freeipa

Clone
Source Code
GIT

#2281 ipa permission-add prompts for mutually exclusive attributes
Closed: wontfix 5 years ago Opened 12 years ago by mkosek.

Closed: wontfix
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=782851 (Red Hat Enterprise Linux 6)

Description of problem:
When adding a permission, only one target can be used. When prompting, all get
prompted, even though one of them is already entered.

For example, below, type is entered to be user, then there should be no further
prompts for filter, subtree and targetgroup.

# ipa permission-add
Permission name: ManageUser3
Permissions: read
[Attributes]: carlicense
[Type]: user
[Member of group]:
[Filter]:
[Subtree]: cn=users,cn=accounts,dc=testrelm
[Target group]:
ipa: ERROR: invalid 'target': type, filter, subtree and targetgroup are
mutually exclusive


Version-Release number of selected component (if applicable):
freeipa-server-2.1.4-4.fc16.x86_64

How reproducible:
always

Steps to Reproduce:
1. run ipa permission-add as indicated above


Actual results:
After entering type to be user, there are still prompts for filter, subtree and
targetgroup. If any values are entered for those, an error is thrown.

Expected results:
After type is entered to be user, then there should be no further prompts for
filter, subtree and targetgroup.


Additional info:

Might be a dup of #2355

Replying to [comment:5 dpal]:

Might be a dup of #2355

I do not think this is a dup, #2281 is an enhancements of our interactive mode for permission-add, while #2235 relaxes our validator a bit.

But when when working on #2281, we need to be aware of #2281 and make sure that both filter and subtree can be added interactively.

This aspect of permission-add was not given priority and is not planned to be completed as it does not add much value for permission-add command. The reported error is entirely clear what is wrong with the request.

I am thus moving this request to Deferred. If you disagree, please speak up.

I agree with Martin that the interactive asking is not very useful for permission-add.

Note that the command changed a lot since the issue was reported, and interactive asking is a bit worse than before. Either it should be removed (remove the ask_create flags), or someone should think about how it would be used and adjust the set of asked options accordingly.

Metadata Update from @mkosek:
- Issue assigned to someone
- Issue set to the milestone: Tickets Deferred
7 years ago

Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.

Metadata Update from @rcritten:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)
5 years ago

Login to comment on this ticket.

Metadata
None
None
None
low
None
None
None
None
defect
None
None
Access control
None
0
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=782851
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.