Alexander Bokovoy wrote:
On 26.07.2011 15:26, Jakub Hrozek wrote:
On 07/26/2011 12:41 PM, Alexander Bokovoy wrote:
On 26.07.2011 13:36, Alexander Bokovoy wrote:
On 26.07.2011 06:23, Alexander Bokovoy wrote:
I'll send updated patch proposal today.
Here is new patch.
Rebased against current master (9a4ce988df219565ab84602b1eea93e14700862b)
My only comment is that it would be nice to catch HbacError exceptions
from evaluate() and turn them into a nice error message using the info
they provide and the hbac_error_string() function.
That's the plan. :) I wanted first to get command line interface
stabilized as it affected backend logic.
Now, if there wouldn't be any objections anymore, time for harnessing
and unit tests.
This works well.
If I had any reservations at all it is with --detail.
I created a bunch of rules and then played around with expected pass and
fail given a different set of rules. Now maybe this was due to my just
starting to use the tool but I found myself adding --detail to every
execution so I could see exactly what was going on.
I guess that particularly when we get details on the failures themselves
(failed because host doesn't match, invalid rule, whatever) this could
get a bit unwieldy.
I think it's probably ok to leave it this way for now, by default
providing just a yes/no answer. We'll need to decide before we commit it
whether we want this to be --nodetail instead. I suspect it would be an
easy thing to change.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
