From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <d.csapak@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 1D0AD6DF37
 for <pve-devel@lists.proxmox.com>; Mon, 28 Mar 2022 14:38:41 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 101F325977
 for <pve-devel@lists.proxmox.com>; Mon, 28 Mar 2022 14:38:11 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 5C52B2596A
 for <pve-devel@lists.proxmox.com>; Mon, 28 Mar 2022 14:38:10 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 26272458DB
 for <pve-devel@lists.proxmox.com>; Mon, 28 Mar 2022 14:38:10 +0200 (CEST)
From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Mon, 28 Mar 2022 14:38:01 +0200
Message-Id: <20220328123807.233098-1-d.csapak@proxmox.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.148 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
Subject: [pve-devel] [PATCH access-control/manager/docs v4] fix #3668:
 improving realm sync
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2022 12:38:41 -0000

this deprecates the 'full' and 'purge' sync options and replaces them with
a 'remove-vanished' option, where we have multiple flags to determine
which things we want to remove when they are not in the sync response.

with the new regression tests, we can see that the sync result stays the
same with one exception of deleting the acls even when we did not delete
the user

changes from v3:
* added regression tests (i found some bugs with those ;) )
* fixed the mapping of parameters and not only the 'defaul-sync-options'
* fixed use of 'remove_vanished' instead of 'remove-vanished'

changes from v2:
* instead of having a mode, define what we actually do: configure what
  we remove when it (or the depending entry) vanishes
* let the user remove the ACLs only, even when not removing the users
* have less fields that the user *must* give on sync, since there are
  more defaults that are explained in the gui

changes from v1:
* replace the 'remove-vanished' by a new 'mode' selection and adding
  an appropriate mode

pve-access-control:

Dominik Csapak (4):
  add regression tests for realm-sync
  fix #3668: realm-sync: replace 'full' and 'purge' options with
    'remove-vanished'
  convert regression tests to new 'remove-vanished' parameter
  add realm-sync regression test for new 'remove-vanished'

 src/PVE/API2/Domains.pm     | 168 ++++++++++------
 src/PVE/Auth/Plugin.pm      |  27 ++-
 src/test/Makefile           |   1 +
 src/test/realm_sync_test.pl | 371 ++++++++++++++++++++++++++++++++++++
 4 files changed, 504 insertions(+), 63 deletions(-)
 create mode 100755 src/test/realm_sync_test.pl

pve-manager:

Dominik Csapak (1):
  ui: realm sync: replace 'full' and 'purge' with 'remove-vanished'

 www/manager6/dc/AuthEditLDAP.js | 63 +++++++++++++++++++------------
 www/manager6/dc/SyncWindow.js   | 66 ++++++++++++++++++++-------------
 2 files changed, 80 insertions(+), 49 deletions(-)

pve-docs:

Dominik Csapak (1):
  update documentation about sync-options

 pveum.adoc | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

-- 
2.30.2