Alexander Bokovoy wrote:
On 26.07.2011 15:26, Jakub Hrozek wrote:
On 07/26/2011 12:41 PM, Alexander Bokovoy wrote:
On 26.07.2011 13:36, Alexander Bokovoy wrote:
On 26.07.2011 06:23, Alexander Bokovoy wrote:
I'll send updated patch proposal today.
Here is new patch.
Rebased against current master (9a4ce988df219565ab84602b1eea93e14700862b)

My only comment is that it would be nice to catch HbacError exceptions
from evaluate() and turn them into a nice error message using the info
they provide and the hbac_error_string() function.
That's the plan. :) I wanted first to get command line interface
stabilized as it affected backend logic.

Now, if there wouldn't be any objections anymore, time for harnessing
and unit tests.

This works well.

If I had any reservations at all it is with --detail.

I created a bunch of rules and then played around with expected pass and fail given a different set of rules. Now maybe this was due to my just starting to use the tool but I found myself adding --detail to every execution so I could see exactly what was going on.

I guess that particularly when we get details on the failures themselves (failed because host doesn't match, invalid rule, whatever) this could get a bit unwieldy.

I think it's probably ok to leave it this way for now, by default providing just a yes/no answer. We'll need to decide before we commit it whether we want this to be --nodetail instead. I suspect it would be an easy thing to change.


Freeipa-devel mailing list

Reply via email to