-
Notifications
You must be signed in to change notification settings - Fork 232
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: Member management refactor. #923
Draft
rjeffman
wants to merge
12
commits into
freeipa:master
Choose a base branch
from
rjeffman:sudorule_refactor
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
+887
−1,216
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rjeffman
force-pushed
the
sudorule_refactor
branch
from
September 27, 2022 12:47
cc0c84a
to
c3c4733
Compare
rjeffman
force-pushed
the
sudorule_refactor
branch
from
January 22, 2023 04:40
c3c4733
to
65b9991
Compare
Member management in modules is similar in each module and involve a lot of code duplication, for example, add/del list management. The problem with this approach is that bugs, like idempotence bugs, may require changes in several modules, when it is found that the similar idiom used is flawed. Another issue is the need to duplicate the code, which can lead to errors. This patch proposes a method to centralize the creation of the IPA commands for object members, provided the IPA API method names and a mapping between IPA API parameter, module parameter and the LDAP attributes of the object. With this crentralized approach, fixes, optimizations, and code changes can be made in a single place, without requiring every plugin to be changed.
Several modules depend on parameters that require the same kind of data transformation, and this transformation is usually reimplemented on each module. This patch proposes a different approach, where data transformation functions are provided to be used by any module, or as arguments for methods that process parameters, like the parameter mapping used by gen_member_manage_commands. The following transformation functions are provided: * transform_lowercase: ensure strings are lowercase * transform_hostmask: ensure hostmasks values are network CIDR. * transform_host_fqdn: ensure hostnames are FQDN. * transform_host_param: ensure host parameters are lowercase FQDN. * transform_service_param: ensure services parameters are lowercase principals.
rjeffman
force-pushed
the
sudorule_refactor
branch
from
February 11, 2023 19:33
762c285
to
4b7ba97
Compare
Change ipasudorule to use the global member management method.
Change ipasudocmdgroup to use the global member management method.
Change ipaservice to use the global member management method.
Change ipaservicedelegationtarget to use the global member management method.
Change ipaservicedelegationrule to use the global member management method.
Change iparole to use the global member management method. NOTE: This changes modify the behavior of the 'service' member, by not preserving case.
Change ipagroup to use the global member management method.
Change ipahbacrule to use the global member management method.
Change ipahbacsvcgroup to use the global member management method.
The function servicedelegation_normalize_principals acn be used to normalize principals, but would work only on list or tuples. With this patch a simple string can be passed as the 'principal' argument and will also be normalized.
rjeffman
force-pushed
the
sudorule_refactor
branch
from
February 11, 2023 19:57
4b7ba97
to
5cb40a8
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.