[Freeipa-devel] [PATCHES] 0473-0477 Managed permission updater, part 1

Petr Viktorin pviktori at redhat.com
Wed Mar 5 12:48:29 UTC 2014 

On 03/03/2014 04:10 PM, Petr Viktorin wrote:
> On 02/28/2014 02:47 PM, Petr Viktorin wrote:
>> On 02/28/2014 02:12 PM, Martin Kosek wrote:
>>> On 02/26/2014 10:44 AM, Petr Viktorin wrote:
>>>> Hello,
>>>> Here are a few fixes/improvements, and the first part of a managed
>>>> permission
>>>> updater.
>>>>
>>>> The patches should go in this order but don't need to be ACKed/pushed
>>>> all at once.
>>>>
>>>>
>>>> Design:
>>>> http://www.freeipa.org/page/V3/Managed_Read_permissions#Default_Permission_Updater
>>>>
>>>>
>>>> Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
>>>>
>>>>
>>>> This part is a "preview" of sorts, to get the basic mechanism and the
>>>> metadata
>>>> format reviewed before I add all of the default read permissions.
>>>> It implements the first section of "Default Permission Updater" in
>>>> the design;
>>>> "Replacing legacy default permissions" and "Removing the global
>>>> anonymous read
>>>> ACI" is left for later.
>>>> Metadata is added for the netgroup plugin* for starters
[...]
>>>>
>>>
>>> 1) 476: Typo in test name:
>>>
>>> +            desc='Search fo rnonexisting permission with ":" in the
>>> name',
>>
>> Will fix.

Fixed

>>> 2) 477: do we want to log anything when permission is up to date?
>>>
>>> +            try:
>>> +                ldap.update_entry(entry)
>>> +            except errors.EmptyModlist:
>>> +                return
>>
>> I don't think that's needed, after all that's the expected behavior in
>> all but the first upgrade.
>> But I'll be happy to add it if you think it would be better.

I've added a DEBUG message here.

[...]
>>> 4) I have been quite resilient to the prefixes for the permissions,
>>> but it
>>> seems it is the easier possible approach to fix conflicts with user
>>> permissions
>>> without having to check that later for every upgrade or doing more
>>> complex
>>> stuff like multiple RDNs or different container for system and user
>>> permissions.
>>>
>>> I am now just thinking about the prefixing. Now you use this name:
>>>
>>> ipa:Read Netgroups
>>>
>>> Would it be "nicer" to use:
>>>
>>> IPA:Read Netgroups
>>> or
>>> IPA: Read Netgroups
>>> or even
>>> [IPA] Read Netgroups
>>> ? :-)
>>
>> Bikeshedding time!
>> Everyone on the list, please chime in!
>
> Bikeshedding results from today's meeting:
>
> "ipa: " pviktori++
> "System: " mkosek++ simo+ ab++
> "Builtin: " simo++ pvo+
> "Default: "
>
> The winner is "System: ", so I'll go and change to that.

Done.


-- 
Petr³

-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0473.2-Allow-indexing-API-object-types-by-class.patch
Type: text/x-patch
Size: 4114 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140305/675bc011/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0474.2-permission-find-Fix-handling-of-the-search-term-for-.patch
Type: text/x-patch
Size: 3632 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140305/675bc011/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0475.2-test_permission_plugin-Fix-tests-that-make-too-broad.patch
Type: text/x-patch
Size: 6973 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140305/675bc011/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0476.2-Allow-modifying-permissions-with-in-the-name.patch
Type: text/x-patch
Size: 10996 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140305/675bc011/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0477.2-Add-Object-metadata-and-update-plugin-for-managed-pe.patch
Type: text/x-patch
Size: 9078 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140305/675bc011/attachment-0004.bin>

More information about the Freeipa-devel mailing list