Re: [Freeipa-devel] [PATCH] 067 A new flag to disable creation of UPG
On Tue, 2011-05-24 at 12:09 -0400, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On Mon, 2011-05-23 at 17:32 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2011-05-20 at 10:58 -0400, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On Mon, 2011-05-16 at 22:12 -0400, Rob Crittenden wrote: Martin Kosek wrote: This patch is based on old Pavel's patch. I am considering applying the patch for master branch only as it changes an API (adds a new flag) and is a sort of new-functionality-ish. -- Automatic creation may of User Private Groups (UPG) may not be wanted at all times. This patch adds a new flag --noprivate to ipa user-add command to disable it. https://fedorahosted.org/freeipa/ticket/1131 Nack, setattr and addattr are removed from API.txt. I'm guessing it's a side-effect of some change here. The approach generally looks good. rob You are right, this was a side-effect in user.py. I fixed the problem, updated patch is attached. Martin This looks good, just a couple of requests: 1. Bump the minor API version since we are adding a new flag 2. Add a self-test for not creating a private group rob Oh, and looking back at the user I create it still has the UPG magic in the description attribute. rob Thanks for careful review, I missed this bug in the original patch. UPG magic has been removed from the description and a test checking all this has been added. Martin I'm getting this on output, not sure if it is a bug in my tree or not: # ipa user-add --first=tim --last=user tuser3 --all --noprivate --- Added user tuser3 --- dn: uid=tuser3,cn=users,cn=accounts,dc=greyoak,dc=com User login: tuser3 First name: tim Last name: user Full name: tim user Display name: tim user Initials: tu Home directory: /home/tuser3 GECOS field: tim user Login shell: /bin/sh Kerberos principal: tus...@greyoak.com UID: 20406 GID: 20401 ipa: ERROR: IndexError: tuple index out of range Traceback (most recent call last): File /usr/lib/python2.7/site-packages/ipalib/cli.py, line 1103, in run sys.exit(api.Backend.cli.run(argv)) File /usr/lib/python2.7/site-packages/ipalib/cli.py, line 930, in run rv = cmd.output_for_cli(self.api.Backend.textui, result, *args, **options) File /usr/lib/python2.7/site-packages/ipalib/frontend.py, line 956, in output_for_cli textui.print_entry(result, order, labels, flags, print_all) File /usr/lib/python2.7/site-packages/ipalib/cli.py, line 388, in print_entry if type(entry[key]) in (tuple, list) and isinstance(entry[key][0], dict): IndexError: tuple index out of range ipa: ERROR: an internal error has occurred Otherwise things look ok. rob Hmm, that's strange. Doesn't happen for me: $ ipa user-add --first=tim --last=user tuser3 --all --noprivate --- Added user tuser3 --- dn: uid=tuser3,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com User login: tuser3 First name: tim Last name: user Full name: tim user Display name: tim user Initials: tu Home directory: /home/tuser3 GECOS field: tim user Login shell: /bin/sh Kerberos principal: tus...@idm.lab.bos.redhat.com UID: 557200036 GID: 55721 ipauniqueid: 07b2864e-85e1-11e0-957d-00163e0605ff krbpwdpolicyreference: cn=global_policy,cn=IDM.LAB.BOS.REDHAT.COM,cn=kerberos,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject Can you please try again with a clean tree and only my patch applied? Sure, I'll give it a fresh look this morning. Tried with a fresh tree, looks good. ack rob Pushed to master only. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 067 A new flag to disable creation of UPG
On Mon, 2011-05-23 at 17:32 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2011-05-20 at 10:58 -0400, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On Mon, 2011-05-16 at 22:12 -0400, Rob Crittenden wrote: Martin Kosek wrote: This patch is based on old Pavel's patch. I am considering applying the patch for master branch only as it changes an API (adds a new flag) and is a sort of new-functionality-ish. -- Automatic creation may of User Private Groups (UPG) may not be wanted at all times. This patch adds a new flag --noprivate to ipa user-add command to disable it. https://fedorahosted.org/freeipa/ticket/1131 Nack, setattr and addattr are removed from API.txt. I'm guessing it's a side-effect of some change here. The approach generally looks good. rob You are right, this was a side-effect in user.py. I fixed the problem, updated patch is attached. Martin This looks good, just a couple of requests: 1. Bump the minor API version since we are adding a new flag 2. Add a self-test for not creating a private group rob Oh, and looking back at the user I create it still has the UPG magic in the description attribute. rob Thanks for careful review, I missed this bug in the original patch. UPG magic has been removed from the description and a test checking all this has been added. Martin I'm getting this on output, not sure if it is a bug in my tree or not: # ipa user-add --first=tim --last=user tuser3 --all --noprivate --- Added user tuser3 --- dn: uid=tuser3,cn=users,cn=accounts,dc=greyoak,dc=com User login: tuser3 First name: tim Last name: user Full name: tim user Display name: tim user Initials: tu Home directory: /home/tuser3 GECOS field: tim user Login shell: /bin/sh Kerberos principal: tus...@greyoak.com UID: 20406 GID: 20401 ipa: ERROR: IndexError: tuple index out of range Traceback (most recent call last): File /usr/lib/python2.7/site-packages/ipalib/cli.py, line 1103, in run sys.exit(api.Backend.cli.run(argv)) File /usr/lib/python2.7/site-packages/ipalib/cli.py, line 930, in run rv = cmd.output_for_cli(self.api.Backend.textui, result, *args, **options) File /usr/lib/python2.7/site-packages/ipalib/frontend.py, line 956, in output_for_cli textui.print_entry(result, order, labels, flags, print_all) File /usr/lib/python2.7/site-packages/ipalib/cli.py, line 388, in print_entry if type(entry[key]) in (tuple, list) and isinstance(entry[key][0], dict): IndexError: tuple index out of range ipa: ERROR: an internal error has occurred Otherwise things look ok. rob Hmm, that's strange. Doesn't happen for me: $ ipa user-add --first=tim --last=user tuser3 --all --noprivate --- Added user tuser3 --- dn: uid=tuser3,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com User login: tuser3 First name: tim Last name: user Full name: tim user Display name: tim user Initials: tu Home directory: /home/tuser3 GECOS field: tim user Login shell: /bin/sh Kerberos principal: tus...@idm.lab.bos.redhat.com UID: 557200036 GID: 55721 ipauniqueid: 07b2864e-85e1-11e0-957d-00163e0605ff krbpwdpolicyreference: cn=global_policy,cn=IDM.LAB.BOS.REDHAT.COM,cn=kerberos,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject Can you please try again with a clean tree and only my patch applied? I have a one more question. Bumping minor API version makes the client incompatible and it fails to operate. Is this OK? I thought it would be incompatible only when a major version changes: $ ipa user-add --first=tim --last=user tuser3 --all --noprivate ipa: ERROR: 2.2 client incompatible with 2.1 server at u'https://vm-027.idm.lab.bos.redhat.com/ipa/xml' Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 067 A new flag to disable creation of UPG
Martin Kosek wrote: On Mon, 2011-05-23 at 17:32 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2011-05-20 at 10:58 -0400, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On Mon, 2011-05-16 at 22:12 -0400, Rob Crittenden wrote: Martin Kosek wrote: This patch is based on old Pavel's patch. I am considering applying the patch for master branch only as it changes an API (adds a new flag) and is a sort of new-functionality-ish. -- Automatic creation may of User Private Groups (UPG) may not be wanted at all times. This patch adds a new flag --noprivate to ipa user-add command to disable it. https://fedorahosted.org/freeipa/ticket/1131 Nack, setattr and addattr are removed from API.txt. I'm guessing it's a side-effect of some change here. The approach generally looks good. rob You are right, this was a side-effect in user.py. I fixed the problem, updated patch is attached. Martin This looks good, just a couple of requests: 1. Bump the minor API version since we are adding a new flag 2. Add a self-test for not creating a private group rob Oh, and looking back at the user I create it still has the UPG magic in the description attribute. rob Thanks for careful review, I missed this bug in the original patch. UPG magic has been removed from the description and a test checking all this has been added. Martin I'm getting this on output, not sure if it is a bug in my tree or not: # ipa user-add --first=tim --last=user tuser3 --all --noprivate --- Added user tuser3 --- dn: uid=tuser3,cn=users,cn=accounts,dc=greyoak,dc=com User login: tuser3 First name: tim Last name: user Full name: tim user Display name: tim user Initials: tu Home directory: /home/tuser3 GECOS field: tim user Login shell: /bin/sh Kerberos principal: tus...@greyoak.com UID: 20406 GID: 20401 ipa: ERROR: IndexError: tuple index out of range Traceback (most recent call last): File /usr/lib/python2.7/site-packages/ipalib/cli.py, line 1103, in run sys.exit(api.Backend.cli.run(argv)) File /usr/lib/python2.7/site-packages/ipalib/cli.py, line 930, in run rv = cmd.output_for_cli(self.api.Backend.textui, result, *args, **options) File /usr/lib/python2.7/site-packages/ipalib/frontend.py, line 956, in output_for_cli textui.print_entry(result, order, labels, flags, print_all) File /usr/lib/python2.7/site-packages/ipalib/cli.py, line 388, in print_entry if type(entry[key]) in (tuple, list) and isinstance(entry[key][0], dict): IndexError: tuple index out of range ipa: ERROR: an internal error has occurred Otherwise things look ok. rob Hmm, that's strange. Doesn't happen for me: $ ipa user-add --first=tim --last=user tuser3 --all --noprivate --- Added user tuser3 --- dn: uid=tuser3,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com User login: tuser3 First name: tim Last name: user Full name: tim user Display name: tim user Initials: tu Home directory: /home/tuser3 GECOS field: tim user Login shell: /bin/sh Kerberos principal: tus...@idm.lab.bos.redhat.com UID: 557200036 GID: 55721 ipauniqueid: 07b2864e-85e1-11e0-957d-00163e0605ff krbpwdpolicyreference: cn=global_policy,cn=IDM.LAB.BOS.REDHAT.COM,cn=kerberos,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject Can you please try again with a clean tree and only my patch applied? Sure, I'll give it a fresh look this morning. I have a one more question. Bumping minor API version makes the client incompatible and it fails to operate. Is this OK? I thought it would be incompatible only when a major version changes: $ ipa user-add --first=tim --last=user tuser3 --all --noprivate ipa: ERROR: 2.2 client incompatible with 2.1 server at u'https://vm-027.idm.lab.bos.redhat.com/ipa/xml' Martin Right, you've added a flag that an API 2.1 server won't understand. So a lower minor version can talk to a higher minor version but not the other way around. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 067 A new flag to disable creation of UPG
Rob Crittenden wrote: Martin Kosek wrote: On Mon, 2011-05-23 at 17:32 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2011-05-20 at 10:58 -0400, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On Mon, 2011-05-16 at 22:12 -0400, Rob Crittenden wrote: Martin Kosek wrote: This patch is based on old Pavel's patch. I am considering applying the patch for master branch only as it changes an API (adds a new flag) and is a sort of new-functionality-ish. -- Automatic creation may of User Private Groups (UPG) may not be wanted at all times. This patch adds a new flag --noprivate to ipa user-add command to disable it. https://fedorahosted.org/freeipa/ticket/1131 Nack, setattr and addattr are removed from API.txt. I'm guessing it's a side-effect of some change here. The approach generally looks good. rob You are right, this was a side-effect in user.py. I fixed the problem, updated patch is attached. Martin This looks good, just a couple of requests: 1. Bump the minor API version since we are adding a new flag 2. Add a self-test for not creating a private group rob Oh, and looking back at the user I create it still has the UPG magic in the description attribute. rob Thanks for careful review, I missed this bug in the original patch. UPG magic has been removed from the description and a test checking all this has been added. Martin I'm getting this on output, not sure if it is a bug in my tree or not: # ipa user-add --first=tim --last=user tuser3 --all --noprivate --- Added user tuser3 --- dn: uid=tuser3,cn=users,cn=accounts,dc=greyoak,dc=com User login: tuser3 First name: tim Last name: user Full name: tim user Display name: tim user Initials: tu Home directory: /home/tuser3 GECOS field: tim user Login shell: /bin/sh Kerberos principal: tus...@greyoak.com UID: 20406 GID: 20401 ipa: ERROR: IndexError: tuple index out of range Traceback (most recent call last): File /usr/lib/python2.7/site-packages/ipalib/cli.py, line 1103, in run sys.exit(api.Backend.cli.run(argv)) File /usr/lib/python2.7/site-packages/ipalib/cli.py, line 930, in run rv = cmd.output_for_cli(self.api.Backend.textui, result, *args, **options) File /usr/lib/python2.7/site-packages/ipalib/frontend.py, line 956, in output_for_cli textui.print_entry(result, order, labels, flags, print_all) File /usr/lib/python2.7/site-packages/ipalib/cli.py, line 388, in print_entry if type(entry[key]) in (tuple, list) and isinstance(entry[key][0], dict): IndexError: tuple index out of range ipa: ERROR: an internal error has occurred Otherwise things look ok. rob Hmm, that's strange. Doesn't happen for me: $ ipa user-add --first=tim --last=user tuser3 --all --noprivate --- Added user tuser3 --- dn: uid=tuser3,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com User login: tuser3 First name: tim Last name: user Full name: tim user Display name: tim user Initials: tu Home directory: /home/tuser3 GECOS field: tim user Login shell: /bin/sh Kerberos principal: tus...@idm.lab.bos.redhat.com UID: 557200036 GID: 55721 ipauniqueid: 07b2864e-85e1-11e0-957d-00163e0605ff krbpwdpolicyreference: cn=global_policy,cn=IDM.LAB.BOS.REDHAT.COM,cn=kerberos,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject Can you please try again with a clean tree and only my patch applied? Sure, I'll give it a fresh look this morning. Tried with a fresh tree, looks good. ack rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 067 A new flag to disable creation of UPG
On Fri, 2011-05-20 at 10:58 -0400, Rob Crittenden wrote: Rob Crittenden wrote: Martin Kosek wrote: On Mon, 2011-05-16 at 22:12 -0400, Rob Crittenden wrote: Martin Kosek wrote: This patch is based on old Pavel's patch. I am considering applying the patch for master branch only as it changes an API (adds a new flag) and is a sort of new-functionality-ish. -- Automatic creation may of User Private Groups (UPG) may not be wanted at all times. This patch adds a new flag --noprivate to ipa user-add command to disable it. https://fedorahosted.org/freeipa/ticket/1131 Nack, setattr and addattr are removed from API.txt. I'm guessing it's a side-effect of some change here. The approach generally looks good. rob You are right, this was a side-effect in user.py. I fixed the problem, updated patch is attached. Martin This looks good, just a couple of requests: 1. Bump the minor API version since we are adding a new flag 2. Add a self-test for not creating a private group rob Oh, and looking back at the user I create it still has the UPG magic in the description attribute. rob Thanks for careful review, I missed this bug in the original patch. UPG magic has been removed from the description and a test checking all this has been added. Martin From c6cf0ccd4ab05f4c2f2da3083b7e5670ef8dc711 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Mon, 16 May 2011 12:56:04 +0200 Subject: [PATCH] A new flag to disable creation of UPG Automatic creation may of User Private Groups (UPG) may not be wanted at all times. This patch adds a new flag --noprivate to ipa user-add command to disable it. https://fedorahosted.org/freeipa/ticket/1131 --- API.txt|3 +- VERSION|2 +- install/share/user_private_groups.ldif |2 +- install/updates/50-suppress-upg.update |2 + install/updates/Makefile.am|1 + ipalib/plugins/user.py | 53 --- tests/test_xmlrpc/test_group_plugin.py | 44 ++ 7 files changed, 92 insertions(+), 15 deletions(-) create mode 100644 install/updates/50-suppress-upg.update diff --git a/API.txt b/API.txt index cd37b670304ce8675aacb619e13fe23d9779a138..c2034746dcbd639f8d768ca00fd0095b48667167 100644 --- a/API.txt +++ b/API.txt @@ -2524,7 +2524,7 @@ output: Output('summary', (type 'unicode', type 'NoneType'), 'User-friendly output: Entry('result', type 'dict', Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('value', type 'unicode', The primary_key value of the entry, e.g. 'jdoe' for a user) command: user_add -args: 1,30,3 +args: 1,31,3 arg: Str('uid', attribute=True, cli_name='login', default_from=DefaultFrom(lambda, 'givenname', 'sn'), label=Gettext('User login', domain='ipa', localedir=None), maxlength=255, multivalue=False, normalizer=lambda, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', pattern_errmsg='may only include letters, numbers, _, -, . and $', primary_key=True, required=True) option: Str('givenname', attribute=True, cli_name='first', label=Gettext('First name', domain='ipa', localedir=None), multivalue=False, required=True) option: Str('sn', attribute=True, cli_name='last', label=Gettext('Last name', domain='ipa', localedir=None), multivalue=False, required=True) @@ -2553,6 +2553,7 @@ option: Str('manager', attribute=True, cli_name='manager', label=Gettext('Manage option: Str('carlicense', attribute=True, cli_name='carlicense', label=Gettext('Car License', domain='ipa', localedir=None), multivalue=False, required=False) option: Str('addattr*', validate_add_attribute, cli_name='addattr', exclude='webui') option: Str('setattr*', validate_set_attribute, cli_name='setattr', exclude='webui') +option: Flag('noprivate', autofill=True, cli_name='noprivate', default=False) option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', flags=['no_output']) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui', flags=['no_output']) option: Str('version?', exclude='webui', flags=['no_option', 'no_output']) diff --git a/VERSION b/VERSION index fc5718dd793c4e61d79d8648f0aab01168413607..44de4f5f575f96b6ce4346000ec7627afa24d354 100644 --- a/VERSION +++ b/VERSION @@ -79,4 +79,4 @@ IPA_DATA_VERSION=2010061412 # # IPA_API_VERSION_MAJOR=2 -IPA_API_VERSION_MINOR=1 +IPA_API_VERSION_MINOR=2 diff --git a/install/share/user_private_groups.ldif b/install/share/user_private_groups.ldif index 9df729a47207d2ab3dd30f763a73d05b102d882b..41a78ba0b670693280e0bff77c9bc18201f7c34a 100644 --- a/install/share/user_private_groups.ldif +++ b/install/share/user_private_groups.ldif @@ -15,7 +15,7 @@ changetype: add objectclass: extensibleObject cn: UPG
Re: [Freeipa-devel] [PATCH] 067 A new flag to disable creation of UPG
Martin Kosek wrote: On Mon, 2011-05-16 at 22:12 -0400, Rob Crittenden wrote: Martin Kosek wrote: This patch is based on old Pavel's patch. I am considering applying the patch for master branch only as it changes an API (adds a new flag) and is a sort of new-functionality-ish. -- Automatic creation may of User Private Groups (UPG) may not be wanted at all times. This patch adds a new flag --noprivate to ipa user-add command to disable it. https://fedorahosted.org/freeipa/ticket/1131 Nack, setattr and addattr are removed from API.txt. I'm guessing it's a side-effect of some change here. The approach generally looks good. rob You are right, this was a side-effect in user.py. I fixed the problem, updated patch is attached. Martin This looks good, just a couple of requests: 1. Bump the minor API version since we are adding a new flag 2. Add a self-test for not creating a private group rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 067 A new flag to disable creation of UPG
Martin Kosek wrote: This patch is based on old Pavel's patch. I am considering applying the patch for master branch only as it changes an API (adds a new flag) and is a sort of new-functionality-ish. -- Automatic creation may of User Private Groups (UPG) may not be wanted at all times. This patch adds a new flag --noprivate to ipa user-add command to disable it. https://fedorahosted.org/freeipa/ticket/1131 Nack, setattr and addattr are removed from API.txt. I'm guessing it's a side-effect of some change here. The approach generally looks good. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel