Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pam: adding support to manage pam modules; pam_access and pam_faillock #31

Merged
merged 1 commit into from
Nov 22, 2023
Merged

pam: adding support to manage pam modules; pam_access and pam_faillock #31

merged 1 commit into from
Nov 22, 2023

Conversation

danlavu
Copy link

@danlavu danlavu commented Aug 10, 2023
edited
Loading

No description provided.

@danlavu danlavu changed the title API: pam_access and pam_faillock - work in progress PAMUtils: pam_access and pam_faillock Aug 15, 2023
@danlavu danlavu added the enhancement New feature or request label Aug 15, 2023
@danlavu danlavu changed the title PAMUtils: pam_access and pam_faillock WIP: pam: adding support to manage pam_access and pam_faillock Aug 15, 2023
@danlavu danlavu force-pushed the pam_access branch 16 times, most recently from a4f6648 to 507059d Compare August 20, 2023 05:29
@danlavu danlavu changed the title WIP: pam: adding support to manage pam_access and pam_faillock pam: adding support to manage pam_access and pam_faillock Aug 20, 2023
@danlavu danlavu changed the title pam: adding support to manage pam_access and pam_faillock pam: adding support to manage pam modules; pam_access and pam_faillock Aug 20, 2023
@danlavu danlavu force-pushed the pam_access branch 4 times, most recently from e6a3dcf to 5509508 Compare August 20, 2023 05:59
@danlavu danlavu force-pushed the pam_access branch 2 times, most recently from 1eeb1fd to 17a9b22 Compare August 21, 2023 04:45
@danlavu danlavu force-pushed the pam_access branch 6 times, most recently from a8beede to 757a7bf Compare November 3, 2023 13:31
@danlavu
Copy link
Author

danlavu commented Nov 3, 2023

I'm not sure why there is an error here.

lint: exit 1 (5.50 seconds) /home/runner/work/sssd-test-framework/sssd-test-framework> python -I -m pip install jc pytest 'pytest-mh>=1.0.5' python-ldap pid=2952
lint: FAIL ✖ in 9.73 seconds

Tested locally against
jc 1.23.2
pytest-mh 1.0.5
python-ldap 3.4.3

@pbrezina
Copy link
Member

pbrezina commented Nov 6, 2023

Hi, 3.x version currently fails due to ParallelSSH/ssh2-python#194

pbrezina
pbrezina reviewed Nov 6, 2023
View reviewed changes
Copy link
Member

@pbrezina pbrezina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, I'm not sure in what state of draft you are. In general, it looks good.

I think both config_set and config_delete should behave the same, that is: either build command and execute it using config_write or call augeas immediately.

docs/guides/pam.rst Outdated Show resolved Hide resolved
sssd_test_framework/utils/pam.py Outdated Show resolved Hide resolved
sssd_test_framework/utils/pam.py Outdated Show resolved Hide resolved
@danlavu danlavu marked this pull request as ready for review November 14, 2023 14:08
@danlavu danlavu force-pushed the pam_access branch 2 times, most recently from baae4d3 to da1bbae Compare November 15, 2023 13:29
ikerexxe
ikerexxe previously approved these changes Nov 15, 2023
View reviewed changes
Copy link
Contributor

@ikerexxe ikerexxe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

sssd_test_framework/utils/tools.py Show resolved Hide resolved
pbrezina
pbrezina requested changes Nov 20, 2023
View reviewed changes
Copy link
Member

@pbrezina pbrezina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This #31 (review) still stands.

sssd_test_framework/utils/pam.py Outdated Show resolved Hide resolved
@danlavu
Copy link
Author

danlavu commented Nov 20, 2023

This #31 (review) still stands.

Okay, I see the misunderstanding. The augeas tree is modified and is not written until save is issued. Knowing this, does it change anything, or do you want me to update the functions to build the commands still?

@pbrezina
Copy link
Member

pbrezina commented Nov 21, 2023
edited
Loading

This #31 (review) still stands.

Okay, I see the misunderstanding. The augeas tree is modified and is not written until save is issued. Knowing this, does it change anything, or do you want me to update the functions to build the commands still?

It doesn't change anything. Imagine:

pam.access.config_set("a")
pam.access.config_delete("a")
pam.access.config_write()

config_delete will be ignored and a will be written. It is confusing. Let these methods be used in the same way, either require config_write() for both operations or remove it.

In this case, you are already allowing to set multiple values with single call to config_set, so we do not have to postpone the write operation for performance. Therefore I would personally remove it for simplicity. But if you want to keep it, config_delete should just add the command to self.cmd instead of writing to the file immediately.

@danlavu
Copy link
Author

danlavu commented Nov 21, 2023

config_write() removed, note --autosave is used in config_delete but cannot be used in config_set because all nodes have to be defined before it can saved, but when deleting only a branch needs to be specified.

pbrezina
pbrezina requested changes Nov 22, 2023
View reviewed changes
Copy link
Member

@pbrezina pbrezina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, it looks great!

Two more nitpicks - setup_when_used should get a return value so mypy can check this method as well (it omits it without type hints). I recently got a warning about this in pytest-mh, not sure why the warning is not visible here. But the return type should definitely be there.

Feel free to merge it once you do this change an CI (3.10) is green.

sssd_test_framework/utils/pam.py Outdated Show resolved Hide resolved
sssd_test_framework/utils/pam.py Outdated Show resolved Hide resolved
@pbrezina pbrezina merged commit dff8d26 into SSSD:master Nov 22, 2023
2 of 3 checks passed
@danlavu danlavu deleted the pam_access branch April 17, 2024 02:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pbrezina pbrezina pbrezina approved these changes

@ikerexxe ikerexxe ikerexxe left review comments

@thalman thalman Awaiting requested review from thalman

Assignees

@thalman thalman

@ikerexxe ikerexxe

@pbrezina pbrezina

Labels
changes requested enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@danlavu @ikerexxe @pbrezina @thalman