Alexander Bokovoy wrote:
On Thu, 15 Dec 2011, Rob Crittenden wrote:
If this is acceptable, I can do refactoring in a different ticket.


NACK.

We still have the value passed in by the user, right (in
options['user'] and options['group'])? We basically take that,
create a DN out of it, then pull the same value out. Why not skip
all that and just look at the raw values instead?

Or there is already a helper to get the key out of a dn, see
self.Object.user.get_primary_key_from_dn(str(group))

Also, I found this doesn't handle a list of users or groups. If you
pass in --users=joe,all then both get added as external users
(assuming joe doesn't already exist, of course).
Refactored the patch using original values from options[]:

$ ipa sudorule-add-runasuser testr --group=all
ipa: ERROR: invalid 'runas-user': RunAsUser does not accept 'all' as a group 
name
$ ipa sudorule-add-runasuser testr --group=admins,all
ipa: ERROR: invalid 'runas-user': RunAsUser does not accept 'all' as a group 
name
$ ipa sudorule-add-runasuser testr --user=admin,all
ipa: ERROR: invalid 'runas-user': RunAsUser does not accept 'all' as a user name
$ ipa sudorule-add-runasgroup testr --group=admin,all
ipa: ERROR: invalid 'runas-group': RunAsGroup does not accept 'all' as a group 
name

Accepts a single value or a list.

This is a patch against master (should apply to ipa-2-2 w/o issues).

Tested in 2-2, works fine. ACK.

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to