On 01/10/2014 12:43 PM, Jan Cholasta wrote:
On 20.12.2013 13:06, Petr Viktorin wrote:
I now have a failing test in test_permission_rollback. Let's think about
this case for a moment:
The permission system has "rollback": if an ACI update fails, the entry
is rolled back. Currently it works (for ipapermlocation changes) like
this:
- The old entry is retreived
- A new entry is populated (NB, the framework's mod operation does not
retrieve the entry it modifies; rather it builds an entirely new entry
with *only* the data that's changed, and relies on generate_modlist
doing MOD_REPLACE when orig data is missing).
- update is called on the new entry
- The ACI is updated, and this fails (e.g. with SyntaxError)
- update is called on the *old* entry retreived in the first step. Up to
now this had restored the entry (since existing state was looked up
before each mod), but with these patches it raises EmptyModlist since
the object has not changed relative to its orig data.
Obviously this approach is wrong given how entry is supposed to work
now, and I'll be happy to change it it. But it's not clear what's the
right way to do such rollback.
I have added an optional argument to reset_modlist, which you can use to
specify on which entry to base the modlist, see patch 214.
Updated patches attached.
Thanks!
Looks good, test pass, upgrade works too. ACK, pushed to master:
7b3d9be388f8e3da3959912061513e40b31926c5
--
PetrĀ³
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
