Re: [Freeipa-devel] [PATCH] Modified ipa help behavior
Jan Zelený wrote: Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Jan Zelenýjzel...@redhat.com wrote: Now each plugin can define its topic as a 2-tuple, where the first item is the name of topic it belongs to and the second item is a description of such topic. Topic descriptions must be the same for all modules belonging to the topic. By using this topics, it is possible to group plugins as we see fit. When asking for help for a particular topic, help for all modules in given topic is written. ipa help - show all topics (until now it showed all plugins) ipa helptopic - show details to given topic https://fedorahosted.org/freeipa/ticket/410 Sorry for the wrong sequence number, sending the correct one now. I think this is a good start but I find the output hard to read, both with a single topic (like user) or multiple (like sudo). The dashed lines and the extra spaces make my eyes cross a bit What I don't have is any good suggestion to change it up. I realize you are jamming together discrete things that may or may not look nice together. I suppose a few suggestions might be: - a SEEALSO-like where you print the topics at the bottom so it is obvious that multiple things are jammed together - A single dashed-line all the way across (more or less) with a single space before and after might be a less jarring separator. IIRC we have some output code that should handle screen sizes for you. - I'm not sure if combining all the commands into a single list is the right thing or not. It may not be necessary with the SEEALSO. So nack for now but this is headed in the right direction. rob After the last discussion at the meeting, I started to work on this again. The goal is to implement suggested idea with SEE ALSO topics. But there is one more issue to solve. It occurred to me that hbac topic would contain 3 subtopics: hbac, hbacsvc and hbacsvcgroup. Now the issue is when I type: ipa help hbac How should the program distinguish the topic hbac from the hbac subtopic? The simplest solution here is to rename the module, but that doesn't seem right to me. Other solution could be to rename the topic, but that would be against the basic reason why we should implement topic grouping. Any suggestions? Frankly, I'm wonder if the topic-based grouping is worth the effort, but I have an idea a little bit different from this approach. When typing ipa help hbac* user would receive a filtered list of topics, where only topics with module name starting with hbac would be. The result would look like this: ipa help hbac* Usage: ipa [global-options] COMMAND ... Help topics: hbac Host-based access control hbacsvc HBAC Services hbacsvcgroup HBAC Service Groups The only limitation of this concept is that topic groups wouldn't be stable. For example the result of ipa help hbac would be different from ipa help hbacsvc. Also some incorrect grouping might occur (host and hostgroup at the moment). Before I start working on this, I'd like to know your opinions. May be use hbac for the high level topic group and hbacrule for the hbac rule management? This way there is no name collision. I do not know how big of a change it is and how it would affect UI/CLI/man etc. At this point of the project we need to try to minimize changes. It will affect SUDO too... Other approach might be to allow subtopics as another parameter: Usage: ipa help topic subtopic ipa help hbac hbac May be for the purpose of help we can do: ipa help hbac Usage: ipa [global-options] COMMAND ... Help subtopics: rule Host-based access control rules service HBAC Services group HBAC Service Groups ipa help hbac rule ... ipa help hbac service ... ipa help hbac group ... Will that work? AFAIU this will not have any impact on the commands and would not require any changes to the UI/CLI other than to the help system itself. Thanks Dmitri Thanks Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0023 Compiles plugin against the right ldap libraries
Jan Zelený wrote: Simo Sorcesso...@redhat.com wrote: On Fri, 03 Dec 2010 17:25:20 -0700 Rich Megginsonrmegg...@redhat.com wrote: On 12/03/2010 04:26 PM, Simo Sorce wrote: In Fedora 14, 389-ds started linking against openldap libraries instead of the old mozldap libraries. This patch allows us to conditionally build plugins against openldap as well. Failure to do so may cause symbol clashes when the plugin is used by directory server because then we get 2 different ldap libraries loaded at the same time. The spec file has already been changed to build plugins --with-openldap by default. ack but only if the goal is to remove use of #define LDAP_DEPRECATED 1 - I can help with this The only reason I kept that is that we use ldap_explode_dn(), that function is not itself deprecated (ie it is not under LDAP_DEPRECATED ifdefs although a comment syas it is deprecated), but it returns char **, and the only function that frees a char ** is ldap_free_value(). This one is under LDAP_DEPRECATED and says you shoud use ldap_free_value_len(), but that functions takes a struct berval as argument. I think there are only 2 places/plugins where those deprecated functions are used. So if you want to open a ticket to remove them feel free, but I would do that as a separate patch. The goal of this patch was to do as few modifications as possible to the plugins themselves. I can confirm this patch solves some installation issues on F14, so if Rob agrees, I'd like to ack this. Works for me too, ack. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Document that the default group has to exist
Jan Zelený wrote: Rob Crittendenrcrit...@redhat.com wrote: Jan Zelený wrote: Jan Zelenýjzel...@redhat.com wrote: https://bugzilla.redhat.com/show_bug.cgi?id=654117#c4 Sending corrected patch. A little modification of the doc formulation and renaming the patch so it follows the guidelines. Jan Can't we do a group-show in the mod pre_callback to see if the group exists? rob Here is the patch, thanks for that suggestion. Jan ack, pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 629 optimize queries when searching for indirect members
Jan Zelený wrote: Rob Crittendenrcrit...@redhat.com wrote: Ensure list of attrs to retrieve is unique, optimize getting indirect members This fixes search where we were asking for the member attribute 10 or more times. When retrieving indirect members make sure we always pass around the size and time limits so we don't have to look it up with every call to find_entries() I saw this while doing a group_find and watching the LDAP access log. ticket 557 rob ACK pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 619 more aci target docs
David O'Brien wrote: Rob Crittenden wrote: Rob Crittenden wrote: David O'Brien wrote: Rob Crittenden wrote: I added some more documentation and examples to the aci plugin on targets. ticket 310 rob NACK Running behind with reviews, sorry. Just a few minor fixes: s/targetted/targeted/ s/This is primarily meant to be able to allow users to add/remove members of a specific group only./This is primarily designed to enable users to add or remove members of a specific group. (I _think_ I understood that ok, and didn't change the meaning. Further, if this target is only designed for this purpose, you don't need primarily. If it does something else, what is it?) I couldn't grok 100% the subtree target description. s/... the ACI is allowed to do, they are one or more of:/... the ACI is allowed to do, and are one or more of: For consistency's sake, s/lets/allows/ etc. Also see below: allows members of the addusers taskgroup lets members of the editors... group? lets members of the admin group You might need to review the examples a bit. cheers Updated patch. rob Ok, the right updated patch this time. rob I might be nit-picking now... This might be a function of how the underlying code works in combination with using US English, but why do we have both zip code and postal code? + Add an ACI that allows members of the admin group manage the street and zipcode of those in the editors group: + ipa aci-add --permissions=write --memberof=editors --group=admins --attrs=street,postalcode admins edit address of editors If postalcode is required in the ACI, and Zip Code is en-US, then that's fine. And, ...the admin group TO manage... admins edit THE address of editors Like I said, this might be nit-picking for man pages, but what can I say? I'm a writer. ACK from me with those couple of updates. Yeah, the LDAP attribute is postalCode. Updates applied, pushed to master. thanks rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Modified ipa help behavior
On 12/06/2010 07:19 AM, Jan Zelený wrote: Rob Crittendenrcrit...@redhat.com wrote: Jan Zelený wrote: Jan Zelenýjzel...@redhat.com wrote: Now each plugin can define its topic as a 2-tuple, where the first item is the name of topic it belongs to and the second item is a description of such topic. Topic descriptions must be the same for all modules belonging to the topic. By using this topics, it is possible to group plugins as we see fit. When asking for help for a particular topic, help for all modules in given topic is written. ipa help - show all topics (until now it showed all plugins) ipa helptopic - show details to given topic https://fedorahosted.org/freeipa/ticket/410 Sorry for the wrong sequence number, sending the correct one now. I think this is a good start but I find the output hard to read, both with a single topic (like user) or multiple (like sudo). The dashed lines and the extra spaces make my eyes cross a bit What I don't have is any good suggestion to change it up. I realize you are jamming together discrete things that may or may not look nice together. I suppose a few suggestions might be: - a SEEALSO-like where you print the topics at the bottom so it is obvious that multiple things are jammed together - A single dashed-line all the way across (more or less) with a single space before and after might be a less jarring separator. IIRC we have some output code that should handle screen sizes for you. - I'm not sure if combining all the commands into a single list is the right thing or not. It may not be necessary with the SEEALSO. So nack for now but this is headed in the right direction. rob After the last discussion at the meeting, I started to work on this again. The goal is to implement suggested idea with SEE ALSO topics. But there is one more issue to solve. It occurred to me that hbac topic would contain 3 subtopics: hbac, hbacsvc and hbacsvcgroup. Now the issue is when I type: ipa help hbac How should the program distinguish the topic hbac from the hbac subtopic? The simplest solution here is to rename the module, but that doesn't seem right to me. Other solution could be to rename the topic, but that would be against the basic reason why we should implement topic grouping. Any suggestions? Frankly, I'm wonder if the topic-based grouping is worth the effort, but I have an idea a little bit different from this approach. When typing ipa help hbac* user would receive a filtered list of topics, where only topics with module name starting with hbac would be. The result would look like this: ipa help hbac* That syntax would break in a bASH. It would try to match files in the PWD that start with habc, and report an error if there were none. Usage: ipa [global-options] COMMAND ... Help topics: hbac Host-based access control hbacsvc HBAC Services hbacsvcgroup HBAC Service Groups The only limitation of this concept is that topic groups wouldn't be stable. For example the result of ipa help hbac would be different from ipa help hbacsvc. Also some incorrect grouping might occur (host and hostgroup at the moment). Before I start working on this, I'd like to know your opinions. Thanks Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] admiyo-0112-entity-i18n
Note that this does not cover HBAC or SUDO, as Edewate is currently working on those. From 07c07de994de1a22d38e270841f75a83b74f9c5c Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Sat, 4 Dec 2010 00:29:05 -0500 Subject: [PATCH] entity i18n Updated the user,group,host, hostgroup, netgroup, service, and all policy entities to use the newer framework functions, in order to replaced the old array style definitions which did not support i18n. update a few of the newer framerwork functions to get the lables from the meta data. Fixed the unit tests which were expecting a details facet for users, no longer automatically created --- install/static/details.js |4 +- install/static/group.js | 37 ++ install/static/host.js | 29 ++--- install/static/hostgroup.js | 65 +++--- install/static/netgroup.js | 60 ++--- install/static/policy.js| 242 ++ install/static/search.js|7 + install/static/service.js |6 +- install/static/test/entity_tests.js |9 +- install/static/user.js | 146 +- install/static/widget.js| 10 ++- 11 files changed, 382 insertions(+), 233 deletions(-) diff --git a/install/static/details.js b/install/static/details.js index b6503a1c743eb39b26031c94283e05880f0fd12c..59b9aad9fb2d4d15239b2c8b8855043298e10c61 100644 --- a/install/static/details.js +++ b/install/static/details.js @@ -339,7 +339,7 @@ function ipa_details_list_section(spec){ } }; -// Deprecated: Used for backward compatibility only. +// This is to allow declarative style programming for details function input(spec){ that.create_field(spec); return that; @@ -350,7 +350,7 @@ function ipa_details_list_section(spec){ return that; } -// Deprecated: Used for backward compatibility only. +// shorthand notation used for declarative definitions of details pages function ipa_stanza(spec) { return ipa_details_list_section(spec); } diff --git a/install/static/group.js b/install/static/group.js index b44463439d73d6059b32751c07530c41b6d1a4dc..8c2087f66f3ca4a9feac2001aba18ec0d446eb7b 100644 --- a/install/static/group.js +++ b/install/static/group.js @@ -89,10 +89,14 @@ function ipa_group_add_dialog(spec) { that.add_dialog_init(); -that.add_field(ipa_text_widget({name:'cn', label:'Name', undo: false})); -that.add_field(ipa_text_widget({name:'description', label:'Description', undo: false})); -that.add_field(ipa_checkbox_widget({name:'posix', label:'Is this a POSIX group?', undo: false})); -that.add_field(ipa_text_widget({name:'gidnumber', label:'GID', undo: false})); +that.add_field(ipa_text_widget({name:'cn', entity_name:'group', +undo: false})); +that.add_field(ipa_text_widget({name:'description', +entity_name:'group', undo: false})); +that.add_field(ipa_checkbox_widget({name:'posix', entity_name:'group', +undo: false})); +that.add_field(ipa_text_widget({name:'gidnumber', entity_name:'group', +undo: false})); }; return that; @@ -105,11 +109,9 @@ function ipa_group_search_facet(spec) { var that = ipa_search_facet(spec); that.init = function() { - -that.create_column({name:'cn', label:'Name'}); -that.create_column({name:'gidnumber', label:'GID'}); -that.create_column({name:'description', label:'Description'}); - +that.create_column({name:'cn'}); +that.create_column({name:'gidnumber'}); +that.create_column({name:'description'}); that.search_facet_init(); }; @@ -130,20 +132,9 @@ function ipa_group_details_facet(spec) { }); that.add_section(section); -section.create_field({ -name: 'cn', -label: 'Group Name' -}); - -section.create_field({ -name: 'description', -label: 'Description' -}); - -section.create_field({ -name: 'gidnumber', -label: 'Group ID' -}); +section.create_field({name: 'cn' }); +section.create_field({name: 'description'}); +section.create_field({name: 'gidnumber' }); that.details_facet_init(); }; diff --git a/install/static/host.js b/install/static/host.js index 484b64771ecf6f1be948974f424606476375a276..4a60bbccd3ca965f2ff8263e3859d6ac4710e2cc 100644 --- a/install/static/host.js +++ b/install/static/host.js @@ -87,7 +87,7 @@ function ipa_host_add_dialog(spec) { that.add_field(ipa_text_widget({ 'name': 'fqdn', -'label': 'Name', +entity_name:'host', 'size': 40, 'undo': false })); @@
Re: [Freeipa-devel] [PATCH] 0023 Compiles plugin against the right ldap libraries
On Mon, 06 Dec 2010 11:22:38 -0500 Rob Crittenden rcrit...@redhat.com wrote: Jan Zelený wrote: Simo Sorcesso...@redhat.com wrote: On Fri, 03 Dec 2010 17:25:20 -0700 Rich Megginsonrmegg...@redhat.com wrote: On 12/03/2010 04:26 PM, Simo Sorce wrote: In Fedora 14, 389-ds started linking against openldap libraries instead of the old mozldap libraries. This patch allows us to conditionally build plugins against openldap as well. Failure to do so may cause symbol clashes when the plugin is used by directory server because then we get 2 different ldap libraries loaded at the same time. The spec file has already been changed to build plugins --with-openldap by default. ack but only if the goal is to remove use of #define LDAP_DEPRECATED 1 - I can help with this The only reason I kept that is that we use ldap_explode_dn(), that function is not itself deprecated (ie it is not under LDAP_DEPRECATED ifdefs although a comment syas it is deprecated), but it returns char **, and the only function that frees a char ** is ldap_free_value(). This one is under LDAP_DEPRECATED and says you shoud use ldap_free_value_len(), but that functions takes a struct berval as argument. I think there are only 2 places/plugins where those deprecated functions are used. So if you want to open a ticket to remove them feel free, but I would do that as a separate patch. The goal of this patch was to do as few modifications as possible to the plugins themselves. I can confirm this patch solves some installation issues on F14, so if Rob agrees, I'd like to ack this. Works for me too, ack. Pushed to master Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Hostgroups - Netgroups Managed Entries
Hello, Please review the attached patch. It is meant to address: https://fedorahosted.org/freeipa/ticket/543 This patch adds support for the default behavior of adding/deleting/modifing an ipaNetgroup anytime an ipaHostgroup is added/deleted/modified. As requested by the ticket, the cli does not display these managed entries when performing: ipa netgroup-find ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] admiyo-0112-entity-i18n
On 12/6/2010 11:16 AM, Adam Young wrote: Note that this does not cover HBAC or SUDO, as Edewate is currently working on those. ACK and pushed to master. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 631 Add IA5String type
Some attributes we use are IA5Strings which have a very limited character set. Add a parameter type for that so we can catch the bad type up front and give a more reasonable error message than syntax error. ticket 496 rob From d1c650311b66e822667d76f46416cc2039519f22 Mon Sep 17 00:00:00 2001 From: Rob Crittenden rcrit...@redhat.com Date: Mon, 6 Dec 2010 15:09:03 -0500 Subject: [PATCH] Add new parameter type IA5Str and use this to enforce the right charset. ticket 496 --- install/share/60ipaconfig.ldif |2 +- ipalib/__init__.py |2 +- ipalib/errors.py | 16 ipalib/parameters.py | 19 +++ ipalib/plugins/automount.py | 28 ++-- ipalib/plugins/config.py |8 ipaserver/plugins/ldap2.py |2 ++ tests/test_ipalib/test_parameters.py | 23 +++ 8 files changed, 80 insertions(+), 20 deletions(-) diff --git a/install/share/60ipaconfig.ldif b/install/share/60ipaconfig.ldif index e93b55e..d7b4ebd 100644 --- a/install/share/60ipaconfig.ldif +++ b/install/share/60ipaconfig.ldif @@ -22,7 +22,7 @@ attributetypes: ( 2.16.840.1.113730.3.8.1.4 NAME 'ipaSearchRecordsLimit' EQUALIT ## ipaCustomFields - custom fields to show in the UI in addition to pre-defined ones attributetypes: ( 2.16.840.1.113730.3.8.1.5 NAME 'ipaCustomFields' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) ## ipaHomesRootDir - default posix home directory root dir to use when creating new accounts -attributetypes: ( 2.16.840.1.113730.3.8.1.6 NAME 'ipaHomesRootDir' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) +attributetypes: ( 2.16.840.1.113730.3.8.1.6 NAME 'ipaHomesRootDir' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE) ## ipaDefaultLoginShell - default posix login shell to use when creating new accounts attributetypes: ( 2.16.840.1.113730.3.8.1.7 NAME 'ipaDefaultLoginShell' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) ## ipaDefaultPrimaryGroup - default posix primary group to assign when creating new accounts diff --git a/ipalib/__init__.py b/ipalib/__init__.py index 2589cf1..169b47a 100644 --- a/ipalib/__init__.py +++ b/ipalib/__init__.py @@ -878,7 +878,7 @@ from backend import Backend from frontend import Command, LocalOrRemote from frontend import Object, Method, Property from crud import Create, Retrieve, Update, Delete, Search -from parameters import DefaultFrom, Bool, Flag, Int, Float, Bytes, Str, Password,List +from parameters import DefaultFrom, Bool, Flag, Int, Float, Bytes, Str, IA5Str, Password,List from parameters import BytesEnum, StrEnum, AccessTime, File from errors import SkipPluginModule from text import _, ngettext, GettextFactory, NGettextFactory diff --git a/ipalib/errors.py b/ipalib/errors.py index 5b983cc..5d77bc2 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -1252,6 +1252,22 @@ class OnlyOneValueAllowed(ExecutionError): format = _('%(attr)s: Only one value allowed.') +class InvalidSyntax(ExecutionError): + +**4208** Raised when trying to set more than one value to single-value attributes + +For example: + + raise OnlyOneValueAllowed(attr='ipahomesrootdir') +Traceback (most recent call last): + ... +InvalidSyntax: ipahomesrootdir: Invalid syntax + + +errno = 4208 +format = _('%(attr)s: Invalid syntax.') + + class CertificateError(ExecutionError): **4300** Base class for Certificate execution errors (*4300 - 4399*). diff --git a/ipalib/parameters.py b/ipalib/parameters.py index cf4f3ba..f3b13bd 100644 --- a/ipalib/parameters.py +++ b/ipalib/parameters.py @@ -1278,6 +1278,25 @@ class Str(Data): ) +class IA5Str(Str): + +An IA5String per RFC 4517 + + +def __init__(self, name, *rules, **kw): +super(IA5Str, self).__init__(name, *rules, **kw) + +def _convert_scalar(self, value, index=None): +if isinstance(value, basestring): +for i in xrange(len(value)): +if ord(value[i]) 127: +raise ConversionError(name=self.name, index=index, +error=_('The character \'%(char)r\' is not allowed.') % +dict(char=value[i],) +) +return super(IA5Str, self)._convert_scalar(value, index) + + class Password(Str): A parameter for passwords (stored in the ``unicode`` type). diff --git a/ipalib/plugins/automount.py b/ipalib/plugins/automount.py index df9b341..958b4c2 100644 --- a/ipalib/plugins/automount.py +++ b/ipalib/plugins/automount.py @@ -168,7 +168,7 @@ automountInformation: -ro,soft,rsize=8192,wsize=8192 nfs.example.com:/vol/arch from ipalib import api, errors from ipalib import Object, Command -from ipalib import Flag, Str +from ipalib import Flag, Str, IA5Str from
Re: [Freeipa-devel] [PATCH] HBAC Service Groups adjustments
On 12/06/2010 12:12 PM, Endi Sukma Dewata wrote: Hi, Please review the attached patch. Thanks! The association facet for HBAC Service Groups has been removed and replaced with an association table in the details page. The ipa_association_table_widget has been modified to support multiple columns in the table itself and in the adder dialog. The ipa_association_adder_dialog and ipa_association_facet have been refactored. The ipa_sudorule_association_widget and ipa_rule_association_widget has been removed because their functionalities have been merged into ipa_association_table_widget. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK. Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Column i18n
Hi, Please review the attached patch. Thanks! The ipa_column has been modified to get the label from metadata during initialization. The ipa_table_widget has been modified to initialize the columns. Hard-coded labels have been removed from column declarations. The ipa_adder_dialog has been modified to execute a search at the end of setup. -- Endi S. Dewata From ee1025e731f2aa5b49f82aecdbdadffc988ff148 Mon Sep 17 00:00:00 2001 From: Endi S. Dewata edew...@redhat.com Date: Mon, 6 Dec 2010 13:51:49 -0600 Subject: [PATCH] Column i18n The ipa_column has been modified to get the label from metadata during initialization. The ipa_table_widget has been modified to initialize the columns. Hard-coded labels have been removed from column declarations. The ipa_adder_dialog has been modified to execute a search at the end of setup. --- install/static/associate.js| 37 +++--- install/static/group.js| 13 --- install/static/hbac.js | 16 -- install/static/hbacsvc.js |8 +++--- install/static/hbacsvcgroup.js | 12 +++--- install/static/host.js |5 +--- install/static/search.js | 11 +++-- install/static/service.js |9 +++ install/static/sudocmd.js |8 +++--- install/static/sudocmdgroup.js | 12 +++--- install/static/sudorule.js | 12 +- install/static/widget.js | 43 +++ 12 files changed, 100 insertions(+), 86 deletions(-) diff --git a/install/static/associate.js b/install/static/associate.js index 1a96362f5955ba217a921d43c3711e3266e9bd52..48bb0225f24bed8438db3745d8fafb7a36922e2a 100644 --- a/install/static/associate.js +++ b/install/static/associate.js @@ -153,15 +153,9 @@ function ipa_association_adder_dialog(spec) { } that.adder_dialog_init(); -execute_search(''); - }; that.search = function() { -execute_search(that.get_filter()); -}; - -function execute_search(filter){ function on_success(data, text_status, xhr) { var results = data.result; that.clear_available_values(); @@ -172,8 +166,8 @@ function ipa_association_adder_dialog(spec) { } } -ipa_cmd('find', [filter], {'all': true}, on_success, null, that.other_entity); -} +ipa_cmd('find', [that.get_filter()], {'all': true}, on_success, null, that.other_entity); +}; return that; } @@ -250,7 +244,6 @@ function ipa_association_table_widget(spec) { }; that.add_adder_column = function(column) { -column.entity_name = that.entity_name; that.adder_columns.push(column); that.adder_columns_by_name[column.name] = column; }; @@ -284,6 +277,16 @@ function ipa_association_table_widget(spec) { }); } +for (var i=0; ithat.columns.length; i++) { +var column = that.columns[i]; +column.entity_name = that.other_entity; +} + +for (var i=0; ithat.adder_columns.length; i++) { +var column = that.adder_columns[i]; +column.entity_name = that.other_entity; +} + that.table_init(); }; @@ -523,7 +526,6 @@ function ipa_association_facet(spec) { }; that.add_column = function(column) { -column.entity_name = that.entity_name; that.columns.push(column); that.columns_by_name[column.name] = column; }; @@ -539,7 +541,6 @@ function ipa_association_facet(spec) { }; that.add_adder_column = function(column) { -column.entity_name = that.entity_name; that.adder_columns.push(column); that.adder_columns_by_name[column.name] = column; }; @@ -552,6 +553,8 @@ function ipa_association_facet(spec) { that.init = function() { +that.facet_init(); + var entity = IPA.get_entity(that.entity_name); var association = entity.get_association(that.other_entity); @@ -608,7 +611,17 @@ function ipa_association_facet(spec) { }; } -that.facet_init(); +for (var i=0; ithat.columns.length; i++) { +var column = that.columns[i]; +column.entity_name = that.other_entity; +} + +for (var i=0; ithat.adder_columns.length; i++) { +var column = that.adder_columns[i]; +column.entity_name = that.other_entity; +} + +that.table.init(); }; that.is_dirty = function() { diff --git a/install/static/group.js b/install/static/group.js index 8c2087f66f3ca4a9feac2001aba18ec0d446eb7b..f3dba7b03169273fd68c9d97c0f3ff0470270a73 100644 --- a/install/static/group.js +++ b/install/static/group.js @@ -150,11 +150,10 @@ function ipa_group_member_user_facet(spec) { that.init = function() { -that.create_column({name: 'cn', label: 'Name'}); +that.create_column({name: 'cn'});
[Freeipa-devel] [PATCH] 0024 - Better random ranges
This patch reduced the size of the default range (from 1 million to 200.000) and also changes the way the range is selected. Instead of starting at a completely random number, it selects 1 out of 1 random 200k ranges so that the range starts at multiples of 200k. This makes it so that 2 different installs either do not overlap at all or overlap completely (once in 10k times) instead of potentially partially overlapping. Simo. -- Simo Sorce * Red Hat, Inc * New York From 7a4573918ea62a007a785332cdec2670bd9c4b2c Mon Sep 17 00:00:00 2001 From: Simo Sorce sso...@redhat.com Date: Mon, 6 Dec 2010 16:16:49 -0500 Subject: [PATCH] Give back smaller and more readable ranges by default. Instead of allocating a completely random start between 1M and 2G and a range of 1M values, give 1 possible 200k ranges. They all start at a 200k boundary so they generate more readable IDs, at least until there arent't too many users/replicas involved. --- install/tools/ipa-server-install | 11 ++- 1 files changed, 6 insertions(+), 5 deletions(-) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 020fc8ff8aa7b627ba9cb7366635c6ed4f864a79..aa0f8ba072ef43cdcdaf9f4ba42cd4c7961e123f 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -1,7 +1,9 @@ #! /usr/bin/python -E # Authors: Karl MacMillan kmacmil...@mentalrootkit.com +# Simo Sorce sso...@redhat.com +# Rob Crittended rcrit...@redhat.com # -# Copyright (C) 2007 Red Hat +# Copyright (C) 2007-2010 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or @@ -60,11 +62,10 @@ from ipapython.config import IPAOptionParser pw_name = None uninstalling = False -# Used to determine the the highest possible uid/gid -MAXINT_32BIT = 2147483648 def parse_options(): -namespace = random.randint(100, (MAXINT_32BIT - 100)) +# Guaranteed to give a random 200k range below the 2G mark (uint32_t limit) +namespace = random.randint(1, 1) * 20 parser = IPAOptionParser(version=version.VERSION) parser.add_option(-u, --user, dest=ds_user, help=ds user) @@ -177,7 +178,7 @@ def parse_options(): parser.error(--external-cert-file must use an absolute path) if options.idmax == 0: -options.idmax = int(options.idstart) + 100 - 1 +options.idmax = int(options.idstart) + 20 - 1 if options.idmax options.idstart: parse.error(idmax (%u) cannot be smaller than idstart (%u) % -- 1.7.3.2 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Column i18n
On 12/06/2010 04:17 PM, Endi Sukma Dewata wrote: Hi, Please review the attached patch. Thanks! The ipa_column has been modified to get the label from metadata during initialization. The ipa_table_widget has been modified to initialize the columns. Hard-coded labels have been removed from column declarations. The ipa_adder_dialog has been modified to execute a search at the end of setup. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK and pushed to master. I appended the ipa_init.json metadate update. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] SUDO Command Groups adjustments
On 12/06/2010 04:33 PM, Endi Sukma Dewata wrote: Hi, Please review the attached patch. Thanks! The association facet for SUDO Command Groups has been removed and replaced with an association table in the details page. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK and pushed to master. Note that the buttons on my machine are superimposed over the Description column. We'll need to adjust that, along with the rest of the buttons cleanup. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel