Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 06/10/2016 04:03 PM, Lukas Slebodnik wrote: > On (10/06/16 11:01), Martin Kosek wrote: >> On 06/10/2016 10:01 AM, Martin Basti wrote: >>> Sorry I misread that ticket in the commit message, because ipatool was >>> unable >>> to parse it from commit message >>> >>> Pushed to master: 185806432d6dfccc5cdd73815471ce60a575b073 >> >> I see no link to this ticket in the commit message in >> https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=185806432d6dfccc5cdd73815471ce60a575b073 >> Did you push old version of this patch? >> >> In general, I would suggest using the patch format from >> http://www.freeipa.org/page/Contribute/Patch_Format >> It makes automation easier... >> > And it would be much easier for author with .git-commit-template > @see > https://git.fedorahosted.org/cgit/sssd.git/commit/?id=3d9edb4c510028def2df41aa7b0ce705b197e6fc > > LS > Good idea, https://fedorahosted.org/freeipa/ticket/5952 -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On (10/06/16 11:01), Martin Kosek wrote: >On 06/10/2016 10:01 AM, Martin Basti wrote: >> >> >> On 09.06.2016 21:45, Alexander Bokovoy wrote: >>> On Thu, 09 Jun 2016, Martin Basti wrote: On 09.06.2016 17:56, Martin Babinsky wrote: > On 06/06/2016 01:37 PM, Alexander Bokovoy wrote: >> On Mon, 06 Jun 2016, Jan Cholasta wrote: >>> On 6.6.2016 13:22, Martin Basti wrote: On 06.06.2016 13:14, Alexander Bokovoy wrote: > On Mon, 06 Jun 2016, Martin Basti wrote: >> >> >> On 06.06.2016 12:36, Alexander Bokovoy wrote: >>> Hi, >>> >>> MS-ADTS spec requires that TrustPartner field should be equal to the >>> commonName (cn) of the trust. We used it a bit wrongly to express >>> trust relationship between parent and child domains. In fact, we >>> have parent-child relationship recorded in the DN (child domains >>> are part of the parent domain's container). >>> >>> Remove the argument that was never used externally but only >>> supplied by >>> trust-specific code inside the IPA framework. >>> >>> Part of https://fedorahosted.org/freeipa/ticket/5354 >>> >>> >>> >> >> Hello, how is handled backward compatibility here, you just removes >> the option from API, without any additional logic for older clients. > This is not used by the external clients at all. It is part of > internal > logic of the code in trust.py+com.redhat.trust.fetch-domains which > always talk to the same server they are running on. > > @register() > class trustdomain_add(LDAPCreate): > __doc__ = _('Allow access from the trusted domain') > NO_CLI = True > > Yes sorry, not old IPA clients, but it was part of API, shown in API browser, and since this was in API, it is set to stone. So If you think that it is safe to be removed and nobody can hit this, I'm okay for removing that option. Maybe we should at least wrote it to release notes (I'll let Honza to express his feelings as API versioning/compatibility sensei) >>> >>> IMHO it is safe to remove. >>> And you forgot to increment api version in VERSION file >> Updated patch attached, with a VERSION change. >> >> >> > ACK > Is there any ticket for this? >>> As I wrote in the commit message and in the email, >>> it is part of https://fedorahosted.org/freeipa/ticket/5354 >>> >> Sorry I misread that ticket in the commit message, because ipatool was unable >> to parse it from commit message >> >> Pushed to master: 185806432d6dfccc5cdd73815471ce60a575b073 > >I see no link to this ticket in the commit message in >https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=185806432d6dfccc5cdd73815471ce60a575b073 >Did you push old version of this patch? > >In general, I would suggest using the patch format from >http://www.freeipa.org/page/Contribute/Patch_Format >It makes automation easier... > And it would be much easier for author with .git-commit-template @see https://git.fedorahosted.org/cgit/sssd.git/commit/?id=3d9edb4c510028def2df41aa7b0ce705b197e6fc LS -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 10.06.2016 12:13, Martin Basti wrote: On 10.06.2016 11:01, Martin Kosek wrote: On 06/10/2016 10:01 AM, Martin Basti wrote: On 09.06.2016 21:45, Alexander Bokovoy wrote: On Thu, 09 Jun 2016, Martin Basti wrote: On 09.06.2016 17:56, Martin Babinsky wrote: On 06/06/2016 01:37 PM, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Jan Cholasta wrote: On 6.6.2016 13:22, Martin Basti wrote: On 06.06.2016 13:14, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Martin Basti wrote: On 06.06.2016 12:36, Alexander Bokovoy wrote: Hi, MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. Part of https://fedorahosted.org/freeipa/ticket/5354 Hello, how is handled backward compatibility here, you just removes the option from API, without any additional logic for older clients. This is not used by the external clients at all. It is part of internal logic of the code in trust.py+com.redhat.trust.fetch-domains which always talk to the same server they are running on. @register() class trustdomain_add(LDAPCreate): __doc__ = _('Allow access from the trusted domain') NO_CLI = True Yes sorry, not old IPA clients, but it was part of API, shown in API browser, and since this was in API, it is set to stone. So If you think that it is safe to be removed and nobody can hit this, I'm okay for removing that option. Maybe we should at least wrote it to release notes (I'll let Honza to express his feelings as API versioning/compatibility sensei) IMHO it is safe to remove. And you forgot to increment api version in VERSION file Updated patch attached, with a VERSION change. ACK Is there any ticket for this? As I wrote in the commit message and in the email, it is part of https://fedorahosted.org/freeipa/ticket/5354 Sorry I misread that ticket in the commit message, because ipatool was unable to parse it from commit message Pushed to master: 185806432d6dfccc5cdd73815471ce60a575b073 I see no link to this ticket in the commit message in https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=185806432d6dfccc5cdd73815471ce60a575b073 Did you push old version of this patch? In general, I would suggest using the patch format from http://www.freeipa.org/page/Contribute/Patch_Format It makes automation easier... Martin Oh well, yes, my bad I will revert the wrong commit and push the right one Martin^2 Revert: master *478017357b50cb7fe30d6a4e26c3c47e111c91d0 Revert "adtrust: remove nttrustpartner parameter" The right patch: master: a0f953e0ff89900d9767df3e6ed868ae662616b4 adtrust: remove nttrustpartner parameter -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 10.06.2016 11:01, Martin Kosek wrote: On 06/10/2016 10:01 AM, Martin Basti wrote: On 09.06.2016 21:45, Alexander Bokovoy wrote: On Thu, 09 Jun 2016, Martin Basti wrote: On 09.06.2016 17:56, Martin Babinsky wrote: On 06/06/2016 01:37 PM, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Jan Cholasta wrote: On 6.6.2016 13:22, Martin Basti wrote: On 06.06.2016 13:14, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Martin Basti wrote: On 06.06.2016 12:36, Alexander Bokovoy wrote: Hi, MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. Part of https://fedorahosted.org/freeipa/ticket/5354 Hello, how is handled backward compatibility here, you just removes the option from API, without any additional logic for older clients. This is not used by the external clients at all. It is part of internal logic of the code in trust.py+com.redhat.trust.fetch-domains which always talk to the same server they are running on. @register() class trustdomain_add(LDAPCreate): __doc__ = _('Allow access from the trusted domain') NO_CLI = True Yes sorry, not old IPA clients, but it was part of API, shown in API browser, and since this was in API, it is set to stone. So If you think that it is safe to be removed and nobody can hit this, I'm okay for removing that option. Maybe we should at least wrote it to release notes (I'll let Honza to express his feelings as API versioning/compatibility sensei) IMHO it is safe to remove. And you forgot to increment api version in VERSION file Updated patch attached, with a VERSION change. ACK Is there any ticket for this? As I wrote in the commit message and in the email, it is part of https://fedorahosted.org/freeipa/ticket/5354 Sorry I misread that ticket in the commit message, because ipatool was unable to parse it from commit message Pushed to master: 185806432d6dfccc5cdd73815471ce60a575b073 I see no link to this ticket in the commit message in https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=185806432d6dfccc5cdd73815471ce60a575b073 Did you push old version of this patch? In general, I would suggest using the patch format from http://www.freeipa.org/page/Contribute/Patch_Format It makes automation easier... Martin Oh well, yes, my bad I will revert the wrong commit and push the right one Martin^2 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 06/10/2016 10:01 AM, Martin Basti wrote: > > > On 09.06.2016 21:45, Alexander Bokovoy wrote: >> On Thu, 09 Jun 2016, Martin Basti wrote: >>> >>> >>> On 09.06.2016 17:56, Martin Babinsky wrote: On 06/06/2016 01:37 PM, Alexander Bokovoy wrote: > On Mon, 06 Jun 2016, Jan Cholasta wrote: >> On 6.6.2016 13:22, Martin Basti wrote: >>> >>> >>> On 06.06.2016 13:14, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Martin Basti wrote: > > > On 06.06.2016 12:36, Alexander Bokovoy wrote: >> Hi, >> >> MS-ADTS spec requires that TrustPartner field should be equal to the >> commonName (cn) of the trust. We used it a bit wrongly to express >> trust relationship between parent and child domains. In fact, we >> have parent-child relationship recorded in the DN (child domains >> are part of the parent domain's container). >> >> Remove the argument that was never used externally but only >> supplied by >> trust-specific code inside the IPA framework. >> >> Part of https://fedorahosted.org/freeipa/ticket/5354 >> >> >> > > Hello, how is handled backward compatibility here, you just removes > the option from API, without any additional logic for older clients. This is not used by the external clients at all. It is part of internal logic of the code in trust.py+com.redhat.trust.fetch-domains which always talk to the same server they are running on. @register() class trustdomain_add(LDAPCreate): __doc__ = _('Allow access from the trusted domain') NO_CLI = True >>> >>> Yes sorry, not old IPA clients, but it was part of API, shown in API >>> browser, and since this was in API, it is set to stone. So If you think >>> that it is safe to be removed and nobody can hit this, I'm okay for >>> removing that option. Maybe we should at least wrote it to release notes >>> (I'll let Honza to express his feelings as API versioning/compatibility >>> sensei) >> >> IMHO it is safe to remove. >> >>> >>> And you forgot to increment api version in VERSION file > Updated patch attached, with a VERSION change. > > > ACK >>> >>> Is there any ticket for this? >> As I wrote in the commit message and in the email, >> it is part of https://fedorahosted.org/freeipa/ticket/5354 >> > Sorry I misread that ticket in the commit message, because ipatool was unable > to parse it from commit message > > Pushed to master: 185806432d6dfccc5cdd73815471ce60a575b073 I see no link to this ticket in the commit message in https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=185806432d6dfccc5cdd73815471ce60a575b073 Did you push old version of this patch? In general, I would suggest using the patch format from http://www.freeipa.org/page/Contribute/Patch_Format It makes automation easier... Martin -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 09.06.2016 21:45, Alexander Bokovoy wrote: On Thu, 09 Jun 2016, Martin Basti wrote: On 09.06.2016 17:56, Martin Babinsky wrote: On 06/06/2016 01:37 PM, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Jan Cholasta wrote: On 6.6.2016 13:22, Martin Basti wrote: On 06.06.2016 13:14, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Martin Basti wrote: On 06.06.2016 12:36, Alexander Bokovoy wrote: Hi, MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. Part of https://fedorahosted.org/freeipa/ticket/5354 Hello, how is handled backward compatibility here, you just removes the option from API, without any additional logic for older clients. This is not used by the external clients at all. It is part of internal logic of the code in trust.py+com.redhat.trust.fetch-domains which always talk to the same server they are running on. @register() class trustdomain_add(LDAPCreate): __doc__ = _('Allow access from the trusted domain') NO_CLI = True Yes sorry, not old IPA clients, but it was part of API, shown in API browser, and since this was in API, it is set to stone. So If you think that it is safe to be removed and nobody can hit this, I'm okay for removing that option. Maybe we should at least wrote it to release notes (I'll let Honza to express his feelings as API versioning/compatibility sensei) IMHO it is safe to remove. And you forgot to increment api version in VERSION file Updated patch attached, with a VERSION change. ACK Is there any ticket for this? As I wrote in the commit message and in the email, it is part of https://fedorahosted.org/freeipa/ticket/5354 Sorry I misread that ticket in the commit message, because ipatool was unable to parse it from commit message Pushed to master: 185806432d6dfccc5cdd73815471ce60a575b073 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On Thu, 09 Jun 2016, Martin Basti wrote: On 09.06.2016 17:56, Martin Babinsky wrote: On 06/06/2016 01:37 PM, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Jan Cholasta wrote: On 6.6.2016 13:22, Martin Basti wrote: On 06.06.2016 13:14, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Martin Basti wrote: On 06.06.2016 12:36, Alexander Bokovoy wrote: Hi, MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. Part of https://fedorahosted.org/freeipa/ticket/5354 Hello, how is handled backward compatibility here, you just removes the option from API, without any additional logic for older clients. This is not used by the external clients at all. It is part of internal logic of the code in trust.py+com.redhat.trust.fetch-domains which always talk to the same server they are running on. @register() class trustdomain_add(LDAPCreate): __doc__ = _('Allow access from the trusted domain') NO_CLI = True Yes sorry, not old IPA clients, but it was part of API, shown in API browser, and since this was in API, it is set to stone. So If you think that it is safe to be removed and nobody can hit this, I'm okay for removing that option. Maybe we should at least wrote it to release notes (I'll let Honza to express his feelings as API versioning/compatibility sensei) IMHO it is safe to remove. And you forgot to increment api version in VERSION file Updated patch attached, with a VERSION change. ACK Is there any ticket for this? As I wrote in the commit message and in the email, it is part of https://fedorahosted.org/freeipa/ticket/5354 -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 09.06.2016 17:56, Martin Babinsky wrote: On 06/06/2016 01:37 PM, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Jan Cholasta wrote: On 6.6.2016 13:22, Martin Basti wrote: On 06.06.2016 13:14, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Martin Basti wrote: On 06.06.2016 12:36, Alexander Bokovoy wrote: Hi, MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. Part of https://fedorahosted.org/freeipa/ticket/5354 Hello, how is handled backward compatibility here, you just removes the option from API, without any additional logic for older clients. This is not used by the external clients at all. It is part of internal logic of the code in trust.py+com.redhat.trust.fetch-domains which always talk to the same server they are running on. @register() class trustdomain_add(LDAPCreate): __doc__ = _('Allow access from the trusted domain') NO_CLI = True Yes sorry, not old IPA clients, but it was part of API, shown in API browser, and since this was in API, it is set to stone. So If you think that it is safe to be removed and nobody can hit this, I'm okay for removing that option. Maybe we should at least wrote it to release notes (I'll let Honza to express his feelings as API versioning/compatibility sensei) IMHO it is safe to remove. And you forgot to increment api version in VERSION file Updated patch attached, with a VERSION change. ACK Is there any ticket for this? Martin^2 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 06/06/2016 01:37 PM, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Jan Cholasta wrote: On 6.6.2016 13:22, Martin Basti wrote: On 06.06.2016 13:14, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Martin Basti wrote: On 06.06.2016 12:36, Alexander Bokovoy wrote: Hi, MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. Part of https://fedorahosted.org/freeipa/ticket/5354 Hello, how is handled backward compatibility here, you just removes the option from API, without any additional logic for older clients. This is not used by the external clients at all. It is part of internal logic of the code in trust.py+com.redhat.trust.fetch-domains which always talk to the same server they are running on. @register() class trustdomain_add(LDAPCreate): __doc__ = _('Allow access from the trusted domain') NO_CLI = True Yes sorry, not old IPA clients, but it was part of API, shown in API browser, and since this was in API, it is set to stone. So If you think that it is safe to be removed and nobody can hit this, I'm okay for removing that option. Maybe we should at least wrote it to release notes (I'll let Honza to express his feelings as API versioning/compatibility sensei) IMHO it is safe to remove. And you forgot to increment api version in VERSION file Updated patch attached, with a VERSION change. ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On Mon, 06 Jun 2016, Jan Cholasta wrote: On 6.6.2016 13:22, Martin Basti wrote: On 06.06.2016 13:14, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Martin Basti wrote: On 06.06.2016 12:36, Alexander Bokovoy wrote: Hi, MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. Part of https://fedorahosted.org/freeipa/ticket/5354 Hello, how is handled backward compatibility here, you just removes the option from API, without any additional logic for older clients. This is not used by the external clients at all. It is part of internal logic of the code in trust.py+com.redhat.trust.fetch-domains which always talk to the same server they are running on. @register() class trustdomain_add(LDAPCreate): __doc__ = _('Allow access from the trusted domain') NO_CLI = True Yes sorry, not old IPA clients, but it was part of API, shown in API browser, and since this was in API, it is set to stone. So If you think that it is safe to be removed and nobody can hit this, I'm okay for removing that option. Maybe we should at least wrote it to release notes (I'll let Honza to express his feelings as API versioning/compatibility sensei) IMHO it is safe to remove. And you forgot to increment api version in VERSION file Updated patch attached, with a VERSION change. -- / Alexander Bokovoy From 71feb298933b3e447c060f4ab70d23fb269a40e2 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 6 Jun 2016 11:42:34 +0300 Subject: [PATCH 3/4] adtrust: remove nttrustpartner parameter MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. Part of https://fedorahosted.org/freeipa/ticket/5354 --- API.txt | 9 ++ VERSION | 4 +-- install/ui/test/data/ipa_init_commands.json | 43 - install/ui/test/data/ipa_init_objects.json | 13 - ipaserver/plugins/trust.py | 4 --- 5 files changed, 5 insertions(+), 68 deletions(-) diff --git a/API.txt b/API.txt index d5fbc27..4247dd7 100644 --- a/API.txt +++ b/API.txt @@ -5323,14 +5323,13 @@ output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: trustdomain_add -args: 2,9,3 +args: 2,8,3 arg: Str('trustcn', cli_name='trust') arg: Str('cn', cli_name='domain') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('ipantflatname?', cli_name='flat_name') option: Str('ipanttrusteddomainsid?', cli_name='sid') -option: Str('ipanttrustpartner?') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: StrEnum('trust_type', autofill=True, cli_name='type', default=u'ad', values=[u'ad']) @@ -5364,14 +5363,13 @@ output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: trustdomain_find -args: 2,10,4 +args: 2,9,4 arg: Str('trustcn', cli_name='trust') arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='domain') option: Str('ipantflatname?', autofill=False, cli_name='flat_name') option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='sid') -option: Str('ipanttrustpartner?', autofill=False) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) @@ -5382,7 +5380,7 @@ output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: trustdomain_mod -args: 2,11,3 +args: 2,10,3 arg: Str('trustcn', cli_name='trust') arg: Str('cn', cli_name='domain') option: Str('addattr*', cli_name='addattr') @@ -5390,7 +5388,6 @@ option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('ipantflatname?', autofill=False, cli_name='flat_name') option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='sid') -option: Str('ipanttrustpartner?', autofill=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option:
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 6.6.2016 13:22, Martin Basti wrote: On 06.06.2016 13:14, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Martin Basti wrote: On 06.06.2016 12:36, Alexander Bokovoy wrote: Hi, MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. Part of https://fedorahosted.org/freeipa/ticket/5354 Hello, how is handled backward compatibility here, you just removes the option from API, without any additional logic for older clients. This is not used by the external clients at all. It is part of internal logic of the code in trust.py+com.redhat.trust.fetch-domains which always talk to the same server they are running on. @register() class trustdomain_add(LDAPCreate): __doc__ = _('Allow access from the trusted domain') NO_CLI = True Yes sorry, not old IPA clients, but it was part of API, shown in API browser, and since this was in API, it is set to stone. So If you think that it is safe to be removed and nobody can hit this, I'm okay for removing that option. Maybe we should at least wrote it to release notes (I'll let Honza to express his feelings as API versioning/compatibility sensei) IMHO it is safe to remove. And you forgot to increment api version in VERSION file Martin^2 -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 06.06.2016 13:14, Alexander Bokovoy wrote: On Mon, 06 Jun 2016, Martin Basti wrote: On 06.06.2016 12:36, Alexander Bokovoy wrote: Hi, MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. Part of https://fedorahosted.org/freeipa/ticket/5354 Hello, how is handled backward compatibility here, you just removes the option from API, without any additional logic for older clients. This is not used by the external clients at all. It is part of internal logic of the code in trust.py+com.redhat.trust.fetch-domains which always talk to the same server they are running on. @register() class trustdomain_add(LDAPCreate): __doc__ = _('Allow access from the trusted domain') NO_CLI = True Yes sorry, not old IPA clients, but it was part of API, shown in API browser, and since this was in API, it is set to stone. So If you think that it is safe to be removed and nobody can hit this, I'm okay for removing that option. Maybe we should at least wrote it to release notes (I'll let Honza to express his feelings as API versioning/compatibility sensei) And you forgot to increment api version in VERSION file Martin^2 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On Mon, 06 Jun 2016, Martin Basti wrote: On 06.06.2016 12:36, Alexander Bokovoy wrote: Hi, MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. Part of https://fedorahosted.org/freeipa/ticket/5354 Hello, how is handled backward compatibility here, you just removes the option from API, without any additional logic for older clients. This is not used by the external clients at all. It is part of internal logic of the code in trust.py+com.redhat.trust.fetch-domains which always talk to the same server they are running on. @register() class trustdomain_add(LDAPCreate): __doc__ = _('Allow access from the trusted domain') NO_CLI = True -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
On 06.06.2016 12:36, Alexander Bokovoy wrote: Hi, MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. Part of https://fedorahosted.org/freeipa/ticket/5354 Hello, how is handled backward compatibility here, you just removes the option from API, without any additional logic for older clients. Martin^2 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter
Hi, MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. Part of https://fedorahosted.org/freeipa/ticket/5354 -- / Alexander Bokovoy From a7569cf6d9e78da97fcffae78c7e22d30edbf42a Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 6 Jun 2016 11:42:34 +0300 Subject: [PATCH 3/4] adtrust: remove nttrustpartner parameter MS-ADTS spec requires that TrustPartner field should be equal to the commonName (cn) of the trust. We used it a bit wrongly to express trust relationship between parent and child domains. In fact, we have parent-child relationship recorded in the DN (child domains are part of the parent domain's container). Remove the argument that was never used externally but only supplied by trust-specific code inside the IPA framework. --- API.txt | 9 ++ install/ui/test/data/ipa_init_commands.json | 43 - install/ui/test/data/ipa_init_objects.json | 13 - ipaserver/plugins/trust.py | 4 --- 4 files changed, 3 insertions(+), 66 deletions(-) diff --git a/API.txt b/API.txt index d5fbc27..4247dd7 100644 --- a/API.txt +++ b/API.txt @@ -5323,14 +5323,13 @@ output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: trustdomain_add -args: 2,9,3 +args: 2,8,3 arg: Str('trustcn', cli_name='trust') arg: Str('cn', cli_name='domain') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('ipantflatname?', cli_name='flat_name') option: Str('ipanttrusteddomainsid?', cli_name='sid') -option: Str('ipanttrustpartner?') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: StrEnum('trust_type', autofill=True, cli_name='type', default=u'ad', values=[u'ad']) @@ -5364,14 +5363,13 @@ output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: trustdomain_find -args: 2,10,4 +args: 2,9,4 arg: Str('trustcn', cli_name='trust') arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='domain') option: Str('ipantflatname?', autofill=False, cli_name='flat_name') option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='sid') -option: Str('ipanttrustpartner?', autofill=False) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) @@ -5382,7 +5380,7 @@ output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: trustdomain_mod -args: 2,11,3 +args: 2,10,3 arg: Str('trustcn', cli_name='trust') arg: Str('cn', cli_name='domain') option: Str('addattr*', cli_name='addattr') @@ -5390,7 +5388,6 @@ option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('ipantflatname?', autofill=False, cli_name='flat_name') option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='sid') -option: Str('ipanttrustpartner?', autofill=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') diff --git a/install/ui/test/data/ipa_init_commands.json b/install/ui/test/data/ipa_init_commands.json index c7f717c..b5c482e 100644 --- a/install/ui/test/data/ipa_init_commands.json +++ b/install/ui/test/data/ipa_init_commands.json @@ -22023,20 +22023,6 @@ "type": "unicode" }, { -"attribute": true, -"class": "Str", -"deprecated_cli_aliases": [], -"doc": "Trusted domain partner", -"flags": [ -"no_display", -"no_option" -], -"label": "Trusted domain partner", -"name": "ipanttrustpartner", -"noextrawhitespace": true, -"type": "unicode" -}, -{ "name": "setattr" }, { @@ -22142,21 +22128,6 @@ "type": "unicode" }, { -"attribute": true, -"class": "Str", -