Re: [Freeipa-devel] [PATCH] 0033 Fail when adding a trust with a different range
On 06/12/2013 12:14 PM, Martin Kosek wrote:
On 06/12/2013 11:40 AM, Tomas Babej wrote:
On 06/12/2013 10:23 AM, Alexander Bokovoy wrote:
On Mon, 10 Jun 2013, Ana Krivokapic wrote:
And once here(added by your patch):
+if not self.validate_range(*keys, **options):
+raise errors.ValidationError(
+name=_('id range'),
+error=_(
+'An id range already exists for this trust. '
+'You should either delete the old range, or '
+'exclude --base-id/--range-size options from the
command.'
I'd suggest we have one common place, say validate_range() function as
we have now,
that contains all the checks (more coming in the future for sure).
That would mean that the whole trust-add command will fail in the case
that ID range
with the same name but different domain SID already exists, since we
now call validate_range()
within execute() method. I checked with Alexander and we agreed that
this is more desired behaviour.
This would also result to reducement of the number of API calls, which
is a nice benefit.
Tomas
This updated patch completely separates validation logic and object
creation logic of the trust_add command. I added two new methods:
* validate_range(), which ensures that the options and environment
related to idrange is valid, and
* validate_options, which takes care of other general validation
One change introduced in this patch is making the
__populate_remote_domain() method of TrustDomainJoins class public, and
calling it from trust_add. This was necessary in order to enable
discovering details of the trusted domain in validation phase.
Looks good overall but I'd suggest to wrap populate_remote_domain()
calls in join_ad_* methods instead of removing them. If remote domain is
not initialized (i.e.
not(isinstance(self.remote_domain,TrustedDomainInstance)),
then call populate_remote_domain() as it was before.
Fixed.
I tested the patch and it works fine.
There's a lot of refactoring done, but the changes preserve equal state.
Aside
from
Alexander's comment up here, I have but one nitpick.
There are few constructs of the form:
try:
value = dictionary['keyword']
except KeyError:
value = None
or
if 'keyword' in dictionary:
value = dictionary['keyword']
else:
value = None
Can you please substitute these with value = dictionary.get(keyword, None)?
Not everywhere, but there are places where it can improve readability of the
code.
You can even use just value = dictionary.get(keyword) as None is the default
return value:
print {}.get(foo)
Fixed.
None
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Updated patch attached.
--
Regards,
Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.
From 370b91c93c3c93f63aa45069feece618375c406b Mon Sep 17 00:00:00 2001
From: Ana Krivokapic akriv...@redhat.com
Date: Fri, 31 May 2013 12:01:23 +0200
Subject: [PATCH] Fail when adding a trust with a different range
When adding a trust, if an id range already exists for this trust,
and options --base-id/--range-size are provided with the trust-add command,
trust-add should fail.
https://fedorahosted.org/freeipa/ticket/3635
---
ipalib/plugins/trust.py | 215 +---
ipaserver/dcerpc.py | 15 +++-
2 files changed, 159 insertions(+), 71 deletions(-)
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index 3cb0ed98005ae5bd11b39f8ae01c9470d1bfc9c4..5c9360b57982ef1284ec741d3ee6114345e2e7c2 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -155,6 +155,8 @@
autofill=True,
)
+DEFAULT_RANGE_SIZE = 20
+
def trust_type_string(level):
Returns a string representing a type of the trust. The original field is an enum:
@@ -287,7 +289,7 @@ class trust_add(LDAPCreate):
Int('range_size?',
cli_name='range_size',
label=_('Size of the ID range reserved for the trusted domain'),
-default=20,
+default=DEFAULT_RANGE_SIZE,
autofill=True
),
)
@@ -296,20 +298,12 @@ class trust_add(LDAPCreate):
has_output_params = LDAPCreate.has_output_params + trust_output_params
def execute(self, *keys, **options):
-if not _murmur_installed and 'base_id' not in options:
-raise errors.ValidationError(name=_('missing base_id'),
-error=_('pysss_murmur is not available on the server ' \
-'and no base-id is given.'))
+full_join = self.validate_options(*keys, **options)
+old_range, range_name, dom_sid = self.validate_range(*keys, **options)
+result = self.execute_ad(full_join, *keys, **options)
-if 'trust_type' in
Re: [Freeipa-devel] [PATCH] 420 Regression fix: rule table with ext. member support doesn't offer any items
On 06/13/2013 02:46 PM, Ana Krivokapic wrote:
On 06/13/2013 12:30 PM, Petr Vobornik wrote:
Rule tables with external member has more than one column and
therefore exclude parameter for adder dialog is not array of strings
but array of objects. normalize_values function can't work with it and
causes JS error.
This patch creates proper exclude array before passing it to adder
dialog.
https://fedorahosted.org/freeipa/ticket/3711
ACK
I've noticed that there is a leftover from a different approach:
pkey: pkey,
+param: that.name,
other_entity: that.other_entity,
The line is removed, updated patch attached.
--
Petr Vobornik
From 93e3b2a4cec826029beb2f58beb16049886cb04d Mon Sep 17 00:00:00 2001
From: Petr Vobornik pvobo...@redhat.com
Date: Wed, 12 Jun 2013 16:01:26 +0200
Subject: [PATCH] Regression fix: rule table with ext. member support doesn't
offer any items
There is a JS error.
Rule tables with external member has more than one column and therefore exclude parameter for adder dialog is not array of strings but array of objects. normalize_values function can't work with it and causes JS error.
This patch creates proper exclude array before passing it to adder dialog.
https://fedorahosted.org/freeipa/ticket/3711
---
install/ui/src/freeipa/rule.js | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/install/ui/src/freeipa/rule.js b/install/ui/src/freeipa/rule.js
index 959aec462d1c1e36220d3569fe2e776a60ab2c11..f573b56d469ac8c6652f8e49c66fd6fd1259db90 100644
--- a/install/ui/src/freeipa/rule.js
+++ b/install/ui/src/freeipa/rule.js
@@ -149,6 +149,14 @@ IPA.rule_association_table_widget = function(spec) {
title = title.replace('${primary_key}', pkey);
title = title.replace('${other_entity}', other_entity_label);
+var exclude = that.values;
+if (that.external) {
+exclude = [];
+for (var i=0; ithat.values.length; i++) {
+exclude.push(that.values[i][that.name]);
+}
+}
+
return IPA.rule_association_adder_dialog({
title: title,
pkey: pkey,
@@ -156,7 +164,7 @@ IPA.rule_association_table_widget = function(spec) {
attribute_member: that.attribute_member,
entity: that.entity,
external: that.external,
-exclude: that.values
+exclude: exclude
});
};
--
1.8.1.4
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 420 Regression fix: rule table with ext. member support doesn't offer any items
On 06/13/2013 03:24 PM, Petr Vobornik wrote: On 06/13/2013 02:46 PM, Ana Krivokapic wrote: On 06/13/2013 12:30 PM, Petr Vobornik wrote: Rule tables with external member has more than one column and therefore exclude parameter for adder dialog is not array of strings but array of objects. normalize_values function can't work with it and causes JS error. This patch creates proper exclude array before passing it to adder dialog. https://fedorahosted.org/freeipa/ticket/3711 ACK I've noticed that there is a leftover from a different approach: pkey: pkey, +param: that.name, other_entity: that.other_entity, The line is removed, updated patch attached. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel I missed it too in the first patch. ACK for updated patch. -- Regards, Ana Krivokapic Associate Software Engineer FreeIPA team Red Hat Inc. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0036 Fix displaying of success message
On 06/13/2013 05:18 PM, Petr Vobornik wrote:
On 06/13/2013 04:16 PM, Ana Krivokapic wrote:
Hello,
Make sure that the success message in web UI is properly populated with
actual
number of items that were successfully added/removed.
https://fedorahosted.org/freeipa/ticket/3708
The changes look good. But I've found an existing issue in the code which was
moved to get_succeeded:
When no operation succeeds following code behaves incorrectly:
+var succeeded = data.result.completed;
+
+if (!succeeded) {
The condition is evaluated as true when data.result.completed === 0. It's not
desired because the subsequent commands in the if block will raise JS error
(data.result doesn't have results obj).
So we should check for:
if (typeof succeeded !== 'number')
Nice catch, thanks. Updated patch attached.
--
Regards,
Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.
From e9b240b21c37751e106d8e54e974fd8a58e25c93 Mon Sep 17 00:00:00 2001
From: Ana Krivokapic akriv...@redhat.com
Date: Thu, 13 Jun 2013 16:10:33 +0200
Subject: [PATCH] Fix displaying of success message
Make sure that the success message is properly populated with actual number of
items that were successfully added/removed.
https://fedorahosted.org/freeipa/ticket/3708
---
install/ui/src/freeipa/association.js | 42 +--
install/ui/src/freeipa/ipa.js | 15 +
2 files changed, 31 insertions(+), 26 deletions(-)
diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js
index 15e164963e93faddc3e9ddfbc428c1c74df3bf95..c60c7b8afe9c16ae55e5147574664c60afc43d3e 100644
--- a/install/ui/src/freeipa/association.js
+++ b/install/ui/src/freeipa/association.js
@@ -609,10 +609,13 @@ IPA.association_table_widget = function (spec) {
dialog.execute = function() {
that.add(
dialog.get_selected_values(),
-function() {
+function(data) {
that.refresh();
dialog.close();
-IPA.notify_success('@i18n:association.added');
+
+var succeeded = IPA.get_succeeded(data);
+var msg = text.get('@i18n:association.added').replace('${count}', succeeded);
+IPA.notify_success(msg);
},
function() {
that.refresh();
@@ -671,9 +674,12 @@ IPA.association_table_widget = function (spec) {
dialog.execute = function() {
that.remove(
selected_values,
-function() {
+function(data) {
that.refresh();
-IPA.notify_success('@i18n:association.removed');
+
+var succeeded = IPA.get_succeeded(data);
+var msg = text.get('@i18n:association.removed').replace('${count}', succeeded);
+IPA.notify_success(msg);
},
function() {
that.refresh();
@@ -1084,17 +1090,8 @@ exp.association_facet = IPA.association_facet = function (spec, no_init) {
on_success: function(data) {
that.refresh();
dialog.close();
-var succeeded = data.result.completed;
-
-if (!succeeded) {
-succeeded = 0;
-for (var i = 0; i data.result.results.length; i++) {
-if (data.result.results[i].completed === 1) {
-succeeded++;
-}
-}
-}
+var succeeded = IPA.get_succeeded(data);
var msg = text.get('@i18n:association.added').replace('${count}', succeeded);
IPA.notify_success(msg);
},
@@ -1148,17 +1145,7 @@ exp.association_facet = IPA.association_facet = function (spec, no_init) {
on_success: function(data) {
that.refresh();
-var succeeded = data.result.completed;
-
-if (!succeeded) {
-succeeded = 0;
-for (var i = 0; i data.result.results.length; i++) {
-if (data.result.results[i].completed === 1) {
-succeeded++;
-}
-}
-}
-
+var succeeded = IPA.get_succeeded(data);
var msg = text.get('@i18n:association.removed').replace('${count}', succeeded);
IPA.notify_success(msg);
},
@@ -1417,7 +1404,10 @@ exp.attribute_facet = IPA.attribute_facet = function(spec, no_init) {
function(data) {
that.load(data);
that.show_content();
-
Re: [Freeipa-devel] [PATCH] 0036 Fix displaying of success message
On 06/13/2013 05:33 PM, Ana Krivokapic wrote:
On 06/13/2013 05:18 PM, Petr Vobornik wrote:
On 06/13/2013 04:16 PM, Ana Krivokapic wrote:
Hello,
Make sure that the success message in web UI is properly populated with actual
number of items that were successfully added/removed.
https://fedorahosted.org/freeipa/ticket/3708
The changes look good. But I've found an existing issue in the code which was
moved to get_succeeded:
When no operation succeeds following code behaves incorrectly:
+var succeeded = data.result.completed;
+
+if (!succeeded) {
The condition is evaluated as true when data.result.completed === 0. It's not
desired because the subsequent commands in the if block will raise JS error
(data.result doesn't have results obj).
So we should check for:
if (typeof succeeded !== 'number')
Nice catch, thanks. Updated patch attached.
ACK, pushed to master, ipa-3-2.
--
Petr Vobornik
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 420 Regression fix: rule table with ext. member support doesn't offer any items
On 06/13/2013 05:13 PM, Ana Krivokapic wrote: On 06/13/2013 03:24 PM, Petr Vobornik wrote: On 06/13/2013 02:46 PM, Ana Krivokapic wrote: On 06/13/2013 12:30 PM, Petr Vobornik wrote: Rule tables with external member has more than one column and therefore exclude parameter for adder dialog is not array of strings but array of objects. normalize_values function can't work with it and causes JS error. This patch creates proper exclude array before passing it to adder dialog. https://fedorahosted.org/freeipa/ticket/3711 ACK I've noticed that there is a leftover from a different approach: pkey: pkey, +param: that.name, other_entity: that.other_entity, The line is removed, updated patch attached. I missed it too in the first patch. ACK for updated patch. pushed to master, ipa-3-2. -- Regards, Ana Krivokapic Associate Software Engineer FreeIPA team Red Hat Inc. -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
