Re: [Freeipa-devel] [PATCH] 069 Improve interactive mode for DNS plugin
On Wed, 2011-06-01 at 16:18 -0400, Rob Crittenden wrote: > Martin Kosek wrote: > > On Fri, 2011-05-27 at 16:25 -0400, Rob Crittenden wrote: > >> Martin Kosek wrote: > >>> On Thu, 2011-05-26 at 22:39 -0400, Rob Crittenden wrote: > Martin Kosek wrote: > > Interactive mode for commands manipulating with DNS records > > (dnsrecord-add, dnsrecord-del) is not usable. This patch enhances > > the server framework with new callback for interactive mode, which > > can be used by commands to inject their own interactive handling. > > > > The callback is then used to improve aforementioned commands' > > interactive mode. > > > > https://fedorahosted.org/freeipa/ticket/1018 > > This works pretty nicely but it seems like with just a bit more it can > be great. > > Can you add some doc examples for how this works? > >>> > >>> Done. At least user will know that we have a feature like that to offer. > >>> > > And you display the records now and then prompt for each to delete. Can > you combine the two? > > For example: > > ipa dnsrecord-del greyoak.com lion > No option to delete specific record provided. > Delete all? Yes/No (default No): > Current DNS record contents: > > A record: 192.168.166.32 > > Enter value(s) to remove: > [A record]: > > If we know there is an record why not just prompt for each value yes/no > to delete? > >>> > >>> Actually, this is a very good idea, I like it. I updated the patch so > >>> that the user can only do yes/no decision in ipa dnsrecord-del > >>> interactive mode. This makes dnsrecord-del interactive mode very usable. > >>> > > The yes/no function needs more documentation on what default does too. > It appears that the possible values are None/True/False and that None > means that '' can be returned (which could still be evaluated as False > if this isn't used right). > >>> > >>> Done. '' shouldn't be returned as I return the value of "default" if it > >>> is not None. But yes, it needed more documenting. > >>> > >>> Updated patch is attached. It may need some language corrections, I am > >>> no native speaker. > >>> > >>> Martin > >> > >> Not to be too pedantic but... > >> > >> The result variable isn't really used, a while True: would suffice. > >> > >> I'm not really sure what the purpose of default = None is. I think a > >> True/False is more appropriate, this 3rd answer of a binary question is > >> confusing. > > > > I fixed the result variable. This was a left-over from function > > evolution. > > > > I am not sure why is the yes/no function still confusing. Maybe I miss > > something. I improved function help a bit. But let me explain: > > > > If default is None, that means that there is no default answer to yes/no > > question and user has to answer either "y" or "n". He cannot skip the > > answer and is prompted until the answer is given. > > > > When default is True, user can just enter empty answer, which is treated > > as "yes" and True is returned. > > > > When default is False and user enters empty answer, it is treated as > > "no" and False is returned. > > > > None shouldn't be returned at all... (Maybe only in a case of an error) > > > > Martin > > > > Wow, this is very nice indeed. Ack. > > rob Thanks :-) Pushed to master. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 068 Connection check program for replica installation
On Sat, 2011-05-28 at 10:13 +0200, Martin Kosek wrote: > On Sat, 2011-05-28 at 00:10 -0400, Rob Crittenden wrote: > > Martin Kosek wrote: > > > On Mon, 2011-05-23 at 16:41 -0400, Rob Crittenden wrote: > > >> Martin Kosek wrote: > > >>> This is a first version of connection checking program for replica > > >>> installation. See patch for program purpose description. Currently, > > >>> there is no man pages for the program. > > >>> > > >>> Note to Simo and Rob: I use password for logging as admin. Btw would it > > >>> be safe to have an admin keytab in the replica file? Replica file > > >>> contents are lying freely in /tmp after the replica installation. > > >>> > > >>> Martin > > >> > > >> nack, you aren't including the new binary in the spec. > > > > > > Oh, thanks for this one. > > > > > >> > > >> You should also: > > >> > > >> - set KRB5CCNAME to a temporary ccache and remove that when the install > > >> exists (successful or not) > > > > > > Done. > > > > > >> - remove the temporary krb5.conf you create > > > > > > Done. > > > > > >> - be a bit more explicit what we are doing, at least more than "Run > > >> connection check to master". > > > > > > Actually, I am if you run the new script separately. I removed "--quiet" > > > parameter passed to the script in ipa-replica-install so that it is more > > > verbose. Plus, I improved texts sent to the user. > > > > > >> - yes, we should remove the replica file contents > > > > > > I enhanced ipa-replica-install to do that. > > > > > > Martin > > > > > > > Works great until the very end: > > ... > > ... > > > > Execute check on remote master > > Check connection from master to remote replica 'slinky.greyoak.com': > > Directory Service: unsecure port (389): FAILED > > Directory Service: secure port (636): FAILED > > Kerberos (88): OK > > > > Remote master check failed with following error message(s): > > Could not chdir to home directory /home/admin: No such file or directory > > Port check failed! Unaccessible port(s): 389, 636 > > > > Connection check failed with following error: None > > > > rob > > Right, I introduced this wrong error message in the last patch. I fixed > this one and also one typo. Updated patch attached. > > Martin I created a man page for the new program. Please feel free to fix/propose a fix for any language errors that may be there. Missing records in Makefile.am for both man page and the new program have been added. Martin >From a9f7130c221d9657713b5f1140b1c745d2857140 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Sun, 22 May 2011 19:17:07 +0200 Subject: [PATCH] Connection check program for replica installation When connection between a master machine and future replica is not sane, the replica installation may fail unexpectedly with inconvenient error messages. One common problem is misconfigured firewall. This patch adds a program ipa-replica-conncheck which tests the connection using the following procedure: 1) Execute the on-replica check testing the connection to master 2) Open required ports on local machine 3) Ask user to run the on-master part of the check OR run it automatically: a) kinit to master as default admin user with given password b) run the on-master part using ssh 4) When master part is executed, it checks connection back to the replica and prints the check result This program is run by ipa-replica-install as mandatory part. It can, however, be skipped using --skip-conncheck option. ipa-replica-install now requires password for admin user to run the command on remote master. https://fedorahosted.org/freeipa/ticket/1107 --- freeipa.spec.in |2 + install/po/Makefile.in|1 + install/tools/Makefile.am |1 + install/tools/ipa-replica-conncheck | 372 + install/tools/ipa-replica-install | 40 +++ install/tools/man/Makefile.am |1 + install/tools/man/ipa-replica-conncheck.1 | 87 +++ install/tools/man/ipa-replica-install.1 |6 + ipapython/ipautil.py | 73 ++ 9 files changed, 583 insertions(+), 0 deletions(-) create mode 100755 install/tools/ipa-replica-conncheck create mode 100644 install/tools/man/ipa-replica-conncheck.1 diff --git a/freeipa.spec.in b/freeipa.spec.in index fba2f31e5586457c74d84430d46e57190891d7d6..5c6c8a562e8c12791c059f96916c5519368385d2 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -358,6 +358,7 @@ fi %doc COPYING README Contributors.txt %{_sbindir}/ipa-dns-install %{_sbindir}/ipa-server-install +%{_sbindir}/ipa-replica-conncheck %{_sbindir}/ipa-replica-install %{_sbindir}/ipa-replica-prepare %{_sbindir}/ipa-replica-manage @@ -425,6 +426,7 @@ fi %dir %{_localstatedir}/cache/ipa %attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions %attr(700,root,root) %dir %{_localstatedir}/cache/ipa/kpasswd +%{_mandir}/man1/ipa-replica-conncheck.1.gz %{_mandir}/man1/
[Freeipa-devel] FreeIPA Auto Membership CLI
I need feed back from the group regarding how we should present the output for Clarity, the 389 Directory Server Auto Membership Plugin... Currently, the output looks like this: ---=== EXAMPLE ===--- [root@auth2 ~]# ipa clarityrule-show testrule --all dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com Clarity Rule: testrule Membership filter: objectclass=ipaHost Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com Inclusive Regex: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^web[1-9]+.example.com, cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^mail[1-9]+.example.com, cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^www[1-9]+.example.com Exclusive Regex: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com:blacklist www5:fqdn=^www5\.example\.com automembergroupingattr: member:dn automemberscope: dc=expertcity,dc=com objectclass: top, automemberdefinition ---=== EXAMPLE ===--- Each rule in the definition object is broken down into 3 distinct parts: Group to modify, Description, Attribute + Regular Expression to match. As time progresses it will be likely that these rules could get long and visually unappealing. I would like to know how we might better represent this info. Perhaps a breakout with indentation for each unique group defined in each rule? ---===SUGGESTION===--- [root@auth2 ~]# ipa clarityrule-show testrule --all dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com Clarity Rule: testrule Membership filter: objectclass=ipaHost Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com Inclusive Regex: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com FrontEnd: fqdn=^web[1-9]+.example.com, MainSite: fqdn=^www[1-9]+.example.com cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com SMTP: fqdn=^mail[1-9]+.example.com, Exclusive Regex: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com blacklist: www5:fqdn=^www5\.example\.com automembergroupingattr: member:dn automemberscope: dc=expertcity,dc=com objectclass: top, automemberdefinition ---===SUGGESTION===--- Using these rules, the Auto Membership Plugin monitors for insertions into the LDAP directory matching the Membership Filter; In this example, objectclass=ipaHost The object matching the filter is then compared against the exclusive rules to make sure there is not a marker which indicates the object should NOT be a member of a given group. Then the object is compared against the inclusive rules to determine if there is a match. If there is a match, the object is added to the group defined in the matching rule. If all rules are exhausted, the object is optionally added to the group defined by the Default Group attribute of the Definition. You can view the design document here for more details on the how the rules are represented within the raw directory. http://directory.fedoraproject.org/wiki/Auto_Membership_Design ~ Jr Aquino, GCIH | Information Security Specialist Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117 T: +1 805.690.3478 jr.aqu...@citrixonline.com http://www.citrixonline.com ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FreeIPA Auto Membership CLI
On 06/02/2011 11:39 AM, JR Aquino wrote: > I need feed back from the group regarding how we should present the output > for Clarity, the 389 Directory Server Auto Membership Plugin... > > Currently, the output looks like this: > > ---=== EXAMPLE ===--- > [root@auth2 ~]# ipa clarityrule-show testrule --all > dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com > Clarity Rule: testrule > Membership filter: objectclass=ipaHost > Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com > Inclusive Regex: > cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^web[1-9]+.example.com, > > cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^mail[1-9]+.example.com, > > cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^www[1-9]+.example.com > Exclusive Regex: > cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com:blacklist > www5:fqdn=^www5\.example\.com > automembergroupingattr: member:dn > automemberscope: dc=expertcity,dc=com > objectclass: top, automemberdefinition > ---=== EXAMPLE ===--- > > Each rule in the definition object is broken down into 3 distinct parts: > Group to modify, Description, Attribute + Regular Expression to match. > > As time progresses it will be likely that these rules could get long and > visually unappealing. I would like to know how we might better represent > this info. > > Perhaps a breakout with indentation for each unique group defined in each > rule? > > ---===SUGGESTION===--- > [root@auth2 ~]# ipa clarityrule-show testrule --all > dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com > Clarity Rule: testrule > Membership filter: objectclass=ipaHost > Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com > Inclusive Regex: > cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com > FrontEnd: fqdn=^web[1-9]+.example.com, > MainSite: fqdn=^www[1-9]+.example.com > cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com > SMTP: fqdn=^mail[1-9]+.example.com, > Exclusive Regex: > cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com > blacklist: www5:fqdn=^www5\.example\.com > automembergroupingattr: member:dn > automemberscope: dc=expertcity,dc=com > objectclass: top, automemberdefinition > ---===SUGGESTION===--- > This presentation assumes that the description is not empty. In general case it is not true so I would suggest fixed labels even if the values would have duplicates. Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com Description: Regex: fqdn=^web[1-9]+.example.com - Group: cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com Description: Regex: fqdn=^mail[1-9]+.example.com - Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com Description: Regex: fqdn=^www[1-9]+.example.com - Keep the indent that you proposed, it looks OK with the indent. > Using these rules, the Auto Membership Plugin monitors for insertions into > the LDAP directory matching the Membership Filter; In this example, > objectclass=ipaHost > > The object matching the filter is then compared against the exclusive rules > to make sure there is not a marker which indicates the object should NOT be a > member of a given group. > > Then the object is compared against the inclusive rules to determine if there > is a match. > If there is a match, the object is added to the group defined in the matching > rule. > If all rules are exhausted, the object is optionally added to the group > defined by the Default Group attribute of the Definition. > > You can view the design document here for more details on the how the rules > are represented within the raw directory. > http://directory.fedoraproject.org/wiki/Auto_Membership_Design > > > ~ > Jr Aquino, GCIH | Information Security Specialist > Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117 > T: +1 805.690.3478 > jr.aqu...@citrixonline.com > http://www.citrixonline.com > > > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel > > -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0232-scrollable-content-areas.patch
On 06/02/2011 01:37 PM, Adam Young wrote: On 06/02/2011 12:28 PM, Adam Young wrote: On 06/02/2011 10:22 AM, Adam Young wrote: On 06/02/2011 10:13 AM, Adam Young wrote: On 06/01/2011 10:02 PM, Adam Young wrote: Note that this patch does not yet deal with the add dialog for permissions, or other add dialogs, but contains code necessary to deal with it. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel rebased ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Reabsed again. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Now triggered on browser resize ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Changes from IRC review ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel JSL and minor bug fix. ACKed in IRC, pushed to master. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FreeIPA Auto Membership CLI
Dmitri Pal wrote: On 06/02/2011 11:39 AM, JR Aquino wrote: I need feed back from the group regarding how we should present the output for Clarity, the 389 Directory Server Auto Membership Plugin... Currently, the output looks like this: ---=== EXAMPLE ===--- [root@auth2 ~]# ipa clarityrule-show testrule --all dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com Clarity Rule: testrule Membership filter: objectclass=ipaHost Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com Inclusive Regex: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^web[1-9]+.example.com, cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^mail[1-9]+.example.com, cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^www[1-9]+.example.com Exclusive Regex: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com:blacklist www5:fqdn=^www5\.example\.com automembergroupingattr: member:dn automemberscope: dc=expertcity,dc=com objectclass: top, automemberdefinition ---=== EXAMPLE ===--- Each rule in the definition object is broken down into 3 distinct parts: Group to modify, Description, Attribute + Regular Expression to match. As time progresses it will be likely that these rules could get long and visually unappealing. I would like to know how we might better represent this info. Perhaps a breakout with indentation for each unique group defined in each rule? ---===SUGGESTION===--- [root@auth2 ~]# ipa clarityrule-show testrule --all dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com Clarity Rule: testrule Membership filter: objectclass=ipaHost Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com Inclusive Regex: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com FrontEnd: fqdn=^web[1-9]+.example.com, MainSite: fqdn=^www[1-9]+.example.com cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com SMTP: fqdn=^mail[1-9]+.example.com, Exclusive Regex: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com blacklist: www5:fqdn=^www5\.example\.com automembergroupingattr: member:dn automemberscope: dc=expertcity,dc=com objectclass: top, automemberdefinition ---===SUGGESTION===--- This presentation assumes that the description is not empty. In general case it is not true so I would suggest fixed labels even if the values would have duplicates. Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com Description: Regex: fqdn=^web[1-9]+.example.com - Group: cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com Description: Regex: fqdn=^mail[1-9]+.example.com - Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com Description: Regex: fqdn=^www[1-9]+.example.com - Keep the indent that you proposed, it looks OK with the indent. Just note that the code that does the rendering is extremely simplistic so control over indention may require a fair bit of work. I think indention is handled via nesting, so returning data as lists of lists may do the trick. That or you are going to have to override output_for_cli() and do all the output manually but that should be a last resort. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FreeIPA Auto Membership CLI
On 06/02/2011 03:59 PM, Rob Crittenden wrote: > Dmitri Pal wrote: >> On 06/02/2011 11:39 AM, JR Aquino wrote: >>> I need feed back from the group regarding how we should present the >>> output for Clarity, the 389 Directory Server Auto Membership Plugin... >>> >>> Currently, the output looks like this: >>> >>> ---=== EXAMPLE ===--- >>> [root@auth2 ~]# ipa clarityrule-show testrule --all >>>dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com >>>Clarity Rule: testrule >>>Membership filter: objectclass=ipaHost >>>Default Group: >>> cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com >>>Inclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^web[1-9]+.example.com, >>> cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^mail[1-9]+.example.com, >>> >>> >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^www[1-9]+.example.com >>>Exclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com:blacklist >>> www5:fqdn=^www5\.example\.com >>>automembergroupingattr: member:dn >>>automemberscope: dc=expertcity,dc=com >>>objectclass: top, automemberdefinition >>> ---=== EXAMPLE ===--- >>> >>> Each rule in the definition object is broken down into 3 distinct >>> parts: Group to modify, Description, Attribute + Regular Expression >>> to match. >>> >>> As time progresses it will be likely that these rules could get long >>> and visually unappealing. I would like to know how we might better >>> represent this info. >>> >>> Perhaps a breakout with indentation for each unique group defined in >>> each rule? >>> >>> ---===SUGGESTION===--- >>> [root@auth2 ~]# ipa clarityrule-show testrule --all >>>dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com >>>Clarity Rule: testrule >>>Membership filter: objectclass=ipaHost >>>Default Group: >>> cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com >>>Inclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>> FrontEnd: fqdn=^web[1-9]+.example.com, >>> MainSite: fqdn=^www[1-9]+.example.com >>> cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>> SMTP: fqdn=^mail[1-9]+.example.com, >>>Exclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>> blacklist: www5:fqdn=^www5\.example\.com >>>automembergroupingattr: member:dn >>>automemberscope: dc=expertcity,dc=com >>>objectclass: top, automemberdefinition >>> ---===SUGGESTION===--- >>> >> >> This presentation assumes that the description is not empty. >> In general case it is not true so I would suggest fixed labels even if >> the values would have duplicates. >> >>Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>Description: >>Regex: fqdn=^web[1-9]+.example.com >>- >>Group: cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>Description: >>Regex: fqdn=^mail[1-9]+.example.com >>- >>Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>Description: >>Regex: fqdn=^www[1-9]+.example.com >>- >> >> Keep the indent that you proposed, it looks OK with the indent. > > Just note that the code that does the rendering is extremely > simplistic so control over indention may require a fair bit of work. I > think indention is handled via nesting, so returning data as lists of > lists may do the trick. > > That or you are going to have to override output_for_cli() and do all > the output manually but that should be a last resort. Yeah, please do not make it more complex than needed. Creating a nested list and letting it render is probably the right approach. > > rob > > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel > > -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FreeIPA Auto Membership CLI
On Jun 2, 2011, at 12:59 PM, Rob Crittenden wrote: > Dmitri Pal wrote: >> On 06/02/2011 11:39 AM, JR Aquino wrote: >>> I need feed back from the group regarding how we should present the output >>> for Clarity, the 389 Directory Server Auto Membership Plugin... >>> >>> Currently, the output looks like this: >>> >>> ---=== EXAMPLE ===--- >>> [root@auth2 ~]# ipa clarityrule-show testrule --all >>> dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com >>> Clarity Rule: testrule >>> Membership filter: objectclass=ipaHost >>> Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com >>> Inclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^web[1-9]+.example.com, >>> >>> cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^mail[1-9]+.example.com, >>> >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^www[1-9]+.example.com >>> Exclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com:blacklist >>> www5:fqdn=^www5\.example\.com >>> automembergroupingattr: member:dn >>> automemberscope: dc=expertcity,dc=com >>> objectclass: top, automemberdefinition >>> ---=== EXAMPLE ===--- >>> >>> Each rule in the definition object is broken down into 3 distinct parts: >>> Group to modify, Description, Attribute + Regular Expression to match. >>> >>> As time progresses it will be likely that these rules could get long and >>> visually unappealing. I would like to know how we might better represent >>> this info. >>> >>> Perhaps a breakout with indentation for each unique group defined in each >>> rule? >>> >>> ---===SUGGESTION===--- >>> [root@auth2 ~]# ipa clarityrule-show testrule --all >>> dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com >>> Clarity Rule: testrule >>> Membership filter: objectclass=ipaHost >>> Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com >>> Inclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>> FrontEnd: fqdn=^web[1-9]+.example.com, >>> MainSite: fqdn=^www[1-9]+.example.com >>> cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>> SMTP: fqdn=^mail[1-9]+.example.com, >>> Exclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>> blacklist: www5:fqdn=^www5\.example\.com >>> automembergroupingattr: member:dn >>> automemberscope: dc=expertcity,dc=com >>> objectclass: top, automemberdefinition >>> ---===SUGGESTION===--- >>> >> >> This presentation assumes that the description is not empty. >> In general case it is not true so I would suggest fixed labels even if >> the values would have duplicates. >> >> Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >> Description: >> Regex: fqdn=^web[1-9]+.example.com >> - >> Group: cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com >> Description: >> Regex: fqdn=^mail[1-9]+.example.com >> - >> Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >> Description: >> Regex: fqdn=^www[1-9]+.example.com >> - >> >> Keep the indent that you proposed, it looks OK with the indent. > > Just note that the code that does the rendering is extremely simplistic so > control over indention may require a fair bit of work. I think indention is > handled via nesting, so returning data as lists of lists may do the trick. Excellent! That is really good to know! I was worried I'd have to override output_for_cli() I'll repost once I have the suggested layout implemented. Thanks guys! > > That or you are going to have to override output_for_cli() and do all the > output manually but that should be a last resort. > > rob > > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 171 Temporary fix for indirect member tabs.
Since the group-show command doesn't return indirect members, the tabs for group's indirect members have been reverted to call user-find with the --in-groups parameter to get the entries. However, this is only a temporary solution since the user-find command returns both direct and indirect members (ticket #1273). The Selenium test for groups has been modified to test nested groups and verify indirect members. The verification currently will fail due to the above issue. -- Endi S. Dewata From 9127c49c4bece473908425f50b3ec518db7396b0 Mon Sep 17 00:00:00 2001 From: Endi S. Dewata Date: Wed, 1 Jun 2011 13:52:38 -0500 Subject: [PATCH] Temporary fix for indirect member tabs. Since the group-show command doesn't return indirect members, the tabs for group's indirect members have been reverted to call user-find with the --in-groups parameter to get the entries. However, this is only a temporary solution since the user-find command returns both direct and indirect members (ticket #1273). The Selenium test for groups has been modified to test nested groups and verify indirect members. The verification currently will fail due to the above issue. --- install/ui/associate.js| 67 +++-- install/ui/entity.js | 10 ++- install/ui/search.js | 14 +-- .../test/functional/group-add-nested-groups.html | 91 .../functional/group-add-nested-member-groups.html | 153 .../test/functional/group-del-nested-groups.html | 71 + .../group-remove-nested-member-groups.html | 133 + install/ui/test/functional/group-suite.html|5 + .../group-verify-indirect-member-groups.html | 93 9 files changed, 612 insertions(+), 25 deletions(-) create mode 100644 install/ui/test/functional/group-add-nested-groups.html create mode 100644 install/ui/test/functional/group-add-nested-member-groups.html create mode 100644 install/ui/test/functional/group-del-nested-groups.html create mode 100644 install/ui/test/functional/group-remove-nested-member-groups.html create mode 100644 install/ui/test/functional/group-verify-indirect-member-groups.html diff --git a/install/ui/associate.js b/install/ui/associate.js index eb4a5a0563872683c2c9d9808deb7e6f013faae4..f7ac1505ef8cd9003f7589db9a40033dcc8fe5f9 100644 --- a/install/ui/associate.js +++ b/install/ui/associate.js @@ -707,7 +707,7 @@ IPA.association_facet = function (spec) { that.columns = $.ordered_map(); that.adder_columns = $.ordered_map(); -that.page_length = 20; +that.page_length = spec.page_length === undefined ? 20 : spec.page_length; that.get_column = function(name) { return that.columns.get(name); @@ -1107,21 +1107,62 @@ IPA.association_facet = function (spec) { return that; }; +IPA.indirect_association_facet = function (spec) { -IPA.deleter_dialog_setup = function () { +spec = spec || {}; -var that = this; +spec.page_length = 0; +spec.read_only = true; -var ul = $(''); -ul.appendTo(that.dialog); +var that = IPA.association_facet(spec); -for (var i=0; i',{ -'text': that.values[i] -}).appendTo(ul); -} +that.refresh = function() { -$('', { -'text': IPA.messages.search.delete_confirm -}).appendTo(that.dialog); +function on_success(data, text_status, xhr) { + +that.table.empty(); + +var count = data.result.count; +if (count === 0) { +that.table.summary.text(data.result.summary); +return; +} + +var results = data.result.result; +for (var i=0; iError: '+error_thrown.name+''); -summary.append(''+error_thrown.message+''); -} - - var filter = []; var current_entity = entity; filter.unshift($.bbq.getState(current_entity.name+'-filter')); @@ -336,7 +328,7 @@ IPA.search_facet = function(spec) { all: that.search_all }, on_success: on_success, -on_error: on_error +on_error: that.on_error }); command.execute(); diff --git a/install/ui/test/functional/group-add-nested-groups.html b/install/ui/test/functional/group-add-nested-groups.html new file mode 100644 index ..7d9618693a3e06a6187c01f73da779dc6ded1f8d --- /dev/null +++ b/install/ui/test/functional/group-add-nested-groups.html @@ -0,0 +1,91 @@ + +http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";> +http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en"> +http://selenium-ide.openqa.org/profiles/test-case";> + +https://localhost/"; /> +Add Group + + + + +Add Group + + + open + /ipa/ui/#navigation=identity&identity=group + + + + waitForNotVisible + //span[@id='header-network-activity-indicator'] + + + + verifyElementNotPresent + css=.en
Re: [Freeipa-devel] [PATCH] 171 Temporary fix for indirect member tabs.
On 06/02/2011 06:23 PM, Endi Sukma Dewata wrote: Since the group-show command doesn't return indirect members, the tabs for group's indirect members have been reverted to call user-find with the --in-groups parameter to get the entries. However, this is only a temporary solution since the user-find command returns both direct and indirect members (ticket #1273). The Selenium test for groups has been modified to test nested groups and verify indirect members. The verification currently will fail due to the above issue. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK. Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel