I didn't want to override Rob's original pwpolicy plugin right away, so I named it pwpolicy2, so that we can have both plugins available for now.
pwpolicy2 includes all functionality the original plugin had including the latest changes like priority uniqueness etc. There is a small interface change - group names are entered as the first positional argument. If no group is specified, the plugin assumes the global password policy. It supports --all/--raw and has fine grained searching capabilities (the original plugin was only able to return all policies). It also shows priority when displaying policies.
There is a lot of technical changes. It's a complete rewrite. Everything is based on baseldap classes, so the code should be a bit simpler and commands behavior more consistent with other plugins. CoS objects are modeled separately and have their own CRUD commands. I flagged the CoS commands as INTERNAL (see my recent patch), so that users aren't able to access CoS entries directly, but pwpolicy2 can take advantage of our plugin infrastructure to manage them. I think this is a good example of how internal plugin are useful. It's also very handy for testing, you can just remove the INTERNAL flag and use `ipa cosentry-find --all --raw` to check if the entries were created/modified/whatever correctly.
Unit test included. Pavel
_______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel