On 06/10/2014 10:05 AM, Petr Viktorin wrote: > On 06/09/2014 08:08 PM, Petr Viktorin wrote: >> Having another verification tool should help reviewing the permission >> patches. >> >> >> To avoid conflicts, apply on top of my patches 0568-0570 (Write User >> permissions). >> >> >> 0572: I tried to make the ACIs generated by the permission plugin as >> predictable as possible, but I missed one place it's affected by >> dict/set iteration order (which is undefined). Here's a fix. >> >> 0573: Minor refactoring to make the next patch easier. >> >> 0574: Add ACI.txt & makeaci. Due to the predictable ACIs, all this needs >> to do is generate the file; comparing can be done bit-by-bit. >> I do run the validation results through difflib, but frankly it's easier >> just to use Git. > > On my way home yesterday I remembered I left out an important piece of > information - the DN where the ACI is. Attaching updated patch 0574. > >> 0575: Make 'permission' the default bind rule type for managed >> permissions. Rationale in the commit message. >> Run makeaci to verify this doesn't change the result.
This will create some additional burden for you when converting ACIs, but the idea is good. The script worked for me, can we just create some more friendly error message than an assertion traceback? # ./makeaci --validate ... Traceback (most recent call last): File "./makeaci", line 116, in <module> main(options) File "./makeaci", line 108, in main raise AssertionError('validation failed') AssertionError: validation failed Martin _______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel