From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH access-control/manager/docs v4] fix #3668: improving realm sync
Date: Mon, 28 Mar 2022 14:38:01 +0200 [thread overview]
Message-ID: <20220328123807.233098-1-d.csapak@proxmox.com> (raw)
this deprecates the 'full' and 'purge' sync options and replaces them with
a 'remove-vanished' option, where we have multiple flags to determine
which things we want to remove when they are not in the sync response.
with the new regression tests, we can see that the sync result stays the
same with one exception of deleting the acls even when we did not delete
the user
changes from v3:
* added regression tests (i found some bugs with those ;) )
* fixed the mapping of parameters and not only the 'defaul-sync-options'
* fixed use of 'remove_vanished' instead of 'remove-vanished'
changes from v2:
* instead of having a mode, define what we actually do: configure what
we remove when it (or the depending entry) vanishes
* let the user remove the ACLs only, even when not removing the users
* have less fields that the user *must* give on sync, since there are
more defaults that are explained in the gui
changes from v1:
* replace the 'remove-vanished' by a new 'mode' selection and adding
an appropriate mode
pve-access-control:
Dominik Csapak (4):
add regression tests for realm-sync
fix #3668: realm-sync: replace 'full' and 'purge' options with
'remove-vanished'
convert regression tests to new 'remove-vanished' parameter
add realm-sync regression test for new 'remove-vanished'
src/PVE/API2/Domains.pm | 168 ++++++++++------
src/PVE/Auth/Plugin.pm | 27 ++-
src/test/Makefile | 1 +
src/test/realm_sync_test.pl | 371 ++++++++++++++++++++++++++++++++++++
4 files changed, 504 insertions(+), 63 deletions(-)
create mode 100755 src/test/realm_sync_test.pl
pve-manager:
Dominik Csapak (1):
ui: realm sync: replace 'full' and 'purge' with 'remove-vanished'
www/manager6/dc/AuthEditLDAP.js | 63 +++++++++++++++++++------------
www/manager6/dc/SyncWindow.js | 66 ++++++++++++++++++++-------------
2 files changed, 80 insertions(+), 49 deletions(-)
pve-docs:
Dominik Csapak (1):
update documentation about sync-options
pveum.adoc | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
--
2.30.2
next reply other threads:[~2022-03-28 12:38 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-28 12:38 Dominik Csapak [this message]
2022-03-28 12:38 ` [pve-devel] [PATCH access-control v4 1/4] add regression tests for realm-sync Dominik Csapak
2022-03-28 12:38 ` [pve-devel] [PATCH access-control v4 2/4] fix #3668: realm-sync: replace 'full' and 'purge' options with 'remove-vanished' Dominik Csapak
2022-03-28 12:38 ` [pve-devel] [PATCH access-control v4 3/4] convert regression tests to new 'remove-vanished' parameter Dominik Csapak
2022-03-28 12:38 ` [pve-devel] [PATCH access-control v4 4/4] add realm-sync regression test for new 'remove-vanished' Dominik Csapak
2022-03-28 12:38 ` [pve-devel] [PATCH manager v4 1/1] ui: realm sync: replace 'full' and 'purge' with 'remove-vanished' Dominik Csapak
2022-03-28 12:38 ` [pve-devel] [PATCH docs v4 1/1] update documentation about sync-options Dominik Csapak
2022-04-26 12:27 ` [pve-devel] applied-series: [PATCH access-control/manager/docs v4] fix #3668: improving realm sync Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220328123807.233098-1-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox