From: Christoph Heiss <c.heiss@proxmox.com>
To: Wolfgang Bumiller <w.bumiller@proxmox.com>
Cc: pve-devel@lists.proxmox.com
Subject: Re: [pve-devel] [PATCH access-control v2 2/3] ldap: add opt-in `check-connection` param to perform a bind check
Date: Thu, 10 Aug 2023 10:35:14 +0200 [thread overview]
Message-ID: <4rsergs6kzodeqxtd5ztxmvr2opzzrrh4nnpt3iysotol2gztr@v2scx4ajllge> (raw)
In-Reply-To: <vlee3iojdvonzacdwxqdqzasebygvtjv5spmak4i2b6a55o5h6@an77rdazaiqb>
On Thu, Aug 10, 2023 at 09:55:51AM +0200, Wolfgang Bumiller wrote:
> On Tue, Aug 01, 2023 at 02:37:18PM +0200, Christoph Heiss wrote:
[..]
> > @@ -137,7 +131,13 @@ sub properties {
> > type => 'boolean',
> > optional => 1,
> > default => 1,
> > - }
> > + },
> > + 'check-connection' => {
> > + description => 'Check bind connection to LDAP server.',
> > + type => 'boolean',
> > + optional => 1,
> > + default => 0,
> > + },
>
> While there's special handling for how we store the password, this
> schema here should still actually describe the stored config.
> Since this is a parameter specifically for the add/update API methods we
> should declare it in those functions as parameter.
>
> Some of our methods to get schemas have an optional hash parameter to
> include an extra set of base properties in its returned contents (see
> `get_standard_option` as an example), but `createSchema` and
> `updateSchema` do not.
Right, I was unsure anyway if this was the right way anyway to add this,
at least I did not see any other way - that explains why :^)
>
> We could either add this, or, since this is currently only required
> once, just move the `{create,update}Schema` calls over the
> `register_method()` calls and modify them right there before use...
> Since this series already touches pve-common, I have a *slight*
> preference to extending the `create/updateSchema` subs in
> `PVE::SectionConfig`,
Seems like the right thing - I'd also rather do it properly once than to
introduce a hack that sticks around ..
> although AFAICT the common patch does not strictly
> require a dependency bump inside pve-access-control as it mostly about
> how errors are presented to end-users (?), so either way is fine with
Exactly, the changes in pve-common are purely cosmectic.
> me. If we update the SectionConfig we'll definitely need a versioned
> dependency bump.
If it's OK for you I will go this route, extending
{create,update}Schema() as needed for this, in the same way
get_standard_option() works.
next prev parent reply other threads:[~2023-08-10 8:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-01 12:37 [pve-devel] [PATCH common/access-control/manager v2 0/3] ldap: check bind connection on realm add/update Christoph Heiss
2023-08-01 12:37 ` [pve-devel] [PATCH common v2 1/3] ldap: handle errors explicitly everywhere instead of simply `die`ing Christoph Heiss
2023-08-01 12:37 ` [pve-devel] [PATCH access-control v2 2/3] ldap: add opt-in `check-connection` param to perform a bind check Christoph Heiss
2023-08-10 7:55 ` Wolfgang Bumiller
2023-08-10 8:35 ` Christoph Heiss [this message]
2023-08-10 8:49 ` Wolfgang Bumiller
2023-08-01 12:37 ` [pve-devel] [PATCH manager v2 3/3] ui: ldap: add 'Check connection' checkbox as advanced option Christoph Heiss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4rsergs6kzodeqxtd5ztxmvr2opzzrrh4nnpt3iysotol2gztr@v2scx4ajllge \
--to=c.heiss@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=w.bumiller@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox