subject:"\[Freeipa\-devel\] \[PATCH\] 320 Only use service PAC type as an override"

Re: [Freeipa-devel] [PATCH] 320 Only use service PAC type as an override

2012-10-03 Thread Martin Kosek

On 10/02/2012 10:31 PM, Rob Crittenden wrote:
 Martin Kosek wrote:
 PAC type (ipakrbauthzdata attribute) was being filled for all new
 service automatically. However, the PAC type attribute was designed
 to serve only as an override to default PAC type configured in
 IPA config. With PAC type set in all services, users would have
 to update all services to get new PAC types configured in IPA config.

 Do not set PAC type for new services. Add new NONE value meaning that
 we do not want any PAC for the service (empty/missing attribute means
 that the default PAC type list from IPA config is read).

 https://fedorahosted.org/freeipa/ticket/2184

 ---

 Note: the new NONE value of service PAC type was planned in a scope of ticket
 #2960.
 
 ACK, but before you push can you add the jist of this commit message to the
 help for PAC type in the service command help so users will understand the
 difference between NONE and blank?
 
 rob
 

Good idea. I updated doc of this attribute in service plugin and also doc/label
of a relevant config option to help user distinguish what is a default and what
is an override.

Pushed to master, ipa-3-0.

Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 320 Only use service PAC type as an override

2012-10-02 Thread Martin Kosek

PAC type (ipakrbauthzdata attribute) was being filled for all new
service automatically. However, the PAC type attribute was designed
to serve only as an override to default PAC type configured in
IPA config. With PAC type set in all services, users would have
to update all services to get new PAC types configured in IPA config.

Do not set PAC type for new services. Add new NONE value meaning that
we do not want any PAC for the service (empty/missing attribute means
that the default PAC type list from IPA config is read).

https://fedorahosted.org/freeipa/ticket/2184

---

Note: the new NONE value of service PAC type was planned in a scope of ticket
#2960.
From 957e814b2c43637d3f493e8b902b8e494df5b04b Mon Sep 17 00:00:00 2001
From: Martin Kosek mko...@redhat.com
Date: Tue, 2 Oct 2012 17:06:10 +0200
Subject: [PATCH] Only use service PAC type as an override

PAC type (ipakrbauthzdata attribute) was being filled for all new
service automatically. However, the PAC type attribute was designed
to serve only as an override to default PAC type configured in
IPA config. With PAC type set in all services, users would have
to update all services to get new PAC types configured in IPA config.

Do not set PAC type for new services. Add new NONE value meaning that
we do not want any PAC for the service (empty/missing attribute means
that the default PAC type list from IPA config is read).

https://fedorahosted.org/freeipa/ticket/2184
---
 API.txt  |  6 ++--
 VERSION  |  2 +-
 ipalib/plugins/service.py| 27 ++
 tests/test_xmlrpc/test_host_plugin.py|  1 -
 tests/test_xmlrpc/test_service_plugin.py | 48 
 5 files changed, 61 insertions(+), 23 deletions(-)

diff --git a/API.txt b/API.txt
index 1906e22fe92f76f1a628d37fcdb23d73a1b1297f..7bd046c8d504bb7e39059a4f2b6743c7c0b6d8ef 100644
--- a/API.txt
+++ b/API.txt
@@ -2738,7 +2738,7 @@ command: service_add
 args: 1,8,3
 arg: Str('krbprincipalname', attribute=True, cli_name='principal', multivalue=False, primary_key=True, required=True)
 option: Bytes('usercertificate', attribute=True, cli_name='certificate', multivalue=False, required=False)
-option: StrEnum('ipakrbauthzdata', attribute=True, cli_name='pac_type', csv=True, multivalue=True, required=False, values=(u'MS-PAC', u'PAD'))
+option: StrEnum('ipakrbauthzdata', attribute=True, cli_name='pac_type', csv=True, multivalue=True, required=False, values=(u'MS-PAC', u'PAD', u'NONE'))
 option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Flag('force', autofill=True, default=False)
@@ -2775,7 +2775,7 @@ command: service_find
 args: 1,10,4
 arg: Str('criteria?', noextrawhitespace=False)
 option: Str('krbprincipalname', attribute=True, autofill=False, cli_name='principal', multivalue=False, primary_key=True, query=True, required=False)
-option: StrEnum('ipakrbauthzdata', attribute=True, autofill=False, cli_name='pac_type', csv=True, multivalue=True, query=True, required=False, values=(u'MS-PAC', u'PAD'))
+option: StrEnum('ipakrbauthzdata', attribute=True, autofill=False, cli_name='pac_type', csv=True, multivalue=True, query=True, required=False, values=(u'MS-PAC', u'PAD', u'NONE'))
 option: Int('timelimit?', autofill=False, minvalue=0)
 option: Int('sizelimit?', autofill=False, minvalue=0)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
@@ -2792,7 +2792,7 @@ command: service_mod
 args: 1,9,3
 arg: Str('krbprincipalname', attribute=True, cli_name='principal', multivalue=False, primary_key=True, query=True, required=True)
 option: Bytes('usercertificate', attribute=True, autofill=False, cli_name='certificate', multivalue=False, required=False)
-option: StrEnum('ipakrbauthzdata', attribute=True, autofill=False, cli_name='pac_type', csv=True, multivalue=True, required=False, values=(u'MS-PAC', u'PAD'))
+option: StrEnum('ipakrbauthzdata', attribute=True, autofill=False, cli_name='pac_type', csv=True, multivalue=True, required=False, values=(u'MS-PAC', u'PAD', u'NONE'))
 option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Str('delattr*', cli_name='delattr', exclude='webui')
diff --git a/VERSION b/VERSION
index 962d476e7e152c0c189361ea38de0a5642798971..c1f1bceffe53b3fcfa6526448f6aebca475073b2 100644
--- a/VERSION
+++ b/VERSION
@@ -79,4 +79,4 @@ IPA_DATA_VERSION=2010061412
 #  #
 
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=43
+IPA_API_VERSION_MINOR=44
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index a7201f525941023fb5caa8610836156a6df79bab..cc044bb7e2cb716e880d4773b6116fd281fd394c 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -254,11 +254,26 @@ class

Re: [Freeipa-devel] [PATCH] 320 Only use service PAC type as an override

2012-10-02 Thread Rob Crittenden


Martin Kosek wrote:

PAC type (ipakrbauthzdata attribute) was being filled for all new
service automatically. However, the PAC type attribute was designed
to serve only as an override to default PAC type configured in
IPA config. With PAC type set in all services, users would have
to update all services to get new PAC types configured in IPA config.

Do not set PAC type for new services. Add new NONE value meaning that
we do not want any PAC for the service (empty/missing attribute means
that the default PAC type list from IPA config is read).

https://fedorahosted.org/freeipa/ticket/2184

---

Note: the new NONE value of service PAC type was planned in a scope of ticket
#2960.


ACK, but before you push can you add the jist of this commit message to 
the help for PAC type in the service command help so users will 
understand the difference between NONE and blank?


rob

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 320 Only use service PAC type as an override

[Freeipa-devel] [PATCH] 320 Only use service PAC type as an override

Re: [Freeipa-devel] [PATCH] 320 Only use service PAC type as an override

3 matches

Site Navigation

Mail list logo

Footer information