From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 1D0AD6DF37 for ; Mon, 28 Mar 2022 14:38:41 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 101F325977 for ; Mon, 28 Mar 2022 14:38:11 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 5C52B2596A for ; Mon, 28 Mar 2022 14:38:10 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 26272458DB for ; Mon, 28 Mar 2022 14:38:10 +0200 (CEST) From: Dominik Csapak To: pve-devel@lists.proxmox.com Date: Mon, 28 Mar 2022 14:38:01 +0200 Message-Id: <20220328123807.233098-1-d.csapak@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.148 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH access-control/manager/docs v4] fix #3668: improving realm sync X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2022 12:38:41 -0000 this deprecates the 'full' and 'purge' sync options and replaces them with a 'remove-vanished' option, where we have multiple flags to determine which things we want to remove when they are not in the sync response. with the new regression tests, we can see that the sync result stays the same with one exception of deleting the acls even when we did not delete the user changes from v3: * added regression tests (i found some bugs with those ;) ) * fixed the mapping of parameters and not only the 'defaul-sync-options' * fixed use of 'remove_vanished' instead of 'remove-vanished' changes from v2: * instead of having a mode, define what we actually do: configure what we remove when it (or the depending entry) vanishes * let the user remove the ACLs only, even when not removing the users * have less fields that the user *must* give on sync, since there are more defaults that are explained in the gui changes from v1: * replace the 'remove-vanished' by a new 'mode' selection and adding an appropriate mode pve-access-control: Dominik Csapak (4): add regression tests for realm-sync fix #3668: realm-sync: replace 'full' and 'purge' options with 'remove-vanished' convert regression tests to new 'remove-vanished' parameter add realm-sync regression test for new 'remove-vanished' src/PVE/API2/Domains.pm | 168 ++++++++++------ src/PVE/Auth/Plugin.pm | 27 ++- src/test/Makefile | 1 + src/test/realm_sync_test.pl | 371 ++++++++++++++++++++++++++++++++++++ 4 files changed, 504 insertions(+), 63 deletions(-) create mode 100755 src/test/realm_sync_test.pl pve-manager: Dominik Csapak (1): ui: realm sync: replace 'full' and 'purge' with 'remove-vanished' www/manager6/dc/AuthEditLDAP.js | 63 +++++++++++++++++++------------ www/manager6/dc/SyncWindow.js | 66 ++++++++++++++++++++------------- 2 files changed, 80 insertions(+), 49 deletions(-) pve-docs: Dominik Csapak (1): update documentation about sync-options pveum.adoc | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) -- 2.30.2