RomanButsiy
commented
1 year ago @infra-monkey Are you planning to add any additional changes to the hbac feature? Is it ready? Can I merge it up now?
Closed infra-monkey closed 1 year ago
RomanButsiy
commented
1 year ago @infra-monkey Are you planning to add any additional changes to the hbac feature? Is it ready? Can I merge it up now?
infra-monkey
commented
1 year ago @RomanButsiy So feature wise it's good for me. However during the testing I noticed that if resources are removed manually from freeipa, the plan would fail. this is common to all resources like user, group, hosts etc.... I am preparing another PR for that issue on all resources.
I propose to merge this one, then I rebase the sudo PR and then build the PR for the manually removed resources.
With all 3 I think it will be ok. At least for me at the moment.
All the resources to manage HBAC policies:
Additionally, I updated the TESTING.md to walk through setting up a local freeipa container for testing and running the automated test on it.
Any feedback is appreciated. For example, I was hesitating between
freeipa_hbac_ruleorfreeipa_hbac_policyfor the resource name.Note: I'll start working on sudo stuff now and as it goes together with the hbac policies, you may want to wait and see before merging/releasing this. No rush here :smile: