between -31 and 3" which does not
>> make any sense.
>>
>> I'll clarify with "-31" to "-1" OR "0" to "31".
>>
>> > Also current grammar does not allow me to use ranges which I want to
>> use here.
>>
>> Please explain what range you want here. I'm specifically avoiding
>> "intervals" here because it's too complex to understand.
>
> I think it is very simple:
>
> a) I want to use explicit days by number I use this:
> periodic monthly day 1,3,5,10-15,22
> b) I want to use week days during an interval I use this:
> periodic monthly day on Wed, Sun during 1,3,5,10-15,22
>
> I want to use same interval definition in both cases.
>>
>> Describing events with arbitrary intervals like this would be better
>> done with the M-day approach.
>>
>>
>> > I want to be able to express "Wednesday" of the first and third week
>> of the month. Capability to do so it completely lost.
>>
>> Wrong. accessTime is multivalued. You just create two entries, one for
>> the first week, one for the third week. They are additive.
>
> Yes you can but I think it is not an acceptable solution. I should be
> able to express it in one rule.

While this would be nice, does it really matter? Smaller rules are
easier to understand. Keep in mind that the more chances you give
admins to misconfigure things through really hairy rules, the more
they will misconfigure things.

>> > We abandoned the term "septet" not because of the bad idea but
>> because this is a confusing word. But we can leave without it as long
>> as I can use complex intervals.
>> > After more thinking I would like to reject idea of the negative numbers.
>> > Instead we can do the following:
>>
>>
>> > M-on = "on" WSP day-of-the-week WSP "during" WSP day-of-the-month-range
>> > day-of-the-month-range = interval 1-31 / last-days
>> > last-days = "last" WSP sequential-days
>> > sequential-days = single number from the 1-31 range
>>
>> > So if we want to say "Wednesday" of the first and third week of the
>> month I will use:
>>
>> > periodic monthly on Wed during 1-7,15-21
>>
>> > if I want to say Wednesday during last two weeks of the month I will
>> say:
>>
>> > periodic monthly on Wed during last 14
>>
>> > IMO it is cleaner and simpler and allows to express all the notions
>> we want to express.
>>
>>
>> See above. I really don't want intervals in the M-on grammar, since it
>> makes it extremely difficult to comprehend by mere mortals.
>
> And I really want them there.

Why? What technical argument necessitates this? I'm inclined to agree
with Stephen here. He has a good point.

>> >> day-of-the-week = interval 1-7 (or Mon-Sun)
>> >>
>> >> range-specifier = "at" WSP HHMM WSP "+" WSP duration-specifier
>> > What is the value and significance of the "+" here? Is it just for
>> readability? Then I would suggest that we replace it with the word "for".
>>
>>
>> Sure, "for" is fine.
>>
>> >> duration-specifier = DDHHMM
>> >>
>> >> DD = "00" to "31"
>> >>
>> >> HH = "00" to "23"
>> >>
>> >> MM = "00" to "59"
>> >>
>> >>
>> >> interval XX-YY = a comma-separated list of items from XX to YY, or
>> dash-separated ranges.
>> >> range = dash-separated range
>> > This definition seems incomplete but I do not know how to make it
>> better...
>>
>> >> For example, (interval 1-31) 3-7,10,12,15,25-31 with no spaces inside.
>>
>> > Thank you,
>> > Dmitri Pal
>>
>> > Sr. Engineering Manager IPA project,
>> > Red Hat Inc.
>>
>>
>> > -------------------------------
>> > Looking to carve out IT costs?
>> > www.redhat.com/carveoutcosts/
>>
>> > _______________________________________________
>> > Freeipa-devel mailing list
>> > Freeipa-devel at redhat.com
>> > https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>>
> _______________________________________________
> sssd-devel mailing list
> sssd-devel at lists.fedorahosted.org
> https://fedorahosted.org/mailman/listinfo/sssd-devel
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
> _______________________________________________
> sssd-devel mailing list
> sssd-devel at lists.fedorahosted.org
> https://fedorahosted.org/mailman/listinfo/sssd-devel
>

-- 
Jeff Schroeder

Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com