Framework execute callback feedback
by Rob Crittenden
Currently the framework has four types of methods:
- pre_callback: called before any real work is done. Usually used to
tune up incoming options
- execute: does the brute work. For most CRUD plugins this is all done
in baseldap.py in the LDAP* classes
- post_callback: supposed to be data cleanup for presentation to the
caller but in some cases actual work is being done. user-add calls
ldap.add_entry_to_group for example.
- exc_callback: special case handling for exceptions
If you have "work" to be done that would normally be done in execute
there is no way to do it other than to abuse post_callback to get it done.
Overriding execute is only an option if you want to completely replace
the call, otherwise order execution is going to be strange.
Say for example in user_add you want to do work after the execute() is
done so you'd do something like:
class user_add()
def execute(stuff):
result = super(user_add, self).execute(stuff)
# some extra work
return result
The order of execution is:
user_add:pre_callback
user_add:execute()
LDAPCreate:execute()
user_add:post_callback()
user_add:execute()
This is because the LDAP* baseldap methods handle the pre/post/exc
callbacks directly. So in order to be able to insert more "work" in
execute itself we'd need another callback type.
Why do I want this?
One feature of post_callback is that for add/mod methods
ldap.get_entry() is called so we can prepare the final results to be
returned to the user for display.
There are cases where the user doesn't need or case to see that result.
We could save an least one LDAP query by returning only errors in this case.
The use case is mostly around bulk operations where the user doesn't
care about seeing the UID of all users added, for example.
To do this I think we can skip post_callback altogether, assuming it
does no real "work".
In the case of user_add/mod skipping post_callback would save three
queries: fetch the user, has_keytab and has_password.
But before re-architecting this I'd like to get some opinions on it.
I can do a full-blown design if desired.
rob
2 years, 3 months
[freeipa PR#5722][opened] workshop: Use default fedora cloud image
by netoarmando
URL: https://github.com/freeipa/freeipa/pull/5722
Author: netoarmando
Title: #5722: workshop: Use default fedora cloud image
Action: opened
PR body:
"""
Use publicly available Fedora cloud box, removing the necessity of building custom boxes with preinstalled packages.
This removes the burden of maintaining boxes up-to-date, in the other hand one must fetch the packages for all hosts in the topology before starting the curriculum.
Signed-off-by: Armando Neto <abiagion(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5722/head:pr5722
git checkout pr5722
2 years, 3 months
Preparing for FreeIPA 4.9.4 release
by Alexander Bokovoy
Hi,
I am planning to do FreeIPA 4.9.4 release, hopefully, this week.
As usual, current release notes draft is at
https://vda.li/drafts/freeipa-4.9.4-release-notes-final.html
We have around 30 tickets resolved:
#2575 (rhbz#952756) [RFE] Installer wizard should prompt for DNS
#2692 (rhbz#817071) ipa-server-install ignores --hostname
#4011 (rhbz#1026434) ipa-server-install crashes when AD subpackage is not installed
#4166 (rhbz#1059135) Backup CS.cfg before modifying it
#4751 (rhbz#1851835) Implement ACME certificate enrolment
#6587 ipa-otpd: systemctl reports "degraded" for "is-system-running" after todays CentOS updates
#7835 (rhbz#1658280) Cert revocation for services and hosts is inefficient
#8203 (rhbz#1835853) User page on WebUi only has half the information in CA-less install
#8361 Add support for managing subuids and subgids in FreeIPA
#8534 Nightly test failure in test_integration/test_replica_promotion.py::TestHiddenReplicaPromotion::test_hidden_replica_promote
#8582 Nightly test failure in test_replica_promotion.py::TestHiddenReplicaPromotion::test_ipahealthcheck_hidden_replica - ClonesConnectivyAndDataCheck
#8632 [CA-less] user fails to login via WebUI in case of `--no-pkinit`
#8641 Random failure in test_webui/test_user.py::TestLifeCycles::test_life_cycles
#8676 (rhbz#1955440) [Tracker] Multiple nightly test failure in test_integration/test_ntp_options/TestNTPoptions
#8738 (rhbz#1934991) ACME fails to generate a cert on migrated RHEL8.4 server
#8767 (rhbz#1943151) ipa-server-install displays debug output when --debug output is not specified.
#8784 RFE: Reduce number of LDAP operations during hbacrule-del
#8785 Nightly test failure in test_integration/test_commands.py/TestIPACommand/test_proxycommand_invalid_shell
#8787 Add pkey_only to the service_find calls in the host plugin
#8792 Random nightly test failure in test_replica_promotion.py::TestRenewalMaster::test_automatic_renewal_master_transfer_ondelete
#8794 (rhbz#1948034) Failure to deploy FreeIPA domain controller in Rawhide with systemd-resolved 248-1.fc35
#8797 Cache the value of ca_is_enabled in the request context
#8798 (rhbz#1953656) RFE: Cache LDAP data within a request
#8801 user-mod requires two searches for a user entry
#8802 IPA test failing with long serial numbers
#8807 (rhbz#1688267) [RFE] IPA to allow setting a new range type.
#8809 RFE: A tool to collect and analyze etimes from IPA logs
#8814 Use Dogtag's CryptographyCryptoProvider instead of NSSCryptoProvider for KRAClient()
#8818 new pylint 2.8 and astroid 2.5.5
#8830 [azure] performance instability
#8831 update_dna_shared_config may not update all entries
#8832 (rhbz#1957768) ipa-server-upgrade is failing while upgrading rhel8.3 to rhel8.4
I would wait for F34 Azure CI patches but this is not strictly necessary, we can
do another release once they are ready.
We need to figure out what else is worth waiting for. Right now
following PRs have ipa-4-9 label:
5769 WebUI: Add support of 'ipaautoprivategroups' LDAP WebUI ipa-4-9 needs review https://github.com/freeipa/freeipa/pull/5769
5749 pkispawn: override the AJP address ipa-4-9 https://github.com/freeipa/freeipa/pull/5749
5733 Revert the way hosts/services certs are searched f WIP ipa-4-9 needs rebase https://github.com/freeipa/freeipa/pull/5733
5662 ipatests: add test for login with FAST armoring en ipa-4-8 ipa-4-9 https://github.com/freeipa/freeipa/pull/5662
5656 [ipatests] Add basic support for remote ipaplatfor ipa-4-9 needs review https://github.com/freeipa/freeipa/pull/5656
5637 ipatests: Test to check that ResponseNotReady erro ipa-4-9 needs review https://github.com/freeipa/freeipa/pull/5637
5617 Add checks to prevent adding auth indicators to in ipa-4-9 https://github.com/freeipa/freeipa/pull/5617
5387 Raise RuntimeError when kinit_armor fails ipa-4-9 stale https://github.com/freeipa/freeipa/pull/5387
4909 Add unauthenticated nsupdate ipa-4-9 needs review https://github.com/freeipa/freeipa/pull/4909
389-ds did rename Multimaster replication plugin to Multisupplier and we
need to be able to install with both old and new plugin names. May be
someone could pick up the work Mark Reynolds did in
https://github.com/freeipa/freeipa/pull/5739 and add support for both
ways?
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
2 years, 4 months
